CN108460267A - A kind of teaching computer network information safety device - Google Patents
A kind of teaching computer network information safety device Download PDFInfo
- Publication number
- CN108460267A CN108460267A CN201711462099.7A CN201711462099A CN108460267A CN 108460267 A CN108460267 A CN 108460267A CN 201711462099 A CN201711462099 A CN 201711462099A CN 108460267 A CN108460267 A CN 108460267A
- Authority
- CN
- China
- Prior art keywords
- integrated
- usbkey
- management
- hardwares
- terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/14—Error detection or correction of the data by redundancy in operation
- G06F11/1402—Saving, restoring, recovering or retrying
- G06F11/1446—Point-in-time backing up or restoration of persistent data
- G06F11/1458—Management of the backup or restore process
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/606—Protecting data by securing the transmission between two devices or processes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/82—Protecting input, output or interconnection devices
- G06F21/85—Protecting input, output or interconnection devices interconnection devices, e.g. bus-connected or in-line devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Software Systems (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Automation & Control Theory (AREA)
- Databases & Information Systems (AREA)
- Quality & Reliability (AREA)
- Telephonic Communication Services (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a kind of teaching computer network information safety devices,Including terminal,And the management server by TCP/IP connections,And management server includes certificate server,VCN switching devices,Network-control,Port Management module and dual-layer data backup module,Terminal logs in management by what the single faces of USBKey integrated hardwares realized built in user,And the hardware that application layer is arranged in USBKey integrated hardwares is set fire wall module,Terminal realizes authentication by the PIN code booting dog in USBKey integrated hardwares,And the network connection mandate from certificate server is obtained by PIN code booting dog simultaneously,Unidirectional anti-copy module in USBKey integrated hardwares sets the interface of the other mobile devices of terminal to forbid read-write or read-only status,And terminal realizes the connection management and data transmission of network by the network interface management module and USB interface of USBKey integrated hardwares,It can effectively ensure that the safety of the network information.
Description
Technical field
The present invention relates to computer network security field, specially a kind of teaching computer network information safety device.
Background technology
Computer is big and information processing rate is fast with its information storage, is governability, science and technology research and development, army building
And the wing of rapid development has been plugged in enterprise development, and a large amount of Company Confidential, including business secret, technology machine are store in computer
Close, decision-making management is secret etc., the safety of computerized information be for company it is particularly important, therefore, concerning security matters unit meeting
It takes several steps to take precautions against the stolen risk of computerized information, the means of the outer thief of the strick precaution mostly used greatly are to install to supervise in company
Equipment, warning device etc. are controlled, the conventional means that information data is stolen for taking precautions against intra-company personnel are that computer is not provided with pair
Outer coffret, but more and more information are stolen when people surf the Internet, and the data of computer are protected when in order to surf the Internet
Safety, some clients are using installation software firewall, but software firewall is mounted on application layer, soft when program is run
Part fire wall just starts, and the effect to the protection of computer is little, is a kind of pseudo- protection, and computer is a open
Information stores and intercommunion platform, and internal information is extremely easy through USB, floppy drive, CD-ROM drive, serial ports, parallel port, infrared, 1394 interfaces
And network illegally copies out, especially by large capacity disk cartridge, or even can copy entire LAN Information completely
Shellfish walks.
Invention content
In order to overcome the shortcomings of that prior art, a kind of teaching of present invention offer are filled with information security of computer network
It sets, can effectively solve the problem that the problem of background technology proposes.
The technical solution adopted by the present invention to solve the technical problems is:
A kind of teaching computer network information safety device, including terminal, and pass through TCP/IP connections
Management server, and management server includes certificate server, VCN switching devices, network-control, Port Management module and double
Layer data backup module, terminal log in management by what the single faces of USBKey integrated hardwares realized built in user,
And the hardware that application layer is arranged in USBKey integrated hardwares is set fire wall module, terminal is by USBKey integrated hardwares
PIN code booting dog realizes authentication, and obtains the network connection from certificate server by PIN code booting dog simultaneously and award
It weighs, the interface of the other mobile devices of terminal is set as forbidding reading by the unidirectional anti-copy module in USBKey integrated hardwares
It writes or read-only status, and terminal passes through the network interface management module and USB interface of USBKey integrated hardwares and realizes net
The connection management and data transmission of network.
Further, wherein dual-layer data backup module includes hardware database A and hardware database B, and management service
Utensil has the direct management of hardware database A to authorize, and hardware database B is by accessing management server, hardware number after VCN gateways
According to being provided with relay contact switch on the connection path between library A and hardware database B.
Further, the unidirectional anti-copy module in USBKey integrated hardwares includes that high speed is total for processor, integrated PCI
Wire protocol, the fpga chip of enciphering and deciphering algorithm and cache flash storage composition, high speed microprocessor inside are three-level stream
Water.
Further, the network port of the CPU of terminal is connected by network interface card with the input terminal of hardware firewall,
Hardware firewall uses the fire wall of Eudemon8080.
Compared with prior art, the beneficial effects of the invention are as follows:
(1) being realized to the terminal for accessing computer network by USBKey integrated hardwares for the present invention virtualizes area
Domain divides, and realizes unitized management, and terminal is started using user to be opened with encrypted special equipment USBKey and PIN code
Machine dog forms dual factors secure log and avoids forcing to access protection, meanwhile, it is unidirectional to copy mould data transfer algorithms in the block,
It ensure that data exchange is in the state of opposite secrecy and safety;
(2) system of the invention allows the visit that each terminal has enough rights to carry out server data information
It asks, and to sensitive data progress protection setting and seat control accordingly and can add in the Intranet access mandate under security situation
It is close, and whether be connected to independent of network, the back mechanism of corresponding double hardware databases can effectively prevent data information
It is destroyed, protection information safety.
Description of the drawings
Fig. 1 is the overall system structure schematic diagram of the present invention;
Figure label:
1- terminals;2- management servers;3-USBKey integrated hardwares;4- network interface cards;
201- certificate servers;202-VCN switching devices;203- network-controls;204- Port Management modules;205- is double-deck
Data backup module;2051- hardware databases A;2052- hardware databases B;2053-VCN gateways;2054- relay contacts are opened
It closes;
301- hardware is set fire wall;302-PIN codes booting dog;The unidirectional anti-copy modules of 303-;304- network interface management moulds
Block;305-USB interfaces;3031- high speed microprocessors;3032- integrates pci bus agreement;3033- enciphering and deciphering algorithm FPGA cores
Piece;3034- cache flash storages.
Specific implementation mode
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation describes, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other
Embodiment shall fall within the protection scope of the present invention.
As shown in Figure 1, the present invention provides a kind of teaching computer network information safety device, including terminal
1, and by the management server 2 of TCP/IP connections, and management server 2 includes certificate server 201, VCN switching devices
202, network-control 203, Port Management module 204 and dual-layer data backup module 205, terminal 1 pass through USBKey
The single face of integrated hardware 3 realizes the management that logs in of built in user, and the hard of physical layer is arranged in USBKey integrated hardwares 3
Part is set fire wall module 301, and terminal 1 realizes authentication by the PIN code booting dog 302 in USBKey integrated hardwares 3, and
The network connection mandate from certificate server 201 is obtained by the PIN code dog 302 that is switched on simultaneously, in USBKey integrated hardwares 3
Unidirectional anti-copy module 303 is set as the interface of the other connection mobile devices of terminal 1 to forbid read-write or read-only status,
And terminal 1 realizes the company of network by the network interface management module 304 and USB interface 305 of USBKey integrated hardwares 3
Take over reason and data transmission.
The terminal for accessing TCP is divided by void by management server 2 VCN switching devices 202 in the present invention
The certification area and unverified area of quasi-ization, and the premise of the terminal 1 in certification area is intervention USBKey integrated hardwares 3, and
3 incidental PIN code of USBKey integrated hardwares generates access request, by the mandate of certificate server 201, is calculated to realize
Machine terminal 1 starts application access, while PIN code booting dog 302 keys in the PIN code of unique mark interface, realizes computer
The network port of initial start, the CPU of terminal 1 is connected by network interface card 4 with the input terminal of hardware firewall 301, firmly
Part fire wall 301 uses the fire wall of Eudemon8080, Eudemon8080 hardware firewalls to be mounted on physical layer, and in network interface card
Before 4, various attacks, DoS attack is effectively prevented to take precautions against type and include:SYNFLOOD, ICMPFLOOD, UDPFLOOD, CC are attacked
Hit, IPSpoofing, LAND attack, smurf attack, Fraggle attacks, Winnuke, PingofDeath, TearDrop,
Location scanning, port scan, IPOption controls, the control of IP fragmentation message, the validity checking of TCP labels, super large icmp packet control
System, ICMP redirection messages, the unreachable messages of ICMP, TRACERT messages, HTTPGet are attacked, BGPFLOOD is attacked,
DNSFLOOD attacks etc..
Wherein dual-layer data backup module 205 includes hardware database A2051 and hardware database B2052, and manages clothes
Directly management of the business device 2 with hardware database A2051 authorizes, and hardware database B2052 passes through access tube after VCN gateways 2053
Server 2 is managed, being provided with relay contact on the connection path between hardware database A2051 and hardware database B2052 opens
2054 are closed, when secure network connection network interface card 4 is so that relay contact switch 2054 is connected to, the content in hardware database A is by reality
When backup in hardware database B, and carry out hardware database B reading mandate when must be made firmly by VCN gateways
Part database B is in interior net state, when the switching of network interface card 4 or VCN switching devices carry out network connection state conversion by network connection
In state indexing when net state, relay contact switch 2054 disconnects so that hardware database B and hardware database A, which is disconnected, to be connected
It connects, stops backup, and to the connection for providing hardware database A and server, VCN gateways 2053 switch to hardware database B
Interior net state, while forbidding the access mandate of terminal 1, to ensure the information security of database, avoid internet worm
Intrusion, prevents data-base content from damaging.
Unidirectional anti-copy module 303 in USBKey integrated hardwares 3 is total including high speed microprocessor 3031, integrated PCI
Wire protocol 3032, the fpga chip 3033 of enciphering and deciphering algorithm and cache flash storage 3034 form, high speed microprocessor
Inside is three-level flowing water, and the fpga chip 3033 of enciphering and deciphering algorithm therein generates two keys when carrying out enciphering and deciphering algorithm,
Two equally big prime number ps and q are chosen simultaneously, and public-key cryptography includes modulus M and exponent e.Modulus M=p × q;Exponent e is encryption
Key, randomly selecting keeps e and (p-1) (q-1) coprime.Private key d is decruption key, meets e × d ≡ 1mod (p-1) (q-
1), i.e. d=e-1mod ((p-1) (q-1)) when encryption, will be divided into the packet X smaller than M and (use binary system, choose in plain text
2 maximum power less than n), encrypted ciphertext is made of the grouping C of equal length, and calculation formula is:Encrypt formula:C=
When Xe (modM) ciphertext data, takes each encrypted grouping C to calculate, restore plaintext X, calculate as follows:Decrypt formula:X=
Cd(modM)。
Entire algorithm process process is controlled while encryption and decryption calculates by built-in state machine to circulate, control module life
Control signal of the modules under corresponding state, including the control of three-level flowing water and interruption control etc. are produced, cache Flash is deposited
The intermediate result and end-results of 3034 modular multiplication of reservoir, and finally by Network Interface Module 304 and external harmoniousness pci bus
3032 Signal Matching of agreement is completed data and is output and input.
It is obvious to a person skilled in the art that invention is not limited to the details of the above exemplary embodiments, Er Qie
In the case of without departing substantially from spirit or essential attributes of the invention, the present invention can be realized in other specific forms.Therefore, no matter
From the point of view of which point, the present embodiments are to be considered as illustrative and not restrictive, and the scope of the present invention is by appended power
Profit requires rather than above description limits, it is intended that all by what is fallen within the meaning and scope of the equivalent requirements of the claims
Variation is included within the present invention.Any reference signs in the claims should not be construed as limiting the involved claims.
Claims (4)
1. a kind of teaching computer network information safety device, it is characterised in that:Including terminal (1), and pass through
The management server (2) of TCP/IP connections, and management server (2) includes certificate server (201), VCN switching devices
(202), network-control (203), Port Management module (204) and dual-layer data backup module (205), terminal (1)
Management is logged in by what the single faces of USBKey integrated hardwares (3) realized built in user, and in USBKey integrated hardwares (3)
The hardware that physical layer is arranged is set fire wall module (301), and terminal (1) is switched on by the PIN code in USBKey integrated hardwares (3)
Dog (302) realizes authentication, and obtains the network from certificate server (201) by PIN code booting dog (302) simultaneously and connect
Mandate is connect, the unidirectional anti-copy module (303) in USBKey integrated hardwares (3) sets the other connection movements of terminal (1)
Standby interface is set as forbidding read-write or read-only status, and terminal (1) is connect by the network of USBKey integrated hardwares (3)
Mouth management module (304) and USB interface (305) realize the connection management and data transmission of network.
2. a kind of teaching computer network information safety device according to claim 1, it is characterised in that:It is wherein double-deck
Data backup module (205) includes hardware database A (2051) and hardware database B (2052), and management server (2) has
The directly management of hardware database A (2051) authorizes, and hardware database B (2052) passes through VCN gateways (2053) access-in management afterwards
Server (2) is provided with relay on the connection path between hardware database A (2051) and hardware database B (2052) and touches
Point switch (2054).
3. a kind of teaching computer network information safety device according to claim 1, it is characterised in that:In USBKey
Unidirectional anti-copy module (303) in integrated hardware (3) includes high speed microprocessor (3031), integrated pci bus agreement
(3032), the fpga chip (3033) of enciphering and deciphering algorithm and cache flash storage (3034) composition, high speed microprocessor
Inside is three-level flowing water.
4. a kind of teaching computer network information safety device according to claim 1, it is characterised in that:Computer is whole
The network port of the CPU of (1) is held to be connected with the input terminal of hardware firewall (301) by network interface card (4), hardware firewall
(301) fire wall of Eudemon8080 is used.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711462099.7A CN108460267B (en) | 2017-12-28 | 2017-12-28 | Computer network information safety device for teaching |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711462099.7A CN108460267B (en) | 2017-12-28 | 2017-12-28 | Computer network information safety device for teaching |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108460267A true CN108460267A (en) | 2018-08-28 |
CN108460267B CN108460267B (en) | 2020-04-17 |
Family
ID=63220407
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711462099.7A Active CN108460267B (en) | 2017-12-28 | 2017-12-28 | Computer network information safety device for teaching |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108460267B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110955878A (en) * | 2019-11-29 | 2020-04-03 | 临沂大学 | Industrial computer information safety processing device |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080320589A1 (en) * | 2007-06-22 | 2008-12-25 | Xavier Gonzalez | Securing system and method using a security device |
CN101964709A (en) * | 2010-09-02 | 2011-02-02 | 浪潮齐鲁软件产业有限公司 | USB KEY for independently transmitting information through 3G module |
CN202077041U (en) * | 2011-05-12 | 2011-12-14 | 郑州信大捷安信息技术股份有限公司 | Trusted system based on USB (Universal Serial Bus) secure storage encryption card |
CN103116720A (en) * | 2011-11-16 | 2013-05-22 | 航天信息股份有限公司 | Universal serial bus (USB) Key device and account management method and authentication application method thereof |
CN204695314U (en) * | 2015-06-11 | 2015-10-07 | 包头轻工职业技术学院 | A kind of computer information safe device |
-
2017
- 2017-12-28 CN CN201711462099.7A patent/CN108460267B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080320589A1 (en) * | 2007-06-22 | 2008-12-25 | Xavier Gonzalez | Securing system and method using a security device |
CN101964709A (en) * | 2010-09-02 | 2011-02-02 | 浪潮齐鲁软件产业有限公司 | USB KEY for independently transmitting information through 3G module |
CN202077041U (en) * | 2011-05-12 | 2011-12-14 | 郑州信大捷安信息技术股份有限公司 | Trusted system based on USB (Universal Serial Bus) secure storage encryption card |
CN103116720A (en) * | 2011-11-16 | 2013-05-22 | 航天信息股份有限公司 | Universal serial bus (USB) Key device and account management method and authentication application method thereof |
CN204695314U (en) * | 2015-06-11 | 2015-10-07 | 包头轻工职业技术学院 | A kind of computer information safe device |
Non-Patent Citations (1)
Title |
---|
王俊: "基于USBKey身份认证技术的计算机硬件访问控制及启动管理解决方案初探", 《技术天地》 * |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110955878A (en) * | 2019-11-29 | 2020-04-03 | 临沂大学 | Industrial computer information safety processing device |
CN110955878B (en) * | 2019-11-29 | 2023-05-02 | 临沂大学 | Industrial computer information safety processing device |
Also Published As
Publication number | Publication date |
---|---|
CN108460267B (en) | 2020-04-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10911457B2 (en) | Immediate policy effectiveness in eventually consistent systems | |
Paladi et al. | Providing user security guarantees in public infrastructure clouds | |
US11036869B2 (en) | Data security with a security module | |
KR101713045B1 (en) | System and method for an endpoint hardware assisted network firewall in a security environment | |
US9547771B2 (en) | Policy enforcement with associated data | |
US10211977B1 (en) | Secure management of information using a security module | |
CN105959111B (en) | Information security big data resource access control system based on cloud computing and trust computing | |
CN109361668A (en) | A kind of data trusted transmission method | |
CN106022080A (en) | Cipher card based on PCIe (peripheral component interface express) interface and data encryption method of cipher card | |
CN106453384A (en) | Security cloud disk system and security encryption method thereof | |
CN106888084A (en) | A kind of quantum fort machine system and its authentication method | |
CN102111349A (en) | Security certificate gateway | |
CN107332671A (en) | A kind of safety mobile terminal system and method for secure transactions based on safety chip | |
CN105471901A (en) | Industrial information security authentication system | |
CN107196932A (en) | Managing and control system in a kind of document sets based on virtualization | |
CN108737078A (en) | A kind of data cryptogram operation method and data cryptogram server | |
CN1808457B (en) | Portable trusted device for remote dynamic management | |
CN108460267A (en) | A kind of teaching computer network information safety device | |
Hu | Study of file encryption and decryption system using security key | |
CN105721458A (en) | Industrial Ethernet switching method based on ISG security password technique | |
Alangar | Cloud computing security and encryption | |
CN2914500Y (en) | Portable and reliable platform module | |
Li | Data protection of accounting information based on big data and cloud computing | |
CN106097600A (en) | Device management method based on ATL, system and financial self-service equipment | |
Yin | The analysis of critical technology on cloud storage security |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |