CN109936576A - A kind of vulnerability mining device - Google Patents
A kind of vulnerability mining device Download PDFInfo
- Publication number
- CN109936576A CN109936576A CN201910186015.4A CN201910186015A CN109936576A CN 109936576 A CN109936576 A CN 109936576A CN 201910186015 A CN201910186015 A CN 201910186015A CN 109936576 A CN109936576 A CN 109936576A
- Authority
- CN
- China
- Prior art keywords
- equipment
- module
- resistance
- vulnerability mining
- mining device
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Computer And Data Communications (AREA)
Abstract
A kind of vulnerability mining device is provided in the embodiment of the present invention, belong to technical field of network security, the system includes controller and memory, and the memory is stored with multiple safety management modules, and the controller is based on the multiple safety management module and is managed to the vulnerability mining device;Secure communication module, the secure communication module include encrypting module and communication interface;The controller is based on the safety certification request, is scanned to the security context of vulnerability mining device, determines the current first state of vulnerability mining device;Storage unit is encrypted, the encryption storage unit stores safe condition instruction relevant to the first state in a manner of data encryption.By the processing scheme of the application, the safety of vulnerability mining device is improved.
Description
Technical field
The present invention relates to technical field of network security more particularly to a kind of vulnerability mining devices.
Background technique
In today that Internet is popular and web technology rapidly develops, network security institute facing challenges are increasingly serious.
Along with the growth of attack and the destruction of the promotion and base web of online information and the availability of service, security risk reaches
Unprecedented height.Since numerous trouble free services concentrate on network itself above, weblication almost passes into silence.
Perhaps this is because application program used to be the stand-alone program run on one computer, if this computer security
If, then application program is exactly safe.Nowadays, situation is made a world of difference, and weblication is on a variety of different machines
Operation: client, web server, database server and application server.Moreover, can generally be allowed because of them all
People uses, so these application programs become the backstage bypass of numerous attack activities.
The security breaches of software are primarily referred to as in the compiling procedure of software, are easy to make entire computer software
At the defect threatened in terms of safety, or the summation of all kinds of factors that the operation of whole system can be affected.By
All artificially worked out in computer software, thus all can because of software authorized personnel during making software the considerations of ask
Topic does not bring security breaches comprehensively.The loophole of Common software includes: software operation, the exception in use;Loophole in terms of agreement;
The misoperation behavior of software after computer is infected by poisoning intrusion.
In actual application, user has increasingly higher demands for the safety of computer equipment.Therefore, one is needed
The completely new calculating equipment safety processing scheme of kind.
Summary of the invention
In view of this, the embodiment of the present invention provides a kind of vulnerability mining device, at least partly solve to exist in the prior art
The problem of.
A kind of vulnerability mining device, comprising:
Controller and memory, the memory are stored with multiple safety management modules, and the controller is based on described more
A safety management module is managed the vulnerability mining device;
Secure communication module, the secure communication module include encrypting module and communication interface, the vulnerability mining device
The safety certification request that the safety management module from the second equipment is sent is received by the communication interface;
The controller is based on the safety certification request, is scanned to the security context of vulnerability mining device, determines
The current first state of vulnerability mining device;
Storage unit is encrypted, the encryption storage unit stores relevant to the first state in a manner of data encryption
Safe condition instruction, the safe condition instruction include first data field of one of multiple safe modes;
Based on the instruction of the controller, the secure communication module can read the safety in the encryption storage unit
State instruction, and the safe condition instruction is sent to the second equipment, second equipment can be referred to based on the safe condition
Show, determine the second state for describing the vulnerability mining equipment safety situation, the controller is based on the second state to the leakage
Hole excavates device and carries out safety management.
A kind of specific implementation according to an embodiment of the present invention, the encrypting module include the first operational amplifier, the
The input terminal of one inductance, first resistor, second resistance, first capacitor and the second capacitor, first operational amplifier receives institute
State the signal to second equipment of vulnerability mining device transmission, the output end and the first inductance of first operational amplifier
Connection, first inductance are connect with first resistor and first capacitor respectively, the first resistor and the second capacitor and the second electricity
Resistance connection, the first capacitor, the second capacitor and second resistance are grounded jointly, the first resistor, second resistance and the second electricity
The junction of appearance and the output end of encrypting module connect.
A kind of specific implementation according to an embodiment of the present invention, the secure communication module further include:
Coupling module, the coupling module include second operational amplifier and 3rd resistor, the second operational amplifier
Input terminal connect with the output end of the encrypting module, the output end of the second operational amplifier and the 3rd resistor connect
It connects.
A kind of specific implementation according to an embodiment of the present invention, the secure communication module further include:
Deciphering module, the deciphering module include the second inductance, the 4th resistance, the 5th resistance, third capacitor and the 4th electricity
Hold, the first end interconnection of second inductance, third capacitor, the 5th resistance, the 4th resistance and the 4th capacitor
First end connect with the second end of the 5th resistance, second inductance, third capacitor, the 4th capacitor and the 4th resistance
Second end ground connection, the deciphering module receive the signal from the second equipment by the second end of the 5th resistance.
A kind of specific implementation according to an embodiment of the present invention, the secure communication module further include:
Cancellation module, the cancellation module include third operational amplifier, the 6th resistance, the 7th resistance and the 8th resistance,
The first input end of the third operational amplifier is connect with the 6th resistance, the second input terminal of the third operational amplifier with
7th resistance and the connection of the 8th resistance.
A kind of specific implementation according to an embodiment of the present invention, the secure communication module further include:
Filter module, the filter module include the 9th resistance and the 5th capacitor, the first end of the 9th resistance and institute
The output end connection of third operational amplifier is stated, the second end of the 9th resistance is connect with the first end of the 5th capacitor,
The second end of 5th capacitor is grounded.
A kind of specific implementation according to an embodiment of the present invention, the vulnerability mining device described in second status display
When in a safe condition, answering for one or more unencryptions that second equipment is sent is received using the secure communication module
Use message.
A kind of specific implementation according to an embodiment of the present invention, the vulnerability mining device described in second status display
When in non-secure states, the application message for the unencryption that second equipment is sent is abandoned using the secure communication module.
A kind of specific implementation according to an embodiment of the present invention, the controller are used for:
Based on second state, the initialization scan from the safety management module is executed on vulnerability mining device
Operation, and after initialization scan completion, the first safety detection component is installed, the first safety detection component is used for
Extract the environmental information of the vulnerability mining device.
A kind of specific implementation according to an embodiment of the present invention, the controller are also used to:
The environmental information of the vulnerability mining device is sent to and vulnerability mining device using the first safety detection component
The third equipment of communication connection is provided with multiple customization security modules relevant to safety management in the third equipment;
Received on vulnerability mining device and install from the third equipment distribution the second security component, described second
Security component is environmental information of the third equipment based on the vulnerability mining device from the multiple customization security module
In select it is one or more customize security module set, after the second security component install successfully, be based on described the
Two security components execute safety management to the vulnerability mining device.
Vulnerability mining device in the embodiment of the present invention, comprising: controller and memory, the memory are stored with multiple
Safety management module, the controller are based on the multiple safety management module and are managed to the vulnerability mining device;Peace
Full communication module, the secure communication module include encrypting module and communication interface, and the vulnerability mining device passes through described logical
Believe the safety certification request that interface is sent from the safety management module of the second equipment;The controller is based on the safety
Certification request is scanned the security context of vulnerability mining device, determines the current first state of vulnerability mining device;Encryption
Storage unit, the encryption storage unit are stored safe condition relevant to the first state in a manner of data encryption and referred to
Show, the safe condition instruction includes first data field of one of multiple safe modes;Based on the instruction of the controller, institute
The safe condition that stating secure communication module can read in the encryption storage unit indicates, and sends the peace to the second equipment
Total state instruction, second equipment can be indicated based on the safe condition, determined and described the vulnerability mining equipment safety
Second state of situation, the controller are based on the second state and carry out safety management to the vulnerability mining device.Pass through this Shen
Scheme please improves the safety of equipment.
Detailed description of the invention
In order to illustrate the technical solution of the embodiments of the present invention more clearly, below will be to needed in the embodiment attached
Figure is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the invention, for this field
For those of ordinary skill, without creative efforts, it can also be obtained according to these attached drawings other attached drawings.
Fig. 1 is a kind of vulnerability mining apparatus structure schematic diagram provided in an embodiment of the present invention;
Fig. 2 is a kind of encrypting module structural schematic diagram provided in an embodiment of the present invention;
Fig. 3 is a kind of coupling module structural schematic diagram provided in an embodiment of the present invention;
Fig. 4 is a kind of deciphering module structural schematic diagram provided in an embodiment of the present invention;
Fig. 5 is a kind of cancellation module structural schematic diagram provided in an embodiment of the present invention;
Fig. 6 is a kind of filtering modular structure schematic diagram provided in an embodiment of the present invention;
Fig. 7 is a kind of safety equipment management process schematic diagram provided in an embodiment of the present invention.
Specific embodiment
The embodiment of the present invention is described in detail with reference to the accompanying drawing.
