CN112383426A - Encryption system - Google Patents
Encryption system Download PDFInfo
- Publication number
- CN112383426A CN112383426A CN202011260121.1A CN202011260121A CN112383426A CN 112383426 A CN112383426 A CN 112383426A CN 202011260121 A CN202011260121 A CN 202011260121A CN 112383426 A CN112383426 A CN 112383426A
- Authority
- CN
- China
- Prior art keywords
- slave
- encryption
- encryption machine
- master
- financial terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000001514 detection method Methods 0.000 claims description 11
- 101100513046 Neurospora crassa (strain ATCC 24698 / 74-OR23-1A / CBS 708.71 / DSM 1257 / FGSC 987) eth-1 gene Proteins 0.000 claims description 6
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0654—Management of faults, events, alarms or notifications using network fault recovery
- H04L41/0668—Management of faults, events, alarms or notifications using network fault recovery by dynamic selection of recovery network elements, e.g. replacement by the most appropriate element after failure
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/02—Banking, e.g. interest calculation or account maintenance
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0631—Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0695—Management of faults, events, alarms or notifications the faulty arrangement being the maintenance, administration or management system
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Finance (AREA)
- Development Economics (AREA)
- Economics (AREA)
- Marketing (AREA)
- Strategic Management (AREA)
- Technology Law (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The invention discloses an encryption system, which comprises a financial terminal, a main encryption machine, a slave encryption machine, a main router, a slave router and a server, wherein the financial terminal is respectively in communication connection with the main encryption machine and the slave encryption machine, the main encryption machine is in communication connection with the main router, and the main router is in communication connection with the server; the slave encryption machine is in communication connection with the slave router, and the slave router is in communication connection with the server. According to the invention, by arranging the master encryption machine and the slave encryption machines, when the master encryption machine fails, the financial terminal can carry out encryption communication with the service through the slave encryption machines, and the safety of communication can be effectively ensured.
Description
Technical Field
The invention relates to the technical field of information, in particular to an encryption system.
Background
At present, encryption equipment is generally adopted in a communication system between a bank or a financial center and a people bank, for example, an encryption machine is used, network transmission data is encrypted between the bank or the financial center and the people bank through the encryption equipment, the encryption machine can effectively prevent the data from being stolen and cracked by lawbreakers, and the safety of a financial network can be effectively ensured; the existing encryption systems all adopt a single-path connection mode, so that when the encryption machine goes down, the encryption machine starts a BYPASS function, namely data of a bank system and a people bank system are directly transmitted without encryption, and therefore the existing encryption systems have great potential safety hazards.
Disclosure of Invention
The present invention is directed to an encryption system to solve the above problems.
In order to achieve the purpose, the invention adopts the following technical scheme:
an encryption system comprises a financial terminal, a master encryption machine, a slave encryption machine, a master router, a slave router and a server, wherein the financial terminal is respectively in communication connection with the master encryption machine and the slave encryption machine, the master encryption machine is in communication connection with the master router, and the master router is in communication connection with the server; the slave encryption machine is in communication connection with the slave router, and the slave router is in communication connection with the server.
Preferably, the master encryptor and the slave encryptors each include an Eth0 port, an Eth1 port, an Eth2 port, an Eth3 port, wherein the Eth0 port and the Eth1 port are both Bypass ports; the financial terminal is connected with an Eth2 port of the main encryption machine, and an Eth3 port of the main encryption machine is in communication connection with the main router; the financial terminal is connected with an Eth2 port of the slave encryption machine, and an Eth3 port of the slave encryption machine is in communication connection with the slave router.
Preferably, the financial terminal detects a failure state of the master encryption machine and the slave encryption machine at regular time.
Preferably, when the financial terminal detects that the master encryption machine or the slave encryption machine is in a fault state, the financial terminal sends out an alarm signal.
Preferably, the financial terminal performs fixed number of detections on the master encryption device and the slave encryption device every 30-60 minutes.
Preferably, the fixed number of times is 3 to 6 times;
after the financial terminal sends a detection signal to the master encryption machine or the slave encryption machine, if the master encryption machine or the slave encryption machine does not feed back a normal signal, the financial terminal continues to send the detection signal to the master encryption machine or the slave encryption machine, and if the master encryption machine or the slave encryption machine does not feed back a normal signal within a fixed number of times, the financial terminal judges that the master encryption machine or the slave encryption machine is in a fault state;
and when the master encryption machine or the slave encryption machine feeds back a normal signal to the financial terminal, the financial terminal judges that the master encryption machine or the slave encryption machine is in a non-failure state and finishes the detection.
Preferably, when the financial terminal determines that the master encryption device is in a failure state, the financial terminal sends a switching signal to the slave encryption device, and the slave encryption device is switched from a standby state to a working state.
Preferably, the number of the slave encryption machines is one or more, and the number of the slave routers is the same as that of the slave encryption machines.
The invention has the beneficial effects that: by arranging the master encryption machine and the slave encryption machines, when the master encryption machine fails, the financial terminal can carry out encryption communication with the service through the slave encryption machines, and the safety of communication can be effectively guaranteed.
Drawings
The drawings are further illustrative of the invention and the content of the drawings does not constitute any limitation of the invention.
FIG. 1 is a system connection diagram of one embodiment of the present invention;
in the drawings: 1-financial terminal, 2-main encryption machine, 3-auxiliary encryption machine, 4-main router, 5-auxiliary router and 6-server.
Detailed Description
The technical scheme of the invention is further explained by the specific implementation mode in combination with the attached drawings.
An encryption system of the present embodiment, as shown in fig. 1, includes a financial terminal 1, a master encryptor 2, a slave encryptor 3, a master router 4, a slave router 5 and a server 6, wherein the financial terminal 1 is respectively connected in communication with the master encryptor 2 and the slave encryptor 3, the master encryptor 2 is connected in communication with the master router 4, and the master router 4 is connected in communication with the server 6; the slave encryptor 3 is connected to the slave router 5 in communication, and the slave router 5 is connected to the server 6 in communication.
The invention adopts the technical scheme of double-path connection, namely two encryptors are adopted, wherein one encryptor is a main encryptor 2, the other encryptor is a slave encryptor 3, when the encryption equipment works normally, the main encryptor 2 is in a working state, the slave encryptor 3 is in a standby state, and at the moment, a bank system is in data connection with a system of a people bank through the main encryptor 2; when the main encryption machine 2 goes down, the slave encryption machine 3 is switched to be in a working state, and the bank system is connected with the system of the people's bank through the slave encryption machine 3, so that the normal operation of the encryption system can be ensured even if the main encryption machine 2 goes down.
Further, the master encryptor 2 and the slave encryptor 3 each include an Eth0 port, an Eth1 port, an Eth2 port, and an Eth3 port, wherein the Eth0 port and the Eth1 port are both Bypass ports; the financial terminal 1 is connected with an Eth2 port of the main encryption machine 2, and an Eth3 port of the main encryption machine 2 is in communication connection with the main router 4; the financial terminal 1 is connected with the Eth2 port of the slave encryption machine 3, and the Eth3 port of the slave encryption machine 3 is connected with the slave router 5 in a communication mode.
When the main encryptor 2 or the slave encryptor 3 is in a downtime state, the Bypass port enables the financial terminal 1 to be directly and physically conducted with the main router 4 or the slave router 5 without the main encryptor 2 or the slave encryptor 3, and at the moment, the main encryptor 2 or the slave encryptor 3 in the downtime state does not encrypt data; therefore, not only is there a risk of disclosure, but also, the financial terminal 1 can keep communication connection with the master router 4, and the slave encryption device 3 is already switched from the standby state to the working state, which causes the financial terminal 1, the master router 4, the server 6, the slave router 5 and the slave encryption device 3 to form a loop, and further causes network failure, which seriously affects normal operation of the service.
The financial terminal 1 is connected with the Eth2 port of the main encryption machine 2, the Eth3 port of the main encryption machine 2 is in communication connection with the main router 4, the financial terminal 1 is connected with the Eth2 port of the slave encryption machine 3, and the Eth3 port of the slave encryption machine 3 is in communication connection with the slave router 5, so that when the main encryption machine 2 goes down, the Eth2 and the Eth3 ports are non-Bypass ports, the connection between the financial terminal 1 and the main router 4 can be timely disconnected, the problem that the financial terminal 1 is directly connected with the server 6 through the main router 4 without passing through the main encryption machine 2 is avoided, the communication between the main encryption machine 2 and the main router 4 can be timely disconnected, and the financial terminal 1 is connected to the server 6 through the slave encryption machine 3 and the slave router 5 at the moment, so that data can be kept encrypted; in addition, the arrangement can effectively avoid the problem that the financial terminal 1 is directly connected with the main router 4 when the main encryption machine 2 fails, so that the loop circuit failure is caused, and the continuous operation of the service can be ensured.
Further, the financial terminal 1 detects the failure state of the master encryptor 2 and the slave encryptor 3 at regular time.
The arrangement can enable the financial terminal 1 to switch to the slave encryption machine 3 in time when the main encryption machine 2 goes down due to failure; certainly, the financial terminal 1 will also detect the fault state of the slave encryption device 3 in the standby state at regular time, so that the slave encryption device 3 can be switched to the working state in time when the master encryption device 2 enters the downtime state, thereby taking over the encryption work of the master encryption device 2.
