CN102710421A - Matched communication method - Google Patents
Matched communication method Download PDFInfo
- Publication number
- CN102710421A CN102710421A CN2012101947404A CN201210194740A CN102710421A CN 102710421 A CN102710421 A CN 102710421A CN 2012101947404 A CN2012101947404 A CN 2012101947404A CN 201210194740 A CN201210194740 A CN 201210194740A CN 102710421 A CN102710421 A CN 102710421A
- Authority
- CN
- China
- Prior art keywords
- computer
- security protection
- communication
- characteristic information
- protection equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a matched communication method and aims to provide a communication method for performing communication on the specified computer and security equipment. The matched communication method comprises the following steps: storing the characteristic information of the security equipment and the characteristic information of the computer in the security equipment and the computer which can communicate mutually; calculating the characteristic information of the security equipment and the characteristic information of the computer stored in the security equipment to acquire a communication secret key of the security equipment; calculating the characteristic information of the computer and the characteristic information of the security equipment stored in the computer to acquire a communication secret key of the computer; when the security equipment is connected with the computer, deciphering the communication protocol encrypted by the opposite side by the communication secret key of the own side by using the security equipment and the computer respectively; and during deciphering, verifying the communication secret key of the other part is matched with the communication secret key of the own side or not by using the security equipment and the computer respectively, wherein if so, deciphering is finished and normal communication is performed between the security equipment and the computer, otherwise, deciphering cannot be performed and communication is refused. The matched communication method can be applied to the connection of the computer and the security equipment.
Description
Technical field
The present invention relates to technical field of security and protection, especially relate to the means of communication between a kind of computer and the security protection equipment.
Background technology
See also Fig. 2, in traditional safety-protection system, computer is connected through network with security protection equipment; General employing is the communication modes of symmetric cryptography between computer and the security protection equipment, that is: in the safety-protection system of symmetric cryptography, the key of use has only one; Like key A; Send out collection of letters both sides and all use this key that data are carried out encryption and decryption, this will find the solution close side must know encryption key in advance, and communication two party all uses same key.When key leaks, be equipped with and the illegal computer of the server same software of safety-protection system just can be kidnapped the communication between this safety-protection system server and the security protection equipment as long as in this safety-protection system, insert other one, thereby control the work of security protection equipment; Equally, when key leaked, illegal security protection equipment also can easily be linked in this safety-protection system.Therefore, there is the defective of poor stability in these communication modes.
Summary of the invention
General what adopt is the communication modes of symmetric cryptography in order to solve between prior art computer and the security protection equipment in the present invention, has the technical problem of the defective of poor stability, and a kind of matched means of communication are provided.
For solving the problems of the technologies described above, the technical scheme that the present invention adopts is a kind of matched means of communication of design, comprising:
In security protection equipment the characteristic information of this security protection equipment of storage with can with the characteristic information of the computer of this security protection device talk;
In computer the characteristic information of this computer of storage with can with the characteristic information of the security protection equipment of this computer communication;
The said matched means of communication also comprise:
The security protection apparatus characteristic information of storing in the security protection equipment and computer characteristic information are obtained the communication key of security protection equipment through computing;
The computer characteristic information of storing in the computer and security protection apparatus characteristic information are obtained the communication key of computer through computing;
When security protection equipment was connected with computer, security protection equipment and computer both sides utilized the communications protocol after communication key deciphering the other side encryption separately mutually;
During deciphering, the communication key that security protection equipment and computer both sides verify the other side mutually whether with one's own side's communication key coupling, and when coupling, accomplish deciphering, security protection equipment and computer carry out normal communication, otherwise, can not decipher, refuse communication.
The said matched means of communication also comprise: the security protection equipment to communication each other distributes an identical initial key with computer;
In the computing of the communication key of said security protection equipment or computer, also all add said initial key.
