CN205584238U - Network data encryption equipment - Google Patents
Network data encryption equipment Download PDFInfo
- Publication number
- CN205584238U CN205584238U CN201521128066.5U CN201521128066U CN205584238U CN 205584238 U CN205584238 U CN 205584238U CN 201521128066 U CN201521128066 U CN 201521128066U CN 205584238 U CN205584238 U CN 205584238U
- Authority
- CN
- China
- Prior art keywords
- network data
- data encryption
- encryption device
- data
- road
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The utility model provides a network data encryption equipment, include: a microprocessor MCU, security module, 2 way industrial ethernet interfaces, SD storage, USB communication interface and power module, wherein, a microprocessor MCU respectively with security module 2 way industrial ethernet interface the SD storage USB communication interface with power module connects. The utility model discloses in introducing industrial control equipment with the close algorithm of state, encapsulate the processing from data transmission and communication network, data disclosure and data were distorted among the solution industrial control system problem, protection industrial control system's that can be fine operation safety is applicable to the transformation that has had industrial control system information security grading protection in addition, lift system's whole security.
Description
Technical field
This utility model relates to industrial information security technology area, particularly relates to a kind of network data and adds
Close device.
Background technology
Along with the development of IT application in enterprises and going deep into of industry synthetic automation process, computer network
Network technology is increasingly being applied to industrial information control system.The industrial information system of China is big
Mostly being to digest and assimilate while introducing complete set of equipments, critical infrastructures use almost
It is all the foreign vendors such as Germany Siemens, the U.S. Honeywell, Rockwell and Japan's Yokogawa
Control system and software.The high-end market of China's industrial control field, embedded OS, embedding
Enter the core technologies such as formula software, bus protocol and industrial control software to be all limited by abroad.
While bringing very big benefit for commercial production, also make to control system for industrial information
Increasing by a wide margin occurs in the aggressive behavior of system, and therefore, becomes the demand of industrial information safety
More urgent.
In industrial infrastructure, the security incident that crucial industrial control system causes not only can
Cause systematic function to decline, availability reduces, critical control data is tampered or loses, system
Out of control and then affect production safety and cause serious economic loss, but also may be further
Cause casualties, environmental disaster, jeopardize public life even national security etc..Therefore, work
The safe operation of industry control system is to ensure that the important foundation that infrastructure is properly functioning, is system
All the time the important indicator paid close attention to is needed in Life cycle.
The safety prevention measure of existing industrial control system is placed on the protection of server and network more
On, fundamentally do not solve the safety problem of industrial control system, lack the identity to equipment and reflect
Not and the safeguard procedures of data transmission, problems with it is primarily present: the illegal access of equipment,
The transmission of protocol open, data clear text, illegal operation, network vulnerability and data tampering etc..One
The important control instruction of denier industry spot is intercepted, and industrial control system will cause the biggest threat.
Summary of the invention
Therefore, in order to solve above-mentioned technical problem, this utility model provides a kind of network data to add
Close device, is incorporated into close for state algorithm in industrial control equipment, from data transmission and communication network
It is packaged processing, solves leaking data and the problem of data tampering in industrial control system, can be very
The operation safety of good protection industrial control system, and it is applicable to existing industrial control system information security etc.
The transformation of level protection, promotes the overall security of system.
This utility model provides a kind of network data encryption device, including: first microprocessor MCU,
Security module, 2 road EPA interfaces, SD storage, USB communication interface and power module;
Wherein, described first microprocessor MCU respectively with described security module, described 2 tunnels industry with
Too network interface, described SD storage, described USB communication interface and described power module connects.
In such scheme preferably, described network data encryption device also includes display lamp, described
Display lamp is connected with described first microprocessor MCU, and described display lamp is used for indicating described network
The running status of data encryptor.
In such scheme preferably, described SD storage is used for preserving described network data encryption device
Configuration file and log information.
In such scheme preferably, described security module includes: ciphering unit, authentication ' unit,
Key storing unit and the second Micro-processor MCV,
Wherein, described second Micro-processor MCV is connected with described first microprocessor MCU,
Described second Micro-processor MCV respectively with described ciphering unit, described authentication ' unit and institute
State key storing unit to connect.
In such scheme preferably, described 2 road EPA interfaces are in described industry
Connection in Ethernet, wherein, a described road interface is connected to switch, a described other road
Interface is connected to industrial control equipment.
In such scheme preferably, described USB communication interface is used for config update.
In such scheme preferably, described power module is used for as described network data encryption device
Stable power-supplying is provided, and there is power source short-circuit protection function and over-voltage protecting function.
In such scheme preferably, the described cipher key storage block in described security module is used for
Preserve the symmetric key in encrypting and decrypting computing, unsymmetrical key and digital certificate.
Network data encryption device described in the utility model need not change the situation of existing equipment
Under, the data outlet of equipment is encrypted control, solves secure accessing and the safety of equipment
The problem accessed, can quickly set up whole security protection system, set up for industrial information etc.
Powerful safeguard protection means, prevent data from illegally being stolen, and distort and damage, it is ensured that data
Secret, authenticity and integrity, the major technique of employing have the close algorithm of state, symmetric cryptography,
Asymmetric encryption, signing certificate, safety certification and network channel encryption.Realize terminal unit
Registration, certification and management, it is achieved " legal terminal access legitimate network, legal platform pipe
Manage legal equipment " target, to preventing information without licensing and support is played in misuse
Effect.
Accompanying drawing explanation
In order to be illustrated more clearly that this utility model embodiment or technical scheme of the prior art, under
Face is by being briefly described the accompanying drawing used required in embodiment or description of the prior art, aobvious
And easy insight, the accompanying drawing in describing below is embodiments more of the present utility model, for this area
From the point of view of those of ordinary skill, on the premise of not paying creative work, it is also possible to attached according to these
Figure obtains other accompanying drawing.
Fig. 1 is the structural representation of a kind of network data encryption device described in the utility model.
Fig. 2 is the structure of the security module in a kind of network data encryption device described in the utility model
Schematic diagram.
Fig. 3 is the use signal of the network data encryption device as described in Figure 1 that this utility model provides
Figure.
Detailed description of the invention
For making the purpose of this utility model, technical scheme and advantage clearer, hereinafter with reference to this
Accompanying drawing in utility model embodiment, clearly and completely describes this utility model by embodiment
Technical scheme, it is clear that described embodiment is a part of embodiment of this utility model, and not
It it is whole embodiments.Based on the embodiment in this utility model, those of ordinary skill in the art exist
Do not make the every other embodiment obtained under creative work premise, broadly fall into this practicality new
The scope of type protection.
Network data encryption device described in the utility model, with MCU microprocessor as core, is aided with strong
The Peripheral digital circuit module of big function, enables network data encryption device to build with remote authentication server
Vertical safety data transmission passage, and encryption or the data of decrypted transport simultaneously.
The technical scheme provided this utility model below does the explanation of detailed disclosure, with reference to Fig. 1 institute
It is shown as the structural representation of a kind of network data encryption device that this utility model provides.Including: first
Micro-processor MCV, 2 road EPA interfaces (i.e. ethernet PHY and DM9000A this two
Road interface), security module, display lamp, SD storage, USB communication interface and power module.
Wherein, first microprocessor MCU uses at the technical grade Cortex-M4 of dominant frequency 200MHZ
Reason device, this processor has abundant peripheral interface, can well support opening of ancillary equipment
Send out.
Fig. 2 is the structure of the security module in a kind of network data encryption device described in the utility model
Schematic diagram.Security module is the core of this network data encryption device, uses the state of country's password detection
Close chip.It is by ciphering unit, authentication ' unit, key storing unit and the second Micro-processor MCV
Composition.Data secure private chip that described second Micro-processor MCV is a highly integrated and high-performance
Microprocessor, use 32 bit CPU kernels, there is 10 years data above retention times, be equipped with hard
Part randomizer, has the close algorithm associations of state such as hardware SM1, SM2, SM3, SM4 and processes
Device and DES, ECC, AES, its operating temperature range is-40 DEG C~85 DEG C.
Described 2 road EPA interfaces (i.e. ethernet PHY in Fig. 1 and DM9000A this
Two-way interface) it is used for the connection in EPA.Wherein, a road is connected to switch, and other one
Road is connected to industrial control equipment, such as DCS, PLC etc..Make network data described in the utility model
Encryption equipment can directly be connected between industrial control equipment and the network equipment, it is achieved connects without IP.
Described SD storage is for preserving configuration file and the day of key of described network data encryption device
Will information.
Described USB communication interface is outside management interface, for the renewal etc. of configuration.
Described display lamp is used for the running status indicating equipment current, such as: run instruction, state refers to
Show or warning instruction etc..
Described power module uses single supply input, and using high-end power supply chip is that network data adds
Close device provides the electric current of maximum 3A, and has power source short-circuit protection function and over-voltage protecting function.
The embedded real time operating system of network data encryption device described in the utility model, with the close algorithm of state be
Technological core, according to TCP/IP network protocol standard, is applied to the security protection of industrial control system
Equipment.Described network data encryption device supports the encryption function of clear data, the deciphering merit of ciphertext data
Can, industrial ethernet protocol, such as modbus, profinet etc..Also support state close algorithm SM1,
SM2, SM3, SM4 and International Algorithmic AES, ECC etc..Support outside usb data interface
Portion's management function, it is achieved the renewal to the configuration file of network encryption device.Support key online updating,
The online updating of digital certificate.Possesses digital certificate functionality, using the teaching of the invention it is possible to provide the authentication of equipment.Logical
Cross and software bypass function is set, it is achieved encrypted transmission and the flexible switching of transparent transmission.This utility model
Described encryption equipment is arranged without IP, supports data application layer encryption and data link layer encryption.
Fig. 3 is the use signal of the network data encryption device as described in Figure 1 that this utility model provides
Figure.Described network data encryption device utilizes state close symmetry algorithm SM1, SM2 and asymmetric arithmetic
SM2, by the way of digital certificate, i.e. by the authentication ' unit of described security module.Network data
Encryption equipment is managed collectively by certificate server when access network: first, certificate server and
Network data encryption device carries out bidirectional identification discriminating, when equipment and communication between devices by numeral
Certificate carries out identity discriminating.The correctness of Data Source is ensured by the way of two-way authentication.
Described network data encryption device utilizes the ciphering unit in security module, use SM1 or
SM4 symmetry algorithm, the data transmitted by EPA are encrypted or decipher, data
After process completes, MCU is exported by another port again, it is ensured that transmission data confidentiality.
The cleartext information that Ethernet is received by described network data encryption device is through SM3 digest algorithm
Calculate, utilize the irreversible principle of digest calculations, at receiving terminal, the data received are cooked integrity
Verification, it is achieved the integrity of data.
Owing to described network data encryption device is used between DCS controller, PLC and switch,
If every application will arrange IP workload very greatly, and in each network environment
IP resource will be taken.For the ease of field conduct, this utility model uses without IP interconnection technique,
By resolving ICP/IP protocol bag, resolve in data link layer.And data are encrypted.
Avoid the data verification of IP layer.Data after simultaneously encrypting according to the data packet format of TCP/IP
Carry out repacking transmission.
Key is preserved, by authentication ' unit, authentication authorization and accounting server, Ke Yishe in described security module
Put regularly key updating.Described network data encryption device can arrange selected in communications protocol flexibly
AES and algorithm secret key, improve data confidentiality.And there is key storage function,
It is responsible for preserving the symmetric key in encrypting and decrypting computing, unsymmetrical key and digital certificate etc..
Described network data encryption device this locality just has storage function, it is possible to configuration information and important day
Will information can be encrypted preservation.
Network data encryption device described in the utility model is by close for state algorithm higher the adding of this confidentiality
Decryption method is applied in the data transmission of network, and the current legacy network encryption data of effective solution is held
The problem being easily cracked.It is easily accessed existing network equipment system, it is simple to implement simultaneously, improves
The security level of industrial information system.
The above is only detailed description of the invention of the present utility model, common for the art
For technical staff, on the premise of without departing from this utility model principle, it is also possible to make some changing
Entering and retouch, these improvements and modifications also should be regarded as protection domain of the present utility model.
Claims (5)
1. a network data encryption device, it is characterised in that including: first microprocessor MCU, security module, 2 road EPA interfaces, SD storage, USB communication interface and power module;
Wherein, described first microprocessor MCU is connected with described security module, described 2 road EPA interfaces, described SD storage, described USB communication interface and described power module respectively.
Network data encryption device the most according to claim 1, it is characterized in that, described network data encryption device also includes that display lamp, described display lamp are connected with described first microprocessor MCU, and described display lamp is for indicating the running status of described network data encryption device.
Network data encryption device the most according to claim 1, it is characterized in that, described security module includes: ciphering unit, authentication ' unit, key storing unit and the second Micro-processor MCV, wherein, described second Micro-processor MCV is connected with described first microprocessor MCU
Described second Micro-processor MCV is connected with described ciphering unit, described authentication ' unit and described key storing unit respectively;
Described key storing unit is for preserving the symmetric key in encrypting and decrypting computing, unsymmetrical key and digital certificate.
Network data encryption device the most according to claim 1, it is characterised in that described 2 road EPA interfaces are for the connection in described EPA, and wherein, a described road interface is connected to switch, and a described other road interface is connected to industrial control equipment.
Network data encryption device the most according to claim 1, it is characterised in that described power module is for providing stable power-supplying for described network data encryption device, and has power source short-circuit protection function and over-voltage protecting function.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201521128066.5U CN205584238U (en) | 2015-12-30 | 2015-12-30 | Network data encryption equipment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201521128066.5U CN205584238U (en) | 2015-12-30 | 2015-12-30 | Network data encryption equipment |
Publications (1)
Publication Number | Publication Date |
---|---|
CN205584238U true CN205584238U (en) | 2016-09-14 |
Family
ID=56882541
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201521128066.5U Active CN205584238U (en) | 2015-12-30 | 2015-12-30 | Network data encryption equipment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN205584238U (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106385423A (en) * | 2016-11-18 | 2017-02-08 | 成都英德思网络技术有限公司 | Data encrypting transmission method and system |
CN107819788A (en) * | 2017-12-06 | 2018-03-20 | 中国大唐集团科学技术研究院有限公司华东分公司 | A kind of secure encryption system based on power generation control with Monitoring Data |
CN109391609A (en) * | 2018-04-10 | 2019-02-26 | 江苏亨通工控安全研究院有限公司 | Support the transmission encryption method and system of industry control agreement |
CN111526158A (en) * | 2020-05-21 | 2020-08-11 | 无锡极地之光信息技术有限公司 | Safety transmitter device for field bus |
CN112532612A (en) * | 2020-11-25 | 2021-03-19 | 中国大唐集团科学技术研究院有限公司 | Industrial control network safety protection system |
-
2015
- 2015-12-30 CN CN201521128066.5U patent/CN205584238U/en active Active
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106385423A (en) * | 2016-11-18 | 2017-02-08 | 成都英德思网络技术有限公司 | Data encrypting transmission method and system |
CN107819788A (en) * | 2017-12-06 | 2018-03-20 | 中国大唐集团科学技术研究院有限公司华东分公司 | A kind of secure encryption system based on power generation control with Monitoring Data |
CN107819788B (en) * | 2017-12-06 | 2023-11-07 | 中国大唐集团科学技术研究院有限公司华东分公司 | Safety encryption system based on power production control and monitoring data |
CN109391609A (en) * | 2018-04-10 | 2019-02-26 | 江苏亨通工控安全研究院有限公司 | Support the transmission encryption method and system of industry control agreement |
CN111526158A (en) * | 2020-05-21 | 2020-08-11 | 无锡极地之光信息技术有限公司 | Safety transmitter device for field bus |
CN112532612A (en) * | 2020-11-25 | 2021-03-19 | 中国大唐集团科学技术研究院有限公司 | Industrial control network safety protection system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN205584238U (en) | Network data encryption equipment | |
US8484486B2 (en) | Integrated cryptographic security module for a network node | |
CN109561047B (en) | Encrypted data storage system and method based on key remote storage | |
CN103490895B (en) | A kind of industrial control identity authentication applying the close algorithm of state and device | |
CN105610706B (en) | A kind of intelligent gateway platform of internet of things oriented control system | |
CN103679062A (en) | Intelligent electric meter main control chip and security encryption method | |
CN105100076A (en) | Cloud data security system based on USB Key | |
CN106469124A (en) | A kind of memory access control method and device | |
CN104335548A (en) | Secure data processing | |
CN102609667A (en) | Automatic file encryption and decryption system and automatic file encryption and decryption method based on filter drive program | |
CN103440462A (en) | Embedded control method for improving security and secrecy performance of security microprocessor | |
CN103560911A (en) | Method and system for financial self-service equipment initiative preventive maintenance | |
CN105471901A (en) | Industrial information security authentication system | |
CN106209916A (en) | Industrial automation produces business data transmission encryption and decryption method and system | |
CN104333547A (en) | Safety protection method of two-way interaction intelligent ammeter | |
KR101359789B1 (en) | System and method for security of scada communication network | |
CN104732614A (en) | Access device for encrypting wiegand protocol signal and encryption and decryption method thereof | |
CN102761559B (en) | Network security based on private data shares method and communication terminal | |
CN102694645A (en) | Method and device for safely controlling geographic spatial data | |
CN105721458A (en) | Industrial Ethernet switching method based on ISG security password technique | |
CN207475576U (en) | A kind of safety mobile terminal system based on safety chip | |
CN115118751A (en) | Block chain-based supervision system, method, equipment and medium | |
CN103647654B (en) | A kind of power distribution terminal key management method based on trust computing | |
CN111343421B (en) | Video sharing method and system based on white-box encryption | |
CN103561021A (en) | Method for realizing cloud storage system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C14 | Grant of patent or utility model | ||
GR01 | Patent grant |