[go: up one dir, main page]

WO2024242485A1 - Procédé et appareil de séparation de réseau physique sur la base d'un seul pc - Google Patents

Procédé et appareil de séparation de réseau physique sur la base d'un seul pc Download PDF

Info

Publication number
WO2024242485A1
WO2024242485A1 PCT/KR2024/007002 KR2024007002W WO2024242485A1 WO 2024242485 A1 WO2024242485 A1 WO 2024242485A1 KR 2024007002 W KR2024007002 W KR 2024007002W WO 2024242485 A1 WO2024242485 A1 WO 2024242485A1
Authority
WO
WIPO (PCT)
Prior art keywords
network
operating system
virtual machine
web browser
machine software
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
PCT/KR2024/007002
Other languages
English (en)
Korean (ko)
Inventor
윤동구
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Storagean Inc
Original Assignee
Storagean Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from KR1020240012738A external-priority patent/KR20240168829A/ko
Priority claimed from KR1020240066664A external-priority patent/KR20240168871A/ko
Application filed by Storagean Inc filed Critical Storagean Inc
Publication of WO2024242485A1 publication Critical patent/WO2024242485A1/fr
Anticipated expiration legal-status Critical
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F1/00Details not covered by groups G06F3/00 - G06F13/00 and G06F21/00
    • G06F1/16Constructional details or arrangements
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F13/00Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
    • G06F13/38Information transfer, e.g. on bus
    • G06F13/42Bus transfer protocol, e.g. handshake; Synchronisation
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F15/00Digital computers in general; Data processing equipment in general
    • G06F15/16Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs
    • G06F15/163Interprocessor communication
    • G06F15/173Interprocessor communication using an interconnection network, e.g. matrix, shuffle, pyramid, star, snowflake
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • G06F21/83Protecting input, output or interconnection devices input devices, e.g. keyboards, mice or controllers thereof
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/01Input arrangements or combined input and output arrangements for interaction between user and computer
    • G06F3/048Interaction techniques based on graphical user interfaces [GUI]
    • G06F3/0481Interaction techniques based on graphical user interfaces [GUI] based on specific properties of the displayed interaction object or a metaphor-based environment, e.g. interaction with desktop elements like windows or icons, or assisted by a cursor's changing behaviour or appearance
    • G06F3/0482Interaction with lists of selectable items, e.g. menus
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Definitions

  • the present invention has been criticized for the following problems: although the existing physical network separation environment using two PCs is secure from a security perspective, the hardware introduction budget and software license purchase costs are doubled because it consists of two PCs, it takes up a lot of installation space, and it consumes a lot of power.
  • the present invention uses one PC, but allows the user to independently install an operating system for an internal network and an operating system for an external network, and allows the PC to boot with either the operating system for the internal network or the operating system for the external network according to the user's selection.
  • the present invention relates to a physical network separation technology in which a web browser launched in virtual machine software and/or a web browser launched in the main screen is monitored by the device driver of the present invention to control the activation or deactivation of the network adapter of the virtual machine software and the network adapter of the main screen, and at the same time, to transmit the information to the hardware side of the present invention through a PCI Express or low-speed USB interface means, so that when the network adapter of the virtual machine software is activated, the network separation network dongle connected to the internal/external network in hardware selects the external network, and conversely, when the network adapter of the main screen is activated, the network separation network dongle also selects the internal network, thereby allowing physical network separation to be maintained even in a single PC environment.
  • the PC When a PC user presses the power button to use the PC, the PC starts booting, and during this process, the PC connects to a network regardless of the user's will, and even for the built-in disk device for user data that does not have an operating system installed, it maintains a connection state even after recognizing the device. As a result, when the PC is booted and can be used, the built-in disk device for user data is exposed to the network, making the PC hackable before the user can finally use his or her PC.
  • virtual machine software is used for external network access in order to provide a usage environment similar to using two PCs as described above while using one PC, while maintaining physical network separation.
  • the device driver used for the single PC-based physical network separation of the present invention monitors the virtual machine software and/or the web browser launched on the main screen, and in particular, when the web browser is launched simultaneously on the virtual machine software and the main screen, the network control operation for allowing the web browsers on both sides to run without interruption is performed in a manner in which the device driver proactively performs the network control operation, or in a manner in which the hardware proactively performs the network connection or switching operation through the network separation control unit of the physical network separation control means, so that the network connection or switching operation is repeatedly performed at regular intervals.
  • the device driver naturally keeps the network blocked, and also keeps the built-in disk device for user data blocked if the user does not access the disk device. This prevents the disk device from being exposed to the network even if the user launches a web browser and uses the network, thereby providing a highly complete PC security environment.
  • FIG. 1 is a drawing showing a conventional physical network separation environment (10) using two PCs.
  • a user using a network separation PC accesses the Internet using a PC main body (11) for an external network and a monitor (13) connected thereto to find data required for work reference and display it on the monitor (13), and then looks at a PC main body (17) for an internal network and a monitor (15) connected thereto to write a report or other tasks, only two PC main bodies (11, 17) and two monitors (13, 15) are required.
  • the single PC-based physical network separation of the present invention maintains the security effect of the reliable physical network separation using two conventional PCs, while presenting solutions to the disadvantages pointed out so far, such as high construction cost, large space occupancy, high power consumption, and maintenance.
  • the network is connected along with the PC booting, and the built-in disk device is exposed to the connected network, making it possible for the PC to be hacked at the time of PC use.
  • the network is kept in a blocked state, and even if the web browser is started and the network is connected, the disk device for user data is kept in a blocked state unless the user accesses it, so that the disk device is not exposed on the network even while using the Internet.
  • the single PC-based physical network separation method and device of the present invention for achieving the above purpose comprises: a first network adapter provided for a main screen when an operating system is booted; a second network adapter provided for virtual machine software installed in the operating system; a device driver installed in the operating system and monitoring a web browser launched from the main screen and/or the virtual machine software; a physical network separation control means including an interface conversion unit for receiving or transmitting various status information with the device driver, a network connection means to which a network cable for an internal network and a network cable for an external network are connected, and a network separation control unit for generating various control signals including a connection control signal for the network connection means according to the status information value received through the interface conversion unit;
  • the device driver detects that a web browser has been launched on the main screen, switches the first network adapter to a used state and the second network adapter to an unused state, and simultaneously transmits to the physical network separation control means information on the state in which the web browser of the main screen or the first network adapter is used,
  • a first network adapter equipped for the main screen when the operating system is booted a second network adapter equipped for virtual machine software installed in the operating system; a device driver installed in the operating system and monitoring a web browser launched from the main screen and/or the virtual machine software; a physical network separation control means through which a network cable for an internal network and a network cable for an external network are connected and connected to the device driver through an interface means;
  • the device driver detects that a web browser is launched or later selected and activated on the main screen and/or the virtual machine software, and transmits status information to the physical network separation control means, and the physical network separation control means performs, as a subsequent operation, if it is determined that the web browser is launched only on the main screen, the internal network is connected and at the same time, network connection information is transmitted to the device driver, so that the device driver switches the first network adapter of the main screen to a used state and the second network adapter of the virtual machine software to an unused state; if it is determined that the web browser is launched only on the
  • network connection information is transmitted to the device driver side so that the device driver switches the first network adapter of the main screen to a used state and the second network adapter of the virtual machine software to an unused state, and then after a certain period of time, an external network is connected, and at the same time, network connection information is transmitted to the device driver side so that the device driver switches the first network adapter of the main screen to a unused state and the second network adapter of the virtual machine software to a used state, and then after a certain period of time, an external network is connected, and at the same time, network connection information is transmitted to the device driver side so that the device driver switches the second network adapter of the virtual machine software to a used state and the first network adapter of the main screen to an unused state, and then after a certain period of time, an internal network is connected, and at the same time, network connection information is transmitted to the device driver side so that the device driver switches the second network adapter of the virtual machine software to a used state and the first network adapter of the main screen to an unused state
  • the physical network separation control means which comprises: an interface conversion means for receiving status information about a network browser that is started or later activated in the main screen and/or virtual machine software detected by the device driver, or a network adapter that is later set to a used state; a network separation control unit that is connected to the interface conversion means and generates an internal network or an external network selection signal according to the received status information; and a network connection means for selecting and connecting an internal network or an external network according to the network selection signal output from the network separation control unit; wherein, if the status information value received by the network separation control unit from the interface conversion means is that the web browser of the main screen is activated, the network connection means is connected to an internal network, and if the web browser of the virtual machine software is activated, the network connection means is connected to an external network.
  • a USB-C type connector for connection with a notebook PC; a low-speed USB hub (HUB) connected to low-speed USB pins provided in the USB-C type connector to expand a first low-speed USB connection signal and a second low-speed USB connection signal; a high-speed interface signal conversion unit connected to the high-speed USB pins provided in the USB-C type connector to convert into the same interface as an M. 2 SSD on which an operating system is installed; a high-speed interface signal switching means connected to the high-speed interface signal conversion unit; an M. 2 SSD on which an operating system for an internal network is installed and an M. 2 SSD on which an operating system for an external network is installed, which are respectively connected to the high-speed interface signal switching means and the M.
  • a low-speed interface conversion means connected to the low-speed USB hub and the first low-speed USB signal; a network separation control unit connected to the low-speed interface conversion means to receive status information transmitted from a device driver or to output whether the booted operating system is by the M. 2 SSD for the internal network or the M.
  • a physical network separation dongle comprising: a network connection means which is connected to the low-speed USB hub through the second low-speed USB connection signal, and which connects the internal network or the external network according to the internal network or external network selection signal output from the network separation control unit; a power supply which is connected to the power pins provided in the USB-C type connector and generates power used internally; and a printed circuit board for mounting parts of each of the components; wherein the control unit causes the network connection means to be connected to the internal network when the web browser received from the device driver through the low-speed interface conversion means is a web browser of the main screen or a network adapter of the main screen is used, and causes the network connection means to be connected to the external network when the web browser received from the device driver is a web browser of virtual machine software or a network adapter of the virtual machine software is used.
  • Figure 1 is a drawing showing a physical network separation usage environment using two conventional PC main bodies and two monitors.
  • FIG. 2 is a block diagram for physical network separation based on a single PC according to the present invention, which shows physical network separation operation by displaying an internal network web browser on the main screen and an external network web browser on the virtual machine software screen according to organic operation between a device driver and a network separation control unit.
  • FIG. 3 is an execution screen of an embodiment showing a web browser displayed on a main screen used for an internal network on a monitor (100) shown in the block diagram of FIG. 2 according to the present invention and a web browser displayed on virtual machine software used for an external network.
  • FIG. 4 is a block diagram illustrating the embodiment of the present invention according to the present invention, and is an example of a single PC-based physical network separation means for a desktop PC, which comprises a network separation PCIe card, a network separation network dongle as a network connection means, a network selection means, and an M.2 adapter card in which two M.2 SSDs, each of which has an operating system for internal and external networks installed, are combined.
  • Fig. 5 is a circuit configuration of an embodiment of the low-speed USB interface unit provided in Fig. 4.
  • FIG. 6 is a flowchart of a device driver showing a single PC-based physical network separation operation of the present invention.
  • Figure 7 is a block diagram of a physical network separation dongle for realizing physical network separation for a notebook PC according to the present invention.
  • FIG. 8 is an embodiment of a physical network separation dongle for a notebook PC that embodies the hardware of the block diagram of FIG. 7 of the present invention.
  • FIG. 2 is a block diagram for physical network separation based on a single PC according to the present invention, in which the physical network separation operation is performed by displaying the internal network web browser (103) on the main screen (101) and the external network web browser (105) on the virtual machine software screen (107) together with the execution screen of the embodiment illustrated in FIG. 3 according to the organic operation between the device driver (B15) and the network separation control unit (B7).
  • the blocks or components are examined according to the indicated symbols as follows.
  • the physical network separation control means (B2) is composed of a network separation control board (B8), a network connection means (B6), and a network selector (B5), and is configured in such a way that an M.2 SSD (B20) with an operating system for an internal network installed and an M.2 SSD (B22) with an operating system for an external network are inserted into two M.2 adapter cards (B23, B25) that are connected to two M.2 connectors (not shown) provided on a motherboard (not shown) of a PC (B1), respectively.
  • the network separation control board (B8) corresponds to the physical network separation card (200) illustrated in Fig. 4.
  • the specific components will be described in detail in the physical network separation card (200) illustrated in Fig. 4. The following is an explanation of how a single PC-based physical network separation is configured.
  • a network separation control unit (B7) equipped in a physical network separation control means (B2) installed in a PCI Express slot (not shown) equipped on a motherboard (not shown) of the PC (B1) performs a booting operation according to a pre-set value (i.e., an operating system for an internal network when shipped from the factory, or an operating system previously specified by a network selector (B5)).
  • a pre-set value i.e., an operating system for an internal network when shipped from the factory, or an operating system previously specified by a network selector (B5).
  • the network separation control unit (B7, 217) determines that it is the same operating system as the currently booted internal network operating system, then when the user selects one of the power options among system shutdown, maximum power saving mode, or restart and the PC (B1) is shut down, the network separation control unit (B7) maintains the reset signal for the M.2 adapter card (B23, 501) combined with the M.2 SSD (B20, 511) having the currently booted operating system installed in a released state so that it can be booted again with the internal network operating system, and at the same time, the M.2 adapter combined with the M.2 SSD (B22, 611) having an external network operating system that is not currently selected
  • the network isolation control unit (B7, 217) determines that it is an external network operating system and not the currently booted internal network operating system, and then when the user selects one of the power options among system shutdown, hibernation, or restart and the PC (B1) is shut down, the network isolation control unit (B7) maintains the reset signal set for the M.2 adapter card (B23, 501) to which the M.2 SSD (B20, 511) to which the currently booted operating system is installed is combined so that it cannot be booted again with the internal network operating system, and at the same time, maintains the reset signal released for the M.2 adapter card (B25, 601) to which the M.2 SSD (B22, 611) to which the external network operating system that is not currently selected is combined so that it can be booted with the external network operating system.
  • the device driver (B15) transmits this state to the network separation control unit (B7) by causing the GP0 pin and GP1 pin of the low-speed USB interface unit (220) shown in Fig. 5 to be output in a HIGH state.
  • the device driver (B15) switches the network adapter (B11) of the main screen (101) used for the internal network to the used state and the network adapter (B13) of the virtual machine software (107) to the unused state, and at the same time, transmits the GP0 pin of the low-speed USB interface unit (220) shown in Fig. 5 to the LOW state and the GP1 pin to the HIGH state to the network separation control unit (B7).
  • the device driver (B15) switches the network adapter (B13) of the virtual machine software (107) used for the external network to the used state and the network adapter (B11) of the main screen (101) to the unused state, and at the same time, transmits the GP0 pin of the low-speed USB interface unit (220) shown in Fig. 5 to the HIGH state and the GP1 pin to the LOW state to the network separation control unit (B7).
  • the device driver (B15) switches to a used state for the network adapter (B11 or B13) of the location where the web browser (103, 105) launched later is opened among the main screen (101) or the virtual machine software (107), and switches to an unused state for the network adapter (B11 or B13) of the location where it was opened first, and at the same time outputs the GP0 pin and the GP1 pin of the low-speed USB interface unit (220) illustrated in FIG. 5 so as to correspond to the main screen (101) or the virtual machine software (107) to which the web browser (103, 105) launched later belongs.
  • the device driver (B15) switches the network adapter (B11 or B13) of the location to which the web browser (103, 105) that was later activated by the user through a mouse (not shown) click, etc., among the main screen (101) or the virtual machine software (107) to a used state, and switches the network adapter (B11 or B13) for the web browser (103, 105) that was activated first to a not-used state, and at the same time outputs the GP0 pin and the GP1 pin of the low-speed USB interface unit (220) shown in FIG. 5 so that they correspond to the main screen (101) or the virtual machine software (107) to which the web browser (103, 105) that was later activated by the user through a mouse (not shown) click, etc.
  • the operation of setting the device driver (B15) to a used or unused state for the network adapter (B11, B13) is performed in the network switching unit (B10) in the block diagram of Fig. 2.
  • the network separation control section (B7) When the device driver (B15) transmits the output results for the GP0 pin and GP1 pin of the low-speed USB interface section (220) described above to the network separation control section (B7), the network separation control section (B7) reads the input for the GP0 pin and GP1 pin and outputs the following network selection signal to the network separation network dongle (300) corresponding to the network connection means (B6).
  • the device driver (B15) outputs the following to the GP0 pin and GP1 pin of the low-speed USB interface unit (220)
  • the settings for the network adapter (B11, B13) are made under the initiative of the network separation control unit (B7).
  • the network separation control unit (B7) inputs a DYNAMIC_NET_SEL_INT_L__EXT_H signal to the GP2 pin used as an input pin, causing the device driver (B15) to connect the network adapter (B11, B13) to the internal network or to the external network by referring to ‘control signal-2’ (indicated by a dotted line).
  • the network separation control unit (B7) inputs a control signal input to the GP2 pin at regular intervals by repeating LOW/HIGH at regular intervals, and the time setting information for the regular interval is set by the user selecting one of the selection buttons displayed as 10 seconds, 20 seconds, 30 seconds, ... 60 seconds in the form of radio buttons on the graphical user interface (GUI, not shown), and the device driver (B15) transmits this to a register (not shown) equipped in the network separation control unit (B7) through the UART port (UART_Rx, UART_Tx), which is a general-purpose serial interface equipped in the low-speed USB interface unit (220), thereby setting the driving cycle.
  • UART_Rx, UART_Tx which is a general-purpose serial interface equipped in the low-speed USB interface unit (220
  • FIG. 4 is a drawing that concretizes the block diagram of FIG. 2 according to the present invention, and in detail, it shows a physical network separation card (200), a network separation network dongle (300) corresponding to a network connection means (B2), a network selection means (400) concretizing a network selector (B5), and an M. 2 adapter card and M. 2 SSD (500) for a business network (or, internal network) and an M. 2 adapter card and M. 2 SSD (600) for the Internet (or external network) concretizing an M. 2 adapter card (B23, B25) in which an M. 2 SSD (B20) having an internal network operating system installed and an M. 2 SSD (B22) having an external network operating system installed are respectively combined.
  • the functions of each component according to the symbol are as follows.
  • the components provided on the outside of the PCIe Bracket (201) of the physical network separation card (200) are as follows.
  • Two LED modules (203, 204) are arranged at the top, and only the circular head portion of the LED protrudes outside the PCIe Bracket (201).
  • the LED module (203) provided at the upper outer portion lights up
  • the TACT (or TACTILE) switch (205) is connected to the control unit (217), and operates as a built-in network selection means when the network selection means (400) is not connected to the USB Type-C port at the bottom, and when connected, it is used to perform a short operation test of one-tenth of the set timer value to determine whether the timer operates properly according to the set timer value when the built-in disk device is used with the timer in wired mode, or to distinguish devices in wireless mode.
  • the control unit (217) sets the internal network or external network selection bit in a toggle manner, and the network selection bit set in this way is transmitted as a control signal for selecting the operating system to be booted for the M.2 adapter card (500) combined with the M.2 SSD (511) with the internal network operating system installed corresponding to the corresponding network or the M.2 adapter card (600) combined with the M.2 SSD (611) with the external network operating system installed at the next boot.
  • the two USB Type-C connectors (207, 209) are used to connect a network isolation network dongle (300) and a network selection means (400), respectively.
  • the network isolation network dongle (300) and the network selection means (400) are connected to the USB Type-C connector (207) indicated as ND (Network Dongle) with reference to the marks engraved on the PCIe Bracket on the outside of the two USB Type-C connectors (207, 209), and the network isolation network dongle (300) is connected to the USB Type-C connector (207) indicated as NS (Network Selector), and the network selection means (400) is connected to the USB Type-C connector (209) indicated as NS (Network Selector).
  • the +12V power supplied through the PCIe Edge-Finger portion (221) to the power pin (not shown) of the USB Type-C connector (207, 209) may be input to the power portion (219) and generated as a +5V output voltage, which is a typical USB power voltage, and applied thereto.
  • the low-speed USB interface portion (220) described later is connected to a low-speed USB connection port equipped on a motherboard (not shown) using a separate cable (not shown)
  • the +5V power supplied from the motherboard may be used as the input power of the USB Type-C connector (207, 209).
  • a network selection signal output from the network selection means (400) is connected to the control unit (217), and depending on the level of this signal, the control unit (217) and the control unit (309) provided on the network separation network dongle (300) recognize the network selection information set by the user in the current state.
  • the other pin of the USB Type-C connector (207) to which the network separation network dongle (300) is connected transmits a network cable separation status signal, which is the result of the network separation network dongle (300) monitoring the connection status of the network cable (not shown) for PC connection, and inputs it to the control unit (217).
  • the antenna connection terminal (211) is connected to an external Bluetooth antenna when the physical network separation card (200) is used in wireless mode by setting the DIP switch (215).
  • the DIP switch (215) is used with at least two knob switches, and the first switch knob is used to set whether to use the control unit (217) with the built-in wireless communication function block in wired mode by disabling the wireless communication function block or to use it in wireless mode by activating the wireless communication function block, and the second switch knob is used to set whether to apply a timer function to the built-in disk device for user data connected to the SATA connector (227, 229) and to switch to a disconnected state after a certain period of time has elapsed according to the set timer after the user switches the disk device to a connected state, or to maintain the connected state until the user switches it to a disconnected state.
  • the cover opening/closing drive unit (213) is used to prevent users using a single PC-based physical network separation PC from arbitrarily opening the side cover of the desktop PC without the permission of an administrator to arbitrarily manipulate the DIP switch (215) that enables wired/wireless settings or arbitrarily cross-connect the built-in disk device cable for user data connected to the physical network separation card (200). It is used to drive a solenoid (not shown) that is used for a purpose similar to a lock by being connected to a fingerprint recognition device (not shown).
  • the network selection means (400) on the USB Type-C connector (207, 209) may be replaced with a button (not shown) provided by an app installed on the user's smartphone (not shown), and thus may not be connected. Since the network separation network dongle (300) must be supplied with power, it must be connected to the USB connector (207) provided on the physical network separation card (200).
  • the power supply unit (219) receives +12V voltage from the PCIe Edge-Finger unit (221) to generate power used within the physical network separation card (200), and, if necessary, also generates +5V power supplied to the USB Type-C connector (207, 209).
  • a DC-to-DC Step-down converter (not shown) is used to generate power.
  • the low-speed USB interface section (220) is for the interface between the control section (217) and the device driver (B15), and in FIG. 4, it can be implemented using a PCI Express ⁇ USB2.0 conversion IC (not shown) connected to the PCIe Edge-Finger section (321), but it can also be connected to the control section (217) using a box-type connector (not shown) that provides a USB2.0 port (not shown) provided on a motherboard (not shown) and a separate cable (not shown), and connected in the following interface manner.
  • control unit (217) In the connection between the control unit (217) and the connector provided in the low-speed USB interface unit (220), if the control unit (217) supports a USB2.0 interface pin, it can be directly connected with a USB2.0 signal, or if it is desired to connect a USB2.0 signal with a universal serial interface, it can be connected using a low-speed USB to UART (Universal Asynchronous Receiver / Transmitter) conversion IC, a low-speed USB to I2C conversion IC, or a low-speed USB to GPIO (General Purpose I/O) conversion IC.
  • UART Universal Asynchronous Receiver / Transmitter
  • the designated pins of the conversion IC are defined as input pins or output pins and then connected so that they can be interfaced with the control unit (217) by signal level.
  • a SATA connector (227, 229) for connecting an internal disk device for user data
  • a 3.5-inch hard disk drive (not shown) or a 2.5-inch SSD (not shown) is connected
  • an M.2 SSD connector (not shown) is provided, an M.2 SSD (not shown) is connected and used together with an M.2 adapter card (501, 601).
  • SATA connectors (227, 229) are used for the purpose of connecting an embedded disk device for user data
  • these connectors are connected to a bidirectional multiplexer/demultiplexer (225), and the bidirectional multiplexer/demultiplexer (225) is then connected to a SATA connector (331) for connection to a motherboard, and is connected to a SATA connector (not shown) provided on the motherboard using a separately provided SATA cable (not shown).
  • a bidirectional multiplexer/demultiplexer (225) is connected to a SATA connector (229) to which a disk device (not shown) for user data for an internal network is connected and a SATA connector (227) to which a disk device (not shown) for user data for an external network is connected.
  • the control unit (217) If a PC with a physical network separation card (200) installed is booted and booted with an M.2 SSD (511) with an operating system for an internal network, the control unit (217) outputs a signal that connects the disk selection signal (SEL) of the bidirectional multiplexer/demultiplexer (225) to the SATA connector (229) to which a disk device (not shown) for user data for the internal network is connected, and when the user presses the built-in disk device connection/disconnection switch (407) for user data provided on one side of the network selection means (400) input to the control unit (217), the control unit (217) outputs a PD (Power Down, power cutoff) signal in a LOW state or a HIGH state.
  • SEL disk selection signal
  • PD Power Down, power cutoff
  • the disk device (not shown) for user data for the internal network is put into the disk connection state when booted by the internal network operating system by the disk selection signal of the bidirectional multiplexer/demultiplexer (225), and when booted by the external network operating system, the disk device (not shown) for user data for the external network is put into the disk connection state.
  • the M.2 adapter connection part (223) is composed of a connector (not shown) for connecting an internal network operating system, which is connected by a cable (not shown) separately provided from a connection port (507) provided on an M.2 adapter card (501) to which an M.2 SSD (511) having an internal network operating system installed is connected, and a connector (not shown) for connecting an external network operating system, which is connected by a cable (not shown) separately provided from a connection port (607) provided on an M.2 adapter card (601) to which an M.2 SSD (611) having an external network operating system installed is connected.
  • the power switch connection part (224) is formed by separating a two-strand integrated wire harness that is connected to the power switch (not shown) of the PC and the header pin (not shown) for power switch connection provided on the motherboard (290) from the motherboard (not shown), and connecting the wire harness that was separated from the motherboard (290) to a male type pin terminal (not shown) protruding on the upper right side of a 'Y'-shaped wire harness (not shown) additionally provided for the present invention so that the colors (red and black) with the correct polarity are matched to each other, and then connecting a female type housing connector (not shown) provided on the upper left side of the 'Y'-shaped wire harness to a 2.54 mm pitch 2-pin header pin that constitutes the power switch connection part (324).
  • the pin to which the red wire of the ‘Y’-shaped wire harness (not shown) corresponding to the + polarity of the header pin (not shown) for the power switch is connected is connected to any I/O pin provided in the control unit (217) to transmit the pressed state of the power switch (not shown) of the PC to the control unit (217) or transmit the power switch control signal output from the control unit (217) to the header pin for power switch connection provided in the motherboard (not shown).
  • the network separation network dongle (300) corresponds to the network connection means (B6) in the block diagram of Fig. 2, and is connected to a USB Type-C connector (209) engraved with ND (Network Dongle) provided on the outside of the PCIe Bracket (201) of the physical network separation card (200) and a separate USB cable (not shown), and receives power from the physical network separation card (200) side, receives a reset signal from the control unit (217, corresponding to the network separation control unit (B7)) and a signal regarding whether a web browser has been started as status information received from the device driver (B15) side, and transmits status information regarding whether a network cable (C1) connected to a PC has been disconnected to the control unit (217).
  • ND Network Dongle
  • the network dongle (300) is equipped with three RJ45 Ethernet connectors.
  • the RJ45 Ethernet connector (305) arranged alone next to the USB Type-C connector (307) is for connection to the network port (B9) equipped on the PC (B1), and among those arranged side by side on the opposite side, one is an RJ45 Ethernet connector (301) to which an internal network (B3) cable is connected, and the other is an RJ45 Ethernet connector (303) to which an external network (B4) cable is connected.
  • a bidirectional multiplexer/demultiplexer (not shown) IC for Ethernet is provided as an element constituting the network separation network dongle (300), so that the network signal of the RJ45 Ethernet connector (301) to which the network (B3) cable for the internal network is connected is connected via a magnetic coil (313) for signal insulation, and the network signal of the RJ45 Ethernet connector (303) to which the network (B4) cable for the external network is connected is also connected via a magnetic coil (313).
  • the control unit (309) receives status information about a web browser input through the USB Type-C connector (307) described above and transmits a control signal to a bidirectional multiplexer/demultiplexer (not shown) equipped on the lower surface of the network separation network dongle.
  • the bidirectional multiplexer/demultiplexer selects a signal from either the internal network (B3) or the external network (B4) based on the control signal and transmits the signal to the network port (B9) equipped on the PC (B1) side through a cable (C1) connected to the RJ45 Ethernet connector (305).
  • the PD (Power Down) pin for the bidirectional multiplexer/demultiplexer (not shown) is switched to a HIGH state so that both the internal network (B3) and the external network (B4) are blocked.
  • the network separation network dongle (300) blocks the network signal to prevent the PC (B1) from being exposed to the network.
  • the organic operation with the device driver (B15) and the block diagram of FIG. 2 and the example of the embodiment of FIG. 4 will be described in detail later in the operation flowchart of FIG. 6.
  • the network selection means (400) is connected to the USB Type-C connector (403) using a separately provided USB cable (not shown) to the USB Type-C connector (211) provided side by side with the NS mark on the outside of the PCIe Bracket (201).
  • the network selection switch (401) is used when booting a different operating system from the internal network to the external network or from the external network to the internal network while the PC (B1) is booted and in use.
  • the USB Type-C connector (403) receives +5V power from the physical network separation card (200), receives a network signal for connection status along with an LED (405) driving signal, and transmits a signal by the network selection switch (401) and a signal for connecting or disconnecting a disk device for user data to the network separation control unit (B7, corresponding to 217 in FIG. 4).
  • the LED (405) is lit by receiving a driving signal output from the control unit (217).
  • an M.2 SSD (B20, corresponding to 511 in FIG. 4) on which an operating system for an internal network is installed, it is driven in green, and when booted by an M.2 SSD (B22, corresponding to 611 in FIG. 4) on which an operating system for an external network is installed, it is driven in red.
  • the LED flashes alternately from the color that was used during booting to another color, indicating that the user's pressing of the network selection switch (401) has been transmitted to the control unit (217) and recognized.
  • the current network connection status connected by the network connection means (B6) is displayed as an internal network or an external network depending on whether a web browser is started or activated on the main screen (101) or virtual machine software (107), and for this purpose, an LED (not shown) separate from the LED (405) that displays the booted operating system is provided and displayed.
  • the built-in disk device connection/disconnect switch (407) for user data is used to connect or disconnect the disk device (not shown) for user data connected to the SATA connector (227, 229) in a toggle manner by pressing this switch (407).
  • the LED (409) for indicating the connection status of the built-in disk device for user data for an external network indicates the connection (lit) status and the disconnection (lit) status of the built-in disk device for user data for an external network (not shown) according to pressing the connection/disconnection switch (407) for the built-in disk device for user data for an internal network, and the LED (411) for indicating the connection status and the disconnection (lit) status of the built-in disk device for user data for an internal network (not shown) according to pressing the connection/disconnection switch (407) for the built-in disk device for user data for an internal network.
  • FIG. 5 is a circuit configuration of an embodiment of a low-speed USB interface part provided in FIG. 4. The explanation continues with the pin numbers of the IC used as the embodiment and the pin names and assigned signal names.
  • Pin 1 is a power pin, and in the physical network separation card (200) of the present invention, +3.3V is the internal power supply, so it is connected to this power supply.
  • Pin 2 is a GPIO (General Purpose Input/Output) pin, the pin name is GP0, and it is set as an output pin.
  • GPIO General Purpose Input/Output
  • Pin 3 is a GPIO (General Purpose Input/Output) pin, the pin name is GP1, and it is set as an output pin.
  • GPIO General Purpose Input/Output
  • the web browser When the web browser is running on the main screen used as the internal network, it is output as a LOW signal level, and when the web browser is closed, it is output as a HIGH signal level, and the signal name is MW_WB_OPEN___CLOSE_H.
  • Pin 4 is a power pin, and in the physical network separation card (200) of the present invention, +3.3V is the internal power supply, so it is connected to this power supply.
  • Pin 5 is a GPIO (General Purpose Input/Output) pin, the pin name is GP2, and it is set as an input pin so that the control unit (217) outputs by referencing the GP0 signal of No. 1 or the GP1 signal of No. 2, and the signal name is DYNAMIC_NET_SEL_INT_L__EXT_H.
  • GPIO General Purpose Input/Output
  • the device driver (B15) refers to this signal and, when it is LOW, designates the network adapter of the main screen as being used and the network adapter of the virtual machine software as being unused. Conversely, when this signal is HIGH, the device driver (B15) designates the network adapter of the main screen as being unused and the network adapter of the virtual machine software as being used.
  • this signal is set to an output pin so that the control unit (217) switches the disk device for user data to a connected state when this signal is LOW, and to a disconnected state when this signal is HIGH.
  • Pin 6 is a GPIO (General Purpose Input/Output) pin, the pin name is GP3, and when it is set as an input pin and the signal output from the control unit (217) is LOW, it indicates that the booting was done by the M.2 SSD (511) on which the internal network operating system is installed, and when it is HIGH, it indicates that the booting was done by the M.2 SSD (611) on which the external network operating system is installed.
  • GPIO General Purpose Input/Output
  • the device driver (B15) that receives this signal controls the network connection and virtual machine software differently when booted by an operating system for an internal network and when booted by an operating system for an external network. This will be described in detail in the operation flow diagram illustrated in Fig. 6.
  • Pin 7 is a pin used as an SDA signal, which is used as a data signal pin in a serial interface using the I2C interface method. However, in the present invention, it is explained by replacing it with a serial interface of another method (i.e., UART) together with the SCL signal.
  • UART another method
  • Pin 8 is the SCL signal used as a clock signal pin in the serial interface using the I2C interface method.
  • Pins 9 and 10 are pins used for low-speed USB interface purposes, and a PCI Express to low-speed USB conversion IC (not shown) connected to the PCIe Edge-Finger section (221) may be provided, and the connector may be connected to the motherboard via the PCIe Edge-Finger.
  • a low-speed USB connection port provided on the motherboard and a connection connector (not shown) provided in the low-speed USB interface section (220) may be connected using a separate cable (not shown).
  • connection connector (not shown) provided in the low-speed USB interface section (220) is connected to the low-speed USB port provided in the motherboard (not shown) using a separate cable (not shown), in addition to the low-speed USB signals being connected from the motherboard (not shown), +5V power can be supplied, and thus, it is possible to supply this power to the power pins provided in the USB Type-C connectors (207, 209) provided in the physical network separation card (200).
  • Pin 11 is a reset pin, the pin name is RESET#, and is connected to the PERST# pin, which is a reset signal pin provided in the PCIe Edge-Finger section (221).
  • Pins 12 and 13 are universal serial interface (UART) pins, which are connected to the control unit (217) and can be used as replacements for the GPIO pins 2, 3, 5, and 6.
  • UART universal serial interface
  • the device driver (B15) can send/receive 64 bits of data at a time if it is a 64 bit operating system, it can be more appropriately utilized when more diverse status information and control bits are required, such as when interfacing with 3rd party software is required.
  • Pin 14 is the ground pin.
  • FIG. 6 is a flow chart of a device driver (B15) that displays a single PC-based physical network separation operation of the present invention. The following shows how a single PC-based physical network separation operation can be achieved through organic operation with the detailed functional blocks mentioned in FIGS. 2 to 5 described above.
  • the device driver (B15) When the PC is powered on (S1) as a starting step, the device driver (B15) performs the following initial state setting changes as its first operation.
  • the device driver (B15) reads the signal level being input to the GP3 input pin of the low-speed USB interface (220) equipped in the physical network separation card (200). (S3)
  • the device driver (B15) When booted with an operating system for an external network, the device driver (B15) performs the following three operations on the IC of Fig. 5 constituting the low-speed USB interface section (220) to fix the network connection means (B6) equipped in the physical network separation control means (B2) to the external network (i.e., to prevent access to the internal network). (S9)
  • the network connection means (B6) equipped in the physical network separation control means (B2) connects the external network (B4) in hardware according to the control signal output from the network separation control unit (B7), thereby forming a network signal flow reaching the network port (B9) equipped in the motherboard (not shown) of the PC (B1) through the network cable (C1) connected to the network connection means (B6).
  • the device driver (B15) checks (S13) whether SandBox, which is a virtual machine software (107) embedded in the operating system, is started and opened. If SandBox (107) is determined to be open, it performs activation processing so that the user can use various control means within SandBox, including the network, the clipboard, shared folders, video, microphone, printer, etc. (S17). Then, it enters the step (S41) of checking whether the PC is shut down. If SandBox (107) is determined to be closed, it immediately enters the step (S41) of checking whether the PC is shut down.
  • the device driver (B15) checks (S7) whether SandBox, a virtual machine software (107), is opened.
  • step S23 If the determination result of step S23 is found to be false, the device driver (B15) performs the next step S29, and even if the determination result of step S7 indicates that the SandBox is not opened, the execution of step S29 is continued.
  • the device driver (B15) determines (S29) whether a web browser is opened within the main screen (101) and whether it is most recently active.
  • step S29 If the judgment result of step S29 is confirmed to be true, the device driver (B15) performs the following processing in step S33.
  • step S29 determines whether the PC (B1) is in a shutdown state (S41), and if the PC (B1) is determined not to be in a shutdown state, it enters the reboot operating system determination step (S5), and if the PC (B1) is determined to be in a shutdown state (S41), it initializes various settings to the initial settings and then terminates (S43).
  • the device driver (B15) connects the internal network (B3) of the main screen (101) and the external network (B4) of the virtual machine software (107) for a period of time selected by the user through a separate graphical user interface (GUI) among 10 seconds, 20 seconds, ..., 60 seconds so that the web browsers on the main screen (101) and the web browsers within the SandBox, which is the virtual machine software (107), can be displayed continuously without network disconnection, so that a sufficient amount of buffer memory (not shown) can be filled when the network is connected to the buffer memory (not shown) created on the main memory (not shown) of the PC (B1) secured at startup.
  • GUI graphical user interface
  • step S21 it is determined whether the currently connected network is an internal network (B3) or an external network (B4) (S21).
  • step S27 is entered and the following processing is performed.
  • step S31 is entered and the following processing is performed.
  • the device driver (B15) determines whether the timer started in step S35 has expired (S37) and maintains the network setting status processed in step S27 or step S31 (S39) until the timer expires.
  • the device driver (B15) determines (S41) whether the PC (B1) is in a shutdown state, and if the PC is not in a shutdown state, it enters the step (S5) for determining whether the operating system has been rebooted as described above, and repeatedly performs the steps between this step (S5) and the step (S41) for checking whether the PC is shut down.
  • FIG. 7 is a block diagram of a physical network separation dongle (700) for realizing physical network separation for a notebook PC according to the present invention.
  • the detailed description of each functional block is as follows according to the symbols described for each functional block.
  • the USB Type-C connector (D1) is connected to a USB TYpe-C port (not shown) provided on the side of a notebook PC (not shown) using a separately provided USB cable (not shown).
  • the low-speed USB HUB (D3) is connected to the low-speed USB interface signal pins provided on the USB Type-C connector (D1) and is used to generate and expand the first low-speed USB interface signal and the second low-speed USB interface signal.
  • the high-speed interface signal conversion unit (D5) is connected to the high-speed USB interface pins provided in the USB Type-C connector (D1), and if the notebook PC (not shown) used supports the Thunderbolt interface and the M. 2 SSD used supports the PCI Express interface port with the NVMe standard, the unit converts the Thunderbolt signal into a PCI Express interface signal, and if the notebook PC used (not shown) does not support the Thunderbolt interface port, the unit converts the high-speed USB signal into a SATA interface signal or a PCI Express interface signal depending on the interface conversion IC used so that the interface is the same as that of the M. 2 SSD used for installing the operating system.
  • the power supply unit (D7) is composed of a DC to DC converter and its peripheral components that receive +5V power supplied from a notebook PC through a power pin provided in the USB Type-C connector (D1) and generate +3.3V power, which is the power used internally in the physical network separation dongle (700).
  • the ETHERNET to low-speed USB converter (D9) performs the function of converting an Ethernet network signal transmitted through the network connection (D15) into a low-speed USB interface signal.
  • Flash PROM-1 (D4) and Flash PROM-2 (D11) are used to store various setting information required for the operation of the high-speed interface signal conversion unit (D5) and the ETHERNET to low-speed USB conversion unit (D9), but may not be provided if the high-speed interface signal conversion unit (D5) or the ETHERNET to low-speed USB conversion unit (D9) has its own built-in Flash PROM.
  • the network connection unit (D15) is connected to a network signal of an RJ45 connector-I (D25, corresponding to 301 in FIG. 4) to which an internal network (B3) cable is connected, and a network signal of an RJ45 connector-E (D27, corresponding to 303 in FIG. 4) to which an external network (B4) cable is connected, and according to a network selection signal of a network separation control unit (D29), either the internal network (B3) or the external network (B4) is selected and transmitted to the ETHERNET to low-speed USB conversion unit (D9).
  • the high-speed signal switching unit (D13) selects one of the NVMe standard M.2 SSD#1 (D19) on which an internal network operating system is installed or the NVMe standard M.2 SSD#2 (D21) on which an external network operating system is installed, based on the operating system selection signal output from the network separation control unit (D29), and transmits the signal to the PCI Express interface.
  • the high-speed interface signal conversion unit (D5) converts a high-speed USB signal into a SATA interface signal or a PCI Express interface signal
  • the high-speed interface signal conversion unit (D5) selects one of the M.2 SSD#1 (D19) on which an internal network operating system is installed or the M.2 SSD#2 (D21) on which an external network operating system is installed, based on the operating system selection signal output from the network separation control unit (D29), and transmits the signal to the SATA interface or the PCI Express interface according to the interface supported by these M.2 SSD#1 (D19) and M.2 SSD#2 (D21). Allows switching and transfer to occur.
  • M.2 SSD#1 (D19) and M.2 SSD#2 (D21) are used to install the internal network operating system and the external network operating system, respectively.
  • a notebook PC (not shown) is equipped with an M.2 SSD (not shown) on which an operating system is installed internally.
  • the operating system installed inside the notebook PC (not shown) must be copied to the M.2 SSD#1 on which an operating system for an internal network is installed and the M.2 SSD#2 on which an operating system for an external network is installed, both of which are installed inside the physical network separation dongle (700).
  • the M.2 SSD on which an operating system is installed inside the notebook PC (not shown) must be formatted to convert it into an internal disk device for user data.
  • the front side (730) of the physical network separation dongle is provided with a USB Type-C connector (705, corresponding to D1) and a network selection switch (707, corresponding to D31), and the rear side (750) is provided with a single-body dual type RJ45 Ethernet connector (715) that constitutes an internal network port (714) for connecting an internal network (B3) cable (not shown) and an external network port (716) for connecting an external network (B4) cable.
  • Components provided on the bottom surface (770) of the physical network separation dongle board include two M.2 connectors (719, 727) symmetrically arranged at each end of the printed circuit board, and an M.2 SSD support (723) in the center having a ‘ ⁇ ’ shape and a groove (not shown) provided on the inner side of the end, such that it is inserted through an insertion guide groove (726) provided on the printed circuit board and slides horizontally along the printed circuit board to move to the central position.
  • the M.2 SSD support (723) is made of an extruded aluminum material and has a fixing hole (not shown) in the center position that can simultaneously connect two M.2 SSDs (721, 725), so that two M.2 SSDs (721, 725) can be fixed simultaneously using one SSD fixing bolt (724), and since the fixing bolt does not penetrate the printed circuit board, there is no need to provide a hole punched in the center position of the already narrow printed circuit board, so that dense signal wiring can be freely performed.
  • the physical network separation dongle (700) of the block diagram of FIG. 7 and the embodiment of FIG. 8 may be applied in the same manner with respect to the operation of the device driver (B15) implementing the operation flow diagram of FIG. 6, although there are some differences from the physical network separation control means (B2) for desktop PCs illustrated in FIG. 2 and FIG. 4 described above in terms of some block diagram components and external shape.
  • the main screen displayed on the monitor of Fig. 3 and the web browser of the embodiment launched or activated by the virtual machine software illustrate the operation of the device driver according to the block diagram of Fig. 2 and the operation flow diagram of Fig. 6.
  • the physical network separation based on a single PC can be used on a desktop PC in the form of a physical network separation card, a network separation network dongle, and a network selection means as shown in Fig. 4.
  • Software-based security uses the resources of the PC's CPU, main memory, and disk device because it operates through software through security software installed on the PC, and requires frequent security patches and software upgrades.
  • the single PC-based physical network separation card for desktop PCs and the physical network separation dongle for notebook PCs of the present invention physically separate the internal network and the external network, thereby providing a safe PC usage environment at least for the internal network, and not only uses almost no PC resources, but also does not require frequent security patches or software upgrades, so it will be in the spotlight in the PC security field, and an industrial ripple effect is expected through appropriate product merger with existing security software.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Human Computer Interaction (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Mathematical Physics (AREA)
  • Computer And Data Communications (AREA)

Abstract

La présente invention concerne un procédé de mise en oeuvre d'une opération de séparation de réseau physique sur la base d'un seul PC par l'intermédiaire d'une configuration de blocs et d'un organigramme d'opérations. Pour le préciser, un moyen de commande de séparation de réseau physique utilisé dans un PC de bureau comprend : une carte de commande de séparation de réseau ; un moyen de connexion/blocage de réseau ; un moyen de sélection de réseau ; et deux cartes d'adaptateur M.2 auxquelles sont couplés respectivement des SSD M.2 dans lesquels sont installés des systèmes d'exploitation de réseau interne/externe, et une opération de séparation de réseau physique est exécutée lorsqu'un navigateur Web est utilisé sur un logiciel de machine virtuelle et/ou un écran principal sur un moniteur connecté à un PC d'utilisateur dans lequel est installé le logiciel de machine virtuelle, par une opération d'un organigramme d'opérations présenté pour une opération de liaison avec un pilote de dispositif. Afin de pouvoir utiliser également une séparation de réseau physique basée sur un seul PC dans un environnement d'utilisation de PC portable, conjointement avec un diagramme de configuration de blocs pour une clé électronique de séparation de réseau physique, une configuration détaillée de la clé électronique de séparation de réseau physique dans laquelle la clé électronique de séparation de réseau physique est spécifiée dans le matériel est présentée.
PCT/KR2024/007002 2023-05-23 2024-05-23 Procédé et appareil de séparation de réseau physique sur la base d'un seul pc Pending WO2024242485A1 (fr)

