CN106130978A - A kind of method protecting computer network security - Google Patents
A kind of method protecting computer network security Download PDFInfo
- Publication number
- CN106130978A CN106130978A CN201610481487.9A CN201610481487A CN106130978A CN 106130978 A CN106130978 A CN 106130978A CN 201610481487 A CN201610481487 A CN 201610481487A CN 106130978 A CN106130978 A CN 106130978A
- Authority
- CN
- China
- Prior art keywords
- computer
- code
- network
- network security
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3006—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
- H04L9/3033—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters details relating to pseudo-prime or prime number generation, e.g. primality test
Abstract
The invention discloses a kind of method protecting computer network security, specifically comprise the following steps that and set up communication link between the first computer and network;By the first computer request fetcher code;Fetcher code is generated by network;Code is received by the first computer;Described fetcher code is input to the second computer coupled with network.The present invention establishes encryption key flexibly; in addition to the validated user holding private cipher key; other people can not untie ciphertext; solve the cipher key distribution problem that cost in symmetric encryption method is heavy; additionally; this method hardware device is simple, performs speed fast, it is possible to sufficiently protect computer network security.
Description
Technical field
The invention belongs to security technology area, particularly relate to a kind of method protecting computer network security.
Background technology
The fast development of computer and network technologies, promotes and have impact on the economy of entire society, cultural development and science
The progress of technology.In the last few years, computer network had the most deeply been applied to the various aspects of social life, had been increasingly becoming people
Routine work and life in indispensable part.But, along with constantly expanding and network information resource of network size
Constantly open, the problem of the network information security is the most prominent, the number of network security accident and the loss that causes thereof also by
Gradually increase.Computer network security is a more complicated problem, and it not only relate to the problem of technical elements, further relates to
All many contents such as social environment and method Tianjin regulation are arrived.
Computer network security, refers to utilize network information management technology and control measure, protects and ensure network environment
The integrity of middle data, confidentiality and workability.Determining of the computer security be given according to ISO (International Organization for Standardization)
Justice, computer network security refers to hardware, software and the data money protected in computer network system, will not be because of malice or even
Right reason is suffered to destroy, change and reveal, thus ensure the properly functioning of network system and network service normal in order.Meter
Calculation machine network security includes the content of technology and two aspects of management.Computer network security technology: refer to take precautions against outside not
The rogue attacks behavior of authorized user, thus ensure that computer network not by malice and accidentally attacks destruction, it is ensured that computer network
The orderly safe operation of network.Computer security management, refers to the security maintenance of computer hardware, software and network system, anti-
Only the data message in computer hardware, software and network system is arbitrarily destroyed, revealed and is changed.Computer network security skill
Art and management be combined with each other and constitute computer network security system, ensure that the properly functioning of computer.
For network security problem, have already been proposed a lot of solution.But, currently existing scheme be mostly based on
The software view of TCP/IP realizes.Although utilizing purely software approach, carry to the security control of network
Supply the biggest degree of freedom and motility, but, this also can allow system there is leak, brings opportunity to hackers.
Summary of the invention
It is an object of the invention to overcome existing encryption system complicated, encryption level of confidentiality is the highest, and encryption uses the net of underaction
Network cipher mode, it is provided that a kind of flexible, level of confidentiality coefficient height, the protection computer network security method of encryption.
The present invention is achieved in that a kind of method protecting computer network security, and described protection computer network is pacified
Full method comprises the steps:
Communication link is set up between first computer and network;
By first computer request fetcher code: the generation of code: m be intended to transmit plaintext, optional two prime number p with
Q so that n=p*q > m;Select positive integer e so that e with p, q are coprime;Recycling division algorithm, i.e. tries to achieve two numbers
Big common factor, tries to achieve d, and just obtaining e*n and d*n, e*n is the public-key cryptography for encryption, and d*n is private decipherment key;
Fetcher code is generated: using public-key cryptography to be encrypted plaintext m during code encryption, algorithm is: c by network
=m*mod n, the c tried to achieve are i.e. the ciphertexts after fetcher code m encryption;Use private cipher key to ciphertext c during code decryption
Being decrypted, algorithm is: m=c*mod n, and the m tried to achieve is the plaintext corresponding to ciphertext c;
By the first computer reception code: the fetcher code of generation is sent to the first computer, the first computer by network
Corresponding generation code is received by pre-set port numbers;
Fetcher code is input to the second computer coupled with network.
Further, communication link is set up between described first computer and network particularly as follows: the first computer uses communication
Medium, is attached with Network Access Point, it is thus achieved that network communication link mandate password, and input password is set up and connected, and utilizes data
Link layer protocol carries out password setup.
Further, described by the first computer request fetcher code: the generation of code: m is intended to the plaintext transmitted, optionally
Two prime number p and q so that n=p*q > m;Select positive integer e so that e with p, q are coprime;Recycling division algorithm, i.e. tries to achieve
The greatest common factor (G.C.F.) of two numbers, tries to achieve d, specifically comprises the following steps that
With a divided by b, obtain a ÷ b=r1 (0≤r1), if r1=0, then (a, b)=b;
If r1 ≠ 0, the most again with b divided by r1, obtain b ÷ r1=r2 (0≤r2);
If r2=0, then (a, b)=r1,
If r2 ≠ 0, then continuation r1 is divided by r2 ... so on, until aliquot;Just obtain e*n and
D*n, e*n are the public-key cryptography for encryption, and d*n is private decipherment key.
Further, the confidentiality of the method for protection computer network security is different numerical value are carried out Factorization cost
Time, the length of n determines the reliability of this algorithm.
Further, the cryptographic key distribution method that in symmetric encryption method, cost is heavy is: user will be used for the key of encryption, public
Turning up the soil and be distributed to any desired user, in addition to the validated user holding private cipher key, nobody can untie ciphertext.
Further, described second computer is the computer that only authorized user can access.
Further, the code being input to fetcher code in the second computer coupled with network generate through MCD, by with
Family computer receives code, and then the fetcher code of display is input to the second computer of communicative couplings by user, and second calculates
Machine includes the home of authorized user's physical access, and second computer is by communication link separate with MCD, and by known
Home and network service, the fetcher code of input is generated by above-mentioned first computer request, and based on comparing generation
Secure access between first equipment and network.
Further, the method for described protection computer network security allows user in advance public key publication out, for body
Part differentiates.
The method of the protection computer network security that the present invention provides is logical based on setting up between the first computer and network
News link, by the first computer request fetcher code, network generates fetcher code, the first computer receiving code, by institute
State the second computer that fetcher code is input to couple with network.The present invention establishes encryption key flexibly, and algorithm is simply pacified
Entirely, it is achieved process is easy, and in addition to the validated user holding private cipher key, other people can not untie ciphertext, solves in symmetry
The cipher key distribution problem that in encryption method, cost is heavy, it addition, this method hardware device is simple, performs speed fast, it is possible to fully
Protection computer network security.
Accompanying drawing explanation
Fig. 1 is the method flow diagram of the protection computer network security that the embodiment of the present invention provides.
Detailed description of the invention
In order to make the purpose of the present invention, technical scheme and advantage clearer, below in conjunction with embodiment, to the present invention
It is further elaborated.Should be appreciated that specific embodiment described herein, only in order to explain the present invention, is not used to
Limit the present invention.
Below in conjunction with the accompanying drawings the application principle of the present invention is further described.
As shown in Figure 1: a kind of method protecting computer network security, the method bag of described protection computer network security
Include following steps:
Communication link is set up between S101: the first computer and network;
S102: by the first computer request fetcher code: the generation of code: m is intended to the plaintext transmitted, optional two elements
Number p and q so that n=p*q > m;Select positive integer e so that e with p, q are coprime;Recycling division algorithm, i.e. tries to achieve two numbers
Greatest common factor (G.C.F.), try to achieve d, just obtain e*n and d*n, e*n be for encryption public-key cryptography, d*n is that privately owned deciphering is close
Key;
S103: generated fetcher code by network: generate fetcher code, generation by code encryption process and code decryption process
Using public-key cryptography to be encrypted plaintext m during code encryption, algorithm is: c=m*mod n, after the c tried to achieve is i.e. m encryption
Ciphertext;
Using private cipher key to be decrypted ciphertext c during code decryption, algorithm is: m=c*mod n, the m tried to achieve
It is the plaintext corresponding to ciphertext c;
S104: received code by the first computer: the fetcher code of generation is sent to the first computer by network, and first counts
Calculation machine receives corresponding generation code by pre-set port numbers;
S105: fetcher code is input to the second computer coupled with network.
Further, communication link is set up between described first computer and network particularly as follows: the first computer uses communication
Medium, is attached with Network Access Point, it is thus achieved that network communication link mandate password, and input password is set up and connected, and utilizes data
Link layer protocol carries out password setup.
Further, described by the first computer request fetcher code: the generation of code: m is intended to the plaintext transmitted, optionally
Two prime number p and q so that n=p*q > m;Select positive integer e so that e with p, q are coprime;Recycling division algorithm, i.e. tries to achieve
The greatest common factor (G.C.F.) of two numbers, tries to achieve d, specifically comprises the following steps that
With a divided by b, obtain a ÷ b=r1 (0≤r1), if r1=0, then (a, b)=b;
If r1 ≠ 0, the most again with b divided by r1, obtain b ÷ r1=r2 (0≤r2);
If r2=0, then (a, b)=r1,
If r2 ≠ 0, then continuation r1 is divided by r2 ... so on, until aliquot;Just obtain e*n and
D*n, e*n are the public-key cryptography for encryption, and d*n is private decipherment key.
Further, the confidentiality of the method for protection computer network security is different numerical value are carried out Factorization cost
Time, the length of n determines the reliability of this algorithm.
Further, the cryptographic key distribution method that in symmetric encryption method, cost is heavy is: user will be used for the key of encryption, public
Turning up the soil and be distributed to any desired user, in addition to the validated user holding private cipher key, nobody can untie ciphertext.
Further, described second computer is the computer that only authorized user can access.
Further, the code being input to fetcher code in the second computer coupled with network generate through MCD, by with
Family computer receives code, and then the fetcher code of display is input to the second computer of communicative couplings by user, and second calculates
Machine includes the home of authorized user's physical access, and second computer is by communication link separate with MCD, and by known
Home and network service, the fetcher code of input is generated by above-mentioned first computer request, and based on comparing generation
Secure access between first equipment and network.
Further, the method for described protection computer network security allows user in advance public key publication out, for body
Part differentiates.
The application principle of the present invention is further described by embodiment in detail below.
Embodiment 1:
A kind of method protecting computer network security, described method comprises the steps, as follows with reference to Figure of description,
Elaborate the present invention in conjunction with the embodiments:
(1) including using the first computer that network is set up first order secure access such as figure, wherein, the access to network is
Controlled by enterprise's (such as business, company and tissue), and be substantially prevented from the unauthorized user acquisition access to network;
(2) first computer request fetcher codes:
First computer request fetcher code be by MCD (controller) be communicatively coupled to the plug of network, socket or its
He links hard component, asks network access code, specifically comprises the following steps that
The generation of code: m is intended to the plaintext transmitted, optional two prime number p and q so that n=p*q > m.Select the most whole
Number e so that e with p, q are coprime;Recycling division algorithm, tries to achieve d, and just obtaining e*n is the public-key cryptography for encryption, d*n
It it is private decipherment key;
(3) network generation fetcher code:
When using the first compunication to be coupled to the webserver, need to generate fetcher code, generate fetcher code
Algorithm sufficiently robust to provide the guaranteeing of intended level, it is ensured that fetcher code can not generate generation either with or without another equipment of coupling
Code, this process includes code encryption process and code decryption process:
A. code encryption process: using public-key cryptography to be encrypted plaintext m, algorithm is: c=m*modn (c=m*
Mod n), the c tried to achieve is i.e. the ciphertext after m encryption;
B. code decryption process: using private cipher key to be decrypted ciphertext c, algorithm is: m=c*mod n, the m tried to achieve
It is the plaintext corresponding to ciphertext c;
(4) code generated is sent back to user:
The code generated, through MCD, is received code by subscriber computer, and then the fetcher code of display is input to by user
The second computer of communicative couplings, the second equipment includes that authorized user can be with the home of physical access, and the second equipment passes through
Communication link separate with MCD, and by known home and network service, the fetcher code of input is calculated by above-mentioned first
Machine request is generated, and based on the secure access compared between first equipment of generation and network;
(5) confidentiality of the method is to carry out different numerical value the time of Factorization cost, and the length of n determines this
The reliability of algorithm;
(6) user use described method time, be will be used for encryption key, be distributed to publicly any desired other
User.In addition to the validated user holding private cipher key, nobody can untie ciphertext.Solve cost in symmetric encryption method
Heavy cipher key distribution problem;
(7) this method allows user in advance public key publication out, so can be used for identity and differentiates.
The foregoing is only presently preferred embodiments of the present invention, not in order to limit the present invention, all essences in the present invention
Any amendment, equivalent and the improvement etc. made within god and principle, should be included within the scope of the present invention.
Claims (8)
1. the method protecting computer network security, it is characterised in that: the method bag of described protection computer network security
Include following steps:
Communication link is set up between first computer and network;
By the first computer request fetcher code: the generation of code: m is intended to the plaintext transmitted, optional two prime number p and q, makes
Obtain n=p*q > m;Select positive integer e so that e with p, q are coprime;Recycling division algorithm, i.e. tries to achieve the grand duke of two numbers
The factor, tries to achieve d, and just obtaining e*n and d*n, e*n is the public-key cryptography for encryption, and d*n is private decipherment key;
Fetcher code is generated: using public-key cryptography to be encrypted plaintext m during code encryption, algorithm is: c=by network
M*mod n, the c tried to achieve are i.e. the ciphertexts after fetcher code m encryption;Use private cipher key that ciphertext c is entered during code decryption
Row deciphering, algorithm is: m=c*mod n, and the m tried to achieve is the plaintext corresponding to ciphertext c;
Code is received: the fetcher code of generation is sent to the first computer by network, and the first computer passes through by the first computer
Pre-set port numbers receives corresponding generation code;
Fetcher code is input to the second computer coupled with network.
2. the method protecting computer network security as claimed in claim 1, it is characterised in that described first computer and net
Set up communication link between network particularly as follows: the first computer uses communication media, be attached with Network Access Point, it is thus achieved that network
Communication link mandate password, input password is set up and is connected, utilizes data link layer protocol to carry out password setup.
3. the as claimed in claim 1 method protecting computer network security, it is characterised in that described please by the first computer
Seek fetcher code: the generation of code: m is intended to the plaintext transmitted, optional two prime number p and q so that n=p*q > m;Select
Positive integer e so that e with p, q are coprime;Recycling division algorithm, i.e. tries to achieve the greatest common factor (G.C.F.) of two numbers, tries to achieve d, specifically walk
Rapid as follows:
With a divided by b, obtain a ÷ b=r1 (0≤r1), if r1=0, then (a, b)=b;
If r1 ≠ 0, the most again with b divided by r1, obtain b ÷ r1=r2 (0≤r2);
If r2=0, then (a, b)=r1,
If r2 ≠ 0, then continuation r1 is divided by r2 ... so on, until aliquot;Just obtain e*n and d*n,
E*n is the public-key cryptography for encryption, and d*n is private decipherment key.
4. the method protecting computer network security as claimed in claim 1, it is characterised in that protection computer network security
The confidentiality of method be different numerical value are carried out the time of Factorization cost, the length of n determines the reliability of this algorithm.
5. the method protecting computer network security as claimed in claim 1, it is characterised in that cost in symmetric encryption method
Heavy cryptographic key distribution method is: user, by being used for the key of encryption, is distributed to any desired user, publicly except holding
Outside the validated user of private cipher key, nobody can untie ciphertext.
6. the method protecting computer network security as claimed in claim 1, it is characterised in that described second computer is only
There is the computer that authorized user can access.
7. the as claimed in claim 1 method protecting computer network security, it is characterised in that fetcher code is input to
The code generated in the second computer of network coupling, through MCD, is received code by subscriber computer, and user is then by display
Fetcher code is input to the second computer of communicative couplings, and second computer includes the home of authorized user's physical access,
Second computer is by communication link separate with MCD, and by known home and network service, the fetcher code of input
Generated by above-mentioned first computer request, and based on the secure access compared between first equipment of generation and network.
8. the method protecting computer network security as claimed in claim 1, it is characterised in that described protection computer network
The method of safety allows user in advance public key publication out, differentiates for identity.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610481487.9A CN106130978A (en) | 2016-06-27 | 2016-06-27 | A kind of method protecting computer network security |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610481487.9A CN106130978A (en) | 2016-06-27 | 2016-06-27 | A kind of method protecting computer network security |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106130978A true CN106130978A (en) | 2016-11-16 |
Family
ID=57267294
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610481487.9A Pending CN106130978A (en) | 2016-06-27 | 2016-06-27 | A kind of method protecting computer network security |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106130978A (en) |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6259909B1 (en) * | 1997-05-28 | 2001-07-10 | Telefonaktiebolaget Lm Ericsson (Publ) | Method for securing access to a remote system |
US20050082429A1 (en) * | 2002-11-19 | 2005-04-21 | D'alvia Graham R. | Cockpit access protection system |
CN101523853A (en) * | 2006-10-04 | 2009-09-02 | 波音公司 | Methods and systems for securing a computer network |
-
2016
- 2016-06-27 CN CN201610481487.9A patent/CN106130978A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6259909B1 (en) * | 1997-05-28 | 2001-07-10 | Telefonaktiebolaget Lm Ericsson (Publ) | Method for securing access to a remote system |
US20050082429A1 (en) * | 2002-11-19 | 2005-04-21 | D'alvia Graham R. | Cockpit access protection system |
CN101523853A (en) * | 2006-10-04 | 2009-09-02 | 波音公司 | Methods and systems for securing a computer network |
Non-Patent Citations (4)
Title |
---|
吴撷芳: "我国古代求最大公约数的又一法-"辗转相除法"", 《中学生数学》 * |
彭水生: "利用辗转相除法求最大公约数", 《江西教育》 * |
王玉新: "计算机程序设计上辗转相除法的实际应用研究", 《数字技术与应用》 * |
龙建超: "公钥算法中大素数生成方法的研究改进", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7831051B2 (en) | Secure communication between a hardware device and a computer | |
CN101800738B (en) | Realization system and method for safely visiting and storing intranet data by mobile equipment | |
JP7160605B2 (en) | Method and system for secure data transfer | |
CN101771699A (en) | Method and system for improving SaaS application security | |
WO2020192285A1 (en) | Key management method, security chip, service server and information system | |
CN103986583A (en) | Dynamic encryption method and encryption communication system thereof | |
JP2009103774A (en) | Secret sharing system | |
CN104753953A (en) | Access control system | |
CN101895882A (en) | Data transmission method, system and device in WiMAX system | |
CN101808089A (en) | Secret data transmission protection method based on isomorphism of asymmetrical encryption algorithm | |
CN102986161A (en) | Method for the cryptographic protection of an application | |
US11677546B2 (en) | Methods and systems of securely transferring data | |
CN104901803A (en) | Data interaction safety protection method based on CPK identity authentication technology | |
CN108632251A (en) | Authentic authentication method based on cloud computing data service and its Encryption Algorithm | |
CN101908962A (en) | Key management method for integrated avionic system | |
KR101359789B1 (en) | System and method for security of scada communication network | |
CN110519238A (en) | A kind of Internet of Things security system and communication means based on cryptographic technique | |
CN102118311B (en) | Data transmission method | |
CN104009841A (en) | Message encrypting method under instant messaging situation | |
CN101047945B (en) | Mobile communication system and customer temporary identity distribution method | |
CN108123797A (en) | Network cryptographic device based on quantum key | |
GB2579884A (en) | Methods and systems of securely transferring data | |
CN106130978A (en) | A kind of method protecting computer network security | |
CN109257371A (en) | Negotiate safeguards system and dynamic negotiation method | |
CN103200170A (en) | Data exchange method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20161116 |