CN205510107U - Network security communication device - Google Patents
Network security communication device Download PDFInfo
- Publication number
- CN205510107U CN205510107U CN201620183331.8U CN201620183331U CN205510107U CN 205510107 U CN205510107 U CN 205510107U CN 201620183331 U CN201620183331 U CN 201620183331U CN 205510107 U CN205510107 U CN 205510107U
- Authority
- CN
- China
- Prior art keywords
- address
- address date
- match
- network
- secure communication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000004891 communication Methods 0.000 title claims abstract description 20
- 238000000034 method Methods 0.000 claims description 13
- 230000008878 coupling Effects 0.000 claims description 2
- 238000010168 coupling process Methods 0.000 claims description 2
- 238000005859 coupling reaction Methods 0.000 claims description 2
- 238000004519 manufacturing process Methods 0.000 abstract description 4
- 230000005540 biological transmission Effects 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 4
- 230000007547 defect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
Abstract
The utility model relates to a network security communication device, add decryption processor and the close security chip of state including TCPIP agreement processing module, network interface, IP address date shunt, matching IP address tabulation memory, matching IP address date, TCPIP agreement processing module, IP address date shunt and network interface connect gradually, it connects IP address date shunt to match IP address tabulation memory, it connects IP address date shunt, the close security chip of state, TCPIP agreement processing module and network interface respectively with decryption processor to match the IP address date. Compared with the prior art, the utility model has the advantages of communication safety height, low in production cost, strong, the easily popularization and application of practicality.
Description
Technical field
This utility model relates to information secure communications technical field, especially relates to a kind of secure communication of network device.
Background technology
China starts late in information security industry, due to the idea of " firsting impressions are strongest ", the most still has many
User is using external Network Security Device.These equipment are the most all to continue to use 3DES, SHA-1, RSA
Etc. international AES system and relevant criterion, it may be said that the information security of user is to rest in Scientific And Technical
In the hands of company.And in recent years, the equipment of internationally famous manufacturer exposes all kinds of security breaches and threat event again and again,
Increasing international cryptographic algorithm spreads out of repeatedly and is cracked, there is the rumor such as back door, allows people to its safety
Throw doubt upon.As a example by the rsa cryptosystem algorithm that position the most is famous, three big operators of China and much
Bank, manufacturing business are all its clients.But be exactly so world-famous cryptographic technique enterprise, but by
Expose and reach an agreement with U.S.National Security Agency, be required in partial encryption techniques to place back door.This gives China
It is imperative that user has beaten alarm bell Home-produced Reconstruction the most controlled, safe and reliable.
Depending on external encryption technology and equipment unduly for fundamentally breaking away from, Password Management office of country issues
A series of country such as SM1, SM2, SM3, SM4 commercial cipher algorithm, promotes Information Center from AES aspect
" safely controllable " of skill.
IPSec VPN is a kind of widely used safety remote access technology, it is provided that public and dedicated network end is right
End encryption and the service for checking credentials.IPsec provides following security service:
1, bag is carried out before by network transmission package by data confidentiality (Confidentiality): IPsec sender
Encryption.
2, data integrity (Data Integrity): the bag that sender is sent by IPsec recipient is authenticated,
To guarantee that data are not tampered with in transmitting procedure.
3, data origin authentication (Data Authentication): IPsec transmission IPsec can be authenticated at receiving terminal
The transmitting terminal of message is the most legal.
4, anti-replay (Anti-Replay): IPsec recipient can detect and reject message that is out-of-date or that repeat.
Although IPsec has the above security performance, but these security performances are to be come by the safety of cryptographic algorithm
Ensure.In order to give full play to the security performance of IPsec, reach safely controllable, it is necessary to use domestic own close
Code algorithm.
IPsec is third layer security protocol, is to be realized, no by the kernel portion at protocol stack in windows system
The convenient country of increase on its basis commercial cipher algorithm.Also realize just because of in kernel, with windows
Version dependencies is too strong, is less susceptible to realize the design of cross-version.
SM1 symmetric block ciphers algorithm is a kind of private cryptographic algorithm of algorithm, can only be come real by Hardware I P
Existing, i.e. cryptographic algorithm can only be realized by hardware module, more adds and realizes difficulty.For meeting 100M network
Enciphering/deciphering speed, existing implementation cost is high, is unfavorable for large-scale promotion application, seriously hinders country
The popularization and application in terms of network security of the commercial cipher algorithm.
Utility model content
Defect that the purpose of this utility model is contemplated to overcome above-mentioned prior art to exist and a kind of network peace is provided
Full communication device, has the advantages such as communications security height, low, practical, the application easy to spread of production cost.
The purpose of this utility model can be achieved through the following technical solutions:
A kind of secure communication of network device, including ICP/IP protocol processing module, network interface, IP address date
Diverter, Match IP Address list memory, the close safety chip of Match IP Address data encrypting and deciphering processor and state,
Described ICP/IP protocol processing module, IP address date diverter and network interface are sequentially connected with, described Match IP
Address list memorizer connects IP address date diverter, and described Match IP Address data encrypting and deciphering processor is respectively
Connect IP address date diverter, the close safety chip of state, ICP/IP protocol processing module and network interface.
Described Match IP Address data encrypting and deciphering processor connects IP address date diverter by USB interface.
Described ICP/IP protocol processing module connects computer motherboard.
Described computer motherboard matching connection IP address list memorizer.
Described Match IP Address list memory uses Flash flash card.
Described ICP/IP protocol processing module uses devices at full hardware TCP/IP network chip.
Described Match IP Address data encrypting and deciphering processor is respectively by address bus, data/address bus and control bus
Connect the close safety chip of state.
Described network interface is 100M/10M Ethernet interface.
Described Match IP Address data encrypting and deciphering processor uses 64-bit microprocessor.
Compared with prior art, this utility model has the advantage that
1) this utility model utilizes IP address date diverter by the data distribution of Match IP Address out, coupling
After IP address date encryption and decryption processor utilizes state's close safety chip data to being diverted to carry out encryption and decryption process
Return former ICP/IP protocol processing module or network interface, thus realize data between the machine and specific IP address
Safe transmission, utilize domestic own cryptographic algorithm to be greatly improved Network Communicate Security.
2) this utility model device may be used on the computer motherboard of PC, sets up between different PC
Secured communication channel, computer motherboard can also perform interpolation, edit and delete Match IP Address list memory
Except waiting operation, simple operation.
3) this utility model uses state close safety chip, 100M/10M Ethernet interface, Flash flash card, fully hard
Part TCP/IP network chip etc. is all readily obtained, and usb compatible is good and is readily disassembled assembling, is suitable to existing
Having all types of PC to carry out batch and transform use, cost of manufacture is low, practical.
4) this utility model Match IP Address data encrypting and deciphering processor uses 64-bit microprocessor, enciphering/deciphering speed
Degree reaches 100Mbps, meets the enciphering/deciphering speed of 100M network, compares existing implementation, low cost,
Be conducive to large-scale promotion application, it is simple to realize country's commercial cipher algorithm popularization and application in terms of network security.
Accompanying drawing explanation
Fig. 1 is this utility model overall structure schematic diagram.
In figure: 1, ICP/IP protocol processing module, 2, network interface, 3, IP address date diverter, 4,
Match IP Address list memory, 5, Match IP Address data encrypting and deciphering processor, 6, the close safety chip of state,
7, computer motherboard.
Detailed description of the invention
With specific embodiment, this utility model is described in detail below in conjunction with the accompanying drawings.The present embodiment is with this practicality
Implement premised on new technique scheme, give detailed embodiment and concrete operating process, but this reality
It is not limited to following embodiment with novel protection domain.
As it is shown in figure 1, a kind of secure communication of network device, connect including ICP/IP protocol processing module 1, network
Mouth 2, IP address date diverter 3, Match IP Address list memory 4, Match IP Address data encrypting and deciphering
The close safety chip of processor 5 and state 6, ICP/IP protocol processing module 1, IP address date diverter 3 and network
Interface 2 is sequentially connected with, and Match IP Address list memory 4 connects IP address date diverter 3, Match IP ground
Location data encrypting and deciphering processor 5 connects IP address date diverter 3, the close safety chip of state 6, TCP/IP respectively
Protocol process module 1 and network interface 2.
