CN114629746A - Data security gateway based on hardware - Google Patents
Data security gateway based on hardware Download PDFInfo
- Publication number
- CN114629746A CN114629746A CN202210274965.4A CN202210274965A CN114629746A CN 114629746 A CN114629746 A CN 114629746A CN 202210274965 A CN202210274965 A CN 202210274965A CN 114629746 A CN114629746 A CN 114629746A
- Authority
- CN
- China
- Prior art keywords
- data packet
- data
- security gateway
- network
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012545 processing Methods 0.000 claims abstract description 34
- 238000000034 method Methods 0.000 claims abstract description 6
- 238000004458 analytical method Methods 0.000 claims description 9
- 238000012795 verification Methods 0.000 claims description 6
- 238000007781 pre-processing Methods 0.000 claims description 5
- 238000004891 communication Methods 0.000 claims description 3
- 230000003993 interaction Effects 0.000 claims description 2
- 241000700605 Viruses Species 0.000 abstract description 2
- 230000004083 survival effect Effects 0.000 abstract 1
- 238000010586 diagram Methods 0.000 description 3
- 238000011161 development Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000006855 networking Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000005538 encapsulation Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000008569 process Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/66—Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention discloses a data security gateway based on hardware, which comprises a password preposing unit and a service processing unit. The data security gateway of the invention has no foreign high-performance CPU and no leak problem of the back door of CPU hardware; the method has the advantages that no operating system exists, the loophole problem of the operating system does not exist, and the existing environment for the survival of most viruses does not exist; a large number of third-party code bases and self-constructed codes of products are not available, and the problem of self-loophole of the traditional security software is solved; and no IP address, no mac address and invisible equipment network are provided, so that the risk of network hacker intrusion is avoided.
Description
Technical Field
The invention relates to a security gateway, and belongs to the technical field of network security.
Background
At present, with the rapid development of global informatization, the rapid rise of emerging technologies such as 5G, cloud computing, big data, Internet of things, mobile internet and industrial internet, the role of digital economy in economic development becomes more and more important, and government and enterprise data has become an important economic production element from an asset protection object. The data circulation sharing is more frequent, the data torsion amount is larger, and how to protect the safety of the data in the transmission process is more serious.
The traditional security products (VPN, application layer firewall and the like) are constructed based on a foreign high-performance CPU, an operating system, a large number of third-party code libraries and a large number of codes of the products, the overall architecture is shown in FIG. 1, the self security of the products faces the security challenge difficult to cross, bug holes brought by the self large number of codes are faced (each line of codes has bug possibility, the larger the code amount is, the larger the potential safety hazard is), and bug holes of the foreign high-performance CPU, the operating system and the third-party code libraries are inherited naturally:
CPU hardware back door: an ME module exists in main stream CPUs such as Intel and AMD, and can directly use a network port to access memory data under the condition that an operating system is not aware.
Vulnerability of operating system: TheBestVPN calculates the number of vulnerabilities of each operating system in 2019 according to the data of national vulnerability databases of National Institute of Standards and Technology (NIST):
ubuntu Linux: 190 pieces of the feed are added; debian Linux: 360 pieces of the feed are added;
windows Server 2016: 357; windows Server 2019: 351, the number of the channels is 351; and (4) Windows 7: 250, the number of the cells is 250; windows 10: 357;
vulnerability of the security software itself:
(1) in the year 2020 of 4, DarkHotel utilizes a 0day bug of a deep trust SSL VPN server to invade a Chinese government agency, 200 deep trust servers are invaded, and 100 deep trust servers are positioned in a network of the government agency;
(2) in 2020, a hacker invades an American election support system by combining a security vulnerability in Fortinet (flying tower) Fortios SSL VPN and obtains an access right;
(3) on 8/5/2021, the industrial control system of the largest oil Pipeline company, colonal Pipeline, was "hijacked" by hackers due to its own software bugs, causing 17 states and washington, d.c. in the united states to declare an emergency.
Disclosure of Invention
The technical problem to be solved by the invention is to overcome the defects of the prior art and provide a data security gateway based on hardware, thereby avoiding the loophole problem of the traditional data security product and reducing the risk.
