Detailed Description
The present application will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present application more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the application.
As shown in fig. 1, the present application provides a network communication method based on rapid transfer of key identification, the method comprising:
Determining a client pre-receiving device and a client pre-sending device, and configuring a security card on a control node;
the key identification quick transmission is a process of ensuring that a key can be quickly and safely transmitted to an authorized user when needed in the field of information security, ensuring that a secure communication channel is used when the key identification is transmitted, encrypting the key identification by using a proper encryption algorithm before transmitting the key identification, signing the key identification by using a digital signature technology so as to ensure the integrity and the authenticity of the key identification, recording the transmission process of the key identification, including the transmission time, the identity of a receiver, the communication channel and other information, and the quick transmission of the key identification needs to be balanced between the security and the efficiency. Confidentiality, integrity and authenticity of the key identification in the transfer process can be ensured by using a secure communication channel, encryption technology, digital signature, authentication and other methods. The network communication means that all the isolated devices are connected through a network, so that links for information exchange among people, computers and computers are realized, and the purposes of resource sharing and communication are achieved.
The security card is a smart card for protecting communication security by adopting a key distribution technology, is used for encrypting and decrypting communication data so as to ensure the security of a communication process, is generally integrated in communication equipment or a system, can provide secure communication services for various applications, and is characterized in that a client pre-receiving device and a client pre-sending device refer to two ports for communication transmission, wherein the sending ports are client pre-sending devices, and the receiving ports are client pre-receiving devices; the control node is a node responsible for managing and coordinating the operation of other nodes in the network or system, and may perform various functions including routing decisions, resource allocation, configuration management, security control, etc., where managing and coordinating the distribution of keys, the establishment and maintenance of channels, and the communication security node judges according to the compatibility of the security card with the client pre-receiving equipment and the client pre-transmitting equipment, and then configures the security card for the control node, thereby providing a blanket for subsequent data communication and storage encryption.
The security card is acquired based on a security server, and the security card is in communication connection with the security server;
and determining the control node and configuring a security card to the control node.
The method comprises the steps that a security service end is based on a security service end, the security service end is a system component for providing security communication service, the security of a communication process is ensured by utilizing mechanics principles and technologies, the security service end can generate random and unpredictable keys, the generated keys are distributed to two communication parties through a security communication channel, the two communication parties can carry out encryption communication by utilizing the distributed keys, the security service end can also provide a mechanics-based random number generation function, and the random numbers can be used for various security applications such as encryption, identity verification and the like; the security card is a smart card integrating key generation, distribution and encryption functions, and communication with a security server can be realized by configuring the security card to a control node, thereby ensuring the security of the entire communication system.
The security server and the control center are deployed together to serve as a security control center, and the security control center comprises an access base station, a key center, a network manager and a security card.
The control center refers to a control module for controlling the switch and related equipment, wherein the access base station is an entry point of a communication network and is responsible for receiving and sending signals and providing access and authentication of the security terminal; the key center is responsible for generating, storing and managing key parts and providing key generation and distribution; a smart card integrating key generation, distribution and encryption functions, the smart card providing an encrypted key; the network management refers to network management, and is responsible for configuration management of nodes and security cards of security network services in the application. The security server and the control center are deployed together, and the whole system is called a security control center and is used for managing key generation and distribution and secure communication. By deploying the security service end and the control center together, a centralized, efficient and safe management and coordination center can be formed, and the security of the whole communication system is ensured.
As shown in fig. 2, a codebook is arranged in the key center, and the codebook comprises pure numbers, numbers with letters and numbers with letters with special characters;
When network communication is needed, generating the random key identification and adding the random key identification into the codebook;
Acquiring the client pre-receiving equipment and the client pre-sending equipment according to the security control center, and issuing the random key identification to the security card corresponding to the client pre-sending equipment;
And transmitting the random key identification to the client pre-receiving equipment for validity verification.
Setting a codebook in the safety control center, wherein the codebook comprises a plurality of cipher formats, namely pure numbers, combination of numbers and letters, and combination of numbers and letters and special characters; each entry of the codebook may be a unique password or pattern of passwords for generating secure communication keys; when network communication is required, the key center generates a random key identification. The identification is based on the output of the random number generator to ensure its unpredictability and security; the generation of the random key identification should follow the format and complexity requirements defined in the codebook and be set by the staff; generating a random key identification, wherein the random key identification is added into a codebook to serve as a new entry, the adding operation means that the key identification is stored in a database of a key center, the record of the codebook is updated, the security control center acquires information of a client pre-receiving device and a client pre-sending device, the generated random key identification is issued to a security card corresponding to the client pre-sending device, the random key identification is transmitted to the client pre-receiving device, the received key identification is compared with the random key identification stored in the device at the client pre-receiving device to verify the validity of the key identification, and if the verification is successful, the client pre-receiving device confirms the validity of the key and prepares to use the key for encrypted communication. The method ensures the safe generation, distribution and verification of the secret key, can obviously improve the safety of network communication by setting the codebook and using the security card, and can be difficult to crack even if the secret key is intercepted in the transmission process because the random secret key is randomly generated and conforms to the complexity requirement defined in the codebook, thereby improving the safety of network communication.
