CN110266725A - Cryptosecurity isolation module and mobile office security system - Google Patents
Cryptosecurity isolation module and mobile office security system Download PDFInfo
- Publication number
- CN110266725A CN110266725A CN201910610899.1A CN201910610899A CN110266725A CN 110266725 A CN110266725 A CN 110266725A CN 201910610899 A CN201910610899 A CN 201910610899A CN 110266725 A CN110266725 A CN 110266725A
- Authority
- CN
- China
- Prior art keywords
- module
- cryptosecurity
- external
- fifo queue
- tablet computer
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0209—Architectural arrangements, e.g. perimeter networks or demilitarized zones
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0281—Proxies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/043—Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
- H04W12/0431—Key distribution or pre-distribution; Key agreement
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
- H04W12/088—Access security using filters or firewalls
Abstract
The invention discloses a kind of cryptosecurity isolation modules, it is arranged between the main control chip of tablet computer and communication module, it is configured as the main control chip of tablet computer and external network being physically isolated, to which all communication datas of tablet computer pass through the cryptosecurity isolation module, server-side is transferred to after encryption, and all returned datas from server-side enter the main control module of tablet computer after the decryption of the cryptosecurity isolation module.Cryptosecurity isolation module according to the present invention, greatly improves the safety of system;Outgoing data are encrypted, and are sent to designated pin isolation gateway, prevents internal wooden horse from transmitting data to third party, even if third party gets data, but because not having decruption key, data clear text can not be obtained.
Description
Technical field
The invention belongs to mobile office information field of communication security, and in particular to a kind of cryptosecurity isolation module and movement
Office security system.
Background technique
With the universal and upcoming 5G epoch of 4G, mobile office has become the social organizations such as enterprise, government
Primary office means.No matter people walk where, the mobile network without less than makes itself and Business Partner, colleague, leader beginning
It is maintained at zero distance office eventually, handles affairs, hold a conference or consultation and contracts.Using mobile phone, tablet computer and laptop, mobile network is relied on
Realize that mobile office becomes the necessary means of office.
For a long time, mobile terminal safety problem is generally perplexed always, accesses the remote terminal of mobile internet, main
Machine and network share processor, storage resource, network hacker invades host, surreptitiously by IP agreement pond in operating system platform
Access evidence, implantation wooden horse, transmitted virus, intrusion internal network.
And current SSL VPN or IPSec VPN network and transport layer guard technology, it is still difficult to fundamentally obstruct height
The intrusion attack of grade hacker.This is because the still shared host resource of the I/O process of such device network port, plaintext and ciphertext
Still it operates in same processor and operating system environment, shares and calculate, store, peripheral resources.Transport mobile terminal always
Row is in high risk environment.Fig. 1 shows the schematic diagram of this existing mobile office safety protection technique.As shown in fig. 1,
Ordinary flat computer although can equipped with crypto chip, with the network port of PERCOM peripheral communication (4G/WIFI) still directly with master
Machine is connected, and shares host resource with crypto chip.
As it can be seen that there is a need in the art for a kind of improved network security solutions for mobile office environment etc..
Summary of the invention
In one aspect of the invention, a kind of cryptosecurity isolation module is provided, the master control of tablet computer is set
Between chip and communication module, it is configured as the main control chip of tablet computer and external network being physically isolated, so that plate is electric
All communication datas of brain pass through the cryptosecurity isolation module, server-side are transferred to after encryption, and the institute from server-side
There is returned data to enter the main control module of tablet computer after the decryption of the cryptosecurity isolation module.
In another aspect of the invention, a kind of mobile office security system is provided, comprising: tablet computer master control mould
Block;The cryptosecurity isolation module of any one embodiment according to the present invention;Gateway is isolated in cryptosecurity;And in management
The heart;Wherein, the cryptosecurity isolation gateway is realized together with cryptosecurity isolation module establishes in untrusted network environment
Secured communication channel, controls the access of safety sheet computer terminal, provides authentication information for application;The administrative center is real
Management and key between existing cryptosecurity isolation module and cryptosecurity isolation gateway are distributed;The tablet computer main control module
Hardware platform and operating system are provided for mobile office, all communications of the tablet computer main control module all pass through cryptosecurity
Isolation module is realized.
Compared with prior art, technical solution according to an embodiment of the present invention has the advantage that
(1) external attack directly is obstructed in communication port, external attack can not touch tablet computer main control module.It is external
Attack personnel can not attack inside by the hardware deficiency or operating system defect of tablet computer main control module, greatly improve
The safety of system.
(2) outgoing data are encrypted, and is sent to designated pin isolation gateway, prevent internal wooden horse from sending data
To third party, even if third party gets data, but because not having decruption key, data clear text can not be obtained.
Detailed description of the invention
Fig. 1 shows the schematic diagram of this existing mobile office safety protection technique;
Fig. 2 is according to connection figure between the cryptosecurity isolation module and main control module of the embodiment of the present invention;
Fig. 3 shows the hardware configuration and existing tablet computer of the safety sheet computer of embodiment according to the present invention
The comparison of hardware configuration;
Fig. 4 shows the structural schematic diagram of the mobile office security system of embodiment according to the present invention;
Fig. 5 shows the functional block diagram of the cryptosecurity isolation module of embodiment according to the present invention;
Fig. 6 shows data buffering and treatment mechanism in the cryptosecurity isolation module of embodiment according to the present invention;
Fig. 7 shows the IP data packet encryption mechanism of embodiment according to the present invention;
Fig. 8 shows embodiment according to the present invention company of foundation between safety sheet computer terminal and safe access gateway
Connect the exemplary timing chart of relationship;
Fig. 9 shows the IP packet data format of embodiment according to the present invention.
Specific embodiment
For the urgent need of user, the invention proposes a kind of cryptosecurity isolation module, can comprehensively solve it is mobile mutual
Under networked environment, the security isolation of tablet computer and external network can be obstructed from external various intrusive attacks, really comprehensively
Warranty family can utilize all kinds of common channel resources, establish safe private network, and guarantee to block various intrusions attacks.It is same with this
When, the crypto module for comprehensively utilizing mobile terminal establishes the trusted applications cryptographic service such as authentication, access control, data encryption
Mechanism, realization can orders, safe and reliable internal office work environment.
Specifically, the present invention, will by high-speed communication interface, the fifo circuit, cryptographic algorithm engine inside crypto chip
It is physically isolated between tablet computer and external network, external data, which enters tablet computer main control module and has to pass through cryptographic algorithm, draws
Decryption verification is held up, verifying unacceptable data cannot be introduced into inside, so that safeguards system must not influenced by external attack.To access
External data all pass through the encryption of cryptographic algorithm engine and are sent to outside, and not holding the personnel of decruption key, can not to obtain data bright
Text, to protect the transmission of internal illegal external connection data.
The present invention is that one kind is isolated using crypto chip realization service network with other network implementationss in mobile office field, is protected
The technology for demonstrate,proving service network communication security is that a kind of mobile office that can be realized secure communication, secure storage and safety certification is flat
Platform is Party and government offices, army, examination of law enforcement organ, financial system and enterprises and institutions' mobile office system, has built a peace
Entirely, believable internal network environment realizes the security isolation of network boundary and the safety certification and sensitivity of mobile office process
Information password protection.
Referring now to Fig. 2, it illustrates between cryptosecurity isolation module according to an embodiment of the present invention and main control module
Connection figure.
As shown in Figure 2, cryptosecurity isolation module (or crypto chip) 100 is directly by tablet computer main control module
200 communicate (or 5G communication etc.) physical isolation with 4G, and the decryption that all data inside have to pass through crypto chip 100 is tested
Card, the data of authentication failed cannot be introduced into tablet computer main control module 200, and all outgoing data all have to pass through crypto chip
Encryption is sent, and guarantees that interior business data do not occur in plain text external.
Referring now to Fig. 3, it illustrates the hardware configuration of the safety sheet computer of embodiment according to the present invention with it is existing
The comparison of the hardware configuration of tablet computer.
As shown in Figure 3, in existing tablet computer, central processing unit and communication module direct communication, the communication
Module is, for example, 4G/5G communication module, generally includes radio-frequency module, baseband module, digital baseband processor etc..And in basis
In the safety sheet computer of the embodiment of the present invention, in central processing unit and communication module, (it can be 5G/4G/ bluetooth/WiFi
Wireless routing communication module, and may include radio-frequency module, bluetooth module, WLAN module, digital baseband processor) between be added to
One cryptosecurity isolation module 100, in this way, central processing unit all will be by close by all communications in communication module and the external world
Code security isolation module 100, and handled and filtered by it, thus by the central processing unit of tablet computer and extraneous communication
It is physically isolated.
Referring now to Fig. 4, it illustrates the structural schematic diagrams of the mobile office security system of embodiment according to the present invention.
As shown in Figure 4, the mobile office security system of embodiment according to the present invention includes: tablet computer main control module
200, cryptosecurity isolation module 100, cryptosecurity isolation gateway 300 and administrative center 400.
The cryptosecurity isolation gateway 300 is realized together with cryptosecurity isolation module 100 in untrusted network environment
In establish secured communication channel, to safety sheet computer terminal access control, for application authentication information is provided.
The cryptosecurity isolation module 100 uses entrance guard's formula scheme by tablet computer main control module 200 and mobile network
Physical isolation, and service communication data are encrypted using cryptographic technique, prevent third-party steal.
The administrative center 400 realizes the management between cryptosecurity isolation module 100 and cryptosecurity isolation gateway 300
Distribute with key, may include CA (certificate) center, KMC (cryptogram management center), administrative center, audit center etc..
The tablet computer main control module 200 is included in inside safety sheet computer terminal, is provided firmly for mobile office
Part platform and operating system, all communications of main control module are all realized by cryptosecurity isolation module 100.
When with cryptosecurity gateway 300 is isolated together in untrusted network environment in the cryptosecurity isolation module 100
After setting up secured communication channel, the safety sheet computer terminal can access various application clothes in a manner of cryptosecurity
Business, such as video conference, mail service etc..
Referring now to Fig. 5, it illustrates the functional modules of the cryptosecurity isolation module 100 of embodiment according to the present invention
Figure.As shown in Figure 5, which includes following functional module:
Document management module 101 is responsible for tissue and the read-write of internal file storage.
SPI communication module 102 is responsible for parsing and verifying with host side communication protocol.
Key management module 103 is responsible for key and generates, imports, export, storage, destroying and update.
Cryptographic service module 104 is responsible for host and provides cryptographic service.
Algorithm detection module 105 is responsible for powering on correctness of algorithm during rear correctness of algorithm is detected and used and is detected.
Random number detection module 106 is responsible for detecting whether the random number that randomizer generates meets rule after powering on
Detect whether random number meets specification in model and use process.
Monitoring module 107 is responsible for the monitoring and starting of all module operation conditions.
Session management module 108 is responsible for that 300 communication handshake of gateway is isolated with Key Management Center and cryptosecurity and is led to
Believe session context management.
USB device drive module 109 is responsible for assisting with the usb communication of tablet computer central processing unit (such as RK3399)
The parsing of view.
Internal ethernet protocol stack module 110 is responsible for parsing the Ethernet packet that host side is sent, is checking protocol package just
True property.
Internal network security processing module 111 is responsible for checking the internal network Bao An for being sent out and internally sending
Full processing.
Encrypting-decrypting module 112 is responsible for the data that encryption issues and the data that decryption receives.
External network secure processing module 113 is responsible for handling external network and is sent and from external received network packet
Safe handling.
External ethernet protocol stack module 114 is responsible for the data assembling that will be encrypted and hands over 4G module to issue at Ethernet packet.
Usb host drive module 115 is responsible for initialization, reconnection, the data transmit-receive etc. of communication module (such as 4G module)
Operation.
The foregoing describe each functional module of the cryptosecurity isolation module 100 of embodiment according to the present invention, such as abilities
Known to field technique personnel, the functional module can be realized by the mode of hardware, software, firmware or any combination thereof.With
Upper description is merely illustrative, rather than limiting the invention.In other embodiments of the invention, the cryptosecurity isolation mode
Block 100 may include more, less or different module, and connection between each module, function, comprising etc. relationships can with retouched
The difference stated and illustrated.
According to an embodiment of the invention, providing fifo queue in the chip interior of the cryptosecurity isolation module 100
Carry out data buffering and processing.Different queue processings is respectively adopted for outwardly and inwardly interface, it is real using SM4 algorithm engine
Now it is isolated.Fig. 6 shows data buffering and processor in the cryptosecurity isolation module 100 of embodiment according to the present invention
System.
As shown in Figure 6, communication module (such as 4G communication module of such as Huawei 909s-821) is connected to the outer of chip
Portion's high-speed communication interface, such as USB host interface.
External high-speed communication interface receives the external data from communication module, outputs and inputs and is connected to outside
It inputs on FIFO and external output FIFO.
After entering data into external input FIFO, external input association is dispatched to by external ethernet protocol stack module 114
Protocol testing is carried out in view buffer area and is unpacked, and safety inspection is carried out by external network secure processing module 113.
It is medium to be decrypted that external decryption FIFO is sent to by the data that external network secure processing module 113 is handled.
Data in the external decryption FIFO of encrypting-decrypting module 112 (such as SM4 algorithm engine) decryption, and it is sent to inside
It decrypts in FIFO.
Data dispatch to internal output protocol buffer area is carried out safety inspection, inspection by internal network security processing module 111
It looks into and protocol packing is carried out by internal ethernet protocol stack module 110 after, send in internal output FIFO.
Data in internal output FIFO are sent to tablet computer by inner high speed communication interface (such as USB device interface)
The central processing units such as main control module, such as RK3399.
Conversely, the internal data of the main control module from tablet computer, successively defeated by inner high speed communication interface, inside
Enter FIFO, internal input agreement buffer area, internal cryptographic FIFO, after being encrypted by encrypting-decrypting module, then successively by outer
Portion encrypts FIFO, external output protocol buffer area, external output FIFO, external high-speed communication interface, communication module, and is sent to
External network.
The foregoing describe the data bufferings and processor in the cryptosecurity isolation module 100 of embodiment according to the present invention
System.
According to an embodiment of the invention, the safety sheet computer terminal be isolated with the cryptosecurity gateway 300 it
Between devise the IP data packet encryption mechanism based on symmetric key system, with guarantee IP packet transmission safety.Fig. 7 shows basis
This IP data packet encryption mechanism of the embodiment of the present invention.
According to an embodiment of the invention, the cryptosecurity isolation module 100 is realized by Key Management Center and institute
Cryptosecurity isolation gateway 300 is stated to establish a connection.It is whole in safety sheet computer that Fig. 8 shows embodiment according to the present invention
The exemplary timing chart to establish a connection between gateway 300 is isolated with cryptosecurity for end.
Wherein, CMK is the key that Key Management Center is pre-assigned to safety sheet computer terminal, is used for and secure accessing
Negotiate to send session key SK_T between gateway and receives session key SK_R.
Within working key WK validity period, safety sheet computer terminal can directly negotiate with safe access gateway.
Session key SK_T is used for the IP packet data that encryption safe tablet computer terminal is sent to safe access gateway.
Session key SK_R receives the IP packet data from safe access gateway for decrypting safety sheet computer terminal.
Home address is distributed to cryptosecurity isolation module 100 by safe access gateway after shaking hands successfully.
Tablet computer sends data to application service using this home address.
Referring now to Fig. 9, it illustrates the IP packet data formats of embodiment according to the present invention.The cryptosecurity isolation
Module 100, using tunnel style as shown in Figure 9 encryption encapsulation, is sent to safe access gateway to data packet.
As shown in Figure 9, the field and its meaning that the IP packet data format includes are as follows:
External IP head: mobile network's IP address head;
UDP head: operator may connect internet using NAT mode, unimpeded in order to keep communicating, and be sealed using UDP mode
Data are filled, guarantee that NAT is passed through;
SPI: the communication identifier negotiated in cryptosecurity isolation module 100 and safe access gateway handshake procedure, for double
Square internal indicator communication context and respective session key.
Sequence number: to prevent Replay Attack, 4 different byte length certificate serial numbers are identified to each data packet,
Sequence number is unidirectional since 0 to be incremented by, and as gone beyond the scope, both sides shake hands again more new session key and to open sequence number from 0 again
Begin.
Inner IP Packet packet uses SM4 algorithm for encryption;
HMAC: HMAC is calculated using SM3 algorithm, calculating content includes SPI, sequence number and ciphertext data.
According to an embodiment of the invention, IP packet encryption and decryption process are as follows:
Safe access gateway verifies ciphertext data after receiving data, and data packet is transmitted to application service;
Application service response data is sent to tablet computer by same path and mode.
The foregoing describe the cryptosecurity isolation module of embodiment according to the present invention and mobile office security systems, should refer to
Out, above description is merely illustrative, rather than limiting the invention.In other embodiments of the invention, the password
Security isolation module and mobile office security system may include more, less or different module, and connection between each module,
Function, comprising etc. relationships can with it is described and diagram difference.For example, usually the individual module with multiple functions can be drawn
It is divided into multiple modules, multiple modules can be to merge into individual module.
The foregoing description to the embodiment of the present invention has been provided for the purpose of illustration and description, there is illustrated permitted
The example of more details, such as particular elements and module, to provide a thorough understanding of embodiments of the present invention, purpose is not
It is exhausted or the limitation present invention.The each element or feature of specific embodiment is generally not limited to this particular embodiment, but
It is interchangeable under applicable circumstances and can uses in other embodiments, even if is not shown or described in detail.This
The variation of sample is not to be regarded as a departure from the disclosure, and all such modifications are intended to be included within the scope of this invention.?
In some example embodiments, it is not described in well known component, structure and well known technology.
Term used herein is only used for the purpose of description specific example embodiments, and is not intended to be restrictive.This Shen
Please in each component title be only for sake of convenience depending on, rather than limiting the invention.As it is used herein, on unless
It explicitly points out additionally below, otherwise singular " one ", "one" and "the" can also be intended to include plural form.Term " packet
Include ", " comprising ", "comprising" and " having " are inclusives, therefore specify the feature, entity, step, operation, element and/or
The presence of component, but do not exclude the presence of or other one or more features, entity, step, operation, component, assembly unit and/or its group
The addition of conjunction.Step, process and operation described herein is not interpreted to necessarily require them specific with what is discussed or show
Sequence executes, and executes sequence unless specifically specified.
When element be referred to as in another element "upper", " being joined to ", " being connected to " or " being coupled to " another element, can
Located immediately at, engage, be connected or coupled to other elements, or may exist intermediary element.For describing relationship between element
Other words should explain in a similar way (for example, " ... between " and " between directly existing ... ", " adjacent " with " directly
It is adjacent " etc.).As used herein, " connection ", " connected " or similar terms, in the case where no other clearly limit,
It can refer to any one or more of mechanical connection, electrical connection, communication connection.In addition, as it is used herein, term " and/
Or ", " and/or " include one or more related listed items any and all combinations.
The upper specific embodiment has carried out further in detail the purpose of the present invention, technical scheme and beneficial effects
Describe in detail it is bright, it should be understood that being not intended to limit the present invention the foregoing is merely a specific embodiment of the invention
Protection scope, all within the spirits and principles of the present invention, any modification, equivalent substitution, improvement and etc. done should be included in
Within protection scope of the present invention.
Claims (5)
1. a kind of cryptosecurity isolation module, is arranged between the main control chip of tablet computer and communication module, is configured as
The main control chip of tablet computer and external network are physically isolated, so that all communication datas of tablet computer pass through the password
Security isolation module is transferred to server-side after encryption, and all returned datas from server-side by the cryptosecurity every
From the main control module for entering tablet computer after the decryption of module.
2. cryptosecurity isolation module according to claim 1 comprising: the external high-speed communication being connect with communication module
Interface, external input fifo queue, outside output fifo queue, external input agreement buffer area, external output protocol buffer area,
Outside decryption fifo queue, external encryption fifo queue, encrypting-decrypting module, internal cryptographic fifo queue, inside decryption FIFO
Queue, inside input agreement buffer area, internal output protocol buffer area, inside input fifo queue, inside output fifo queue,
The inner high speed communication interface being connect with the main control module of tablet computer, external ethernet protocol stack module, external network safety
Processing module, internal network security processing module, internal ethernet protocol stack module, wherein
Outputting and inputting for the external high-speed communication interface is connected to the external input fifo queue and external output
On fifo queue, the outer input data from communication module is received, makes it into the external input fifo queue, then
It is dispatched in external input agreement buffer area, carries out protocol testing and unpacked by the external ethernet protocol stack module,
And after by the external network secure processing module carrying out safety inspection, it is sent in the external decryption fifo queue and waits solution
It is close;
The encrypting-decrypting module decrypts the data in the external decryption fifo queue, and is sent to the internal decryption
Fifo queue;
The internal network security processing module exports the data dispatch in the internal decryption fifo queue to the inside
Agreement buffer area carries out safety inspection, checks and carries out protocol packing by the internal ethernet protocol stack module after passing through, is sent to
In the internal output fifo queue;
Data in the internal output fifo queue are sent to the master control mould of tablet computer by the inner high speed communication interface
Block.
3. cryptosecurity isolation module according to claim 2, wherein the internal data of the main control module from tablet computer,
Successively by the inner high speed communication interface, internal input fifo queue, internal input agreement buffer area, internal cryptographic FIFO
Queue, after being encrypted by the encrypting-decrypting module, then successively by the external encryption fifo queue, external output association
Buffer area, external output fifo queue, external high-speed communication interface, communication module are discussed, and is sent to external network.
4. cryptosecurity isolation module according to claim 2, further includes:
Document management module is used for tissue and the read-write of internal file storage;
SPI communication module is used for parsing and verifying with host side communication protocol;
Key management module is used for generation, importing, export, storage, destruction and the update of key;
Cryptographic service module is used to provide cryptographic service for host;
Algorithm detection module is used to power on correctness of algorithm during rear correctness of algorithm is detected and used and detects;
Random number detection module detects whether the random number that randomizer generates meets specification and use after being used to power on
Whether detection random number meets specification in the process;
Monitoring module is used for the monitoring and starting of all module operation conditions;
Session management module is used to that gateway communication handshake and communication session or more to be isolated with Key Management Center and cryptosecurity
Text management;
USB device drive module is used for the parsing with the USB communication protocol of tablet computer central processing unit host;
Usb host drive module is used for initialization, reconnection, the data transmit-receive operation of communication module.
5. a kind of mobile office security system, comprising:
Tablet computer main control module;
According to claim 1 to any one described cryptosecurity isolation module in 4;
Gateway is isolated in cryptosecurity;And
Administrative center;
Wherein, the cryptosecurity isolation gateway is realized together with cryptosecurity isolation module establishes in untrusted network environment
Secured communication channel, controls the access of safety sheet computer terminal, provides authentication information for application;
The administrative center realizes that management and key between cryptosecurity isolation module and cryptosecurity isolation gateway are distributed;
The tablet computer main control module provides hardware platform and operating system, the tablet computer main control module for mobile office
All communications all pass through cryptosecurity isolation module and realize.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910610899.1A CN110266725B (en) | 2019-07-08 | 2019-07-08 | Password security isolation module and mobile office security system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910610899.1A CN110266725B (en) | 2019-07-08 | 2019-07-08 | Password security isolation module and mobile office security system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110266725A true CN110266725A (en) | 2019-09-20 |
| CN110266725B CN110266725B (en) | 2021-10-22 |
Family
ID=67924988
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910610899.1A Active CN110266725B (en) | 2019-07-08 | 2019-07-08 | Password security isolation module and mobile office security system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110266725B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110548291A (en) * | 2019-09-27 | 2019-12-10 | 深圳市大头互动文化传播有限公司 | User encryption system based on game software |
| CN112035866A (en) * | 2020-11-04 | 2020-12-04 | 湖北芯擎科技有限公司 | Data encryption and decryption method, device, equipment and computer readable storage medium |
| CN112073380A (en) * | 2020-08-13 | 2020-12-11 | 中国电子科技集团公司第三十研究所 | Secure computer architecture based on double-processor KVM switching and password isolation |
| CN112069555A (en) * | 2020-08-13 | 2020-12-11 | 中国电子科技集团公司第三十研究所 | Safe computer architecture based on double-hard-disk cold switching operation |
| CN114697064A (en) * | 2020-12-31 | 2022-07-01 | 宸芯科技有限公司 | Data security interaction method and security chip among multiple data modules |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102111263A (en) * | 2011-02-21 | 2011-06-29 | 山东中孚信息产业股份有限公司 | Data stream encryption method |
| CN202711262U (en) * | 2011-12-13 | 2013-01-30 | 杭州晟元芯片技术有限公司 | Two-in-one chip with electronic signature and high speed flow encryption |
| CN103020535A (en) * | 2012-12-06 | 2013-04-03 | 苏州国芯科技有限公司 | Data encryption and decryption system with comparing function |
| CN105049459A (en) * | 2015-09-18 | 2015-11-11 | 郑州信大捷安信息技术股份有限公司 | Double-host safe mobile intelligent terminal and realization method thereof |
| CN105141625A (en) * | 2015-09-18 | 2015-12-09 | 郑州信大捷安信息技术股份有限公司 | Safety mobile intelligent terminal based on password isolation mode and realization method thereof |
| US20160337862A1 (en) * | 2011-10-17 | 2016-11-17 | Blackberry Limited | Associating services to perimeters |
| CN107621981A (en) * | 2017-09-06 | 2018-01-23 | 广东欧珀移动通信有限公司 | Resource allocation method and Related product |
-
2019
- 2019-07-08 CN CN201910610899.1A patent/CN110266725B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102111263A (en) * | 2011-02-21 | 2011-06-29 | 山东中孚信息产业股份有限公司 | Data stream encryption method |
| US20160337862A1 (en) * | 2011-10-17 | 2016-11-17 | Blackberry Limited | Associating services to perimeters |
| CN202711262U (en) * | 2011-12-13 | 2013-01-30 | 杭州晟元芯片技术有限公司 | Two-in-one chip with electronic signature and high speed flow encryption |
| CN103020535A (en) * | 2012-12-06 | 2013-04-03 | 苏州国芯科技有限公司 | Data encryption and decryption system with comparing function |