Further, when the financial terminal 1 detects that the master encryption machine 2 or the slave encryption machine 3 is in a failure state, the financial terminal 1 sends out an alarm signal.
The failure states of the main encryption machine 2 and the slave encryption machines 3 can be found in time through the setting, and the alarm is used for reminding, so that the failed encryption machines can be maintained or replaced in time.
Further, the financial terminal 1 performs fixed number of detections on the master encryption device 2 and the slave encryption device 3 every 30-60 minutes.
Because the financial and banking business needs to be kept running at any time, the main encryption device 2 and the slave encryption device 3 can be effectively ensured to be kept in a non-failure state at intervals of 30-60 minutes, and the failure state of the main encryption device 2 or the slave encryption device 3 can be found in time, so that the problem that the financial terminal 1 cannot communicate with the server 6 due to the failure of the main encryption device 2 or the slave encryption device 3 is solved.
Further, the fixed times are 3-6 times;
after the financial terminal 1 sends a detection signal to the master encryption device 2 or the slave encryption device 3, if the master encryption device 2 or the slave encryption device 3 does not feed back a normal signal, the financial terminal 1 continues to send the detection signal to the master encryption device 2 or the slave encryption device 3, and if the master encryption device 2 or the slave encryption device 3 does not feed back a normal signal within a fixed number of times, the financial terminal 1 judges that the master encryption device 2 or the slave encryption device 3 is in a failure state;
when the master encryption device 2 or the slave encryption device 3 feeds back a normal signal to the financial terminal 1, the financial terminal 1 judges that the master encryption device 2 or the slave encryption device 3 is in a non-failure state, and ends the detection.
The setting can effectively avoid the problem of misjudgment when the main encryptor 2 or the slave encryptor 3 fails to feed back the normal signal in time or feeds back the normal signal and packet loss occurs.
Further, when the financial terminal 1 determines that the master encryption device 2 is in a failure state, the financial terminal 1 sends a switching signal to the slave encryption device 3, and the slave encryption device 3 is switched from a standby state to an operating state.
This arrangement can facilitate switching between the master encryptor 2 and the slave encryptor 3.
Further, the number of the slave encryptors 3 is one or more, and the number of the slave routers 5 is the same as that of the slave encryptors 3.
By the arrangement, a better guarantee effect can be achieved, and when one slave encryption machine 3 fails, other slave encryption machines 3 are standby, so that the communication encryption between the financial terminal 1 and the server 6 can be better guaranteed.
The technical principle of the present invention is described above in connection with specific embodiments. The description is made for the purpose of illustrating the principles of the invention and should not be construed in any way as limiting the scope of the invention. Other embodiments of the invention will occur to those skilled in the art without the exercise of inventive faculty based on the explanations herein, and such equivalent modifications or substitutions are intended to be included within the scope of the present invention as defined in the appended claims.
Claims (8)
1. An encryption system, comprising a financial terminal, a master encryptor, a slave encryptor, a master router, a slave router and a server, wherein the financial terminal is communicatively connected with the master encryptor and the slave encryptor, respectively, the master encryptor is communicatively connected with the master router, and the master router is communicatively connected with the server; the slave encryption machine is in communication connection with the slave router, and the slave router is in communication connection with the server.
2. A cryptographic system as in claim 1, wherein: the master encryptor and the slave encryptors each include an Eth0 port, an Eth1 port, an Eth2 port, and an Eth3 port, wherein the Eth0 port and the Eth1 port are Bypass ports; the financial terminal is connected with an Eth2 port of the main encryption machine, and an Eth3 port of the main encryption machine is in communication connection with the main router; the financial terminal is connected with an Eth2 port of the slave encryption machine, and an Eth3 port of the slave encryption machine is in communication connection with the slave router.
3. A cryptographic system as in claim 2, wherein: the financial terminal detects the fault state of the master encryption machine and the slave encryption machine at regular time.
4. A cryptographic system as in claim 3, wherein: and when the financial terminal detects that the master encryption machine or the slave encryption machine is in a fault state, the financial terminal sends out an alarm signal.
5. An encryption system according to claim 4, wherein: and the financial terminal detects the master encryption machine and the slave encryption machine for a fixed number of times every 30-60 minutes.
6. An encryption system according to claim 5, wherein: the fixed times are 3-6 times;
after the financial terminal sends a detection signal to the master encryption machine or the slave encryption machine, if the master encryption machine or the slave encryption machine does not feed back a normal signal, the financial terminal continues to send the detection signal to the master encryption machine or the slave encryption machine, and if the master encryption machine or the slave encryption machine does not feed back a normal signal within a fixed number of times, the financial terminal judges that the master encryption machine or the slave encryption machine is in a fault state;
and when the master encryption machine or the slave encryption machine feeds back a normal signal to the financial terminal, the financial terminal judges that the master encryption machine or the slave encryption machine is in a non-failure state and finishes the detection.
7. An encryption system according to claim 6, wherein: and when the financial terminal judges that the main encryption machine is in a fault state, the financial terminal sends a switching signal to the slave encryption machine, and the slave encryption machine is switched from a standby state to a working state.
8. An encryption system according to claim 7, wherein: the number of the slave encryption machines is one or more, and the number of the slave routers is the same as that of the slave encryption machines.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011260121.1A CN112383426A (en) | 2020-11-12 | 2020-11-12 | Encryption system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011260121.1A CN112383426A (en) | 2020-11-12 | 2020-11-12 | Encryption system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112383426A true CN112383426A (en) | 2021-02-19 |
Family
ID=74583174
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011260121.1A Pending CN112383426A (en) | 2020-11-12 | 2020-11-12 | Encryption system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112383426A (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103546427A (en) * | 2012-07-11 | 2014-01-29 | 中国银联股份有限公司 | Method and system for realizing high availability of encryption machine application |
| CN103607325A (en) * | 2013-11-26 | 2014-02-26 | 国家电网公司 | Data network link monitoring automatic switching system |
| CN203466841U (en) * | 2013-08-25 | 2014-03-05 | 国家电网公司 | Automatic switching device for monitoring of data network link |
| CN106326757A (en) * | 2016-08-26 | 2017-01-11 | 浪潮(北京)电子信息产业有限公司 | Data encryption device of storage system |
| CN107241295A (en) * | 2016-03-28 | 2017-10-10 | 阿里巴巴集团控股有限公司 | Encryption management method and device, control cluster |
| CN107835157A (en) * | 2017-10-17 | 2018-03-23 | 郑州云海信息技术有限公司 | A kind of data redundancy encryption method based on heartbeat mechanism |
-
2020
- 2020-11-12 CN CN202011260121.1A patent/CN112383426A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103546427A (en) * | 2012-07-11 | 2014-01-29 | 中国银联股份有限公司 | Method and system for realizing high availability of encryption machine application |
| CN203466841U (en) * | 2013-08-25 | 2014-03-05 | 国家电网公司 | Automatic switching device for monitoring of data network link |
| CN103607325A (en) * | 2013-11-26 | 2014-02-26 | 国家电网公司 | Data network link monitoring automatic switching system |
| CN107241295A (en) * | 2016-03-28 | 2017-10-10 | 阿里巴巴集团控股有限公司 | Encryption management method and device, control cluster |
| CN106326757A (en) * | 2016-08-26 | 2017-01-11 | 浪潮(北京)电子信息产业有限公司 | Data encryption device of storage system |
| CN107835157A (en) * | 2017-10-17 | 2018-03-23 | 郑州云海信息技术有限公司 | A kind of data redundancy encryption method based on heartbeat mechanism |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11595197B2 (en) | Communication device, communication method, and communication method for performing communication using shared quantum key | |
| RU2633527C1 (en) | Communication line switching method, device and system | |
| US6658595B1 (en) | Method and system for asymmetrically maintaining system operability | |
| CN100456694C (en) | Method and apparatus for providing network connector | |
| US8886831B2 (en) | System and methodology for fast link failover based on remote upstream failures | |
| EP2081322B1 (en) | A method and device implementing link pass through in a point-to-multipoint network | |
| EP2151101B1 (en) | Monitoring high speed network traffic via sequentially multiplexed data streams | |
| US20160080033A1 (en) | Physical unidirectional communication apparatus and method | |
| CN109039825B (en) | Network data protection device and method | |
| EP1776646B1 (en) | A tandem node system and a method therefor | |
| JP2007525895A (en) | Recovery mechanism for network topology | |
| CN104025511A (en) | Service protection method, optical line terminal and system in passive optical network | |
| CN105357114A (en) | Distributed network equipment | |
| KR102603512B1 (en) | Method and device for preventing manipulation on a CAN bus using nodes connected to the bus by a CAN controller | |
| CN103036728A (en) | Multi- redundancy ethernet data transmission system and transmission method | |
| US8370897B1 (en) | Configurable redundant security device failover | |
| CN109245911B (en) | Method and device for realizing BRAS hot standby and computer readable storage medium | |
| CN104394012B (en) | Cluster routers, MPU and its failure determination method, sensing controller | |
| JP6639232B2 (en) | Method and apparatus for adjusting Ethernet data transmission rate | |
| CN112383426A (en) | Encryption system | |
| KR100794520B1 (en) | Securtioy system and method for controlling a traffic using the same | |
| CN106850264B (en) | A kind of network equipment | |
| EP2770666B1 (en) | System and method for transmitting multicast service | |
| CN104901880A (en) | Service running method and device | |
| CN104618021B (en) | Optical fiber based data transmission method, device and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210219 |