CN104378351A - Internal network security protection method based on dynamic encryption host identity authentication - Google Patents

Internal network security protection method based on dynamic encryption host identity authentication Download PDF

Info

Publication number
CN104378351A
CN104378351A CN201410549655.4A CN201410549655A CN104378351A CN 104378351 A CN104378351 A CN 104378351A CN 201410549655 A CN201410549655 A CN 201410549655A CN 104378351 A CN104378351 A CN 104378351A
Authority
CN
China
Prior art keywords
certification
authentication
server
user
invasion
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201410549655.4A
Other languages
Chinese (zh)
Inventor
傅涛
傅德胜
经正俊
孙文静
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
JIANGSU BOZHI SOFTWARE TECHNOLOGY Co Ltd
Original Assignee
JIANGSU BOZHI SOFTWARE TECHNOLOGY Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by JIANGSU BOZHI SOFTWARE TECHNOLOGY Co Ltd filed Critical JIANGSU BOZHI SOFTWARE TECHNOLOGY Co Ltd
Priority to CN201410549655.4A priority Critical patent/CN104378351A/en
Publication of CN104378351A publication Critical patent/CN104378351A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • H04L9/16Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms the keys or algorithms being changed during operation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0457Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply dynamic encryption, e.g. stream encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/1066Session management
    • H04L65/1073Registration or de-registration

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention provides an internal network security protection method based on dynamic encryption host identity authentication, and relates to the technical field of identity authentication. The method includes the steps of firstly, conducting user registration identity authentication, wherein identity registration is conducted, encryption authentication is conducted through an asymmetrical encryption system, and the asymmetrical encryption system is composed of a pair of public and private keys; secondly, establishing a firewall; thirdly, establishing an intrusion prevention network; fourthly, conducting user login, wherein a user logs in through a webpage interface, authentication is conducted through the asymmetrical encryption system in the login process, the SAS-2 is adopted for authentication at the same time, and information is sent into a server when one of authentication systems does not pass the authentication, the server conducts detection through the intrusion prevention module, and the user is prompted to change the login information when no intrusion is detected; fifthly, conducting logout. By means of the method, the system security can be improved, safety login and logout are achieved, the whole login process is in a security mode, and operation is easy and convenient.

Description

A kind of intranet security prevention method based on the certification of dynamic encryption host identities
Technical field:
The present invention relates to identity identifying technology field, be specifically related to a kind of intranet security prevention method based on the certification of dynamic encryption host identities.
Background technology:
Authentication is the process confirming operator's identity in a computer network.Authentication can be divided into the certification between user and main frame and the certification between main frame and main frame, certification between user and main frame can based on one or several factor following: the thing known to user: such as password, password etc., user gathers around anything, such as seal, smart card (as credit card etc.); The biological characteristic that user has: such as fingerprint, sound, retina, signature, person's handwriting etc.
These three kinds can be divided into the authentication basic skills of user:
(1) information, known to you proves your identity;
(2), according to you gather around the identity that anything proves you;
(3) your identity, is directly proved according to unique physical trait.
At present, dynamic identity authentication method mainly contains the authentication modes such as challenge/response, time synchronized and SAS-2, and wherein SAS-2 dynamic confirming method does not need independent configure hardware, realizes cost low, is suitable in network system now, but still defectiveness.Its ability does not remove opposing man-in-the-middle attack and Denial of Service attack, and current network attack 80% is all Denial of Service attack, therefore studies a kind of fail safe higher, and the dynamic password identity authentication method logging in efficiency also high has important practical usage.
Summary of the invention:
The object of this invention is to provide a kind of intranet security prevention method based on the certification of dynamic encryption host identities, it can improve the fail safe of system, realizes secure log and exits; Whole login process is safe mode, easy and simple to handle.
In order to solve the problem existing for background technology, the present invention adopts following technical scheme: the method that its certification is taken precautions against is:
One, user's enrollment status certification: first enrollment status, and be encrypted certification by asymmetric cryptosystem system; Asymmetric cryptosystem system is a pair public and private key composition;
Two, set up fire compartment wall: firewall software downloaded by main frame and Auto-mounting on computers, detect the security setting on computer, adjusted to safe mode;
Three, set up pre-anti-intrusion network: open the defence invasion module that main frame carries, defence invasion module automatically detects and processes invasion information, and is sent on server by invasion information, server carries out analyzing, processes, adds up;
Four, user logs in: logged in by web interface, adopts asymmetric cryptosystem system to carry out certification during login; Also adopt SAS-2 to carry out certification simultaneously, out-of-date information is sent in server when one of them Verification System is obstructed; Server is detected by defence invasion module, points out user to change log-on message when not detecting invasion;
Five, log off: when logging off, the time of exiting and address are sent on server, and information is encrypted; Next time can be checked by certification when logging in.
The present invention has following beneficial effect: the fail safe that can improve system, realizes secure log and exits; Whole login process is safe mode, easy and simple to handle.
Embodiment:
This embodiment adopts following technical scheme: the method that its certification is taken precautions against is:
One, user's enrollment status certification: first enrollment status, and be encrypted certification by asymmetric cryptosystem system; Asymmetric cryptosystem system is a pair public and private key composition;
Two, set up fire compartment wall: firewall software downloaded by main frame and Auto-mounting on computers, detect the security setting on computer, adjusted to safe mode;
Three, set up pre-anti-intrusion network: open the defence invasion module that main frame carries, defence invasion module automatically detects and processes invasion information, and is sent on server by invasion information, server carries out analyzing, processes, adds up;
Four, user logs in: logged in by web interface, adopts asymmetric cryptosystem system to carry out certification during login; Also adopt SAS-2 to carry out certification simultaneously, out-of-date information is sent in server when one of them Verification System is obstructed; Server is detected by defence invasion module, points out user to change log-on message when not detecting invasion;
Five, log off: when logging off, the time of exiting and address are sent on server, and information is encrypted; Next time can be checked by certification when logging in.
This embodiment has following beneficial effect: the fail safe that can improve system, realizes secure log and exits; Whole login process is safe mode, easy and simple to handle.
The foregoing is only preferred embodiment of the present invention, not in order to limit the present invention, within the spirit and principles in the present invention all, any amendment done, equivalent replacement, improvement etc., all should be included within protection scope of the present invention.

Claims (1)

1., based on an intranet security prevention method for dynamic encryption host identities certification, it is characterized in that the method that its certification is taken precautions against is:
(1), user's enrollment status certification: first enrollment status, and be encrypted certification by asymmetric cryptosystem system; Asymmetric cryptosystem system is a pair public and private key composition;
(2), set up fire compartment wall: firewall software downloaded by main frame and Auto-mounting on computers, detect the security setting on computer, adjusted to safe mode;
(3), set up pre-anti-intrusion network: open the defence invasion module that main frame carries, defence invasion module automatically detects and processes invasion information, and is sent on server by invasion information, server carries out analyzing, processes, adds up;
(4), user logs in: logged in by web interface, adopt asymmetric cryptosystem system to carry out certification during login; Also adopt SAS-2 to carry out certification simultaneously, out-of-date information is sent in server when one of them Verification System is obstructed; Server is detected by defence invasion module, points out user to change log-on message when not detecting invasion;
(5), log off: when logging off, the time of exiting and address are sent on server, and information is encrypted; Next time can be checked by certification when logging in.
CN201410549655.4A 2014-10-16 2014-10-16 Internal network security protection method based on dynamic encryption host identity authentication Pending CN104378351A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410549655.4A CN104378351A (en) 2014-10-16 2014-10-16 Internal network security protection method based on dynamic encryption host identity authentication

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410549655.4A CN104378351A (en) 2014-10-16 2014-10-16 Internal network security protection method based on dynamic encryption host identity authentication

Publications (1)

Publication Number Publication Date
CN104378351A true CN104378351A (en) 2015-02-25

Family

ID=52557008

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410549655.4A Pending CN104378351A (en) 2014-10-16 2014-10-16 Internal network security protection method based on dynamic encryption host identity authentication

Country Status (1)

Country Link
CN (1) CN104378351A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108881310A (en) * 2018-08-15 2018-11-23 飞天诚信科技股份有限公司 A kind of Accreditation System and its working method
US11811952B2 (en) 2018-08-15 2023-11-07 Feitian Technologies Co., Ltd. Authentication system and working method thereof

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CA2434591A1 (en) * 2003-07-08 2005-01-08 Bluecelebro 802 Inc. Method and system for authentication in a network system
CN201360263Y (en) * 2008-09-10 2009-12-09 中国工商银行股份有限公司 Dynamic-password-based identification authentication system
CN102710605A (en) * 2012-05-08 2012-10-03 重庆大学 Information security management and control method under cloud manufacturing environment

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CA2434591A1 (en) * 2003-07-08 2005-01-08 Bluecelebro 802 Inc. Method and system for authentication in a network system
CN201360263Y (en) * 2008-09-10 2009-12-09 中国工商银行股份有限公司 Dynamic-password-based identification authentication system
CN102710605A (en) * 2012-05-08 2012-10-03 重庆大学 Information security management and control method under cloud manufacturing environment

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
李欣娣: "一种基于动态加密主机身份认证的内网安全防范方法", 《中国优秀硕士学位论文全文数据库信息科技辑》 *
马传龙,谭建明: "《网络安全实践》", 30 September 2009, 西安:西安电子科技大学出版社 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108881310A (en) * 2018-08-15 2018-11-23 飞天诚信科技股份有限公司 A kind of Accreditation System and its working method
CN108881310B (en) * 2018-08-15 2020-05-19 飞天诚信科技股份有限公司 Registration system and working method thereof
US11811952B2 (en) 2018-08-15 2023-11-07 Feitian Technologies Co., Ltd. Authentication system and working method thereof

Similar Documents

Publication Publication Date Title
US8677466B1 (en) Verification of digital certificates used for encrypted computer communications
Naik et al. Cyber security—iot
EP2448211B1 (en) Method, system and equipment for detecting botnets
WO2007120383A3 (en) Client side attack resistant phishing detection
CN114598540A (en) Access control system, method, device and storage medium
Ng et al. Applying data mining techniques to intrusion detection
CN108737390B (en) Authentication method and system for protecting user name privacy
CN103401872B (en) The method prevented and detect man-in-the-middle attack based on RDP improved protocol
CN103618613A (en) Network access control system
Sidheeq et al. Utilizing trusted platform module to mitigate botnet attacks
Benzaïd et al. Intelligent detection of MAC spoofing attack in 802.11 network
Mandlekar et al. Survey on fog computing mitigating data theft attacks in cloud
CN104378351A (en) Internal network security protection method based on dynamic encryption host identity authentication
Rupal et al. Detection and prevention of ARP poisoning in dynamic IP configuration
Ponomarev et al. Detection of ssh host spoofing in control systems through network telemetry analysis
Torii et al. Multi-layered defense against advanced persistent threats (apt)
Tan et al. Securing password authentication for web-based applications
Al-Ayed et al. An Efficient Practice of Privacy Implementation: Kerberos and Markov Chain to Secure File Transfer Sessions.
Nwogu Improving the security of the internet banking system using three-level security implementation
Lee et al. Hb-dipm: human behavior analysis-based malware detection and intrusion prevention model in the future internet
Kuacharoen An Anti-Phishing Password Authentication Protocol.
Crihan et al. Hybrid methods of authentication in network security
US11356415B2 (en) Filter for suspicious network activity attempting to mimic a web browser
TW201917621A (en) Detection method and system for preventing password file leakage building an index database to store the correct account/password pairing code
CN117278335B (en) Password suite selection method and device, electronic equipment and storage medium

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20150225

WD01 Invention patent application deemed withdrawn after publication