50 results about "Sensor network security" patented technology

A security system with processing optimized for monitoring the actions of a surveillance subject and detecting abnormal actions. The action record of an individual is monitored using a sensor network security system SNS, and the development of an action event is reported as an action, and the corresponding processing of the security system SCS is determined based on this action.

The invention provides an entity authentication method in a wireless sensor network, relating to the application field related to sensor network security in information security technology. The invention can ensure the safe communication among nodes by authenticating the identity of nodes in the wireless sensor network. The authentication for determining whether a node is legal and trustable comprises node trust value management, trust group construction, and trust group updating so as to store corresponding trust value in the node. In the information transmission process, the node can determine the information transmission manner and path according to the magnitude of the trust value. The method can acquire effective security authentication strategy by using the ideal of node reputation and the trust group, and can obviate the problem of large calculation amount of digital signature by using public key algorithm, thereby to effectively reduce the authentication delay and improve the network lifetime.

Devices, systems and related methods are disclosed for improving operational security of a network and/or network devices, such as wireless access points (APs). In the disclosed systems, a network device is not fully operational until it is attached to a network and downloads sensitive information. The information is stored in the network device so that when the device is disconnected from the network, the sensitive information is erased from the device, making the device inoperative and removing sensitive information, such as passwords, network security keys, or the like. Disabling the network device in this manner not only prevents the theft of sensitive network access information, by also discourages theft of the device itself because it cannot be used on another network without the configuration information. In addition to downloading configuration information, the network device can also download an executable image that is likewise not permanently resident on the device.

A method for managing access to network resources by a first network device may include establishing a communication session with the first network device. The method may also include receiving information from the first network device during the communication session, the information indicating that the first network device is not in compliance with at least one security-related rule. The method may further include determining whether to modify access by the first network device to at least one of the network resources based on the received information.

The invention discloses a wireless sensor network switching and pre-authenticating method based on evaluation, comprising the steps of: 1, predicting a new subnet to be switched by a mobile node, evaluating and predicting the mobile node, and making a pre-authenticating request; 2, evaluating the mobile node by the original subnet cluster head node, if the evaluation is safe, sending pre-authenticating information to a new subnet cluster head node; 3, evaluating the new subnet by the new subnet cluster head node, and authenticating the identity of the mobile node, if the evaluation is qualified, passing the authentication, agreeing to access, and sending evaluation information to the original subnet cluster head node; 4, deciding whether agreeing to access or not by the original subnet cluster head node according to the request of the mobile node and the evaluation on the new subnet, giving an adjustment suggest; and 5, if agreeing to access, negotiating a private key between the mobile node and the new subnet cluster head node. The invention has the advantages of short time delay, high safety and long service life of a sensor network, and can be applied to the field of sensor networks with high requirements for time delay and safety.

The embodiment of the invention discloses a management system, method and apparatus for network security. The system includes UE, an AN, a network function selection module and at least two authentication modules. The UE is used to send a first service request to the network function selection module, wherein the first service request carries authentication protocol information. The network function selection module is used to select a target authentication module according to the authentication protocol information and send a second service request to the target authentication module; and thetarget authentication module is used to perform mutual authentication with the UE; and the target authentication module is further used to determine first security configuration according to a specified security policy and send the first security configuration to the AN. The AN is used to determine second security configuration according to the first security configuration or the specified security policy and send the second security configuration to the UE. The technical solution provided by the invention can meet the security requirements of differentiated authentication protocols and security policies of the network so as to improve network security.

Systems and methods for designating a proper subset of interfaces of a network security appliance as source/destination interfaces in connection with defining a security rule pertaining to a traffic flow are provided. According to one embodiment, a security rule configuration interface is provided through which a network administrator can specify parameters of security rules to be applied to traffic attempting to traverse the network security appliance. Interface information, defining a traffic flow to be controlled by a security rule, is received via the configuration interface. The interface information specifies multiple interfaces, representing a proper subset of the interfaces of the network security appliance, as source/destination interfaces of the traffic flow. Information regarding an action to be performed on the traffic when the security rule is matched is received via the configuration interface. The security rule is stored as part of a rule set to be applied to the traffic.

The invention discloses a method for realizing network security and a star network. In the scheme of the invention, a controller is added to the start network; the controller and a security server are connected in an authentication manner; the security server confirms the communication security between the security server and the controller by periodically sending a detection message; every time after receiving an access request from a server, the security server sends the security level of the file requested by the terminal and the IP (Internet protocol) address of the terminal to the controller; and the controller determines the confidential level of the terminal according to the security level of the file, stores the IP address and confidential level of the terminal in a security level mapping table, generates a communication rule of the terminal according to the security level and sends the communication rule to a switch so as to control communication between terminals. Through the technical scheme of the invention, the security of the star network is greatly improved.

A security chip for protecting a network security system comprises a data security part for providing a secure encryption and decryption algorithm and an interaction protocol, wherein the data security part mainly comprises an encryption and decryption algorithm control engine, an authorization counter, a true random number generator, a unique serial number and a secure EEPROM; and a network security part composed of a network white list filtering module and a network data processing module. The encryption and decryption algorithm control engine comprises private key security storage for supporting private key ECDH operation and ECDSA signature authentication. The mainstream national password and commercial password encryption and decryption algorithms perform high-speed encryption and reduction on the data stream so as to adapt to the security requirements of different scenes. The chip safety management supplies power, manages the read-write ROM on the chip, allows special equipment to write, and allows remote erasure but does not allow reading. The invention also provides a network security system using the security chip. The sensitive data communication security can be protectedfrom the hardware level, and the efficiency can be greatly improved while the system security is improved.

The invention discloses a sensor network security real-time online monitoring system based on parallel filtering. According to the invention, real-time estimation is carried out on true values of power values measured by all instruments by using a parallel unscented Kalman filter; when the network has a fault, namely, when a system operation failure, an instrument and meter failure or a network attack occurs, deviation is generated between two filters, the deviation is accumulated by using a generalized CUSUM detection method taking KL divergence as an index to obtain decision statistics of fault detection of the whole system and each instrument and meter, and when the decision statistics exceeds a predefined threshold, alarm information is given to indicate that the fault occurs. According to the monitoring system provided by the invention, the abnormal condition of the electric power information physical system is effectively monitored from the perspective of sensor data, and the system has relatively high embedding property, real-time property and stability, is convenient to develop on an original system, and ensures the safe and economic operation of the electric power system.

In a wireless mesh network having multiple network managers, the network managers maintain network security through the use of encryption keys and packet counters. To ensure that each network manager can authenticate communications with any node of the network, the authentication data is replicated in a disjoint manner in all network managers. Advantageously, network reliability is assured by providing redundant managers that can seamlessly maintain network operation even if multiple network managers fail; newly joining managers can obtain full authentication data for the network upon joining; and network throughput is increased by ensuring that any of the multiple managers can authenticate the communications of any network node. The disjoint replication of the authentication data across all network managers is performed with low data-rate manager-to-manager packets propagated through the network. The disjoint security methods and systems can advantageously be used in wireless battery monitoring systems, for example.

Security and access control is provided for sensor devices, the data captured by sensor devices, and the results of processing and analyzing that data. In one aspect, SceneData related to a Scene is requested from a sensor-side technology stack and at least some of the SceneData is secured, for example by encryption. Different SceneData can be secured separately and at different levels of security, thus providing fine-grained security of the SceneData. In yet another aspect, data security is implemented by a separate privacy management system. In yet another aspect, sensor devices themselves are secured against external network threats. The sensor device includes an execution environment and a separate network management layer that secures the execution environment against threats from the external network. In one implementation, the sensor device is partitioned into a trusted region and a non-trusted region, and the network security stack is implemented in the trusted region.

The invention discloses a big data implementation system and method based on network security. The big data implementation platform of the system comprises: a big data acquisition module, a big data preprocessing module, a big data processing module, a network security monitoring module and a controller; the network security monitoring module comprises a network detection unit, a visitor verification unit and an access flow monitoring unit. The big data implementation system collects multiple paths of data in parallel via a data receiver with multiple data interfaces, a priority number and a frame number are added to the frame packaging data, the collected data are stored in a hierarchical manner, so that the stored data are analyzed and screened according to the priority number and the frame number and are output; that is, in a big data implementation process, the data are collected via multiple channels, so that the collection efficiency is high, and the collection data is large; and the data stored in the hierarchical manner are output according to the priority number and the frame number, so that the data transmission is sequential, network blockage and data loss are unlikely to generate, the data processing efficiency is low, and the resource utilization rate is low.

The invention discloses a small data distribution method enabling wireless sensor network security and denial of service attack defense. The method includes the following steps that: a system initialization phase: a base station generates a key material and loads a public parameter into each sensor node before sensor network deployment; a data packet earlier-stage processing phase: the base station generates data packets through adopting a cipher confusing technology and a digital signature method before data item distribution; and a data packet authentication phase: after receiving the data packets, the sensor nodes judge the validity of the data packets, if the data packets are valid data packets, the sensor nodes receive and update the data packets, otherwise, the sensor nodes discard the data packets. With the mall data distribution method of the invention, under the condition that sensor node resources are limited, resistance to compromise of the sensor nodes can be realized, the integrity and security of information can be ensured, and no time synchronization is required between the base station and the sensor nodes, and defense for denial of service attack can be effectively realized. The small data distribution method has high robustness in packet loss and data packet transmission out-of-sequence.

The invention discloses a distributed regional internet security protection system, and belongs to the technical field of network security. The distributed regional internet security protection systemcomprises a remote management and maintenance system and a local system; and the local system comprises a security protection system host, a management machine, dedicated network equipment and wireless access equipment. The distributed regional internet security protection system disclosed by the invention can perform security protection and integrated management on internet users, internet access terminals, access networks and flow information in multiple special regions distributed in different geographical positions; the internet users and networks in the regions cannot be maliciously violated; the privacy and information security of network users can be effectively protected; and thus, the distributed regional internet security protection system disclosed by the invention is particularly suitable for departments having relatively high requirements on information security, such as governments, armies and commercial corporations.

The invention relates to the technical fields of big data, network security and the like, and specifically relates to a big data implementation control system based on internet network security. The system comprises a network node security system, a trusted security encryption system, a node path optimization system and a cloud service system; the network node security system establishes a secureroute for determining a secure transmission path of data in the network; the network node security system comprises an identity authentication module, a key generation module and a message check module; the trusted security encryption system is used for performing encryption setting on a network node, and a serial number of the node needs to be verified before the data transmission of the networknode; the node path optimization system is used for selecting an optimal node path during the data transmission of the node; and the cloud service system is used for providing a cloud support for thebig data implementation control system of the entire network security. By adoption of the scheme, the security during the data transmission is enhanced, and the efficiency of the data transmission isimproved.