In order to solve the technical problems, the technical scheme adopted by the invention is as follows:
a data security gateway based on hardware at least comprises a central data security gateway and/or a terminal data security gateway, wherein the central data security gateway comprises a password pre-unit and a service processing unit; the terminal data security gateway comprises a password pre-unit;
the password pre-unit is connected with the service processing unit through a data port to realize data interaction;
the password pre-processing unit receives a data packet which enters a protected network/device from the outside through a WAN port, judges whether the data packet is a legal data packet or not, releases the legal and successfully decrypted data packet to the service processing unit, and discards an illegal data packet;
and the service processing unit receives the new network data packet decrypted and encapsulated by the password preposing unit, analyzes the IP address and the port of the network data packet, forwards the data packet meeting the authority from the LAN port to the protected network/equipment, and discards the network data packet if the data packet meets the authority.
Further, the password prefix unit includes:
TCP/IP protocol analysis module: the method is used for identifying and analyzing TCP/IP related protocol stacks;
a password processing module: the system comprises an HMAC algorithm module and an SM2 encryption algorithm module;
the TCP/IP protocol analysis module receives a data packet sent by a protected network/device, analyzes the IP data packet firstly, sends the IP data packet to the password processing module, and the password processing module adopts the SM2 encryption algorithm module and the HMAC algorithm module to encrypt the IP data packet by the SM2 algorithm and the HMAC algorithm, and then is packaged into a new data packet by the TCP/IP protocol analysis module to be sent to the service processing unit.
Furthermore, the password pre-unit adopts FPGA or a special password chip.
Furthermore, the service processing unit comprises a network data packet forwarding module and a permission management module;
the service processing unit receives the network data packet decrypted by the password pre-positioning unit, the authority management module analyzes the IP address and the port of the network data packet, the data packet meeting the authority is released, and otherwise, the data packet is discarded;
after the data packet meeting the authority is released, the data packet is forwarded to the protected network/equipment from the LAN port by the network data packet forwarding module.
Further, the service processing unit is implemented based on a general mainboard architecture.
Further, the password pre-processing unit determines whether the data packet is a legal data packet based on whether each data packet carries a unique identity code of the sending device, if so, the data packet is a legal data packet, and if not, the data packet is determined to be an illegal data packet.
Further, the password pre-unit judges whether the data packet is a legal data packet, and the specific judgment steps are as follows:
1) after the data packet reaches the password preposing unit, verifying whether the data packet is tampered by an HMAC algorithm;
2) and carrying out validity verification on the data packet by taking out the unique identification code of the equipment for the data packet passing the HMAC verification.
Further, the data format of the new network data packet encapsulated by the TCP/IP protocol parsing module is:
new frame header: the segment is an Ethernet protocol custom segment;
new packet IP layer, UDP header: the source end address is the IP address of the originating data security gateway, the destination address is the IP address of the opposite end data security gateway, and the rest is self-defined by a tcp/IP protocol;
encrypted original IP packet: actual IP data packets to be sent by both communication parties;
device unique authentication code: each data packet carries a unique equipment identification code;
HMAC: is the actual value calculated by using the hmac algorithm for the previous segment value.
The invention achieves the following beneficial effects:
the password preposing unit of the invention is arranged in front of the protected network or resource in series, and has the following main characteristics and well solves the corresponding problems of the traditional safety products (VPN, etc.):
1. and no foreign high-performance CPU exists, so that the problem of vulnerability of a hardware backdoor of the CPU does not exist.
2. No operating system exists, so the vulnerability problem of the operating system does not exist; and the existing environment for most viruses to live in is not available.
3. And a large number of third-party code bases and self-constructed codes of products are not available, so that the problem of self-loophole of the traditional security software is solved.
4. The data security gateway has no IP address, no mac address and no visibility on the equipment network, thereby avoiding the risk of network hacker intrusion.
Drawings
FIG. 1 is an overall architecture diagram of a conventional security product;
FIG. 2 is a diagram of the data security gateway architecture of the present embodiment;
fig. 3 is a schematic diagram of network deployment of a data security gateway according to the embodiment;
fig. 4 shows the IP packet format of the present embodiment.
Detailed Description
The invention is further described below with reference to the accompanying drawings. The following examples are only for illustrating the technical solutions of the present invention more clearly, and the protection scope of the present invention is not limited thereby.
As shown in fig. 2, the hardware-based data security gateway of the present invention includes a password pre-processing unit and/or a traffic processing unit. The business processing unit receives the data decrypted by the password pre-positioning unit; the password preposition unit encrypts the data sent by the service processing unit and sends the encrypted data.
Password head unit: the method is realized by adopting an FPGA or a special password chip, and the main core service function is realized by adopting a pure hardware circuit, and comprises the following steps: encryption and decryption of network data packets, encapsulation and decapsulation of network data packets, storage of related keys, and the like.
The password front unit mainly comprises:
(1) TCP/IP protocol analysis module: the method is mainly responsible for identifying and analyzing TCP/IP related protocol stacks;
(2) a password processing module: the password encryption system mainly comprises password related functions, including an HMAC algorithm module, an SM2 encryption algorithm module/SM 4 encryption algorithm module;
the TCP/IP protocol analysis module receives a data packet sent by a protected network (or equipment), analyzes the IP data packet, sends the IP data packet to the password processing module, and the password processing module adopts an SM2 encryption algorithm module/SM 4 encryption algorithm module and an HMAC algorithm module to encrypt the IP data packet by an SM2 algorithm, an SM4 algorithm and an HMAC algorithm, and then is packaged into a new network data packet by the TCP/IP protocol analysis module to send.
As shown in fig. 4, the encapsulated new network packet data format is:
new frame header: the segment is customized with the Ethernet protocol;
new packet IP layer, UDP header: the source end address is the IP address of the originating data security gateway, the destination address is the IP address of the opposite end data security gateway, and the other part of the header is self-defined by a tcp/IP protocol;
encrypted original IP packet: actual IP data packets to be sent by both communication parties;
device unique authentication code: each data packet carries a unique identification code of the equipment;
HMAC: is the actual value calculated by using the hmac algorithm for the previous segment value.
The functional characteristics of the invention are concentrated in the password preposing unit and have the following main functional characteristics:
(1) no foreign high-performance CPU;
(2) no operating system;
(3) there are no large third party codebases;
(4) no IP address, no mac address;
(5) and (3) a national secret algorithm: SM4 and SM2 algorithms are realized by hardware, such as FPGA coding or special code chips.
A service processing unit: based on the general mainboard (X86, arm, etc.) architecture implementation, mainly include: a network data packet forwarding module, a right management module and the like.
And the service processing unit receives the new network data packet decrypted and encapsulated by the password pre-positioning unit.
The authority management module: and analyzing the IP address and the port of the network data packet, releasing the data packet meeting the authority, and otherwise, discarding the data packet. The authority is an authority strategy configured in the service processing unit, and the strategy is as follows: and if the corresponding data in the data packet is consistent with the strategy, the data is released, and if not, the data is discarded.
After the data packet meeting the authority is released, the data packet is forwarded to the protected network from the LAN port by the network data packet forwarding module.
As shown in fig. 3, the system using data security gateway networking includes a central data security gateway and a terminal data security gateway. The central data security gateway comprises a password pre-processing unit and a service processing unit. The terminal data security gateway only has a password preposing unit. The data security gateway is connected in series in front of the protected network (or device), and the data security gateway limits illegal data packets from flowing into the protected network (or device), thereby playing a role in protecting the protected network (or device).
The data circulation process of the data security gateway in this embodiment is as follows:
(1) before the data security gateway receives a data packet sent from an LAN port, whether a destination IP address of the data packet is legal is judged based on a legal export IP address table maintained by the data security gateway:
and the central data security gateway acquires the outlet IP address of the network where the terminal is positioned according to the data packet sent by the terminal data security gateway for maintenance and storage, and synchronizes the outlet IP address table to other security gateways in the system using the data security gateway for networking.
And the legal export IP address table is stored in a flash memory of the data security gateway, and is read into the memory to judge the legality of the IP address during operation.
(a) If the opposite end is legal, namely the opposite end also has a data security gateway, session key negotiation is firstly carried out with the data security gateway of the opposite end, after the key negotiation, the corresponding outlet IP address is added into an outlet IP address table, and the password preposing unit carries out hardware encryption on the data packet based on the key and then sends out the data packet;
(b) if the data packet is illegal, namely the opposite end does not deploy a corresponding data security gateway, the data packet is discarded;
(2) before the data packet enters the protected network (or device) from the WAN port, the password pre-unit is used to judge whether the data packet is legal or not, the data packet which is legal and successfully decrypted is released to the service processing unit, and the illegal data packet is discarded.
And judging whether the data packets are legal or not based on whether each data packet carries the unique equipment identification code of the equipment sending out the data packet or not, if the data packet is carried, judging the data packet to be legal, and if the data packet is not carried or the carried identity codes are not consistent, judging the data packet to be illegal. The system is built by adopting the data security gateways, and each data security gateway maintains a device unique identification code which is different from all the data security gateways in the system. And judging whether the carried identity code is consistent or not according to whether the equipment unique identification code carried in the data packet is consistent with the equipment unique identification code maintained by the equipment.
The specific judging steps are as follows:
1) after the data packet reaches the password preposing unit, verifying whether the data packet is tampered by an HMAC algorithm;
2) and carrying out validity verification on the data packet by taking out the unique identification code of the equipment for the data packet passing the HMAC verification.
The unique identification code of the equipment maintains the same legal export IP address table.
The above description is only a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, several modifications and variations can be made without departing from the technical principle of the present invention, and these modifications and variations should also be regarded as the protection scope of the present invention.
Claims (8)
1. A data security gateway based on hardware is characterized by at least comprising a central data security gateway and/or a terminal data security gateway, wherein the central data security gateway comprises a password pre-unit and a service processing unit; the terminal data security gateway comprises a password pre-unit;
the password pre-unit is connected with the service processing unit through a data port to realize data interaction;
the password pre-processing unit receives a data packet which enters a protected network/device from the outside through a WAN port, judges whether the data packet is a legal data packet or not, releases the legal and successfully decrypted data packet to the service processing unit, and discards an illegal data packet;
and the service processing unit receives the new network data packet decrypted and encapsulated by the password preposing unit, analyzes the IP address and the port of the network data packet, forwards the data packet meeting the authority from the LAN port to the protected network/equipment, and discards the network data packet if the data packet meets the authority.
2. A hardware-based data security gateway as claimed in claim 1, wherein the cryptographic prefix unit comprises:
TCP/IP protocol analysis module: the method is used for identifying and analyzing TCP/IP related protocol stacks;
a cryptographic processing module: the system comprises an HMAC algorithm module and an SM2 encryption algorithm module;
the TCP/IP protocol analysis module receives a data packet sent by a protected network/device, analyzes the IP data packet firstly, sends the IP data packet to the password processing module, and the password processing module adopts the SM2 encryption algorithm module and the HMAC algorithm module to encrypt the IP data packet by the SM2 algorithm and the HMAC algorithm, and then is packaged into a new data packet by the TCP/IP protocol analysis module to be sent to the service processing unit.
3. A hardware-based data security gateway as claimed in claim 1, wherein the cryptographic prefix unit is an FPGA or a dedicated cryptographic chip.
4. A hardware-based data security gateway as claimed in claim 1, wherein the service processing unit includes a network packet forwarding module and a rights management module;
the service processing unit receives the network data packet decrypted by the password pre-positioning unit, the authority management module analyzes the IP address and the port of the network data packet, the data packet meeting the authority is released, and otherwise, the data packet is discarded;
after the data packet meeting the authority is released, the data packet is forwarded to the protected network/equipment from the LAN port by the network data packet forwarding module.
5. A hardware-based data security gateway as claimed in claim 1, wherein the service processing unit is implemented based on a generic motherboard architecture.
6. The hardware-based data security gateway of claim 1, wherein the password pre-unit determines whether the data packet is a legal data packet based on whether each data packet carries a unique identity code of the sending device, if so, the data packet is a legal data packet, and if not, the data packet is an illegal data packet.
7. The hardware-based data security gateway of claim 6, wherein the password pre-unit determines whether the data packet is a legal data packet, and the specific determination step is:
1) after the data packet reaches the password preposing unit, verifying whether the data packet is tampered by an HMAC algorithm;
2) and carrying out validity verification on the data packet by taking out the unique identification code of the equipment for the data packet passing the HMAC verification.
8. A hardware-based data security gateway as claimed in claim 2, wherein the TCP/IP protocol parsing module encapsulates the new network data packet in a data format of:
new frame header: the segment is an Ethernet protocol custom segment;
new packet IP layer, UDP header: the source end address is the IP address of the originating data security gateway, the destination address is the IP address of the opposite end data security gateway, and the rest is self-defined by a tcp/IP protocol;
encrypted original IP packet: actual IP data packets to be sent by both communication parties;
device unique authentication code: each data packet carries a unique equipment identification code;
HMAC: is the actual value calculated by using hmac algorithm for the previous segment value.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210274965.4A CN114629746A (en) | 2022-03-21 | 2022-03-21 | Data security gateway based on hardware |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210274965.4A CN114629746A (en) | 2022-03-21 | 2022-03-21 | Data security gateway based on hardware |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114629746A true CN114629746A (en) | 2022-06-14 |
Family
ID=81903826
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210274965.4A Pending CN114629746A (en) | 2022-03-21 | 2022-03-21 | Data security gateway based on hardware |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114629746A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN118590327A (en) * | 2024-08-06 | 2024-09-03 | 江苏元信网安科技有限公司 | Novel high-speed encryption and decryption system and method based on FPGA unloading |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107204918A (en) * | 2016-03-16 | 2017-09-26 | 无锡十月中宸科技有限公司 | A kind of Yunan County's full gateway and cloud security system |
| CN108810023A (en) * | 2018-07-19 | 2018-11-13 | 北京智芯微电子科技有限公司 | Safe encryption method, key sharing method and safety encryption isolation gateway |
| CN111770071A (en) * | 2020-06-23 | 2020-10-13 | 江苏易安联网络技术有限公司 | Method and device for gateway authentication of trusted device in network stealth scene |
| CN113194097A (en) * | 2021-04-30 | 2021-07-30 | 北京数盾信息科技有限公司 | Data processing method and device for security gateway and security gateway |
| CN113709119A (en) * | 2021-08-12 | 2021-11-26 | 南京华盾电力信息安全测评有限公司 | Password security gateway, system and use method |
-
2022
- 2022-03-21 CN CN202210274965.4A patent/CN114629746A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107204918A (en) * | 2016-03-16 | 2017-09-26 | 无锡十月中宸科技有限公司 | A kind of Yunan County's full gateway and cloud security system |
| CN108810023A (en) * | 2018-07-19 | 2018-11-13 | 北京智芯微电子科技有限公司 | Safe encryption method, key sharing method and safety encryption isolation gateway |
| CN111770071A (en) * | 2020-06-23 | 2020-10-13 | 江苏易安联网络技术有限公司 | Method and device for gateway authentication of trusted device in network stealth scene |
| CN113194097A (en) * | 2021-04-30 | 2021-07-30 | 北京数盾信息科技有限公司 | Data processing method and device for security gateway and security gateway |
| CN113709119A (en) * | 2021-08-12 | 2021-11-26 | 南京华盾电力信息安全测评有限公司 | Password security gateway, system and use method |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN118590327A (en) * | 2024-08-06 | 2024-09-03 | 江苏元信网安科技有限公司 | Novel high-speed encryption and decryption system and method based on FPGA unloading |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9590979B2 (en) | Password constraint enforcement used in external site authentication | |
| CN108965215B (en) | Dynamic security method and system for multi-fusion linkage response | |
| US7051365B1 (en) | Method and apparatus for a distributed firewall | |
| US8806572B2 (en) | Authentication via monitoring | |
| US9680869B2 (en) | System and method for innovative management of transport layer security session tickets in a network environment | |
| US7472414B2 (en) | Method of processing data traffic at a firewall | |
| US9843593B2 (en) | Detecting encrypted tunneling traffic | |
| US8379638B2 (en) | Security encapsulation of ethernet frames | |
| US20040098620A1 (en) | System, apparatuses, methods, and computer-readable media using identification data in packet communications | |
| EP4236206A2 (en) | Actively monitoring encrypted traffic by inspecting logs | |
| CN110971407B (en) | Internet of things security gateway communication method based on quantum key | |
| US20080162922A1 (en) | Fragmenting security encapsulated ethernet frames | |
| US8671451B1 (en) | Method and apparatus for preventing misuse of a group key in a wireless network | |
| CA2506418C (en) | Systems and apparatuses using identification data in network communication | |
| Cho et al. | Securing ethernet-based optical fronthaul for 5g network | |
| CN113904826B (en) | Data transmission method, device, equipment and storage medium | |
| US20120163383A1 (en) | Method and device for transmitting data between two secured ethernet-type networks through a routed network | |
| CN114629746A (en) | Data security gateway based on hardware | |
| Cho et al. | Secure open fronthaul interface for 5G networks | |
| CN113783868A (en) | Method and system for protecting security of gate Internet of things based on commercial password | |
| KR20060044049A (en) | Security router system and method for authentication of the user who connects the system | |
| CN108282337B (en) | Routing protocol reinforcing method based on trusted password card | |
| Yang et al. | Security on ipv6 | |
| RU183015U1 (en) | Intrusion detection tool | |
| US20210092103A1 (en) | In-line encryption of network data |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |