CN105610774B - A kind of network safety system and secure box based on Encryption Algorithm - Google Patents
A kind of network safety system and secure box based on Encryption Algorithm Download PDFInfo
- Publication number
- CN105610774B CN105610774B CN201510592288.0A CN201510592288A CN105610774B CN 105610774 B CN105610774 B CN 105610774B CN 201510592288 A CN201510592288 A CN 201510592288A CN 105610774 B CN105610774 B CN 105610774B
- Authority
- CN
- China
- Prior art keywords
- encryption
- network
- key
- module
- safety
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/045—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Small-Scale Networks (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a kind of network safety system and secure box based on Encryption Algorithm, including safe encryption unit and safety check unit, the safe encryption unit includes sequentially connected encryption mark generation module, encryption key generation module, coding encrypting module, textual data encrypting module and scrambling code processing module, encryption mark generation module and high safety are connected to the network, scrambling code processing module and lower security are connected to the network, and safe encryption unit further includes the timestamp generation module connecting with encryption mark generation module.The safety check unit includes address check module and encryption mark correction verification module, and lower security network passes sequentially through address check module and encryption mark correction verification module and high safety is connected to the network.The present invention realizes in the data transmission procedure of height secure network that the unified security encryption and unified security verification of data guarantee the transparency safety of data in transmission process, effectively improve the safety of textual data ciphertext.
Description
Technical field
The present invention relates to network safety fileds, more particularly to a kind of network safety system based on Encryption Algorithm, and
It is equipped with the secure box of the network safety system.
Background technique
Network security refers to that the data in the hardware, software and its system of network system are protected, not because accidental or
The reason of person's malice and by destruction, change, leakage, system is continuously reliably normally run, and network service is not interrupted.
In the existing technology for solving network security, generally there are following three kinds of problems:
1)There is different encryption safe algorithms between each corporate department, it is all integrated in respective software module before
In, there is overlapping development and quality difference largely, very high with the application software degree of coupling, safe coefficient is irregular not
Together.
2)There are some different degrees of drawbacks for the method for existing common encrypted transmission, such as:By the way of certificate
When being transmitted, certificate can be found and forged by Network Sniffing, while the production of certificate is also required to certain cost.
3)The transport of the existing normal height safety zone that data are realized using security ViGap, safety isolation network gate, also known as " net
Lock ", " physics isolation net gap " to realize the security isolation between different security level networks, and provide appropriateness controllable number
According to the software and hardware system of exchange, but there are expensive the defects of bothering with deployment for safety isolation network gate.
Summary of the invention
It is an object of the invention to overcome the deficiencies of the prior art and provide a kind of network security system based on Encryption Algorithm
System, is applied in secure box, using secure box as carrier, in the data transmission procedure of realization height secure network, data
Unified security encryption and unified security verification.The transparency safety for guaranteeing data in transmission process, is protected in high safety network
By the machine of guarantor, the safety of textual data ciphertext is effectively improved.
The purpose of the present invention is achieved through the following technical solutions:A kind of network security system based on Encryption Algorithm
System, it includes safe encryption unit, which includes following multiple module.
1. encryption mark generation module:Select 1-n times or 1-n kind non-right to sent the data segment of Socket message
Claim Encryption Algorithm to carry out cryptographic calculation, obtains the encryption mark of fixed length byte, n is natural number.
2. encryption key generation module:Select 1-n times or 1-n kind asymmetric primary key key in Socket message
Encryption Algorithm carries out cryptographic calculation, obtains encryption key Encryption_key.
3. coding encrypting module:Encryption key Encryption_key is carried out again at 1-n times or 1-n kind coding encrypting
Reason, obtains coded key Encode_Encryption_key.
4. encryption factor extraction module:Coded key Encode_Encryption_key is resolved into a variety of different shadows
Ring the encryption factor of textual data encrypted result.
5. textual data encrypting module:1-n times or 1-n kind is selected symmetrically to add in plain text textual data according to encryption factor
Close algorithm carries out cryptographic calculation, obtains textual data ciphertext, obtains new encrypted Socket message to be sent.
Further, the encryption factor includes in coded key Encode_Encryption_key with the first length
Key SymmetricEncryption_key of the byte section as symmetric encipherment algorithm, further includes coded key Encode_
Using the second length byte section as the encryption vector of symmetric encipherment algorithm in Encryption_key
SymmetricEncryption_IV。
Further, the safe encryption unit further includes scrambling code processing module:To encrypted Socket to be sent
The data segment of message carries out scrambling code processing.
Preferably, the scrambling code processing includes the overturning of byte and the positioning of byte.
Further, the safe encryption unit further includes timestamp generation module:Timestamp generation module generation time
Stamp, encryption mark generation module carry out asymmetric encryption operation according to data segment of the timestamp to Socket message, are encrypted
Mark.
Further, the timestamp includes current time stamp, upper time stamp and lower time stamp, when the upper moment
Between stab and lower time stamp be current time stamp former and later two adjacent to timestamp, encryption mark generation module is according to this three
Timestamp carries out asymmetric encryption operation to data segment respectively, obtains encryption mark.
In the present invention, the system also includes safety check unit, which includes encryption mark calibration mode
Block:When lower security network sends Socket message to high safety network, it is to be received that encryption mark correction verification module verifies this
Socket message carries the encryption mark, and if it exists, then determines that the Socket message is legal message, otherwise, carries out
Alarm log records and abandons the Socket message.
Further, the safety check unit includes address check module:To the source in the header of Socket message
Port address and destination port address carry out address check by the way of pairing, filter out source port address and destination port address
Unmatched Socket message.
A kind of secure box, including the network safety system based on Encryption Algorithm, one end of the secure box is logical
It crosses network interface and lower security is connected to the network, the other end of the secure box is connected to the network by USB interface and high safety.
The beneficial effects of the invention are as follows:
1)High safety network and lower security network are all made of network safety system proposed by the invention, treat received
Socket message carries out unified security encryption and unified security verification, reaches and is farthest multiplexed, no longer needs in each company
The problem of integrating Encryption Algorithm in the software module of department, overcoming overlapping development and quality difference.
2)The present invention can filter out most of invalid informations in network level by address check module, pass through encryption
Mark correction verification module makes the malicious requests of the malicious attack of such as DDOS etc cannot be introduced into the arrival of high safety network by guarantor's machine.
3)Encryption method proposed by the invention can realize transparent data transfer, prevent Network Sniffing, even if data are smelt
It visits, the danger of leakage of information will not occur;The present invention can select 1-n according to factors such as application scenarios, safety and performances
Secondary or 1-n kind rivest, shamir, adelman and symmetric encipherment algorithm improve the complexity of key, and increasing key strength prevents weak passwurd
Problem increases the complexity of encryption factor, improves the safety of textual data ciphertext.
4)The present invention, which is also handled by scrambling code, prevents cracking to the directional orientation tool of algorithm.
5)The present invention replaces safety isolation network gate in the prior art using secure box, and secure box passes through network interface
It is connected to the network with lower security, is connected to the network by USB interface and high safety, line is simple, is conducive to deployment, and secure box structure
Simply, low in cost.When high safety network is to lower security network traffic, by the algorithm for encryption of secure box, low peace
The attacker of whole network can not crack, and ensure the safety of high safety network data;When lower security network is to high safety network
When transmitting information, the message for only carrying encryption mark could pass through, and others cannot pass through, and ensure high safety network
Data it is pure.
Detailed description of the invention
Fig. 1 is the structural block diagram of safe encryption unit in the present invention;
Fig. 2 is the structural block diagram of safety check unit in the present invention;
Fig. 3 is the flow diagram of encryption method in the present invention;
Fig. 4 is the structural block diagram of network safety system in the present invention;
Fig. 5 is one of the structure chart of secure box in the present invention;
Fig. 6 is two of the structure chart of secure box in the present invention;
Fig. 7 is the structural block diagram of the movement circuit of secure box in the present invention;
In figure, 1- shell, 2-USB interface, 3- network interface, 4- power supply indicator, 5- communication connection indicator light, 6- power supply
Interface, 7- switch, 8- reset key.
Specific embodiment
Technical solution of the present invention is described in further detail with reference to the accompanying drawing, but protection scope of the present invention is not limited to
It is as described below.
A kind of network safety system based on Encryption Algorithm, it includes safe encryption unit and safety check unit, described
Safe encryption unit for high safety network to lower security network send Socket message when, to sent Socket message into
Row safety encryption;When the safety check unit sends Socket message to high safety network for lower security network, to waiting
The Socket message of receipts carries out safety check.Wherein, the format of the Socket message is:Header+data segment;Header can be IP
Header, UDP header or TCP header etc..Data segment includes encryption mark and textual data.The encryption is denoted as encryption mark life
Fixed length byte is taken in the data segment of Socket message to be sent at module(Such as take 20 bytes).
(One)Safe encryption unit
As shown in Figure 1, the safe encryption unit includes following multiple module in the present invention:
1. encryption mark generation module:Select 1-n times or 1-n kind non-right to sent the data segment of Socket message
Claim Encryption Algorithm to carry out cryptographic calculation, obtains the encryption mark of fixed length byte.
2. encryption key generation module:Select 1-n times or 1-n kind asymmetric primary key key in Socket message
Encryption Algorithm carries out cryptographic calculation, obtains encryption key Encryption_key, obtains new encryption mark, n is natural number.
3. coding encrypting module:Encryption key Encryption_key is carried out again at 1-n times or 1-n kind coding encrypting
Reason, obtains coded key Encode_Encryption_key.
It can further improve the complexity of key by coding encrypting, increase key strength, prevent weak passwurd problem, this hair
It is bright also 1-n time or 1-n kind coding encrypting to be selected to handle according to application scenarios, safety and performance, further increase encryption because
The complexity of son.
4. encryption factor extraction module:Coded key Encode_Encryption_key is resolved into a variety of different shadows
Ring the encryption factor of textual data encrypted result.
Further, the encryption factor includes in coded key Encode_Encryption_key with the first length
Key SymmetricEncryption_key of the byte section as symmetric encipherment algorithm, further includes coded key Encode_
Using the second length byte section as the encryption vector of symmetric encipherment algorithm in Encryption_key
SymmetricEncryption_IV。
5. textual data encrypting module:1-n times or 1-n kind is selected symmetrically to add in plain text textual data according to encryption factor
Close algorithm carries out cryptographic calculation, obtains textual data ciphertext, obtains new encrypted Socket message to be sent.
6. scrambling code processing module:Scrambling code processing is carried out to the data segment of encrypted Socket message to be sent.
Further, the scrambling code processing includes the overturning of byte and the positioning of byte.
7. timestamp generation module:Timestamp generation module generation time stamp, encryption mark generation module is according to timestamp
Asymmetric encryption operation is carried out to the data segment of Socket message, obtains encryption mark.
Further, when carrying out asymmetric encryption operation to data segment according to timestamp, secure box, high safety network
It is consistent with the requirement of the timestamp of lower security network tripartite, it is contemplated that the case where critical value malfunctions, the present invention allow the tripartite to exist
Fault-tolerant time difference appropriate, the timestamp may include current time stamp, upper time stamp and lower time stamp, upper moment
Timestamp and lower time stamp be current time stamp former and later two adjacent to timestamp, encryption mark generation module according to this three
A timestamp selects 1-n times or 1-n kind rivest, shamir, adelman to carry out cryptographic calculation data segment respectively, obtains encryption mark.
Correspondingly, recipient after receiving the Socket message of encryption, need to mark encryption using corresponding Encryption Algorithm
Show and verifying is decrypted.In the verification process of encryption mark, corresponding 1-n times or 1-n kind is selected symmetrically to add according to timestamp
Comparison processing is decrypted in close algorithm, obtains verification data, if the verification data are consistent with encryption key Encryption_key,
Then the encryption mark of the message is legal.
Further, if timestamp includes that current time stamp, upper time stamp and lower time are stabbed, basis should
Three timestamps select corresponding 1-n times or 1-n kind symmetric encipherment algorithm that comparison processing is decrypted data segment respectively, as long as
Occur that a verification data are consistent with encryption key Encryption_key, then determines that the encryption mark of the Socket message is closed
Method.
Certainly, consider for performance, comparison can be decrypted according to current time stamp first, when occurring illegal, then
Comparison is decrypted adjacent to timestamp by former and later two.
(Two)Safety check unit
As shown in Fig. 2, the safety check unit includes following multiple module in the present invention:
1. encryption mark correction verification module:When lower security network sends Socket message to high safety network, encryption mark
Correction verification module verifies the Socket message to be received and carries the encryption mark, and if it exists, then determines that the Socket is reported
Text is legal message, otherwise, carries out alarm log record and abandons the Socket message.
2. address check module:Before encryption mark correction verification module carries out safety check to band transmission Socket message,
Address check module in the header of Socket message source port address and destination port address using pairing by the way of carry out
Address check filters out source port address and the unmatched Socket message in destination port address.
In the present invention, encryption mark correction verification module may make that the malicious requests of the malicious attack of such as DDOS etc can not be into
Enter high safety network, because attacker is not aware that secure box uses the encryption mark which type of mode obtains,
Attacker, which can not copy encryption mark or even attacker not to know, encryption mark verification, so can not cope with, therefore
These attacks can be filtered out at encryption mark inspection.And address check module can filter out mostly in network level
Number invalid information.
(Three)Working principle
A kind of network safety system based on Encryption Algorithm proposed by the invention is applied to a kind of with easy portion small in size
In the secure box of the features such as administration, when high safety network is to lower security network traffic, pass through the calculation of network safety system
Method encryption, the attacker of lower security network can not crack, and ensure the safety of high safety network data;When lower security network to
When high safety network traffic, the message for only carrying encryption mark could pass through, and others cannot pass through, and ensure
High safety network data it is pure.
(1)As shown in figure 3, when high safety network sends Socket message to lower security network by secure box,
The working principle encrypted safely is as described below.
S1, timestamp generation module generation time stamp, obtain encryption mark.Encryption mark generation module is according to timestamp pair
The data segment of Socket message to be sent selects 1-n times or 1-n kind rivest, shamir, adelman to carry out cryptographic calculation, obtains fixed length
The encryption of byte indicates.
The rivest, shamir, adelman includes hash algorithm etc., can select 1-n times or 1-n kind hash algorithm to data segment,
Hash signature is carried out, encryption mark is obtained.
S2, encryption key generation module select the primary key key in Socket message 1-n times or 1- according to timestamp
N kind rivest, shamir, adelman carries out cryptographic calculation, encryption key Encryption_key is obtained, by encryption key
Encryption_key covering primary key forms new encryption mark.
For example, by using hash algorithm, obtained encryption key Encryption_key is encryption key Hash_key.
S3, coding encrypting module carry out 1-n times or 1-n kind coding encrypting processing to encryption key Hash_key again, obtain
Coded key Encode_Encryption_key.
It is coding for example, by using base64 coding encrypting algorithm, obtained coded key Encode_Encryption_key
Key BASE64_Hash_key.
Coded key Encode_Encryption_key is resolved into a variety of different shadows by S4, encryption factor extraction module
The encryption factor of encrypted result is rung, the encryption factor includes in coded key using the byte of the first length as symmetric cryptography
The key of algorithm, such as using 32 characters before coded key as symmetric encipherment algorithm(Including AES symmetric encipherment algorithm)It is close
Key AES_key, encryption factor further include in coded key using the byte of the second length as the encryption vector of symmetric encipherment algorithm,
Such as using rear 16 character of coded key as the encryption vector AES_IV of AES symmetric encipherment algorithm.
S5, textual data encrypting module are according to the encryption factor including key A ES_key and encryption vector AES_IV, to just
Literary data clear text selects 1-n times or 1-n kind symmetric encipherment algorithm(Including AES symmetric encipherment algorithm)Cryptographic calculation is carried out, is obtained
Textual data ciphertext covering textual data is formed new textual data section in plain text, after obtaining new encryption by textual data ciphertext
Socket message, so that data transparent transmission is realized, even if data the problem of leakage of information will not be occurred, be connect by sniff
Receptor can utilize corresponding Encryption Algorithm(Such as AES symmetric encipherment algorithm)Operation is decrypted.The present invention can be according to application
Scene, the comprehensive factors such as operand and encryption intensity, carry out multiple symmetric encryption operation to textual data in plain text.
S6, scrambling code processing module carry out scrambling code processing to the data segment of encrypted Socket message to be sent, including
The overturning of byte and the positioning of byte, to prevent cracking to the directional orientation tool of algorithm.
(2)When lower security network sends Socket message to high safety network by secure box, safe school is carried out
The working principle tested is as follows.
S1, address check module in the header of Socket message source port address and destination port address using pairing
Mode carry out address check, filter out source port address and the unmatched Socket message in destination port address.It realizes in net
Network layers face filters out most of invalid informations.
Whether the data segment that S2, encryption mark correction verification module verify the message to be transmitted has the encryption to indicate, can be to three
A timestamp carries out cryptographic calculation respectively, obtains three verification data, as long as one of verification data and encryption mark are consistent,
Just at last otherwise legal message to progress alarm log record and abandons the reception message.
(Four)Secure box
A kind of secure box proposed by the invention, including the above-mentioned network safety system based on Encryption Algorithm, such as Fig. 4 institute
Show, one end of the secure box is connected to the network by network interface 3 and lower security, and the other end of the secure box is connect by USB
Mouth 2 is connected to the network with high safety.
As shown in figure 5, in the present invention, shown in secure box include shell 1 and be arranged in shell 1 for safe school
The movement circuit tested is additionally provided on the shell 1 with the USB interface 2 of high safety network connection and is connected to the network with lower security
Network interface 3, which has the characteristics that easy deployment small in size, for replacing currently used safety isolation network gate.
Further, indicator light is additionally provided on the shell 1, the indicator light includes power supply indicator 4 and communication link
Connect indicator light 5.
Further, as shown in fig. 6, being additionally provided with power interface 6 on the shell 1, in power interface 6 and movement circuit
Power management module connection.
Further, switch 7 is additionally provided on the shell 1, switch 7 includes power switch and network on-off switch etc.
Deng can be key switch, soft-touch control or toggle switch.
Further, reset key 8 is additionally provided on the shell 1, the reset circuit in reset key 8 and movement circuit connects
It connects.
Further, the shell 1 is metal shell, is not only played a very good protection to movement circuit, but also improve
The heat dissipation effect of the secure box.
Further, as shown in fig. 7, the movement circuit includes main control module and connect respectively with main control module
RAM module, FLASH module and clock module, main control module are also connect with network interface 3 and USB interface 2 respectively.
Further, the movement circuit further includes the physical network card connecting with main control module, physical network card also with network
Interface 3 connects.
Further, the network interface 3 includes WAN network interface.
Further, the USB interface 2 is 3.0 interface of USB.
In the present invention, main control module is the data buffer area of secure box, including safe encryption unit and safety check list
Member.The safe encryption unit includes sequentially connected encryption mark generation module, encryption key generation module, coding encrypting mould
Block, textual data encrypting module and scrambling code processing module, encryption mark generation module and high safety are connected to the network, and scrambling code handles mould
Block and lower security are connected to the network, and safe encryption unit further includes the timestamp generation module connecting with encryption mark generation module.
The safety check unit includes address check module and encryption mark correction verification module, and lower security network passes sequentially through address check
Module and encryption mark correction verification module and high safety are connected to the network.
In secure box, RAM module is the memory of secure box, is stored for data exchange and ephemeral data.Clock mould
Block provides real-time clock.Flash module, for storing the main program for executing verification, for main control module calls.Physical network card,
Secure box is set to access Internet Engineering Task.WAN network interface connects lower security network(That is outer net), receive data input.USB
Interface connects high safety network(That is Intranet), the data of output verification qualification.
In the present invention, secure box be for lower security network to high safety transmitted data on network when guarantee high safety network
Safety equipment.Secure box mainly acts on the incoming end of high safety network, when lower security network is passed to high safety network
When transmission of data must into cross main control module safety check, meet protocol rule data be just allowed to enter high safety network and
The transmission of data transmission procedure ciphertext;The data for not meeting protocol rule then directly abandon, and have ensured the pure of intranet data.
Claims (7)
1. a kind of network safety system based on Encryption Algorithm, which is characterized in that it includes safe encryption unit, this is encrypted safely
Unit includes following multiple module:
Encryption mark generation module:1-n times or 1-n kind asymmetric encryption is selected to calculate to sent the data segment of Socket message
Method carries out cryptographic calculation, obtains the encryption mark of fixed length byte;
Encryption key generation module:1-n times or 1-n kind asymmetric encryption is selected to calculate the primary key key in Socket message
Method carries out cryptographic calculation, obtains encryption key Encryption_key;
Coding encrypting module:It carries out 1-n times or 1-n kind coding encrypting processing again to encryption key Encryption_key, obtains
Coded key Encode_Encryption_key;
Encryption factor extraction module:Coded key Encode_Encryption_key is resolved into a variety of different influence texts
The encryption factor of data encryption result;
Textual data encrypting module:According to encryption factor to textual data in plain text select 1-n times or 1-n kind symmetric encipherment algorithm into
Row cryptographic calculation obtains textual data ciphertext, obtains new encrypted Socket message;
1-n times or 1-n kind rivest, shamir, adelman and symmetric encipherment algorithm are selected, the complexity of key is improved, it is strong to increase key
Degree prevents weak passwurd problem, increases the complexity of encryption factor, improves the safety of textual data ciphertext;
When the safe encryption unit sends Socket message to lower security network for high safety network, to sent
Socket message carries out safe encryption;
The system also includes safety check unit, which includes address check module:To Socket message
Source port address and destination port address in header carry out address check by the way of pairing, filter out source port address with
The unmatched Socket message in destination port address;
When the safety check unit sends Socket message to high safety network for lower security network, treat received
Socket message carries out safety check;
The safe encryption unit further includes timestamp generation module:Timestamp generation module generation time stamp, encryption mark life
Asymmetric encryption operation is carried out according to data segment of the timestamp to Socket message at module, obtains encryption mark;
The timestamp includes current time stamp, upper time stamp and lower time stamp, and upper time is stabbed and the lower moment
Timestamp be current time stamp former and later two adjacent to timestamp, encryption mark generation module is right respectively according to three timestamps
Data segment carries out asymmetric encryption operation, obtains encryption mark.
2. a kind of network safety system based on Encryption Algorithm according to claim 1, it is characterised in that:The encryption
The factor includes as the key SymmetricEncryption_key of symmetric encipherment algorithm and as the encryption of symmetric encipherment algorithm
Vector SymmetricEncryption_IV, the key SymmetricEncryption_key are coded key Encode_
The first length byte section in Encryption_key, the encryption vector SymmetricEncryption_IV are coded key
The second length byte section in Encode_Encryption_key.
3. a kind of network safety system based on Encryption Algorithm according to claim 1, which is characterized in that the safety adds
Close unit further includes scrambling code processing module:Scrambling code processing is carried out to the data segment of encrypted Socket message.
4. a kind of network safety system based on Encryption Algorithm according to claim 3, it is characterised in that:At the scrambling code
Reason includes the overturning of byte and the positioning of byte.
5. a kind of network safety system based on Encryption Algorithm according to claim 1, which is characterized in that the safe school
Verification certificate member further includes encryption mark correction verification module:When lower security network sends Socket message to high safety network, encryption mark
Show that correction verification module verifies the Socket message to be received and carries the encryption mark, and if it exists, then determine the Socket
Message is legal message, otherwise, carries out alarm log record and abandons the Socket message.
6. a kind of secure box, it is characterised in that:Including the net based on Encryption Algorithm as described in claim 1-5 any one
Network security system.
7. a kind of secure box according to claim 6, it is characterised in that:One end of the secure box passes through network interface
It is connected to the network with lower security, the other end of secure box is connected to the network by USB interface and high safety.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510592288.0A CN105610774B (en) | 2015-09-17 | 2015-09-17 | A kind of network safety system and secure box based on Encryption Algorithm |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510592288.0A CN105610774B (en) | 2015-09-17 | 2015-09-17 | A kind of network safety system and secure box based on Encryption Algorithm |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105610774A CN105610774A (en) | 2016-05-25 |
CN105610774B true CN105610774B (en) | 2018-11-20 |
Family
ID=55990314
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510592288.0A Active CN105610774B (en) | 2015-09-17 | 2015-09-17 | A kind of network safety system and secure box based on Encryption Algorithm |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105610774B (en) |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN100385859C (en) * | 2005-01-18 | 2008-04-30 | 英业达股份有限公司 | Security management service system and its implementation method |
CN103902271B (en) * | 2012-12-27 | 2017-10-17 | 航天信息股份有限公司 | The unified method for showing window interfaces in client and browser |
-
2015
- 2015-09-17 CN CN201510592288.0A patent/CN105610774B/en active Active
Also Published As
Publication number | Publication date |
---|---|
CN105610774A (en) | 2016-05-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104023013B (en) | Data transmission method, server side and client | |
CN103491072B (en) | A kind of border access control method based on double unidirection insulation network brakes | |
CN103595530B (en) | Software secret key updating method and device | |
CN108683688A (en) | A method of information transmission security is realized based on Digital Envelope Technology | |
CN105610837B (en) | For identity authentication method and system between SCADA system main website and slave station | |
CN103428204B (en) | One can data security implementation method capable of resisting timing attacks and devices | |
CN109194656A (en) | A kind of method of distribution wireless terminal secure accessing | |
CN107294937A (en) | Data transmission method, client and server based on network service | |
CN104811427B (en) | A kind of safe industrial control system communication means | |
CN102780698A (en) | User terminal safety communication method in platform of Internet of Things | |
CN105610848A (en) | Centralized data preservation method and system with source data security guaranty mechanism | |
CN110519300A (en) | Client key method for secure storing based on password bidirectional authentication | |
CN106209883A (en) | Based on link selection and the multi-chain circuit transmission method and system of broken restructuring | |
CN104506500A (en) | GOOSE message authentication method based on transformer substation | |
CN106357690A (en) | Data transmission method, data sending device and data receiving device | |
CN102868531A (en) | Networked transaction certification system and method | |
CN112118106B (en) | Lightweight end-to-end secure communication authentication method based on identification password | |
CN106549502B (en) | A kind of safe distribution of electric power protecting, monitoring system | |
CN101729871B (en) | Method for safe cross-domain access to SIP video monitoring system | |
CN105306437B (en) | A kind of encryption of network security and method of calibration | |
CN106657121A (en) | Method for mirroring 802.1AE plaintext and ciphertext and exchange chip | |
CN103220279A (en) | Safe data transmission method and system | |
Laghari et al. | ES-SECS/GEM: An efficient security mechanism for SECS/GEM communications | |
CN104811451A (en) | Link login method and system | |
CN102469067B (en) | HTTP hidden button protection method based on preposed gateway |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |