CN1503143A - Network safety system and method - Google Patents
Network safety system and method Download PDFInfo
- Publication number
- CN1503143A CN1503143A CNA021386595A CN02138659A CN1503143A CN 1503143 A CN1503143 A CN 1503143A CN A021386595 A CNA021386595 A CN A021386595A CN 02138659 A CN02138659 A CN 02138659A CN 1503143 A CN1503143 A CN 1503143A
- Authority
- CN
- China
- Prior art keywords
- information
- computer
- network
- fail
- safe
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2105—Dual mode as a secondary aspect
Abstract
This invention puts forward a system combining safety and general usage by a physical separation method and a safety operation system applying two computers and information exchange means to deal with information in which, a host connected to the network processor information not relating to secrecies or private secrets, or sends and receives ciphered ways relating to them, and the safety computer not connected with the network deals with information relating to secrecies.
Description
What the present invention relates to is a kind of network safety system, specifically, relates to a kind of means such as partition method and secure operating system of how utilizing, and realizes the system that security and general ease for use unite two into one simultaneously.
In computer information safe, carry out in-house network (office net or secret net) for security consideration and carry out physical isolation at present with extranets (for example, the Internet); Perhaps in household PC, need in-house network (private data, not necessarily networking) to carry out physical isolation with extranets (for example, the Internet).The method that solves has so-called single hard disk scheme and two hard disk scheme: the single hard disk scheme is that single PC physical isolation is become two virtual workstations, and oneself independently fdisk and operating system are arranged respectively, and can be connected with network by special purpose interface separately.It passes through effectively and all sidedly hard disc data line of control computer, makes computing machine once can only visit and use one of them fdisk, thereby has guaranteed the physical isolation between safety (Intranet) and the non-safety (outer net) to greatest extent.As required, can also create a data exchange area; Two hard disk schemes are meant installs two hard disks in a computing machine, when needs use in-house network, use the hard disk startup corresponding to in-house network, and connect the net connection (or not being connected with network) corresponding to in-house network; When needs use extranets, use hard disk startup, and connect net connection corresponding to extranets corresponding to extranets.Obviously, for safety after extranets (or in-house network) start, make employed hard disk of in-house network (or extranets) and net connection, from physically being isolated (promptly can use anything but, or can not read and write effectively).Realized that like this a computing machine can use in-house network and extranets time sharing sharedly, guaranteed inside and outside network physical isolation and internal data safety simultaneously.Among the present invention the computing machine that adopts above-mentioned single, double hard disk isolation scheme is referred to as time sharing shared isolation computer.
Physical isolation between the network has solved the problem of assault internal network in the network world.But internal network is bigger, the node computing machine many after, internal network can not prevent internal staff's attack.For example, possible attack method is: important computing machine in the attacking network inside, steal vital computer CA certificate, browse information in the vital computer hard disk, browse the information on the vital computer display.Because vital computer user's computer information safe level is not high relatively, so internal staff's attack ratio is easier to success.The method that solves can adopt technological means such as information encryption.But the important information after the deciphering is expressly, also can appear at hard disc of computer that network is connected in or on the display.Otherwise the user of vital computer can not use these information.
In computer information safe, we always will suppose that what is safe, and what is unsafe, only in this way just can speak of safety.Now general safety common recognition is: computer hardware can satisfy its function, and does not seriously jeopardize safe mistake; Computer software, particularly operating system have and seriously jeopardize safe mistake.That is to say that we believe computer hardware, and do not believe softwares such as computer operating system.After operating system was insincere, any information that appears in the subscriber computer all can not be absolutely convinced.
For example, when operating system by after the hacker control, the user is used for the CA certificate of indicate identification just might be stolen.Any security means of network system has just lost a most important basis like this.A possible solution is, can make a fixing hardware (black box) to CA certificate, guarantees the safety of itself.Like this, CA certificate really can not be stolen.But because operating system is dangerous, CA certificate obviously still can be stolen, i.e. hacker's control operation system carries out unauthorized use.So the someone proposes to take to have only when needing to use, the scheme that CA certificate is connected with computing machine is promptly put into the SMART card to CA certificate, just inserts computing machine during use.Because operating system is dangerous, obviously this method neither be perfectly safe, and promptly when the user used, the hacker still may usurp---man-in-the-middle attack.
