CN102316108A - Device for establishing network isolated channel and method thereof - Google Patents
Device for establishing network isolated channel and method thereof Download PDFInfo
- Publication number
- CN102316108A CN102316108A CN201110266437A CN201110266437A CN102316108A CN 102316108 A CN102316108 A CN 102316108A CN 201110266437 A CN201110266437 A CN 201110266437A CN 201110266437 A CN201110266437 A CN 201110266437A CN 102316108 A CN102316108 A CN 102316108A
- Authority
- CN
- China
- Prior art keywords
- network
- key
- equipment
- packet
- channel
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention relates to a device for establishing a network isolated channel and a method thereof. A safe communication channel is established between two or multiple network devices through a network channel isolating device. The network channel isolating device is provided with an internal network interface and an external network interface. The internal network interface is connected with an internal network device. The external network interface is connected with an external network device. The network device which is connected with the internal network interface is protected by the network channel isolating device. A set of network devices protected by the network channel isolating device is called as a network channel isolating device protection domain. Host computers in different domains can communicate safely. By establishing a virtual network isolated channel through a public network among different geographic locations and by adopting an encryption algorithm recommended by the State Secrecy Bureau to conduct high-strength encryption to communication data, any third party cannot effectively decrypt the encrypted data and the communication data cannot be falsified; and the problem that different departments of small and medium enterprises cannot communicate safely through the public network is solved.
Description
Technical field
The present invention relates to a kind of Apparatus for () and method therefor of setting up the Network Isolation passage, belong to the Network Communicate Security technical field.
Background technology
Along with popularizing and the promotion of national Internet of Things strategical planning of network, the safety problem of network service has caused the strong interest of the whole society.The lawless person utilizes network tool to carry out the high-tech crime, and terrorist and hostile force utilize network tool to carry out destructive activity.In the face of the severe situation of information security, there are many weak links in the network safety system of China aspect prediction, reaction, strick precaution and the recovery capability.According to the assessment of Britain " Jian Shi strategy report " and other network organization to various countries' message protection ability; China is put into one of minimum country of protective capacities; Not only be significantly less than information security poweies such as the U.S., Russia and Israel, and come after India, the Korea S.In recent years, domestic all kinds of illegal activities relevant with network are with annual 30% speed increase.Therefore, the exploitation of network security technology is to the national economy of China with national strategic interests have and important meaning.
Because the demand of network security is very big, various Network Security Devices is arranged in the market, if appropriately dispose and safeguard the safe class that can reach higher.Its shortcoming is to need the professional to safeguard, is difficult for configuration, easy error.Overwhelming majority medium-sized and small enterprises do not have the professional and technical personnel of network security aspect.
Summary of the invention
The objective of the invention is to overcome the deficiency that prior art exists, a kind of Apparatus for () and method therefor of setting up the Network Isolation passage is provided, solve the problem of carrying out secure communication through public network between the different departments of medium-sized and small enterprises, the zero configuration zero dimension is protected, and does not need the professional.
The object of the invention is realized through following technical scheme:
Set up the equipment of Network Isolation passage; Characteristics are: between two or many network equipments through network channel xegregating unit (Tunnel Isolating Device; TID) make up the safe communication passage, the network channel xegregating unit has an inboard network interface and an outside network interface, and inboard network interface connects the inboard network equipment; Outside network interface connects the outside network equipment; The network equipment that connects inboard network interface is by the protection of network channel xegregating unit, is called a network channel xegregating unit protected field, secure communication between the main frame in the different protected fields by the set of the network equipment of a network channel xegregating unit protection.
Further, the above-mentioned equipment of setting up the Network Isolation passage, wherein, the network equipment that connects inboard network interface is any electronic equipment that has the use Internet communication protocol of network interface.
Further, the above-mentioned equipment of setting up the Network Isolation passage, wherein, the network equipment that connects outside network interface is any electronic equipment that has the use Internet communication protocol of network interface.
The present invention sets up the method for Network Isolation passage; The network channel xegregating unit carries out automatic encryption and decryption to the packet of process; Paired or a plurality of uses together of network channel xegregating unit; The all customer data that gets into the network channel xegregating unit through inboard network interface encapsulates encryption, and the network interface output from the outside; The user data that gets into the network channel xegregating unit through outside network interface is to be detected; If packet does not have encrypted or can't be by correct deciphering; Then packet is dropped, and has only by the packet of correct deciphering just to get into protected field from inboard network interface output, makes any other third party all can not decipher the packet that is sent by the network equipment in the protected field or main frame; Simultaneously any do not have encrypted packet can't get into protected field, information isolation between protected field and outer net; Thereby set up virtual channel isolation at the LA Management Room of different protected fields, carry out secure communication.
Again further, the above-mentioned method of setting up the Network Isolation passage, wherein, process is divided into and produces and the initial phase of distribution master key, and the generation of sub-key and renewal process, data encryption operation phase of transmitting;
Initial phase: device initialize produces and the distribution master key: the network channel xegregating unit that will mate joins end to end successively with netting twine and forms a closed loop, and the inboard network interface of an equipment connects the outside network interface of another equipment; Press the initialization key on one of them network channel xegregating unit; This device start key initialization agreement; This agreement comprises four-stage: key algorithm selection, key generation, key distribution and key authentication, and key algorithm is selected: key protocol is selected a kind of key algorithm; Key produces: the equipment that starts the key initialization agreement produces a master key at random; Key distribution: key algorithm and master key are encapsulated in the packet then from the outside network interface see off; After next network channel xegregating unit receives packet; Storage key algorithm and master key are also transmitted packet; When the channel separation equipment that starts the key initialization agreement the other end be inboard network interface receive own produce comprise the packet of key algorithm and master key the time, the key distribution completion is described; Key authentication: the correctness of test master key distribution; After key distribution was accomplished, the equipment that starts key protocol produced a key protocol verification msg bag, comprising clear data with accordingly by the master key encrypted ciphertext; Packet is addressed to the next node checking; The ciphertext if this node can correctly be decoded just mails to next node to this packet and continues checking, otherwise produces an authentication error packet and pass to next node; When the equipment that starts key protocol is received by the own key authentication packet that produces, the key authentication completion; When the equipment that starts key protocol is received the authentication error packet, restart the key initialization agreement;
Operation phase: the initialized network channel xegregating unit of process is installed in and carries out secure communication on the network equipment; The method of attachment of network channel xegregating unit is: inboard network interface is connected the network equipment or the main frame that needs protection; Outside network interface is connected outer net or public network; When the network communication equipment in the protected field began to communicate by letter, if also do not produce corresponding sub-key, the network channel xegregating unit extracted destination-address and this packet of buffer memory from the packet that receives; This channel separation equipment produces a sub-key at random, and with the destination-address of master key with the extraction of sub-key encrypts, when the packet that comprises sub-key passes through the channel separation equipment of destination; This packet is intercepted and captured, and the channel separation equipment of intercepting and capturing this packet extracts sub-key with this packet of master key deciphering; And send the reply data bag, when the channel separation equipment that sends sub-key receives when required, with sub-key encrypt user data bag; The beginning secure communication, sub-key irregularly upgrades, encrypt user data; Master key only is used for encrypting and transmitting sub-key, is not used in encrypt user data.
Substantive distinguishing features and obvious improvement that technical scheme of the present invention is outstanding are mainly reflected in:
1. the present invention is between different geographical; Set up virtual Network Isolation passage through public network; The AES that communication data all adopts National Administration for the Protection of State Secrets to recommend carries out high strength encrypting, and any third party can't effectively decipher enciphered data, can not distort communication data; Solve the problem of carrying out secure communication through public network between the different departments of medium-sized and small enterprises; The zero configuration zero dimension is protected, and does not need the professional;
2. channel separation equipment (TID) characteristic: do not need the user that any software is installed on computers; Plug and play, zero configuration, the user is easy to use; TID realizes the protection of data integrity and data anti-replay to the automatic encryption and decryption of user data; All standard network application programs of transparent support (the IP-based application program that comprises user oneself establishment); It is flexible to set up channel isolation, can realize the secure communication of the network equipment between the TID protected field; Anti-attack ability is strong, be in hacker outside the protected field can't the successful implementation man-in-the-middle attack to obtain user's data (data that the hacker intercepts and captures are through encrypted ciphertext); Anti-virus ability is strong, even protected main frame has infected trojan horse, does not also worry information leakage, because wooden horse is when data that the protected field outdoor main unit sends, TID can abandon data because can not get destination host effectively replys; Virus is isolated, and equipment can not receive the infection of virus on the public network in the protected field, because the virus on the public network can't be passed through TID.
3. TID can be used for the secure communication between two branch companies of enterprise; The different interdepartmental secure communications of enterprise; The employee travels outside and the internetwork secure communication of company; Secure communication between the affiliate or the like.
Description of drawings
Below in conjunction with accompanying drawing technical scheme of the present invention is described further:
Fig. 1: the organigram of network channel xegregating unit.
Embodiment
The present invention sets up virtual channel isolation through public network between different geographical, communication data all carries out high strength encrypting, and any third party can't effectively decipher enciphered data, can not distort communication data.
As shown in Figure 1, set up the equipment of Network Isolation passage, between two or many network equipments, make up the safe communication tunnel through network channel xegregating unit (Tunnel Isolating Device abbreviates TID as).The network channel xegregating unit; As shown in Figure 1, an inboard network interface 11, outside network interface 21, network processing unit 31 (carrying out the packet encrypting and decrypting handles and other transaction), initialization key 22, one group of LED light 32 (being used to indicate equipment state), power interface 33 and an optional usb 12 (can be used for initialization key or erection unit certificate) are arranged.Inboard network interface 11 connects the inboard network equipment; Outside network interface 21 connects the outside network equipment; The network equipment that connects inboard network interface 11 is protected by the network channel xegregating unit; Set by the network equipment of network channel xegregating unit protection is called a network channel xegregating unit protected field (abbreviating protected field as), secure communication between the main frame in the different protected fields.Protected field can be a main frame, also can be a sub-net, or a plurality of subnet.
The network equipment that connects inboard network interface 11 is any electronic equipment that has the use Internet communication protocol of network interface.
The network equipment that connects outside network interface 21 is any electronic equipment that has the use Internet communication protocol of network interface.
Set up the method for Network Isolation passage, realize through user data package being carried out automatic encryption and decryption.The network channel xegregating unit needs paired or a plurality ofly to use together, and all customer data bag that gets into the network channel xegregating units through inboard network interface 11 is with encrypted, and network interface 21 outputs from the outside; The user data that gets into the network channel xegregating units through outside network interface 21 is all with to be detected; If packet does not have encrypted or can't be by correct deciphering; Then this packet will be dropped, and have only could to be got into protected field from inboard network interface 11 outputs by the packet of correct deciphering.This has guaranteed that any other third party can not decipher the packet that is sent by the network equipment in the protected field or main frame, simultaneously anyly all can't not got into protected field by appropriate encrypted data packet.This has realized the information isolation between protected field and the outer net.Thereby set up virtual channel isolation at the LA Management Room of different protected fields, carry out secure communication.
AES uses symmetric encipherment algorithm AES or National Administration for the Protection of State Secrets's proposed algorithm.Aes algorithm is one of best algorithm of generally acknowledging at present, and the unique method that cracks this algorithm is a Brute Force, and the required time of this algorithm of Brute Force will therefore as long as the key selection is appropriate, can think that this algorithm can not crack to calculate over 100000000 years.The main purpose of network channel xegregating unit is that its function is equivalent to VPN(Virtual Private Network), compares with VPN in two or many LA Management Rooms structure safe communication tunnels, and TID has unique distinction.
Its process is divided into and produces and the initial phase of distribution master key, and the operation phase of the generation of sub-key and renewal, data encryption transmission;
Initial phase: device initialize produces and the distribution master key: the network channel xegregating unit that will mate joins end to end successively with netting twine and forms a closed loop (the inboard network interface 11 of an equipment is connected the outside network interface 21 of another equipment); Press the initialization key 22 on one of them network channel xegregating unit; This device start key initialization agreement; This agreement comprises four-stage: key algorithm selection, key generation, key distribution and key authentication, and key algorithm is selected: key protocol is selected a kind of key algorithm; Key produces: the equipment that starts the key initialization agreement produces a master key at random; Key distribution: key algorithm and master key are encapsulated in the packet then from the outside network interface 21 see off; After next network channel xegregating unit receives packet; With special algorithm storage key algorithm and master key and transmit this packet; When the channel separation equipment that starts the key initialization agreement the other end be inboard network interface 11 receive own produce comprise the packet of key algorithm and master key the time, the key distribution completion is described; Key authentication: the correctness of test master key distribution; After key distribution was accomplished, the equipment that starts key protocol produced a key protocol verification msg bag, comprising clear data with accordingly by the master key encrypted ciphertext; This packet is addressed to the next node checking; The ciphertext if this node can correctly be decoded just mails to next node to this packet and continues checking, otherwise produces an authentication error packet and pass to next node.When the equipment that starts key protocol is received by the own key authentication packet that produces, the key authentication completion; When the equipment that starts key protocol is received the authentication error packet, restart the key initialization agreement.Owing to have only TID interconnected in the device initialize process, so the distribution of master key is safe (not having the third party can intercept and capture key).Taking place under the stolen or situation of losing of TIDTID, as long as do a TIDTID initialization again, the TIDTID that loses just cannot access network.
Operation phase: produce sub-key, sub-key irregularly upgrades, data encryption communication, and master key transmits sub-key, sub-key enciphered data.
Also there is not the identical product of function at present both at home and abroad.The functional definition here is the IP packet that encrypt with a TID (1), must could decipher with the TID that mated; This has implied (2) must be used structure secure tunnel or tunnel net by two or more TID; (3) manageability (self-enclosed property) not.TID equipment had not both had the IP address not have MAC Address yet, also forbade remote management capability.This makes that TID equipment is " invisible "-cannot conduct interviews through network.The all imperceptible TID equipment of user and hacker, it is bright that this uses full impregnated to the user, but make the hacker can't attack TID equipment.
TID has following characteristic: do not need the user that any software is installed on computers; Plug and play, zero configuration, the user is easy to use; IP message encryption and decryption realizes the protection of data integrity and data anti-replay; All standard network application programs of transparent support (the IP-based application program that comprises user oneself establishment); Security intensity is high; It is flexible to set up secure tunnel, can realize the secure communication between the TID protected field; Anti-attack ability is strong, be in hacker outside the protected field can't the successful implementation man-in-the-middle attack to obtain user's data (data that the hacker intercepts and captures are through encrypted ciphertext); Anti-virus ability is strong, even protected main frame has infected trojan horse, does not also worry information leakage, because wooden horse is when data that the protected field outdoor main unit sends, TID can abandon data because can not get destination host effectively replys; Virus is isolated, and equipment can not receive the infection of virus on the public network in the protected field, because the virus on the public network can't be passed through TID.
What need understand is: the above only is a preferred implementation of the present invention; For those skilled in the art; Under the prerequisite that does not break away from the principle of the invention, can also make some improvement and retouching, these improvement and retouching also should be regarded as protection scope of the present invention.
Claims (5)
1. set up the equipment of Network Isolation passage; It is characterized in that: between two or many network equipments, make up the safe communication passage through the network channel xegregating unit; The network channel xegregating unit has an inboard network interface and an outside network interface; Inboard network interface connects the inboard network equipment, and outside network interface connects the outside network equipment, and the network equipment that connects inboard network interface is protected by the network channel xegregating unit; Set by the network equipment of network channel xegregating unit protection is called a network channel xegregating unit protected field, secure communication between the main frame in the different protected fields.
2. the equipment of setting up the Network Isolation passage according to claim 1 is characterized in that: the network equipment that connects inboard network interface is any electronic equipment that has the use Internet communication protocol of network interface.
3. the equipment of setting up the Network Isolation passage according to claim 1 is characterized in that: the network equipment that connects outside network interface is any electronic equipment that has the use Internet communication protocol of network interface.
4. the described equipment of claim 1 realizes setting up the method for Network Isolation passage; It is characterized in that: the network channel xegregating unit carries out automatic encryption and decryption to the packet of process; Paired or a plurality of uses together of network channel xegregating unit; The all customer data that gets into the network channel xegregating unit through inboard network interface encapsulates encryption, and the network interface output from the outside; The user data that gets into the network channel xegregating unit through outside network interface is to be detected; If packet does not have encrypted or can't be by correct deciphering; Then packet is dropped, and has only by the packet of correct deciphering just to get into protected field from inboard network interface output, makes any other third party all can not decipher the packet that is sent by the network equipment in the protected field or main frame; Simultaneously any do not have encrypted packet can't get into protected field, information isolation between protected field and outer net.
5. the method for setting up the Network Isolation passage according to claim 4 is characterized in that: process is divided into and produces and the initial phase of distribution master key, and the generation of sub-key and renewal process, data encryption operation phase of transmitting;
Initial phase: device initialize produces and the distribution master key: the network channel xegregating unit that will mate joins end to end successively with netting twine and forms a closed loop, and the inboard network interface of an equipment connects the outside network interface of another equipment; Press the initialization key on one of them network channel xegregating unit; This device start key initialization agreement; This agreement comprises four-stage: key algorithm selection, key generation, key distribution and key authentication, and key algorithm is selected: key protocol is selected a kind of key algorithm; Key produces: the equipment that starts the key initialization agreement produces a master key at random; Key distribution: key algorithm and master key are encapsulated in the packet then from the outside network interface see off; After next network channel xegregating unit receives packet; Storage key algorithm and master key are also transmitted packet; When the channel separation equipment that starts the key initialization agreement the other end be inboard network interface receive own produce comprise the packet of key algorithm and master key the time, the key distribution completion is described; Key authentication: the correctness of test master key distribution; After key distribution was accomplished, the equipment that starts key protocol produced a key protocol verification msg bag, comprising clear data with accordingly by the master key encrypted ciphertext; Packet is addressed to the next node checking; The ciphertext if this node can correctly be decoded just mails to next node to this packet and continues checking, otherwise produces an authentication error packet and pass to next node; When the equipment that starts key protocol is received by the own key authentication packet that produces, the key authentication completion; When the equipment that starts key protocol is received the authentication error packet, restart the key initialization agreement;
Operation phase: the initialized network channel xegregating unit of process is installed in and carries out secure communication on the network equipment; The method of attachment of network channel xegregating unit is: inboard network interface is connected the network equipment or the main frame that needs protection; Outside network interface is connected outer net or public network; When the network communication equipment in the protected field began to communicate by letter, if also do not produce corresponding sub-key, the network channel xegregating unit extracted destination-address and this packet of buffer memory from the packet that receives; This channel separation equipment produces a sub-key at random, and with the destination-address of master key with the extraction of sub-key encrypts, when the packet that comprises sub-key passes through the channel separation equipment of destination; This packet is intercepted and captured, and the channel separation equipment of intercepting and capturing this packet extracts sub-key with this packet of master key deciphering; And send the reply data bag, when the channel separation equipment that sends sub-key receives when required, with sub-key encrypt user data bag; The beginning secure communication, sub-key irregularly upgrades, encrypt user data; Master key only is used for encrypting and transmitting sub-key, is not used in encrypt user data.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110266437.6A CN102316108B (en) | 2011-09-09 | 2011-09-09 | Device for establishing network isolated channel and method thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110266437.6A CN102316108B (en) | 2011-09-09 | 2011-09-09 | Device for establishing network isolated channel and method thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102316108A true CN102316108A (en) | 2012-01-11 |
| CN102316108B CN102316108B (en) | 2014-06-04 |
Family
ID=45428924
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110266437.6A Expired - Fee Related CN102316108B (en) | 2011-09-09 | 2011-09-09 | Device for establishing network isolated channel and method thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102316108B (en) |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102882859A (en) * | 2012-09-13 | 2013-01-16 | 广东电网公司电力科学研究院 | Security protection method based on public network data transmission information system |
| CN102882850A (en) * | 2012-09-03 | 2013-01-16 | 广东电网公司电力科学研究院 | Cryptographic device and method thereof for isolating data by employing non-network way |
| CN104363233A (en) * | 2014-11-20 | 2015-02-18 | 成都卫士通信息安全技术有限公司 | Safety cross-domain communication method for application servers in VPN gateways |
| CN104486053A (en) * | 2014-12-05 | 2015-04-01 | 浪潮集团有限公司 | Anti-catastrophe system of network encryption machine |
| CN104539406A (en) * | 2014-12-05 | 2015-04-22 | 浪潮集团有限公司 | Double control network encryptor system |
| CN104601550A (en) * | 2014-12-24 | 2015-05-06 | 国家电网公司 | System and method for transmitting reversely quarantined file based on cluster array |
| CN104917614A (en) * | 2015-04-21 | 2015-09-16 | 中国建设银行股份有限公司 | Bidirectional verification method and device of intelligent card and acceptance terminal |
| CN105577637A (en) * | 2014-10-31 | 2016-05-11 | 英特尔公司 | Technologies for secure inter-virtual network function communication |
| CN107710216A (en) * | 2015-07-03 | 2018-02-16 | 阿费罗有限公司 | For establishing the apparatus and method of secure communication channel in Internet of Things (IoT) system |
| CN109302432A (en) * | 2018-12-17 | 2019-02-01 | 何书霞 | Network communication data combined ciphering transmission method based on network security isolation technique |
| CN112637240A (en) * | 2020-12-31 | 2021-04-09 | 河南信大网御科技有限公司 | Method, system and readable storage medium for preventing protocol message from being tampered under mimicry environment |
| CN114629730A (en) * | 2022-05-16 | 2022-06-14 | 华能国际电力江苏能源开发有限公司 | Regional company computer network security interconnection method and system |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020069278A1 (en) * | 2000-12-05 | 2002-06-06 | Forsloew Jan | Network-based mobile workgroup system |
| CN1430373A (en) * | 2002-12-09 | 2003-07-16 | 武汉柯创高新技术开发中心 | Network isolating card |
| CN1731720A (en) * | 2005-08-31 | 2006-02-08 | 北京电子科技学院 | Transparent omnidirectional safety network method |
| CN1992585A (en) * | 2005-12-30 | 2007-07-04 | 上海贝尔阿尔卡特股份有限公司 | Method and apparatus for secure communication between user facility and internal network |
-
2011
- 2011-09-09 CN CN201110266437.6A patent/CN102316108B/en not_active Expired - Fee Related
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020069278A1 (en) * | 2000-12-05 | 2002-06-06 | Forsloew Jan | Network-based mobile workgroup system |
| CN1430373A (en) * | 2002-12-09 | 2003-07-16 | 武汉柯创高新技术开发中心 | Network isolating card |
| CN1731720A (en) * | 2005-08-31 | 2006-02-08 | 北京电子科技学院 | Transparent omnidirectional safety network method |
| CN1992585A (en) * | 2005-12-30 | 2007-07-04 | 上海贝尔阿尔卡特股份有限公司 | Method and apparatus for secure communication between user facility and internal network |
Cited By (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102882850A (en) * | 2012-09-03 | 2013-01-16 | 广东电网公司电力科学研究院 | Cryptographic device and method thereof for isolating data by employing non-network way |
| CN102882850B (en) * | 2012-09-03 | 2015-11-18 | 广东电网公司电力科学研究院 | A kind of encryption apparatus and method thereof adopting non-network mode isolated data |
| CN102882859B (en) * | 2012-09-13 | 2015-08-05 | 广东电网公司电力科学研究院 | A kind of safety protecting method based on public network data transmission information system |
| CN102882859A (en) * | 2012-09-13 | 2013-01-16 | 广东电网公司电力科学研究院 | Security protection method based on public network data transmission information system |
| CN105577637A (en) * | 2014-10-31 | 2016-05-11 | 英特尔公司 | Technologies for secure inter-virtual network function communication |
| CN104363233A (en) * | 2014-11-20 | 2015-02-18 | 成都卫士通信息安全技术有限公司 | Safety cross-domain communication method for application servers in VPN gateways |
| CN104539406A (en) * | 2014-12-05 | 2015-04-22 | 浪潮集团有限公司 | Double control network encryptor system |
| CN104486053A (en) * | 2014-12-05 | 2015-04-01 | 浪潮集团有限公司 | Anti-catastrophe system of network encryption machine |
| CN104601550A (en) * | 2014-12-24 | 2015-05-06 | 国家电网公司 | System and method for transmitting reversely quarantined file based on cluster array |
| CN104917614A (en) * | 2015-04-21 | 2015-09-16 | 中国建设银行股份有限公司 | Bidirectional verification method and device of intelligent card and acceptance terminal |
| CN107710216A (en) * | 2015-07-03 | 2018-02-16 | 阿费罗有限公司 | For establishing the apparatus and method of secure communication channel in Internet of Things (IoT) system |
| CN107710216B (en) * | 2015-07-03 | 2021-12-07 | 阿费罗有限公司 | Apparatus and method for establishing a secure communication channel in an internet of things (IoT) system |
| CN109302432A (en) * | 2018-12-17 | 2019-02-01 | 何书霞 | Network communication data combined ciphering transmission method based on network security isolation technique |
| CN109302432B (en) * | 2018-12-17 | 2021-09-07 | 何书霞 | Network communication data combination encryption transmission method based on network security isolation technology |
| CN112637240A (en) * | 2020-12-31 | 2021-04-09 | 河南信大网御科技有限公司 | Method, system and readable storage medium for preventing protocol message from being tampered under mimicry environment |
| CN112637240B (en) * | 2020-12-31 | 2023-09-12 | 河南信大网御科技有限公司 | Protocol message tamper-proof method and system under mimicry environment and readable storage medium |
| CN114629730A (en) * | 2022-05-16 | 2022-06-14 | 华能国际电力江苏能源开发有限公司 | Regional company computer network security interconnection method and system |
| CN114629730B (en) * | 2022-05-16 | 2022-08-12 | 华能国际电力江苏能源开发有限公司 | Regional company computer network security interconnection method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102316108B (en) | 2014-06-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102316108B (en) | Device for establishing network isolated channel and method thereof | |
| CN104158653B (en) | A kind of safety communicating method based on the close algorithm of business | |
| Sheldon et al. | The insecurity of wireless networks | |
| CN103684766B (en) | A kind of private key protection method of terminal use and system | |
| CN105656941B (en) | Identification authentication system and method | |
| CN105553951A (en) | Data transmission method and data transmission device | |
| CN102685119A (en) | Data transmitting/receiving method, data transmitting/receiving device, transmission method, transmission system and server | |
| CN105162808B (en) | A kind of safe login method based on national secret algorithm | |
| CN101917270A (en) | Weak authentication and key agreement method based on symmetrical password | |
| CN107896223A (en) | A kind of data processing method and system, data collecting system and data receiving system | |
| CN104394123A (en) | A data encryption transmission system and method based on an HTTP | |
| CN104468126A (en) | Safety communication system and method | |
| CN104753953A (en) | Access control system | |
| CN109951513A (en) | Anti- quantum calculation wired home quantum cloud storage method and system based on quantum key card | |
| CN109981257A (en) | A kind of data security protection method and device based on ssh | |
| CN106209916A (en) | Industrial automation produces business data transmission encryption and decryption method and system | |
| CN106789845A (en) | A kind of method of network data security transmission | |
| CN103458401B (en) | A kind of voice encryption communication system and communication means | |
| CN103685181A (en) | Key negotiation method based on SRTP | |
| CN102118311B (en) | Data transmission method | |
| CN107612875A (en) | A kind of safe cloud data transfer control method | |
| Kumar et al. | Cyber security threats in synchrophasor system in WAMS | |
| CN105790932A (en) | Encryption method through using machine codes as bases | |
| Jindal et al. | Comparative Study On IEEE 802.11 Wireless Local Area Network Securities. | |
| CN104581715A (en) | Sensing system key protecting method in field of Internet of things and wireless access equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20140604 Termination date: 20140909 |
|
| EXPY | Termination of patent right or utility model |