CN113055397A - Configuration method and device of security access control policy - Google Patents

Configuration method and device of security access control policy Download PDF

Info

Publication number
CN113055397A
CN113055397A CN202110329724.0A CN202110329724A CN113055397A CN 113055397 A CN113055397 A CN 113055397A CN 202110329724 A CN202110329724 A CN 202110329724A CN 113055397 A CN113055397 A CN 113055397A
Authority
CN
China
Prior art keywords
access control
security
configuration
policy
access
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN202110329724.0A
Other languages
Chinese (zh)
Inventor
王彬
于哲
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhengzhou Zhongke Integrated Circuit And Information System Industry Innovation Research Institute
Original Assignee
Zhengzhou Zhongke Integrated Circuit And Information System Industry Innovation Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhengzhou Zhongke Integrated Circuit And Information System Industry Innovation Research Institute filed Critical Zhengzhou Zhongke Integrated Circuit And Information System Industry Innovation Research Institute
Priority to CN202110329724.0A priority Critical patent/CN113055397A/en
Publication of CN113055397A publication Critical patent/CN113055397A/en
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/02Standardisation; Integration
    • H04L41/0246Exchanging or transporting network management information using the Internet; Embedding network management web servers in network elements; Web-services-based protocols
    • H04L41/0273Exchanging or transporting network management information using the Internet; Embedding network management web servers in network elements; Web-services-based protocols using web services for network management, e.g. simple object access protocol [SOAP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

A configuration method of a security access control policy comprises the following steps: s1, issuing a network data packet containing a security access control strategy configuration instruction and signature information, and analyzing the received network data packet by the security gateway according to the key information acquired from the Ukey; s2, carrying out hash operation on the analyzed configuration instruction to obtain a hash value H1 ', comparing the hash value H with the hash value H analyzed from the network data packet, executing the subsequent steps if H is the same as H ', and interrupting the configuration and giving an alarm if the H is different from H '; s3, writing the analyzed configuration instruction into an access control strategy control module of the security gateway; and S4, the access control strategy control module feeds back the current configuration and state information at regular time. The method of the invention is simple, realizes the real-time, on-line and flexible security configuration of the security policy, can improve the application range of the security gateway by configuring different security access control policies, and sends out the alarm information in time, thereby having remarkable social and economic benefits.

Description

Configuration method and device of security access control policy
Technical Field
The invention relates to network security gateway configuration, in particular to a configuration method of a security access control strategy.
Background
With the continuous development of the internet in various fields, the dependence degree of the normal operation of various industries on the internet is increased, and the network security problem is highlighted. In order to solve the serious challenge brought by network security, various forms of network security products are produced, wherein the security gateway is widely applied as a security product which can perform the functions of screening, filtering, encrypting and protocol conversion processing on network data. The configuration mode of the security gateway or the security gateway is solidified into firmware when leaving a factory, and the configuration flexibility is poor; or the local area network is accessed for one-by-one configuration, and when a large amount of deployment occurs, the configuration efficiency is low; or when the remote network is configured, the authentication of the network identity is only carried out through a two-way handshake mechanism, the network identity is easy to be controlled by an illegal user and is subjected to illegal configuration operation, and the security is poor, so that the technical problem that the online, flexible and safe configuration of the security gateway needs to be solved is solved.
Disclosure of Invention
In view of the above situation, and in order to overcome the defects of the prior art, the present invention aims to provide a method and an apparatus for configuring a security access control policy, which adopt an online configuration method of multiple security mechanisms, such as "password login platform + Ukey insertion security gateway + asymmetric key encryption and decryption + timing feedback verification", and can effectively solve the problems of ensuring real-time performance and flexibility of the security gateway configuration realized by the management platform, and ensuring the security of the configuration process.
In order to achieve the above object, the present application provides a method for configuring a security access control policy, including the following steps:
s1, issuing a network data packet containing a security access control strategy configuration instruction and signature information, and analyzing the received network data packet by the security gateway according to the key information acquired from the Ukey;
optionally, the signature information is obtained by performing hash operation on the security access control policy configuration instruction in the network data packet to obtain a hash value H, and performing signature encryption on the hash value H by using an administrator private key;
s2, carrying out hash operation on the analyzed configuration instruction to obtain a hash value H1 ', comparing the hash value H with the hash value H analyzed from the network data packet, executing the subsequent steps if H is the same as H ', and interrupting the configuration and giving an alarm if the H is different from H ';
optionally, before the security gateway acquires the key information from the Ukey, the method further includes: acquiring and comparing the identity ID matched with the security gateway from the Ukey, and executing the operation of acquiring the key on the premise of matching;
s3, writing the analyzed configuration instruction into an access control strategy control module of the security gateway;
optionally, writing the parsed configuration instruction into an access control policy control module of the security gateway includes modifying a register and programming a programmable logic device on line;
and S4, the access control strategy control module feeds back the current configuration and state information at regular time.
Optionally, the security access control policy may be one or a combination of IP access policy, MAC access policy, port access policy, VLAN access policy, ICMP access policy, IGMP access policy, and IP replacement policy.
The present application also provides a device of a method for configuring a security access control policy, that is, a device for configuring a security access control policy, including:
the management module is used for issuing a network data packet containing a security access control strategy configuration instruction and signature information, and the security gateway analyzes the received network data packet according to the key information acquired from the Ukey;
the analysis calculation module is used for carrying out hash operation on the analyzed configuration instruction to obtain a hash value H1 ', comparing the hash value H with the hash value H analyzed from the network data packet, executing subsequent steps if H is the same as H ', and interrupting the configuration and giving an alarm if the H is different from the H ';
the hardware configuration module is used for writing the analyzed configuration instruction into an access control strategy control module of the security gateway;
and the state feedback module is used for feeding back the current configuration and state information at regular time by the access control strategy control module.
Optionally, the security gateway further includes an ID obtaining module, configured to obtain and compare an identity ID matched with the security gateway from the Ukey, and execute an obtaining operation of the key on the premise of matching.
Optionally, the system further includes a security access control policy configuration module, configured to write a configuration instruction of one or a combination policy of multiple IP access policies, MAC access policies, port access policies, VLAN access policies, ICMP access policies, IGMP access policies, and IP replacement policies into a register or burn the configuration instruction into a programmable logic device.
Optionally, the system further comprises a WEB management platform for issuing the network data packet and receiving the feedback information.
The method is simple, realizes real-time, online and flexible security configuration of the security policy, and improves the security of the configuration process and the potential risk solution capability in the process of using the security gateway; the application range of the security gateway can be improved by configuring different security access control strategies, and the alarm information can be sent out in time, so that the method is a great innovation in security gateway configuration and has remarkable social and economic benefits.
Drawings
FIG. 1 is a flow chart of the present invention.
Detailed Description
The following examples and specific examples will explain the present invention in detail.
The invention discloses a configuration method of a security access control strategy, which is characterized by comprising the following steps:
s1, issuing a network data packet containing a security access control strategy configuration instruction and signature information, and analyzing the received network data packet by the security gateway according to the key information acquired from the Ukey;
specifically, the platform for issuing the network data packet may be a WEB platform or an application program; the format of the network data packet can be a custom format or a standard network data packet format; the signature information is a hash value H1 obtained by carrying out hash algorithm calculation on a configuration instruction with a specific format, and the signature information is obtained by carrying out encryption operation on the hash value H1 through a private key of an administrator; the hashing algorithm adopts an MD5 algorithm.
S2, carrying out hash operation on the analyzed configuration instruction to obtain a hash value H1 ', comparing the hash value H with the hash value H analyzed from the network data packet, executing the subsequent steps if H is the same as H ', and interrupting the configuration and giving an alarm if the H is different from H ';
the hash calculation (such as MD5 algorithm) and decryption calculation operation of the hash value H1 are realized by a soft core CPU in an MCU (such as STM32 or Loongson BHD5 series single chip microcomputer) or an SOC system (ZYnq 7000 series fpga). The hash algorithm MD5 performs hash calculation on the plaintext character string to obtain the summary information of the plaintext character string, the summary information is irreversible, and the summary information obtained by the hash calculation after the plaintext character string is tampered is definitely different from the original summary information, so that the anti-counterfeiting can be performed by using the hash calculation. The alarm can be in the form of flashing of an indicator light or a buzzer and other related indicating devices to remind the security gateway of abnormality;
the security gateway is inserted into a Ukey, a public key matched with a private key of an administrator is stored in the Ukey, and the Ukey and the public key can be mutually encrypted and decrypted, namely the private key can only be used for decrypting the encrypted public key, and the public key can only be used for decrypting the encrypted private key; the Ukey also stores the ID information of the security gateway, and the ID information corresponds to the gateway equipment one by one; the security gateway supports the hot plug of Ukey; the security gateway receives the configuration instruction through the network cable or the wireless module. Ukeys are matched with the security gateways one by one, and only managers with corresponding authorities are allocated, and the Ukeys cannot be copied or reversed;
before the security gateway acquires the key information from the Ukey, the method further comprises the following steps: and acquiring the identity ID matched with the security gateway from the Ukey, comparing the identity ID with the security gateway, and executing the key acquisition operation on the premise of matching.
S3, writing the analyzed configuration instruction into an access control strategy control module of the security gateway;
writing the analyzed configuration instruction into an access control strategy control module of the security gateway, wherein the access control strategy control module comprises modification of a register and online programming of a programmable logic device;
specifically, the central controller completes decryption and hash operation on the configuration instruction, and after the configuration instruction is verified to be normal, the configuration instruction is written into the access control strategy implementation module through an on-chip bus (such as an AHB bus, an APB bus and an AXI bus) or an industrial serial port (such as rs232 and rs 485); the written content is register parameters or on-line program programming of the programmable logic device, thereby realizing the redefinition of the logic circuit. After the configuration of an access control strategy implementation module of the security gateway is completed, hardware-level comparison, screening and filtering operations are performed on the transceiving data packets of the security gateway according to the newly configured security access control strategy;
the configuration instruction containing the access control policy may be security access control of different policies, that is, selective screening and filtering of a specific data packet, by setting the access policy in a white list or a black list, and the configuration instruction may be one of or a combination of multiple security access control policies, that is, an IP access policy, a MAC access policy, a port access policy, a VLAN access policy, an ICMP access policy, an IGMP access policy, and an IP replacement policy. If the destination MAC address is ' 11-22-33-44-55-66 ', the white list indicates that only the data packets with the destination MAC address of ' 11-22-33-44-55-66 ' can pass through the security gateway, but no other network data packets can pass through the security gateway, and the implementation of the security access policy of other source IP, destination IP and port number is similar to the implementation of the destination MAC, namely the data packets with the destination MAC address of ' 11-22-33-44-55-66 ' are white listed and can not pass through the other data packets, or the data packets with the destination MAC address of ' black list and can pass through the other data packets except the black list; the application service strategy instruction refers to the access setting of a universal port number, the VLAN control strategy instruction can realize the selective passing of VLAN data packets of different ETYPE types, the ICMP control strategy and the IGMP strategy respectively carry out access control on different types in ICMP and IGMP protocol fields, and the like.
S4, the access control strategy control module feeds back the current configuration and state information at regular time;
specifically, the security gateway feeds back configuration information including the ID information of the device to the management platform at regular time, and the management platform compares the received feedback configuration information with configuration record information in an operation log to judge whether abnormal configuration occurs; if the data is consistent with the data, judging that the data is normal, and if the data is inconsistent with the data, judging that abnormal configuration occurs, sending alarm information, and interrupting data communication of a related link;
the present application also provides a device of a method for configuring a security access control policy, that is, a device for configuring a security access control policy, including:
the management module is used for issuing a network data packet containing a security access control strategy configuration instruction and signature information, and the security gateway analyzes the received network data packet according to the key information acquired from the Ukey;
the analysis calculation module is used for carrying out hash operation on the analyzed configuration instruction to obtain a hash value H1 ', comparing the hash value H with the hash value H analyzed from the network data packet, executing subsequent steps if H is the same as H ', and interrupting the configuration and giving an alarm if the H is different from the H ';
the hardware configuration module is used for writing the analyzed configuration instruction into an access control strategy control module of the security gateway;
and the state feedback module is used for feeding back the current configuration and state information at regular time by the access control strategy control module.
Optionally, the security gateway further includes an ID obtaining module, configured to obtain and compare an identity ID matched with the security gateway from the Ukey, and execute an obtaining operation of the key on the premise of matching.
Optionally, the system further includes a security access control policy configuration module, configured to write a configuration instruction of one or a combination policy of multiple IP access policies, MAC access policies, port access policies, VLAN access policies, ICMP access policies, IGMP access policies, and IP replacement policies into a register or burn the configuration instruction into a programmable logic device.
Optionally, the system further comprises a WEB management platform for issuing the network data packet and receiving the feedback information.
It should be noted that the above-mentioned embodiments are only preferred embodiments of the present invention, and the present invention is not limited thereto in any way, and those skilled in the art can make modifications or equivalent variations to the above-mentioned embodiments without departing from the scope of the present invention.
In summary, the present invention provides a method for configuring a security access control policy, which aims at the existing situation and security deficiency, to implement real-time, online and flexible security configuration of the security policy, and improve the security of the configuration process and the potential risk solution capability in the process of using the security gateway; the method has the advantages that different security access control strategies are configured, the application range of the security gateway can be widened, warning information is sent out in time, an online configuration method of multiple security mechanisms of 'password login platform + Ukey insertion security gateway + asymmetric key encryption and decryption + timing feedback verification' and the like is adopted, real-time performance and flexibility of security gateway configuration of a management platform are guaranteed, safety of the configuration process is guaranteed, innovation on security gateway configuration is achieved, and remarkable social and economic benefits are achieved.

Claims (10)

1. A method for configuring a security access control policy, comprising:
s1, issuing a network data packet containing a security access control strategy configuration instruction and signature information, and analyzing the received network data packet by the security gateway according to the key information acquired from the Ukey;
s2, carrying out hash operation on the analyzed configuration instruction to obtain a hash value H1 ', comparing the hash value H with the hash value H analyzed from the network data packet, executing the subsequent steps if H is the same as H ', and interrupting the configuration and giving an alarm if the H is different from H ';
s3, writing the analyzed configuration instruction into an access control strategy control module of the security gateway;
and S4, the access control strategy control module feeds back the current configuration and state information at regular time.
2. The method according to claim 1, wherein the signature information is obtained by performing a hash operation on the security access control policy configuration instruction in the network data packet to obtain a hash value H, and performing signature encryption on the hash value H by using an administrator private key.
3. The method for configuring security access control policy according to claim 1, further comprising, before the security gateway obtains key information from Ukey: and acquiring the identity ID matched with the security gateway from the Ukey, comparing the identity ID with the security gateway, and executing the key acquisition operation on the premise of matching.
4. The method according to claim 1, wherein the platform for sending the network data packet and receiving the feedback information is a WEB management platform.
5. The method for configuring security access control policy according to claim 1, wherein writing the parsed configuration instruction into the access control policy control module of the security gateway includes modifying a register and programming a programmable logic device online.
6. The method for configuring security access control policy according to claim 1, characterized by: the security access control strategy is one or a combination of IP access strategy, MAC access strategy, port access strategy, VLAN access strategy, ICMP access strategy, IGMP access strategy and IP replacement strategy.
7. The apparatus for configuring security access control policy of any one of claims 1 to 6, comprising:
the management module is used for issuing a network data packet containing a security access control strategy configuration instruction and signature information, and the security gateway analyzes the received network data packet according to the key information acquired from the Ukey;
the analysis calculation module is used for carrying out hash operation on the analyzed configuration instruction to obtain a hash value H1 ', comparing the hash value H with the hash value H analyzed from the network data packet, executing subsequent steps if H is the same as H ', and interrupting the configuration and giving an alarm if the H is different from the H ';
the hardware configuration module is used for writing the analyzed configuration instruction into an access control strategy control module of the security gateway;
and the state feedback module is used for feeding back the current configuration and state information at regular time by the access control strategy control module.
8. The apparatus for configuring security access control policy according to claim 7, further comprising an ID obtaining module, configured to obtain and compare an identity ID matching the security gateway from the Ukey, and perform the operation of obtaining the key on the premise of matching.
9. The apparatus for configuring security access control policy according to claim 7, further comprising a security access control policy configuration module, configured to write a configuration instruction of one or more of IP access policy, MAC access policy, port access policy, VLAN access policy, ICMP access policy, IGMP access policy, and IP replacement policy into a register or burn into a programmable logic device.
10. The apparatus for configuring security access control policy according to claim 7, comprising a WEB management platform for issuing network data packets and receiving feedback information.
CN202110329724.0A 2021-03-29 2021-03-29 Configuration method and device of security access control policy Withdrawn CN113055397A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110329724.0A CN113055397A (en) 2021-03-29 2021-03-29 Configuration method and device of security access control policy

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110329724.0A CN113055397A (en) 2021-03-29 2021-03-29 Configuration method and device of security access control policy

Publications (1)

Publication Number Publication Date
CN113055397A true CN113055397A (en) 2021-06-29

Family

ID=76515803

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110329724.0A Withdrawn CN113055397A (en) 2021-03-29 2021-03-29 Configuration method and device of security access control policy

Country Status (1)

Country Link
CN (1) CN113055397A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114785505A (en) * 2022-06-22 2022-07-22 中科雨辰科技有限公司 Data processing system for acquiring abnormal equipment

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101465856A (en) * 2008-12-31 2009-06-24 杭州华三通信技术有限公司 Method and system for controlling user access
CN102594814A (en) * 2012-02-10 2012-07-18 福建升腾资讯有限公司 Terminal-based network access control system
US20150256558A1 (en) * 2014-03-07 2015-09-10 Shenzhen Microprofit Electronics Co., Ltd Safety device, server and server information safety method
CN105282157A (en) * 2015-10-22 2016-01-27 中国人民解放军装备学院 Secure communication control method
CN107579999A (en) * 2017-10-17 2018-01-12 山东渔翁信息技术股份有限公司 Authentication method, device and the network equipment of data source equipment

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101465856A (en) * 2008-12-31 2009-06-24 杭州华三通信技术有限公司 Method and system for controlling user access
CN102594814A (en) * 2012-02-10 2012-07-18 福建升腾资讯有限公司 Terminal-based network access control system
US20150256558A1 (en) * 2014-03-07 2015-09-10 Shenzhen Microprofit Electronics Co., Ltd Safety device, server and server information safety method
CN105282157A (en) * 2015-10-22 2016-01-27 中国人民解放军装备学院 Secure communication control method
CN107579999A (en) * 2017-10-17 2018-01-12 山东渔翁信息技术股份有限公司 Authentication method, device and the network equipment of data source equipment

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114785505A (en) * 2022-06-22 2022-07-22 中科雨辰科技有限公司 Data processing system for acquiring abnormal equipment
CN114785505B (en) * 2022-06-22 2022-08-23 中科雨辰科技有限公司 Data processing system for acquiring abnormal equipment

Similar Documents

Publication Publication Date Title
US11134064B2 (en) Network guard unit for industrial embedded system and guard method
DE102014224694B4 (en) Network device and network system
CN110996318A (en) Safety communication access system of intelligent inspection robot of transformer substation
CN112600892A (en) Block chain equipment and system for Internet of things and working method
CN202856781U (en) Industrial control system main station safety device
WO2018214719A1 (en) Dynamic safety method and system based on multi-fusion linked responses
US20240121272A1 (en) Network sanitization for dedicated communication function and edge enforcement
Morris et al. Cybersecurity risk testing of substation phasor measurement units and phasor data concentrators
CN105933125A (en) Method and device for southing security authentication in software-defined networking
CN101795271B (en) Network secure printing system and printing method
CN104022867B (en) A kind of ISSU soft reboots preprocess method and equipment
CN108777681A (en) Network data unidirectional transmission control method based on NDIS filtration drives
US20190166134A1 (en) Light-weight mechanism for checking message integrity in data packets
CN105656655B (en) A kind of network safety managing method, device and system
CN108616521A (en) Method for network access, device, equipment and readable storage medium storing program for executing
CN205584238U (en) Network data encryption equipment
WO2021042736A1 (en) Encryption method for application data unit in water conservancy industrial control system
CN109729099A (en) A kind of Internet of Things traffic flow analysis method based on Android VPNService
CN113055397A (en) Configuration method and device of security access control policy
CN110868362B (en) Method and device for processing MACsec uncontrolled port message
CN201878191U (en) Security access device for video
CN101399814A (en) Method, system and device for verifying relation between data link layer address and sending side
CN109688115B (en) Data security transmission system
CN103188356A (en) Method for realizing NAT (network address translation) traversal through extranet mapping IPsec (internet protocol security) massage
CN202004770U (en) Safety dial system supporting client environment credibility analysis and decision technology

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information

Address after: 450001 Ximei building, No. 6, Changchun Road, high tech Industrial Development Zone, Zhengzhou City, Henan Province

Applicant after: Zhengzhou Zhongke integrated circuit and System Application Research Institute

Address before: 450001 Zhimei building, no.6, Changchun Road, high tech Industrial Development Zone, Zhengzhou City, Henan Province

Applicant before: Zhengzhou Zhongke integrated circuit and Information System Industry Innovation Research Institute

CB02 Change of applicant information
WW01 Invention patent application withdrawn after publication

Application publication date: 20210629

WW01 Invention patent application withdrawn after publication