CN2845327Y - Device for computer data switching exchange safely - Google Patents
Device for computer data switching exchange safely Download PDFInfo
- Publication number
- CN2845327Y CN2845327Y CN 200520067317 CN200520067317U CN2845327Y CN 2845327 Y CN2845327 Y CN 2845327Y CN 200520067317 CN200520067317 CN 200520067317 CN 200520067317 U CN200520067317 U CN 200520067317U CN 2845327 Y CN2845327 Y CN 2845327Y
- Authority
- CN
- China
- Prior art keywords
- data
- server
- computer
- exchange
- file
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Computer And Data Communications (AREA)
Abstract
The utility model relates to a device for safe computer data exchange. A computer system is provided with an internal computer system and an external network system between which the device for safe computer data exchange is arranged and can completely and physically separate the two ones. The device can completely and physically separate the connection between an internal network and an external network and can efficiently carry out the data transmission and exchange between the two ones. The utility model is suitable for any computer or a plurality of computers in the internal computer system to realize the data exchange with the external network system.
Description
Technical field
The utility model relates to network security product, says so exactly to be applied to the device of the exchange computer data of guaranteeing the accurate exchange of information security between computer system and the network information exchange.
Background technology
The application of network brings great convenience for our present life and work, for example information transmission timely, E-Payment, but because there are many potential safety hazards in the Internet, secret department of China country require government's office net must with the Internet physical isolation, though this has guaranteed the fail safe of internal network, but how to guarantee between two networks, to carry out safety, rapidly, exchanges data exactly, just become a problem demanding prompt solution.At present, general unit method in common is exactly manually to use the instrument of floppy disk as exchange files between the intranet and extranet, in case that the limitation of this method maximum is exactly a file is bigger, above the memory space of floppy disk, just has no idea to have utilized the floppy disk swap data.
For this reason, as improvement with the floppy disk swap data, some users' considerations are coiled with the bigger USB of capacity and are replaced floppy disk, though this has solved the problem of the memory space of data to a certain extent, artificial data exchange ways has a lot of operation inconvenience, file repeatedly need be shifted, also need on appointed equipment, just can transmit, and, can't manage the bad identification of responsibility out of joint concentratedly because exchange files is to disperse to carry out; Operating personnel's business or technical merit uneven can cause the examination of the data content that exchanged wide sternly immoderately, and misoperation is wayward; And the most important thing is that it can't accomplish regularly automatically to finish exchange files work, aspect the renewal of the E-Government that needs the frequent exchange data, webpage, obviously not good, a ripe solution.
Recently some companies have also released one after another and have solved the package of exchange files between isolation network or visit, as utilize and isolate fire compartment wall and add that some supplementary meanss such as intrusion detection carry out the exchanges data between the intranet and extranet, but because there is the possibility of being attacked in the switching plane of himself, simultaneously, because the defective in its design, the trojan horse program of some particular design also may be stolen sensitive information by this type systematic.
Summary of the invention
In order to solve the problem that exists in the available data exchange process, the utility model provides a kind of device of safely exchange computer data, this device can connect complete physics with inner and outside network and cut off, and can carry out transfer of data and exchange between the two effectively.
Another purpose of the present utility model provides a kind of computer data switch that can only exchange the safety of specific data, this device can be provided with unique hardware setting and carry out authentication, prevent inadvertent disclosure, make existing virus and the hacker can't the attacking network switching plane.
The utility model is achieved in that
A kind of device of safely exchange computer data, computer system has embedded computer system and external network system, it is characterized in that being provided with between embedded computer system and external network system the data security switch that the complete physics of said two devices can be cut off.
Be provided with the hard card that solidifies its operating system and application program in the described data security switch.
Described when embedded computer system employing internal network server, when the external network system adopted external network server, the data security switch can adopt the secure exchange server; When embedded computer system adopted independent computer, the data security switch can be set to independently hard disk, and the hard card that solidifies its operating system and application program directly is plugged in the PC slot of computer.
Described this device also is provided with guarantees the accurately encrypting and decrypting module of transmission of data.
Described this device can also wooden horse be set and unknown virus stops module, and to carrying three kinds of data files of wooden horse or virus: the word file of executable file, portability macrovirus, the script file that can utilize browser or VB to move are provided with interception.
Leak the classified information in the embedded computer system unintentionally for preventing the user, this device can also be provided with keyword and check module, the user can be provided with the keyword message that needs inspection as the case may be voluntarily, before the data of needs exchange are encrypted, automatically the data file is carried out keyword search, can transmit according to setting refusal the file that includes keyword, retransfer after perhaps pointing out the user to examine.
But described this device is configuration information audit module also, by this module being set, data directory in the time of can writing down swap data, the transmission situation of understanding data file.
This device is provided with special data storage areas, and the legitimacy authentication information of above-mentioned transfer of data is stored in the particular memory region of data security switch, and each startup can only be discerned once.This information does not externally all have backup on any computer in network system and the embedded computer system, makes and has only just qualified swap data of authorized user.
Core of the present utility model is to utilize the transition instrument of an intermediate data secure exchange device as exchanges data, this device is a platform with single-threaded operating system, utilize procotol to be connected with embedded computer system that NT or WINDOWS2000 SERVER version are installed or external network system (the normally webserver), then with these servers in the appointment Shared Folders set up network and hint obliquely at, at last the data of desire exchange are carried out swap operation.In exchange process, this intermediate data secure exchange device only is connected with a maintenance in embedded computer system, the external network system all the time, guarantee it whenever all is physically-isolated between embedded computer system and the external network system, and can carry out transfer of data and exchange between the two effectively, the utility model is applicable to the exchanges data of any computer of embedded computer system or many computer realization and external network system.
This method and apparatus can be provided with unique identity authorization system, prevents inadvertent disclosure, makes existing virus and the hacker can't the attacking network switching plane.
Description of drawings
Fig. 1 connects the structural representation of the inside and outside webserver for the utility model,
Fig. 2 is a structural representation of the present utility model,
Fig. 3 connects the circuit diagram of using pci card for the utility model,
Fig. 4 is the circuit diagram of RJ45 mouth.
Embodiment
As shown in Figure 1 and Figure 2, inner computer system is to connect by interior network server, and the external network system connects by outer network server, and the secure exchange server that carries out exchanges data is set in the middle of the two.The secure exchange server is provided with the hard card that solidifies its operating system and application program, and promptly this secure exchange server mainly is integrated on the PC server by a PCI plug-in card and forms, and it is used for finishing following work:
(1) when startup of server, can automatically perform boot on the card,
(2) this PCI plug-in card (in conjunction with shown in Figure 3) should provide the above memory space of 4M with deposit operation system and application program at least,
(3) dos operating system can be embedded in the card, and enter dos operating system as boot guidance system behind startup of server,
(4) provide flexible method to write and revise application program on the card,
(5) the program memory space on the card can be arranged to readable writing or read-only mode with the hand switch mode as required,
(6) on the card special area is set, these regional data must can read by special calling, and can only read once after the system start-up, and this zone is used for depositing sensitive datas such as networking information, encrypted ones,
(7) this PCI plug-in card integrated network card function, and two RJ45 mouths (in conjunction with shown in Figure 4) are arranged, connect intranet and extranet respectively, enter the intranet and extranet signal physical isolation in the card, by software control network interface card and which bar network line communication.
Also be provided with encrypting and decrypting module, wooden horse and unknown virus on the secure exchange server and stop module, keyword inspection module, information audit module, to strengthen the strick precaution to virus and external hacker, accuracy, the security management of transmission information.
The secure exchange server is built-in to be solidificated in dos operating system and all application programs on the hard card, and the hard disk on this server initially without any file, only is used for swap data in start.The data that exchanged can be finished exchange automatically by prior setting.
After the system hardware connection finishes, the switch that is provided with of secure exchange server is set, connect its power supply, system can enter automatically the interface is set, and content is set comprises: Intranet domain name and machine name, Intranet PWL file password, outer net domain name and machine name, the external user name, outer net PWL file password, interior network server sends data directory, interior network server receives data directory, Intranet sends the Data Filename feature, the file encryption password, outer network server sends data directory, outer network server receives data directory, outer net sends the Data Filename feature, whether outer net mails to intranet data encrypts, receive intranet data running time, receive the outer net data run time.
After setting up above-mentioned parameter, the system of secure exchange server is retained in the specific zone after this partial information is encrypted, and this zone is read-write being provided with under the state, but can only read under swap status and can not write; After finishing the reservation of above-mentioned information, just can carry out data exchange operation.
Shown in Figure 2, specific implementation of the present utility model comprises hard disk, CPU, PCI plug-in card and two RJ45 interfaces, CPU is main control assembly, it is connected with PCI plug-in card and hard disk respectively, the PCI plug-in card is integrated network card then, two RJ45 by its connection connect outer net and Intranet, but controlling outer net is not connected simultaneously with Intranet.
In concrete enforcement of the present utility model, encoder, decoder and information audit module also are set, to judge whether the being information that needs transmission or receive exactly, for reaching above-mentioned purpose, its main control section has:
(1) authentication part:
We are by encrypting with the password of user's input file, the password of setting with the keeper is encrypted then, judge then the method whether two files conform to judges whether a file is legal swap file, selecting for use and we have considered following problem during the design document cryptographic algorithm:
The intensity height of encrypting is difficult for being cracked by hacker and trojan horse program.
Enciphering rate is fast.
The file encryption password is not present in any station server and client to file encryption, is not present in encrypt file itself yet, but encrypt file is when arriving intermediate server, and the deciphering module of intermediate server should be able to judge whether this encrypted ones is correct.
For the purpose of safety, at the Intranet end to the encryption of file and slightly different to its processing procedure of file encryption from the outer net end: during in Intranet, the file that the user will exchange away at first should guarantee to carry classified information, in order to prevent that the user from divulging a secret unintentionally, before to file encryption, system can at first call content inspection module this document is carried out the keyword inspection.And when the outer net end, what at first should consider is to exchange into whether the file of Intranet contains virus, and therefore, system can call virus checker this document is carried out virus checking before exchange.
(2) exchange files part:
This part operates on the swap server, mainly finishes the work of following aspect:
The hardware of control swap server is connected with the network of appointment.
Read control information from the specific region.
User with appointment signs in to corresponding server.
With the specified server swap data.
Disconnect network,, delete file with wrong password encryption with the deciphering of the data file in the hard disk.
Restart server.
Below we introduce the above realization situation of introducing each several part respectively.
A. connect with different network and be to realize by the pci card that the front is introduced, this card can be provided with network connection state by an interrupt call, but only after machine restarted, this was provided with just and can comes into force, and guaranteed that like this one-shot of server can only connect a network.
B. at swap server with after interior or outer network server is connected, swap server signs in to interior or outer network server with the user of appointment with the NETBUI agreement.
C. be used for respectively setting up two share directories on the interior or outer network server of swap data, be used separately as and send data and reception data.At swap server with after this server is connected, swap server at first (is initially sky with all data in its hard disk, all be from the transmission catalogue of another one server, to duplicate to obtain later on) copy in the reception data directory, All Files in the deletion hard disk, from send data directory, duplicate All Files in the hard disk of swap server then, and in internal memory, set up the table of file name of these files.
D. because native system adopts is the operating system and the application program of solidifying, therefore unique function of hard disk is used for depositing swap file exactly on the intermediate server, that is to say on the hard disk that except depositing the data file that will exchange, other any file all is illegal data.Utilize this characteristics, in the exchange files process, we can carry out validity checking to the All Files in the hard disk, guarantee to have only the file that will exchange to be exchanged out.After All Files in sending catalogue copies to hard disk, disconnect network from hardware, this moment, specially designed hardware not permission system reconnected any one network before restarting, and at this moment, intermediate server becomes the stand-alone environment of a sealing.We just can adopt the method for a kind of being similar to " killing of dog behind closed doors " to check whether there is invalid data in the hard disk afterwards.At first All Files in the hard disk and the table of file name that before had been based upon in the internal memory are compared, all not files in table of file name are not the files of being come by system copies, and we assert that it is an invalid data, with its deletion.Then the All Files in the hard disk is decrypted processing, have only the file of correct encryption finally to be retained on the hard disk, whether final system also can be checked the word file of executable file, portability macrovirus, the script file that can utilize IE browser or VB to move according to keeper's setting decision, to prevent that trojan horse program from being exchanged.
E. set the network state that next time starts, restart computer, repeat with cocycle.
Whether (3) information audit part: audit software operates in the server end that is used for sending and receiving data, is used to write down all and carries out the operation of file read-write to sending data directory, write down this document simultaneously and successfully exchanged by document exchange system.In addition, this system also generates a cryptographic operation log sheet according to the information of swap server passback, and whether make things convenient for the client user to inquire about its file transfer operation successful.
Claims (8)
1, a kind of device of safely exchange computer data, computer system has embedded computer system and external network system, it is characterized in that being provided with between embedded computer system and external network system the data security switch that the complete physics of said two devices can be cut off.
2, the device of safely exchange computer data as claimed in claim 1 is characterized in that being provided with in the data security switch hard card that solidifies its operating system and application program.
3, the device of safely exchange computer data as claimed in claim 2, it is characterized in that described when embedded computer system employing internal network server, when the external network system adopted external network server, the data security switch can adopt the secure exchange server; When embedded computer system adopted independent computer, the data security switch can be set to independently hard disk, and the hard card that solidifies its operating system and application program directly is plugged in the PC slot of computer.
4, the device of safely exchange computer data as claimed in claim 1 is characterized in that this device also is provided with the encrypting and decrypting module of guaranteeing that data are accurately transmitted.
5, the device of safely exchange computer data as claimed in claim 1 is characterized in that described this device can also be provided with wooden horse and unknown virus stops module.
6, the device of safely exchange computer data as claimed in claim 1 is characterized in that this device can also be provided with keyword and check module.
7, the device of safely exchange computer data as claimed in claim 1, but it is characterized in that also configuration information audit module of described this device.
8, the device of safely exchange computer data as claimed in claim 4 is characterized in that this device is provided with special data storage areas.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200520067317 CN2845327Y (en) | 2005-11-09 | 2005-11-09 | Device for computer data switching exchange safely |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200520067317 CN2845327Y (en) | 2005-11-09 | 2005-11-09 | Device for computer data switching exchange safely |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN2845327Y true CN2845327Y (en) | 2006-12-06 |
Family
ID=37487269
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200520067317 Expired - Fee Related CN2845327Y (en) | 2005-11-09 | 2005-11-09 | Device for computer data switching exchange safely |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN2845327Y (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107508841A (en) * | 2017-08-25 | 2017-12-22 | 徐珊 | A kind of rete mirabile signaling alarm systems |
| CN107968787A (en) * | 2017-12-07 | 2018-04-27 | 徐珊 | A kind of rete mirabile signaling alarm systems of man-computer cooperation |
| CN116545749A (en) * | 2023-06-06 | 2023-08-04 | 智云算能科技(深圳)有限公司 | Intelligent data safety transmission system |
-
2005
- 2005-11-09 CN CN 200520067317 patent/CN2845327Y/en not_active Expired - Fee Related
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107508841A (en) * | 2017-08-25 | 2017-12-22 | 徐珊 | A kind of rete mirabile signaling alarm systems |
| CN107508841B (en) * | 2017-08-25 | 2021-02-12 | 徐珊 | Different network signal alarm system |
| CN107968787A (en) * | 2017-12-07 | 2018-04-27 | 徐珊 | A kind of rete mirabile signaling alarm systems of man-computer cooperation |
| CN116545749A (en) * | 2023-06-06 | 2023-08-04 | 智云算能科技(深圳)有限公司 | Intelligent data safety transmission system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111783075B (en) | Authority management method, device and medium based on secret key and electronic equipment | |
| CN102624699B (en) | Method and system for protecting data | |
| RU2408069C2 (en) | Coordinated authority | |
| JP5270694B2 (en) | Client computer, server computer thereof, method and computer program for protecting confidential file | |
| US8719956B2 (en) | Method and apparatus for sharing licenses between secure removable media | |
| KR101302135B1 (en) | Method and apparetus for encoding/decoding partial of data | |
| RU2463721C2 (en) | Method of sending electronic file | |
| WO2015019110A1 (en) | Secure data storage | |
| CN101297534A (en) | Method and apparatus for secure network authentication | |
| CN1964272B (en) | A method and device to safely exchange computer data | |
| CN1955971A (en) | Safety installation method suitable for Java application program | |
| US20190238560A1 (en) | Systems and methods to provide secure storage | |
| CN105827574A (en) | File access system, file access method and file access device | |
| CN1863038A (en) | Method of implementing control and management of applied program in terminal apparatus | |
| CN1655502A (en) | Method for guaranteeing the safety of electronic documents | |
| CN2845327Y (en) | Device for computer data switching exchange safely | |
| CN1194498C (en) | Content safe monitoring system based on digital label and its method | |
| WO2001073533A1 (en) | System and method for safeguarding electronic files and digital information in a network environment | |
| Loftus et al. | Android 7 file based encryption and the attacks against it | |
| KR101056423B1 (en) | Program Execution Management Method and Record Media Using Logged-In Account Control | |
| CN1193298C (en) | File protection system using storage card and its method | |
| KR101042218B1 (en) | A data security system for computer and security method | |
| RU2334272C1 (en) | Device protecting against unauthorised access to information | |
| CN115834155B (en) | Method for managing storage device passwords in a system using trusted computing technology | |
| CN2927185Y (en) | Data safety transmission equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C19 | Lapse of patent right due to non-payment of the annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |