CN102571348B - Ethernet encryption and authentication system and encryption and authentication method - Google Patents
Ethernet encryption and authentication system and encryption and authentication method Download PDFInfo
- Publication number
- CN102571348B CN102571348B CN201110425336.9A CN201110425336A CN102571348B CN 102571348 B CN102571348 B CN 102571348B CN 201110425336 A CN201110425336 A CN 201110425336A CN 102571348 B CN102571348 B CN 102571348B
- Authority
- CN
- China
- Prior art keywords
- encryption
- network
- sha
- switch
- sequence number
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3242—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Power Engineering (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention discloses an Ethernet encryption and authentication system and an Ethernet encryption and authentication method. The system comprises an encryption switch and an encryption network card installed in a host of a client. The encryption network card comprises an electrically erasable programmable read-only memory (EEPROM) with a secure Hash algorithm (SHA)-1, a complex programmable logic device (CPLD) and a network control chip, wherein the EEPROM is used for storing a serial number and a key of the encryption network card, and generating a message authentication code according to the serial number, the key and user-defined data; the CPLD is used for generating a random number and a control word for encrypting an important data packet; and the network control chip is connected with the EEPROM with the SHA-1 and the CPLD respectively, and is used for controlling an Ethernet interface. The encryption switch comprises an SHA-1 coprocessor, wherein the SHA-1 coprocessor is used for storing the serial number and key of the encryption switch, generating a random number, and generating a message authentication code according to the serial number, the key and the random number. By the system and the method, the real-time availability of an encrypted network can be ensured; the system and the method are high in safety performance and difficult to crack or monitor; and moreover, the Ethernet encryption and authentication cost is decreased.
Description
Technical field
The present invention relates to Ethernet encrypting and authenticating technical field, relate in particular to a kind of Ethernet encrypted authentication system and encryption and authentication method.
Background technology
Ethernet encryption technology is mainly used for preventing that the internal lan of illegal computer access tissue from stealing the behavior of confidential information, and this technology also can prevent that the illegal computer of in-house office computer and other from interconnecting and cause the copy to confidential data.Key equipment in Ethernet encryption technology comprises Ethernet encryption switch and Ethernet Encryption Network Card.Prior art is carried out encryption and decryption at encryption switch and Encryption Network Card place to Ethernet data by the method for hardware or software conventionally.
Hardware-based cryptographic is mainly by adding FPGA device between (MAC) chip of the network controller in Encryption Network Card one side and PHY chip, data on MII/GMII interface are carried out to encryption and decryption, also insert FPGA device encrypting between the exchange chip (MAC) of switch one side and PHY, the data on MII/GMII interface are carried out to reverse encryption and decryption operation.Such technology needs between MAC and PHY, to insert on a large scale FPGA device, and cost is higher, and certification number of times is limited, can not carry out real-time authentication, therefore poor stability, in addition, cryptographic algorithm is relatively fixing in the inner realization of FPGA, once be cracked, can make other equipment also under attack.
Software encryption technique is in Encryption Network Card side and encrypts disposal ability that exchanger side utilizes processor message or its upper strata message to Ethernet and carry out encryption and decryption operation.Such technology is easily carried out dis-assembling, tracking and decoding by malicious persons, poor stability, and its cryptographic algorithm fixes, and easily cracked by monitoring; In addition, the encryption and decryption operation of software need expend a large amount of CPU disposal abilities, can reduce the disposal ability of throughput performance and the equipment of network.
Summary of the invention
(1) technical problem that will solve
The technical problem to be solved in the present invention is: a kind of Ethernet encrypted authentication system and encryption and authentication method are provided, it can guarantee the real-time availability of refined net, there is higher security performance, be difficult for being cracked or monitoring, and reduced the cost of Ethernet encrypting and authenticating.
(2) technical scheme
For addressing the above problem, the invention provides a kind of Ethernet encrypted authentication system, comprise the Encryption Network Card of encrypting switch and being installed on client host; Described Encryption Network Card comprises:
With the eeprom memory of SHA-1, for sequence number, the key of storage encryption network interface card, and according to described sequence number, key and User Defined data generating message authentication code;
CPLD, for generate random number, and produce be used for encrypting significant data bag control word;
Network control chip, is connected respectively with the described eeprom memory with SHA-1 and CPLD, for Control ethernet interface;
Described encryption switch comprises: SHA-1 coprocessor, for sequence number, the key of storage encryption switch, generate random number, and according to described sequence number, key and described random number generating message authentication code.
Preferably, described network control chip is provided with IIC interface, GPIO and the PCIe interface of expansion.
Preferably, described network control chip is intel 82574 chips, can be also other network control chip that meets function needs.
Utilize aforementioned system to be encrypted a method for the certification of switch to main frame, comprise the following steps:
A: in the time encrypting switch and find that there is new main frame and be connected with its network interface, send self-defined message to main frame, ask it that sequence number of Encryption Network Card is provided;
B: main frame is communicated by letter with the eeprom memory with SHA-1 in Encryption Network Card by network interface card control chip, and the sequence number that reads Encryption Network Card sends to encryption switch;
C: SHA-1 coprocessor generation random number and the inquiry message encrypted on switch send to main frame, and generate checking message authentication code according to the sequence number of described random number, Encryption Network Card and key;
D: main frame sends it to the eeprom memory with SHA-1 in Encryption Network Card after receiving and addressing inquires to message;
E: the random number of receiving with the eeprom memory basis of SHA-1, sequence number and the key generating message authentication code of Encryption Network Card;
F: the message authentication code that main frame generates Encryption Network Card is encapsulated into and sends to encryption switch in response message;
G: encrypt switch the checking message authentication code of its generation is compared with the message authentication code that main frame sends, if the two is consistent, for main frame provides network exchange service, otherwise by the port shutdown being connected with main frame.
Even for by the main frame of certification, encrypt switch also at set intervals (as a few minutes) it is initiated to verification process, if pass through, continue as it service be provided, otherwise itself and other parts in network are isolated.
Utilize aforementioned system to carry out a method for the certification of main frame to encryption switch, comprise the following steps:
A1: Host Detection sends message request after connecting and encrypts switch network interface card sequence number is provided with encrypting switch to it, encrypts switch and communicates by letter with SHA-1 coprocessor, reads described network interface card sequence number and sends to described main frame;
B1:CPLD generates random number, reads network interface card sequence number with the eeprom memory of SHA-1, and random number and network interface card sequence number are encapsulated into and address inquires to message and send to encryption switch;
C1: the random number that main frame generates CPLD sends to the eeprom memory with SHA-1, goes out to verify message authentication code with the eeprom memory of SHA-1 according to random number, network interface card sequence number and cipher key calculation;
D1: encrypt switch the network interface card sequence number in the inquiry message of its reception and random number are sent to SHA-1 coprocessor, SHA-1 coprocessor, according to random number, network interface card sequence number and key, calculates message authentication code;
E1: encrypt switch the message authentication code calculating is encapsulated into and sends to main frame in response message;
F1: main frame sends to CPLD to compare the message authentication code of its reception and described checking message authentication code, if the two is consistent, uses encryption switch that network exchange service is provided, and connects otherwise CPLD will close the network of this network interface card.
One utilizes aforementioned system to be encrypted the method for the mutual certification between network interface card driver (driver can have multiple implementation, comprises driver etc.) and Encryption Network Card, comprises the following steps:
A2: insert the USB KEY that comprises SHA-1 Coprocessor at the PCI of main frame slot or USB interface;
B2: Encryption Network Card driver sends the request of reading its sequence number to Encryption Network Card, and read sequence number and send to USB KEY;
C2: Encryption Network Card driver requests USB KEY produces random number, and read this random number and send to Encryption Network Card;
D2: the eeprom memory with SHA-1 reads back according to the sequence number generating message authentication code of key, described random number and Encryption Network Card encrypted network interface card driver;
E2:USB KEY generates checking message authentication code according to the sequence number of key, random number and Encryption Network Card and encrypted network interface card driver reads back;
F2: Encryption Network Card driver compares described message authentication code and described checking message authentication code, if the two is consistent, continues to use this network to connect, otherwise, stop using this network to connect.
Preferably, said method also comprises: utilize CPLD to safeguard the step that the timing of timer supervision Encryption Network Card driver authenticates Encryption Network Card.If timer expired, proves that host software is illegal or it is undesired to move, CPLD connects and disconnects from the network of chief commander's network interface card, and this is also the verification process for host software in fact.
Utilize the method for carrying out encryption and decryption of aforementioned system to data message, comprise the following steps:
A3: after encryption switch authenticates main frame, the eeprom memory generating message authentication code with SHA-1 in Encryption Network Card;
B3: this message authentication code is converted into control word by the CPLD in Encryption Network Card, Encryption Network Card utilizes this control word to carry out encryption and decryption to data message;
C3: the encryption switch use algorithm same with CPLD produces same control word the data message of main frame is carried out to encryption and decryption.
(3) beneficial effect
The present invention has strengthened the certification link that Ethernet is encrypted, and with respect to traditional hardware encryption technology, greatly provide cost savings, and authentication method of the present invention can regularly repeat, and has guaranteed the real-time availability of refined net; The present invention is more efficient with respect to traditional software encryption technology, can too much not take CPU and memory source; The invention provides main frame to encrypting the reverse authentication mechanism of switch, guarantee that the equipment in each network can be verified its opposite equip.; The present invention has sufficient protection for the key of encrypting and authenticate, even the monitored algorithm of encryption and certification of also can not decoding out easily of a certain equipment in network; Equipment in the present invention in each encryption Ethernet local area network (LAN) has global unique identification, adding each certification uses random number to participate in generating message authentication code, guarantee that the message authentication code that each main frame generates at different time can be not the same, more improved the difficulty of monitoring and decoding.
Brief description of the drawings
Fig. 1 is the structural representation of Ethernet encrypted authentication system described in embodiment of the present invention;
Fig. 2 is the flow chart that is encrypted the method for the certification of switch to main frame described in embodiment of the present invention;
Fig. 3 is the flow chart that carries out the method for the certification of main frame to encryption switch described in embodiment of the present invention;
Fig. 4 is the flow chart that is encrypted the method for the mutual certification between network interface card driver and Encryption Network Card described in embodiment of the present invention;
Fig. 5 is the flow chart of the method for carrying out encryption and decryption to data message described in embodiment of the present invention.
Embodiment
Below in conjunction with drawings and Examples, the specific embodiment of the present invention is described in further detail.Following examples are used for illustrating the present invention, but are not used for limiting the scope of the invention.
As shown in Figure 1, a kind of Ethernet encrypted authentication system of the present invention, comprises the Encryption Network Card of encrypting switch and being installed on client host; Described Encryption Network Card comprises:
With the eeprom memory of SHA-1, for sequence number, the key of storage encryption network interface card, and according to described sequence number, key and User Defined data generating message authentication code;
CPLD, for generate random number, and produce be used for encrypting significant data bag control word;
Network control chip, is connected respectively with the described eeprom memory with SHA-1 and CPLD, and for Control ethernet interface, described network control chip is provided with IIC interface, GPIO and the PCIe interface of expansion.Described network control chip is that intel 82574 chips can be also other network control chips that meets functional requirement;
Described encryption switch comprises: SHA-1 coprocessor, for sequence number, the key of storage encryption switch, generate random number, and according to described sequence number, key and described random number generating message authentication code.
As shown in Figure 2, a kind of method of utilizing aforementioned system to be encrypted the certification of switch to main frame of the present invention, comprises the following steps:
A: in the time encrypting switch and find that there is new main frame and be connected with its network interface, send self-defined message to main frame, ask it that sequence number of Encryption Network Card is provided;
B: main frame is communicated by letter with the eeprom memory with SHA-1 in Encryption Network Card by network interface card control chip, and the sequence number that reads Encryption Network Card sends to encryption switch;
C: SHA-1 coprocessor generation random number and the inquiry message encrypted on switch send to main frame, and generate checking message authentication code according to the sequence number of described random number, Encryption Network Card and key;
D: main frame sends it to the eeprom memory with SHA-1 in Encryption Network Card after receiving and addressing inquires to message;
E: the random number of receiving with the eeprom memory basis of SHA-1, sequence number and the key generating message authentication code of Encryption Network Card;
F: the message authentication code that main frame generates Encryption Network Card is encapsulated into and sends to encryption switch in response message;
G: encrypt switch the checking message authentication code of its generation is compared with the message authentication code that main frame sends, if the two is consistent, for main frame provides network exchange service, otherwise by the port shutdown being connected with main frame.
Even for by the main frame of certification, encrypt switch also at set intervals (as a few minutes) it is initiated to verification process, if pass through, continue as it service be provided, otherwise itself and other parts in network are isolated.
As shown in Figure 3, a kind of method of utilizing aforementioned system to carry out the certification of main frame to encryption switch of the present invention, comprises the following steps:
A1: Host Detection sends message request after connecting and encrypts switch network interface card sequence number is provided with encrypting switch to it, encrypts switch and communicates by letter with SHA-1 coprocessor, reads described network interface card sequence number and sends to described main frame;
B1:CPLD generates random number, reads network interface card sequence number with the eeprom memory of SHA-1, and random number and network interface card sequence number are encapsulated into and address inquires to message and send to encryption switch;
C1: the random number that main frame generates CPLD sends to the eeprom memory with SHA-1, goes out to verify message authentication code with the eeprom memory of SHA-1 according to random number, network interface card sequence number and cipher key calculation;
D1: encrypt switch the network interface card sequence number in the inquiry message of its reception and random number are sent to SHA-1 coprocessor, SHA-1 coprocessor, according to random number, network interface card sequence number and key, calculates message authentication code;
E1: encrypt switch the message authentication code calculating is encapsulated into and sends to main frame in response message;
F1: main frame sends to CPLD to compare the message authentication code of its reception and described checking message authentication code, if the two is consistent, uses encryption switch that network exchange service is provided, and connects otherwise CPLD will close the network of this network interface card.
As shown in Figure 4, a kind of method of utilizing aforementioned system to be encrypted the mutual certification between network interface card driver and Encryption Network Card of the present invention, comprises the following steps:
A2: insert the USB KEY that comprises SHA-1 Coprocessor at the PCI of main frame slot or USB interface;
B2: Encryption Network Card driver sends the request of reading its sequence number to Encryption Network Card, and read sequence number and send to USB KEY;
C2: Encryption Network Card driver requests USB KEY produces random number, and read this random number and send to Encryption Network Card;
D2: the eeprom memory with SHA-1 reads back according to the sequence number generating message authentication code of key, described random number and Encryption Network Card encrypted network interface card driver;
E2:USB KEY generates checking message authentication code according to the sequence number of key, random number and Encryption Network Card and encrypted network interface card driver reads back;
F2: Encryption Network Card driver compares described message authentication code and described checking message authentication code, if the two is consistent, continues to use this network to connect, otherwise, stop using this network to connect.
After Encryption Network Card being installed in main frame, legal NIC driver must be installed, be used for realizing verification process and the correct Encryption Network Card of controlling, Encryption Network Card could normally be worked, the NIC driver of moving on main frame needs and the Encryption Network Card of installation authenticates mutually, to ensure that the other side is legal normal, just can normally use this network to connect, otherwise Encryption Network Card and common NIC driver are used in conjunction with or have installed the main frame of correct Encryption Network Card driver has but installed common network interface card and all cannot reach the safe effect of expection, once find that this situation should ban use of this network to connect immediately.
Preferably, said method also comprises: utilize CPLD to safeguard the step that the timing of timer supervision Encryption Network Card driver authenticates Encryption Network Card.If timer expired, proves that host software is illegal or it is undesired to move, CPLD connects and disconnects from the network of chief commander's network interface card, and this is also the verification process for host software in fact.
As shown in Figure 5, a kind of method of carrying out encryption and decryption of aforementioned system to data message of utilizing of the present invention, comprises the following steps:
A3: after encryption switch authenticates main frame, the eeprom memory generating message authentication code with SHA-1 in Encryption Network Card;
B3: this message authentication code is converted into control word by the CPLD in Encryption Network Card, Encryption Network Card utilizes this control word to carry out encryption and decryption to data message;
C3: the encryption switch use algorithm same with CPLD produces same control word the data message of main frame is carried out to encryption and decryption.
Due to every through once encrypting the again verification process of switch to main frame, the value of message authentication code all can change, the value of control word also changes thereupon, the network interface card that adds each main frame has globally unique sequence number, thereby having ensured to encrypt control word changes with the change of different main frame different times, even if network is monitored, be also difficult to message key and the complete decoding of encryption mechanism.
The method encryption and decryption that uses software, expends a large amount of CPU disposal abilities and memory source, and the disposal ability and the network handling capacity that reduce main frame and encrypt switch, so suggestion only adopts the method to be encrypted critical data message.If whole messages are encrypted, more effective method is to adopt hardware-accelerated scheme, does like this and will adopt FPGA or special hardware-accelerated chip, greatly increases cost.
Above execution mode is only for illustrating the present invention; and be not limitation of the present invention; the those of ordinary skill in relevant technologies field; without departing from the spirit and scope of the present invention; can also make a variety of changes and modification; therefore all technical schemes that are equal to also belong to category of the present invention, and scope of patent protection of the present invention should be defined by the claims.
Claims (4)
1. a method of utilizing Ethernet encrypted authentication system to be encrypted the certification of switch to main frame, described Ethernet encrypted authentication system comprises: encrypt switch and be installed on the Encryption Network Card of client host, wherein, described encryption switch comprises: SHA-1 coprocessor, for sequence number, the key of storage encryption switch, generate random number, and according to described sequence number, key and described random number generating message authentication code; Described Encryption Network Card comprises:
With the eeprom memory of SHA-1, for sequence number, the key of storage encryption network interface card, and according to described sequence number, key and User Defined data generating message authentication code;
CPLD, for generate random number, and produce be used for encrypting significant data bag control word;
Network control chip, is connected respectively with the described eeprom memory with SHA-1 and CPLD, for Control ethernet interface; Described network control chip is provided with IIC interface, GPIO and the PCIe interface of expansion; Described network control chip is intel82574 chip;
It is characterized in that, the method comprises the following steps:
A: in the time encrypting switch and find that there is new main frame and be connected with its network interface, send self-defined message to main frame, ask it that sequence number of Encryption Network Card is provided;
B: main frame is communicated by letter with the eeprom memory with SHA-1 in Encryption Network Card by network interface card control chip, and the sequence number that reads Encryption Network Card sends to encryption switch;
C: SHA-1 coprocessor generation random number and the inquiry message encrypted on switch send to main frame, and generate checking message authentication code according to the sequence number of described random number, Encryption Network Card and key;
D: main frame sends it to the eeprom memory with SHA-1 in Encryption Network Card after receiving and addressing inquires to message;
E: the random number of receiving with the eeprom memory basis of SHA-1, sequence number and the key generating message authentication code of Encryption Network Card;
F: the message authentication code that main frame generates Encryption Network Card is encapsulated into and sends to encryption switch in response message;
G: encrypt switch the checking message authentication code of its generation is compared with the message authentication code that main frame sends, if the two is consistent, for main frame provides network exchange service, otherwise by the port shutdown being connected with main frame.
2. a method of utilizing Ethernet encrypted authentication system to carry out the certification of main frame to encryption switch, described Ethernet encrypted authentication system comprises: encrypt switch and be installed on the Encryption Network Card of client host, wherein, described encryption switch comprises: SHA-1 coprocessor, for sequence number, the key of storage encryption switch, generate random number, and according to described sequence number, key and described random number generating message authentication code; Described Encryption Network Card comprises:
With the eeprom memory of SHA-1, for sequence number, the key of storage encryption network interface card, and according to described sequence number, key and User Defined data generating message authentication code;
CPLD, for generate random number, and produce be used for encrypting significant data bag control word;
Network control chip, is connected respectively with the described eeprom memory with SHA-1 and CPLD, for Control ethernet interface; Described network control chip is provided with IIC interface, GPIO and the PCIe interface of expansion; Described network control chip is intel82574 chip;
It is characterized in that, the method comprises the following steps:
A1: Host Detection sends message request after connecting and encrypts switch network interface card sequence number is provided with encrypting switch to it, encrypts switch and communicates by letter with SHA-1 coprocessor, reads described network interface card sequence number and sends to described main frame;
B1:CPLD generates random number, reads network interface card sequence number with the eeprom memory of SHA-1, and random number and network interface card sequence number are encapsulated into and address inquires to message and send to encryption switch;
C1: the random number that main frame generates CPLD sends to the eeprom memory with SHA-1, goes out to verify message authentication code with the eeprom memory of SHA-1 according to random number, network interface card sequence number and cipher key calculation;
D1: encrypt switch the network interface card sequence number in the inquiry message of its reception and random number are sent to SHA-1 coprocessor, SHA-1 coprocessor, according to random number, network interface card sequence number and key, calculates message authentication code;
E1: encrypt switch the message authentication code calculating is encapsulated into and sends to main frame in response message;
F1: main frame sends to CPLD to compare the message authentication code of its reception and described checking message authentication code, if the two is consistent, uses encryption switch that network exchange service is provided, and connects otherwise CPLD will close the network of this network interface card.
3. a method of utilizing Ethernet encrypted authentication system to be encrypted the mutual certification between network interface card driver and Encryption Network Card, described Ethernet encrypted authentication system comprises: encrypt switch and be installed on the Encryption Network Card of client host, wherein, described encryption switch comprises: SHA-1 coprocessor, for sequence number, the key of storage encryption switch, generate random number, and according to described sequence number, key and described random number generating message authentication code; Described Encryption Network Card comprises:
With the eeprom memory of SHA-1, for sequence number, the key of storage encryption network interface card, and according to described sequence number, key and User Defined data generating message authentication code;
CPLD, for generate random number, and produce be used for encrypting significant data bag control word;
Network control chip, is connected respectively with the described eeprom memory with SHA-1 and CPLD, for Control ethernet interface; Described network control chip is provided with IIC interface, GPIO and the PCIe interface of expansion; Described network control chip is intel82574 chip;
It is characterized in that, the method comprises the following steps:
A2: insert the USB KEY that comprises SHA-1Coprocessor at the PCI of main frame slot or USB interface;
B2: Encryption Network Card driver sends the request of reading its sequence number to Encryption Network Card, and read sequence number and send to USB KEY;
C2: Encryption Network Card driver requests USB KEY produces random number, and read this random number and send to Encryption Network Card;
D2: the eeprom memory with SHA-1 reads back according to the sequence number generating message authentication code of key, described random number and Encryption Network Card encrypted network interface card driver;
E2:USB KEY generates checking message authentication code according to the sequence number of key, random number and Encryption Network Card and encrypted network interface card driver reads back;
F2: Encryption Network Card driver compares described message authentication code and described checking message authentication code, if the two is consistent, continues to use this network to connect, otherwise, stop using this network to connect.
4. the method that is encrypted the mutual certification between network interface card driver and Encryption Network Card as claimed in claim 3, is characterized in that, also comprises: utilize CPLD to safeguard the step that the timing of timer supervision Encryption Network Card driver authenticates Encryption Network Card.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110425336.9A CN102571348B (en) | 2011-12-16 | 2011-12-16 | Ethernet encryption and authentication system and encryption and authentication method |
| PCT/CN2011/084741 WO2013086758A1 (en) | 2011-12-16 | 2011-12-27 | Ethernet encryption and authentication system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110425336.9A CN102571348B (en) | 2011-12-16 | 2011-12-16 | Ethernet encryption and authentication system and encryption and authentication method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102571348A CN102571348A (en) | 2012-07-11 |
| CN102571348B true CN102571348B (en) | 2014-09-24 |
Family
ID=46415889
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110425336.9A Expired - Fee Related CN102571348B (en) | 2011-12-16 | 2011-12-16 | Ethernet encryption and authentication system and encryption and authentication method |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN102571348B (en) |
| WO (1) | WO2013086758A1 (en) |
Families Citing this family (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103714296B (en) * | 2012-09-29 | 2016-12-21 | 西安诺瓦电子科技有限公司 | A kind of method realizing display screen control system and computer binding by AES |
| CN103903022B (en) * | 2012-12-28 | 2017-06-20 | 北京握奇数据***有限公司 | It is a kind of support more cover personal data application of IC cards realization method and system |
| CN103401697B (en) * | 2013-07-01 | 2017-02-01 | 华为技术有限公司 | Method and device for controlling equipment interface remotely |
| CN105471861B (en) * | 2015-11-19 | 2018-08-07 | 上海应用技术学院 | Message dynamic encapsulation method and dynamic tunnel construction method |
| CN105721458A (en) * | 2016-01-30 | 2016-06-29 | 安徽欧迈特数字技术有限责任公司 | Industrial Ethernet switching method based on ISG security password technique |
| CN105791296A (en) * | 2016-03-08 | 2016-07-20 | 浪潮集团有限公司 | Method for quickly scrambling and descrambling network message |
| CN106295374B (en) * | 2016-08-23 | 2019-07-09 | 记忆科技(深圳)有限公司 | A kind of encryption Hub device for supporting multiple UFS equipment |
| CN107689961A (en) * | 2017-09-14 | 2018-02-13 | 长沙开雅电子科技有限公司 | A kind of switch ports themselves certification access-in management device |
| CN110417706B (en) * | 2018-04-27 | 2022-05-31 | 中泓慧联技术有限公司 | Switch-based secure communication method |
| CN109450931A (en) * | 2018-12-14 | 2019-03-08 | 北京知道创宇信息技术有限公司 | A kind of secure internet connection method, apparatus and PnP device |
| CN111294211A (en) * | 2020-02-13 | 2020-06-16 | 山东方寸微电子科技有限公司 | USB network card data encryption and decryption method based on RNDIS |
| CN111541663A (en) * | 2020-04-14 | 2020-08-14 | 北京数盾信息科技有限公司 | Link exchange encryption system based on national password standard |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101179376A (en) * | 2007-12-05 | 2008-05-14 | 龙刚 | Method of implementing LAN information safety and method based safe network card and network |
| CN101291244A (en) * | 2007-04-16 | 2008-10-22 | 深圳市维信联合科技有限公司 | Network security management method and system thereof |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020166070A1 (en) * | 2001-05-04 | 2002-11-07 | Avraham Mualem | Method and apparatus to reduce errors of a security association |
| US20050114710A1 (en) * | 2003-11-21 | 2005-05-26 | Finisar Corporation | Host bus adapter for secure network devices |
| US8234686B2 (en) * | 2004-08-25 | 2012-07-31 | Harris Corporation | System and method for creating a security application for programmable cryptography module |
| JP2007323553A (en) * | 2006-06-05 | 2007-12-13 | Hitachi Ltd | Adapter device performing encrypted communication on network and ic card |
-
2011
- 2011-12-16 CN CN201110425336.9A patent/CN102571348B/en not_active Expired - Fee Related
- 2011-12-27 WO PCT/CN2011/084741 patent/WO2013086758A1/en active Application Filing
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101291244A (en) * | 2007-04-16 | 2008-10-22 | 深圳市维信联合科技有限公司 | Network security management method and system thereof |
| CN101179376A (en) * | 2007-12-05 | 2008-05-14 | 龙刚 | Method of implementing LAN information safety and method based safe network card and network |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2013086758A1 (en) | 2013-06-20 |
| CN102571348A (en) | 2012-07-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102571348B (en) | Ethernet encryption and authentication system and encryption and authentication method | |
| CN100449558C (en) | Sleep protection | |
| EP3197089B1 (en) | Secure information configuration method, secure authentication method and related chip | |
| US9647834B2 (en) | Systems and methods with cryptography and tamper resistance software security | |
| EP2080148B1 (en) | System and method for changing a shared encryption key | |
| CN109858265A (en) | A kind of encryption method, device and relevant device | |
| US9042553B2 (en) | Communicating device and communicating method | |
| CN102025503B (en) | Data security implementation method in cluster environment and high-security cluster | |
| JPH11175202A (en) | Method and system for transmitting remote control command for computer network | |
| WO2020192285A1 (en) | Key management method, security chip, service server and information system | |
| US20030063742A1 (en) | Method and apparatus for generating a strong random number for use in a security subsystem for a processor-based device | |
| CN104205044A (en) | Anti-malware protection operation with instruction included in an operand | |
| CN103544410A (en) | Embedded microprocessor unclonable function secret key certification system and method | |
| CN101291244B (en) | Network security management method and system thereof | |
| CN103326866A (en) | Authentication method and system based on equipment MAC address | |
| CN105099705A (en) | Safety communication method and system based on USB protocol | |
| CN105471901A (en) | Industrial information security authentication system | |
| CN111884814A (en) | Method and system for preventing counterfeiting of intelligent terminal | |
| CN102024115A (en) | Computer with user security subsystem | |
| CN113986470B (en) | Batch remote proving method for virtual machines without perception of users | |
| CN101197822B (en) | System for preventing information leakage and method based on the same | |
| CN201498001U (en) | Credible calculation platform based on symmetrical key codes | |
| CN105721458A (en) | Industrial Ethernet switching method based on ISG security password technique | |
| Papa et al. | Placement of trust anchors in embedded computer systems | |
| CN105426705A (en) | Encryption control system for accounting software |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| PP01 | Preservation of patent right | ||
| PP01 | Preservation of patent right |
Effective date of registration: 20180823 Granted publication date: 20140924 |
|
| PD01 | Discharge of preservation of patent | ||
| PD01 | Discharge of preservation of patent |
Date of cancellation: 20210823 Granted publication date: 20140924 |
|
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20140924 Termination date: 20181216 |