CN106130978A - A kind of method protecting computer network security - Google Patents

A kind of method protecting computer network security Download PDF

Info

Publication number
CN106130978A
CN106130978A CN201610481487.9A CN201610481487A CN106130978A CN 106130978 A CN106130978 A CN 106130978A CN 201610481487 A CN201610481487 A CN 201610481487A CN 106130978 A CN106130978 A CN 106130978A
Authority
CN
China
Prior art keywords
computer
code
network
network security
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201610481487.9A
Other languages
Chinese (zh)
Inventor
高文莲
白凤凤
高志娥
乔栋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Luliang University
Original Assignee
Luliang University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Luliang University filed Critical Luliang University
Priority to CN201610481487.9A priority Critical patent/CN106130978A/en
Publication of CN106130978A publication Critical patent/CN106130978A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3006Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
    • H04L9/3033Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters details relating to pseudo-prime or prime number generation, e.g. primality test

Abstract

The invention discloses a kind of method protecting computer network security, specifically comprise the following steps that and set up communication link between the first computer and network;By the first computer request fetcher code;Fetcher code is generated by network;Code is received by the first computer;Described fetcher code is input to the second computer coupled with network.The present invention establishes encryption key flexibly; in addition to the validated user holding private cipher key; other people can not untie ciphertext; solve the cipher key distribution problem that cost in symmetric encryption method is heavy; additionally; this method hardware device is simple, performs speed fast, it is possible to sufficiently protect computer network security.

Description

A kind of method protecting computer network security
Technical field
The invention belongs to security technology area, particularly relate to a kind of method protecting computer network security.
Background technology
The fast development of computer and network technologies, promotes and have impact on the economy of entire society, cultural development and science The progress of technology.In the last few years, computer network had the most deeply been applied to the various aspects of social life, had been increasingly becoming people Routine work and life in indispensable part.But, along with constantly expanding and network information resource of network size Constantly open, the problem of the network information security is the most prominent, the number of network security accident and the loss that causes thereof also by Gradually increase.Computer network security is a more complicated problem, and it not only relate to the problem of technical elements, further relates to All many contents such as social environment and method Tianjin regulation are arrived.
Computer network security, refers to utilize network information management technology and control measure, protects and ensure network environment The integrity of middle data, confidentiality and workability.Determining of the computer security be given according to ISO (International Organization for Standardization) Justice, computer network security refers to hardware, software and the data money protected in computer network system, will not be because of malice or even Right reason is suffered to destroy, change and reveal, thus ensure the properly functioning of network system and network service normal in order.Meter Calculation machine network security includes the content of technology and two aspects of management.Computer network security technology: refer to take precautions against outside not The rogue attacks behavior of authorized user, thus ensure that computer network not by malice and accidentally attacks destruction, it is ensured that computer network The orderly safe operation of network.Computer security management, refers to the security maintenance of computer hardware, software and network system, anti- Only the data message in computer hardware, software and network system is arbitrarily destroyed, revealed and is changed.Computer network security skill Art and management be combined with each other and constitute computer network security system, ensure that the properly functioning of computer.
For network security problem, have already been proposed a lot of solution.But, currently existing scheme be mostly based on The software view of TCP/IP realizes.Although utilizing purely software approach, carry to the security control of network Supply the biggest degree of freedom and motility, but, this also can allow system there is leak, brings opportunity to hackers.
Summary of the invention
It is an object of the invention to overcome existing encryption system complicated, encryption level of confidentiality is the highest, and encryption uses the net of underaction Network cipher mode, it is provided that a kind of flexible, level of confidentiality coefficient height, the protection computer network security method of encryption.
The present invention is achieved in that a kind of method protecting computer network security, and described protection computer network is pacified Full method comprises the steps:
Communication link is set up between first computer and network;
By first computer request fetcher code: the generation of code: m be intended to transmit plaintext, optional two prime number p with Q so that n=p*q > m;Select positive integer e so that e with p, q are coprime;Recycling division algorithm, i.e. tries to achieve two numbers Big common factor, tries to achieve d, and just obtaining e*n and d*n, e*n is the public-key cryptography for encryption, and d*n is private decipherment key;
Fetcher code is generated: using public-key cryptography to be encrypted plaintext m during code encryption, algorithm is: c by network =m*mod n, the c tried to achieve are i.e. the ciphertexts after fetcher code m encryption;Use private cipher key to ciphertext c during code decryption Being decrypted, algorithm is: m=c*mod n, and the m tried to achieve is the plaintext corresponding to ciphertext c;
By the first computer reception code: the fetcher code of generation is sent to the first computer, the first computer by network Corresponding generation code is received by pre-set port numbers;
Fetcher code is input to the second computer coupled with network.
Further, communication link is set up between described first computer and network particularly as follows: the first computer uses communication Medium, is attached with Network Access Point, it is thus achieved that network communication link mandate password, and input password is set up and connected, and utilizes data Link layer protocol carries out password setup.
Further, described by the first computer request fetcher code: the generation of code: m is intended to the plaintext transmitted, optionally Two prime number p and q so that n=p*q > m;Select positive integer e so that e with p, q are coprime;Recycling division algorithm, i.e. tries to achieve The greatest common factor (G.C.F.) of two numbers, tries to achieve d, specifically comprises the following steps that
With a divided by b, obtain a ÷ b=r1 (0≤r1), if r1=0, then (a, b)=b;
If r1 ≠ 0, the most again with b divided by r1, obtain b ÷ r1=r2 (0≤r2);
If r2=0, then (a, b)=r1,
If r2 ≠ 0, then continuation r1 is divided by r2 ... so on, until aliquot;Just obtain e*n and D*n, e*n are the public-key cryptography for encryption, and d*n is private decipherment key.
Further, the confidentiality of the method for protection computer network security is different numerical value are carried out Factorization cost Time, the length of n determines the reliability of this algorithm.
Further, the cryptographic key distribution method that in symmetric encryption method, cost is heavy is: user will be used for the key of encryption, public Turning up the soil and be distributed to any desired user, in addition to the validated user holding private cipher key, nobody can untie ciphertext.
Further, described second computer is the computer that only authorized user can access.
Further, the code being input to fetcher code in the second computer coupled with network generate through MCD, by with Family computer receives code, and then the fetcher code of display is input to the second computer of communicative couplings by user, and second calculates Machine includes the home of authorized user's physical access, and second computer is by communication link separate with MCD, and by known Home and network service, the fetcher code of input is generated by above-mentioned first computer request, and based on comparing generation Secure access between first equipment and network.
Further, the method for described protection computer network security allows user in advance public key publication out, for body Part differentiates.
The method of the protection computer network security that the present invention provides is logical based on setting up between the first computer and network News link, by the first computer request fetcher code, network generates fetcher code, the first computer receiving code, by institute State the second computer that fetcher code is input to couple with network.The present invention establishes encryption key flexibly, and algorithm is simply pacified Entirely, it is achieved process is easy, and in addition to the validated user holding private cipher key, other people can not untie ciphertext, solves in symmetry The cipher key distribution problem that in encryption method, cost is heavy, it addition, this method hardware device is simple, performs speed fast, it is possible to fully Protection computer network security.
Accompanying drawing explanation
Fig. 1 is the method flow diagram of the protection computer network security that the embodiment of the present invention provides.
Detailed description of the invention
In order to make the purpose of the present invention, technical scheme and advantage clearer, below in conjunction with embodiment, to the present invention It is further elaborated.Should be appreciated that specific embodiment described herein, only in order to explain the present invention, is not used to Limit the present invention.
Below in conjunction with the accompanying drawings the application principle of the present invention is further described.
As shown in Figure 1: a kind of method protecting computer network security, the method bag of described protection computer network security Include following steps:
Communication link is set up between S101: the first computer and network;
S102: by the first computer request fetcher code: the generation of code: m is intended to the plaintext transmitted, optional two elements Number p and q so that n=p*q > m;Select positive integer e so that e with p, q are coprime;Recycling division algorithm, i.e. tries to achieve two numbers Greatest common factor (G.C.F.), try to achieve d, just obtain e*n and d*n, e*n be for encryption public-key cryptography, d*n is that privately owned deciphering is close Key;
S103: generated fetcher code by network: generate fetcher code, generation by code encryption process and code decryption process Using public-key cryptography to be encrypted plaintext m during code encryption, algorithm is: c=m*mod n, after the c tried to achieve is i.e. m encryption Ciphertext;
Using private cipher key to be decrypted ciphertext c during code decryption, algorithm is: m=c*mod n, the m tried to achieve It is the plaintext corresponding to ciphertext c;
S104: received code by the first computer: the fetcher code of generation is sent to the first computer by network, and first counts Calculation machine receives corresponding generation code by pre-set port numbers;
S105: fetcher code is input to the second computer coupled with network.
Further, communication link is set up between described first computer and network particularly as follows: the first computer uses communication Medium, is attached with Network Access Point, it is thus achieved that network communication link mandate password, and input password is set up and connected, and utilizes data Link layer protocol carries out password setup.
Further, described by the first computer request fetcher code: the generation of code: m is intended to the plaintext transmitted, optionally Two prime number p and q so that n=p*q > m;Select positive integer e so that e with p, q are coprime;Recycling division algorithm, i.e. tries to achieve The greatest common factor (G.C.F.) of two numbers, tries to achieve d, specifically comprises the following steps that
With a divided by b, obtain a ÷ b=r1 (0≤r1), if r1=0, then (a, b)=b;
If r1 ≠ 0, the most again with b divided by r1, obtain b ÷ r1=r2 (0≤r2);
If r2=0, then (a, b)=r1,
If r2 ≠ 0, then continuation r1 is divided by r2 ... so on, until aliquot;Just obtain e*n and D*n, e*n are the public-key cryptography for encryption, and d*n is private decipherment key.
Further, the confidentiality of the method for protection computer network security is different numerical value are carried out Factorization cost Time, the length of n determines the reliability of this algorithm.
Further, the cryptographic key distribution method that in symmetric encryption method, cost is heavy is: user will be used for the key of encryption, public Turning up the soil and be distributed to any desired user, in addition to the validated user holding private cipher key, nobody can untie ciphertext.
Further, described second computer is the computer that only authorized user can access.
Further, the code being input to fetcher code in the second computer coupled with network generate through MCD, by with Family computer receives code, and then the fetcher code of display is input to the second computer of communicative couplings by user, and second calculates Machine includes the home of authorized user's physical access, and second computer is by communication link separate with MCD, and by known Home and network service, the fetcher code of input is generated by above-mentioned first computer request, and based on comparing generation Secure access between first equipment and network.
Further, the method for described protection computer network security allows user in advance public key publication out, for body Part differentiates.
The application principle of the present invention is further described by embodiment in detail below.
Embodiment 1:
A kind of method protecting computer network security, described method comprises the steps, as follows with reference to Figure of description, Elaborate the present invention in conjunction with the embodiments:
(1) including using the first computer that network is set up first order secure access such as figure, wherein, the access to network is Controlled by enterprise's (such as business, company and tissue), and be substantially prevented from the unauthorized user acquisition access to network;
(2) first computer request fetcher codes:
First computer request fetcher code be by MCD (controller) be communicatively coupled to the plug of network, socket or its He links hard component, asks network access code, specifically comprises the following steps that
The generation of code: m is intended to the plaintext transmitted, optional two prime number p and q so that n=p*q > m.Select the most whole Number e so that e with p, q are coprime;Recycling division algorithm, tries to achieve d, and just obtaining e*n is the public-key cryptography for encryption, d*n It it is private decipherment key;
(3) network generation fetcher code:
When using the first compunication to be coupled to the webserver, need to generate fetcher code, generate fetcher code Algorithm sufficiently robust to provide the guaranteeing of intended level, it is ensured that fetcher code can not generate generation either with or without another equipment of coupling Code, this process includes code encryption process and code decryption process:
A. code encryption process: using public-key cryptography to be encrypted plaintext m, algorithm is: c=m*modn (c=m* Mod n), the c tried to achieve is i.e. the ciphertext after m encryption;
B. code decryption process: using private cipher key to be decrypted ciphertext c, algorithm is: m=c*mod n, the m tried to achieve It is the plaintext corresponding to ciphertext c;
(4) code generated is sent back to user:
The code generated, through MCD, is received code by subscriber computer, and then the fetcher code of display is input to by user The second computer of communicative couplings, the second equipment includes that authorized user can be with the home of physical access, and the second equipment passes through Communication link separate with MCD, and by known home and network service, the fetcher code of input is calculated by above-mentioned first Machine request is generated, and based on the secure access compared between first equipment of generation and network;
(5) confidentiality of the method is to carry out different numerical value the time of Factorization cost, and the length of n determines this The reliability of algorithm;
(6) user use described method time, be will be used for encryption key, be distributed to publicly any desired other User.In addition to the validated user holding private cipher key, nobody can untie ciphertext.Solve cost in symmetric encryption method Heavy cipher key distribution problem;
(7) this method allows user in advance public key publication out, so can be used for identity and differentiates.
The foregoing is only presently preferred embodiments of the present invention, not in order to limit the present invention, all essences in the present invention Any amendment, equivalent and the improvement etc. made within god and principle, should be included within the scope of the present invention.

Claims (8)

1. the method protecting computer network security, it is characterised in that: the method bag of described protection computer network security Include following steps:
Communication link is set up between first computer and network;
By the first computer request fetcher code: the generation of code: m is intended to the plaintext transmitted, optional two prime number p and q, makes Obtain n=p*q > m;Select positive integer e so that e with p, q are coprime;Recycling division algorithm, i.e. tries to achieve the grand duke of two numbers The factor, tries to achieve d, and just obtaining e*n and d*n, e*n is the public-key cryptography for encryption, and d*n is private decipherment key;
Fetcher code is generated: using public-key cryptography to be encrypted plaintext m during code encryption, algorithm is: c=by network M*mod n, the c tried to achieve are i.e. the ciphertexts after fetcher code m encryption;Use private cipher key that ciphertext c is entered during code decryption Row deciphering, algorithm is: m=c*mod n, and the m tried to achieve is the plaintext corresponding to ciphertext c;
Code is received: the fetcher code of generation is sent to the first computer by network, and the first computer passes through by the first computer Pre-set port numbers receives corresponding generation code;
Fetcher code is input to the second computer coupled with network.
2. the method protecting computer network security as claimed in claim 1, it is characterised in that described first computer and net Set up communication link between network particularly as follows: the first computer uses communication media, be attached with Network Access Point, it is thus achieved that network Communication link mandate password, input password is set up and is connected, utilizes data link layer protocol to carry out password setup.
3. the as claimed in claim 1 method protecting computer network security, it is characterised in that described please by the first computer Seek fetcher code: the generation of code: m is intended to the plaintext transmitted, optional two prime number p and q so that n=p*q > m;Select Positive integer e so that e with p, q are coprime;Recycling division algorithm, i.e. tries to achieve the greatest common factor (G.C.F.) of two numbers, tries to achieve d, specifically walk Rapid as follows:
With a divided by b, obtain a ÷ b=r1 (0≤r1), if r1=0, then (a, b)=b;
If r1 ≠ 0, the most again with b divided by r1, obtain b ÷ r1=r2 (0≤r2);
If r2=0, then (a, b)=r1,
If r2 ≠ 0, then continuation r1 is divided by r2 ... so on, until aliquot;Just obtain e*n and d*n, E*n is the public-key cryptography for encryption, and d*n is private decipherment key.
4. the method protecting computer network security as claimed in claim 1, it is characterised in that protection computer network security The confidentiality of method be different numerical value are carried out the time of Factorization cost, the length of n determines the reliability of this algorithm.
5. the method protecting computer network security as claimed in claim 1, it is characterised in that cost in symmetric encryption method Heavy cryptographic key distribution method is: user, by being used for the key of encryption, is distributed to any desired user, publicly except holding Outside the validated user of private cipher key, nobody can untie ciphertext.
6. the method protecting computer network security as claimed in claim 1, it is characterised in that described second computer is only There is the computer that authorized user can access.
7. the as claimed in claim 1 method protecting computer network security, it is characterised in that fetcher code is input to The code generated in the second computer of network coupling, through MCD, is received code by subscriber computer, and user is then by display Fetcher code is input to the second computer of communicative couplings, and second computer includes the home of authorized user's physical access, Second computer is by communication link separate with MCD, and by known home and network service, the fetcher code of input Generated by above-mentioned first computer request, and based on the secure access compared between first equipment of generation and network.
8. the method protecting computer network security as claimed in claim 1, it is characterised in that described protection computer network The method of safety allows user in advance public key publication out, differentiates for identity.
CN201610481487.9A 2016-06-27 2016-06-27 A kind of method protecting computer network security Pending CN106130978A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610481487.9A CN106130978A (en) 2016-06-27 2016-06-27 A kind of method protecting computer network security

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610481487.9A CN106130978A (en) 2016-06-27 2016-06-27 A kind of method protecting computer network security

Publications (1)

Publication Number Publication Date
CN106130978A true CN106130978A (en) 2016-11-16

Family

ID=57267294

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610481487.9A Pending CN106130978A (en) 2016-06-27 2016-06-27 A kind of method protecting computer network security

Country Status (1)

Country Link
CN (1) CN106130978A (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6259909B1 (en) * 1997-05-28 2001-07-10 Telefonaktiebolaget Lm Ericsson (Publ) Method for securing access to a remote system
US20050082429A1 (en) * 2002-11-19 2005-04-21 D'alvia Graham R. Cockpit access protection system
CN101523853A (en) * 2006-10-04 2009-09-02 波音公司 Methods and systems for securing a computer network

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6259909B1 (en) * 1997-05-28 2001-07-10 Telefonaktiebolaget Lm Ericsson (Publ) Method for securing access to a remote system
US20050082429A1 (en) * 2002-11-19 2005-04-21 D'alvia Graham R. Cockpit access protection system
CN101523853A (en) * 2006-10-04 2009-09-02 波音公司 Methods and systems for securing a computer network

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
吴撷芳: "我国古代求最大公约数的又一法-"辗转相除法"", 《中学生数学》 *
彭水生: "利用辗转相除法求最大公约数", 《江西教育》 *
王玉新: "计算机程序设计上辗转相除法的实际应用研究", 《数字技术与应用》 *
龙建超: "公钥算法中大素数生成方法的研究改进", 《中国优秀硕士学位论文全文数据库 信息科技辑》 *

Similar Documents

Publication Publication Date Title
US7831051B2 (en) Secure communication between a hardware device and a computer
CN101800738B (en) Realization system and method for safely visiting and storing intranet data by mobile equipment
JP7160605B2 (en) Method and system for secure data transfer
CN101771699A (en) Method and system for improving SaaS application security
WO2020192285A1 (en) Key management method, security chip, service server and information system
CN103986583A (en) Dynamic encryption method and encryption communication system thereof
JP2009103774A (en) Secret sharing system
CN104753953A (en) Access control system
CN101895882A (en) Data transmission method, system and device in WiMAX system
CN101808089A (en) Secret data transmission protection method based on isomorphism of asymmetrical encryption algorithm
CN102986161A (en) Method for the cryptographic protection of an application
US11677546B2 (en) Methods and systems of securely transferring data
CN104901803A (en) Data interaction safety protection method based on CPK identity authentication technology
CN108632251A (en) Authentic authentication method based on cloud computing data service and its Encryption Algorithm
CN101908962A (en) Key management method for integrated avionic system
KR101359789B1 (en) System and method for security of scada communication network
CN110519238A (en) A kind of Internet of Things security system and communication means based on cryptographic technique
CN102118311B (en) Data transmission method
CN104009841A (en) Message encrypting method under instant messaging situation
CN101047945B (en) Mobile communication system and customer temporary identity distribution method
CN108123797A (en) Network cryptographic device based on quantum key
GB2579884A (en) Methods and systems of securely transferring data
CN106130978A (en) A kind of method protecting computer network security
CN109257371A (en) Negotiate safeguards system and dynamic negotiation method
CN103200170A (en) Data exchange method

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20161116