CN103763301B - A kind of system and method for use ppp protocol encapsulations IPsec frame structures - Google Patents
A kind of system and method for use ppp protocol encapsulations IPsec frame structures Download PDFInfo
- Publication number
- CN103763301B CN103763301B CN201310530738.4A CN201310530738A CN103763301B CN 103763301 B CN103763301 B CN 103763301B CN 201310530738 A CN201310530738 A CN 201310530738A CN 103763301 B CN103763301 B CN 103763301B
- Authority
- CN
- China
- Prior art keywords
- module
- kernel
- ipsec
- business
- frame structures
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Small-Scale Networks (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present invention relates to a kind of system of use ppp protocol encapsulations IPsec frame structures, the system includes user's space and kernel spacing, and the user's space includes management module, business module, key protocol module and dial module;The kernel spacing includes kernel-driven module, kernel tasks module, kernel setup and state-storage module, kernel interface and kernel algorithm scheduler module.The invention further relates to a kind of business datum receiving/transmission method using the IPsec frame structures system.The system and method realize the IPsec frame structures based on ppp protocol encapsulations using the SM serial algorithms of national Password Management office, so as to realize the communication security of industrial end;The safeguard protection that it can realize to the variform service terminal equipment such as network interface type, serial ports type, industrial bus in addition, and the protection of legacy network devices or network primary station is not limited to, therefore with widely used advantage.
Description
Technical field
The present invention relates to information security field, more particularly to a kind of system of use ppp protocol encapsulations IPsec frame structures
And method.
Background technology
Information system is widely used in all trades and professions, such as in the production monitoring system that electric power network, track traffic are multistage
, it is necessary to be acquired to the visual plant service data belonging to system, analyzed and fault diagnosis in system.Due to cable network construction
The shortcomings of high cost, dumb access point, wirelessly(Such as GPRS)Industrial production system is replenished as cable network(Particularly
Data collecting system)Middle extensive use;Ppp protocol is the main dialcom agreement of current wireless GPRS.
But to ensure that the data integrity based on wireless GPRS, confidentiality and non-repudiation (can confirm that message is sent out
The side of sending is only possible sender, and sender can not deny being transmitted across message), it is necessary to be encrypted in wireless communications and recognize
Card, current VPN(Virtual Private Network, VPN)Technology is a communication security for comparative maturity
Technology, the VPN for commonly using at present has two layers of L2TP technologies, three layers of IP sec technologies and four layers of SSL technologies.
Wherein the L2TP technologies of two-layer VPN can only set up tunnel between LAC nodes and LNS nodes and carry out data protection,
And it is difficult to industrial data collection terminal body to comprehensive protection of main website of enterprise computer room.
Wherein four layers SSL technologies needs carry out data encryption and certification, it is necessary to carry out in the application layer of enterprise's industrial control system
Because security protection and business are operated together in same server after the system reform, and the system reform, there is many management
Problem, the problems such as such as malfunction elimination interface is unintelligible.
IPsec (Internet Protocol Security, protocol safety) is a kind of frame structure of open standard,
By using the security service of encryption to ensure to be maintained secrecy and the communication of safety on Internet protocol (IP) network, it can
It is to realize terminal to the whole protecting tunnel of main website and fully transparent for master station application system.IPsec frame structures are applicable
In the data acquisition communication security protection based on wireless terminal, but the IPsec frame structures of main flow are mainly non-using RSA at present
The symmetric cryptographic algorithms such as symmetric cryptographic algorithm, 3DES/AES and MD5/SHA-1 hashing algorithms, the wherein private of asymmetric cryptographic algorithm
Key security determines the security of whole security protection system;The RSA1024 of current main flow has been found to and dangerous, existing rank
Section foreign countries promote mainly RSA2048, by increasing the difficulty that key length increase is cracked.Therefore, Password Management office of country of China is in recent years
To push SM serial algorithms, asymmetric arithmetic SM2 therein uses security intensity geometry ellipse algorithm higher, rather than
The algorithm of Big prime theorem is based on using RSA.
Based on above technical reason, the present invention proposes system and the side of a kind of use ppp protocol encapsulations IPsec frame structures
Method.
The content of the invention
In view of this, the embodiment of the present invention provides system and the side of a kind of use ppp protocol encapsulations IPsec frame structures
Method, it is widely used, and can realize the communication security of industrial end.
On the one hand, there is provided a kind of system of use ppp protocol encapsulations IPsec frame structures, the system includes that user is empty
Between and kernel spacing, wherein the user's space include management module, business module, key negotiation module, dial module, it is described
Management module includes management message module and initialization management module, and the management message module is used to receive the remote of master station device
Thread management message, the initialization management module is used to receive the initialization procedure of digital certificate system;The business module bag
Startup and Network conf iotag. module and business data processing module are included, the startup and Network conf iotag. module are used to realize electricity
The self-inspection of startup, network settings, routing function treatment, the business data processing module are used to realize that business acquisition terminal is gathered
Business datum, and front end processor is transferred it to by ppp agreements and IPsec frame structures;The key negotiation module be used for
Master station device is interacted;The dial module is used to configure GPRS module by AT command set, and is entered with ppp agreements
Row parsing;The kernel spacing includes kernel-driven module, kernel tasks module, kernel setup and state-storage module, kernel
Algorithmic dispatching module, kernel interface module, serial port module and industry that the kernel-driven module is used for needed for encapsulating GPRS module
The interface driver of business acquisition terminal;The kernel tasks module be used for security service and network service are provided needed for Bridge,
Route functions;SAD, SPD configuration information that the kernel setup and state-storage module are used for needed for storing IPsec;In described
Accounting method scheduler module is used to encapsulate SM1/2/3 algorithms, and for the encryption and certification of IPsec-tools provide algorithm packaging;Institute
Kernel interface module is stated for interacting between kernel spacing and user's space.
On the other hand, there is provided a kind of business datum receiving/transmission method using above-mentioned IPsec frame structures system, it is described
It is interconnected by Ethernet interface between IPsec frame structures system and business acquisition terminal, methods described includes:
Business datum is received, security strategy matching is carried out;
Source address conversion is carried out to business datum, and searches security association;
Business datum is encrypted, and produces ESP packets;And
By ESP packets by route querying, and then sent to business acquisition terminal by wireless network.
Further, there is provided a kind of business datum receiving/transmission method using above-mentioned IPsec frame structures system, it is described
It is interconnected by serial ports between IPsec frame structures system and business acquisition terminal, methods described includes:
Business datum is received from serial ports;
Security strategy is carried out to business datum to match and search its security association;
Business datum is encrypted, and produces ESP packets;And
By ESP packets by route querying, and then sent to business acquisition terminal by wireless network.
Relative to prior art, ppp protocol encapsulations IPsec frame structures system provided in an embodiment of the present invention and adopt
Realize being based on using the SM serial algorithms of national Password Management office with the business datum receiving/transmission method of the IPsec frame structure systems
The IPsec frame structures of ppp protocol encapsulations, so as to realize the communication security of industrial end;It can be realized to network interface type, string in addition
The safeguard protection of the variform service terminal such as the shape of the mouth as one speaks, industrial bus, and it is not limited to the guarantor of legacy network devices or network primary station
Shield, using quite varied.
Brief description of the drawings
In order to illustrate more clearly of technical scheme, the accompanying drawing to be used needed for implementation method will be made below
Simply introduce, it should be apparent that, drawings in the following description are only some embodiments of the present invention, general for this area
For logical technical staff, on the premise of not paying creative work, other accompanying drawings can also be obtained according to these accompanying drawings.
Fig. 1 is the circuit theory schematic diagram of IPsec frame structures system provided in an embodiment of the present invention;
Fig. 2 is to use to include the industry spot of the systems of IPsec frame structures shown in Fig. 1 and the connection diagram of computer room;
Fig. 3 is using the network interface type service terminal deployment schematic diagram of IPsec frame structures system shown in Fig. 1;
Fig. 4 is business data transmission transmission flow schematic diagram in the deployment of the service terminal of network interface type shown in Fig. 3;
Fig. 5 is business data transmission reception schematic flow sheet in the deployment of the service terminal of network interface type shown in Fig. 3;
Fig. 6 is using the serial ports type service terminal deployment schematic diagram of IPsec frame structures system shown in Fig. 1;
Fig. 7 is business data transmission transmission flow schematic diagram in the deployment of the service terminal of serial ports type shown in Fig. 6;
Fig. 8 is business data transmission reception schematic flow sheet in the deployment of the service terminal of serial ports type shown in Fig. 6.
Specific embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete
Site preparation is described, it is clear that described embodiment is only a part of embodiment of the invention, rather than whole embodiments.It is based on
Embodiment in the present invention, it is every other that those of ordinary skill in the art are obtained under the premise of creative work is not made
Embodiment, belongs to the scope of protection of the invention.
Fig. 1 is referred to, the embodiment of the present invention provides a kind of system 100 of use ppp protocol encapsulations IPsec frame structures,
The protocol system includes user's space 10A and kernel spacing 10B.
In the present embodiment, the user's space 10A runs different scheduler modules, specifically includes management module 20, industry
Business module 30, key protocol module 35 and dial module 40.
As shown in figure 1, the management module 20 includes management message module 21 and initialization management module 22.Wherein, manage
Reason message module 21 is used to receive the remote management message of master station device (or main website VPN) 300, to carry out the system 100
Status monitoring, software upgrading and security strategy such as issue at the management function;Initialization management module 22 is used to receive digital certificate system
The initialization procedure united to IPsec frame structures system 100, IP address section, ppp the agreements dialing such as to IPsec both sides' protection
Access point, serial ports configuration etc. information initialized.
Fig. 2 is system provided in an embodiment of the present invention 100 with computer room connection diagram.Included in industry spot
The system 100(This equipment)With industrial end 200, such as business acquisition terminal, main website VPN300 is included in computer room (i.e. main website)
And acquisition server 400, it is connected by interchanger 500 between main website VPN300 and acquisition server 400.
Further, the business module 30 includes starting and Network conf iotag. module 31 and business data processing module 32.
Wherein, start and Network conf iotag. module 31 is used to realize that the self-inspection of the electrifying startup of this IPsec frame structures system 100, network set
Put, routing function treatment etc..Business data processing module 32 is used to realize business acquisition terminal capturing service data, and passes through
Ppp agreements and IPsec frame structures transfer it to front end processor.
In the present embodiment, the key negotiation module 35 be used for interacted with main website VPN300, carry out key agreement and
The associative operations such as key exchange.Operated by these and ultimately form this IPsec frame structures system 100 and main website VPN300's
IPsec SA(Security association, Security Association)With SP (Security Policy, security strategy) information.
The dial module 40 is used to be instructed automatically by AT (attention) after electricity in IPsec frame structures system 100
Set pair GPRS module is configured, and is parsed with ppp agreements, also realizes that dialing status monitoring and ppp broken strings are redialed in addition
Etc. function.
In addition, in the present embodiment, the system 100 still further comprises a task scheduling performing module 36, for right
Management module 20, business module 30, key negotiation module 35, dial module 40 carry out task scheduling.
In the present embodiment, the kernel spacing 10B includes kernel-driven module 50, kernel tasks module 60, kernel setup
With state-storage module 70, kernel interface 80 and kernel algorithm scheduler module 90.
Wherein, the serial port module and present device that kernel-driven module 50 is used for needed for encapsulating GPRS module of the present invention are protected
The interface driver of the business acquisition terminal of shield, is that above-mentioned each module calls offer package interface in kernel.
Kernel tasks module 60 realizes the flow chart of data processing of IPsec using IPsec-tools technologies, there is provided security service
With the function such as Bridge, the Route needed for network service.Kernel setup is mainly used in storing IPsec with state-storage module 70
Required SAD (Security Association Database, security association database), SPD (Security Policy
Database, Security Policy Database) configuration information.Kernel algorithm scheduler module 90 is used to encapsulate SM1/2/3 algorithms, and is
The encryption and certification of IPsec-tools provide algorithm packaging.
In addition, kernel interface module 80 is used for interacting between kernel spacing 10B and user's space 10A.In the present embodiment,
The main system interface such as including socket, PF_KEY and proc of kernel interface module 80, to realize configuration loading, the real-time shape of system
The functions such as state inquiry.
The system 100 of use ppp protocol encapsulations IPsec frame structures provided in an embodiment of the present invention, it uses country close
The SM serial algorithms of code management board realize the IPsec frame structures based on ppp protocol encapsulations, so as to realize the communication of industrial end
Safety;Its advantage also resides in and is capable of achieving to protect the safety of the variform service terminal equipment such as network interface type, serial ports type, industrial bus
Shield, and the protection of legacy network devices or network primary station is not limited to, using quite varied.In the present embodiment, the industry is whole
End refers to industrial circle(The energy, chemical industry, etc. industry)Terminal, these terminals generally comprise acquisition function(Such as above-mentioned business
Acquisition terminal)And control function.
Embodiment one:Network interface type service terminal is disposed
Fig. 3 is referred to, it is to dispose schematic diagram using the network interface type service terminal of above-mentioned IPsec frame structures system 100,
In the present embodiment, the integrated GPRS wireless dial-ups module of the IPsec frame structures system 100, between business acquisition terminal 200
It is interconnected by Ethernet interface (ethernet), it is adaptable to which the interface of business acquisition terminal is Ethernet interface application scenarios.
Business acquisition terminal 200 and IPsec frame structures system 100 are each configured with IP, and in the present embodiment, its device is matched somebody with somebody
It is set to route pattern.Implement, the IPsec frame structures system 100 is filled by ppp protocol encapsulations IPsec with main website
Set up vertical vpn tunneling.Business acquisition terminal 200 sets up TCP connections long, and transmission services gathered data with front end processor.
After IPsec frame structures system 100 and master station device set up vpn tunneling, business data transmission transmitting-receiving flow is such as
Shown in Fig. 4 and Fig. 5.In the present embodiment, as shown in Fig. 2 when business acquisition terminal 200 sends data, can be sent out to system 100 first
ARP request is sent, when system 100 responds the ARP request, business acquisition terminal 200 sends the data to system 100.Needs are indicated
, because system 100 establishes vpn tunneling with the main website VPN300 of computer room, system 100 can be from business acquisition terminal
200 receive data, it is also possible to receive data from the main website VPN300 of computer room by wireless GPRS.
When the transmission of data is when being sent to the acquisition server 400 of computer room from business acquisition terminal 200, to perform Fig. 4 institutes
The flow shown.
As shown in figure 4, in business data transmission transmission process, first, IPsec frame structures system 100 receives business
Data, are carried out security strategy (Security Policy, SP) matching;Then source address conversion (Source is carried out
Network Address Translation, SNAT), search corresponding SA(Security association, Security
Association), (SA is defined and is provided security protocol, the algorithm and close that safeguard protection is used by IP bags to carry out data encryption
The information such as key), the security performance of IPSEC can be held consultation (IKE key agreements) in the process, generation really can be used to
The key of encrypting traffic, the ESP (EncapsulatingSecurity Payload, IP encapsulating security payload (esp)) of generation
Packet by wireless network by after route querying, being transmitted.
As shown in figure 5, during business data transmission reception, first, IPsec frame structures system 100 receives ESP
After packet, SA is searched, carry out data deciphering, carry out destination address conversion(DestinationNAT, DNAT), pacified
After full strategy (SP) matching, business acquisition terminal 200 is sent to by route.
Embodiment two:Serial ports type service terminal is disposed
Fig. 6 is referred to, it is to dispose schematic diagram using the serial ports type service terminal of above-mentioned IPsec frame structures system 100.
In the present embodiment, business acquisition terminal 200 passes through serial ports RS232 (" data terminal equipments(DTE)And data communications equipment(DCE)
Between SERIAL BINARY DATA Fabric Interface technical standard) interconnected with IPsec frame structures system 100, business acquisition terminal 200
IP address need not be configured, and IPsec frame structures system 100 needs to configure IP address.In addition, present device passes through ppp
Protocol encapsulation IPsec sets up vpn tunneling with master station device, and sets up TCP connections long, and then transmission services collection number with front end processor
According to.
Business datum transmitting-receiving flow such as Fig. 7 that present device is set up after IPsec VPN and TCP connections long with master station device
And shown in Fig. 8.
As shown in fig. 7, in business data transmission transmission process, first, IPsec frame structures system 100 connects from serial ports
Business datum is received, business datum is connected by TCP and is transmitted using send functions;IPsec frame structures system 100
According to the corresponding SA of SP matched and searcheds, data encryption is carried out, the security performance of IPSEC can be held consultation in the process (IKE is close
Key is consulted), produce the real key that can be used to encrypting traffic, the ESP packets of generation by after route querying, by nothing
Gauze network is transmitted.
As shown in figure 8, during business data transmission reception, first, IPsec frame structures system 100 receives ESP
Packet, searches SA, carries out data deciphering, and packet is handed in into layer treatment (flow of more than the dotted line T shown in Fig. 7);
Upper TCP receives ESP packets (including but not limited to 101 protocol datas) using recv functions, by ESP packets by string
Mouthful business acquisition terminal 200 is sent to, is received by business acquisition terminal 200 and parsed after business datum and processed.
In the present embodiment, the business datum receiving/transmission method is not limited to use in business acquisition terminal 200, its
Being usable in other has the industrial end of control function(For the energy, chemical industry, etc. terminal).It is provided in an embodiment of the present invention
Using the business datum receiving/transmission method of IPsec frame structures system 100, it uses the SM serial algorithm realities of national Password Management office
The IPsec frame structures of ppp protocol encapsulations are now based on, so as to realize the communication security of industrial end;It can be realized to net in addition
The safeguard protection of the variforms such as the shape of the mouth as one speaks, serial ports type (such as industrial bus) industrial end, and it is not limited to legacy network devices or net
The protection of network main website, therefore with widely used advantage.
Finally it should be noted that:The preferred embodiments of the present invention are the foregoing is only, are not intended to limit the invention,
Although being described in detail to the present invention with reference to the foregoing embodiments, for a person skilled in the art, it still may be used
Modified with to the technical scheme described in foregoing embodiments, or equivalent is carried out to which part technical characteristic.
All any modification, equivalent substitution and improvements within the spirit and principles in the present invention, made etc., should be included in of the invention
Within protection domain.
Claims (9)
1. a kind of system of use ppp protocol encapsulations IPsec frame structures, the system includes user's space and kernel spacing,
Characterized in that, the user's space includes:
Management module, the management module includes management message module and initialization management module, and the management message module is used
In the remote management message for receiving master station device, the initialization management module is used to receive the initialization of digital certificate system
Journey;The initialization management module is used to receive IP address section, the ppp agreements group that digital certificate system protects IPsec both sides
Number access point, the initialization procedure of serial ports configuration information;
Business module, the business module includes starting and Network conf iotag. module and business data processing module, the startup
And Network conf iotag. module is used to realize the self-inspection of electrifying startup, network settings, routing function treatment, the business data processing mould
Block is used to realize business acquisition terminal capturing service data, and is transferred it to by ppp agreements and IPsec frame structures preposition
Machine;
Key negotiation module, the key negotiation module is used to be interacted with master station device, forms IPsec SA and SP information;
And
Dial module, the dial module is used to configure GPRS module by AT command set, and is solved with ppp agreements
Analysis;
The kernel spacing includes:
Kernel-driven module, the serial port module and business acquisition terminal that kernel-driven module is used for needed for encapsulating GPRS module connects
Mouth drives;
Kernel tasks module, Bridge, Route work(that kernel tasks module is used for needed for providing security service and network service
Energy;
Kernel setup and state-storage module, SAD that the kernel setup and state-storage module are used for needed for storing IPsec,
SPD configuration information;
Kernel algorithm scheduler module, the kernel algorithm scheduler module is used to encapsulate SM1/2/3 algorithms, and is IPsec-tools
Encryption and certification provide algorithm packaging;And
Kernel interface module, the kernel interface module is used for interacting between kernel spacing and user's space.
2. IPsec frame structures system as claimed in claim 1, it is characterised in that the dial module is further used for reality
Existing dialing status monitoring and ppp broken string redialing functions.
3. IPsec frame structures system as claimed in claim 1, it is characterised in that the kernel tasks module is used
IPsec-tools technologies realize the flow chart of data processing of IPsec.
4. IPsec frame structures system as claimed in claim 1, it is characterised in that the kernel interface module includes
Socket, PF_KEY and proc system interface.
5. IPsec frame structures system as claimed in claim 1, it is characterised in that further include that a task scheduling is held
Row module, for carrying out task scheduling to management module, business module, key negotiation module, dial module.
6. it is a kind of using as described in claim 1-5 any one IPsec frame structure systems business datum receiving/transmission method, institute
State and be interconnected by Ethernet interface between IPsec frame structures system and business acquisition terminal, methods described includes:
Business datum is received, security strategy matching is carried out;
Source address conversion is carried out to business datum, and searches security association;
Business datum is encrypted, and produces ESP packets;And
By ESP packets by route querying, and then sent to business acquisition terminal by wireless network.
7. business datum receiving/transmission method as claimed in claim 6, it is characterised in that methods described is further included:
Receive ESP packets;
Security association is searched according to ESP packets;
Data encryption is carried out to ESP packets;
Destination address conversion is carried out to ESP packets, and carries out security strategy matching;
By ESP packets by route querying, and sent to business acquisition terminal by wireless network.
8. it is a kind of using as described in claim 1-5 any one IPsec frame structure systems business datum receiving/transmission method, institute
State and be interconnected by serial ports between IPsec frame structures system and business acquisition terminal, methods described includes:
Business datum is received from serial ports;
Security strategy is carried out to business datum to match and search its security association;
Business datum is encrypted, and produces ESP packets;And
By ESP packets by route querying, and then sent to business acquisition terminal by wireless network.
9. business datum receiving/transmission method as claimed in claim 8, it is characterised in that methods described is further included:
Receive ESP packets;
Security association is searched according to ESP packets;
Data encryption is carried out to ESP packets;
ESP packets are sent to business acquisition terminal by serial ports.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310530738.4A CN103763301B (en) | 2013-10-31 | 2013-10-31 | A kind of system and method for use ppp protocol encapsulations IPsec frame structures |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310530738.4A CN103763301B (en) | 2013-10-31 | 2013-10-31 | A kind of system and method for use ppp protocol encapsulations IPsec frame structures |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103763301A CN103763301A (en) | 2014-04-30 |
CN103763301B true CN103763301B (en) | 2017-06-13 |
Family
ID=50530461
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310530738.4A Active CN103763301B (en) | 2013-10-31 | 2013-10-31 | A kind of system and method for use ppp protocol encapsulations IPsec frame structures |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103763301B (en) |
Families Citing this family (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106254231A (en) * | 2016-08-18 | 2016-12-21 | 中京天裕科技(北京)有限公司 | A kind of industrial safety encryption gateway based on state and its implementation |
CN108881470B (en) * | 2018-07-06 | 2020-11-17 | 山东中瑞新能源科技有限公司 | Data remote transmission monitoring system and implementation method thereof |
CN111596962B (en) * | 2019-02-20 | 2023-05-30 | 中标软件有限公司 | Real-time microkernel system based on high-speed protocol channel and initialization method thereof |
CN112367391A (en) * | 2020-11-04 | 2021-02-12 | 青岛联众芯云科技有限公司 | Internet of things-based special transformer acquisition terminal system and method thereof |
CN113709119B (en) * | 2021-08-12 | 2023-02-03 | 南京华盾电力信息安全测评有限公司 | Password security gateway, system and use method |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101094056A (en) * | 2007-05-30 | 2007-12-26 | 重庆邮电大学 | Security system of wireless industrial control network, and method for implementing security policy |
CN101127454A (en) * | 2006-08-18 | 2008-02-20 | 北京国智恒电力管理科技有限公司 | Power monitoring information security access device |
CN101494624A (en) * | 2008-10-22 | 2009-07-29 | 珠海市鸿瑞信息技术有限公司 | Electric force special public network communication secure gateway |
CN101662359A (en) * | 2009-08-17 | 2010-03-03 | 珠海市鸿瑞信息技术有限公司 | Security protection method of communication data of special electricity public network |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100759489B1 (en) * | 2004-11-18 | 2007-09-18 | 삼성전자주식회사 | Method and appratus for security of ip security tunnel using public key infrastructure in a mobile communication network |
-
2013
- 2013-10-31 CN CN201310530738.4A patent/CN103763301B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101127454A (en) * | 2006-08-18 | 2008-02-20 | 北京国智恒电力管理科技有限公司 | Power monitoring information security access device |
CN101094056A (en) * | 2007-05-30 | 2007-12-26 | 重庆邮电大学 | Security system of wireless industrial control network, and method for implementing security policy |
CN101494624A (en) * | 2008-10-22 | 2009-07-29 | 珠海市鸿瑞信息技术有限公司 | Electric force special public network communication secure gateway |
CN101662359A (en) * | 2009-08-17 | 2010-03-03 | 珠海市鸿瑞信息技术有限公司 | Security protection method of communication data of special electricity public network |
Non-Patent Citations (3)
Title |
---|
基于GPRS的远程监控系统的应用研究;朱炫鹏;《中国优秀硕士学位论文全文数据库信息科技辑》;20070815(第02期);正文第39-52页 * |
基于IPSec协议的VPN网络安全技术的研究与实现;胡珊;《中国优秀硕士学位论文全文数据库信息科技辑》;20030615(第02期);正文第22-42页 * |
基于IPSec的VPN的研究与实现;沈俊霞;《中国优秀硕士学位论文全文数据库信息科技辑》;20100415(第04期);正文第27-43页 * |
Also Published As
Publication number | Publication date |
---|---|
CN103763301A (en) | 2014-04-30 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109842585B (en) | Network information safety protection unit and protection method for industrial embedded system | |
CN103763301B (en) | A kind of system and method for use ppp protocol encapsulations IPsec frame structures | |
CN202856781U (en) | Industrial control system main station safety device | |
CN100594690C (en) | Method and device for safety strategy uniformly treatment in safety gateway | |
CN102882789B (en) | A kind of data message processing method, system and equipment | |
CN101217435B (en) | L2TP over IPSEC remote access method and device | |
CN200962604Y (en) | Vertical encryption authentication gateway device special for power | |
CN108810023A (en) | Safe encryption method, key sharing method and safety encryption isolation gateway | |
CN110636052B (en) | Power consumption data transmission system | |
CN105812322B (en) | The method for building up and device of internet safety protocol safe alliance | |
CN109104428A (en) | Internet of things data quantum encrypted transmission equipment and transmission method | |
CN102932377A (en) | Method and device for filtering IP (Internet Protocol) message | |
CN107181716A (en) | A kind of secure communication of network system and method based on national commercial cipher algorithm | |
CN102664896A (en) | Safety network transmission system and method based on hardware encryption | |
CN108964880A (en) | A kind of data transmission method and device | |
CN111756627A (en) | Cloud platform security access gateway of electric power monitored control system | |
CN104954339B (en) | A kind of power emergency repair remote communication method and system | |
CN106603499A (en) | Safety communication reconstruction method and system for power distribution terminal | |
CN102111377A (en) | Network cipher machine | |
CN111464550B (en) | HTTPS transparent protection method for message processing equipment | |
CN102868523A (en) | IKE (Internet Key Exchange) negotiation method | |
CN103269301A (en) | Desktop type IPSecVPN cryptographic machine and networking method | |
CN109257174A (en) | A kind of application method of quantum key in VPWS business | |
CN106685896A (en) | Plaintext data acquisition method and system within SSH protocol multi-layer channel | |
CN103581034B (en) | Message mirroring and encrypted transmitting method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CP01 | Change in the name or title of a patent holder | ||
CP01 | Change in the name or title of a patent holder |
Address after: 510080 water Donggang 8, Dongfeng East Road, Yuexiu District, Guangzhou, Guangdong. Patentee after: ELECTRIC POWER RESEARCH INSTITUTE, GUANGDONG POWER GRID CO., LTD. Address before: 510080 water Donggang 8, Dongfeng East Road, Yuexiu District, Guangzhou, Guangdong. Patentee before: Electrical Power Research Institute of Guangdong Power Grid Corporation |