When the random key identification is created, the random key identification is added to the codebook;
checking the invalid passwords of the codebook, screening the invalid passwords, and deleting the invalid passwords to obtain a screened codebook;
Setting a password checking condition;
And checking the sieving codebook based on the password checking condition, removing the non-compliant password, and obtaining an updated codebook.
After creating a random key identifier and adding the random key identifier to a codebook, updating the codebook to generate a random key identifier, generating the random key identifier according to a random number generator, conforming to the format of the codebook, adding the random key identifier to the codebook, and executing verification of an invalid password after adding a new key identifier to the codebook, wherein the invalid password refers to whether the random key identifier meets various specific requirements and is repeated, the specific requirements comprise the length, the format and the like of the random key identifier, and judging the random key identifier which does not meet any requirement as an invalid password and deleting the invalid password from the codebook. Defining password checking conditions including minimum length of password, combination requirement including upper case letters, lower case letters, numbers and special characters, whether or not to repeat, etc., and checking the screened codebook using the defined password checking conditions. This means that each password in the codebook is traversed and checked for satisfaction of all set conditions, and if the password does not meet any one condition, it is considered as an improper password and is removed from the codebook. The method ensures that the codebook only contains effective, unique and safe-policy-conforming passwords, thereby improving the safety of the whole communication system.
The client pre-sending equipment generates a random key identifier based on the security card and transmits the random key identifier to the client pre-receiving equipment according to an encryption channel;
The client pre-sending device uses a secure card to generate a random key identifier, and transmits the key identifier to the client pre-receiving device safely through an encryption channel, the secure card arranged in the client pre-sending device generates a random key identifier by using a random number generator, and after the random key identifier is generated, a secure encryption channel needs to be established between the client pre-sending device and the client pre-receiving device, and the client pre-sending device can transmit the random key identifier to the client pre-receiving device through the encryption channel.
The client pre-receiving device performs verification of the random key identification according to the security card;
After receiving the encrypted key identification, the client pre-receiving device decrypts the encrypted key identification by using a corresponding decryption algorithm and a key to obtain a plaintext random key identification, and verifies the validity of the random key identification according to the plaintext, namely if the decrypted number of the random key identification is different from that of the codebook, the random key identification is proved to be tampered, and then the random key identification is invalidated and the device is overhauled.
If the random key identification is valid, the client pre-sending equipment encrypts communication data based on the random key identification, and installs a check code additionally to transmit the communication data to the client pre-receiving equipment;
If the random key identification is verified to be valid, the random key identification indicates that both communication parties have safely shared a key, and then the key can be used for encrypting communication data so as to ensure confidentiality of the data in the transmission process; the client pre-sending device uses the random key identifier which is verified to be effective before as a key to encrypt communication data to be transmitted, after encrypting the data, the client pre-sending device is added with a check code, the check code is a value calculated through a certain hash function, the check code is used for verifying whether the data is tampered in the transmission process, and the encrypted communication data and the check code are transmitted to the client pre-receiving device through an encryption channel established before. Since the data is encrypted and carries the check code, the receiving device can detect even if an error occurs in the transmission process or the data is tampered with; after receiving the encrypted data and the check code, the client pre-receiving device decrypts the encrypted data and the check code by using the same random key identifier, and recalculates the check code. If the decrypted data passes verification of the check code, it is stated that the data has not been tampered with during transmission and is complete. The random key identification is used to encrypt the communication data and a check code is added to ensure the integrity and correctness of the data. The security of network communication is enhanced, and the risks of data leakage and tampering are reduced.
The client pre-receiving equipment recalculates to obtain a calculation check code, compares the calculation check code with the calculation check code, and judges whether the communication data is tampered;
The client pre-receiving device firstly decrypts the received encrypted communication data by using the shared random key identifier, and the decryption process adopts the same encryption algorithm and key as the sending end, so as to restore the original communication data; once the data is successfully decrypted, the client pre-receiving device recalculates the check code in the same manner as the sender using the same hash function and random key identification, and the client pre-receiving device compares the recalculated check code with the received check code. If the two check codes are identical, which means that no tampering or error occurs in the data transmission process, the client pre-receiving device can judge that the communication data is likely to be tampered in the transmission process if the check codes are not identical. At this point, the receiving device may take appropriate action, such as discarding the data, requesting retransmission, or triggering an alarm, to ensure the integrity and security of the data. By recalculating the check code and comparing the check code with the received check code, the client pre-receiving device can effectively judge whether the communication data is tampered in the transmission process, thereby ensuring the safety and the integrity of the data.
When the client pre-sending equipment transmits, the check codes are packaged according to the strong passwords at the same time, and the corresponding secret keys are transmitted to the client pre-receiving equipment through a secret key center;
And the client pre-receiving equipment receives the communication data, verifies the check code based on the corresponding key and judges whether the communication data is tampered.
The client pre-sending device may use a strong password to perform additional encapsulation on the check code while transmitting the communication data to increase the security of data transmission, where the strong password is a password that is difficult to guess or crack, and is generally of sufficient length, complexity and uniqueness to resist brute force cracking, dictionary attack and other common password cracking technologies. The client pre-sending equipment uses a strong password to package the check code so as to ensure that the check code cannot be easily tampered or decoded in the transmission process; the packaged check code and the communication data are transmitted to the client front-end receiving equipment through an encryption channel; the client pre-sending equipment transmits a corresponding key for unpacking the check code to the client pre-receiving equipment through a key center; and the client pre-receiving equipment receives the communication data and the packaged check code, and uses the obtained corresponding key to unpack the packaged check code and recalculate the check code. Then, comparing the recalculated check code with the received check code to verify the integrity and authenticity of the data; if the check codes are consistent, the client pre-receiving device confirms that the communication data is not tampered in the transmission process. If the check codes are not identical, which may indicate that the data has been tampered with during transmission, the receiving device may take appropriate action, such as requesting retransmission of the data or triggering an alarm. By the method, even if communication data is intercepted or tampered in the transmission process, because the check code is packaged by the strong password and the secret key is safely transmitted through the secret key center, an attacker can hardly tamper the communication data effectively without finding the communication data, and the safety and the reliability of network communication are improved.
When the result calculated by the client front-end receiving equipment according to the corresponding secret key is wrong, the check code is invalid, and the communication data is tampered;
And feeding back the verification code to a safety control center, and notifying a manager to find the security hole for checking, killing and overhauling.
When the client pre-receiving device uses the corresponding key to unpack the received package check code and recalculate the check code, if the calculated result is not matched with the received check code, the check code is invalid, so that the communication data is likely to be tampered in the transmission process, once the check code is found to be invalid, the receiving device immediately discards or marks the related communication data as invalid, so that the tampered data is prevented from being further processed or used, and the receiving device feeds back the failure condition of the check code to the safety control center, namely, sends a safety alarm containing error details, so that the safety control center can quickly know the condition and take corresponding measures. The security control center may further notify the relevant manager, such as those responsible for network security or IT support. The manager will be responsible for investigating security vulnerabilities, identifying potential risks, and taking appropriate actions to repair vulnerabilities and restore security for network communications. The administrator may initiate investigation and repair procedures for security vulnerabilities, including analyzing communication logs, checking network devices and protocols for security, updating or patching software vulnerabilities, and the like. By the steps, the communication data can be quickly responded when being tampered, potential damage is reduced, and network security measures are enhanced.
And when the calculated check code accords with the check code, completing network communication between the client pre-receiving equipment and the client pre-transmitting equipment.
When the client pre-receiving device successfully unpacks and verifies the check code of the received communication data by using the corresponding key, if the calculated check code is consistent with the received check code, the integrity and the authenticity of the communication data are verified, once the check code verification is passed, the client pre-receiving device can continuously process the received communication data and perform corresponding operation according to the application requirement, after the check code verification is completed, the network communication between the client pre-receiving device and the client pre-sending device is formally established, the data transmission is considered to be safe and reliable, meanwhile, the client pre-sending device can also receive confirmation of successful communication, and can continuously perform subsequent data transmission or execute other tasks. The application ensures the security, confidentiality and integrity of network communication and prevents unauthorized access and data leakage by providing the network communication method and the storage device based on the key identification and quick transmission.
As shown in fig. 3, an embodiment of the present application provides a network communication system based on rapid transfer of key identification, the system comprising:
A security card configuration module 11, where the security card configuration module 11 is configured to determine a client pre-receiving device and a client pre-sending device, and configure a security card on a control node;
A random key identifier transmission module 12, where the random key identifier transmission module 12 is configured to generate a random key identifier by the client pre-sending device based on the security card, and transmit the random key identifier to the client pre-receiving device according to an encrypted channel;
A random key identification verification module 13, where the random key identification verification module 13 is configured to perform verification of the random key identification by the client pre-receiving device according to the security card;
the communication data encryption transmission module 14 is configured to encrypt communication data by the client pre-sending device based on the random key identifier if the random key identifier is valid, and install a check code additionally, and transmit the encrypted communication data to the client pre-receiving device;
the check code comparison module 15 is used for recalculating and obtaining a calculated check code by the client pre-receiving device, comparing the calculated check code and judging whether the communication data is tampered or not;
And a network communication completion module 16, where the network communication completion module 16 is configured to complete network communication between the client pre-receiving device and the client pre-sending device when the calculated check code matches the check code.
Further, the embodiment of the application further comprises:
The system comprises a security card acquisition module, a security card management module and a security card management module, wherein the security card acquisition module is used for acquiring the security card based on a security server, and the security card is in communication connection with the security server;
And the control node determining module is used for determining the control node and configuring the security card to the control node.
Further, the embodiment of the application further comprises:
The security control center acquisition module is used for deploying the security service end and the control center together to serve as a security control center, and the security control center comprises an access base station, a key center, a network manager and a security card.
Further, the embodiment of the application further comprises:
The cipher setting module is used for setting a cipher key in the key center, and the cipher key comprises pure numbers, numbers with letters and numbers with letters with special characters;
The random key identification adding module is used for generating the random key identification when network communication is needed and adding the random key identification into the codebook;
The random key identification issuing module is used for acquiring the client pre-receiving equipment and the client pre-sending equipment according to the security control center and issuing the random key identification to the security card corresponding to the client pre-sending equipment;
And the validity checking module is used for transmitting the random key identification to the client pre-receiving equipment for validity checking.
Further, the embodiment of the application further comprises:
the method comprises the steps that a random key identifier is added to a codebook module, and when the random key identifier is added to the codebook module for creating the random key identifier, the random key identifier is added to the codebook;
the invalid password checking module is used for checking the invalid passwords of the codebook, screening out the invalid passwords and deleting the invalid passwords to obtain a screened codebook;
the password checking condition module is used for setting password checking conditions;
And the updating code book acquisition module is used for checking the sieving code book based on the code checking condition, eliminating the non-compliant code and acquiring the updating code book.
Further, the embodiment of the application further comprises:
The check code packaging module is used for packaging the check codes according to the strong passwords and transmitting the corresponding keys to the client pre-receiving equipment through a key center when the client pre-sending equipment transmits the check codes;
and the check code check module is used for receiving the communication data by the client front-end receiving equipment, verifying the check code based on the corresponding key and judging whether the communication data is tampered or not.
Further, the embodiment of the application further comprises:
The communication data tampering module is used for invalidating the check code when the result calculated by the client front-end receiving equipment according to the corresponding secret key is wrong, and the communication data is tampered;
and the security hole overhaul module is used for feeding back the security hole overhaul module to the security control center according to the check code and notifying a manager to find the security hole for checking, killing and overhaul.
For specific embodiments of the network communication system based on the key identification fast forwarding, reference may be made to the above embodiments of the network communication method based on the key identification fast forwarding, which are not described herein. The above modules may be embedded in hardware or may be independent of a processor in the computer device, or may be stored in software in a memory in the computer device, so that the processor may call and execute operations corresponding to the above modules.
In one embodiment, a computer device is provided, which may be a server, the internal structure of which may be as shown in fig. 4. The computer device includes a processor, a memory, and a network interface connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, computer programs, and a database. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The database of the computer device is used for storing news data, time attenuation factors and other data. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by the processor to implement a network communication method based on key identification fast delivery.
It will be appreciated by persons skilled in the art that the architecture shown in fig. 4 is merely a block diagram of some of the architecture relevant to the present inventive arrangements and is not limiting as to the computer device to which the present inventive arrangements are applicable, and that a particular computer device may include more or fewer components than shown, or may combine some of the components, or have a different arrangement of components.
In one embodiment, a computer device is provided that includes a memory having a computer program stored therein and a processor that when executing the computer program performs the steps of a network communication method based on key identification fast transfer.
In one embodiment, a computer readable storage medium is provided having a computer program stored thereon which, when executed by a processor, performs the steps of a network communication method based on key identification fast transfer.
The technical features of the above embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.
The above examples illustrate only a few embodiments of the application, which are described in detail and are not to be construed as limiting the scope of the application. It should be noted that it will be apparent to those skilled in the art that several variations and modifications can be made without departing from the spirit of the application, which are all within the scope of the application. Accordingly, the scope of protection of the present application is to be determined by the appended claims.