Illustrate embodiment of the present disclosure below by way of specific specific example, those skilled in the art can be by this specification
Disclosed content understands other advantages and effect of the disclosure easily.Obviously, described embodiment is only the disclosure
A part of the embodiment, instead of all the embodiments.The disclosure can also be subject to reality by way of a different and different embodiment
It applies or applies, the various details in this specification can also be based on different viewpoints and application, in the spirit without departing from the disclosure
Lower carry out various modifications or alterations.It should be noted that in the absence of conflict, the feature in following embodiment and embodiment can
To be combined with each other.Based on the embodiment in the disclosure, those of ordinary skill in the art are without creative efforts
Every other embodiment obtained belongs to the range of disclosure protection.
It should be noted that the various aspects of embodiment within the scope of the appended claims are described below.Ying Xian
And be clear to, aspect described herein can be embodied in extensive diversified forms, and any specific structure described herein
And/or function is only illustrative.Based on the disclosure, it will be understood by one of ordinary skill in the art that one described herein
Aspect can be independently implemented with any other aspect, and can combine the two or both in these aspects or more in various ways.
For example, carry out facilities and equipments in terms of any number set forth herein can be used and/or practice method.In addition, can make
With other than one or more of aspect set forth herein other structures and/or it is functional implement this equipment and/or
Practice the method.
It should also be noted that, diagram provided in following embodiment only illustrates the basic structure of the disclosure in a schematic way
Think, component count, shape and the size when only display is with component related in the disclosure rather than according to actual implementation in schema are drawn
System, when actual implementation kenel, quantity and the ratio of each component can arbitrarily change for one kind, and its assembly layout kenel can also
It can be increasingly complex.
In addition, in the following description, specific details are provided for a thorough understanding of the examples.However, fields
The skilled person will understand that the aspect can be practiced without these specific details.
The embodiment of the present disclosure provides a kind of vulnerability mining device.Vulnerability mining device provided in this embodiment can be by a meter
Device is calculated to execute, which can be implemented as software, or be embodied as the combination of software and hardware, which can
To be integrally disposed in server, terminal device etc..
Referring to Fig. 1, a kind of vulnerability mining device provided in an embodiment of the present invention, comprising: controller, memory, safety are logical
Believe module and encryption storage unit, the memory is stored with multiple safety management modules, and the controller is based on the multiple
Safety management module is managed the vulnerability mining device.
The data in vulnerability mining device are stolen in order to prevent, are provided with secure communication module, the secure communication mould
Block includes encrypting module and communication interface, and the vulnerability mining device receives the peace from the second equipment by the communication interface
The safety certification request that full management module is sent.Second equipment is by communication network and vulnerability mining device, as an example,
Second equipment can have structure identical with vulnerability mining device.Second equipment is capable of carrying out to vulnerability mining device for active
Safety management.
Controller can be based on the safety certification request after obtaining the safety certification request that the second equipment is sent,
The security context of vulnerability mining device is scanned, determines the current first state of vulnerability mining device.Specifically, controller
The scan module stored in memory can be called, security sweep, the mistake of scanning are carried out to the current environment of vulnerability mining device
Cheng Zhong, available element relevant to vulnerability mining equipment safety.
Vulnerability mining device can ask the safety certification after receiving the safety certification request from the second equipment
It asks and is parsed.For example, vulnerability mining device can carry out data verification to safety certification request, when through safety certification requesting
The second equipment is resolved to be trusted device and then be further communicatively coupled with the second equipment.
It include the initialization scan operation requests for vulnerability mining device in safety certification request, when vulnerability mining fills
It sets and assert the second equipment for the initialization scan behaviour from the safety management module after trusted device, can be executed
Make.It is operated by initialization scan, preliminary scanning can be carried out to the environmental information on vulnerability mining device, and extract loophole
Excavate characteristic information relevant to equipment safety on device.
After initialization scan completion, the result after scanning can be sent to the second equipment by vulnerability mining device, and second
Safety management module in equipment analyzes scanning result after the scanning result for receiving the transmission of vulnerability mining device,
After the security context of analysis vulnerability mining device as the result is shown needs to carry out further safety management, by network to loophole
It excavates device and the first safety detection component is installed, the first safety detection component is for further extracting the vulnerability mining device
Environmental information.First safety detection component can have the security software of specific function.
During being scanned, if scan data is stored in the storage medium of the routine such as RAM or hard disk, exist
The possibility that scanning result is tampered, specific setting encrypts storage unit thus, and encryption storage unit can be using the storage such as Flash
Medium generates, and encryption storage unit stores safe condition instruction relevant to the first state, institute in a manner of data encryption
State the first data field that safe condition instruction includes one of multiple safe modes.Encrypting storage unit can be according to controller
Instruction determines specific cipher mode.
Based on the instruction of the controller, the secure communication module can read the safety in the encryption storage unit
State instruction, and the safe condition instruction is sent to the second equipment, second equipment can be referred to based on the safe condition
Show, determine the second state for describing the vulnerability mining equipment safety situation, the controller is based on the second state to the leakage
Hole excavates device and carries out safety management.
Second equipment can receive the safe condition instruction of vulnerability mining device transmission, be indicated based on the safe condition, the
Two equipment can determine the safe condition of vulnerability mining device, i.e. the second state.The hair of the loophole described in second status display
When pick device is in a safe condition, the application message for one or more unencryptions that second equipment is sent is received, to mention
The efficiency of high data interaction.When the vulnerability mining device described in second status display is in non-secure states, described in discarding
The application message for the unencryption that second equipment is sent, to guarantee the safety of communication.
Referring to fig. 2, a kind of specific implementation according to an embodiment of the present invention, the encrypting module include that the first operation is put
Big device M1, the first inductance L1, first resistor R1, second resistance R2, first capacitor C1 and the second capacitor C2, first operation are put
The input terminal of big device M1 receives the signal to second equipment that the vulnerability mining device is sent, first operation amplifier
The output end of device M1 is connect with the first inductance L1, and the first inductance L1 is connect with first resistor R1 and first capacitor C1 respectively,
The first resistor R1 is connect with the second capacitor C2 and second resistance R2, the first capacitor C1, the second capacitor C2 and the second electricity
Resistance R2 is grounded jointly, the output end of the junction and encrypting module of the first resistor R1, second resistance R2 and the second capacitor C2
Connection.By the way that encrypting module is arranged, the signal for being transmitted to the second equipment can be encrypted, so that anti-stop signal is in net
Network is held as a hostage and is decoded during transmitting.
Referring to Fig. 3, a kind of specific implementation according to an embodiment of the present invention, the secure communication module further include: coupling
Block is molded, the coupling module includes second operational amplifier M2 and 3rd resistor R3, and the second operational amplifier M2's is defeated
Enter end to connect with the output end of the encrypting module, the output end of the second operational amplifier M2 and the 3rd resistor R3 connect
It connects.Coupling module can carry out signal enhancing to the signal that encrypting module encrypts, and ensure that the stability of coded signal
Referring to fig. 4, a kind of specific implementation according to an embodiment of the present invention, the secure communication module further include: solution
Close module, the deciphering module include the second inductance L2, the 4th resistance R4, the 5th resistance R5, third capacitor C3 and the 4th capacitor
C4, the second inductance L2, third capacitor C3, the 5th resistance R5 first end be connected with each other, the 4th resistance R4 and described
The first end of 4th capacitor C4 is connect with the second end of the 5th resistance R5, the second inductance L2, third capacitor C3, the 4th
The second end of capacitor C4 and the 4th resistance R4 ground connection, the deciphering module are come from by the second end reception of the 5th resistance R5
The signal of second equipment.The coded signal that deciphering module is used to transmit the second equipment is decrypted.
Referring to Fig. 5, a kind of specific implementation according to an embodiment of the present invention, the secure communication module further include: disappear
Except module, the cancellation module includes third operational amplifier M3, the 6th resistance R6, the 7th resistance R7 and the 8th resistance R8, institute
The first input end for stating third operational amplifier M3 is connect with the 6th resistance R6, the second input of the third operational amplifier M3
End is connect with the 7th resistance R7 and the 8th resistance R8.The encryption interference signal that cancellation module is sent with the second equipment is attached,
By cancellation module, the coded signal of the second equipment transmission is filtered, to obtain correct signal.
Referring to Fig. 6, a kind of specific implementation according to an embodiment of the present invention, the secure communication module further include: filter
Wave module, the filter module include the 9th resistance R9 and the 5th capacitor C5, the first end of the 9th resistance R9 and described the
The output end of three operational amplifier M3 connects, and the second end of the 9th resistance R9 and the first end of the 5th capacitor C5 connect
It connects, the second end ground connection of the 5th capacitor C5.By filter module, place can be filtered to the signal for eliminating resume module
Reason, further increases the stability of signal.
Second equipment can receive the safe condition instruction of vulnerability mining device transmission, be indicated based on the safe condition, the
Two equipment can determine the safe condition of vulnerability mining device, i.e. the second state.The hair of the loophole described in second status display
When pick device is in a safe condition, the application message for one or more unencryptions that second equipment is sent is received, to mention
The efficiency of high data interaction.When the vulnerability mining device described in second status display is in non-secure states, described in discarding
The application message for the unencryption that second equipment is sent, to guarantee the safety of communication.
Vulnerability mining device can ask the safety certification after receiving the safety certification request from the second equipment
It asks and is parsed.For example, vulnerability mining device can carry out data verification to safety certification request, when through safety certification requesting
The second equipment is resolved to be further communicatively coupled with the second equipment after trusted device.
It include the initialization scan operation requests for vulnerability mining device in safety certification request, when vulnerability mining fills
It sets and assert the second equipment for the initialization scan behaviour from the safety management module after trusted device, can be executed
Make.It is operated by initialization scan, preliminary scanning can be carried out to the environmental information on vulnerability mining device, and extract loophole
Excavate characteristic information relevant to equipment safety on device.
After initialization scan completion, the result after scanning can be sent to the second equipment by vulnerability mining device, and second
Safety management module in equipment analyzes scanning result after the scanning result for receiving the transmission of vulnerability mining device,
After the security context of analysis vulnerability mining device as the result is shown needs to carry out further safety management, by network to loophole
It excavates device and the first safety detection component is installed, the first safety detection component is for further extracting the vulnerability mining device
Environmental information.First safety detection component can have the security software of specific function.
A kind of specific implementation according to an embodiment of the present invention, the controller are also used to: utilizing the first safety detection
The environmental information of the vulnerability mining device is sent to the third equipment with the communication connection of vulnerability mining device by component, and described the
Multiple customization security modules relevant to safety management are provided in three equipment;It receives and installs to come on vulnerability mining device
The second security component distributed from the third equipment, second security component are that the third equipment is sent out based on the loophole
Dig one or more customization security module collection that the environmental information of device is selected from the multiple customization security module
It closes, after the second security component is installed successfully, safety is executed to the vulnerability mining device based on second security component
Management.
As an alternative embodiment, second state that is based on is to vulnerability mining device progress bursting tube
Reason, comprising:
Based on second state, the initialization scan from the safety management module is executed on vulnerability mining device
Operation, and after initialization scan completion, the first safety detection component is installed, the first safety detection component is used for
Extract the environmental information of the vulnerability mining device.
Vulnerability mining device can ask the safety certification after receiving the safety certification request from the second equipment
It asks and is parsed.For example, vulnerability mining device can carry out data verification to safety certification request, when through safety certification requesting
The second equipment is resolved to be further communicatively coupled with the second equipment after trusted device.
It include the initialization scan operation requests for vulnerability mining device in safety certification request, when vulnerability mining fills
It sets and assert the second equipment for the initialization scan behaviour from the safety management module after trusted device, can be executed
Make.It is operated by initialization scan, preliminary scanning can be carried out to the environmental information on vulnerability mining device, and extract loophole
Excavate characteristic information relevant to equipment safety on device.
After initialization scan completion, the result after scanning can be sent to the second equipment by vulnerability mining device, and second
Safety management module in equipment analyzes scanning result after the scanning result for receiving the transmission of vulnerability mining device,
After the security context of analysis vulnerability mining device as the result is shown needs to carry out further safety management, by network to loophole
It excavates device and the first safety detection component is installed, the first safety detection component is for further extracting the vulnerability mining device
Environmental information.First safety detection component can have the security software of specific function.
As an alternative embodiment, second state that is based on is to vulnerability mining device progress bursting tube
Reason, further includes:
The environmental information of the vulnerability mining device is sent to and vulnerability mining device using the first safety detection component
The third equipment of communication connection is provided with multiple customization security modules relevant to safety management in the third equipment,
It is received on vulnerability mining device and the second security component from third equipment distribution is installed, second security component is
What environmental information of the third equipment based on the vulnerability mining device was selected from the multiple customization security module
One or more customizes security module set, after the second security component is installed successfully, is based on second security component
Safety management is executed to the vulnerability mining device.
After first safety detection component obtains information scanning and acquisition permission on vulnerability mining device, it can will leak
The environmental information that device is excavated in hole is sent to the specified third equipment of the safety management module in the second equipment.Third equipment and leakage
Device communication connection is excavated in hole, is provided with multiple customization security modules relevant to safety management, Mei Geding in third equipment
Inhibition and generation security module has different safety detection functions.Illustratively, customizing security module may include detection ad hoc networks
The module of network virus, also may include detection application-specific whether there is the module of loophole.Customizing module can be with soft
The form of part exists.
Second equipment and third equipment communicate to connect, and third can be safeguarded and be updated to the safety management module in the second equipment
One or more customization security modules in equipment.
Vulnerability mining device is after sending request to third equipment, request that third equipment sends vulnerability mining device
After being verified, the second security component will be sent to vulnerability mining device.According to environmental information on vulnerability mining device
Content, third equipment form new software group from security module Resource selection one or more customization security module is customized
It closes, environmental information is different on vulnerability mining device, and the combination of software on the second security component also can be different, due to different customizations
Changing security module has the function of different, by way of combination of software, can configure most suitable vulnerability mining equipment safety
The software assembly of management, that is, the second security component.Second security component targetedly can carry out safety to vulnerability mining device
Management, to improve the efficiency of safety management.
In addition to this, referring to Fig. 7, vulnerability mining device disclosed by the embodiments of the present invention can also run a kind of safety equipment
Management method includes the following steps:
S101 receives the safety certification request that the safety management module from the second equipment is sent in the first equipment.
First equipment is the hardware device for needing to carry out safety management, and as an example, the first equipment can be calculating
Machine, mobile phone or other calculating equipment.Operating system can be run in first equipment (for example, windows system, Linux system
System, IOS system, android system).
Second equipment and the first equipment communicate to connect, and are equipped with safety management module inside the second equipment, are based on the safety
Management module, the second equipment can carry out safety management to the equipment being attached thereto.Specifically, the second equipment is getting first
After the information of equipment, safety certification request can be sent to the first equipment by wired or wireless mode, by receiving the
Response of one equipment for safety certification request further carries out safety management to the first equipment.
S102 is based on the safety certification request, is scanned to the security context of the first equipment, determines that the first equipment is worked as
Preceding first state, and send safe condition instruction to the second equipment, safe condition instruction include multiple safe modes it
One the first data field.
First equipment after receiving the safety certification request from the second equipment, can to the safety certification request into
Row parsing.For example, the first equipment can carry out data verification to safety certification request, when through safety certification request analysis to the
Two equipment are trusted device and then are further communicatively coupled with the second equipment.
It include the initialization scan operation requests for the first equipment in safety certification request, when the first equipment identification
Two equipment operate for that after trusted device, can execute the initialization scan from the safety management module.By first
Beginningization scan operation, can carry out preliminary scanning to the environmental information in the first equipment, and extract in the first equipment with equipment
Safety-related characteristic information.
After initialization scan completion, the result after scanning can be sent to the second equipment, the second equipment by the first equipment
In safety management module receive the first equipment transmission scanning result after, scanning result is analyzed, when analysis tie
After fruit shows that the security context of the first equipment needs to carry out further safety management, first is installed to the first equipment by network
Safety detection component, the first safety detection component are used to further extract the environmental information of first equipment.First safety
Detection components can have the security software of specific function.
S103 obtains second equipment, second state determining for safe condition instruction, and is based on second shape
State is communicated with second equipment, and second state is used to describe the safe condition of first equipment.
Second equipment can receive the safe condition instruction of the first equipment transmission, indicate that second sets based on the safe condition
The standby safe condition that can determine the first equipment, i.e. the second state.The first equipment described in second status display is in peace
When total state, the application message for one or more unencryptions that second equipment is sent is received, to improve data interaction
Efficiency.When the first equipment described in second status display is in non-secure states, abandons second equipment and send not
The application message of encryption, to guarantee the safety of communication.
S104 carries out safety management to first equipment based on the second state.
It is analyzed in the second equipment by the safe condition instruction sent to the first equipment, can determine the first equipment institute
The safe condition at place, i.e. the second state, to further carry out safety management to the first equipment based on the second state.
Flow chart and block diagram in attached drawing are illustrated according to the system of the various embodiments of the disclosure, method and computer journey
The architecture, function and operation in the cards of sequence product.In this regard, each box in flowchart or block diagram can generation
A part of one module, program segment or code of table, a part of the module, program segment or code include one or more use
The executable instruction of the logic function as defined in realizing.It should also be noted that in some implementations as replacements, being marked in box
The function of note can also occur in a different order than that indicated in the drawings.For example, two boxes succeedingly indicated are actually
It can be basically executed in parallel, they can also be executed in the opposite order sometimes, and this depends on the function involved.Also it to infuse
Meaning, the combination of each box in block diagram and or flow chart and the box in block diagram and or flow chart can be with holding
The dedicated hardware based system of functions or operations as defined in row is realized, or can use specialized hardware and computer instruction
Combination realize.
Being described in unit involved in the embodiment of the present disclosure can be realized by way of software, can also be by hard
The mode of part is realized.Wherein, the title of unit does not constitute the restriction to the unit itself under certain conditions, for example, the
One acquiring unit is also described as " obtaining the unit of at least two internet protocol addresses ".
It should be appreciated that each section of the invention can be realized with hardware, software, firmware or their combination.
The above description is merely a specific embodiment, but scope of protection of the present invention is not limited thereto, any
In the technical scope disclosed by the present invention, any changes or substitutions that can be easily thought of by those familiar with the art, all answers
It is included within the scope of the present invention.Therefore, protection scope of the present invention should be subject to the protection scope in claims.
Claims (10)
1. a kind of vulnerability mining device characterized by comprising
Controller and memory, the memory are stored with multiple safety management modules, and the controller is based on the multiple peace
Full management module is managed the vulnerability mining device;
Secure communication module, the secure communication module include encrypting module and communication interface, and the vulnerability mining device passes through
The communication interface receives the safety certification request that the safety management module from the second equipment is sent;
The controller is based on the safety certification request, is scanned to the security context of vulnerability mining device, determines loophole
Excavate the current first state of device;
Storage unit is encrypted, the encryption storage unit stores safety relevant to the first state in a manner of data encryption
State instruction, the safe condition instruction include first data field of one of multiple safe modes;
Based on the instruction of the controller, the secure communication module can read the safe condition in the encryption storage unit
Instruction, and the safe condition instruction is sent to the second equipment, second equipment can be indicated based on the safe condition, really
Second state of the vulnerability mining equipment safety situation is described surely, the controller is based on the second state to the vulnerability mining
Device carries out safety management.
2. the apparatus according to claim 1, it is characterised in that:
The encrypting module includes the first operational amplifier, the first inductance, first resistor, second resistance, first capacitor and second
Capacitor, the input terminal of first operational amplifier receive the letter to second equipment that the vulnerability mining device is sent
Number, the output end and the first inductance connection of first operational amplifier, first inductance respectively with first resistor and first
Capacitance connection, the first resistor are connect with the second capacitor and second resistance, the first capacitor, the second capacitor and second resistance
Common ground connection, the output end connection of the first resistor, the junction of second resistance and the second capacitor and encrypting module.
3. the apparatus of claim 2, which is characterized in that the secure communication module further include:
Coupling module, the coupling module include second operational amplifier and 3rd resistor, the second operational amplifier it is defeated
Enter end to connect with the output end of the encrypting module, the output end of the second operational amplifier is connect with the 3rd resistor.
4. device according to claim 3, which is characterized in that the secure communication module further include:
Deciphering module, the deciphering module include the second inductance, the 4th resistance, the 5th resistance, third capacitor and the 4th capacitor, institute
State the second inductance, third capacitor, the 5th resistance first end be connected with each other, the first of the 4th resistance and the 4th capacitor
End is connect with the second end of the 5th resistance, the second end of second inductance, third capacitor, the 4th capacitor and the 4th resistance
Ground connection, the deciphering module receive the signal from the second equipment by the second end of the 5th resistance.
5. device according to claim 4, which is characterized in that the secure communication module further include:
Cancellation module, the cancellation module include third operational amplifier, the 6th resistance, the 7th resistance and the 8th resistance, described
The first input end of third operational amplifier is connect with the 6th resistance, the second input terminal and the 7th of the third operational amplifier
Resistance and the connection of the 8th resistance.
6. device according to claim 5, which is characterized in that the secure communication module further include:
Filter module, the filter module include the 9th resistance and the 5th capacitor, the first end of the 9th resistance and described the
The output end of three operational amplifiers connects, and the second end of the 9th resistance is connect with the first end of the 5th capacitor, described
The second end of 5th capacitor is grounded.
7. the apparatus according to claim 1, it is characterised in that:
When the vulnerability mining device described in second status display is in a safe condition, the secure communication module is utilized to receive
The application message for one or more unencryptions that second equipment is sent.
8. device according to claim 5, it is characterised in that:
When the vulnerability mining device described in second status display is in non-secure states, lost using the secure communication module
Abandon the application message for the unencryption that second equipment is sent.
9. the apparatus according to claim 1, which is characterized in that the controller is used for:
Based on second state, the initialization scan behaviour from the safety management module is executed on vulnerability mining device
Make, and after initialization scan completion, the first safety detection component is installed, the first safety detection component is for mentioning
Take the environmental information of the vulnerability mining device.