In addition, in E-Government and commercial affairs, we need verify the digital certificate of website.For the computing machine user, just need a computer screen result displayed: whether certificate is legal.But because operating system is dangerous, the hacker can forge a result fully and give the computer user, misleads the computer user.The being seen result of computer user may be false, and the inventor is referred to as the vision swindle.Make the computer user be absolutely convinced information on the screen, carry out digital signature relievedly, must use the operating system that is perfectly safe.But reality shows: the operation system function that is perfectly safe is single, not general easy-to-use; The general easy-to-use and then impossible safety of operating systems that function is many.
So, the method that thoroughly solves internal network information security and secure digital signature must be to use two computing machines: a computer and network is connected, by network and other computer exchange of information, and use common operating system, this operating system has security breaches; An other computing machine is not connected with any network, and the resulting information of computing machine that its handle is connected with network is decrypted and uses, and this computing machine can use special secure operating system.Obviously, in order to save safety cost, can use time sharing shared isolation computer to realize the function of two or many computing machines.
The objective of the invention is to use two computing machines, after solving the message exchange problem that is connected with network, solve the safety problem that guarantees that secret and privacy information are encrypted, deciphered and use.The computing machine that is connected with network solves general easy-to-use problem, and solves safety problem specially with another computing machine, to reach general easy-to-use with safe unification.
According to an aspect of the present invention, a kind of network safety system it comprise:
Be used to connect the main frame of network;
Not with the direct-connected fail-safe computer of network;
Message exchange between fail-safe computer and the main frame;
Wherein, main frame is handled the information that does not relate to secret and privacy, or relates to the encrypted form of secret and privacy information by the network transmitting-receiving; Fail-safe computer is handled the information that relates to secret and privacy.
Usually, also have cryptographic system and key in the fail-safe computer.The information that Computer Processing safe in utilization relates to secret and privacy is: information, the formation of carry out authentication, checking digital certificate (CA), form digital signature information, deciphering being transmitted from network is encrypted request, shows decryption information, is preserved decryption information and printing decryption information.
Preferably, can use time sharing shared single hard disk isolation computer to replace described two computing machines.
Alternatively, can use time sharing shared pair of hard disk isolation computer to replace described two computing machines.
Better, can use physical isolation, real-time online switching computer to replace described two computing machines.
According to an aspect of the present invention, a kind of method of using information safely, it comprises:
Main frame by connecting network is from the network acquired information;
By the main frame of connection network and the message exchange of fail-safe computer, letter
Breath exchanges to fail-safe computer;
Use or process information by fail-safe computer.
According to an aspect of the present invention, a kind of method of safe transmission information, it comprises:
Encrypt the information that needs transmission by fail-safe computer;
By the main frame of connection network and the message exchange of fail-safe computer, the main frame of message exchange to the connection network;
The main frame that connects network sends enciphered message by network.
With reference to the accompanying drawings, describe the present invention.
[embodiment 1] (two-shipper security system)
First kind of embodiment according to the present invention, the system that realizes network security with duplex computer as shown in Figure 1.Wherein: 1 is information site (or in the network other computing machines); 2 is network, comprises network infrastructures such as netting twine, route and switch, and it is the intermediary that computerized information exchanges in the network; 3 is network safety system, and wherein 31 for connecting the main frame of network, and it can use common operating system, 32 is fail-safe computer, can use special-purpose secure operating system, it directly is not connected with network, but is connected and exchange information with main frame; 321 is the cryptographic system in the fail-safe computer 32; 322 is the key in the fail-safe computer 32, and it and cryptographic system 321 1 are used from encrypts and decryption information.
Information can be encrypted (or information encrypted) in information site 1, be sent to main frame 31 by network 2, is sent to fail-safe computer 32 from main frame 31 then.The information that cryptographic system 321 that fail-safe computer 32 usefulness are stored thereon and key 322 deciphering send.At last, the information after fail-safe computer can normal process be encrypted (show, preserve and print).
