CN108471408A - A kind of network security encryption device - Google Patents

A kind of network security encryption device Download PDF

Info

Publication number
CN108471408A
CN108471408A CN201810204574.9A CN201810204574A CN108471408A CN 108471408 A CN108471408 A CN 108471408A CN 201810204574 A CN201810204574 A CN 201810204574A CN 108471408 A CN108471408 A CN 108471408A
Authority
CN
China
Prior art keywords
network
encryption device
network security
security encryption
data packet
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810204574.9A
Other languages
Chinese (zh)
Inventor
陈焕耀
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangzhou Ice Sea Network Technology Co Ltd
Original Assignee
Guangzhou Ice Sea Network Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangzhou Ice Sea Network Technology Co Ltd filed Critical Guangzhou Ice Sea Network Technology Co Ltd
Priority to CN201810204574.9A priority Critical patent/CN108471408A/en
Publication of CN108471408A publication Critical patent/CN108471408A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2101/00Indexing scheme associated with group H04L61/00
    • H04L2101/60Types of network addresses
    • H04L2101/618Details of network addresses
    • H04L2101/622Layer-2 addresses, e.g. medium access control [MAC] addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/10Mapping addresses of different types
    • H04L61/103Mapping addresses of different types across network layers, e.g. resolution of network layer into physical layer addresses or address resolution protocol [ARP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2596Translation of addresses of the same type other than IP, e.g. translation from MAC to MAC addresses

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Small-Scale Networks (AREA)
  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present invention relates to a kind of network security encryption devices, are connected between protected client and network.Network security encryption device coordinates session key with another protected client.Then, all communications between two client computer are encrypted.The device of the invention is self-configuring, it is locked in oneself in the IP address of its client computer.Accordingly, upon client computer cannot change its IP address after equipment, so the IP address of another client computer cannot be emulated.When from protected host transmission packet, before data packet is transferred in network, safety device is converted into the MAC Address of client computer the MAC Address of their own.The data packet for being addressed to host contains fool proof MAC Address.Data packet is being transferred to client computer.

Description

A kind of network security encryption device
Technical field
The present invention relates to network security technologies, more specifically to a kind of network security encryption device.
Background technology
Current existing network security product is divided into two classes:(1) fire wall, for example, Janus (Janus) and ANS and (2) software product, privacy enhanced mail, secrecy http, a password etc..
Fire wall is a kind of special purpose computer, usually runs Unix operating systems.It plays the communication to outputting and inputting The effect being filtered.Fire wall is placed on as router between LAN (LAN) and the extraneous world.According to source and/or mesh Ground IP address and TCP port number decide whether that data packet is allowed to pass through.Some fire walls can also encryption data, if communication Both ends all use same type fire wall.Some fire walls have the characteristics that enter to identify.
Software product is based on such a it is assumed that the calculating for being equipped with software product is safe, it is only necessary to outside Network is protected.Therefore, this software product can easily be bypassed by disconnecting computer.A kind of common scheme is to work as When invader is implanted into " Trojan Horse " on computers, it transmits the duplicate of unencryption per treatment to him.Sometimes, i.e., Make equally to complete it with for delay voltage it is not possible that during monitored break time in computer.
In addition, there is some to be designed to prevent invasion to keep computer completely to differentiate product.These products are to be based on this Kind is it is assumed that i.e. they are 100% safety.Once the product is compromised, it is with regard to completely ineffective.Sometimes, a user is not It is careful to use all other user that endanger the product.
Fire wall is more effective in terms of keeping internet security.However, they are very expensive.Its Price Range in $ 10, Between 000 to $ 50,000, in addition the price of hardware.They need advanced expert to install and safeguard.It is most of complicated and high The fire wall of effect needs to safeguard them through specialized training technician or engineer.To the costly of everyone specialized training Up to $ 10,000, in addition annual $ 60,000 to $ 120,000 salary.
Fire wall must not be without often safeguarding, improving and monitoring, to provide comparable safety.They are only covered The parts TCP of Internet protocol, are not covered with the parts UDP.Therefore, they cannot be to NFS (network file service) and many visitors Family machine/server application provides safety.
Fire wall is a kind of full service computer, it can be logined to be safeguarded and be monitored.Therefore, it can be disconnected. Once fire wall is compromised, it just loses its effect, becomes burden rather than safe assistant.Fire wall only protect LAN with Connection between WAN (wide area network).It is not protected intrudes into specific host out of LAN.
The purpose of the present invention is to provide a kind of network security encryption devices due to the above reasons, it overcomes existing skill The shortcomings that network security encryption device of art.
Invention content
The technical problem to be solved in the present invention is, for the above-mentioned existing issue of the prior art, provides a kind of network peace Full encryption device.
The technical solution adopted by the present invention to solve the technical problems is:A kind of network security encryption device is constructed, is wrapped Contain:(a) the first network interface being connected at least one specific node, the second network interface (b) being connected on network, (c) processing circuit being connected on first and second interface, the processing circuit (1) is in the second interface described in Data packet is transferred to before the network, what is received from least one specific node included in the first interface The MAC Address of an at least specific node in data packet is converted into the MAC Address of the network security encryption device, (2) MAC Address included in the network security encryption device out of the network receives data packet is converted into described The MAC Address of at least one specific node.
In the present invention, first and second network interface is Ethernet interface.
In the present invention, the processing circuit is to included in the data received from least one specific node User data in packet is encrypted, and included in out of, at least one specific node receives the data packet IP address holding is not encrypted.
In the present invention, the processing circuit is to included in the data received from least one specific node In packet including TCP data packet stem TCP data packet is encrypted.
In the present invention, the processing circuit is to included in the data received from least one specific node In packet including UDP message packet stem UDP message packet is encrypted.
In the present invention, the processing circuit is encrypted the user data using session key and encryption function.
In the present invention, the network security encryption device is kept comprising one or more nodes in the instruction network The first database of the information of IP address and permanent public key.
In the present invention, the network security encryption device is kept comprising one or more nodes in the instruction network Second database of the shared session key of IP address and at least one specific node.
In the present invention, one or more nodes in the dynamic data base are not secrecy nodes.
Description of the drawings
Present invention will be further explained below with reference to the attached drawings and examples, in attached drawing:
Fig. 1 is the network security encryption device of the present invention.
Specific implementation mode
As shown in Figure 1, network security encryption device 10 includes first interface 0, it is connected on user rs host 12.Specifically It says, interface 0 is connected to by cable or electric wire 13 on the network interface of client computer 12.Safety device 10 includes second interface 1, It is connected in a part for network 100.As shown, interface 1 is connected on Ethernet, so interface 0,1 is that Ethernet connects Mouthful, such as the super interface of SMC Ethernets.
CPU14 is connected on interface 0,1.CPU is such as Intel 486DX 62-66.Static memory 16 (such as it is fast Flash EEPROM) it is connected on CPU14, dynamic memory 18 (such as RAM) is connected on CPU14.Optional encrypting module 20 It is encrypted and a large amount of arithmetic operation.Encryption unit is realized with programmable logic array is realized.On the other hand, it encrypts Module can also be omitted, and function can be realized using software program by CPU14 execution.0 accidental pattern of interface is placed. In this pattern, interface 0 by user rs host 12 come all communications, send CPU14 on cable 13.Network connection is By interface 1, interface 1 is arranged to IP address identical with client computer 12.Network security encryption device 10 is by sending it certainly (rather than client computer) MAC Address is in response to address resolution protocol.By preventing to attempt to Ethernet protocol come other Road device 10 enters and increases safe coefficient.
CPU wants 4 holding, two database.One database is static database, is stored in fast wipe in ROM16.The database packet Permanent information containing the secrecy node in related network, i.e. node IP address, enter the time of database, and node is permanently public Key altogether.
The foregoing is only a preferred embodiment of the present invention, but protection scope of the present invention be not limited to This, any one skilled in the art in the technical scope disclosed by the present invention, the variation that can readily occur in or replaces It changes, should be covered by the protection scope of the present invention.Therefore, protection scope of the present invention should be with the protection of claim Subject to range.

Claims (9)

1. a kind of network security encryption device, which is characterized in that include:(a) first be connected at least one specific node Network interface, the second network interface (b) being connected on network, the processing electricity (c) being connected on first and second interface Road, the processing circuit (1) is before the data packet is transferred to the network by the second interface, included in described the One interface out of at least one specific node receives data packet described in an at least specific node MAC Address conversion At the MAC Address of the network security encryption device, (2) are included in the net out of the network receives data packet The MAC Address of the safe encryption device of network is converted into the MAC Address of at least one specific node.
2. network security encryption device as described in claim 1, which is characterized in that first and second network interface be with Too network interface.
3. network security encryption device as described in claim 1, which is characterized in that the processing circuit is to being included in from described The user data in the data packet that at least one specific node receives is encrypted, and is included in from described at least one IP address holding in the data packet that specific node receives is not encrypted.
4. network security encryption device as claimed in claim 3, which is characterized in that the processing circuit is to being included in from described In the data packet that at least one specific node receives including TCP data packet stem TCP data packet is encrypted.
5. network security encryption device as claimed in claim 3, which is characterized in that the processing circuit is to being included in from described In the data packet that at least one specific node receives including UDP message packet stem UDP message packet is encrypted.
6. network security encryption device as claimed in claim 3, which is characterized in that the processing circuit using session key and The user data is encrypted in encryption function.
7. network security encryption device as described in claim 1, which is characterized in that the network security encryption device keeps packet Containing the first database for indicating the information of the IP address and permanent public key of one or more nodes in the network.
8. network security encryption device as claimed in claim 7, which is characterized in that the network security encryption device keeps packet Containing one or more IP address of node and the shared session key of at least one specific node in the instruction network The second database.
9. network security encryption device as claimed in claim 8, which is characterized in that one or more in the dynamic data base A node is not secrecy node.
CN201810204574.9A 2018-03-13 2018-03-13 A kind of network security encryption device Pending CN108471408A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810204574.9A CN108471408A (en) 2018-03-13 2018-03-13 A kind of network security encryption device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810204574.9A CN108471408A (en) 2018-03-13 2018-03-13 A kind of network security encryption device

Publications (1)

Publication Number Publication Date
CN108471408A true CN108471408A (en) 2018-08-31

Family

ID=63265250

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810204574.9A Pending CN108471408A (en) 2018-03-13 2018-03-13 A kind of network security encryption device

Country Status (1)

Country Link
CN (1) CN108471408A (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1173256A (en) * 1995-09-18 1998-02-11 数字保证网络技术股份有限公司 Network security device
CN104954136A (en) * 2015-06-16 2015-09-30 祝峰 Network security encryption device under cloud computing environment

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1173256A (en) * 1995-09-18 1998-02-11 数字保证网络技术股份有限公司 Network security device
CN104954136A (en) * 2015-06-16 2015-09-30 祝峰 Network security encryption device under cloud computing environment

Similar Documents

Publication Publication Date Title
Obermaier et al. Analyzing the security and privacy of cloud-based video surveillance systems
JP3466025B2 (en) Method and apparatus for protecting masquerade attack in computer network
KR101164680B1 (en) Firewall system protecting a community of appliances, appliance participating in the system and method of updating the firewall rules within the system
RU2152691C1 (en) Device for protection of connected computer networks
KR19990078198A (en) Firewall security method and apparatus
EP3291501A1 (en) System and method for using a virtual honeypot in an industrial automation system and cloud connector
CA2437548A1 (en) Apparatus and method for providing secure network communication
EP2678991A1 (en) System and method for interlocking a host and a gateway
US9992210B2 (en) System and method for intrusion detection and suppression in a wireless server environment
CN108476138A (en) Monitor the communication in computer network
JP2003526836A (en) Method, system, server, and apparatus for securing a communication network
US8285984B2 (en) Secure network extension device and method
Chomsiri HTTPS hacking protection
TW201242320A (en) Secure login method
WO2019070456A1 (en) Peripheral cyber-security device
CN108471408A (en) A kind of network security encryption device
US20030196082A1 (en) Security management system
Kumar et al. Security Infrastructure for Cyber Attack Targeted Networks and Services
Hurd et al. Tutorial: Security in electric utility control systems
KR20200006035A (en) Scanned triggered using the provided configuration information
Schmidt et al. Building a demilitarized zone with data encryption for grid environments
CN105592021A (en) Novel internal network security protection method
KR20200098181A (en) Network security system by integrated security network card
Mahmood et al. Securing Industrial Internet of Things (Industrial IoT)-A Reviewof Challenges and Solutions
Mishra et al. A systematic survey on DDoS attack and data confidentiality issue on cloud servers

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20180831