| CN105049459A (en) * | 2015-09-18 | 2015-11-11 | 郑州信大捷安信息技术股份有限公司 | Double-host safe mobile intelligent terminal and realization method thereof |
| CN105141625A (en) * | 2015-09-18 | 2015-12-09 | 郑州信大捷安信息技术股份有限公司 | Safety mobile intelligent terminal based on password isolation mode and realization method thereof |
| CN107621981A (en) * | 2017-09-06 | 2018-01-23 | 广东欧珀移动通信有限公司 | Resource allocation method and Related product |
Non-Patent Citations (1)
| Title |
|---|
| 王永起: ""基于物理隔离和密码技术实现安全移动办公系统的研究与应用"", 《中国管理信息化》 * |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110548291A (en) * | 2019-09-27 | 2019-12-10 | 深圳市大头互动文化传播有限公司 | User encryption system based on game software |
| CN112073380A (en) * | 2020-08-13 | 2020-12-11 | 中国电子科技集团公司第三十研究所 | Secure computer architecture based on double-processor KVM switching and password isolation |
| CN112069555A (en) * | 2020-08-13 | 2020-12-11 | 中国电子科技集团公司第三十研究所 | Safe computer architecture based on double-hard-disk cold switching operation |
| CN112073380B (en) * | 2020-08-13 | 2022-02-08 | 中国电子科技集团公司第三十研究所 | Secure computer system based on double-processor KVM switching and password isolation |
| CN112069555B (en) * | 2020-08-13 | 2022-03-18 | 中国电子科技集团公司第三十研究所 | Safe computer architecture based on double-hard-disk cold switching operation |
| CN112035866A (en) * | 2020-11-04 | 2020-12-04 | 湖北芯擎科技有限公司 | Data encryption and decryption method, device, equipment and computer readable storage medium |
| CN112035866B (en) * | 2020-11-04 | 2021-07-23 | 湖北芯擎科技有限公司 | Data encryption method, device, equipment and computer readable storage medium |
| CN114697064A (en) * | 2020-12-31 | 2022-07-01 | 宸芯科技有限公司 | Data security interaction method and security chip among multiple data modules |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110266725B (en) | 2021-10-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Oh et al. | Security requirements analysis for the IoT | |
| CN110266725A (en) | Cryptosecurity isolation module and mobile office security system | |
| Mosteiro-Sanchez et al. | Securing IIoT using defence-in-depth: towards an end-to-end secure industry 4.0 | |
| US20130332724A1 (en) | User-Space Enabled Virtual Private Network | |
| CN101507228B (en) | Improved authentication for devices located in cable networks | |
| US7188365B2 (en) | Method and system for securely scanning network traffic | |
| US8281127B2 (en) | Method for digital identity authentication | |
| US9219709B2 (en) | Multi-wrapped virtual private network | |
| EP1913728B1 (en) | Total exchange session security | |
| US20200351107A1 (en) | Secure authentication of remote equipment | |
| CN109088870A (en) | A kind of method of new energy plant stand generator unit acquisition terminal secure accessing platform | |
| US9444807B2 (en) | Secure non-geospatially derived device presence information | |
| US20120072717A1 (en) | Dynamic identity authentication system | |
| US9015825B2 (en) | Method and device for network communication management | |
| WO2015131609A1 (en) | Method for implementing l2tp over ipsec access | |
| US20210168174A1 (en) | Method, apparatuses and computer program product for monitoring an encrypted connection in a network | |
| CN114553577B (en) | Network interaction system and method based on multi-host double-isolation secret architecture | |
| Cybersecurity et al. | Guide to ipsec vpns | |
| CN110492994A (en) | A kind of trustable network cut-in method and system | |
| Bameyi et al. | End-to-end security in communication networks: a review | |
| JP2005065004A (en) | Method, device and program for inspecting encrypted communication data | |
| WO2023130970A1 (en) | Trusted measurement-integrated communication method and apparatus | |
| Blåberg Kristoffersson | Zero Trust in Autonomous Vehicle Networks Utilizing Automotive Ethernet | |
| Zhiyong et al. | Security Analysis of Cryptographic Mechanisms in the System | |
| Foltz et al. | Incorporating IoT in Enterprises with ELS |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |