CN105939353A - Security management and information feedback system based on GDOI protocol - Google Patents
Security management and information feedback system based on GDOI protocol Download PDFInfo
- Publication number
- CN105939353A CN105939353A CN201610405991.0A CN201610405991A CN105939353A CN 105939353 A CN105939353 A CN 105939353A CN 201610405991 A CN201610405991 A CN 201610405991A CN 105939353 A CN105939353 A CN 105939353A
- Authority
- CN
- China
- Prior art keywords
- unit
- management
- key
- information
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/065—Network architectures or network communication protocols for network security for supporting key management in a packet data network for group communications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0631—Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a large-scale network security management system based on a GDOI protocol. The security management system is used for managing and controlling information acquisition, classification and management of properties and encryption equipment and key management equipment associated with the properties, managing configuration information of the key management equipment and the encryption equipment, configuring group policies of the key management equipment and the encryption equipment, and checking state information of the key management equipment and the encryption equipment. According to the large-scale network security management system disclosed by the invention, security protection of the properties and the encryption equipment and the key management equipment associated with the properties is carried out through a property management module and a configuration management module; therefore, the properties and the encryption equipment thereof can be maintained, monitored and checked at any time; if there is a problem, a remedial measure can be taken at first time; a group encryption and deployment model of a key management server and a group member (GM) and a whole network consultation mechanism (Group SA) are provided; the flow among nodes is encrypted and decrypted by using the Group SA; and security communication is provided for the IP of any node.
Description
Technical field
The invention belongs to field of information security technology, particularly relate to plant and pacify based under GDOI agreement
Full management and information feedback system.
Background technology
Global Internet is indispensable in the Working Life of people, but the information of network
Security threat is but aggravating year by year." prism door " thing that network safety filed in 2013 is famous
In part, the existing network architecture with switch, router as core is highly susceptible to monitored.
Bulk information is leaked by switch and router, has beaten a police for all-network user
Clock.
For large-scale corporation or the internet of government department of global range, it often uses
Network topology structure as shown in Figure 1.Whole network is divided into three layers, wherein group's looped network platform
It is made up of several data centers, between data center, is become looped network by multiple 10G group of networks, for
The services such as complete or collected works group provides applied business to access, data summarization;Regional center platform, by some
Individual regional center forms, and regional center collects the data of each department company according to region, and provides
Lead to the data channel of group's looped network;Regional corporation's platform, by various places regional corporation LAN or
Metropolitan Area Network (MAN) forms, the network insertion of the base application of carrying various places company.On realizing
State mutually addressing and data exchange, the ICP/IP protocol of existing standard between each object in network
Taking the mode of plaintext transmission on channel, substantial amounts of data are not having the feelings of any safeguard protection
It is transmitted under condition;The routing mechanism of network makes between different geographical, country at network virtual
Space does not has at " gateway of a country ", and transmission data can by arbitrary intercepting, restructuring, and restore former
The data message begun causes data message to leak.More it is a risk that present domestic use big
Most switches and router are all foreign brand names, even if home brands also more uses external core
Chip has designed, and causes domestic transmission network data may be monitored by foreign organization.Therefore,
For the safety transmission of guarantee network internal information, in system interconnects, need to use the most certainly
The network switching equipment of main research and development, data encryption equipment, key management apparatus, safety management set
Standby etc..Wherein, equipment safety control (security management center) is concentrated from the overall situation and is set encryption
Standby and key management apparatus carries out management and control, the configuration letter of management key management apparatus and encryption device
Breath, configuring cipher key management equipment and the group policy of encryption device, check key management apparatus and add
The status information of close equipment, and to the assets gone wrong or encryption device and key management apparatus
Find in time, and report to the police and revise, to ensure additionally, various distributed in internet
The service needed such as calculating, voice, video are run anywhere or anytime between each branch, tradition
Hub-Spoke, point-to-point ipsec tunnel solution in meaning can not meet user's
Demand.GDOI (Group Domain of Interpretat ion) agreement proposes key pipe
Reason server and the group encryption deployment model of group membership (GM), whole net negotiation mechanism (Group
SA), the Group internodal flow of SA encryption and decryption is used, for arbitrary node IP secure communication
Provide possibility.To this end, the large-scale network security administrative center tool under exploitation GDOI agreement
There are important theory and practical significance.
Summary of the invention
In order to solve the problems referred to above, the present invention provide kind based on safety management under GDOI agreement and
Information feedback system, described system includes being encrypted asset equipment information by encryption device
Process, described encryption device is controlled management and to encrypted equipment encryption
Asset equipment passes through safety management and feedback regulation;
Further, described system includes high-speed encryption module, KMC, key pipe
Reason controls terminal, security management center and information feedback management center, wherein;
High-speed encryption module, described high-speed encryption module is for setting asset equipment information, encryption
Standby offer dual pathways encryption method;
KMC, described KMC is for carrying out this identity to encryption device
Certification, the encipherment protection of data storage and the identity key management of the whole network encryption device;
Key management controls terminal;Described key management control terminal for key information input and
The distribution of the identity public key of the KMC under off-line state;
Security management center, asset equipment is described, defines by described security management center,
Classification and registration, and encryption device that asset equipment is associated and the function of KMC
Configuration and function information are set;
Information feedback management center, described information feedback management center is used for asset equipment and adds
The real-time status of close equipment is monitored, and carries out safety management and feedback tune according to monitoring situation
Joint;
Further, described encryption module includes the first treatment channel, the second treatment channel and is total to
By module, described first treatment channel and the second treatment channel be equipped with independent user profile
Input interface, management information input interface and authentication interface, described shared module is by using
Family information input interface receives key information and checking information, the described shared module of user's input
Received the operation information of management personnel by management information input interface, described shared module passes through
The checking information of authentication interface management personnel;
Further, described shared module includes control centre's unit, editor integrated unit, sudden strain of a muscle
Memory cell and configuration interface, described first treatment channel and the second treatment channel the most also include data
Processing unit, data buffer storage unit, authentication unit, micro-control unit and expanding element, wherein;
Control centre's unit, described control centre unit is connect by the input of management information for processing
The management personnel that mouth receives configure operational order;
Editor's integrated unit, described editor's integrated unit is for by institute in described control centre unit
Operational order is had to transfer digital information to by logical edit and digital integration;
Flash cell, described flash cell is for cache key information and checking information;
Data processing unit, described data processing unit includes being grouped symmetric cryptography computing and hash
Crypto-operation, described block cipher computing is by SM4 algorithm to data encryption, and described hash is close
The data encrypted through HASH computing are hashed by code computing by SM3 algorithm;
Authentication unit, described authentication unit is used for providing the checking of digital signature and digital signature,
Described micro-control unit is connect respectively by management information input interface and user profile input interface
Receive user and management personnel operation information, and be sent in control by data processing unit
Heart unit;
Further, described KMC include device management module, algorithm processing module,
Key management module, Communications Processor Module, local monitoring module and Integrated Management Module,
Described device management module include remote status inquiry and monitoring unit, group policy processing unit and
Identity key management unit, described key management module includes noise code processing unit, local pass
Key data memory protection unit, session encryption key (SEK) administrative unit, group policy key
Encryption key (KEK) administrative unit and group policy transmission cryptographic work key (TEK) management are single
Unit, described Communications Processor Module includes safety management communications interface unit, GDOI protocol processes
Unit and cast communication processing unit, described management module includes KMC's administrative unit
With daily record maintenance unit;
Further, described monitoring module includes flow information collecting unit, traffic statistics
Analytic unit, flow information display unit and abnormal flow alarm unit;
Further, described device management module for the whole network encryption device management, state
Monitoring the management with identity key and the maintenance of group Password Policy, described algorithm processing module is led to
Cross SM2, SM3 and SM4 algorithm and encryption device is carried out key information calculating, described key pipe
Reason module join algorithm processing module, is calculated by SM2, SM3 and SM4 in algorithm processing module
Method is to the storage protection of local critical data and to the whole network session encryption key, group policy key
Encryption key and group policy transmission cryptographic work key carry out maintenance and management, described communication process
Module controls terminal, described equipment control in order to realize described key management module with key management
Module and key management control terminal and key management module and described device management module
Communication connection, described Communications Processor Module is externally unified provides GDOI protocol interface, key
Distribution uses GDOI actualizing, described local monitoring module to manage for collecting device
Module, algorithm processing module, key management module, Integrated Management Module and Communications Processor Module
Running status, check critical data integrity, abnormality trigger report to the police, described integrated
Manage module based on WEB mode to device management module, algorithm processing module, key management mould
Block, Communications Processor Module and local monitoring module are managed and safeguard, and to operation letter
Breath, status information and maintenance information record form daily record, and the inquiry of described remote status and monitoring are single
Unit is for collecting and monitor the running status of encryption device, and described group policy processing unit is for real
The maintenance of existing group policy information, increases including to the encryption device member of group policy and deletes
Operation, described identity key management unit includes noting key spoon and certification key, described note key
Spoon for key parameter first realizing encryption device be filled with into, described certification key is used for realizing
Local identity authentication function when encryption device starts, described noise code processing unit is in order to obtain
With the noise data in random detection physical noise source, described local critical data memory protection unit
Realizing local identity authentication function by the certification key of identity key management unit, acquisition is deposited
Storage protection key, carries out storage protection, described session encryption key (SEK) to local sensitive information
Administrative unit is by carrying out IKE exchange with encryption device, close to SEK between the whole network encryption device
Key carries out maintenance and management, described group policy key-encrypting key (KEK) administrative unit according to
The whole network KEK key is updated and manages by the group policy state of device management module, described group
Strategy transmission cryptographic work key (TEK) administrative unit is according to group policy state and key updating
In the cycle, to TEK key data maintenance and management, described safety management communications interface unit is used for
The communication protocol of key management module Yu device management module is resolved and processes, to group plan
Slightly information is collected and device management module carries out command analysis and information reporting, institute
State GDOI protocol processing unit and control between terminal and key management for realizing key management
Communication connection, and according to GDOI agreement to the foundation of IKE SA, KEK SA and TEK SA and
Safeguarding, described cast communication processing unit controls in order to realize device management module and key management
The communication connection of terminal, carries out multicast distribution to TEK key, and described KMC manages
Unit carries out parameter configuration based on WEB mode unit all kinds of to KMC and runs pipe
Reason, described daily record maintenance unit for collect all kinds of unit of KMC operation information,
Status information, maintenance information, and form log recording, for retrieval and inquiry;
Further, described key management control terminal includes credit card information input module and public affairs
Key distribution module, it is key management control station that described key management controls terminal;
Further, described security management center includes assets management module and Configuration Manager, institute
State assets management module and include assets information collecting unit, assets information administrative unit, person liable
Information management unit and assets Topology Management unit, described Configuration Manager includes organizing message tube
Reason unit, group membership's information management unit, Group policy management unit and encryption device condition monitoring
Unit, wherein;
Assets information collecting unit, described assets information collecting unit completes for matching management person
The collection typing of asset data, and the foundation of asset model, the collection record of described asset data
Enter to include automatically to gather and manual entry;
Assets information administrative unit, described assets information administrative unit is used for assisting manager to complete
Assets information shows, realize asset search according to different attribute, assets information amendment and assets are deleted
Remove;
Owner information administrative unit, described owner information administrative unit is for the responsibility of assets
The foundation of people's information, safeguarding, manage work, described responsibility artificially needs the pipe being responsible for assets
Reason personnel;
Assets Topology Management unit, described assets Topology Management unit sets up assets net for collection
Network topological diagram and periodic maintenance assets network topological diagram information, and assets topological diagram is carried out in real time
Show and assets topology interactive maintenance;
Group information management unit, described group of information management unit is used for assisting manager's acquisition group to add
The parameter of the key management apparatus of assets in close network;
Group membership's information management unit, described group membership's information management unit is used for assisting manager
With the angle of group membership, the information of the encryption device of assets is obtained;
Group policy management unit, described Group policy management unit is in key management system
Group policy instruction is assigned by KMC, by group while KMC's execution group policy
Policy instructions is handed down to the group membership specified, so that cryptographic system is according to network manager's
Having instructed cryptographic system organizational structure or the task of cryptographic parameter renewal, described group membership is i.e.
Encryption device;
Encryption device condition monitoring unit, described encryption device condition monitoring unit is used for monitoring close
Key administrative center and the running status of group membership;
Further, described information feedback management center includes monitoring module, statistical analysis
Module and system management module, described monitoring module includes flow information collecting unit, stream
Amount statistical analysis unit, flow information display unit and abnormal flow alarm unit, described statistics
Analysis management module includes performance alarm management unit, fault alarm administrative unit, comprehensively associates
Analytic unit and security risk alarm unit, wherein;
Monitoring module, described monitoring module helps network manager by flow analysis
Controlling the various communication flows in backbone network and scale thereof in real time, note abnormalities stream in time
Measure and position;
Statistical analysis module, described statistical analysis module connects described monitoring module, and root
The data message returned according to monitoring module, carries out safety statistics analysis;
System management module, described system management module is for manager and administrator role
Information is monitored, and the operation to login system carries out daily record retention;
Further, described flow information collecting unit is by the flow standard of main flows various with industry
Docking, obtains related streams information data from the network equipment, and carries out certain formatting process,
Use for further statistical analysis;Described traffic statistics analysis unit utilizes DFI statistical analysis
Method, carries out the categorical data collected analysing in depth detection;The display of described flow information is single
The result of traffic statistics analysis unit is presented to network management according to rational display mode by unit
Member, assisted network manager carries out daily traffic monitoring work, including showing various cycle, each
The chart of type;Suspicious by during traffic statistics analysis of described abnormal flow alarm unit
Abnormal flow, reports and submits network manager, in order to network manager understands in time and takes process to arrange
Executing, described performance alarm management unit is used for gathering in network device unit and performance of network equipments
Relevant anomalous event, and be supplied to security risk alarm unit and report to the police, described fault report
Alert administrative unit is for gathering the network equipment failure event in network device unit, and is supplied to
Security risk alarm unit is reported to the police, described integrated relational analysis unit utilize SYSLOG,
SNMP mode obtains suspicious risk case, utilizes aggregation engine merger to process suspicious risk case,
Utilize association analysis engine comprehensively to analyze suspicious risk case, and analysis result is notified to the most at last
Security risk alarm unit, described security risk alarm unit is mainly for performance alarming and managing list
The prompting of security risk that unit, fault alarm administrative unit, integrated relational analysis unit are generated and
Analysis report and alarm also notify network of relation manager and person liable, in order to investigate wind in time
Danger;
Beneficial effects of the present invention is as follows:
1) by the encryption module framework of a kind of innovation, high-speed encryption module achieves high-performance and adds
Close module can support the encryption and decryption of 40Gbps business datum, and function divides clear, Business Processing
Superior performance also can provide the user the customization function of extension;
2) by Key Management server and the group encryption deployment model of group membership (GM), whole net
Negotiation mechanism (Group SA), uses the Group internodal flow of SA encryption and decryption, for appointing
Meaning node IP provides can secure communication;
3) assets and encryption device thereof can be safeguarded and monitoring is checked at any time, support
NETSTREAM, SPAN, SNMP various ways is from router, switch Real-time Collection backbone network
Network link flow, real-time exhibition and monitoring full-mesh network traffic conditions, going wrong can first
Time adopts remedial measures.
Accompanying drawing explanation
Fig. 1 is encryption module hardware structure diagram of the present invention;
Fig. 2 is encryption module entirety firmware flow diagram of the present invention;
Fig. 3 is encryption module manager's authentication flow chart of the present invention;
Fig. 4 is encryption module operator's authentication flow chart of the present invention;
Fig. 5 is that encryption module KP1 of the present invention generates and Stored Procedure figure with equipment identities key;
Fig. 6 is the total software flow pattern of encryption module ARM firmware of the present invention;
Fig. 7 is KMC of the present invention and key management control terminal hardware composition
Structure chart;
Fig. 8 is the opening up of large-scale internetwork in global range described in background of invention
Flutter schematic diagram.
Detailed description of the invention
In order to make the purpose of the present invention, technical scheme and advantage clearer, below in conjunction with
Drawings and Examples, are explained in further detail the present invention.Should be appreciated that this place is retouched
The specific embodiment stated is used only for explaining the present invention, is not intended to limit the present invention.On the contrary,
The present invention contain any be defined by the claims do in the spirit and scope of the present invention replace
Generation, amendment, equivalent method and scheme.Further, in order to make the public that the present invention to be had more preferably
Understanding, in below the details of the present invention being described, detailed describe some specific details
Part.The description not having these detail sections for a person skilled in the art can also be managed completely
Solve the present invention.
The invention will be further described with specific embodiment below in conjunction with the accompanying drawings, but not as right
The restriction of the present invention.Below for the most preferred embodiment of enumerating of the present invention:
As it can be seen, the present invention provides a kind of anti-based on safety management and information under GDOI agreement
Feedback system management system, described system includes assets management module, Configuration Manager, state
Monitoring module, statistical analysis module and system management module.
Described encryption module includes the first treatment channel, the second treatment channel and shared module, institute
State the first treatment channel and the second treatment channel independently processes encryption business, described shared mould
Block is simultaneously connected with the first treatment channel and the second treatment channel, and described shared module is for first
Treatment channel and the input of the second treatment channel information and control process.
Described first treatment channel and the second treatment channel are equipped with independent user profile input
Interface, management information input interface and authentication interface, data processing unit, data buffer storage
Unit, authentication unit, micro-control unit and expanding element.
Described shared module includes control centre's unit, editor's integrated unit, flash cell and joins
Putting interface, described control centre unit, editor's integrated unit, flash cell and configuration interface depend on
Secondary connection, described control centre unit, editor integrated unit, flash cell are all with described first
Treatment channel, the second treatment channel connect.
Described control centre unit is for processing the pipe received by management information input interface
Reason personnel depaly operational order, described editor's integrated unit is for by described control centre unit
All operations order transfers digital information to by logical edit and digital integration, and is collected by editor
Becoming unit to be sent to data processing unit, described data processing unit can process 20Gbps's
Business datum, described flash cell for caching by control centre's unit receive from testing
The key information of card unit and authentication interface and checking information.
Described control centre unit connects user profile input interface, institute by data processing unit
State user profile input interface and the key information of user is sent to control centre's Single Component Management letter
Breath input interface, described authentication interface connects control centre's unit, by management personnel and use
The authentication information at family is sent to control centre's unit and verifies, described management information inputs
Interface, micro-control unit, data processing unit and control centre's unit are sequentially connected with, described pipe
Operational order and the checking information of management personnel are sent to control centre by reason information input interface
Unit, if after being proved to be successful, described micro-control unit can directly input manager works life
Order, described data buffer storage unit connects control centre's unit, stores part key information and checking
Information, described expanding element is used for connecting external equipment, and described data processing unit includes packet
Symmetric cryptography computing and hashed password computing, SM4 algorithm logarithm is passed through in described block cipher computing
According to encryption, the SM3 algorithm number to encrypting is passed through in described hashed password computing through HASH computing
According to hashing.Described authentication unit is for providing the checking of digital signature and digital signature.Institute
Stating control centre's unit is microcontroller ARM, and described editor's integrated unit is CPLD, described sudden strain of a muscle
Memory cell is FLASH 128Mb memorizer, and described data processing unit is DPU, described data
Buffer unit is 1MBSRAM data buffer storage, described authentication unit be safety chip SSX1408,
Described micro-control unit is ethernet PHY, and described expanding element is used for connecting User Defined and adds
Close equipment.
Described KMC is the server apparatus of 2U height, and described server apparatus includes
X86-based mainboard, special PCI-E cipher card, storage assembly, network interface card, ID card driver,
ID card read write line and power supply, described KMC is arranged on X86-based mainboard, and
This mainboard is configured with Usb-KEY, the machine authentication when system boot, data
The encipherment protection of storage and the identity key management of the whole network encryption device, described key management
Middle center connects key management and controls terminal, and described key management controls terminal for used by the whole network
The identity public key distribution of the KMC under the registration of cipher machine ID card and off-line state.
Described KMC includes device management module, algorithm processing module, key management
Module, Communications Processor Module, local monitoring module and management module.
Described device management module be used for the whole network encryption device management, condition monitoring,
The maintenance work of group Password Policy, it is achieved the management of the whole network identity key, described equipment control mould
Block includes remote status inquiry and monitoring unit, group policy processing unit, identity key management list
Unit.
The inquiry of described remote status and monitoring unit are for collecting and monitor the operation of encryption device
State, reports to device management module in time if any abnormal, and described device management module is to exception
The encryption device of state carries out maintenance and management.Described group policy processing unit is used for realizing organizing plan
The slightly maintenance of information, supports to increase the encryption device member of group policy and deletion action,
Most group policy entries that the whole network is supported are less than 10000, the member that each group policy is supported
Less than 1000.Described identity key management unit includes noting key spoon and certification key,
Described note key spoon is filled with into, described certification key for key parameter first realizing encryption device
Spoon is for realizing local identity authentication function when encryption device starts.
Described algorithm processing module passes through SM2, SM3 and SM4 algorithm process, at described algorithm
Reason module carries out key information calculating by SM2, SM3 and SM4 algorithm to encryption device, supports
The authentication registration of the most most 200 encryption devices.
Described key management module includes noise code processing unit, local critical data storage protection
Unit, session encryption key (SEK) administrative unit, group policy key-encrypting key (KEK)
Administrative unit and group policy transmission cryptographic work key (TEK) administrative unit, described noise code
Processing unit in order to obtain the noise data in physical noise source, to obtain noise data carry out with
Machine detects, it is ensured that the randomness of key the most processed.Described local critical data memory protection unit
Realizing local identity authentication function by the certification key of identity key management unit, acquisition is deposited
Storage protection key, it is achieved the storage protection of local sensitive information.Described session encryption key (SEK)
Administrative unit is by carrying out IKE exchange with encryption device, it is achieved and between the whole network encryption device
The maintenance and management of SEK key, completes the protection of the transmission to KEK data.Described group policy is close
Key encryption key (KEK) administrative unit is according to group policy state-maintenance the whole network KEK key more
New and management, it is achieved the transmission to TEK data is protected.Described group policy transmission encrypted work is close
Key (TEK) administrative unit is according to group policy state and key updating periodic maintenance TEK cipher key number
According to management, it is achieved the transmission of group policy data is protected.
Described algorithm processing module connects key management module, is calculated by SM2, SM3 and SM4
Method, it is achieved the storage protection of local critical data, the whole network session encryption key, group policy key
Encryption key and the maintenance and management of group policy transmission cryptographic work key.
Described Communications Processor Module includes safety management communications interface unit, GDOI protocol processes
Unit and cast communication processing unit, described Communications Processor Module is in order to realize described key management
Module controls the communication connection of terminal, described device management module and key management with key management
Control the communication of the communication connection of terminal and key management module and described device management module
Connecting, described Communications Processor Module is externally unified provides GDOI protocol interface, the distribution of key
Use GDOI actualizing.Described safety management communications interface unit is used for realizing key management
The communication protocol of module and device management module resolve with process, the collection of group policy information, set
Standby management module command resolves and information reporting.Described GDOI protocol processing unit is for real
Existing key management controls the communication connection between terminal and key management, and according to GDOI agreement
Complete IKE SA, KEK SA and the foundation of TEK SA and maintenance.Described cast communication processes
Unit is in order to realize device management module and the communication connection of key management control terminal, to TEK
Key carries out multicast distribution.
Described local monitoring module, for collecting the running status of each unit, checks and closes bond number
According to integrity, abnormality trigger report to the police.
Described management module includes KMC's administrative unit and daily record maintenance unit, described
KMC's administrative unit management based on WEB mode maintenance function, in key management
The heart carries out parameter configuration, operational management, and described daily record maintenance unit is used for collecting in key management
Each generic operation information of running in the heart, status information, maintenance information, and form log recording,
It is easy to retrieval and inquiry.
Described key management controls terminal and includes credit card information input module and PKI distribution mould
Block, it is key management control station that described key management controls terminal.
Described security management center includes assets management module and Configuration Manager, system administration
Module, described assets management module mainly realizes the description to information assets and definition, and combines
The basic condition of tissue carries out classification and the registration of assets, asset management be system core it
One, it is the basis carrying out other all safe operation managements work, described assets management module bag
Include assets information collecting unit, assets information administrative unit, owner information administrative unit, money
Producing Topology Management unit, described assets information collecting unit completes assets number for matching management person
According to collection typing, and the foundation of asset model, including automatic acquisition mode and personnel's typing
Mode, described assets information administrative unit be used for assisting manager complete assets information show, root
Asset search, assets information amendment, assets deletion management work is realized according to different attribute, described
Owner information administrative unit in order to assets owner information is set up, maintenance and management work
Making, person liable refers mainly to the management personnel needing to be responsible for assets, described assets Topology Management list
Unit has been used for the collection foundation of assets network topological diagram information, periodic maintenance, assets topological diagram
Real-time exhibition, assets topology interactive maintenance work, described Configuration Manager is for assets
Functional configuration and function information be set, described Configuration Manager assisted network manager
Complete the key information keywords monitoring of coded communication network, the management of refined net key equipment,
The maintenance of crucial cryptographic parameter (AES and parameter), the formulation of group Password Policy, issue,
Cancelling management work, described Configuration Manager includes organizing information management unit, group membership's information
Administrative unit, Group policy management unit and encryption device condition monitoring unit, described group of message tube
Reason unit is used for assisting manager to obtain all in group encryption network or Partial encryption group parameter
Details.Described group membership's information management unit mainly assists manager with the angle of group membership
Acquisition and the understanding of corresponding key message are spent.Described Group policy management unit assisted network pipe
Reason person utilizes the interface that bursting tube center provides, and assigns group plan to group key server (KMC)
Slightly instructing, group policy instruction is handed down to the group membership specified while performing group policy by KMC,
So that cryptographic system according to the instruction of network manager complete cryptographic system organizational structure or
Person's cryptographic parameter more new task.Described encryption device condition monitoring unit is used for monitoring key management
Center KMC and the running status of group membership, above-mentioned KMC KMC is key management
Equipment, above-mentioned group membership is encryption device, and described encryption device is high-speed encryption module, described
Encryption module can be directly embedded in existing core switch, router network equipment, holds
Carrying on a shoulder pole all safety services relevant to password and function, described encryption module divides left and right two independences
Passage, each passage can process the business datum of 20Gbps.Each passage provides independent
Business interface, management interface and authentication interface;Two passages share a configuration interface simultaneously.
The entirely autonomous research and development of encryption module.40G encryption module internal hardware is divided into three parts: passage
0 data processing section, passage 1 data processing section, two passage common functions parts.Passage
0/1 data processing section is by data processing unit, ethernet PHY, data buffer storage SRAM, peace
Full chip and expansion module composition;Common sparing is by CPLD, microcontroller ARM and FLASH
Memorizer forms.Described key management apparatus is KMC, and this center is by 4 cores
Module forms, be respectively as follows: equipment control management module, algorithm process and key management module,
Communications Processor Module and local condition monitoring and management module.By the Linux system of security customization
System kernel, specific drivers, cryptographic service and management module, it is achieved the identity to cipher machine
Checking and network and control management, and the management of all kinds of key of the whole network and dynamically distribute merit online
Energy.
Information feedback management center includes described monitoring module, statistical analysis module and system
Management module, described monitoring module, by the most efficient flow analysis function, helps net
Network manager controls the various communication flows in backbone network and scale thereof in real time, sends out in time
Existing abnormal flow also positions, described monitoring module include flow information collecting unit,
Traffic statistics analysis unit, flow information display unit and abnormal flow alarm unit, described stream
Amount information acquisition unit is docked by the flow standard of main flows various with industry, it is achieved from the network equipment
Middle acquisition related streams information data, and carry out certain formatting process, for statistics further
Analyze and use.Described traffic statistics analysis unit utilizes DFI statistical analysis technique, to collecting
Categorical data carry out analyse in depth detection.Traffic statistics are divided by described flow information display unit
The result of analysis unit presents to network manager according to rational display mode, and assisted network manages
Member carries out daily traffic monitoring work.Including various cycles, various types of chart.Described different
Normal flow alarm unit, by the suspicious abnormal flow during traffic statistics analysis, utilizes reasonably
Mode, reports and submits network manager, in order to network manager understands in time and takes treatment measures.
Described statistical analysis module connects described monitoring module, and according to monitoring module
The data message returned, carries out safety statistics analysis, and described statistical analysis module gathers network and sets
Security incident relevant with operation risk in Bei, comprehensive analysis in network there may be safe operation
Risk, and report to the police, assisted network manager completes location and the investigation of equipment operation risk,
Guarantee whole network even running.Described statistical analysis module include performance alarm management unit,
Fault alarm administrative unit, integrated relational analysis unit and security risk alarm unit.Described property
Can alarm management unit relevant with performance of network equipments different for gathering in network device unit
Ordinary affair part, and be supplied to security risk alarm unit and report to the police.The management of described fault alarm is single
Unit is for gathering the network equipment failure event in network device unit, and is supplied to security risk
Alarm unit is reported to the police.Described integrated relational analysis unit utilizes SYSLOG, SNMP mode
Obtain suspicious risk case, utilize aggregation engine merger to process suspicious risk case, utilize association
Analysis engine comprehensively analyzes suspicious risk case, and analysis result is notified to security risk the most at last
Alarm unit.Described security risk alarm unit is mainly for performance alarm management unit, fault
The security risk that alarm management unit, integrated relational analysis unit are generated is pointed out and analysis report
And alarm notify network of relation manager and person liable, in order to investigate risk in time, described
System management module is used for being monitored the information of manager and administrator role, and to login
The operation of system carries out daily record retention.
Embodiment described above, the simply one of the present invention more preferably detailed description of the invention,
The usual variations and alternatives that those skilled in the art is carried out in the range of technical solution of the present invention
All should comprise within the scope of the present invention.
Claims (10)
1., based on safety management and an information feedback system under GDOI agreement, its feature exists
In, described system includes being encrypted asset equipment information by encryption device, to institute
State encryption device and be controlled management and the asset equipment to encrypted equipment encryption
By safety management and feedback regulation.
System the most according to claim 1, it is characterised in that described system includes height
Speed encryption module, KMC, key management control terminal, security management center and letter
Breath feedback management center, wherein:
High-speed encryption module, described high-speed encryption module is for setting asset equipment information, encryption
Standby offer dual pathways encryption method;
KMC, described KMC is for carrying out this identity to encryption device
Certification, the encipherment protection of data storage and the identity key management of the whole network encryption device;
Key management controls terminal;Described key management control terminal for key information input and
The distribution of the identity public key of the KMC under off-line state;
Security management center, asset equipment is described, defines by described security management center,
Classification and registration, and encryption device that asset equipment is associated and the function of KMC
Configuration and function information are set;
Information feedback management center, described information feedback management center is used for asset equipment and adds
The real-time status of close equipment is monitored, and carries out safety management and feedback tune according to monitoring situation
Joint.
System the most according to claim 2, it is characterised in that described encryption module bag
Include the first treatment channel, the second treatment channel and shared module, described first treatment channel of institute and
Second treatment channel be equipped with independent user profile input interface, management information input interface and
Authentication interface, described shared module receives user's input by user profile input interface
Key information and checking information, described shared module receives management by management information input interface
The operation information of personnel, described shared module is tested by authentication interface management personnel's
Card information.
System the most according to claim 3, it is characterised in that described shared module bag
Include control centre's unit, editor's integrated unit, flash cell and configuration interface, at described first
Reason passage and the second treatment channel the most also include data processing unit, data buffer storage unit, checking
Unit, micro-control unit and expanding element, wherein;
Control centre's unit, described control centre unit is connect by the input of management information for processing
The management personnel that mouth receives configure operational order;
Editor's integrated unit, described editor's integrated unit is for by institute in described control centre unit
Operational order is had to transfer digital information to by logical edit and digital integration;
Flash cell, described flash cell is for cache key information and checking information;
Data processing unit, described data processing unit includes being grouped symmetric cryptography computing and hash
Crypto-operation, described block cipher computing is by SM4 algorithm to data encryption, and described hash is close
The data encrypted through HASH computing are hashed by code computing by SM3 algorithm;
Authentication unit, described authentication unit is used for providing the checking of digital signature and digital signature,
Described micro-control unit is connect respectively by management information input interface and user profile input interface
Receive user and management personnel operation information, and be sent in control by data processing unit
Heart unit.
System the most according to claim 4, it is characterised in that in described key management
Pericardium include device management module, algorithm processing module, key management module, Communications Processor Module,
Local monitoring module and Integrated Management Module, described device management module includes remote status
Inquiry and monitoring unit, group policy processing unit and identity key management unit, described key pipe
Reason module includes noise code processing unit, local critical data memory protection unit, session encryption
Key (SEK) administrative unit, group policy key-encrypting key (KEK) administrative unit and group plan
Brief biography defeated cryptographic work key (TEK) administrative unit, described Communications Processor Module includes safety
Management communications interface unit, GDOI protocol processing unit and cast communication processing unit, described
Management module includes KMC's administrative unit and daily record maintenance unit.
System the most according to claim 5, it is characterised in that described equipment control mould
Block for the whole network encryption device management, condition monitoring and the management of identity key and organize close
The maintenance of code strategy, described algorithm processing module passes through SM2, SM3 and SM4 algorithm to encryption
Equipment carries out key information calculating, described key management module join algorithm processing module, passes through
In algorithm processing module SM2, SM3 and SM4 algorithm to the storage protection of local critical data with
And the whole network session encryption key, group policy key-encrypting key and group policy are transmitted encrypted work
Key carries out maintenance and management, and described Communications Processor Module is in order to realize described key management module
Terminal, described device management module and key management control terminal and close is controlled with key management
Key management module and the communication connection of described device management module, described Communications Processor Module is external
Unified offer GDOI protocol interface, the distribution of key uses GDOI actualizing, described this locality
Monitoring module for collecting device management module, algorithm processing module, key management module,
Integrated Management Module and the running status of Communications Processor Module, check the integrity of critical data,
Abnormality trigger report to the police, described Integrated Management Module based on WEB mode to equipment control mould
Block, algorithm processing module, key management module, Communications Processor Module and local condition monitoring mould
Block is managed and safeguards, and operation information, status information and maintenance information record are formed day
Will, the inquiry of described remote status and monitoring unit are for collecting and monitor the operation shape of encryption device
State, described group policy processing unit is for realizing the maintenance of group policy information, including to group policy
Encryption device member carry out increasing and deletion action, described identity key management unit include note
Key spoon and certification key, described note key spoon is for realizing at the beginning of the key parameter of encryption device
It is filled with into, described certification key for realizing local authentication merit when encryption device starts
Can, described noise code processing unit is in order to obtain and the noise number in random detection physical noise source
According to, the described local critical data memory protection unit certification key by identity key management unit
Spoon realizes local identity authentication function, obtains storage protection key, enters local sensitive information
Row storage protection, described session encryption key (SEK) administrative unit is by entering with encryption device
Row IKE exchanges, and SEK key between the whole network encryption device carries out maintenance and management, described group
Strategy key-encrypting key (KEK) administrative unit is according to the group policy state of device management module
The whole network KEK key is updated and manages, described group policy transmission cryptographic work key
(TEK) administrative unit is according to group policy state and key updating cycle, to TEK key data
Maintenance and management, described safety management communications interface unit is for key management module and equipment
The communication protocol of management module carry out resolving and process, group policy information is collected and
Device management module is carried out command analysis and information reporting, described GDOI protocol processing unit
The communication connection between terminal and key management is controlled for realizing key management, and according to GDOI
IKE SA, KEK SA and the foundation of TEK SA and maintenance, described cast communication are processed by agreement
Unit is in order to realize device management module and the communication connection of key management control terminal, to TEK
Key carries out multicast distribution, described KMC administrative unit based on WEB mode to key
All kinds of unit of administrative center carries out parameter configuration and operational management, and described daily record maintenance unit is used for
Collect the operation information of all kinds of unit of KMC, status information, maintenance information, and shape
Become log recording, for retrieval and inquiry.
Management system the most according to claim 6, it is characterised in that described key pipe
Reason controls terminal and includes credit card information input module and PKI distribution module, described key management
Controlling terminal is key management control station.
System the most according to claim 7, it is characterised in that in described safety management
Pericardium includes assets management module and Configuration Manager, and described assets management module includes that assets are believed
Breath collecting unit, assets information administrative unit, owner information administrative unit and assets topology pipe
Reason unit, described Configuration Manager includes organizing information management unit, group membership's information management list
Unit, Group policy management unit and encryption device condition monitoring unit, wherein;
Assets information collecting unit, described assets information collecting unit completes for matching management person
The collection typing of asset data, and the foundation of asset model, the collection record of described asset data
Enter to include automatically to gather and manual entry;
Assets information administrative unit, described assets information administrative unit is used for assisting manager to complete
Assets information shows, realize asset search according to different attribute, assets information amendment and assets are deleted
Remove;
Owner information administrative unit, described owner information administrative unit is for the responsibility of assets
The foundation of people's information, safeguarding, manage work, described responsibility artificially needs the pipe being responsible for assets
Reason personnel;
Assets Topology Management unit, described assets Topology Management unit sets up assets net for collection
Network topological diagram and periodic maintenance assets network topological diagram information, and assets topological diagram is carried out in real time
Show and assets topology interactive maintenance;
Group information management unit, described group of information management unit is used for assisting manager's acquisition group to add
The parameter of the key management apparatus of assets in close network;
Group membership's information management unit, described group membership's information management unit is used for assisting manager
With the angle of group membership, the information of the encryption device of assets is obtained;
Group policy management unit, described Group policy management unit is in key management system
Group policy instruction is assigned by KMC, by group while KMC's execution group policy
Policy instructions is handed down to the group membership specified, so that cryptographic system is according to network manager's
Having instructed cryptographic system organizational structure or the task of cryptographic parameter renewal, described group membership is i.e.
Encryption device;
Encryption device condition monitoring unit, described encryption device condition monitoring unit is used for monitoring close
Key administrative center and the running status of group membership.
9. want the system described in 8 according to right, it is characterised in that described information feedback management
Center includes monitoring module, statistical analysis module and system management module, and described state is supervised
Control module includes that the display of flow information collecting unit, traffic statistics analysis unit, flow information is single
Unit and abnormal flow alarm unit, described statistical analysis management module includes performance alarming and managing list
Unit, fault alarm administrative unit, integrated relational analysis unit and security risk alarm unit, its
In;
Monitoring module, described monitoring module helps network manager by flow analysis
Controlling the various communication flows in backbone network and scale thereof in real time, note abnormalities stream in time
Measure and position;
Statistical analysis module, described statistical analysis module connects described monitoring module, and root
The data message returned according to monitoring module, carries out safety statistics analysis;
System management module, described system management module is for manager and administrator role
Information is monitored, and the operation to login system carries out daily record retention.
System the most according to claim 9, it is characterised in that described flow information is adopted
Collection unit is docked by the flow standard of main flows various with industry, obtains related streams from the network equipment
Information data, and carry out certain formatting process, use for further statistical analysis;Institute
State traffic statistics analysis unit and utilize DFI statistical analysis technique, the categorical data collected is entered
Row analyses in depth detection;Described flow information display unit is by the result of traffic statistics analysis unit
Presenting to network manager according to rational display mode, assisted network manager carries out a day permanent current
Amount monitoring work, including showing various cycle, various types of chart;Described abnormal flow report
Alert unit, by the suspicious abnormal flow during traffic statistics analysis, reports and submits network manager, with
Just network manager understands and takes treatment measures, described performance alarm management unit to be used in time
Gather anomalous event relevant with performance of network equipments in network device unit, and be supplied to safety
Risk alarm unit is reported to the police, and described fault alarm administrative unit is used for gathering network equipment list
Network equipment failure event in unit, and be supplied to security risk alarm unit and report to the police, institute
Stating integrated relational analysis unit utilizes SYSLOG, SNMP mode to obtain suspicious risk case, profit
Process suspicious risk case with aggregation engine merger, utilize association analysis engine comprehensively to analyze suspicious
Risk case, and analysis result is notified to security risk alarm unit, described safety wind the most at last
Danger alarm unit is mainly for performance alarm management unit, fault alarm administrative unit, comprehensively close
Security risk prompting that connection analytic unit is generated and analysis report and alarm notice are relevant
Network manager and person liable, in order to investigate risk in time.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610405991.0A CN105939353B (en) | 2016-06-10 | 2016-06-10 | Safety management and information feedback system based on GDOI protocol |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610405991.0A CN105939353B (en) | 2016-06-10 | 2016-06-10 | Safety management and information feedback system based on GDOI protocol |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105939353A true CN105939353A (en) | 2016-09-14 |
CN105939353B CN105939353B (en) | 2022-03-25 |
Family
ID=57152663
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610405991.0A Active CN105939353B (en) | 2016-06-10 | 2016-06-10 | Safety management and information feedback system based on GDOI protocol |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105939353B (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111818517A (en) * | 2020-06-16 | 2020-10-23 | 郑州信大捷安信息技术股份有限公司 | Multi-channel secure communication module, communication system and method |
CN113958377A (en) * | 2020-07-03 | 2022-01-21 | 中国东方电气集团有限公司 | Real-time online monitoring system and method for network security of steam turbine |
CN114244900A (en) * | 2021-12-14 | 2022-03-25 | 乾讯信息技术(无锡)有限公司 | Remote security management method of VPN cipher machine based on unstable channel connection |
CN114640880A (en) * | 2020-11-30 | 2022-06-17 | 腾讯科技(深圳)有限公司 | Account login control method, device and medium |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101150404A (en) * | 2006-09-21 | 2008-03-26 | 国际商业机器公司 | System and method for managing and generating device cipher key used for cipher communication |
CN101212489A (en) * | 2006-12-27 | 2008-07-02 | 财团法人工业技术研究院 | Asset management monitoring method and switching device for asset management monitoring |
CN101420686A (en) * | 2008-11-28 | 2009-04-29 | 重庆邮电大学 | Industrial wireless network security communication implementation method based on cipher key |
CN103310278A (en) * | 2013-06-17 | 2013-09-18 | 广东华大集成技术有限责任公司 | Ticket application system based on cryptographic algorithm, ticket purchasing method and ticket management method |
CN104038481A (en) * | 2014-05-22 | 2014-09-10 | 国家电网公司 | Communication method of power asset management master station system and RFID (radio frequency identification device) terminal |
-
2016
- 2016-06-10 CN CN201610405991.0A patent/CN105939353B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101150404A (en) * | 2006-09-21 | 2008-03-26 | 国际商业机器公司 | System and method for managing and generating device cipher key used for cipher communication |
CN101212489A (en) * | 2006-12-27 | 2008-07-02 | 财团法人工业技术研究院 | Asset management monitoring method and switching device for asset management monitoring |
CN101420686A (en) * | 2008-11-28 | 2009-04-29 | 重庆邮电大学 | Industrial wireless network security communication implementation method based on cipher key |
CN103310278A (en) * | 2013-06-17 | 2013-09-18 | 广东华大集成技术有限责任公司 | Ticket application system based on cryptographic algorithm, ticket purchasing method and ticket management method |
CN104038481A (en) * | 2014-05-22 | 2014-09-10 | 国家电网公司 | Communication method of power asset management master station system and RFID (radio frequency identification device) terminal |
Non-Patent Citations (1)
Title |
---|
邱斌; 孟德欣; 汪志达: "基于Android手机平台的资产管理数据终端实现方案", 《软件导刊》 * |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111818517A (en) * | 2020-06-16 | 2020-10-23 | 郑州信大捷安信息技术股份有限公司 | Multi-channel secure communication module, communication system and method |
CN111818517B (en) * | 2020-06-16 | 2022-02-11 | 郑州信大捷安信息技术股份有限公司 | Multi-channel secure communication module, communication system and method |
CN113958377A (en) * | 2020-07-03 | 2022-01-21 | 中国东方电气集团有限公司 | Real-time online monitoring system and method for network security of steam turbine |
CN113958377B (en) * | 2020-07-03 | 2023-04-07 | 东方电气股份有限公司 | Real-time online monitoring system and method for network security of steam turbine |
CN114640880A (en) * | 2020-11-30 | 2022-06-17 | 腾讯科技(深圳)有限公司 | Account login control method, device and medium |
CN114640880B (en) * | 2020-11-30 | 2023-06-30 | 腾讯科技(深圳)有限公司 | Account login control method, device and medium |
CN114244900A (en) * | 2021-12-14 | 2022-03-25 | 乾讯信息技术(无锡)有限公司 | Remote security management method of VPN cipher machine based on unstable channel connection |
CN114244900B (en) * | 2021-12-14 | 2023-10-20 | 乾讯信息技术(无锡)有限公司 | VPN cipher machine remote safety management method based on unstable channel connection |
Also Published As
Publication number | Publication date |
---|---|
CN105939353B (en) | 2022-03-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Xia et al. | MeDShare: Trust-less medical data sharing among cloud service providers via blockchain | |
Hossain et al. | FIF-IoT: A forensic investigation framework for IoT using a public digital ledger | |
CN111752795A (en) | Full-process monitoring alarm platform and method thereof | |
CN110445827A (en) | The method for managing security and security system of Sensor Network based on distributed account book technology | |
CN109729180A (en) | Entirety is intelligence community platform | |
CN108830709A (en) | A kind of crowdsourcing transaction system based on block chain | |
CN106341397A (en) | Industrial safety isolation GAP | |
CN105939353A (en) | Security management and information feedback system based on GDOI protocol | |
CN102111349A (en) | Security certificate gateway | |
CN103560911A (en) | Method and system for financial self-service equipment initiative preventive maintenance | |
CN106656792B (en) | A kind of BGP routing trust authentication method based on SDN framework | |
CN111800267A (en) | Password service support system with unified management | |
CN109951340A (en) | It is a kind of to carry out the system and method that service call deposits card with block chain | |
CN105245336B (en) | A kind of file encryption management system | |
CN116192704B (en) | Monitoring system and method for network cipher machine | |
CN112311555A (en) | Enterprise information monitoring and checking system and method | |
CN206364832U (en) | One kind is based on safety management and information feedback system under GDOI agreements | |
CN105939354A (en) | Large-scale network key management system based on GDOI protocol | |
CN206364833U (en) | One kind is based on large scale network key management system under GDOI agreements | |
CN108600173A (en) | A kind of distributed travelling wave ranging System and method for having cryptographic security | |
CN106230856A (en) | A kind of System of Industrial Device Controls based on Internet of Things | |
CN208424434U (en) | A kind of net interval is from exchange system | |
Li et al. | Network Blockchain Security Sharing Model Based on Fuzzy Logic | |
CN106130752B (en) | Large-scale network management system based on GDOI protocol | |
CN102567849B (en) | A kind of comprehensive information-security audit method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CP02 | Change in the address of a patent holder |
Address after: 100000 901, Floor 9, Building 7, Yard 8, Auto Museum East Road, Fengtai District, Beijing Patentee after: BEIJING SHUDUN INFORMATION TECHNOLOGY CO.,LTD. Address before: Room 101-502, 5 / F, building 10, courtyard 3, fengxiu Middle Road, Haidian District, Beijing 100083 Patentee before: BEIJING SHUDUN INFORMATION TECHNOLOGY CO.,LTD. |
|
CP02 | Change in the address of a patent holder |