CN2565211Y - Safety router - Google Patents
Safety router Download PDFInfo
- Publication number
- CN2565211Y CN2565211Y CN 02253575 CN02253575U CN2565211Y CN 2565211 Y CN2565211 Y CN 2565211Y CN 02253575 CN02253575 CN 02253575 CN 02253575 U CN02253575 U CN 02253575U CN 2565211 Y CN2565211 Y CN 2565211Y
- Authority
- CN
- China
- Prior art keywords
- secure
- protocol
- secure router
- interface
- support
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Small-Scale Networks (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The utility model relates to a secure router, which is composed of a CPU motherboard with an electronic disk DOC and two ethernet interfaces, a 2M network card, an encryption card, a hard disk, a power supply, an indication lamp, a fan, and a switch in a casing, wherein, the CPU motherboard is inserted in a slot of equipment bus, the electronic disk DOC stores an embedded real-time operating system and IP security protocol software, and the software totally has source program codes and autonomous copyrights. The secure router supports the IPSec protocol, and can carry out authentication and encryption to transmission data; therefore, a secure channel is formed. The utility model adopts secure key distribution and management agreement, supports the IKE protocol and can automatically negotiate a cipher key so as to realize two-stage privacy control to the cipher key, and the utility model can provide secure encryption communication in the usual internet which does not have a secure characteristic. The secure router is access equipment used for the transmission of network information of militaries, governments, finance, etc.
Description
Technical field:
The utility model relates to a kind of telecommunication network equipment, relates in particular to a kind of network access equipment of secure communication, is used for the information transmission to safe and secret demanding department such as army, government, finance.
Background technology:
Ordinary router only considers to determine how effectively the forward-path of IP packet.And now the IP packet itself in the IPv4 basic definition does not have any security feature, is easy to be subjected to various attack, such as Replay Attack and man-in-the-middle attack.Secure router major part on the market is import, costs an arm and a leg, and uses public cryptographic algorithm, is not suitable for the department that is applied to level security requirement height, relates to national security, as army, government department etc.
The utility model content:
The purpose of this utility model is: design a kind of secure router, adopt our router technology, adopt homemade cryptographic algorithm and chip, the open security protocol system of internet usage has complete independent intellectual property right, low price.The utility model adopts IP security protocol IPSec to protect the safety of IP packet effectively.
The utility model is achieved in that
Core bus slot, hard disk, power supply are arranged on the base in housing, on slot, be inserted with cpu motherboard, encrypted card and the 2Mbps interface card of band electric board DOC and two Ethernet interfaces, on mainboard, be fixed with processor, internal memory and electric board, on encrypted card, be connected with packet encryting chip and physical noise source chip, power supply indicator is arranged on the front panel, there is the dual serial interface at the rear board place, two lan interfaces, a pair of telenet interface, supply socket and mains switches, there is fan rear board and housing both sides.Core bus links together mainboard, encrypted card and 2Mbps interface card.Power supply is powered to these integrated circuit boards by bus, and links to each other with indicator light, fan and switch.Processor on the mainboard is connected with built-in storage, electric board, hard disk respectively.DOC on the mainboard is depositing an embedded real-time operating system and IP security protocol software.This secure router further adds the novel router that security protocol and hardware encryption module are realized based on a ordinary router of exploitation before us.Specifically, on hardware, adopt SSX05 block cipher encryption chip and WNG-4 physical noise source chip to develop encrypted card, SSX05 block cipher encryption chip and WNG-4 physical noise source chip are that design and develop at Chinese Academy of Sciences DCS center, examine by the Password Management committee; Be to add ipsec protocol in the ICP/IP protocol stack at preceding a ordinary router on the software, and using secret key safety exchange agreement IKE as the cipher key change means.By the transformation of hardware and software two aspects, realized this a secure router.
The utility model and prior art compare, and the advantage that has is:
1. simple in structure, it is spliced modular structure, is convenient to increase new function.
2. support general mode and two kinds of mode of operations of encryption mode.
3. source program code and autonomous copyright are arranged.
4. the homemade encryption chip that adopts Ministry of State Security to authenticate carries out the encryption and decryption processing of data; Adopt multistage in the key management
Key is hidden and is handled the security of system height.
5. adopt open safe IPsec and public key exchange agreement IKE, provide with other related system intercommunication
Open interface.
Description of drawings:
Below in conjunction with Figure of description embodiment is described in detail.
Fig. 1 is the utility model secure router hardware configuration schematic diagram.
Fig. 2 is the utility model secure router external interface schematic diagram.
Fig. 3 is the utility model secure router information flow chart.
Embodiment:
As shown in Figure 1, structure of the present utility model is that core bus slot 1, hard disk 2 and power supply 3 are arranged on the base of enclosure interior, is inserted with mainboard 4, encrypted card 5 and 2,000,000 interface cards 6 on slot 1.Processor 7, internal memory 8 and electric board 9 are arranged on mainboard 4.Packet encryting chip 10 and physical noise source chip 11 are arranged on encrypted card 5.Power supply indicator 12 is arranged on the front panel.There are dual serial interface 13, two lan interfaces 14, a pair of telenet interface 15, supply socket 16 and mains switches 17 in the rear board place.There is fan 18 rear board and housing both sides.
As shown in Figure 2, can be configured the utility model by control terminal S1.The packet D1 of user terminal S2 can encrypt back formation secure data through the utility model and give reciprocity security gateway S4, also can not carry out encryption and directly give higher level's gateway S5.Exchanging safety protocol data between the utility model and the reciprocity security gateway S4.Exchange route and monitoring protocol data between the utility model and the higher level's gateway S5.Switching network administration order and data between the utility model and the network management terminal S3.
As shown in Figure 3, software of the present utility model mainly comprises user's configuration process program, network data processing module and network management module.Receive the order of control terminal or the configuration order of telecommunication network, user's configuration process program is carried out system configuration by configuration parameter, forms Parameter File and supplies with network data processing module and network management module use.The network data processing module is responsible for the data of process user terminal, encrypts and be transmitted to network on request.Give the user after the user data deciphering that network comes.Network management module provides equipment running status and provides response after receiving network management command.Revise routing table and provide response after receiving route and monitor message.
Technical indicator of the present utility model:
1. the 2.048Mbps interface meets G.703 standard of ITU-T;
2. Ethernet interface meets the IEEE802.3 standard;
3. support ppp protocol and SLIP agreement;
4. support ICP/IP protocol and IPX/SPX agreement;
5. support RIP, OSPF, BGP Routing Protocol;
6. the support ipsec protocol authenticates, encrypts the transmission data, constitutes safe lane;
7. support the IKE agreement, automatically arranging key;
8. adopt the encryption key distribution and the management agreement of safety;
9. key is realized the secret control of two-stage;
10. in unclassified channel private data, constitute safe lane;
11. have the fire compartment wall that is based upon on the packet filtering basis;
12. support the camouflage of IP address;
13. have the SNMP network management, support MODEM Remote configuration and serial ports configuration;
14. support the Secure shell protocol, realize the telesecurity configuration of equipment.
Claims (6)
1. secure router, comprise housing, power supply, hard disk, mainboard, processor, built-in storage, it is characterized in that: also comprise the core bus slot, encrypted card, the 2Mbps interface card, electric board, wherein, the core bus slot is arranged on the housing base, hard disk, power supply, be inserted with mainboard encrypted card and 2Mbps interface card on the slot, on mainboard, be fixed with processor, internal memory and electric board, on encrypted card, be connected with packet encryting chip and physical noise source chip, power supply indicator is arranged on the front panel, there is the dual serial interface at the rear board place, two lan interfaces, a pair of telenet interface, supply socket and mains switch, there is fan rear board and housing both sides, and processor connects built-in storage respectively, electric board, hard disk, bus connects power supply, indicator light, interface, fan, switch.
2. secure router according to claim 1 is characterized in that: described mainboard is the cpu motherboard of band electric board DOC, and its electric board DOC is depositing an embedded real-time operating system and IP security protocol software.
3. secure router according to claim 1 is characterized in that: digital physical noise source chip WNG-4 and packet encryting chip SSX05 are arranged on the described encrypted card.
4. secure router according to claim 1 is characterized in that: the 2.048Mbps interface of described secure router meets the ITU-TG.703 standard; Ethernet interface meets the IEEE802.3 standard.
5. secure router according to claim 1 is characterized in that: described secure router is supported ppp protocol and SLIP agreement; Support ICP/IP protocol and IPX/SPX agreement; Support RIP, OSPF, BGP Routing Protocol; Has the fire compartment wall that is based upon on the packet filtering basis; Support the SNMP NMP; Support the Secure shell protocol, realize the telesecurity configuration and the serial ports configuration of equipment.
6. secure router according to claim 1 is characterized in that: described secure router is supported ipsec protocol, and the transmission data are authenticated, encrypt, and constitutes safe lane; Adopt the encryption key distribution and the management agreement of safety; Support the IKE agreement, automatically arranging key; Key is realized the secret control of two-stage; In unclassified channel private data, constitute safe lane; Support the camouflage of IP address.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 02253575 CN2565211Y (en) | 2002-09-09 | 2002-09-09 | Safety router |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 02253575 CN2565211Y (en) | 2002-09-09 | 2002-09-09 | Safety router |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN2565211Y true CN2565211Y (en) | 2003-08-06 |
Family
ID=33722680
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 02253575 Expired - Fee Related CN2565211Y (en) | 2002-09-09 | 2002-09-09 | Safety router |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN2565211Y (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101069407B (en) * | 2005-12-21 | 2010-12-08 | 松下电工株式会社 | Systems and methods for automatic secret generation and distribution for secure systems |
| CN102118393A (en) * | 2011-01-21 | 2011-07-06 | 成都卫士通信息产业股份有限公司 | Safety sensing convergence device for Internet of things |
| CN105357218A (en) * | 2015-12-03 | 2016-02-24 | 上海斐讯数据通信技术有限公司 | Router with hardware encryption and decryption function and encryption and decryption method of router |
| CN106129584A (en) * | 2016-08-22 | 2016-11-16 | 张家港奥尼斯信息科技有限公司 | The double LTE external antenna of high performance remote for automatic teller machine secrecy LTE wireless router |
| CN109344639A (en) * | 2018-10-30 | 2019-02-15 | 南方电网科学研究院有限责任公司 | A kind of distribution automation double protection safety chip, data transmission method and equipment |
| CN116886405A (en) * | 2023-08-03 | 2023-10-13 | 广东九博科技股份有限公司 | Miniaturized packet router and single point access information encryption protection method thereof |
-
2002
- 2002-09-09 CN CN 02253575 patent/CN2565211Y/en not_active Expired - Fee Related
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101069407B (en) * | 2005-12-21 | 2010-12-08 | 松下电工株式会社 | Systems and methods for automatic secret generation and distribution for secure systems |
| CN102118393A (en) * | 2011-01-21 | 2011-07-06 | 成都卫士通信息产业股份有限公司 | Safety sensing convergence device for Internet of things |
| CN102118393B (en) * | 2011-01-21 | 2013-09-18 | 成都卫士通信息产业股份有限公司 | Safety sensing convergence device for Internet of things |
| CN105357218A (en) * | 2015-12-03 | 2016-02-24 | 上海斐讯数据通信技术有限公司 | Router with hardware encryption and decryption function and encryption and decryption method of router |
| CN105357218B (en) * | 2015-12-03 | 2018-07-24 | 上海斐讯数据通信技术有限公司 | A kind of router and its encipher-decipher method having hardware enciphering and deciphering function |
| CN106129584A (en) * | 2016-08-22 | 2016-11-16 | 张家港奥尼斯信息科技有限公司 | The double LTE external antenna of high performance remote for automatic teller machine secrecy LTE wireless router |
| CN109344639A (en) * | 2018-10-30 | 2019-02-15 | 南方电网科学研究院有限责任公司 | A kind of distribution automation double protection safety chip, data transmission method and equipment |
| CN116886405A (en) * | 2023-08-03 | 2023-10-13 | 广东九博科技股份有限公司 | Miniaturized packet router and single point access information encryption protection method thereof |
| CN116886405B (en) * | 2023-08-03 | 2024-01-09 | 广东九博科技股份有限公司 | Miniaturized packet router and single point access information encryption protection method thereof |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP1800450B1 (en) | Method for secure signal transmission in a telecommunication network, in particular in a local area network | |
| CN100592739C (en) | Method and apparatus to provide secure communication | |
| US9003199B2 (en) | Modular cryptographic device providing multi-mode wireless LAN operation features and related methods | |
| EP1580934A2 (en) | Methods and modular cryptographic device with enhanced interface protocol | |
| EP1580921B1 (en) | Modular cryptographic device and related method | |
| CN2565211Y (en) | Safety router | |
| EP1580932A2 (en) | Methods and modular cryptographic device with status determination | |
| CN103684793A (en) | Method for enhancing communication security of power distribution network based on trusted computing | |
| Raghunathan et al. | Securing mobile appliances: new challenges for the system designer | |
| CN211352206U (en) | IPSec VPN cryptographic machine based on quantum key distribution | |
| CA2502167A1 (en) | Modular cryptographic device providing enhanced communication control features and related methods | |
| Okabe et al. | Security architecture for control networks using IPsec and KINK | |
| CN1622517A (en) | An embedded information security platform | |
| US20050213762A1 (en) | Modular cryptographic device and coupling therefor and related methods | |
| CN115314205A (en) | Collaborative signature system and method based on key segmentation | |
| CN114338215A (en) | Network link security encryption system | |
| CN111641646A (en) | Safety enhancement type communication positioning terminal | |
| CN111193735A (en) | Intelligent terminal safety communication system based on independent computing unit | |
| CN205510107U (en) | Network security communication device | |
| CN211046963U (en) | Intelligent terminal safety communication system | |
| CN213637804U (en) | Safe 5G wireless router | |
| CN214256348U (en) | Situation awareness-based wireless network security device | |
| CN207603681U (en) | A kind of Internet of Things secure communication middleware system with attack defending | |
| CN113259362A (en) | Safe encrypted industrial router terminal | |
| Zhiyu et al. | Study on security strategy of wireless mobile office system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C19 | Lapse of patent right due to non-payment of the annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |