CN102316108B - Device for establishing network isolated channel and method thereof - Google Patents
Device for establishing network isolated channel and method thereof Download PDFInfo
- Publication number
- CN102316108B CN102316108B CN201110266437.6A CN201110266437A CN102316108B CN 102316108 B CN102316108 B CN 102316108B CN 201110266437 A CN201110266437 A CN 201110266437A CN 102316108 B CN102316108 B CN 102316108B
- Authority
- CN
- China
- Prior art keywords
- key
- network
- packet
- xegregating unit
- channel
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Abstract
The invention relates to a device for establishing a network isolated channel and a method thereof. A safe communication channel is established between two or multiple network devices through a network channel isolating device. The network channel isolating device is provided with an internal network interface and an external network interface. The internal network interface is connected with an internal network device. The external network interface is connected with an external network device. The network device which is connected with the internal network interface is protected by the network channel isolating device. A set of network devices protected by the network channel isolating device is called as a network channel isolating device protection domain. Host computers in different domains can communicate safely. By establishing a virtual network isolated channel through a public network among different geographic locations and by adopting an encryption algorithm recommended by the State Secrecy Bureau to conduct high-strength encryption to communication data, any third party cannot effectively decrypt the encrypted data and the communication data cannot be falsified; and the problem that different departments of small and medium enterprises cannot communicate safely through the public network is solved.
Description
Technical field
The present invention relates to a kind of Apparatus for () and method therefor of setting up network isolated channel, belong to Network Communicate Security technical field.
Background technology
Along with the promotion of the universal and national Internet of Things strategical planning of network, the safety problem of network service has caused the strong interest of the whole society.Lawless person utilizes network tool to carry out high-tech crime, and terrorist and hostile force utilize network tool to carry out destructive activity.In the face of the severe situation of information security, there are many weak links in the network safety system of China aspect prediction, reaction, strick precaution and recovery capability.According to Britain's " report of Jian Shi strategy " and the assessment of other network organization to various countries' message protection ability, China is put into one of country that protective capacities is minimum, not only be significantly less than the information security poweies such as the U.S., Russia and Israel, and after coming India, Korea S.In recent years, the domestic all kinds of illegal activities relevant with network are with annual 30% speed increase.Therefore, the national economy of the exploitation of network security technology to China and national strategic interests have and important meaning.
Because the demand of network security is very large, there are in the market various Network Security Devices, if appropriate configure and maintenance can reach higher safe class.Its shortcoming is to need professional to safeguard, is difficult for configuration, easily makes mistakes.Overwhelming majority medium-sized and small enterprises do not have the professional and technical personnel of network security aspect.
Summary of the invention
The object of the invention is to overcome the deficiency that prior art exists, a kind of Apparatus for () and method therefor of setting up network isolated channel is provided, solve the problem of carrying out secure communication by public network between the different departments of medium-sized and small enterprises, zero configuration zero dimension is protected, and does not need professional.
Object of the present invention is achieved through the following technical solutions:
Set up the equipment of network isolated channel, feature is: between two or many network equipments by network channel xegregating unit (Tunnel Isolating Device, TID) build safe communication port, network channel xegregating unit has an inner side network interface and an outside network interface, inner side network interface connects the inner side network equipment, outside network interface connects the outside network equipment, the network equipment that connects inner side network interface is protected by network channel xegregating unit, the set of the network equipment of being protected by a network channel xegregating unit is called a network channel xegregating unit protected field, secure communication between the main frame in different protected fields.
Further, the above-mentioned equipment of setting up network isolated channel, wherein, the network equipment that connects inner side network interface is any electronic equipment with the use Internet communication protocol of network interface.
Further, the above-mentioned equipment of setting up network isolated channel, wherein, the network equipment that connects outside network interface is any electronic equipment with the use Internet communication protocol of network interface.
The present invention sets up the method for network isolated channel, network channel xegregating unit carries out automatic encryption and decryption to the packet of process, network channel xegregating unit paired or multiple together use, enter coated encryption of all customer data of network channel xegregating unit by inner side network interface, and export from outside network interface; The user data that enters network channel xegregating unit by outside network interface is detected, if packet does not have encrypted or cannot correctly be deciphered, packet is dropped, only have the packet of correctly being deciphered just to enter protected field from the output of inner side network interface, make any other third party all can not decipher the packet being sent by the network equipment in protected field or main frame, simultaneously any do not have encrypted packet cannot enter protected field, information isolation between protected field and outer net; Thereby set up virtual channel isolation at the LA Management Room of different protected fields, carry out secure communication.
Again further, the above-mentioned method of setting up network isolated channel, wherein, process is divided into and produces and the initial phase of distribution master key, and the operation phase of the generation of sub-key and renewal process, Data Encryption Transmission;
Initial phase: device initialize, produces and distribution master key: the network channel xegregating unit netting twine of needs coupling is joined end to end successively and forms a closed loop, and the inner side network interface of an equipment connects the outside network interface of another equipment, press the initialization key on one of them network channel xegregating unit, this device start cipher key initialization agreement, this agreement comprises four-stage: key algorithm selection, key generation, key distribution and key authentication, and key algorithm is selected: key protocol is selected a kind of key algorithm, key produces: a master key of the random generation of equipment that starts cipher key initialization agreement, key distribution: key algorithm and master key are encapsulated in a packet and are then sent from outside network interface, next network channel xegregating unit receives after packet, storage key algorithm and master key forwarding data bag, when the channel separation equipment that starts cipher key initialization agreement when inner side network interface receives the packet that comprises key algorithm and master key of own generation, illustrates that key distribution completes at the other end, key authentication: the correctness of test master key distribution, after key distribution completes, the equipment that starts cipher key initialization agreement produces a key protocol verification msg bag, comprising clear data and corresponding ciphertext of being encrypted by master key, packet is addressed to next node checking, if this node can be correctly decoded ciphertext, just this packet is mail to next node and continue checking, otherwise produce an authentication error packet and pass to next node, in the time that the equipment of startup cipher key initialization agreement is received the key authentication packet being produced by oneself, key authentication completes, in the time that the equipment of startup cipher key initialization agreement is received authentication error packet, restart cipher key initialization agreement,
Operation phase: be arranged on and carry out secure communication on the network equipment through initialized network channel xegregating unit, the method of attachment of network channel xegregating unit is: inner side network interface is connected to the network equipment or the main frame that need protection, outside network interface is connected to outer net or public network, in the time that the network communication equipment in protected field starts to communicate by letter, if also do not produce corresponding sub-key, network channel xegregating unit extracts destination-address this packet of buffer memory from the packet receiving, a sub-key of the random generation of this channel separation equipment, and destination-address sub-key encrypts being extracted with master key, in the time that the packet that comprises sub-key passes through the channel separation equipment of destination, this packet is intercepted and captured, intercept and capture the channel separation equipment master key of this packet and decipher this packet, extract sub-key, and send reply data bag, receive when required when sending the channel separation equipment of sub-key, with sub-key encrypt user data bag, start secure communication, sub-key irregularly upgrades, encrypt user data, master key is only for encrypting and transmit sub-key, be not used in encrypt user data.
The substantive distinguishing features that technical solution of the present invention is outstanding and significant progressive being mainly reflected in:
1. the present invention is between different geographical position, set up virtual network isolated channel by public network, the cryptographic algorithm that communication data all adopts National Administration for the Protection of State Secrets to recommend is carried out high strength encrypting, and any third party cannot effectively decipher enciphered data, can not distort communication data; Solve the problem of carrying out secure communication by public network between the different departments of medium-sized and small enterprises; Zero configuration zero dimension is protected, and does not need professional;
2. channel separation equipment (TID) characteristic: do not need user that any software is installed on computers; Plug and play, zero configuration, user is easy to use; TID, to the automatic encryption and decryption of user data, realizes data integrity and the protection of data anti-replay; The all standard network application programs of transparent support (comprising the IP-based application program of user oneself establishment); Set up channel isolation flexible, can realize the secure communication of the network equipment between TID protected field; Anti-attack ability is strong, the hacker outside protected field cannot successful implementation man-in-the-middle attack to obtain user's data (data that hacker intercepts and captures are the ciphertexts through encrypting); Anti-virus ability is strong, even if protected main frame has infected trojan horse, does not also worry information leakage, because when the data that wooden horse sends to protected field outdoor main unit, TID, because can not get destination host and effectively reply, can abandon data; Virus isolation, in protected field, equipment can not be subject to the infection of virus on public network, because the virus on public network cannot be passed through TID.
3. TID can be used for the secure communication between Liang Ge branch company of enterprise; The different interdepartmental secure communications of enterprise; Employee travels outside and the internetwork secure communication of company; Secure communication between affiliate etc.
Brief description of the drawings
Below in conjunction with accompanying drawing, technical solution of the present invention is described further:
Fig. 1: the organigram of network channel xegregating unit.
Embodiment
The present invention, between different geographical position, sets up virtual channel isolation by public network, and communication data all carries out high strength encrypting, and any third party cannot effectively decipher enciphered data, can not distort communication data.
As shown in Figure 1, set up the equipment of network isolated channel, between two or many network equipments, build safe communication tunnel by network channel xegregating unit (Tunnel Isolating Device, referred to as TID).Network channel xegregating unit, as shown in Figure 1, have an inner side network interface 11, outside network interface 21, a network processing unit 31(to carry out Data Packet Encryption decryption processing and other transaction), initialization key 22, one group of LED light 32(be used to indicate equipment state), a power interface 33 and an optional usb 1 2(can be used for initialization key or erection unit certificate).Inner side network interface 11 connects the inner side network equipment; outside network interface 21 connects the outside network equipment; the network equipment that connects inner side network interface 11 is protected by network channel xegregating unit; the set of the network equipment of being protected by a network channel xegregating unit is called a network channel xegregating unit protected field (referred to as protected field), secure communication between the main frame in different protected fields.Protected field can be a main frame, can be also a subnet, or multiple subnet.
The network equipment that connects inner side network interface 11 is any electronic equipment with the use Internet communication protocol of network interface.
The network equipment that connects outside network interface 21 is any electronic equipment with the use Internet communication protocol of network interface.
Set up the method for network isolated channel, by user data package being carried out to automatic encryption and decryption realization.Network channel xegregating unit needs paired or multiplely to use together, and all customer data bag that enters network channel xegregating unit by inner side network interface 11 is encrypted, and exports from outside network interface 21; The user data that enters network channel xegregating unit by outside network interface 21 all will be detected; if packet does not have encrypted or cannot correctly be deciphered; this packet will be dropped, and only have the packet that can correctly be deciphered to enter protected field from 11 outputs of inner side network interface.This has ensured that any other third party can not decipher the packet being sent by the network equipment in protected field or main frame, and any packet of appropriately not encrypted all cannot enter protected field simultaneously.This has realized the information isolation between protected field and outer net.Thereby set up virtual channel isolation at the LA Management Room of different protected fields, carry out secure communication.
Cryptographic algorithm is used symmetric encipherment algorithm AES or National Administration for the Protection of State Secrets's proposed algorithm.Aes algorithm is one of best algorithm of generally acknowledging at present, and the unique method that cracks this algorithm is Brute Force, and the required time of this algorithm of Brute Force will, to calculate over 100000000 years, therefore as long as key selection is appropriate, can think that this algorithm can not crack.The main purpose of network channel xegregating unit is to build safe communication tunnel at two or many LA Management Rooms, and its function is equivalent to VPN(Virtual Private Network), and compared with VPN, TID has unique distinction.
Its process is divided into and produces and the initial phase of distribution master key, and the operation phase of the generation of sub-key and renewal, Data Encryption Transmission;
Initial phase: device initialize, produces and distribution master key: the network channel xegregating unit netting twine of needs coupling is joined end to end successively and forms a closed loop (the inner side network interface 11 of an equipment is connected the outside network interface 21 of another equipment); Press the initialization key 22 on one of them network channel xegregating unit, this device start cipher key initialization agreement, this agreement comprises four-stage: key algorithm selection, key generation, key distribution and key authentication, and key algorithm is selected: key protocol is selected a kind of key algorithm; Key produces: a master key of the random generation of equipment that starts cipher key initialization agreement; Key distribution: key algorithm and master key are encapsulated in a packet and are then sent from outside network interface 21, next network channel xegregating unit receives after packet, with special algorithm storage key algorithm and master key and forward this packet, when the channel separation equipment that starts cipher key initialization agreement when inner side network interface 11 receives the packet that comprises key algorithm and master key of own generation, illustrates that key distribution completes at the other end; Key authentication: the correctness of test master key distribution, after key distribution completes, the equipment that starts key protocol produces a key protocol verification msg bag, comprising clear data and corresponding ciphertext of being encrypted by master key, this packet is addressed to next node checking, if this node can be correctly decoded ciphertext, just this packet is mail to next node and continue checking, otherwise produce an authentication error packet and pass to next node.In the time that the equipment of startup key protocol is received the key authentication packet being produced by oneself, key authentication completes; In the time that the equipment of startup key protocol is received authentication error packet, restart cipher key initialization agreement.Owing to only having TID interconnected in device initialize process, therefore the distribution of master key is safe (not having third party can intercept and capture key).Occurring, TIDTID is stolen or lose in the situation that, as long as again do a TIDTID initialization, the TIDTID of loss just cannot access network.
Operation phase: produce sub-key, sub-key irregularly upgrades, data encryption communication, master key transmits sub-key, sub-key enciphered data.
Also there is no at present the product that function is identical both at home and abroad.The function is here defined as the IP packet that encrypt with a TID (1), must could decipher with the TID mating; This has implied (2) must be used in conjunction with structure secure tunnel or tunnel net by two or more TID; (3) manageability (self-enclosed property) not.TID equipment had not both had IP address there is no MAC Address yet, also forbade remote management capability.This makes TID equipment is " invisible "-cannot conduct interviews by network.User and hacker be imperceptible TID equipment, and this uses all-transparent to user, but make hacker cannot attack TID equipment.
TID has following characteristic: do not need user that any software is installed on computers; Plug and play, zero configuration, user is easy to use; IP message encryption and decryption, realizes data integrity and the protection of data anti-replay; The all standard network application programs of transparent support (comprising the IP-based application program of user oneself establishment); Security intensity is high; Set up secure tunnel flexible, can realize the secure communication between TID protected field; Anti-attack ability is strong, the hacker outside protected field cannot successful implementation man-in-the-middle attack to obtain user's data (data that hacker intercepts and captures are the ciphertexts through encrypting); Anti-virus ability is strong, even if protected main frame has infected trojan horse, does not also worry information leakage, because when the data that wooden horse sends to protected field outdoor main unit, TID, because can not get destination host and effectively reply, can abandon data; Virus isolation, in protected field, equipment can not be subject to the infection of virus on public network, because the virus on public network cannot be passed through TID.
It is to be understood that: the above is only the preferred embodiment of the present invention; for those skilled in the art; under the premise without departing from the principles of the invention, can also make some improvements and modifications, these improvements and modifications also should be considered as protection scope of the present invention.
Claims (1)
1. utilize network channel xegregating unit to realize the method for setting up network isolated channel, between two or many network equipments, build safe communication port by network channel xegregating unit, network channel xegregating unit has an inner side network interface and an outside network interface, inner side network interface connects the inner side network equipment, outside network interface connects the outside network equipment, the network equipment that connects inner side network interface is protected by network channel xegregating unit, the set of the network equipment of being protected by a network channel xegregating unit is called a network channel xegregating unit protected field, secure communication between the main frame in different protected fields, it is characterized in that, comprise the following steps:
Described network channel xegregating unit carries out automatic encryption and decryption to the packet of process, network channel xegregating unit paired or multiple together use, enter coated encryption of all customer data of network channel xegregating unit by inner side network interface, and export from outside network interface; The user data that enters network channel xegregating unit by outside network interface is detected, if packet does not have encrypted or cannot correctly be deciphered, packet is dropped, only have the packet of correctly being deciphered just to enter protected field from the output of inner side network interface, make any other third party all can not decipher the packet being sent by the network equipment in protected field or main frame, simultaneously any do not have encrypted packet cannot enter protected field, information isolation between protected field and outer net;
The process that realizes described secure communication be divided into for generation of with the initial phase of distribution master key, and for operation phase of the generation of sub-key and renewal process, Data Encryption Transmission;
Described initial phase comprises the step of device initialize, and produces and distribute the step of master key;
The step of described generation and distribution master key is specially: the network channel xegregating unit netting twine of needs coupling is joined end to end successively and forms a closed loop, the inner side network interface of an equipment connects the outside network interface of another equipment, press the initialization key on one of them network channel xegregating unit, this device start cipher key initialization agreement;
Described cipher key initialization agreement comprises four-stage: key algorithm selection, key generation, key distribution and key authentication;
Described key algorithm is selected to be specially: select a kind of key algorithm;
Described key produces and is specially: a master key of the random generation of equipment that starts cipher key initialization agreement;
Described key distribution is specially: key algorithm and master key are encapsulated in a packet and are then sent from outside network interface, next network channel xegregating unit receives after packet, storage key algorithm and master key forwarding data bag, when the network channel xegregating unit that starts cipher key initialization agreement when inner side network interface receives the packet that comprises key algorithm and master key of own generation, illustrates that key distribution completes at the other end;
Described key authentication is specially: the correctness of test master key distribution, after key distribution completes, the equipment that starts cipher key initialization agreement produces a key protocol verification msg bag, comprising clear data and corresponding ciphertext of being encrypted by master key, packet is addressed to next network channel xegregating unit checking, if this network channel xegregating unit can be correctly decoded ciphertext, just this packet is mail to next network channel xegregating unit and continue checking, otherwise produce an authentication error packet and pass to next network channel xegregating unit, in the time that the equipment of startup cipher key initialization agreement is received the key authentication packet being produced by oneself, key authentication completes, in the time that the equipment of startup cipher key initialization agreement is received authentication error packet, restart cipher key initialization agreement,
The described operation phase comprises the following steps: be arranged on the network equipment through initialized network channel xegregating unit, the inner side network interface of network channel xegregating unit is connected to the network equipment or the main frame that need protection, the outside network interface of network channel xegregating unit is connected to outer net or public network, in the time that the network communication equipment in protected field starts to communicate by letter, if also do not produce corresponding sub-key, network channel xegregating unit extracts destination-address this packet of buffer memory from the packet receiving, a sub-key of the random generation of this network channel xegregating unit, and destination-address sub-key encrypts being extracted with master key, in the time that the packet that comprises sub-key passes through the network channel xegregating unit of destination, this packet is intercepted and captured, intercept and capture the network channel xegregating unit master key of this packet and decipher this packet, extract sub-key, and send reply data bag, receive while replying when sending the network channel xegregating unit of sub-key, with sub-key encrypt user data bag, start secure communication, sub-key irregularly upgrades, encrypt user data, master key is only for encrypting and transmit sub-key, be not used in encrypt user data.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110266437.6A CN102316108B (en) | 2011-09-09 | 2011-09-09 | Device for establishing network isolated channel and method thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110266437.6A CN102316108B (en) | 2011-09-09 | 2011-09-09 | Device for establishing network isolated channel and method thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102316108A CN102316108A (en) | 2012-01-11 |
| CN102316108B true CN102316108B (en) | 2014-06-04 |
Family
ID=45428924
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110266437.6A Expired - Fee Related CN102316108B (en) | 2011-09-09 | 2011-09-09 | Device for establishing network isolated channel and method thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102316108B (en) |
Families Citing this family (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102882850B (en) * | 2012-09-03 | 2015-11-18 | 广东电网公司电力科学研究院 | A kind of encryption apparatus and method thereof adopting non-network mode isolated data |
| CN102882859B (en) * | 2012-09-13 | 2015-08-05 | 广东电网公司电力科学研究院 | A kind of safety protecting method based on public network data transmission information system |
| US9407612B2 (en) * | 2014-10-31 | 2016-08-02 | Intel Corporation | Technologies for secure inter-virtual network function communication |
| CN104363233A (en) * | 2014-11-20 | 2015-02-18 | 成都卫士通信息安全技术有限公司 | Safety cross-domain communication method for application servers in VPN gateways |
| CN104486053A (en) * | 2014-12-05 | 2015-04-01 | 浪潮集团有限公司 | Anti-catastrophe system of network encryption machine |
| CN104539406A (en) * | 2014-12-05 | 2015-04-22 | 浪潮集团有限公司 | Double control network encryptor system |
| CN104601550B (en) * | 2014-12-24 | 2020-08-11 | 国家电网公司 | Reverse isolation file transmission system and method based on cluster array |
| CN104917614A (en) * | 2015-04-21 | 2015-09-16 | 中国建设银行股份有限公司 | Bidirectional verification method and device of intelligent card and acceptance terminal |
| WO2017007725A1 (en) * | 2015-07-03 | 2017-01-12 | Afero, Inc. | Apparatus and method for establishing secure communication channels in an internet of things (iot) system |
| CN109302432B (en) * | 2018-12-17 | 2021-09-07 | 何书霞 | Network communication data combination encryption transmission method based on network security isolation technology |
| CN112637240B (en) * | 2020-12-31 | 2023-09-12 | 河南信大网御科技有限公司 | Protocol message tamper-proof method and system under mimicry environment and readable storage medium |
| CN114629730B (en) * | 2022-05-16 | 2022-08-12 | 华能国际电力江苏能源开发有限公司 | Regional company computer network security interconnection method and system |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1430373A (en) * | 2002-12-09 | 2003-07-16 | 武汉柯创高新技术开发中心 | Network isolating card |
| CN1731720A (en) * | 2005-08-31 | 2006-02-08 | 北京电子科技学院 | Transparent omnidirectional safety network method |
| CN1992585A (en) * | 2005-12-30 | 2007-07-04 | 上海贝尔阿尔卡特股份有限公司 | Method and apparatus for secure communication between user facility and internal network |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6954790B2 (en) * | 2000-12-05 | 2005-10-11 | Interactive People Unplugged Ab | Network-based mobile workgroup system |
-
2011
- 2011-09-09 CN CN201110266437.6A patent/CN102316108B/en not_active Expired - Fee Related
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1430373A (en) * | 2002-12-09 | 2003-07-16 | 武汉柯创高新技术开发中心 | Network isolating card |
| CN1731720A (en) * | 2005-08-31 | 2006-02-08 | 北京电子科技学院 | Transparent omnidirectional safety network method |
| CN1992585A (en) * | 2005-12-30 | 2007-07-04 | 上海贝尔阿尔卡特股份有限公司 | Method and apparatus for secure communication between user facility and internal network |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102316108A (en) | 2012-01-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102316108B (en) | Device for establishing network isolated channel and method thereof | |
| CN104158653B (en) | A kind of safety communicating method based on the close algorithm of business | |
| Sheldon et al. | The insecurity of wireless networks | |
| CN107302541A (en) | A kind of data encryption and transmission method based on http protocol | |
| CN101478548B (en) | Data transmission ciphering and integrity checking method | |
| CN101335615B (en) | Method used in key consultation of USB KEY audio ciphering and deciphering device | |
| CN104219041A (en) | Data transmission encryption method applicable for mobile internet | |
| CN102685119A (en) | Data transmitting/receiving method, data transmitting/receiving device, transmission method, transmission system and server | |
| CN107896223A (en) | A kind of data processing method and system, data collecting system and data receiving system | |
| CN104468126A (en) | Safety communication system and method | |
| CN109951513A (en) | Anti- quantum calculation wired home quantum cloud storage method and system based on quantum key card | |
| CN109981257A (en) | A kind of data security protection method and device based on ssh | |
| CN106209883A (en) | Based on link selection and the multi-chain circuit transmission method and system of broken restructuring | |
| CN105119894A (en) | Communication system and communication method based on hardware safety module | |
| CN103117851A (en) | Encryption control method and device capable of achieving tamper-proofing and repudiation-proofing by means of public key infrastructure (PKI) | |
| CN109104278A (en) | A kind of encrypting and decrypting method | |
| WO2019165571A1 (en) | Method and system for transmitting data | |
| CN103458401B (en) | A kind of voice encryption communication system and communication means | |
| CN102780702A (en) | System and method for document security transmission | |
| CN102413144A (en) | Secure access system for C/S architecture service and related access method | |
| CN103685181A (en) | Key negotiation method based on SRTP | |
| CN102118311B (en) | Data transmission method | |
| Sakib et al. | Security improvement of WPA 2 (Wi-Fi protected access 2) | |
| CN109587149A (en) | A kind of safety communicating method and device of data | |
| CN102882859A (en) | Security protection method based on public network data transmission information system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20140604 Termination date: 20140909 |
|
| EXPY | Termination of patent right or utility model |