Match IP Address data encrypting and deciphering processor 5 connects IP address date diverter 3, IP by USB interface
Address date diverter 3 can use the processors such as single-chip microcomputer, and usb compatible is good and is readily disassembled assembling.
ICP/IP protocol processing module 1 connects computer motherboard 7.Computer motherboard 7 matching connection IP address
List memory 4.Computer motherboard 7 can perform interpolation to Match IP Address list memory 4, edit and delete
Except waiting operation, simple operation.Match IP Address list memory 4 uses Flash flash card, have erasable,
Power-off does not disappear the functions such as data.
ICP/IP protocol processing module 1 uses devices at full hardware TCP/IP network chip, have employed " TCP/IP Offload
" technology enumerates the whole four-layer structure of ICP/IP protocol stack and ipsec protocol, independent of meter to Platform
Calculating mainboard 7 to operate, the pushing on/pop of information, the network data processing such as package/unpack is all in devices at full hardware TCP/IP
Carrying out in network chip, high-speed hardware ICP/IP protocol processes and has uninstalled computer motherboard 7 for Ethernet
The load that huge data process, thus, make computer motherboard 7 keep high-efficiency operation and realize high speed real network biography
Defeated.The present embodiment uses W5200 type fully hard TCP/IP network chip.
Match IP Address data encrypting and deciphering processor 5 uses 64-bit microprocessor, respectively by address bus,
Data/address bus and control bus connect the close safety chip of state 6, and the close algorithm of state utilizing state's close safety chip 6 built-in is real
The encryption and decryption of existing Match IP Address data processes, it is ensured that Security Data Transmission between two mailing addresses.
The enciphering/deciphering speed of Match IP Address data encrypting and deciphering processor 5 reaches 100Mbps, meets 100M network
Enciphering/deciphering speed, network interface 2 can use 100M/10M Ethernet interface.
When computer motherboard 7 sends data on network, data arrive IP through ICP/IP protocol processing module 1
During address date diverter 3, IP address date diverter 3 counts according to Match IP Address list memory 4
According to shunting, on the one hand, Match IP Address data enter Match IP Address data processor and are encrypted, the opposing party
Face, remaining enters network by network interface 2, and the Match IP Address data after encryption are again by network interface 2
Enter network.
When computer motherboard 7 receives the data on network, data arrive the shunting of IP address date through network interface 2
During device 3, IP address date diverter 3 carries out data distribution, a side according to Match IP Address list memory 4
Face, Match IP Address data enter Match IP Address data processor and are decrypted, and on the other hand, remaining passes through
ICP/IP protocol processing module 1 enters computer motherboard 7, and the Match IP Address data after deciphering pass through TCP/IP again
Protocol process module 1 enters computer motherboard 7.
Claims (9)
1. a secure communication of network device, including ICP/IP protocol processing module (1) and network interface (2),
It is characterized in that, also include IP address date diverter (3), Match IP Address list memory (4), coupling
IP address date encryption and decryption processor (5) and state close safety chip (6), described ICP/IP protocol processing module
(1), IP address date diverter (3) and network interface (2) be sequentially connected with, described Match IP Address list
Memorizer (4) connects IP address date diverter (3), described Match IP Address data encrypting and deciphering processor (5)
Connect IP address date diverter (3), the close safety chip of state (6), ICP/IP protocol processing module (1) respectively
With network interface (2).
A kind of secure communication of network device the most according to claim 1, it is characterised in that described Match IP
Address date encryption and decryption processor (5) connects IP address date diverter (3) by USB interface.
A kind of secure communication of network device the most according to claim 1, it is characterised in that described TCP/IP
Protocol process module (1) connects computer motherboard (7).
A kind of secure communication of network device the most according to claim 3, it is characterised in that described computer
Mainboard (7) matching connection IP address list memorizer (4).
A kind of secure communication of network device the most according to claim 1, it is characterised in that described Match IP
Address list memorizer (4) uses Flash flash card.
A kind of secure communication of network device the most according to claim 1, it is characterised in that described TCP/IP
Protocol process module (1) uses devices at full hardware TCP/IP network chip.
A kind of secure communication of network device the most according to claim 1, it is characterised in that described Match IP
Address date encryption and decryption processor (5) connects the close peace of state by address bus, data/address bus and control bus respectively
Full chip (6).
A kind of secure communication of network device the most according to claim 1, it is characterised in that described network connects
Mouth (2) is 100M/10M Ethernet interface.
A kind of secure communication of network device the most according to claim 1, it is characterised in that described Match IP
Address date encryption and decryption processor (5) uses 64-bit microprocessor.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201620183331.8U CN205510107U (en) | 2016-03-10 | 2016-03-10 | Network security communication device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201620183331.8U CN205510107U (en) | 2016-03-10 | 2016-03-10 | Network security communication device |
Publications (1)
Publication Number | Publication Date |
---|---|
CN205510107U true CN205510107U (en) | 2016-08-24 |
Family
ID=56727884
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201620183331.8U Expired - Fee Related CN205510107U (en) | 2016-03-10 | 2016-03-10 | Network security communication device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN205510107U (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112738866A (en) * | 2020-12-31 | 2021-04-30 | 百果园技术(新加坡)有限公司 | Terminal access method, device, equipment and medium |
-
2016
- 2016-03-10 CN CN201620183331.8U patent/CN205510107U/en not_active Expired - Fee Related
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112738866A (en) * | 2020-12-31 | 2021-04-30 | 百果园技术(新加坡)有限公司 | Terminal access method, device, equipment and medium |
CN112738866B (en) * | 2020-12-31 | 2024-04-30 | 百果园技术(新加坡)有限公司 | Terminal access method, device, equipment and medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110753344B (en) | NB-IoT-based smart meter secure access system | |
CN107181716A (en) | A kind of secure communication of network system and method based on national commercial cipher algorithm | |
CN102111349A (en) | Security certificate gateway | |
CN104821874A (en) | Method employing quantum secret key for IOT (Internet of Things) data encryption transmission | |
CN113595744B (en) | Network access method, device, electronic equipment and storage medium | |
CN103916363A (en) | Communication security management method and system for encryption machine | |
CN205584238U (en) | Network data encryption equipment | |
CN110061991A (en) | A kind of gateway setting method for realizing expressway tol lcollection private network security access internet | |
CN100559820C (en) | A kind of dialing security gateway device | |
JP6391823B2 (en) | RDP data collection apparatus and method | |
CN202652534U (en) | Mobile terminal safety access platform | |
CN106789845A (en) | A kind of method of network data security transmission | |
CN102710638A (en) | Device and method for isolating data by adopting non-network manner | |
CN104519055A (en) | VPN (virtual private network) service implementation method, VPN service implementation device and VPN server | |
CN112202773B (en) | Computer network information security monitoring and protection system based on internet | |
CN102111377A (en) | Network cipher machine | |
CN205510107U (en) | Network security communication device | |
CN201051744Y (en) | A secure encryption network card device | |
CN103269301A (en) | Desktop type IPSecVPN cryptographic machine and networking method | |
CN103441851A (en) | Method for allowing terminal equipment to have access to VPN equipment | |
CN105721458A (en) | Industrial Ethernet switching method based on ISG security password technique | |
CN113783868B (en) | Method and system for protecting Internet of things safety of gate based on commercial password | |
CN111132136B (en) | Mobile application information security system application system | |
Jianguang et al. | The security research of network access control system | |
CN201315596Y (en) | Dial safety gateway device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
TR01 | Transfer of patent right | ||
TR01 | Transfer of patent right |
Effective date of registration: 20180402 Address after: 201112 No. 3286, Ting Lou Road, Shanghai, Minhang District Patentee after: Shanghai Aerospace Intelligent Equipment Co.,Ltd. Address before: 200233 Tianlin Road, Shanghai, 128-2 No. Patentee before: SHANGHAI FAX COMMUNICATION EQUIPMENT TECHNOLOGY RESEARCH INSTITUTE CO.,LTD. |
|
CF01 | Termination of patent right due to non-payment of annual fee | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20160824 |