KR102698517B1 - Network separation type automatic conversion system and method - Google Patents

Abstract

The present invention is characterized by an attendance determination module that determines whether a worker is in an office state in which work is performed within a preset work space or an external state in which work is performed outside of the preset work space; an internal work work module that, if the attendance determination module determines that the worker is in the office state, operates a first virtual machine provided on a work terminal according to a command entered by the worker into the work terminal so that the worker can use the first virtual machine to perform the work; and an external work work module that, if the attendance determination module determines that the worker is in the external work state, stops the operation of the first virtual machine and connects the work terminal to a physical server so that the worker can use a second virtual machine running on a physical server to perform the work.
According to the present invention, the purpose is to enable selective use of a server-based network separation (SBC) method or a client-based network separation (CBC) method depending on the work type of a worker who wishes to use a virtual terminal.

Description

Network separation type automatic conversion system and method using the same {Network separation type automatic conversion system and method}

The present invention relates to an automatic switching system of a network separation type and a method using the same, and more specifically, to enable the use of a virtual terminal by selectively applying a server-based network separation (SBC) method or a client-based network separation (CBC) method depending on the work type of a worker.

In large organizations such as public institutions or large companies, a separate closed network is established and used to perform tasks within the organization and share information that should only be used within the organization. An example of this is an intranet (internal business network).

However, in addition to these closed networks, there may be times when members of an organization need to access an open network (the Internet). For example, public institutions or companies may need to use external networks such as the Internet to send e-mails, instant messaging, and file transfers to other external companies for work purposes.

However, if a closed network is set up and connected in the same way as an open network and two networks are used at the same time, it can cause serious security problems due to attacks from external networks. To solve this problem, a network separation method has been introduced recently to separate the business network and external network and prevent important internal information from being attacked from external networks.

Network separation refers to a technology that configures a network used for networking into two or more network networks separated by purpose, so that network packet data cannot be transmitted between each network, so that even if one network becomes vulnerable due to hacking or other reasons, damage does not occur to the other network.

Prior art related to conventional network separation has been proposed.

The proposed prior art logical network separation system and method using client virtualization of a server (Korean Patent No. 10-1089157) virtualizes a server in a network composed of a plurality of client terminals and servers so that the server can be accessed only through the virtual environment of the client terminal. In other words, the existence of the server is confirmed only through the virtual environment of the client terminal, and when a process executed through the virtual environment of the client terminal attempts to access the server, the client virtualization filter driver installed in the client terminal authenticates whether the client terminal is a normal client terminal with the authority to access the server from an authentication server and transmits a connection request to the server. Then, the connection request transmitted as above is received by the server virtualization filter driver installed in the virtualized server, and after the authentication information for the client terminal is confirmed again, only the client terminal with the proper authority is allowed to access the server.

In the case of prior art developed in the past, regardless of the worker's work type, that is, the worker's working location, only one of the server-based network separation (SBC) method or client-based network separation (CBC, Client Based Computing) method is applied to the virtual terminal. Therefore, when a virtual terminal with the CBC method is used, there are security issues such as the risk of external leakage of confidential information during work from home or on a business trip. In addition, when a virtual terminal with the SBC method is to be used, there is a problem in that the construction cost to provide expensive server-based virtual terminals to all workers is excessive.

Korean Patent Registration No. 10-1089157: System and method for logical network separation of servers using client virtualization

The present invention has been proposed to solve the problems of the above-mentioned conventional technology, and its purpose is to provide an automatic switching system of a network separation type that can selectively use a server-based network separation (SBC) method or a client-based network separation (CBC) method depending on the work type of a worker who wants to use a virtual terminal, and a method using the same.

In order to achieve the above-described purpose, the automatic switching system of the network separation type according to the present invention and the method using the same are provided with an attendance determination module that determines whether a worker is in an office state in which work is performed within a preset work space or an external state in which work is performed outside the preset work space; an internal work module that operates a first virtual machine provided on a work terminal according to a command entered by the worker into the work terminal so that the worker can use the first virtual machine provided on the work terminal to perform the work if the attendance determination module determines that the worker is in the office state; and an external work module that stops the operation of the first virtual machine and connects the work terminal to the physical server so that the worker can use a second virtual machine running on the physical server to perform the work if the attendance determination module determines that the worker is in the external state.

The system further comprises an image server that is connected to the work terminal and stores the first work data worked on by the worker in the office state using the first virtual machine as a first image file in the form of a disk image file, and the office work module is characterized in that, when the state of the worker changes from the office state to the outside work state, it initializes the first virtual machine to the initial state.

The above-mentioned outside work module is characterized in that, when the status of the worker changes from the inside work status to the outside work status, it receives the first image file containing the first work data from the image server from the initial time when the worker is determined to be in the inside work status to the time when the status is changed to the outside work status, and boots the second virtual machine with the received first image file.

The system further comprises an image server that connects to the physical server and stores second work data worked on by the worker in the outside work status using the second virtual machine as a second image file in the form of a disk image file, and the office work module receives, from the image server, the second image file containing the second work data from the initial time when the worker is determined to be in the outside work status to the time when the worker is changed to the inside work status, and boots the first virtual machine with the received second image file.

The above-mentioned attendance determination module receives input information on the work status input from the worker, and the input information includes an information receiving unit that includes information indicating whether the worker has selected either office work or field work, and a status determination unit that determines whether the worker is in an office work status or field work status based on the input information received from the information receiving unit.

The above attendance determination module further comprises an address collection unit that collects an IP address of the work terminal that connects to the image server or the physical server through a communication network, and a location determination unit that determines whether the work terminal is located within the work space based on the IP address collected by the address collection unit. The status determination unit determines that the worker is in an internal work state when the worker selects internal work from the input information and the location determination unit determines that the work terminal is located within the work space, and determines that the worker is in an external work state when the worker selects external work from the input information and the location determination unit determines that the work terminal is located outside the work space.

The above business terminal is equipped with a GPS module that generates location information of the business terminal, and the attendance determination module determines that the worker is in an internal state based on the location information provided by the GPS module if the worker selects internal work from the input information and the business terminal is located within the workspace, and determines that the worker is in an external state if the worker selects external work from the input information and the business terminal is located outside the workspace.

The present invention comprises: an attendance determination step for determining whether a worker is in an office state in which work is performed within a preset workspace or an external state in which work is performed outside of the preset workspace; an internal work step for operating a first virtual machine provided on a work terminal according to a command entered by the worker into the work terminal so that the worker can use the first virtual machine to perform the work; and an external work step for stopping the operation of the first virtual machine but connecting the work terminal to a physical server so that the worker can use a second virtual machine running on the physical server to perform the work if the worker is determined to be in the external work state in the attendance determination step.

The present invention further comprises an image storage step for storing first work data, worked on by a worker in the office state using the first virtual machine while connected to the work terminal, as a first image file in the form of a disk image file on an image server, and the office work step is characterized in that, when the state of the worker changes from the office state to the outside work state, the first virtual machine is initialized to the initial state.

The above-mentioned external work step is characterized in that, when the status of the worker changes from the internal work status to the external work status, the first image file including the first work data from the initial time when the worker is determined to be in the internal work status to the time when the status is changed to the external work status is provided from the image server, and the second virtual machine is booted with the provided first image file.

The present invention further comprises an image storage step of connecting to the physical server and storing the second work data worked on by the worker in the external work status using the second virtual machine as a second image file in the form of a disk image file on the image server, and the internal work step is characterized in that, when the status of the worker changes from the external work status to the internal work status, the second image file including the second work data from the initial time when the worker is determined to be in the external work status to the time when the status is changed to the internal work status is received from the image server, and the first virtual machine is booted with the received second image file.

The above-mentioned attendance determination step comprises an information receiving step for receiving input information on the work status input from the worker, wherein the input information includes information indicating whether the worker has selected either office work or field work, and a status determination step for determining whether the worker is in an office work status or field work status based on the input information received from the information receiving unit.

The above-mentioned attendance determination step further comprises an address collection step of collecting the IP address of the work terminal connecting to the image server or the physical server through a communication network, a location determination step of determining whether the work terminal is located within the work space based on the IP address collected in the address collection step, and the status determination step is characterized in that if the worker selects office work from the input information and the work terminal is determined to be located within the work space in the location step, the worker is determined to be in an office state, and if the worker selects outside work from the input information and the work terminal is determined to be located outside the work space in the location determination step, the worker is determined to be in an outside work state.

The above business terminal is equipped with a GPS module that generates location information of the business terminal, and the attendance determination step is characterized in that, based on the location information provided by the GPS module, if the worker selects office work from the input information and the business terminal is located within the workspace, the worker is determined to be in an office state, and if the worker selects outside work from the input information and the business terminal is located outside the workspace, the worker is determined to be in an outside work state.

In the automatic switching system and method of the network separation type of the present invention, a virtual terminal to which a client-based network separation (CBC) method is applied is used when the worker is in a fixed workspace such as an office, and a virtual terminal to which a server-based network separation (SBC) method is applied is used when the worker is out of the workspace such as at home or on a business trip. Accordingly, there is an advantage in that the work efficiency of the worker in the workspace can be increased, external leakage of confidential information can be prevented when at home or on a business trip, and the SBC method can be used cost-effectively.

Figure 1 is a conceptual perspective view of an embodiment of an automatic switching system of a network separation type according to the present invention.
Figure 2 is a block diagram of Figure 1,
Figure 3 is a block diagram according to another embodiment of an automatic switching system of a network separation type according to the present invention.
Figure 4 is a block diagram according to one embodiment of an automatic switching method of a network separation type according to the present invention.
FIG. 5 is a block diagram according to another embodiment of an automatic switching method of a network separation type according to the present invention.

Hereinafter, with reference to the attached drawings, a detailed description will be given of an automatic switching system of a network separation type and a method using the same according to an embodiment of the present invention. The present invention may have various modifications and may take various forms, and specific embodiments will be illustrated in the drawings and described in detail in the text. However, this does not limit the present invention to a specific disclosed form, and it should be understood that it includes all modifications, equivalents, and substitutes included in the spirit and technical scope of the present invention. In describing each drawing, similar reference numerals are used for similar components. With respect to the attached drawings, the dimensions of structures are illustrated larger than actual dimensions in order to ensure clarity of the present invention.

The terms first, second, etc. may be used to describe various components, but the components should not be limited by the terms. The terms are used only for the purpose of distinguishing one component from another. For example, without departing from the scope of the present invention, the first component may be referred to as the second component, and similarly, the second component may also be referred to as the first component.

The terminology used in this application is only used to describe specific embodiments and is not intended to limit the present invention. The singular expression includes the plural expression unless the context clearly indicates otherwise. In this application, it should be understood that the terms "comprises" or "has" and the like are intended to specify the presence of a feature, number, step, operation, component, part, or combination thereof described in the specification, but do not exclude in advance the possibility of the presence or addition of one or more other features, numbers, steps, operations, components, parts, or combinations thereof.

Unless otherwise defined, all terms used herein, including technical or scientific terms, have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. Terms defined in commonly used dictionaries, such as those defined in common dictionaries, should be interpreted as having a meaning consistent with the meaning they have in the context of the relevant art, and shall not be interpreted in an idealized or overly formal sense unless expressly defined in this application.

Figures 1 and 2 illustrate one embodiment of an automatic switching system (10) of a network separation type according to the present invention.

The automatic switching system (10) of the network separation type of the present invention comprises: an attendance determination module (100) that determines whether a worker is in an office state in which work is performed within a preset workspace or an outside state in which work is performed outside of the preset workspace; an inside work work module (200) that operates the first virtual machine provided in the work terminal (1) according to a command entered by the worker into the work terminal (1) so that the worker can use the first virtual machine provided in the work terminal (1) to perform the relevant work; an outside work work module (300) that stops the operation of the first virtual machine when the worker is determined to be in the outside work state, but connects the work terminal (1) to the physical server (2) so that the worker can use the second virtual machine operated on the physical server (2) to perform the relevant work; An image server (400) is provided that saves the first work data worked on by the worker using the first virtual machine as a first image file in the form of a disk image file, and saves the second work data worked on by the worker using the second virtual machine as a second image file in the form of a disk image file.

The above business terminal (1) is a notebook computer equipped with a display unit such as an LCD panel that transmits image information that can be identified by a worker, a communication module that performs communication through various networks, an input unit such as a keyboard or a touch panel that allows a worker to input information or signals, a control unit such as a CPU that controls the display unit, communication module, etc. according to information or signals input through the input unit, and a data storage unit in which files and information are stored. The above business terminal (1) is not limited to the notebook described above, but may also be applied to a PDA, a smartphone, or a tablet PC.

The above first and second virtual machines are provided to the worker so that the worker can use the same desktop environment in both office and field work states on the business terminal (1). Therefore, the first virtual machine is provided in the business terminal (1) of the present invention, which is a physical hardware, and the second virtual machine is provided in the physical server (2) of the present invention, which is a physical hardware. Since the first and second virtual machines can be applied with VDI (Virtual Desktop Infrastructure) technology that creates a virtual machine (VM: Virtual Machine) for a desktop environment for each user, additional technology is omitted.

The above physical server (2) is provided for the operation of the second virtual machine, and is constructed to collect and comprehensively store various information for the work of the workers in government agencies and companies, and to provide the various stored information to the workers. Since the technology can be applied to existing server computers, etc., additional technology is omitted.

The above attendance determination module (100) comprises an information receiving unit (110), an address collecting unit (120), a location determination unit (130), and a status determination unit (140).

The above information receiving unit (110) receives input information on the work status input from the worker, and is equipped with an information and communication unit (111) and a terminal authentication unit (112). Here, the input information is information on whether the worker has selected either an in-house or an external work, and also includes authentication information such as the ID and password input by the worker, the mobile phone number registered by the user, the worker's face, and fingerprints.

The above information communication unit (111) can receive the input information from a signal input through the input unit of the business terminal (1). Although not shown in the drawing, the communication unit (111) can also receive the input information from a signal received from a user's PDA, smart phone, or tablet PC other than the business terminal (1). The information communication unit (111) can be applied to any conventional communication technology that can wirelessly communicate with the business terminal (1), so additional descriptions are omitted.

The terminal authentication unit (112) is connected to the information and communication unit (111) and verifies whether the business terminal (1) is stored based on the authentication information of the business terminal (1) included in the input information received through the information and communication unit (111). More specifically, if the authentication information of the business terminal (1) received through the information and communication unit (111) matches the terminal information corresponding to the business terminal (1) stored in advance, the terminal authentication unit (112) maintains the communication connection status between the information and communication unit (111) and the office work module (200) and the outside work module (300), and if the authentication information of the business terminal (1) does not match the terminal information stored in advance, the terminal authentication unit (111) blocks the communication connection status between the office work module (200) and the outside work module (300).

The above address collection unit (120) collects the IP address of the business terminal (1) that connects to the image server (400) or the physical server (2) through the established communication network. More specifically, the address collection unit (120) is connected to the information and communication unit (111) and collects the IP address of the business terminal (1) that has been verified by the terminal authentication unit (112). At this time, although not shown in the drawing, the address collection unit (120) is not limited to collecting IP addresses, and any network location (address) confirmation technology that can confirm the network location of each computer in a network environment in conventionally developed technologies can be applied.

The above location determination unit (130) determines whether the business terminal (1) is located within the work space based on the IP address collected by the address collection unit (120).

For example, if the workspace is a military base, the location determination unit (130) determines whether the business terminal (1) is located within the military base or outside the military base based on the IP address collected by the address collection unit (120).

The above-described state determination unit (140) determines whether the worker is in an external or internal work state based on the input information received from the information receiving unit (110). More specifically, the above-described state determination unit (140) determines that the worker is in an internal work state if the worker selects internal work from the input information and the location determination unit (130) determines that the work terminal (1) is located within the corresponding work space, and determines that the worker is in an external work state if the worker selects external work from the input information and the location determination unit (130) determines that the work terminal is located outside the corresponding work space.

For example, if the workspace is a military base, the status determination unit (140) determines that the worker is in an internal work state if the worker selects internal work, i.e., work within the base, from the input information, and the location determination unit (130) determines that the work terminal (1) is located in the workspace, i.e., within the base, the worker is determined to be in an internal work state. In addition, the status determination unit (140) determines that the worker is in an external work state if the worker selects external work, i.e., work outside the base (or business trip), from the input information, and the location determination unit (130) determines that the work terminal (1) is located outside the workspace, i.e., outside the base.

Additionally, if the status determination unit (140) determines that the worker selects office work, i.e., in-base work, from the input information, and the location determination unit (130) determines that the business terminal (1) is located outside the corresponding workspace, i.e., outside the premises, the operation of the first or second virtual machine is stopped and a warning message is transmitted to the worker through the display unit of the business terminal (1). In addition, if the status determination unit (140) determines that the worker selects office work, i.e., outside work (or business trip), from the input information, and the location determination unit (130) determines that the business terminal (1) is located in the corresponding workspace, i.e., inside the premises, the operation of the first or second virtual machine is stopped and a warning message is transmitted to the worker through the display unit of the business terminal (1).

The image server (400) above is connected to the work terminal (1) and stores the first work data, which the worker in the office state worked on using the first virtual machine, as a first image file in the form of a disk image file. In addition, the image server (400) is connected to the physical server (2) and stores the second work data, which the worker in the office state worked on using the second virtual machine, as a second image file in the form of a disk image file.

The image server (400) stores the first and second images in a preset backup cycle, and the backup cycle can be set by the worker's selection. In addition, it is preferable that the image server (400) apply a Virtual to Physical Image conversion technology among file conversion technologies that convert the first work data worked on by the worker in the office state using the first virtual machine and the second work data worked on by the worker in the office state using the second virtual machine into a first image file or a second image file in the form of a disk image file. At this time, the file conversion technology can be applied by the worker's selection among various technologies depending on the form of the corresponding work data.

The above-described office work module (200) operates the first virtual machine provided on the work terminal (1) according to the command entered by the worker into the work terminal (1) so that the worker can use the first virtual machine to perform the corresponding task when the status determination unit (140) determines that the worker is in the office state. In addition, when the status of the worker is changed from the outside work state to the inside work state in the status determination unit (140), the above-described office work module (200) receives from the image server the second image file including the second work data from the second initial point in time when the worker is determined to be in the outside work state to the point in time when the worker is subsequently changed to the inside work state, and boots the first virtual machine with the received second image file. When the worker's status changes from the internal work status to the external work status, the external work module (200) boots the second virtual machine in the external work module (300) described below and initializes the first virtual machine to the initial state to prevent confidential information from being leaked.

The above-mentioned office work module (200) applies the conventional client-based network separation (CBC) method to enable the worker to use the first virtual machine provided in the worker terminal (1) in a fixed work space such as an office, so additional technology is omitted.

The above-mentioned external work module (300) stops the operation of the first virtual machine when the status determination unit (140) determines that the worker is in the external work state, and connects the work terminal (1) to the physical server (2) so that the worker can use the second virtual machine operating on the physical server (2) to perform the relevant work.

In addition, when the worker's status is changed from the office work status to the office work status in the status determination unit (140), the above-described external work module (300) receives the first image file containing the first work data from the first initial point in time when the worker is determined to be in the office work status to the point in time when the worker is changed to the office work status, from the image server (400), and boots the second virtual machine with the received first image file.

The above-mentioned external work module (300) uses a conventional server-based network separation (SBC) method to utilize a second virtual machine provided on the physical server (2) when the worker leaves the work space, such as at home or on a business trip, so additional technology is omitted.

The above-described network separation type automatic switching system (10) of the present invention is equipped with an office work module (200) that operates the first virtual machine provided in the business terminal (1) and an external work module (300) that connects the business terminal (1) to the corresponding physical server (2) so that the worker can use the second virtual machine, thereby increasing the work efficiency of the worker in the work space and preventing external leakage of confidential information in the case of telecommuting or business trips.

Meanwhile, Fig. 3 illustrates another embodiment of an automatic switching system (20) of a network separation type.

Elements that have the same function as those in the previously illustrated drawings are indicated with the same reference numerals.

The business terminal (1) of the automatic switching system (20) of the network separation type according to the present invention further has a GPS module (3) that generates location information of the business terminal (1).

The attendance determination module (500) of the present embodiment has a status determination unit (510). The status determination unit (510) determines that the worker is in an internal state if the worker selects internal work from the input information based on the location information provided from the GPS module (3) equipped in the work terminal (1) and the work terminal (1) is located within the corresponding work space. In addition, the status determination unit (510) determines that the worker is in an external state if the worker selects external work from the input information based on the location information provided from the GPS module (3) and the work terminal (1) is located outside the corresponding work space.

In addition, the state determination unit (510) stops the operation of the first or second virtual machine and transmits a warning message to the worker through the display unit of the work terminal (1) if the worker selects indoor work from the input information based on the location information provided from the GPS module (3) equipped in the work terminal (1) and the work terminal (1) is located outside the work space. In addition, the state determination unit (510) stops the operation of the first or second virtual machine and transmits a warning message to the worker through the display unit of the work terminal (1) if the worker selects outdoor work from the input information based on the location information provided from the GPS module (3) and the work terminal (1) is located inside the work space.

The automatic switching system (20) of the network separation type of the present invention described above can determine the inside or outside work status of the worker based on the GPS information provided by the GPS module (3), so there is an advantage in that the status determination unit (510) can determine the outside or inside work status of the worker based on the GPS information of the worker terminal (1).

Meanwhile, Fig. 4 illustrates an embodiment of an automatic switching method (S10) of a network separation type.

The automatic switching method (S10) of the network separation type according to the present invention comprises: an attendance determination step (S100) for determining whether a worker is in an office state in which work is performed within a preset workspace or an external work state in which work is performed outside of the workspace; an internal work work step (S200) for operating the first virtual machine provided on the work terminal (1) according to a command entered by the worker into the work terminal (1) so that the worker can use the first virtual machine provided on the work terminal (1) to perform the relevant work; an external work work step (S300) for stopping the operation of the first virtual machine but connecting the work terminal (1) to the physical server (2) so that the worker can use the second virtual machine operated on the physical server (2) to perform the relevant work; An image server (S400) is provided that saves the first work data worked on by a worker in an office state using the first virtual machine as a first image file in the form of a disk image file, and saves the second work data worked on using the second virtual machine as a second image file in the form of a disk image file.

The above attendance determination step (S100) comprises an information receiving step (S110), an address collection step (S120), a location determination step (S130), and a status determination step (S140).

The above information receiving step (S110) receives input information on the work status input from the worker in the information receiving unit (110), and includes an information communication step (S111) and a terminal authentication step (S112). Here, the input information is information on whether the worker has selected either internal or external work, and also includes authentication information such as the ID and password input by the worker, the mobile phone number registered by the user, and biometric information including the worker's face and fingerprint.

The above information communication step (S111) can receive the input information from a signal input through the input unit of the business terminal (1). Although not shown in the drawing, the above information communication step (S111) can also receive the input information from a signal received from a PDA, smart phone, or tablet PC of a user other than the business terminal (1). The above information communication step (S111) can be applied to any conventional communication technology that can wirelessly communicate with the business terminal (1), so additional technology is omitted.

The terminal authentication step (S112) verifies whether the business terminal (1) is previously stored based on the authentication information of the business terminal (1) included in the input information received through the information communication unit (S111) after the information communication step (S111). More specifically, the terminal authentication step (S112) maintains the communication connection status between the information communication unit (111) and the office work module (200) and the outside work module (300) if the authentication information of the business terminal (1) received through the information communication step (S111) matches the terminal information corresponding to the previously stored business terminal (1), and blocks the communication connection status between the communication unit (111) and the office work module (200) and the outside work module (300) if the authentication information of the business terminal (1) does not match the previously stored terminal information.

The above address collection step (S120) collects the IP address of the business terminal (1) that connects to the image server (400) or the physical server (2) through the communication network established in the address collection unit (120). More specifically, the address collection step (S120) collects the IP address of the business terminal (1) that has been confirmed in the terminal authentication step (S112). At this time, although not shown in the drawing, the address collection step (S120) is not limited to collecting IP addresses, and any network location (address) confirmation technology that can confirm the location of each computer in a network environment in conventionally developed technologies can be applied.

The above location determination step (S130) determines whether the business terminal (1) is located within the work space based on the IP address collected in the address collection step (S120) in the location determination unit (130).

The above status determination step (S140) determines whether the worker is in an external or internal work state based on the input information received in the information receiving step (S110) in the above status determination unit (140).

More specifically, in the state determination step (S140), if the worker selects internal work from the input information and the work terminal (1) is determined to be located within the work space in the location determination step (S130), the worker is determined to be in an internal work state. In addition, if the worker selects external work from the input information and the work terminal (1) is determined to be located outside the work space in the location determination step (S130), the worker is determined to be in an external work state.

For example, if the workspace is a military base, the status determination step (S140) determines that the worker is in an internal work state if the worker selects internal work, i.e., work within the base, from the input information, and the location determination unit (130) determines that the work terminal (1) is located in the workspace, i.e., within the base, the worker is determined to be in an internal work state. In addition, the status determination step (S140) determines that the worker is in an external work state if the worker selects external work, i.e., work outside the base (or business trip), from the input information, and the location determination unit (130) determines that the work terminal (1) is located outside the workspace, i.e., outside the base.

Additionally, in the state determination step (S140), if the worker selects office work, i.e., in-base work, from the input information, and the location determination unit (130) determines that the business terminal (1) is located outside the corresponding work space, i.e., outside the base, the operation of the first or second virtual machine is stopped and a warning message is transmitted to the worker through the display unit of the business terminal (1). In addition, in the state determination step (S140), if the worker selects office work, i.e., outside work (or business trip), from the input information, and the location determination unit (130) determines that the business terminal (1) is located in the corresponding work space, i.e., inside the base, the operation of the first or second virtual machine is stopped and a warning message is transmitted to the worker through the display unit of the business terminal (1).

The image storage step (S400) above connects to the work terminal (1) from the image server (400) and stores the first work data, which the worker in the office state worked on using the first virtual machine, as a first image file in the form of a disk image file. In addition, the image storage step (S400) connects to the physical server (2) and stores the second work data, which the worker in the office state worked on using the second virtual machine, as a second image file in the form of a disk image file. The image storage step (S400) stores the first and second images according to a preset backup cycle, and the backup cycle can be set by the worker's selection.

In the above-described office work step (S200), if the worker is determined to be in the office state in the state determination step (S140) of the office work module (200), the first virtual machine provided on the work terminal (1) is operated according to a command entered by the worker into the work terminal (1) so that the worker can use the first virtual machine to perform the relevant work. In addition, in the above-described office work step (S200), if the worker's state is changed from the outside work state to the inside work state in the state determination step (S140), the second image file including the second work data from the second initial point in time when the worker is determined to be in the outside work state to the point in time when the worker is subsequently changed to the inside work state is received from the image server, and the first virtual machine is booted with the received second image file. In the above-described internal work step (S200), when the worker's status changes from the internal work status to the external work status, the external work step (S300) described below boots the second virtual machine to initialize the first virtual machine to the initial state so that confidential information is not leaked.

The above-mentioned office work step (S200) applies the conventional client-based network separation (CBC) method to enable the worker to use the first virtual machine provided on the worker terminal (1) in a fixed work space such as an office, so additional technology is omitted.

In the above-mentioned external work step (S300), if the external work module (300) determines that the worker is in the external work status in the above-mentioned status determination step (S140), the operation of the first virtual machine is stopped, but the work terminal (1) is connected to the physical server (2) so that the worker can use the second virtual machine operating on the physical server (2) to perform the relevant work.

In addition, in the above-described external work step (S300), when the status of the worker changes from the internal work status to the external work status in the above-described status determination step (S140), the first image file containing the first work data from the first initial point in time when the worker is determined to be in the internal work status to the point in time when the status is subsequently changed to the external work status is received from the image server (400), and the second virtual machine is booted with the received first image file.

The above-mentioned external work step (S300) is applied using the conventional server-based network separation (SBC) method to utilize the second virtual machine provided on the physical server (2) when the worker leaves the work space, such as at home or on a business trip, so additional technology is omitted.

The automatic switching method (S10) of the network separation type of the present invention described above comprises an office work step (S200) of operating the first virtual machine provided on the business terminal (1), and an external work step (S300) of connecting the business terminal (1) to the corresponding physical server (2) so that the worker can use the second virtual machine, thereby increasing the work efficiency of the worker in the work space and preventing external leakage of confidential information in the case of telecommuting or business trips.

Meanwhile, FIG. 5 illustrates another embodiment of an automatic switching method (S20) of a network separation type.

The business terminal (1) of the automatic switching method (S20) of the network separation type according to the present invention further has a GPS module (3) that generates location information of the business terminal (1).

In addition, the attendance determination step (S500) of the present embodiment further includes the status determination step (S510). The status determination step (S510) determines that the worker is in an internal state if the worker selects internal work from the input information based on the location information provided from the GPS module (3) equipped in the business terminal (1) and the business terminal (1) is located within the corresponding work space. In addition, the status determination step (S510) determines that the worker is in an external state if the worker selects external work from the input information based on the location information provided from the GPS module (3) and the business terminal (1) is located outside the corresponding work space.

In addition, the state determination step (S510) is based on the location information provided by the GPS module (3) equipped on the business terminal (1), and if the worker selects indoor work from the input information and the business terminal (1) is located outside the corresponding work space, the operation of the first or second virtual machine is stopped and a warning message is transmitted to the worker through the display unit of the business terminal (1). In addition, the state determination step (S510) is based on the location information provided by the GPS module (3), and if the worker selects outdoor work from the input information and the business terminal (1) is located inside the corresponding work space, the operation of the first or second virtual machine is stopped and a warning message is transmitted to the worker through the display unit of the business terminal (1).

The automatic switching method (S20) of the network separation type of the present invention described above can determine the worker's internal or external work status based on the GPS information provided by the GPS module (3), so there is an advantage in that the worker's external or internal work status can be determined based on the GPS information of the worker terminal (1) in the status determination step (S510).

The description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the disclosed invention. Various modifications to these embodiments will be apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the scope of the disclosed invention. Thus, the disclosed invention is not intended to be limited to the disclosed embodiments, but is to be construed in the widest scope consistent with the principles and novel features disclosed herein.

1: Business terminal 2: Physical server
3: GPS module
100, 500: Attendance determination module 110: Information receiving unit
120: Address collection unit 130: Location determination unit
140, 510: Status determination unit 200: Internal work module
300: Field work module
S100, S500: Attendance determination step S110: Information reception step
S120: Address collection step S130: Location determination step
S140, S510: Status determination step S200: Internal work step
S300: Outdoor work stage

Claims (14)

An attendance determination module that determines whether a worker is in an internal work state, in which work is performed within a preset workspace, or an external work state, in which work is performed outside of the preset workspace;
If the above-mentioned attendance determination module determines that the worker is in the above-mentioned office work state, an office work module that operates the first virtual machine provided on the work terminal according to the command entered by the worker into the work terminal so that the worker can use the first virtual machine provided on the work terminal to perform the relevant work; and
If the above work attendance determination module determines that the worker is in the outside work state, the operation of the first virtual machine is stopped, but an outside work work module is included that connects the work terminal to the physical server so that the worker can use the second virtual machine running on the physical server to perform the work;
The above attendance determination module
An information receiving unit that receives input information about the work status entered by the worker, wherein the input information includes information that the worker has selected either internal or external work; and
A method for determining whether the worker is in an outside work state or an inside work state based on input information received from the information receiving unit, characterized in that it comprises a state determination unit that collects information on the location of the work terminal, and, when the worker selects outside work from the input information and the work terminal is located inside the work space, or when the worker selects inside work from the input information and the work terminal is located outside the work space, it stops the operation of the first or second virtual machine.
Automatic switching system of network separation type.
In the first paragraph,
An image server is further provided that connects to the above work terminal and saves the first work data worked on by the worker in the office state using the first virtual machine as a first image file in the form of a disk image file;
The above-mentioned internal work module is characterized in that, when the status of the worker changes from the internal work status to the external work status, the first virtual machine is initialized to the initial state.
Automatic switching system of network separation type.
In the second paragraph,
The above-mentioned external work module is characterized in that, when the status of the worker changes from the internal work status to the external work status, the first image file including the first work data from the initial time when the worker is determined to be in the internal work status to the time when the worker changes to the external work status is provided from the image server, and the second virtual machine is booted with the provided first image file.
Automatic switching system of network separation type.
In the first paragraph,
An image server is further provided that connects to the above physical server and stores the second work data worked on by the worker in the above external work status using the second virtual machine as a second image file in the form of a disk image file;
The above-mentioned internal work module is characterized in that, when the status of the worker changes from the external work status to the internal work status, the second image file including the second work data from the initial time when the worker is determined to be in the external work status to the time when the worker changes to the internal work status is provided from the image server, and the first virtual machine is booted with the provided second image file.
Automatic switching system of network separation type.
delete In the first paragraph,
The above attendance determination module
An image server that stores the first work data worked on by the worker in the office state using the first virtual machine as a first image file in the form of a disk image file or an address collection unit that collects the IP address of the work terminal connected to the physical server through a communication network, by connecting to the work terminal;
A location determination unit is further provided to determine whether the business terminal is located within the work space based on the IP address collected from the address collection unit.
The above state determination unit is characterized in that, if the worker selects internal work from the input information and the location determination unit determines that the work terminal is located within the corresponding work space, it determines that the worker is in an internal work state, and if the worker selects external work from the input information and the location determination unit determines that the work terminal is located outside the corresponding work space, it determines that the worker is in an external work state.
Automatic switching system of network separation type.
In the first paragraph,
The above business terminal is equipped with a GPS module that generates location information of the business terminal.
The above state determination unit is characterized in that, based on the location information provided by the GPS module, if the worker selects internal work from the input information and the work terminal is located within the corresponding work space, it determines that the worker is in an internal work state, and if the worker selects external work from the input information and the work terminal is located outside the corresponding work space, it determines that the worker is in an external work state.
Automatic switching system of network separation type.
An attendance determination step in which the attendance determination module determines whether the worker is in an internal work state in which work is performed within a preset workspace or an external work state in which work is performed outside of the preset workspace;
In the above work status determination step, if the worker is determined to be in the office work status, an office work step in which the office work module operates the first virtual machine provided in the work terminal according to the command entered by the worker into the work terminal so that the worker can use the first virtual machine provided in the work terminal to perform the work; and
In the above work attendance determination step, if the worker is determined to be in the external work status, the operation of the first virtual machine is stopped, but the external work work module connects the work terminal to the physical server so that the worker can use the second virtual machine running on the physical server to perform the work; including an external work work step;
The above attendance determination step is
An information receiving step in which input information on the work status entered by the worker is received from the information receiving unit, and the input information includes information on whether the worker has selected either internal or external work.
A state determination unit determines whether the worker is in an outside work state or an inside work state based on the input information received in the information receiving step, and collects information on the location of the work terminal, and is characterized by having a state determination step for stopping the operation of the first or second virtual machine when the work terminal is located inside the work space while the worker selects outside work in the input information or when the work terminal is located outside the work space while the worker selects inside work in the input information.
A method using an automatic telephone system of the network separation type.
In Article 8
It further comprises an image storage step in which an image server stores the first work data, which is worked on by a worker in the office state using the first virtual machine while connected to the above work terminal, as a first image file in the form of a disk image file;
The above-mentioned internal work step is characterized in that, when the status of the worker in the internal work module changes from the internal work status to the external work status, the first virtual machine is initialized to the initial state.
A method using an automatic telephone system of the network separation type.
In Article 9
The above-mentioned external work step is characterized in that, when the status of the worker changes from the internal work status to the external work status in the external work work module, the first image file including the first work data from the initial time when the worker is determined to be in the internal work status to the time when the worker changes to the external work status is provided from the image server, and the second virtual machine is booted with the provided first image file.
A method using an automatic telephone system of the network separation type.
In Article 8
It further comprises an image storage step in which the image server stores the second work data, which the worker working outside the office has worked on using the second virtual machine, as a second image file in the form of a disk image file by connecting to the physical server;
The above-mentioned internal work step is characterized in that, when the worker's status changes from the external work status to the internal work status in the internal work module, the second image file including the second work data from the initial time when the worker is determined to be in the external work status to the time when the worker is changed to the internal work status is provided from the image server, and the first virtual machine is booted with the provided second image file.
A method using an automatic telephone system of the network separation type.
delete In Article 8,
The above attendance determination step is
An address collection step in which an address collection unit connects to an image server or physical server through a communication network to collect the IP address of the work terminal by storing the first work data worked on by the worker in the office state using the first virtual machine as a first image file in the form of a disk image file, while being connected to the work terminal;
The location determination unit further comprises a location determination step for determining whether the business terminal is located within the work space based on the IP address collected in the address collection step.
The above state determination step is characterized in that, if the state determination unit determines that the worker is in an internal work state from the input information and the work terminal is determined to be located within the work space in the location determination step, the worker is determined to be in an internal work state, and if the worker is determined to be in an external work state from the input information and the work terminal is determined to be located outside the work space in the location determination step, the worker is determined to be in an external work state.
A method using an automatic telephone system of the network separation type.
In Article 8,
The above business terminal is equipped with a GPS module that generates location information of the business terminal.
The above-mentioned attendance determination step is characterized in that the status determination unit determines that the worker is in an internal state if the worker selects internal work from the input information based on the location information provided by the GPS module and the work terminal is located within the corresponding work space, and determines that the worker is in an external state if the worker selects external work from the input information and the work terminal is located outside the corresponding work space.
A method using an automatic telephone system of the network separation type.

Images