CN104378351A - Internal network security protection method based on dynamic encryption host identity authentication - Google Patents
Internal network security protection method based on dynamic encryption host identity authentication Download PDFInfo
- Publication number
- CN104378351A CN104378351A CN201410549655.4A CN201410549655A CN104378351A CN 104378351 A CN104378351 A CN 104378351A CN 201410549655 A CN201410549655 A CN 201410549655A CN 104378351 A CN104378351 A CN 104378351A
- Authority
- CN
- China
- Prior art keywords
- certification
- authentication
- server
- user
- invasion
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/045—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
- H04L9/16—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms the keys or algorithms being changed during operation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0457—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply dynamic encryption, e.g. stream encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/1066—Session management
- H04L65/1073—Registration or de-registration
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides an internal network security protection method based on dynamic encryption host identity authentication, and relates to the technical field of identity authentication. The method includes the steps of firstly, conducting user registration identity authentication, wherein identity registration is conducted, encryption authentication is conducted through an asymmetrical encryption system, and the asymmetrical encryption system is composed of a pair of public and private keys; secondly, establishing a firewall; thirdly, establishing an intrusion prevention network; fourthly, conducting user login, wherein a user logs in through a webpage interface, authentication is conducted through the asymmetrical encryption system in the login process, the SAS-2 is adopted for authentication at the same time, and information is sent into a server when one of authentication systems does not pass the authentication, the server conducts detection through the intrusion prevention module, and the user is prompted to change the login information when no intrusion is detected; fifthly, conducting logout. By means of the method, the system security can be improved, safety login and logout are achieved, the whole login process is in a security mode, and operation is easy and convenient.
Description
Technical field:
The present invention relates to identity identifying technology field, be specifically related to a kind of intranet security prevention method based on the certification of dynamic encryption host identities.
Background technology:
Authentication is the process confirming operator's identity in a computer network.Authentication can be divided into the certification between user and main frame and the certification between main frame and main frame, certification between user and main frame can based on one or several factor following: the thing known to user: such as password, password etc., user gathers around anything, such as seal, smart card (as credit card etc.); The biological characteristic that user has: such as fingerprint, sound, retina, signature, person's handwriting etc.
These three kinds can be divided into the authentication basic skills of user:
(1) information, known to you proves your identity;
(2), according to you gather around the identity that anything proves you;
(3) your identity, is directly proved according to unique physical trait.
At present, dynamic identity authentication method mainly contains the authentication modes such as challenge/response, time synchronized and SAS-2, and wherein SAS-2 dynamic confirming method does not need independent configure hardware, realizes cost low, is suitable in network system now, but still defectiveness.Its ability does not remove opposing man-in-the-middle attack and Denial of Service attack, and current network attack 80% is all Denial of Service attack, therefore studies a kind of fail safe higher, and the dynamic password identity authentication method logging in efficiency also high has important practical usage.
Summary of the invention:
The object of this invention is to provide a kind of intranet security prevention method based on the certification of dynamic encryption host identities, it can improve the fail safe of system, realizes secure log and exits; Whole login process is safe mode, easy and simple to handle.
In order to solve the problem existing for background technology, the present invention adopts following technical scheme: the method that its certification is taken precautions against is:
One, user's enrollment status certification: first enrollment status, and be encrypted certification by asymmetric cryptosystem system; Asymmetric cryptosystem system is a pair public and private key composition;
Two, set up fire compartment wall: firewall software downloaded by main frame and Auto-mounting on computers, detect the security setting on computer, adjusted to safe mode;
Three, set up pre-anti-intrusion network: open the defence invasion module that main frame carries, defence invasion module automatically detects and processes invasion information, and is sent on server by invasion information, server carries out analyzing, processes, adds up;
Four, user logs in: logged in by web interface, adopts asymmetric cryptosystem system to carry out certification during login; Also adopt SAS-2 to carry out certification simultaneously, out-of-date information is sent in server when one of them Verification System is obstructed; Server is detected by defence invasion module, points out user to change log-on message when not detecting invasion;
Five, log off: when logging off, the time of exiting and address are sent on server, and information is encrypted; Next time can be checked by certification when logging in.
The present invention has following beneficial effect: the fail safe that can improve system, realizes secure log and exits; Whole login process is safe mode, easy and simple to handle.
Embodiment:
This embodiment adopts following technical scheme: the method that its certification is taken precautions against is:
One, user's enrollment status certification: first enrollment status, and be encrypted certification by asymmetric cryptosystem system; Asymmetric cryptosystem system is a pair public and private key composition;
Two, set up fire compartment wall: firewall software downloaded by main frame and Auto-mounting on computers, detect the security setting on computer, adjusted to safe mode;
Three, set up pre-anti-intrusion network: open the defence invasion module that main frame carries, defence invasion module automatically detects and processes invasion information, and is sent on server by invasion information, server carries out analyzing, processes, adds up;
Four, user logs in: logged in by web interface, adopts asymmetric cryptosystem system to carry out certification during login; Also adopt SAS-2 to carry out certification simultaneously, out-of-date information is sent in server when one of them Verification System is obstructed; Server is detected by defence invasion module, points out user to change log-on message when not detecting invasion;
Five, log off: when logging off, the time of exiting and address are sent on server, and information is encrypted; Next time can be checked by certification when logging in.
This embodiment has following beneficial effect: the fail safe that can improve system, realizes secure log and exits; Whole login process is safe mode, easy and simple to handle.
The foregoing is only preferred embodiment of the present invention, not in order to limit the present invention, within the spirit and principles in the present invention all, any amendment done, equivalent replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (1)
1., based on an intranet security prevention method for dynamic encryption host identities certification, it is characterized in that the method that its certification is taken precautions against is:
(1), user's enrollment status certification: first enrollment status, and be encrypted certification by asymmetric cryptosystem system; Asymmetric cryptosystem system is a pair public and private key composition;
(2), set up fire compartment wall: firewall software downloaded by main frame and Auto-mounting on computers, detect the security setting on computer, adjusted to safe mode;
(3), set up pre-anti-intrusion network: open the defence invasion module that main frame carries, defence invasion module automatically detects and processes invasion information, and is sent on server by invasion information, server carries out analyzing, processes, adds up;
(4), user logs in: logged in by web interface, adopt asymmetric cryptosystem system to carry out certification during login; Also adopt SAS-2 to carry out certification simultaneously, out-of-date information is sent in server when one of them Verification System is obstructed; Server is detected by defence invasion module, points out user to change log-on message when not detecting invasion;
(5), log off: when logging off, the time of exiting and address are sent on server, and information is encrypted; Next time can be checked by certification when logging in.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410549655.4A CN104378351A (en) | 2014-10-16 | 2014-10-16 | Internal network security protection method based on dynamic encryption host identity authentication |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410549655.4A CN104378351A (en) | 2014-10-16 | 2014-10-16 | Internal network security protection method based on dynamic encryption host identity authentication |
Publications (1)
Publication Number | Publication Date |
---|---|
CN104378351A true CN104378351A (en) | 2015-02-25 |
Family
ID=52557008
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410549655.4A Pending CN104378351A (en) | 2014-10-16 | 2014-10-16 | Internal network security protection method based on dynamic encryption host identity authentication |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104378351A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108881310A (en) * | 2018-08-15 | 2018-11-23 | 飞天诚信科技股份有限公司 | A kind of Accreditation System and its working method |
US11811952B2 (en) | 2018-08-15 | 2023-11-07 | Feitian Technologies Co., Ltd. | Authentication system and working method thereof |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CA2434591A1 (en) * | 2003-07-08 | 2005-01-08 | Bluecelebro 802 Inc. | Method and system for authentication in a network system |
CN201360263Y (en) * | 2008-09-10 | 2009-12-09 | 中国工商银行股份有限公司 | Dynamic-password-based identification authentication system |
CN102710605A (en) * | 2012-05-08 | 2012-10-03 | 重庆大学 | Information security management and control method under cloud manufacturing environment |
-
2014
- 2014-10-16 CN CN201410549655.4A patent/CN104378351A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CA2434591A1 (en) * | 2003-07-08 | 2005-01-08 | Bluecelebro 802 Inc. | Method and system for authentication in a network system |
CN201360263Y (en) * | 2008-09-10 | 2009-12-09 | 中国工商银行股份有限公司 | Dynamic-password-based identification authentication system |
CN102710605A (en) * | 2012-05-08 | 2012-10-03 | 重庆大学 | Information security management and control method under cloud manufacturing environment |
Non-Patent Citations (2)
Title |
---|
李欣娣: "一种基于动态加密主机身份认证的内网安全防范方法", 《中国优秀硕士学位论文全文数据库信息科技辑》 * |
马传龙,谭建明: "《网络安全实践》", 30 September 2009, 西安:西安电子科技大学出版社 * |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108881310A (en) * | 2018-08-15 | 2018-11-23 | 飞天诚信科技股份有限公司 | A kind of Accreditation System and its working method |
CN108881310B (en) * | 2018-08-15 | 2020-05-19 | 飞天诚信科技股份有限公司 | Registration system and working method thereof |
US11811952B2 (en) | 2018-08-15 | 2023-11-07 | Feitian Technologies Co., Ltd. | Authentication system and working method thereof |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8677466B1 (en) | Verification of digital certificates used for encrypted computer communications | |
Naik et al. | Cyber security—iot | |
EP2448211B1 (en) | Method, system and equipment for detecting botnets | |
WO2007120383A3 (en) | Client side attack resistant phishing detection | |
CN114598540A (en) | Access control system, method, device and storage medium | |
Ng et al. | Applying data mining techniques to intrusion detection | |
CN108737390B (en) | Authentication method and system for protecting user name privacy | |
CN103401872B (en) | The method prevented and detect man-in-the-middle attack based on RDP improved protocol | |
CN103618613A (en) | Network access control system | |
Sidheeq et al. | Utilizing trusted platform module to mitigate botnet attacks | |
Benzaïd et al. | Intelligent detection of MAC spoofing attack in 802.11 network | |
Mandlekar et al. | Survey on fog computing mitigating data theft attacks in cloud | |
CN104378351A (en) | Internal network security protection method based on dynamic encryption host identity authentication | |
Rupal et al. | Detection and prevention of ARP poisoning in dynamic IP configuration | |
Ponomarev et al. | Detection of ssh host spoofing in control systems through network telemetry analysis | |
Torii et al. | Multi-layered defense against advanced persistent threats (apt) | |
Tan et al. | Securing password authentication for web-based applications | |
Al-Ayed et al. | An Efficient Practice of Privacy Implementation: Kerberos and Markov Chain to Secure File Transfer Sessions. | |
Nwogu | Improving the security of the internet banking system using three-level security implementation | |
Lee et al. | Hb-dipm: human behavior analysis-based malware detection and intrusion prevention model in the future internet | |
Kuacharoen | An Anti-Phishing Password Authentication Protocol. | |
Crihan et al. | Hybrid methods of authentication in network security | |
US11356415B2 (en) | Filter for suspicious network activity attempting to mimic a web browser | |
TW201917621A (en) | Detection method and system for preventing password file leakage building an index database to store the correct account/password pairing code | |
CN117278335B (en) | Password suite selection method and device, electronic equipment and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20150225 |
|
WD01 | Invention patent application deemed withdrawn after publication |