Need be sent to the confidential information of information site 1, can in fail-safe computer, generate or utilize the information that has generated, encrypt this information of transmission by cryptographic system 321 and key 322 that fail-safe computer 32 usefulness are stored thereon.And this information is sent to main frame 31, be sent to information site 1 by network 2.
Because the operating system in the fail-safe computer is to be design object to be perfectly safe, and is not connected with network again, the work of being done is quite simple, so as safe as a house.Obviously, encrypting and decrypting system can adopt various systems, algorithm and the agreement in the cryptography.In a word, all allow fail-safe computer under the management of secure operating system, carry out exactly the computing of encrypting and decrypting.From present, the work of safety encipher deciphering can be that CA signature authentication, CA signature generate, information encryption deciphering (single key cryptosystem or two-key system).Obviously, show that in fail-safe computer the information after the deciphering is more rational safety method.By this system and method, can be giving main frame with the incoherent work of safety (as network information exchange), and give fail-safe computer security-related work and information.For example: the information after the key of the algorithm routine of encrypting and decrypting, the hardware module of encrypting and decrypting, encrypting and decrypting and the deciphering all can only appear in the fail-safe computer, and the plaintext of confidential information does not appear in the main frame of networking, so this system is very safe security system.
Such system constitutes needs two computing machines.Though guaranteed safety, cost is higher.And concerning the certain user, the use of secret and privacy information is not frequent.Therefore, time sharing shared computing machine be can adopt, not only safety but also economic purpose reached.In view of the above, can obtain the following examples.
[embodiment 2] (single hard disk security system)
Second kind of embodiment according to the present invention, with the system of time sharing shared computer realization network security as shown in Figure 2.Wherein: 1 is information site (or in the network other computing machines); 2 are network: comprising network infrastructures such as netting twine, route and switch, is the intermediary that computerized information exchanges in the network; 3 is network safety system: wherein 31 are computer motherboard, and 32 is the selection switching device shifter of time sharing shared computing machine; 33 are safe hard disk areas: can use special-purpose secure operating system; 331 is the cryptographic system in the safe hard disk areas 32; 332 is the key in the safe hard disk areas 32, and it and cryptographic system 331 1 are used from encrypts and enciphered message; 34 is the exchange area of safe hard disk areas and the public hard disk areas message exchange of networking; 35 are the public hard disk areas of networking: can use the normal operations system, this zone can be connected with network 2.
The user starts computing machine, by the operating system in the public hard disk areas 35 of selection switching device shifter 32 selections startup networking of time sharing shared computing machine.At this moment safe hard disk areas is not read-write from hardware, and this has guaranteed the information security (referring to patent of invention ZL 94111461) in the safe hard disk areas.Information can be encrypted (or information encrypted) in information site 1, be sent in the network safety system 3 by network 2, and the operating system in the public hard disk areas 35 that networks is put into exchange area 34 to information.Restart computing machine, by the operating system in the safe hard disk areas 33 of selection switching device shifter 32 selection startups of time sharing shared computing machine.Operating system in the safe hard disk areas is used the information in the exchange area, deciphers the information that sends with cryptographic system 331 that is stored thereon and key 332.Information after operating system computing machine in the last safe hard disk areas 33 can normal process be encrypted (show, preserve and print).
The user starts computing machine, by the operating system in the safe hard disk areas 33 of selection switching device shifter 32 selection startups of time sharing shared computing machine, needs are sent to the confidential information of information site 1, can in the operating system in the safety hard disk areas 33, generate or utilize the information that has generated, encrypt this information of biography with cryptographic system 331 that is stored thereon and key 332 by the operating system in the safety hard disk areas 33.And this information is sent to exchange area 34.Restart computing machine, by the operating system in the public hard disk areas 35 of selection switching device shifter 32 selections startup networking of time sharing shared computing machine.Be sent to information site 1 by network 2.
Because the operating system in the computer security hard disk areas is to be design object to be perfectly safe, and is not connected with network again, the work of being done is quite simple, so as safe as a house.Obviously, encrypting and decrypting system can adopt various systems, algorithm and the agreement in the cryptography.In a word, all allow the computer security hard disk areas under the management of secure operating system, carry out exactly the computing of encrypting and decrypting.From present, the work of safety encipher deciphering can be: CA signature authentication, CA signature generate, information encryption deciphering (single key cryptosystem or two-key system).Obviously, show that in the computer security hard disk areas information after the deciphering is more rational safety method.By this system and method, can be giving computing machine public hard disk areas with the incoherent work of safety (as network information exchange), and give the computer security hard disk areas security-related work and information.For example: the information after the key of the algorithm routine of encrypting and decrypting, the hardware module of encrypting and decrypting, encrypting and decrypting and the deciphering all can only appear in the computer security hard disk areas, and the plaintext of confidential information does not appear in the public hard disk areas of computing machine of networking, so this system is very safe security system.
Obviously, can use two time sharing shared computing machines of hard disk.But the time sharing shared computer realization of two hard disks exchange area needs to increase in addition memory device, and to compare cost higher with the time sharing shared computing machine of single hard disk.
Generally speaking, use time sharing shared computing machine to constitute network safety system, cost is lower.But each conversion all needs to restart computing machine, and this is very inconvenient.Because a lot of cipher protocols need carry out repeatedly the encrypted message exchange, so this is a problem that should and must solve.The method that solves should be to adopt physical isolation, real-time online switching computer---trusted computer or information safety computer (referring to patent of invention ZL 01115545 and the ZL01117401 of awaiting the reply).The essence of time sharing shared computing machine and physical isolation, real-time online switching computer still is two computing machines, constitutes network safety system with two computing machines, carries out security information exchange, information encryption and decrypts information, and several different methods and multiple application can be arranged.In view of the above, can obtain a following embodiment.In following embodiment, all illustrate with main frame and two computing machines of fail-safe computer.But the implementation method of two computing machines can adopt two true computing machines, time sharing shared computing machine, or physical isolation, real-time online switching computer.
[embodiment 3] (security request, safety is replied)
Illustrated among Fig. 3 according to a kind of process flow diagram of the present invention.As shown in Figure 3, this method includes step: (1) generates solicited message in the computer security hard disk areas; (2) with the cryptographic system in the computer security hard disk areas and this solicited message of secret key encryption (or this solicited message of signing); (3) exchange to main frame passing through encrypted request information (or the solicited message of having signed); (4) main frame is being sent to information site (or other computing machines of networking) through encrypted request information (or the solicited message of having signed) by network; (5) information site (or other computing machines of networking) perhaps carries out authentication according to the digital signature of encrypting solicited message according to encrypting solicited message; (6) according to authentication, whether decision answers solicited message; (7) acquired information if information requester is had the right sends back to main frame then this information encryption, and by network; (8) after main frame receives enciphered message, the computer security hard disk areas is arrived in this message exchange; (9) cryptographic system and the key of computer security hard disk areas by wherein deciphered corresponding information, and the computer user normally uses the information after the deciphering then.
In a big computer network, reasonable identity identifying method may be CA.Its essence is to utilize the RSA arithmetic cryptographic system to carry out authentication, digital signature and information encryption.In a word, it has cryptographic algorithm and key, and these information are to appear in the main frame, otherwise can't guarantee the safety of these information, and the safety of these information is cores of network security.But, guarantee the safety of these information, might not guarantee information do not misapplied.For example, we can make black box to cryptographic algorithm and key with the method for hardware, and it is responsible for encrypting and decrypting and signature.But it can not automatically or be difficult to what information of decision is should encrypting and decrypting and signature.
Use two computing machines, connect the main frame and the fail-safe computer that is not connected of network, general easy-to-use and security and unity is got up with network.Guarantee general easy-to-usely with main frame, guarantee safety with fail-safe computer.
More than narrated the system and method that uses two computing machines to solve safety problem.Further, in order to strengthen security, can put into the SMART card to the work of encrypting, decipher.Behind this card insertion fail-safe computer, fail-safe computer could utilize the cryptographic system that is stored in this card to carry out the processing of secret and privacy information.Obviously also can utilize this card to realize the authentication of secure operating system to the user.And then the realization network manager is to user's authentication.
In network, the method for carrying out authentication can be to utilize the method for CA, can give corresponding C A certificate to different computing machines, realizes the authentication of network to computing machine.In addition, can also also send out the CA certificate of an authentication to each user.Like this, network manager can and computedly have a reliable authentication per capita to computing machine, also can note down accordingly.This obviously is the important information of computer auditing.Utilize the right of CA certificate simultaneously, just can realize the confidential information management and the distribution of classification.Can also realize confidential information is sent to the computing machine of appointment, even the people of appointment.
Though the present invention is described by embodiment, those skilled in the art can make various distortion and improvement in the scope of spirit of the present invention, and appended claim should comprise these distortion and improvement.2
Claims (13)
1, a kind of network safety system, it comprises
Be used to connect the main frame of network;
Not with the direct-connected fail-safe computer of network;
Message exchange between the main frame fail-safe computer;
Wherein, main frame is handled the information that does not relate to secret and privacy, or relates to the encrypted form of confidential information and privacy information by the network transmitting-receiving; Fail-safe computer is handled the information that relates to secret and privacy.
2, according to the system of claim 1, it is characterized in that the information that Computer Processing safe in utilization relates to secret and privacy is: the information that carry out authentication, checking digital certificate (CA), form digital signature information, deciphering is transmitted from network, form the request of encryption, show decryption information, preserve decryption information and print decryption information or combination in any wherein.
3, according to claim 1,2 system is characterized in that fail-safe computer is the isolation computer time sharing shared with main frame.
4,, it is characterized in that time sharing shared isolation computer is the single hard disk isolation computer according to the system of claim 3.
5,, it is characterized in that time sharing shared isolation computer is two hard disk isolation computers according to the system of claim 3.
6, according to claim 1,4 system is characterized in that message exchange between fail-safe computer and the main frame is the read-write exchange area in the single hard disk isolation computer.
7, according to claim 1,5 system is characterized in that fail-safe computer and message exchange between the main frame are to adopt auxiliary storage device (as UBS hard disk, USB dish, FLASH internal memory, internal memory etc.) to be connected time sharing shared isolation computer.
8,, it is characterized in that fail-safe computer and message exchange between the main frame are to adopt interface to be connected two computing machines of (as UBS mouth, serial ports, parallel port, network interface card etc.) connection according to the system of claim 1.
9, a kind of method of using information safely, it comprises:
(1) passes through the networked computer main frame from the network acquired information;
(2) by networked computer main frame and being connected of fail-safe computer fail-safe computer is arrived in message exchange;
(3) use information by fail-safe computer.
10, according to the method for claim 9, described information is the information through encryption, and before use (3), need carry out corresponding decryption step.
11, according to claim 9,10 method describedly by fail-safe computer use information is: carry out information that authentication, checking digital certificate (CA), deciphering transmit from network, show decryption information, preserve decryption information and print decryption information or combination in any wherein.
12, a kind of method of safe transmission information, it comprises:
(1) encrypts the information that needs transmission by fail-safe computer;
(2) by networked computer main frame and being connected of fail-safe computer networked computer is arrived in message exchange;
(3) the networked computer main frame sends enciphered message by network.
13, according to the method for claim 12, the described information that encrypt to need sends by fail-safe computer: form digital signature information, form the request of encryption or combination in any wherein.
Priority Applications (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB021386595A CN1308843C (en) | 2002-11-26 | 2002-11-26 | Network safety system and method |
| PCT/CN2003/000992 WO2004049172A1 (en) | 2002-11-26 | 2003-11-24 | A network security system and security method |
| AU2003302158A AU2003302158A1 (en) | 2002-11-26 | 2003-11-24 | A network security system and security method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB021386595A CN1308843C (en) | 2002-11-26 | 2002-11-26 | Network safety system and method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1503143A true CN1503143A (en) | 2004-06-09 |
| CN1308843C CN1308843C (en) | 2007-04-04 |
Family
ID=32331909
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB021386595A Expired - Fee Related CN1308843C (en) | 2002-11-26 | 2002-11-26 | Network safety system and method |
Country Status (3)
| Country | Link |
|---|---|
| CN (1) | CN1308843C (en) |
| AU (1) | AU2003302158A1 (en) |
| WO (1) | WO2004049172A1 (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105051750A (en) * | 2013-02-13 | 2015-11-11 | 安全第一公司 | Systems and methods for a cryptographic file system layer |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| DE102005062733A1 (en) * | 2005-12-22 | 2007-06-28 | Paul Rieckmann | Data processing device e.g. mobile telephone, safeguarding method, involves communicating private system with device under interconnection of public systems, and providing communication between public system and device using application |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2001282644A (en) * | 2000-03-29 | 2001-10-12 | Seiko Epson Corp | Network security system |
| CN1159650C (en) * | 2000-11-10 | 2004-07-28 | 邵通 | Hard disc access indexing device and method for hard disc indexing access |
| CN1142506C (en) * | 2001-12-03 | 2004-03-17 | 复旦大学 | Information bridge network safety isolator |
| CN2590292Y (en) * | 2002-06-08 | 2003-12-03 | 江苏意源微电子技术有限公司 | Physical isolator special for guarantee network safety |
-
2002
- 2002-11-26 CN CNB021386595A patent/CN1308843C/en not_active Expired - Fee Related
-
2003
- 2003-11-24 AU AU2003302158A patent/AU2003302158A1/en not_active Abandoned
- 2003-11-24 WO PCT/CN2003/000992 patent/WO2004049172A1/en not_active Application Discontinuation
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105051750A (en) * | 2013-02-13 | 2015-11-11 | 安全第一公司 | Systems and methods for a cryptographic file system layer |
| CN105051750B (en) * | 2013-02-13 | 2018-02-23 | 安全第一公司 | System and method for encrypted file system layer |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2004049172A1 (en) | 2004-06-10 |
| AU2003302158A1 (en) | 2004-06-18 |
| CN1308843C (en) | 2007-04-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108683509B (en) | Block chain-based secure transaction method, device and system | |
| US9609024B2 (en) | Method and system for policy based authentication | |
| US10554393B2 (en) | Universal secure messaging for cryptographic modules | |
| US6138239A (en) | Method and system for authenticating and utilizing secure resources in a computer system | |
| US6981156B1 (en) | Method, server system and device for making safe a communication network | |
| US7095859B2 (en) | Managing private keys in a free seating environment | |
| US8281132B2 (en) | Method and apparatus for security over multiple interfaces | |
| JP2000206876A (en) | Method and system for processing information in protected form between two information processors | |
| CN102984273B (en) | Encryption method, decryption method, encryption device and decryption device of virtual disk and cloud server | |
| Hoover et al. | Software smart cards via cryptographic camouflage | |
| JPH07325785A (en) | Network user identifying method, ciphering communication method, application client and server | |
| US20020021804A1 (en) | System and method for data encryption | |
| TWI476629B (en) | Data security and security systems and methods | |
| CN106992978A (en) | Network safety managing method and server | |
| CN117240625A (en) | Tamper-resistant data processing method and device and electronic equipment | |
| CN110266483B (en) | Quantum communication service station key negotiation method, system and device based on asymmetric key pool pair and QKD | |
| CN106972928B (en) | Bastion machine private key management method, device and system | |
| CN1308843C (en) | Network safety system and method | |
| EP1496418A2 (en) | Communication of information via a side-band channel, and use of same to verify positional relationship | |
| CN114697113A (en) | Hardware accelerator card-based multi-party privacy calculation method, device and system | |
| CA2597209A1 (en) | Apparatus and system for application-oriented encryption key management | |
| CN1889431A (en) | Multifunction intelligent key equipment and safety controlling method thereof | |
| CN1553348A (en) | Computer system landing method | |
| US20040158635A1 (en) | Secure terminal transmission system and method | |
| CN115544583B (en) | Data processing method and device of server cipher machine |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C17 | Cessation of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20070404 Termination date: 20131126 |