10. device according to claim 7, which is characterized in that the controller is also used to:
The environmental information of the vulnerability mining device is sent to using the first safety detection component and is communicated with vulnerability mining device
The third equipment of connection is provided with multiple customization security modules relevant to safety management in the third equipment;
The second security component from third equipment distribution, second safety are received and installed on vulnerability mining device
Component is that environmental information of the third equipment based on the vulnerability mining device is selected from the multiple customization security module
The one or more customization security module set selected out, after the second security component is installed successfully, based on second peace
Whole assembly executes safety management to the vulnerability mining device.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910186015.4A CN109936576A (en) | 2019-03-12 | 2019-03-12 | A kind of vulnerability mining device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910186015.4A CN109936576A (en) | 2019-03-12 | 2019-03-12 | A kind of vulnerability mining device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109936576A true CN109936576A (en) | 2019-06-25 |
Family
ID=66987022
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910186015.4A Pending CN109936576A (en) | 2019-03-12 | 2019-03-12 | A kind of vulnerability mining device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109936576A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112637240A (en) * | 2020-12-31 | 2021-04-09 | 河南信大网御科技有限公司 | Method, system and readable storage medium for preventing protocol message from being tampered under mimicry environment |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101030848A (en) * | 2007-04-18 | 2007-09-05 | 北京邮电大学 | Enciphering telecommunicating experimental apparatus based on chaos synchronization and its usage |
| CN106230837A (en) * | 2016-08-04 | 2016-12-14 | 湖南傻蛋科技有限公司 | A kind of WEB vulnerability scanning method supporting Dynamic expansion and scanning device |
| US20170286689A1 (en) * | 2016-03-30 | 2017-10-05 | Airwatch Llc | Detecting vulnerabilities in managed client devices |
| CN107273751A (en) * | 2017-06-21 | 2017-10-20 | 北京计算机技术及应用研究所 | Security breaches based on multi-mode matching find method online |
-
2019
- 2019-03-12 CN CN201910186015.4A patent/CN109936576A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101030848A (en) * | 2007-04-18 | 2007-09-05 | 北京邮电大学 | Enciphering telecommunicating experimental apparatus based on chaos synchronization and its usage |
| US20170286689A1 (en) * | 2016-03-30 | 2017-10-05 | Airwatch Llc | Detecting vulnerabilities in managed client devices |
| CN106230837A (en) * | 2016-08-04 | 2016-12-14 | 湖南傻蛋科技有限公司 | A kind of WEB vulnerability scanning method supporting Dynamic expansion and scanning device |
| CN107273751A (en) * | 2017-06-21 | 2017-10-20 | 北京计算机技术及应用研究所 | Security breaches based on multi-mode matching find method online |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112637240A (en) * | 2020-12-31 | 2021-04-09 | 河南信大网御科技有限公司 | Method, system and readable storage medium for preventing protocol message from being tampered under mimicry environment |
| CN112637240B (en) * | 2020-12-31 | 2023-09-12 | 河南信大网御科技有限公司 | Protocol message tamper-proof method and system under mimicry environment and readable storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Miloslavskaya et al. | Internet of Things: information security challenges and solutions | |
| US9742794B2 (en) | Method and apparatus for automating threat model generation and pattern identification | |
| CN111193698B (en) | Data processing method, device, terminal and storage medium | |
| US20130054969A1 (en) | Secured privileged access to an embedded client on a mobile device | |
| CN105391687A (en) | System and method for supplying information security operation service to medium-sized and small enterprises | |
| CN108616882A (en) | Household appliance matches network method, method of network entry, device, storage medium and equipment | |
| CN104484607A (en) | Universal method and universal system for performing safety testing on Android application programs | |
| CN103986743A (en) | Method, apparatus and system for acquiring data in Internet of Things | |
| Pal et al. | IoT technical challenges and solutions | |
| CN105099705B (en) | A kind of safety communicating method and its system based on usb protocol | |
| CN103413083A (en) | Security defending system for single host | |
| CN105228153A (en) | Method for network access, system and wireless routing device | |
| CN103200059B (en) | Secure network access processing method and device | |
| CN111614686B (en) | Key management method, controller and system | |
| CN113382076A (en) | Internet of things terminal security threat analysis method and protection method | |
| Mahadewa et al. | HOMESCAN: Scrutinizing implementations of smart home integrations | |
| CN105577657B (en) | A kind of extended method of SSL/TLS algorithms external member | |
| Morais et al. | A model-based attack injection approach for security validation | |
| CN109936576A (en) | A kind of vulnerability mining device | |
| CN109818972A (en) | A kind of industrial control system information security management method, device and electronic equipment | |
| CN105611046B (en) | The Android mobile phone safety system of a kind of strategy customization and guard method thereof | |
| Altayaran et al. | Security threats of application programming interface (API's) in internet of things (IoT) communications | |
| Astrida et al. | Analysis and evaluation of wireless network security with the penetration testing execution standard (ptes) | |
| Rigoev et al. | Security aspects of smart meter infrastructures | |
| US9154513B2 (en) | Communication information analysis system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190625 |