Said computer characteristic information comprises one or more information in machine number, MAC Address, IP address, memory I D, system identifier, CPU ID, WIFI address, Bluetooth address or 1394 addresses of computer, and the characteristic information that obtains through computing; Said security protection apparatus characteristic information comprises one or more information in device number, MAC Address, IP address, memory I D, system identifier, CPU ID, WIFI address, Bluetooth address or 1394 addresses of security protection equipment, and the characteristic information that obtains through computing.
The characteristic information of the present invention through this security protection equipment of storage in security protection equipment with can with the characteristic information of the computer of this security protection device talk; In computer the characteristic information of this computer of storage with can with the characteristic information of the security protection equipment of this computer communication; The security protection apparatus characteristic information of storing in the security protection equipment and computer characteristic information are obtained the communication key of security protection equipment through computing; The computer characteristic information of storing in the computer and security protection apparatus characteristic information are obtained the communication key of computer through computing; Computer and the security protection equipment communication key through is separately encrypted separately the communications protocol with the other side's communication, and when security protection equipment was connected with computer, security protection equipment and computer both sides utilization communication key separately mutually deciphered the communications protocol after the other side's encryption; Checking the other side's communication key whether with one's own side's communication key coupling; And when coupling, security protection equipment and computer carry out normal communication, otherwise the refusal communication.Adopt the matched communication modes between computer and the security protection equipment, security protection equipment can only with the computer communication of appointment, the normal connection; After initial key leaks; When using other computer and security protection equipment access system, because the characteristic information of computer and security protection equipment all is unique, and the characteristic information of computer in the characteristic information of other computer and security protection equipment and the former safety-protection system and security protection equipment is different; The communication key that it generated will be different with original communication key; Communication two party is when the communications protocol of deciphering after both sides encrypt, because communication key is inequality, both sides can not be mated; Computer in the original system or security protection equipment will refuse other computers and security protection equipment inserts; Therefore, this kind matched means of communication can prevent effectively that other unspecified computer and equipment from arbitrarily inserting this system, helps improving the fail safe of system.
Description of drawings
Below in conjunction with embodiment and accompanying drawing the present invention is elaborated, wherein:
Fig. 1 is the schematic diagram of the matched means of communication of the present invention;
Fig. 2 is the schematic diagram of prior art computer and security protection device talk.
Embodiment
See also Fig. 1.The technical scheme that the present invention adopts comprises the following steps: for a kind of matched means of communication of design
The first step: in security protection equipment the characteristic information of this security protection equipment of storage with can with the characteristic information of the computer of this security protection device talk; In computer the characteristic information of this computer of storage with can with the characteristic information of the security protection equipment of this computer communication.
Said computer characteristic information comprises one or more information in machine number, MAC Address, IP address, memory I D, system identifier, CPU ID, WIFI address, Bluetooth address or 1394 addresses of computer, and the characteristic information that obtains through computing; Said security protection apparatus characteristic information comprises one or more information in security protection device number, MAC Address, IP address, memory I D, system identifier, CPU ID, WIFI address, Bluetooth address or 1394 addresses of security protection equipment, and the characteristic information that obtains through computing.
Second step: the security protection equipment to communication each other distributes an identical initial key with computer.
As distribute an initial key A.
The 3rd step: the communication key that the security protection apparatus characteristic information of storing in the security protection equipment, computer characteristic information and initial key is obtained security protection equipment through computing; The computer characteristic information of storing in the computer, security protection apparatus characteristic information and initial key are obtained the communication key of computer through computing.
As: the communication key B1 that the security protection apparatus characteristic information of storing in the security protection equipment, computer characteristic information and initial key A is obtained security protection equipment through computing; The computer characteristic information of storing in the computer, security protection apparatus characteristic information and initial key A are obtained the communication key B2 of computer through computing.
The 4th step: the communication key encryption through separately of computer and security protection equipment separately with the communications protocol of the other side's communication.Be the communications protocol of the communication key encryption security protection equipment of security protection equipment, the communications protocol of the communication key ciphering computer of computer.
The 5th step: when security protection equipment was connected with computer, security protection equipment and computer both sides utilized the communications protocol after communication key deciphering the other side encryption separately mutually.
Communications protocol behind the communication key deciphering computer encipher of security protection equipment is obtained the communication key of computer, and the communications protocol after the communication key deciphering security protection devices encrypt of computer is obtained the communication key of security protection equipment.
The 6th step: during deciphering, the communication key that security protection equipment and computer both sides verify the other side mutually whether with one's own side's communication key coupling, and when coupling, accomplish deciphering, security protection equipment and computer carry out normal communication, otherwise, can not decipher, refuse communication.
In security protection equipment and decryption computer, if one's own side's communication key and the other side's identical could the deciphering of communication key, otherwise just can not decipher.
As when security protection equipment is connected with computer; Communications protocol behind the security protection equipment utilization security protection device talk key B1 deciphering computer encipher; Computer utilizes the communications protocol after the computer communication key B2 deciphering security protection devices encrypt; The communication key B2 of security protection device authentication computer whether with the communication key B1 coupling of security protection equipment, the communication key B1 of computer checking security protection equipment whether with the communication key B2 coupling of computer, if coupling; Then show it is the security protection equipment and the computer of communication each other, make security protection equipment and computer carry out normal communication.If do not match, then show it is the security protection equipment and the computer of communication each other, at this moment, the refusal communication prevents illegal security protection equipment or computer connecting system.
Certainly, the first step and second step can exchange.
Certainly, also initial key can be set, when the computing communication key, also not use initial key.
The present invention is through to adopting the matched communication modes between computer and the security protection equipment, security protection equipment can only with the computer communication of appointment, normal connection; After initial key leaks; When using other computer and security protection equipment access system, because the characteristic information of computer and security protection equipment all is unique, and the characteristic information of computer in the characteristic information of other computer and security protection equipment and the former safety-protection system and security protection equipment is different; The communication key that it generated will be different with original communication key; Communication two party is when the communications protocol of deciphering after both sides encrypt, because communication key is inequality, both sides can not be mated; Computer in the original system or security protection equipment will refuse other computers and security protection equipment inserts; Therefore, this kind matched means of communication can prevent effectively that other unspecified computer and equipment from arbitrarily inserting this system, helps improving the fail safe of system.
The above is merely preferred embodiment of the present invention, not in order to restriction the present invention, all any modifications of within spirit of the present invention and principle, being done, is equal to and replaces and improvement etc., all should be included within protection scope of the present invention.
Claims (3)
1. matched means of communication comprise:
In security protection equipment the characteristic information of this security protection equipment of storage with can with the characteristic information of the computer of this security protection device talk;
In computer the characteristic information of this computer of storage with can with the characteristic information of the security protection equipment of this computer communication;
It is characterized in that the said matched means of communication also comprise:
The security protection apparatus characteristic information of storing in the security protection equipment and computer characteristic information are obtained the communication key of security protection equipment through computing;
The computer characteristic information of storing in the computer and security protection apparatus characteristic information are obtained the communication key of computer through computing;
When security protection equipment was connected with computer, security protection equipment and computer both sides utilized the communications protocol after communication key deciphering the other side encryption separately mutually;
During deciphering, the communication key that security protection equipment and computer both sides verify the other side mutually whether with one's own side's communication key coupling, and when coupling, accomplish deciphering, security protection equipment and computer carry out normal communication, otherwise, can not decipher, refuse communication.
2. the matched means of communication according to claim 1 is characterized in that:
The said matched means of communication also comprise: the security protection equipment to communication each other distributes an identical initial key with computer;
In the computing of the communication key of said security protection equipment or computer, also all add said initial key.
3. the matched means of communication according to claim 1; It is characterized in that: said computer characteristic information comprises one or more information in machine number, MAC Address, IP address, memory I D, system identifier, CPU ID, WIFI address, Bluetooth address or 1394 addresses of computer, and the characteristic information that obtains through computing; Said security protection apparatus characteristic information comprises one or more information in device number, MAC Address, IP address, memory I D, system identifier, CPU ID, WIFI address, Bluetooth address or 1394 addresses of security protection equipment, and the characteristic information that obtains through computing.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2012101947404A CN102710421A (en) | 2012-06-14 | 2012-06-14 | Matched communication method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2012101947404A CN102710421A (en) | 2012-06-14 | 2012-06-14 | Matched communication method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102710421A true CN102710421A (en) | 2012-10-03 |
Family
ID=46902993
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2012101947404A Pending CN102710421A (en) | 2012-06-14 | 2012-06-14 | Matched communication method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102710421A (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101155033A (en) * | 2006-09-26 | 2008-04-02 | 中兴通讯股份有限公司 | Method for confirming client identity |
| CN101296077A (en) * | 2007-04-29 | 2008-10-29 | 四川虹微技术有限公司 | Identity authentication system based on bus type topological structure |
| CN101599188A (en) * | 2009-07-10 | 2009-12-09 | 广东南方信息安全产业基地有限公司 | A kind of gate control system based on the IPA safety certification |
| CN101917270A (en) * | 2010-08-03 | 2010-12-15 | 中国科学院软件研究所 | Weak authentication and key agreement method based on symmetrical password |
-
2012
- 2012-06-14 CN CN2012101947404A patent/CN102710421A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101155033A (en) * | 2006-09-26 | 2008-04-02 | 中兴通讯股份有限公司 | Method for confirming client identity |
| CN101296077A (en) * | 2007-04-29 | 2008-10-29 | 四川虹微技术有限公司 | Identity authentication system based on bus type topological structure |
| CN101599188A (en) * | 2009-07-10 | 2009-12-09 | 广东南方信息安全产业基地有限公司 | A kind of gate control system based on the IPA safety certification |
| CN101917270A (en) * | 2010-08-03 | 2010-12-15 | 中国科学院软件研究所 | Weak authentication and key agreement method based on symmetrical password |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105184931B (en) | A kind of method for unlocking based on bluetooth, system, handheld terminal and electronic lock | |
| CN103152366B (en) | Obtain the method for terminal authorization, terminal and server | |
| CN102065148A (en) | Memory system access authorizing method based on communication network | |
| CN105471833A (en) | Safe communication method and device | |
| CN109391468A (en) | A kind of authentication method and system | |
| CN110753344B (en) | NB-IoT-based smart meter secure access system | |
| CN103533539A (en) | Virtual SIM (subscriber identity module) card parameter management method and device | |
| CN103812651B (en) | Method of password authentication, apparatus and system | |
| CN102347957A (en) | Cloud network admission identifying system and admission identifying technology | |
| CN101621794A (en) | Method for realizing safe authentication of wireless application service system | |
| CN111970114B (en) | File encryption method, system, server and storage medium | |
| CN107454590A (en) | A kind of data ciphering method, decryption method and wireless router | |
| CN104753953A (en) | Access control system | |
| CN103974248A (en) | Terminal security protection method, device and system in ability open system | |
| CN102595213A (en) | Security certificate method and system of credible TV terminal | |
| CN105162808A (en) | Safety login method based on domestic cryptographic algorithm | |
| CN104954137A (en) | Method of virtual machine security certification based on domestic password technique | |
| CN105471901A (en) | Industrial information security authentication system | |
| CN105142134A (en) | Parameter obtaining and transmission methods/devices | |
| CN104796262B (en) | Data ciphering method and terminal system | |
| CN104767766A (en) | Web Service interface verification method, Web Service server and client side | |
| CN110519238B (en) | Internet of things security system and communication method based on cryptographic technology | |
| CN106992978A (en) | Network safety managing method and server | |
| CN103944721A (en) | Method and device for protecting terminal data security on basis of web | |
| CN106452752A (en) | Method and system of modifying cipher, client, server and smart device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20121003 |