Applications Claiming Priority (10)

Application Number Priority Date Filing Date Title
KR20230066393 2023-05-23
KR10-2023-0066393 2023-05-23
KR10-2023-0075982 2023-06-14
KR20230075982 2023-06-14
KR20230096573 2023-07-25
KR10-2023-0096573 2023-07-25
KR10-2024-0012738 2024-01-26
KR1020240012738A KR20240168829A (ko) 2023-05-23 2024-01-26 물리적 망분리 카드 및 이를 탑재한 단일 pc 기반의 물리적 망분리 pc
KR1020240066664A KR20240168871A (ko) 2023-05-23 2024-05-22 단일 pc 기반의 물리적 망분리 방법 및 장치
KR10-2024-0066664 2024-05-22

Publications (1)

Publication Number Publication Date
WO2024242485A1 true WO2024242485A1 (fr) 2024-11-28

Family

ID=93590225

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2024/007002 Pending WO2024242485A1 (fr) 2023-05-23 2024-05-23 Procédé et appareil de séparation de réseau physique sur la base d'un seul pc

Country Status (1)

Country Link
WO (1) WO2024242485A1 (fr)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110075664A1 (en) * 2009-09-30 2011-03-31 Vmware, Inc. Private Allocated Networks Over Shared Communications Infrastructure
KR20180009908A (ko) * 2016-07-20 2018-01-30 에스큐아이소프트(주) 망분리 환경에서의 내부망 전송통제 서버를 통한 간접연동 방법, 이를 수행하기 위한 기록매체 및 시스템
KR101840904B1 (ko) * 2011-08-16 2018-03-21 마이크로소프트 테크놀로지 라이센싱, 엘엘씨 가상화된 네트워크와 비-가상화된 네트워크 간 가상화 게이트웨이
KR102304782B1 (ko) * 2020-12-14 2021-09-24 문정기 인공지능 및 빅데이터 센터 구축을 위한 규모 산정 장치 및 그 방법
KR102510300B1 (ko) * 2022-12-06 2023-03-15 (주)씨크랩 망분리 환경에서의 간접연동 시스템 및 이를 이용한 간접연동 방법

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110075664A1 (en) * 2009-09-30 2011-03-31 Vmware, Inc. Private Allocated Networks Over Shared Communications Infrastructure
KR101840904B1 (ko) * 2011-08-16 2018-03-21 마이크로소프트 테크놀로지 라이센싱, 엘엘씨 가상화된 네트워크와 비-가상화된 네트워크 간 가상화 게이트웨이
KR20180009908A (ko) * 2016-07-20 2018-01-30 에스큐아이소프트(주) 망분리 환경에서의 내부망 전송통제 서버를 통한 간접연동 방법, 이를 수행하기 위한 기록매체 및 시스템
KR102304782B1 (ko) * 2020-12-14 2021-09-24 문정기 인공지능 및 빅데이터 센터 구축을 위한 규모 산정 장치 및 그 방법
KR102510300B1 (ko) * 2022-12-06 2023-03-15 (주)씨크랩 망분리 환경에서의 간접연동 시스템 및 이를 이용한 간접연동 방법

Similar Documents

Publication Publication Date Title
WO2018084628A1 (fr) Appareil d'affichage et procédé de commande correspondant
WO2019078617A1 (fr) Appareil électronique et procédé de reconnaissance vocale
WO2019039892A1 (fr) Procédé et dispositif électronique de commutation de mode et support d'informations correspondant
WO2020218742A1 (fr) Dispositif électronique pliable et son procédé de fonctionnement
WO2020246822A1 (fr) Dispositif électronique et procédé pour faire basculer un dispositif électronique entre un mode double veille et un mode simple veille
WO2018012749A1 (fr) Dispositif électronique supportant une interface usb et procédé de commande d'une interface usb
WO2017142293A1 (fr) Dispositif électronique et procédé d'affichage de données d'application associé
WO2014200162A1 (fr) Module de processeur, système de serveur et procédé de commande de module de processeur
WO2014178614A1 (fr) Dispositif électronique portable, étui de type à rabat du dispositif électronique portable et procédé de commande du couvercle de type à rabat
EP3688747A1 (fr) Dispositif électronique et procédé de commande de synchronisation de sortie d'un signal correspondant à un état dans lequel un contenu peut être reçu en fonction d'un emplacement d'affichage du contenu affiché sur un affichage
WO2012148087A2 (fr) Terminal portable qui est accueilli par un dispositif externe et connecté à celui-ci et procédé de changement d'écran
WO2014106997A1 (fr) Module de processeur, micro-serveur et procédé d'utilisation de module de processeur
WO2020067660A1 (fr) Appareil et procédé de commande de moyen de stockage de données ayant une fonction de protection de données en utilisant une communication sans fil avec un téléphone intelligent
WO2020101351A1 (fr) Dispositif électronique et procédé d'émission-réception de signal de commande
WO2014189275A1 (fr) Appareil et méthode de reconnaissance de dispositif externe dans un système de communication
WO2019039868A1 (fr) Dispositif électronique d'affichage d'application et son procédé de fonctionnement
WO2024204940A1 (fr) Procédé et appareil de reconnaissance de disque de sécurité pour empêcher un piratage de disque
WO2017061711A1 (fr) Dispositif de plateau et dispositif électronique le comprenant
WO2016175504A1 (fr) Procédé de commande de dispositif électronique, et dispositif électronique prenant en charge ce procédé
WO2021025497A1 (fr) Dispositif électronique et son procédé de partage de données
WO2018076433A1 (fr) Procédé de programmes d'application multi-ouverture, appareil de programmes d'application multi-ouverture et terminal
WO2014092310A1 (fr) Appareil électronique et procédé de commande associé
WO2021042566A1 (fr) Système et procédé de charge rapide pour dispositif portable et dispositif portable
WO2021020801A1 (fr) Dispositif électronique pliable dont la forme change en fonction d'un événement et procédé pour changer la forme d'un dispositif électronique pliable
WO2017090931A1 (fr) Dispositif électronique, et procédé de fourniture de service de gestion d'événements

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 24811423

Country of ref document: EP

Kind code of ref document: A1