In view of the security requirement for secret data cross-domain transfer, the paper introduces a novel secret data cross-domain transfer mechanism. The mechanism is based on a new cross-domain authentication and key establishment protocol, completes dual-directional authentication with the help of supervising servers in different domains and builds a new file transfer encryption key by combining signcryp-tion. Security analysis proves that the mechanism can ensure the security and privacy of secret data transfer across domains of different security levels and can resist various kinds of security attacks.%针对涉密数据在多个域之间传输的安全需求,介绍一种新的涉密数据跨域传输机制.该机制基于一种新的跨域认证与密钥建立协议,借助各域内的监督服务器完成双向认证,并结合签密法建立新的文件传输密钥.安全分析证明,该机制能保证不同安全等级域之间涉密数据传输的安全性和隐密性,并能抵御多种安全攻击.
展开▼