CN105610774B - A kind of network safety system and secure box based on Encryption Algorithm - Google Patents

A kind of network safety system and secure box based on Encryption Algorithm Download PDF

Info

Publication number
CN105610774B
CN105610774B CN201510592288.0A CN201510592288A CN105610774B CN 105610774 B CN105610774 B CN 105610774B CN 201510592288 A CN201510592288 A CN 201510592288A CN 105610774 B CN105610774 B CN 105610774B
Authority
CN
China
Prior art keywords
encryption
network
key
module
safety
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510592288.0A
Other languages
Chinese (zh)
Other versions
CN105610774A (en
Inventor
谢超平
周华君
查晓辉
倪黎
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chengdu Sobey Digital Technology Co Ltd
Original Assignee
Chengdu Sobey Digital Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chengdu Sobey Digital Technology Co Ltd filed Critical Chengdu Sobey Digital Technology Co Ltd
Priority to CN201510592288.0A priority Critical patent/CN105610774B/en
Publication of CN105610774A publication Critical patent/CN105610774A/en
Application granted granted Critical
Publication of CN105610774B publication Critical patent/CN105610774B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Small-Scale Networks (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a kind of network safety system and secure box based on Encryption Algorithm, including safe encryption unit and safety check unit, the safe encryption unit includes sequentially connected encryption mark generation module, encryption key generation module, coding encrypting module, textual data encrypting module and scrambling code processing module, encryption mark generation module and high safety are connected to the network, scrambling code processing module and lower security are connected to the network, and safe encryption unit further includes the timestamp generation module connecting with encryption mark generation module.The safety check unit includes address check module and encryption mark correction verification module, and lower security network passes sequentially through address check module and encryption mark correction verification module and high safety is connected to the network.The present invention realizes in the data transmission procedure of height secure network that the unified security encryption and unified security verification of data guarantee the transparency safety of data in transmission process, effectively improve the safety of textual data ciphertext.

Description

A kind of network safety system and secure box based on Encryption Algorithm
Technical field
The present invention relates to network safety fileds, more particularly to a kind of network safety system based on Encryption Algorithm, and It is equipped with the secure box of the network safety system.
Background technique
Network security refers to that the data in the hardware, software and its system of network system are protected, not because accidental or The reason of person's malice and by destruction, change, leakage, system is continuously reliably normally run, and network service is not interrupted.
In the existing technology for solving network security, generally there are following three kinds of problems:
1)There is different encryption safe algorithms between each corporate department, it is all integrated in respective software module before In, there is overlapping development and quality difference largely, very high with the application software degree of coupling, safe coefficient is irregular not Together.
2)There are some different degrees of drawbacks for the method for existing common encrypted transmission, such as:By the way of certificate When being transmitted, certificate can be found and forged by Network Sniffing, while the production of certificate is also required to certain cost.
3)The transport of the existing normal height safety zone that data are realized using security ViGap, safety isolation network gate, also known as " net Lock ", " physics isolation net gap " to realize the security isolation between different security level networks, and provide appropriateness controllable number According to the software and hardware system of exchange, but there are expensive the defects of bothering with deployment for safety isolation network gate.
Summary of the invention
It is an object of the invention to overcome the deficiencies of the prior art and provide a kind of network security system based on Encryption Algorithm System, is applied in secure box, using secure box as carrier, in the data transmission procedure of realization height secure network, data Unified security encryption and unified security verification.The transparency safety for guaranteeing data in transmission process, is protected in high safety network By the machine of guarantor, the safety of textual data ciphertext is effectively improved.
The purpose of the present invention is achieved through the following technical solutions:A kind of network security system based on Encryption Algorithm System, it includes safe encryption unit, which includes following multiple module.
1. encryption mark generation module:Select 1-n times or 1-n kind non-right to sent the data segment of Socket message Claim Encryption Algorithm to carry out cryptographic calculation, obtains the encryption mark of fixed length byte, n is natural number.
2. encryption key generation module:Select 1-n times or 1-n kind asymmetric primary key key in Socket message Encryption Algorithm carries out cryptographic calculation, obtains encryption key Encryption_key.
3. coding encrypting module:Encryption key Encryption_key is carried out again at 1-n times or 1-n kind coding encrypting Reason, obtains coded key Encode_Encryption_key.
4. encryption factor extraction module:Coded key Encode_Encryption_key is resolved into a variety of different shadows Ring the encryption factor of textual data encrypted result.
5. textual data encrypting module:1-n times or 1-n kind is selected symmetrically to add in plain text textual data according to encryption factor Close algorithm carries out cryptographic calculation, obtains textual data ciphertext, obtains new encrypted Socket message to be sent.
Further, the encryption factor includes in coded key Encode_Encryption_key with the first length Key SymmetricEncryption_key of the byte section as symmetric encipherment algorithm, further includes coded key Encode_ Using the second length byte section as the encryption vector of symmetric encipherment algorithm in Encryption_key SymmetricEncryption_IV。
Further, the safe encryption unit further includes scrambling code processing module:To encrypted Socket to be sent The data segment of message carries out scrambling code processing.
Preferably, the scrambling code processing includes the overturning of byte and the positioning of byte.
Further, the safe encryption unit further includes timestamp generation module:Timestamp generation module generation time Stamp, encryption mark generation module carry out asymmetric encryption operation according to data segment of the timestamp to Socket message, are encrypted Mark.
Further, the timestamp includes current time stamp, upper time stamp and lower time stamp, when the upper moment Between stab and lower time stamp be current time stamp former and later two adjacent to timestamp, encryption mark generation module is according to this three Timestamp carries out asymmetric encryption operation to data segment respectively, obtains encryption mark.
In the present invention, the system also includes safety check unit, which includes encryption mark calibration mode Block:When lower security network sends Socket message to high safety network, it is to be received that encryption mark correction verification module verifies this Socket message carries the encryption mark, and if it exists, then determines that the Socket message is legal message, otherwise, carries out Alarm log records and abandons the Socket message.
Further, the safety check unit includes address check module:To the source in the header of Socket message Port address and destination port address carry out address check by the way of pairing, filter out source port address and destination port address Unmatched Socket message.
A kind of secure box, including the network safety system based on Encryption Algorithm, one end of the secure box is logical It crosses network interface and lower security is connected to the network, the other end of the secure box is connected to the network by USB interface and high safety.
The beneficial effects of the invention are as follows:
1)High safety network and lower security network are all made of network safety system proposed by the invention, treat received Socket message carries out unified security encryption and unified security verification, reaches and is farthest multiplexed, no longer needs in each company The problem of integrating Encryption Algorithm in the software module of department, overcoming overlapping development and quality difference.
2)The present invention can filter out most of invalid informations in network level by address check module, pass through encryption Mark correction verification module makes the malicious requests of the malicious attack of such as DDOS etc cannot be introduced into the arrival of high safety network by guarantor's machine.
3)Encryption method proposed by the invention can realize transparent data transfer, prevent Network Sniffing, even if data are smelt It visits, the danger of leakage of information will not occur;The present invention can select 1-n according to factors such as application scenarios, safety and performances Secondary or 1-n kind rivest, shamir, adelman and symmetric encipherment algorithm improve the complexity of key, and increasing key strength prevents weak passwurd Problem increases the complexity of encryption factor, improves the safety of textual data ciphertext.
4)The present invention, which is also handled by scrambling code, prevents cracking to the directional orientation tool of algorithm.
5)The present invention replaces safety isolation network gate in the prior art using secure box, and secure box passes through network interface It is connected to the network with lower security, is connected to the network by USB interface and high safety, line is simple, is conducive to deployment, and secure box structure Simply, low in cost.When high safety network is to lower security network traffic, by the algorithm for encryption of secure box, low peace The attacker of whole network can not crack, and ensure the safety of high safety network data;When lower security network is to high safety network When transmitting information, the message for only carrying encryption mark could pass through, and others cannot pass through, and ensure high safety network Data it is pure.
Detailed description of the invention
Fig. 1 is the structural block diagram of safe encryption unit in the present invention;
Fig. 2 is the structural block diagram of safety check unit in the present invention;
Fig. 3 is the flow diagram of encryption method in the present invention;
Fig. 4 is the structural block diagram of network safety system in the present invention;
Fig. 5 is one of the structure chart of secure box in the present invention;
Fig. 6 is two of the structure chart of secure box in the present invention;
Fig. 7 is the structural block diagram of the movement circuit of secure box in the present invention;
In figure, 1- shell, 2-USB interface, 3- network interface, 4- power supply indicator, 5- communication connection indicator light, 6- power supply Interface, 7- switch, 8- reset key.
Specific embodiment
Technical solution of the present invention is described in further detail with reference to the accompanying drawing, but protection scope of the present invention is not limited to It is as described below.
A kind of network safety system based on Encryption Algorithm, it includes safe encryption unit and safety check unit, described Safe encryption unit for high safety network to lower security network send Socket message when, to sent Socket message into Row safety encryption;When the safety check unit sends Socket message to high safety network for lower security network, to waiting The Socket message of receipts carries out safety check.Wherein, the format of the Socket message is:Header+data segment;Header can be IP Header, UDP header or TCP header etc..Data segment includes encryption mark and textual data.The encryption is denoted as encryption mark life Fixed length byte is taken in the data segment of Socket message to be sent at module(Such as take 20 bytes).
(One)Safe encryption unit
As shown in Figure 1, the safe encryption unit includes following multiple module in the present invention:
1. encryption mark generation module:Select 1-n times or 1-n kind non-right to sent the data segment of Socket message Claim Encryption Algorithm to carry out cryptographic calculation, obtains the encryption mark of fixed length byte.
2. encryption key generation module:Select 1-n times or 1-n kind asymmetric primary key key in Socket message Encryption Algorithm carries out cryptographic calculation, obtains encryption key Encryption_key, obtains new encryption mark, n is natural number.
3. coding encrypting module:Encryption key Encryption_key is carried out again at 1-n times or 1-n kind coding encrypting Reason, obtains coded key Encode_Encryption_key.
It can further improve the complexity of key by coding encrypting, increase key strength, prevent weak passwurd problem, this hair It is bright also 1-n time or 1-n kind coding encrypting to be selected to handle according to application scenarios, safety and performance, further increase encryption because The complexity of son.
4. encryption factor extraction module:Coded key Encode_Encryption_key is resolved into a variety of different shadows Ring the encryption factor of textual data encrypted result.
Further, the encryption factor includes in coded key Encode_Encryption_key with the first length Key SymmetricEncryption_key of the byte section as symmetric encipherment algorithm, further includes coded key Encode_ Using the second length byte section as the encryption vector of symmetric encipherment algorithm in Encryption_key SymmetricEncryption_IV。
5. textual data encrypting module:1-n times or 1-n kind is selected symmetrically to add in plain text textual data according to encryption factor Close algorithm carries out cryptographic calculation, obtains textual data ciphertext, obtains new encrypted Socket message to be sent.
6. scrambling code processing module:Scrambling code processing is carried out to the data segment of encrypted Socket message to be sent.
Further, the scrambling code processing includes the overturning of byte and the positioning of byte.
7. timestamp generation module:Timestamp generation module generation time stamp, encryption mark generation module is according to timestamp Asymmetric encryption operation is carried out to the data segment of Socket message, obtains encryption mark.
Further, when carrying out asymmetric encryption operation to data segment according to timestamp, secure box, high safety network It is consistent with the requirement of the timestamp of lower security network tripartite, it is contemplated that the case where critical value malfunctions, the present invention allow the tripartite to exist Fault-tolerant time difference appropriate, the timestamp may include current time stamp, upper time stamp and lower time stamp, upper moment Timestamp and lower time stamp be current time stamp former and later two adjacent to timestamp, encryption mark generation module according to this three A timestamp selects 1-n times or 1-n kind rivest, shamir, adelman to carry out cryptographic calculation data segment respectively, obtains encryption mark.
Correspondingly, recipient after receiving the Socket message of encryption, need to mark encryption using corresponding Encryption Algorithm Show and verifying is decrypted.In the verification process of encryption mark, corresponding 1-n times or 1-n kind is selected symmetrically to add according to timestamp Comparison processing is decrypted in close algorithm, obtains verification data, if the verification data are consistent with encryption key Encryption_key, Then the encryption mark of the message is legal.
Further, if timestamp includes that current time stamp, upper time stamp and lower time are stabbed, basis should Three timestamps select corresponding 1-n times or 1-n kind symmetric encipherment algorithm that comparison processing is decrypted data segment respectively, as long as Occur that a verification data are consistent with encryption key Encryption_key, then determines that the encryption mark of the Socket message is closed Method.
Certainly, consider for performance, comparison can be decrypted according to current time stamp first, when occurring illegal, then Comparison is decrypted adjacent to timestamp by former and later two.
(Two)Safety check unit
As shown in Fig. 2, the safety check unit includes following multiple module in the present invention:
1. encryption mark correction verification module:When lower security network sends Socket message to high safety network, encryption mark Correction verification module verifies the Socket message to be received and carries the encryption mark, and if it exists, then determines that the Socket is reported Text is legal message, otherwise, carries out alarm log record and abandons the Socket message.
2. address check module:Before encryption mark correction verification module carries out safety check to band transmission Socket message, Address check module in the header of Socket message source port address and destination port address using pairing by the way of carry out Address check filters out source port address and the unmatched Socket message in destination port address.
In the present invention, encryption mark correction verification module may make that the malicious requests of the malicious attack of such as DDOS etc can not be into Enter high safety network, because attacker is not aware that secure box uses the encryption mark which type of mode obtains, Attacker, which can not copy encryption mark or even attacker not to know, encryption mark verification, so can not cope with, therefore These attacks can be filtered out at encryption mark inspection.And address check module can filter out mostly in network level Number invalid information.
(Three)Working principle
A kind of network safety system based on Encryption Algorithm proposed by the invention is applied to a kind of with easy portion small in size In the secure box of the features such as administration, when high safety network is to lower security network traffic, pass through the calculation of network safety system Method encryption, the attacker of lower security network can not crack, and ensure the safety of high safety network data;When lower security network to When high safety network traffic, the message for only carrying encryption mark could pass through, and others cannot pass through, and ensure High safety network data it is pure.
(1)As shown in figure 3, when high safety network sends Socket message to lower security network by secure box, The working principle encrypted safely is as described below.
S1, timestamp generation module generation time stamp, obtain encryption mark.Encryption mark generation module is according to timestamp pair The data segment of Socket message to be sent selects 1-n times or 1-n kind rivest, shamir, adelman to carry out cryptographic calculation, obtains fixed length The encryption of byte indicates.
The rivest, shamir, adelman includes hash algorithm etc., can select 1-n times or 1-n kind hash algorithm to data segment, Hash signature is carried out, encryption mark is obtained.
S2, encryption key generation module select the primary key key in Socket message 1-n times or 1- according to timestamp N kind rivest, shamir, adelman carries out cryptographic calculation, encryption key Encryption_key is obtained, by encryption key Encryption_key covering primary key forms new encryption mark.
For example, by using hash algorithm, obtained encryption key Encryption_key is encryption key Hash_key.
S3, coding encrypting module carry out 1-n times or 1-n kind coding encrypting processing to encryption key Hash_key again, obtain Coded key Encode_Encryption_key.
It is coding for example, by using base64 coding encrypting algorithm, obtained coded key Encode_Encryption_key Key BASE64_Hash_key.
Coded key Encode_Encryption_key is resolved into a variety of different shadows by S4, encryption factor extraction module The encryption factor of encrypted result is rung, the encryption factor includes in coded key using the byte of the first length as symmetric cryptography The key of algorithm, such as using 32 characters before coded key as symmetric encipherment algorithm(Including AES symmetric encipherment algorithm)It is close Key AES_key, encryption factor further include in coded key using the byte of the second length as the encryption vector of symmetric encipherment algorithm, Such as using rear 16 character of coded key as the encryption vector AES_IV of AES symmetric encipherment algorithm.
S5, textual data encrypting module are according to the encryption factor including key A ES_key and encryption vector AES_IV, to just Literary data clear text selects 1-n times or 1-n kind symmetric encipherment algorithm(Including AES symmetric encipherment algorithm)Cryptographic calculation is carried out, is obtained Textual data ciphertext covering textual data is formed new textual data section in plain text, after obtaining new encryption by textual data ciphertext Socket message, so that data transparent transmission is realized, even if data the problem of leakage of information will not be occurred, be connect by sniff Receptor can utilize corresponding Encryption Algorithm(Such as AES symmetric encipherment algorithm)Operation is decrypted.The present invention can be according to application Scene, the comprehensive factors such as operand and encryption intensity, carry out multiple symmetric encryption operation to textual data in plain text.
S6, scrambling code processing module carry out scrambling code processing to the data segment of encrypted Socket message to be sent, including The overturning of byte and the positioning of byte, to prevent cracking to the directional orientation tool of algorithm.
(2)When lower security network sends Socket message to high safety network by secure box, safe school is carried out The working principle tested is as follows.
S1, address check module in the header of Socket message source port address and destination port address using pairing Mode carry out address check, filter out source port address and the unmatched Socket message in destination port address.It realizes in net Network layers face filters out most of invalid informations.
Whether the data segment that S2, encryption mark correction verification module verify the message to be transmitted has the encryption to indicate, can be to three A timestamp carries out cryptographic calculation respectively, obtains three verification data, as long as one of verification data and encryption mark are consistent, Just at last otherwise legal message to progress alarm log record and abandons the reception message.
(Four)Secure box
A kind of secure box proposed by the invention, including the above-mentioned network safety system based on Encryption Algorithm, such as Fig. 4 institute Show, one end of the secure box is connected to the network by network interface 3 and lower security, and the other end of the secure box is connect by USB Mouth 2 is connected to the network with high safety.
As shown in figure 5, in the present invention, shown in secure box include shell 1 and be arranged in shell 1 for safe school The movement circuit tested is additionally provided on the shell 1 with the USB interface 2 of high safety network connection and is connected to the network with lower security Network interface 3, which has the characteristics that easy deployment small in size, for replacing currently used safety isolation network gate.
Further, indicator light is additionally provided on the shell 1, the indicator light includes power supply indicator 4 and communication link Connect indicator light 5.
Further, as shown in fig. 6, being additionally provided with power interface 6 on the shell 1, in power interface 6 and movement circuit Power management module connection.
Further, switch 7 is additionally provided on the shell 1, switch 7 includes power switch and network on-off switch etc. Deng can be key switch, soft-touch control or toggle switch.
Further, reset key 8 is additionally provided on the shell 1, the reset circuit in reset key 8 and movement circuit connects It connects.
Further, the shell 1 is metal shell, is not only played a very good protection to movement circuit, but also improve The heat dissipation effect of the secure box.
Further, as shown in fig. 7, the movement circuit includes main control module and connect respectively with main control module RAM module, FLASH module and clock module, main control module are also connect with network interface 3 and USB interface 2 respectively.
Further, the movement circuit further includes the physical network card connecting with main control module, physical network card also with network Interface 3 connects.
Further, the network interface 3 includes WAN network interface.
Further, the USB interface 2 is 3.0 interface of USB.
In the present invention, main control module is the data buffer area of secure box, including safe encryption unit and safety check list Member.The safe encryption unit includes sequentially connected encryption mark generation module, encryption key generation module, coding encrypting mould Block, textual data encrypting module and scrambling code processing module, encryption mark generation module and high safety are connected to the network, and scrambling code handles mould Block and lower security are connected to the network, and safe encryption unit further includes the timestamp generation module connecting with encryption mark generation module. The safety check unit includes address check module and encryption mark correction verification module, and lower security network passes sequentially through address check Module and encryption mark correction verification module and high safety are connected to the network.
In secure box, RAM module is the memory of secure box, is stored for data exchange and ephemeral data.Clock mould Block provides real-time clock.Flash module, for storing the main program for executing verification, for main control module calls.Physical network card, Secure box is set to access Internet Engineering Task.WAN network interface connects lower security network(That is outer net), receive data input.USB Interface connects high safety network(That is Intranet), the data of output verification qualification.
In the present invention, secure box be for lower security network to high safety transmitted data on network when guarantee high safety network Safety equipment.Secure box mainly acts on the incoming end of high safety network, when lower security network is passed to high safety network When transmission of data must into cross main control module safety check, meet protocol rule data be just allowed to enter high safety network and The transmission of data transmission procedure ciphertext;The data for not meeting protocol rule then directly abandon, and have ensured the pure of intranet data.

Claims (7)

1. a kind of network safety system based on Encryption Algorithm, which is characterized in that it includes safe encryption unit, this is encrypted safely Unit includes following multiple module:
Encryption mark generation module:1-n times or 1-n kind asymmetric encryption is selected to calculate to sent the data segment of Socket message Method carries out cryptographic calculation, obtains the encryption mark of fixed length byte;
Encryption key generation module:1-n times or 1-n kind asymmetric encryption is selected to calculate the primary key key in Socket message Method carries out cryptographic calculation, obtains encryption key Encryption_key;
Coding encrypting module:It carries out 1-n times or 1-n kind coding encrypting processing again to encryption key Encryption_key, obtains Coded key Encode_Encryption_key;
Encryption factor extraction module:Coded key Encode_Encryption_key is resolved into a variety of different influence texts The encryption factor of data encryption result;
Textual data encrypting module:According to encryption factor to textual data in plain text select 1-n times or 1-n kind symmetric encipherment algorithm into Row cryptographic calculation obtains textual data ciphertext, obtains new encrypted Socket message;
1-n times or 1-n kind rivest, shamir, adelman and symmetric encipherment algorithm are selected, the complexity of key is improved, it is strong to increase key Degree prevents weak passwurd problem, increases the complexity of encryption factor, improves the safety of textual data ciphertext;
When the safe encryption unit sends Socket message to lower security network for high safety network, to sent Socket message carries out safe encryption;
The system also includes safety check unit, which includes address check module:To Socket message Source port address and destination port address in header carry out address check by the way of pairing, filter out source port address with The unmatched Socket message in destination port address;
When the safety check unit sends Socket message to high safety network for lower security network, treat received Socket message carries out safety check;
The safe encryption unit further includes timestamp generation module:Timestamp generation module generation time stamp, encryption mark life Asymmetric encryption operation is carried out according to data segment of the timestamp to Socket message at module, obtains encryption mark;
The timestamp includes current time stamp, upper time stamp and lower time stamp, and upper time is stabbed and the lower moment Timestamp be current time stamp former and later two adjacent to timestamp, encryption mark generation module is right respectively according to three timestamps Data segment carries out asymmetric encryption operation, obtains encryption mark.
2. a kind of network safety system based on Encryption Algorithm according to claim 1, it is characterised in that:The encryption The factor includes as the key SymmetricEncryption_key of symmetric encipherment algorithm and as the encryption of symmetric encipherment algorithm Vector SymmetricEncryption_IV, the key SymmetricEncryption_key are coded key Encode_ The first length byte section in Encryption_key, the encryption vector SymmetricEncryption_IV are coded key The second length byte section in Encode_Encryption_key.
3. a kind of network safety system based on Encryption Algorithm according to claim 1, which is characterized in that the safety adds Close unit further includes scrambling code processing module:Scrambling code processing is carried out to the data segment of encrypted Socket message.
4. a kind of network safety system based on Encryption Algorithm according to claim 3, it is characterised in that:At the scrambling code Reason includes the overturning of byte and the positioning of byte.
5. a kind of network safety system based on Encryption Algorithm according to claim 1, which is characterized in that the safe school Verification certificate member further includes encryption mark correction verification module:When lower security network sends Socket message to high safety network, encryption mark Show that correction verification module verifies the Socket message to be received and carries the encryption mark, and if it exists, then determine the Socket Message is legal message, otherwise, carries out alarm log record and abandons the Socket message.
6. a kind of secure box, it is characterised in that:Including the net based on Encryption Algorithm as described in claim 1-5 any one Network security system.
7. a kind of secure box according to claim 6, it is characterised in that:One end of the secure box passes through network interface It is connected to the network with lower security, the other end of secure box is connected to the network by USB interface and high safety.
CN201510592288.0A 2015-09-17 2015-09-17 A kind of network safety system and secure box based on Encryption Algorithm Active CN105610774B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510592288.0A CN105610774B (en) 2015-09-17 2015-09-17 A kind of network safety system and secure box based on Encryption Algorithm

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510592288.0A CN105610774B (en) 2015-09-17 2015-09-17 A kind of network safety system and secure box based on Encryption Algorithm

Publications (2)

Publication Number Publication Date
CN105610774A CN105610774A (en) 2016-05-25
CN105610774B true CN105610774B (en) 2018-11-20

Family

ID=55990314

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510592288.0A Active CN105610774B (en) 2015-09-17 2015-09-17 A kind of network safety system and secure box based on Encryption Algorithm

Country Status (1)

Country Link
CN (1) CN105610774B (en)

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100385859C (en) * 2005-01-18 2008-04-30 英业达股份有限公司 Security management service system and its implementation method
CN103902271B (en) * 2012-12-27 2017-10-17 航天信息股份有限公司 The unified method for showing window interfaces in client and browser

Also Published As

Publication number Publication date
CN105610774A (en) 2016-05-25

Similar Documents

Publication Publication Date Title
CN104023013B (en) Data transmission method, server side and client
CN103491072B (en) A kind of border access control method based on double unidirection insulation network brakes
CN103595530B (en) Software secret key updating method and device
CN108683688A (en) A method of information transmission security is realized based on Digital Envelope Technology
CN105610837B (en) For identity authentication method and system between SCADA system main website and slave station
CN103428204B (en) One can data security implementation method capable of resisting timing attacks and devices
CN109194656A (en) A kind of method of distribution wireless terminal secure accessing
CN107294937A (en) Data transmission method, client and server based on network service
CN104811427B (en) A kind of safe industrial control system communication means
CN102780698A (en) User terminal safety communication method in platform of Internet of Things
CN105610848A (en) Centralized data preservation method and system with source data security guaranty mechanism
CN110519300A (en) Client key method for secure storing based on password bidirectional authentication
CN106209883A (en) Based on link selection and the multi-chain circuit transmission method and system of broken restructuring
CN104506500A (en) GOOSE message authentication method based on transformer substation
CN106357690A (en) Data transmission method, data sending device and data receiving device
CN102868531A (en) Networked transaction certification system and method
CN112118106B (en) Lightweight end-to-end secure communication authentication method based on identification password
CN106549502B (en) A kind of safe distribution of electric power protecting, monitoring system
CN101729871B (en) Method for safe cross-domain access to SIP video monitoring system
CN105306437B (en) A kind of encryption of network security and method of calibration
CN106657121A (en) Method for mirroring 802.1AE plaintext and ciphertext and exchange chip
CN103220279A (en) Safe data transmission method and system
Laghari et al. ES-SECS/GEM: An efficient security mechanism for SECS/GEM communications
CN104811451A (en) Link login method and system
CN102469067B (en) HTTP hidden button protection method based on preposed gateway

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant