德国职业教育教学法的研究与实践--《华章》2012年08期
德国职业教育教学法的研究与实践
【摘要】：本文对扩展小组法、旋转木马谈话法、卡片复习法、案例教学法等德国职业教育教学法进行了剖析。
【作者单位】：
【关键词】：
【分类号】：G719.516【正文快照】：
1、扩展小组法扩展小组法由教师提出工作任务,如:在当今中国,初入职场的技术工人应具备哪些基本能力?请提出具体能力描述,而不是抽象概念。1.1扩展小组法的实施步骤是:阶段1:学生独立工作,独立思考上述问题的答案并记录下答案。阶段2:两人合作,比较您和您搭档的答案并找出您
欢迎：、、)
支持CAJ、PDF文件格式，仅支持PDF格式
&快捷付款方式
&订购知网充值卡
400-819-9993
《中国学术期刊（光盘版）》电子杂志社有限公司
同方知网数字出版技术股份有限公司
地址：北京清华大学 84-48信箱 大众知识服务
出版物经营许可证 新出发京批字第直0595号
订购热线：400-819-82499
服务热线：010--
在线咨询：
传真：010-
京公网安备75号Patent CNA - Protection system for computer and disk data security transmission - Google PatentsCN AApplicationCN Feb 27, 2008Jul 27, 2007Jul 27, 2007.5, CN
A, CN A, CN , CN-A-, CN A, CNA, CN, CN.5, , , , , , , ,
(4) , Protection system for computer and disk data security transmission
The security protection system of computer transferring data with disk belongs to the field of the technology of data security. It is characterized in that it is a kind of system to protect the process of transferring secret data that is stored in the computer or different kinds of storage module. The system mainly includes a data-security unidirectional transducer with which the data is transferred from the low-secret device to high-secret device and the high-secret and low-secret software in the computer. The invention can solve effectively the problem that the high-secret data files is given away to the low-secret computer or disk which is the result from the virus, other objective or subjective results, or copying the data from the different secrets computers to another, different secrets portable storage devices to the computer, different secrets portable storage devices to another.
1、计算机与磁盘数据安全传输防护系统，其特征在于，对于把低密级存储体数据安全地拷贝到高密级计算机的工作方式，或者把低密级计算机的本机数据安全地拷贝到高密级存储体的工作方式，或者把低密级计算机的本机数据安全地拷贝到高密级计算机的工作方式，所述安全防护系统含有：A口USB控制器、处理器、B口USB控制器以及程序存储器，其中，A口USB控制器、处理器、B口USB控制器三者依次串接，而程序存储器与所述处理器互连，从而连接成一个数据安全传输器；用于执行USB协议的A口USB控制器有一个数据输入口，单向地从外部的低密级便携式存储设备或低密级计算机输入数据，该A口USB控制器还有一个控制信号输入/输出端口，双向地与所述外部的低密级便携式存储设备、或者低密级计算机的控制信号输入/输出端互连；用于执行USB协议的B口USB控制器有一个数据输出端口，单向地把通过A口USB控制器、处理器、B口USB控制器传送来的外部的低密级便携式存储设备的数据安全地拷贝到外部的高密级计算机中，或者把从外部的低密级计算机的数据安全地拷贝到外部高密级计算机或者高密级便携式存储设备中； 在所述数据安全传输器的处理器中有一个嵌入式软件，通过以下步骤保证涉密信息绝不会上载到低密级计算机中，该处理器检测A口USB控制器的输入端接口和B口USB控制器的输出端接口，连接无误后，当有数据从所述输入端或输出接口传来时，只传输从A口USB控制器输入端到B口USB控制器输出端的数据，否则，提示用户数据传输的方向错误； 在所述高密级计算机内有一个软件，按以下步骤从外部的低密级便携式存储设备或低密级计算机中拷贝自己感兴趣的数据文件，在判定已经有设备连接到数据安全传输器后，向该传输器发送读取磁盘文件列表信息命令，接收到数据回应后，通过界面显示磁盘文件的总列表信息；或者响应本机用户选择发送并展开具体目录的命令，在接收到用户的数据回应后，通过界面开指定的目录与文件列表信息，根据用户的选择，发送拷贝命令，其中包含有用户要拷贝的目录与文件； 在所述低密级计算机内有一个软件，按以下步骤把高密级计算机中感兴趣的数据文件通过数据安全传输器拷贝到自己硬盘中，在确认已有硬盘连接到数据安全传输器后，向该传输器发送读取硬盘剩余空间的信息，接收到数据回答后，通过界面显示硬盘文件的剩余空间，再依次响应用户从低密级计算机拷贝文件数据到数据安全传输器，以及响应用户选择要拷贝的目录与文件，并发送相应的含有目录与文件数据的拷贝命令。 1, the computer and disk data secure transmission protection system, wherein the copy for the low dense storage volume data safely to work high security classification of the computer, or copy the native data safely lower security classification of the computer to a high security classification of banks work, or to copy the native data low security classification of the computer safely to work high security classification of the computer, the security system includes: A port USB controllers, processors, B-port USB controller and program memory, which , A port USB controllers, processors, B-port USB controller in turn three in series, and the program memory and the processor interconnect, which is connected to a data
A protocol for performing USB port USB The controller has a data input port, the input data unidirectionally from the external portable storage device or a low security classification low secret level computer, the port A USB controller also having a control signal input / output ports, bidirectionally with the outside low control signal input / output terminal secret level of the portable storage device, or a low security classification c for performing USB protocol controller has a USB port B data output port, the one-way through the A-port USB controller, processor, B-port USB controller to copy the data transmitted to the external low-dense portable storage devices safely to an external high-dense computer, or copy data from an external low-dense computer safely to an external high-dense portable computer or a high security classifica there is an embedded software in the secure transmission of data in the processor, through the following steps to ensure that classified information will not be uploaded to a computer in a low security classification, the processor detects A port USB controller inputs the output interface connector and USB port B controller, after connecting correct, when there is data coming from the input or output interface transmits only B-to-port USB controller output data from the A-port USB controller input Otherwise, the user is prompted for data transmission in there is a piece of software in the high security classification of the computer, follow the steps below to copy the data files of interest from an external storage device or a low dense portable computer in a low security classification, the judgment has After connecting the device to a secure data transmission, a transmitter to send a command to read the disk file list information received in response to the data through the interface displays the total disk f or in response to user chooses to send the machine and expand specific directory command, after receiving the user's response data, through the interface to open the specified directory and file list information, the user's selection, sends a copy command, which contains the user wants to copy the f within the computer has low security classification A software, follow the steps below the high interest in computer security classification of data through the data files are copied to your hard drive safe transmitter, after the confirmation has been hard to connect to the secure transmission of data, a transmitter to send a read hard disk space The information, after receiving the data to answer, through the interface shows the remaining space on the hard file, and then respond to the user in order to copy files from a low security classification of computer data to secure data transmission, as well as in response to the user to select the directory you want to copy the file and send the appropriate contains a directory and file data copy command.
2、根据权利要求1所述的计算机与磁盘数据安全防护系统，其特征在于，对于把低密级存储体中的数据安全地拷贝到高密级存储体的工作方式，是通过所述数据安全传输器上自带的键盘和LCD来把低密级存储体上感兴趣的数据文件安全地拷贝到高密级存储体上， 所述处理器要根据从用户键盘输入的数据传输指令来判断是否从A 口USB控制器输入端口输入，且从B口USB控制器输出端口输出，否则，提示传输方向错误。 2. A computer disk data security system according to claim 1, characterized in that low security classification for the copy data stored in the body to work safely high security classification storage volume, the data security through the transmitter the built-in keyboard and LCD to secure a copy of the low-interest bank dense data files stored on the high dense body, the processor according to the user's keyboard input data transfer command to determine whether the A-port USB The controller input port and output port from port B USB controllers, otherwise, suggesting transmission in the wrong direction.
计算机与磁盘数据安全传输防护系统技术领域本发明涉及一种计算机与磁盘数据安全传输防护系统，它属于数据安全防护技术领域。 Computer and disk data protection technology in the field secure transmission system of the present invention relates to a computer with the disk data secure transmission protection system, it belongs to the field of data security technologies. 背景技术由于国家信息安全的需要，部队、机关单位和涉密企业都面临如何保证低密级设备（包括低密级计算机或低密级存储设备等）向高密级设备（包括高密级计算机或高密级存储设备等）安全地传送文件数据。 BACKGROUND Since the state of information security needs, forces, institutions and companies are faced with how to ensure that classified low dense equipment (including low or low-dense dense computer storage devices, etc.) to the high-security classification equipment (including high security classification of computer storage devices or high-security classification etc.) to safely transfer file data. 所谓安全就是必须保证在进行数据的拷贝和传送文件操作时， 数据只能是单向从低密级设备到高密级设备，高密级设备中的涉密数据不会泄密到低密级的设备。 The so-called security is the need to ensure that data copy and transfer files during the operation, the data can only be one-way from the low to the high security classification equipment dense equipment, high security classification devices will not leak secret data to a low security classification of the device. 目前通常使用的方法是物理隔不同密级的设备，或人工采用便携式存储设备（比如：CF卡、记忆棒、U盘、活动硬盘等）从低密级的计算机设备中拷贝数据，再将便携式存储设备上的数据拷贝到高密级设备中。 Current methods are commonly used across different security classification of the physical device, or manual using a portable storage device (eg: CF Card, Memory Stick, U disk, hard disk activity, etc.) to copy the data from the low security classification of computer equipment, then a portable storage device data copied to the high security classification device. 这种方法不仅效率低，而且，如果便携式设备中有类似木马病毒，或者人为差错，都将导致涉密数据的泄漏。 This approach is not only inefficient, but also, if the portable device has a similar Trojan virus, or human error will lead to leaks of classified data. 在公开专利CN1878172A中涉及的单向物理隔离网闸的数据安全性依赖于USB存储器硬件的写保护机制，必须通过计算机的软件来实现切换，因此该发明只能实现不同密级的计算机之间的数据安全传送，无法实现不同密级的便携式存储设备与计算机之间、不同密级的便携式存储设备之间的数据安全传送；另外系统有额外的USB存储器硬件开销，如果一次性要拷贝的数据非常大，则USB存储器的存储空间也相应要求非常大。 In the Open Patent CN1878172A way involved in physical isolation gateway data security relies on USB memory hardware write protection mechanism must be accomplished by the computer software, so that the invention can achieve data between computers with different security classification transfer between security can not be achieved in different security classification of portable storage devices and computers, secure data transmission in different security classification of port in addition the system has an additional USB memory hardware overhead, if a one-time data to be copied is very large, USB memory storage space requirements are correspondingly great. 发明内容本发明针对现有涉密设备安全使用技术中存在的不足，提供了一种计算机与磁盘数据安全防护系统，确保不同密级的计算机之间，不同密级的便携式存储设备与计算机之间、 以及不同密级的便携式存储设备之间的数据安全传送。 The present invention is directed to the safe use of equipment deficiencies of the existing secret technology exists to provide a computer disk data security system to ensure the security classification of the different between computers, portable storage devices and computers between different security classification, and secure data transmission in different security classification of portable storage devices. 该系统无须额外的USB存储器硬件开销。 The system requires no additional hardware USB memory overhead. 本发明的特征在于：对于把低密级存储体数据安全地拷贝到高密级计算机的工作方 The present invention is characterized in that: for the low copy volume data securely stored secret level to a high security classification of work on the computer
式，或者把低密级计算机的本机数据安全地拷贝到高密级存储体的工作方式，或者把低密级计算机的本机数据安全地拷贝到高密级计算机的工作方式，所述安全防护系统含有：A 口USB控制器、处理器、B口USB控制器以及程序存储器，其中，A口USB控制器、处理器、B 口USB控制器三者依次串接，而程序存储器与所述处理器互连，从而连接成一个数据安全传输器；用于执行USB协议的A口USB控制器有一个数据输入口，单向地从外部的低密级便携式存储设备或低密级计算机输入数据，该A 口USB控制器还有一个控制信号输入/输出端口，双向地与所述外部的低密级便携式存储设备、或者低密级计算机的控制信号输入/输出端互连；用于执行USB协议的B口USB控制器有一个数据输出端口，单向地把通过A 口USB控制器、处理器、B 口USB控制器传送来的外部的低密级便携式存储设备的数据安全地拷贝到外部的高密级计算机中，或者把从外部的低密级计算机的数据安全地拷贝到外部高密级计算机或者高密级便携式存储设备中；在所述数据安全传输器的处理器中有一个嵌入式软件，通过以下步骤保证涉密信息绝不会上载到低密级计算机中，该处理器检测A 口USB控制器的输入端接口和B 口USB控制器的输出端接口，连接无误后，当有数据从所述输入端或输出接口传来时，只传输从A 口USB控制器输入端到B 口USB控制器输出端的数据，否则，提示用户数据传输的方向错误；在所述高密级计算机内有一个软件，按以下步骤从外部的低密级便携式存储设备或低密级计算机中拷贝自己感兴趣的数据文件，在判定已经有设备连接到数据安全传输器后，向该传输器发送读取磁盘文件列表信息命令，接收到数据回应后，通过界面显示磁盘文件的总列表信息；或者响应本机用户选择发送并展开具体目录的命令，在接收到用户的数据回应后，通过界面开指定的目录与文件列表信息，根据用户的选择，发送拷贝命令， 其中包含有用户要拷贝的目录与文件；在所述低密级计算机内有一个软件，按以下步骤把高密级计算机中感兴趣的数据文件通过数据安全传输器拷贝到自己硬盘中，在确认己有硬盘连接到数据安全传输器后，向该传输器发送读取硬盘剩余空间的信息，接收到数据回答后，通过界面显示硬盘文件的剩余空间，再依次响应用户从低密级计算机拷贝文件数据到数据安全传输器，以及响应用户选择要拷贝的目录与文件，并发送相应的含有目录与文件数据的拷贝命令。 Type, or copy the native data of low security classification of the computer to work safely stored in the body's high security classification, or to copy the native data low security classification of the computer safely to work high security classification of the computer, the security system includes: A port USB controllers, processors, B-port USB controller and program memory, which, A port USB controllers, processors, B-port USB controller in turn three in series, and the program memory and the processor interconnect , so that the connection to a secure data A USB port USB protocol controller for performing a data input port, the input data unidirectionally from the external portable storage device or a low security classification low secret level computer, the USB port A control also having a control signal input / output ports, a control signal input / output terminal bidirectionally with a low security classification of the external portable storage device, or a low security classification of the c B-port USB controller for performing USB protocol have a data output port, the copy data unidirectionally through A USB port controllers, processors, B port to an external USB controller transmits a low security classification of the portable storage device securely to the outside of the high security classification computer, or from the copy data from an external low-dense computer safely to an external high security classification or a high security classification of a portable comp there is an embedded software in the secure transmission of data in the processor, through the following steps to ensure that classified information will never be uploaded to the low dense computer, the processor detects the output interface connector inputs A and B ports USB controller port USB controllers, connections are correct, when data from the input or output interface came when, B-to-mouth transfer only USB controller output data from the A-port USB controller input, otherwise, suggesting the direction of the user data there is a piece of software in the high security classification of the computer, the following steps from a portable external low security classification copied secret level of computer storage device or a low data files of interest, after the determination has been connected to the data security device transmitter, to the transmitter sends a read command to the disk file list information, after receiving the response data, through the interface display The total disk f or in response to user chooses to send the unit and expand specific directory command, after receiving the response to the user data, the list information via the interface to open the specified directory and files, the user's selection, sends a copy command, which contains the user to copy f there is a software in the low dense computer, follow the steps below the high interest in computer security classification data files via secure transmission of data is copied to your hard drive, there has been confirmation After the drive is connected to a data security transmitter, to transmit information to send the remaining space is hard to read, answer after receiving the data through the interface shows the remaining space on the hard file, and then respond to the user in order to copy files from a low security classification of computer data to the data secure transmission, as well as in response to the user to select the directory you want to copy the file and send the appropriate commands to copy the directory containing the file data. 对于把低密级存储体中的数据安全地拷贝到高密级存储体的工作方式，是通过所述数据安全传输器上自带的键盘和LCD来把低密级存储体上感兴趣的数据文件安全地拷贝到高密级存储体上，所述处理器要根据从用户键盘输入的数据传输指令来判断是否从A 口USB控制器输入端口输入，且从B 口USB控制器输出端口输出，否则，提示传输方向错误。 For copy data stored in the body in a low security classification to work safely store high dense body through the built-in security of the data transmission device keypad and LCD to put on a low-interest bank dense data files safely copied to the high dense bank, the processor according to the user's keyboard input data transfer command to determine whether the input port from port A USB controller, and the controller from the USB port B output port, otherwise, suggesting transmission in the wrong direction. A 口的USB控制器与B 口的USB控制器均具有USB主设备控制与从设备控制的功能， 根据实际应用可选择，当接口接入的设备是计算机时，接口的USB控制器可设为从USB 设备，当接口接入的是便携式存储设备时，接口的USB控制器可设为主USB设备。 A USB port and B port USB controllers have USB host controller device control and device control functions, depending on the application to choose from, when the interface to access the device is a computer, the USB controller interface can be set from a USB device, when the interface is accessible portable storage device, the USB interface can be set as the master controller USB devices. 本发明具有以下积极效果：1) 能安全地把低密级便携式存储体（包括活动硬盘或U盘等）数据安全拷贝到高密级计算机。 The present invention has the following positive effects: 1) can be safely stored in a portable low dense body (including the activities of U disk or hard disk, etc.) to copy the data to a high security classification of computer security. 2) 能安全地把低密级便携式存储体数据安全拷贝到高密级便携式存储体。 2) can be safely stored in the body of the low dense portable data security copied to a portable storage medium high security classification. 3) 能安全地保证低密级计算机下载本机数据到高密级存储体中。 3) to ensure that low-dense computer to download the native data is stored safely to high dense body. 4) 能安全地保证低密级计算机拷贝本机数据到高密级计算机中。 4) to ensure that low-dense computer to copy the native data safely to a high security classification computer. 本发明对&安全&定义为：在拷贝低密级设备中的数据到高密级设备过程中，高密级设备中的涉密文件数据绝对不会被泄漏到低密级设备中。 The invention of the &security& is defined as: a copy of the data in a low security classification devices to high security classification process equipment, high security classification device secret file data will not be leaked to the low security classification device. 附图说明图1.本发明的系统示意图。 Figure 1. Brief Description of the system diagram of the present invention. 图2.工作方式一的示意图。 Figure 2. A schematic diagram of a work. 图3.工作方式二的示意图。 Figure 3. Diagram II's work. 图4.工作方式三的示意图。 Figure 4. Three schematic work. 图5,,工作方式四的示意图。图6.工作方式一或三或四下的数据安全传输器结构。 图7.工作方式二下的数据安全传输器结构。 Figure 5 &work four schematic. Figure 6. secure transmission mode data structure with one or three or secure transmission of data structure looked Figure 7. work under two.
图8,在工作方式一或三或四下的数据安全传输器内的软件主流程图。 Figure 8, in the work of one or three or looked for secure transmission of data the software main flow chart. 图9.在工作方式二的数据安全传输器内的软件主流程图。 Figure 9. The main software works in two flow chart of the secure transmission of data. 图IO.高密级计算机内软件主流程图。 Figure IO. In the high security classification of the main flow chart of computer software. 图ll.低密级计算机内软件主流程图。 Figure ll. Low dense computer software within the main flow chart. 具体实施方式图1是要设计的系统简单示意，其中&数据安全传输装置&是本发明要实现的硬件核心装置。 DETAILED DESCRIPTION Figure 1 is a schematic system is simple to design, where &secure data transmission device& means hardware core of the present invention to be achieved. 该装置主要有两个USB接口（但接口也可采用COM 口、以太网口或者它们的各种组合接口等）， 一个是A口，用来连接低密级的便携式存储设备或计算机； 一个是B 口，用来连接高密级的移动硬盘、U盘或计算机。 This means there are two USB ports (but the interface can also be used COM port, Ethernet port, or various combinations of interfaces, etc.), an A port is used to connect a low security classification of portable storag one is B port for connecting high-security classification of mobile hard disk, U disk or computer. 在工作时，A 口连接的低密级设备的数据通过数据安全传输装置的USB接口读入，然后再通过B 口的USB接口把刚读入的数据输出到与之连接的高密级的计算机或便携式设备中。 In operation, data port A low security classification devices connected by secure data transmission device's USB interface to read, and then through the USB interface port B to just read the data output to a high security classification of a computer or portable connected to it device. 为了保证B 口连接的高密级设备中的涉密数据不会泄漏到与A 口连接的低密级设备中，本发明涉及的数据安全传输装置的数据传输方向是单向的，即数据只能从A口输入到B 口输出，物理上不容许从B 口到A 口的数据传输。 In order to ensure a high security classification B port to connect devices in the low security classification does not leak secret data to the A port to connect devices, the present invention relates to data transmission direction of secure data transmission device is unidirectional, ie the data only from Port A to Port B output, physically does not allow data transfer from B port to A port. 通过物理上设计的单向数据的传输， 绝对保证了数据的安全性。 Physical design of the one-way transmission of data through, absolutely guarantee the security of the data. 根据要实现的四个功能，系统提供四种工作方式-1)低密级存储体安全拷贝数据到高密级计算机的工作方式，如图2所示。 According to four functions to be achieved, the system provides four work safety copy -1) low dense data storage medium to high security classification of the computer work, shown in Figure 2. 操作过程如下：操作人员把数据安全传输装置的B 口连接高密级计算机的USB接口，然后把低密级移动硬盘或U盘插入数据安全传输装置的USB接口中A 口，最后操作人员通过在高密级计算机上安装的与数据安全传输装置通信的专用软件来实现安全拷贝低密级移动硬盘或U 盘的数据。 Proceed as follows: operator to secure data transmission device B port to connect high-dense computer's USB port, and then the low security classification of mobile hard disk or U disk into the secure transmission of data in the device's USB interface port A, and finally by the operator in the high-security classification installed on your computer and data safe transmission means for communicating special software to achieve a safe copy of low security classification U disk or removable hard disk data. 这种工作方式的优点是：a)数据安全传输装置体积小；b)通过计算机中安装的专用软件进行拷贝，操作非常简单。 The advantage of this way of working is to: a) secure data transmis b) through a special software installed on your computer to copy, the operation is very simple.
2) 低密级存储体数据安全拷贝到高密级存储体的工作方式，如图3所示。 2) Low-dense storage volume data copied to the work of high security storage dense body, shown in Figure 3. 操作过程如下：把低密级移动硬盘或U盘插入数据安全传输装置的A口，高密级的存储体连入传输装置的B 口，通过传输装置上自带的键盘和LCD来把低密级存储体上感兴趣的数据文件安全拷贝到高密级的存储体上。 Proceed as follows: the low dense mobile hard disk or U disk into the data transmission device A port security, high security classification of the bank transfer device connected to the B port, through the transmission device comes with a keyboard and LCD to the low dense bank interesting data on file copied to the high-security storage dense body. 这种工作方式的优点是：两个磁盘间的安全数据拷贝，无须通过计算机来操作。 The advantage of this work are: safety data copying between two disks without having to operate a computer. 3) 低密级计算机拷贝本机数据到高密级存储体的工作方式，如图4所示。 3) low security classification computer to copy the machine works high security classification data storage volume, as shown in FIG. 操作过程如下：操作人员把数据安全传输装置的A 口连接低密级计算机的USB接口，然后把高密级移动硬盘或U盘插入数据安全传输装置的USB接口中的B 口，最后操作人员通过在低密级计算机上安装的与数据安全传输装置通信的专用软件界面来把机器中的数据安全拷贝到涉密移动硬盘或U盘的数据。 Proceed as follows: A port operator to secure data transmission device connected to a low security classification of the computer's USB port, and then the high security classification of mobile hard disk or U disk into the USB interface for data transmission device safe port B, the last operator in a low Dense installed on a dedicated computer and data security software interface transmission means for communicating to the data in the machine safety copy to classified removable hard disk or U disk data. 这种工作方式的优点是：a)数据安全传输装置体积小；b)通过低密级计算机中安装的专用软件进行数据拷贝，操作非常简单。 The advantage of this way of working is to: a) secure data transmis b) through a low dense special software installed on your computer to copy data, the operation is very simple. 4) 低密级计算机拷贝本机数据到高密级计算机的工作方式，如图5所示。 4) low security classification computer copy data to the machine works high security classification of the computer, as shown in Fig. 操作过程如下：操作人员把数据安全传输装置的B 口连接工作用高密级计算机的USB接口，然后把数据安全传输装置A 口连接低密级计算机的USB接口，操作人员在高密级计算机中运行专用软件处于数据接收状态，然后再在低密级计算机上通过设计的专用软件来把要拷贝的数据选择传输即可。 Proceed as follows: The operator of the B port to connect the device to work the secure transmission of data with a high security classification of the computer's USB port, and then the data transmission device A secure port to connect a USB interface, the operator of low security classification of the computer running the computer in a high security classification of special software in the data receiving state, and then on a low dense computer via a dedicated software designed to copy data to select the transmission can be. 这种工作方式的优点是：a)数据安全传输装置体积小；b)通过计算机中安装的专用软件进行拷贝，操作非常简单c)适合大批量数据的拷贝。 The advantage of this way of working is to: a) secure data transmis b) through a special software installed on your computer to copy, the operation is very simple c) suitable for large quantities of data to copy. 为了实现在不同环境下的应用，数据安全传输装置的硬件结构设计有两种，这是根据前面描述的工作方式来定义的。 In order to achieve application in different environments, and hardware design data secure transmission devices, there are two, which is based on the work in the manner previously described in the definition. 1)当只需要工作方式一、三或四的情况下，数据安全传输装置结构比较简单，因此可以设计得非常小，无须集成键盘和LCD显示设备。 1) When only one way of working conditions, three or four, the data transmission device security structure is relatively simple, it can be designed to be very small, no integrated keyboard and LCD display devices. 2)当需要工作方式二时，由于该方式脱离了计算机，数据安全传输装置结构比较复杂，必须集成键盘和LCD显示设备，提供用户拷贝数据的操作界面。 2) When you need to work two ways, because of the way out of the computer, the data transmission device security structure is more complex, must be integrated keyboard and LCD display device, the user interface to provide a copy of the data. 图6所示是在工作方式一、三或四情况下使用的数据安全传输装置硬件结构。 Figure 6 shows the hardware configuration of the data transmission device in the secure mode of operation under one, three or four conditions used. 图中的双向箭头表示的是控制线，单向箭头表示的是数据的流向。 Double-headed arrow in the figure represents the control line, the one-way arrow indicates the flow of data. 其结构非常简单，主要是由一个处理器和两个USB接口控制器组成。 Its structure is very simple, mainly by a processor and two USB interface controller components. USB接口控制器主要完成USB接口协议的实现。 USB interface controller mainly completes achieve USB interface protocol. 处理器外接一个存储器，用来作为程序存储器、与数据存储器用。 An external processor memory, used as program memory, data storage and use. 处理器通过USB接口与计算机通信，并根据计算机的命令把低密级设备中存储的数据安全地单向传输到高密级的设备中，也能够把低密级计算机中的数据下载到涉密存储体中，同时保证涉密信息绝对不会上载到低密级计算机中，导致泄密。 Processor communicates with the computer via the USB interface, and according to commands from the computer to the low security classification data stored in the device safely transferred to the high security classification unidirectional devices, low security classification data can be downloaded to your computer in secret bank while ensuring that classified information will not be uploaded to a computer in a low security classification, resulting in leaks. 该装置中的电路部分可以采用分离的器件与芯片设计，也能釆用芯片设计技术实现单芯片系统。 The device can be used in devices and circuit sections separate chip design, but also to preclude the realization of single-chip system with chip design technology. 图7所示是在工作方式二情况下使用的数据安全传输装置硬件结构。 Figure 7 shows a hardware configuration of the data transmission device security in the case of using the second mode of operation. 它相对结构一要复杂，除了一个处理器和两个USB控制器接口， 一个存储器外， 还必须有一个键盘输入设备和LCD显示设备等组成。 It is a relatively complex structure, in addition to a processor and two USB controller interface, a memory, but also must have a keyboard input device and LCD display devices and other components. 该系统能够脱离计算机工作，通过键盘操作与显示设备的显示内容能把非安全磁盘中存储的感兴趣的文件数据有选择性地安全传输到工作用涉密的磁盘中。 The system can work from the computer through the keyboard and the display contents of the display device can be interested in non-secure files stored on the disk to selectively secure transmission of data to work with secret disk. 该装置可以采用分离器件或芯片设计，也能采用芯片设计技术实现单芯片系统。 The device can use separate devices or chip design, chip design techniques can also be employed to achieve single-chip system. 图8是在工作方式一、三、四带计算机情况下软件的主要流程，图9是在工作方式二中软件的主要流程，和图8流程的主要区别是数据传输是通过自带的键盘来控制的。 Figure 8 is a way of working one, three, four major processes under conditions with computer software, the main difference is the main process in Figure 9 works II software, and Figure 8 is a data flow through the built-in keyboard control. 软件主要是完成监听来自USB接口的计算机或键盘的指令，为了保证数据的单向传输，处理器的软件只响应从A口（低密级设备的USB接口）到B口（高密级设备的USB接口）的数据传输数据指令。 Software mainly to complete the listener instructions from a computer or USB keyboard interface, in order to ensure the one-way transmission of data, the processor's software only response from port A (low security classification of the device's USB interface) to Port B (high security classification of the device's USB interface ) data transmission data instructions. 高密级计算机内软件的主要功能：O从数据安全传输装置中选择感兴趣的文件，并拷贝该数据文件；2)把数据文件拷贝到指定的计算机硬盘的文件目录中。 The main function of the computer software in the high security classification: O Select from the secure transmission of data in the file system of interest, an 2) to copy the data files to the computer's hard drive files in the specified directory. 其主要工作流程见下图所示。 Its main work flow shown below. 高密级计算机内软件的主流程见图10。 High security classification within the computer software of the main process shown in Figure 10. 低密级计算机内软件的主要功能：1)通过数据安全传输装置中获取要拷贝磁盘的剩余空间；2)把计算机中感兴趣的数据文件通过拷贝到磁盘中。 The main function of low security classification within the computer software: 1) To obtain a copy of the disk space left by data secure
2) the interest in computer data files are copied to the disk. 其主要工作流程见图11所示。 Its main work flow shown in Figure 11. 为了保证系统的&绝对安全&。 In order to guarantee &absolute security& system. 把系统设计具有了如下两个特性： 1) 系统在物理上是一个单向数据传输（即从A 口到B 口的传输）； 2) 保证系统本身绝对不会被病毒感染；特性1)保证了在数据拷贝中高密级一端的数据不会流向低密级一端。 The system is designed with the following two properties: 1) the system is physically one-way data transfer (ie transfer from port to port B of A); 2) ensure that the system itself
Features 1) guarantee a copy of the data in the data does not flow to the high end of low security classification of dense side. 而特性2)保证了病毒不会对系统产生任何影响，保证了系统的稳定工作。 The characteristic 2) to ensure that the virus does not have any impact on the system to ensure the stable operation of the system. 特性2的保证是考虑到病毒程序只有在进入计算机操作系统中，自动载入内存，方能执行，进行各种动作，而我们设计的系统是一个不带操作系统的，单片机作为处理核心的，且系统的物理内存对外界来说是不可写的。 Feature ensures 2 is taken into account only if the virus program into the computer operating system, automatically loaded into memory before being executed, perform a variety of actions, and our system is designed without an operating system, the microcontroller as the processing core, and the system's physical memory to the outside world is not writable.
勇Data uploading transmission extension card apparatus embeded in computer谢
勇Data transmission device北京华星世联科技有限公司Data downloading transmission expending card apparatus embedded in computer天津光电通信技术有限公司Unidirectional introducing equipment of movable memory medium *浪潮(北京)电子信息产业有限公司Safe transmission method and systemInternational Classification, C06PublicationC10Entry into substantive examinationC14Grant of patent or utility modelEXPYTermination of patent right or utility modelRotate}