CN103763301B - A kind of system and method for use ppp protocol encapsulations IPsec frame structures - Google Patents

A kind of system and method for use ppp protocol encapsulations IPsec frame structures Download PDF

Info

Publication number
CN103763301B
CN103763301B CN201310530738.4A CN201310530738A CN103763301B CN 103763301 B CN103763301 B CN 103763301B CN 201310530738 A CN201310530738 A CN 201310530738A CN 103763301 B CN103763301 B CN 103763301B
Authority
CN
China
Prior art keywords
module
kernel
ipsec
business
frame structures
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201310530738.4A
Other languages
Chinese (zh)
Other versions
CN103763301A (en
Inventor
江泽鑫
余南华
陈炯聪
黄曙
梁智强
胡朝辉
梁志宏
林丹生
李闯
石炜君
梁毅成
黄岳峰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Electric Power Research Institute of Guangdong Power Grid Co Ltd
Original Assignee
Electric Power Research Institute of Guangdong Power Grid Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Electric Power Research Institute of Guangdong Power Grid Co Ltd filed Critical Electric Power Research Institute of Guangdong Power Grid Co Ltd
Priority to CN201310530738.4A priority Critical patent/CN103763301B/en
Publication of CN103763301A publication Critical patent/CN103763301A/en
Application granted granted Critical
Publication of CN103763301B publication Critical patent/CN103763301B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Small-Scale Networks (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present invention relates to a kind of system of use ppp protocol encapsulations IPsec frame structures, the system includes user's space and kernel spacing, and the user's space includes management module, business module, key protocol module and dial module;The kernel spacing includes kernel-driven module, kernel tasks module, kernel setup and state-storage module, kernel interface and kernel algorithm scheduler module.The invention further relates to a kind of business datum receiving/transmission method using the IPsec frame structures system.The system and method realize the IPsec frame structures based on ppp protocol encapsulations using the SM serial algorithms of national Password Management office, so as to realize the communication security of industrial end;The safeguard protection that it can realize to the variform service terminal equipment such as network interface type, serial ports type, industrial bus in addition, and the protection of legacy network devices or network primary station is not limited to, therefore with widely used advantage.

Description

A kind of system and method for use ppp protocol encapsulations IPsec frame structures
Technical field
The present invention relates to information security field, more particularly to a kind of system of use ppp protocol encapsulations IPsec frame structures And method.
Background technology
Information system is widely used in all trades and professions, such as in the production monitoring system that electric power network, track traffic are multistage , it is necessary to be acquired to the visual plant service data belonging to system, analyzed and fault diagnosis in system.Due to cable network construction The shortcomings of high cost, dumb access point, wirelessly(Such as GPRS)Industrial production system is replenished as cable network(Particularly Data collecting system)Middle extensive use;Ppp protocol is the main dialcom agreement of current wireless GPRS.
But to ensure that the data integrity based on wireless GPRS, confidentiality and non-repudiation (can confirm that message is sent out The side of sending is only possible sender, and sender can not deny being transmitted across message), it is necessary to be encrypted in wireless communications and recognize Card, current VPN(Virtual Private Network, VPN)Technology is a communication security for comparative maturity Technology, the VPN for commonly using at present has two layers of L2TP technologies, three layers of IP sec technologies and four layers of SSL technologies.
Wherein the L2TP technologies of two-layer VPN can only set up tunnel between LAC nodes and LNS nodes and carry out data protection, And it is difficult to industrial data collection terminal body to comprehensive protection of main website of enterprise computer room.
Wherein four layers SSL technologies needs carry out data encryption and certification, it is necessary to carry out in the application layer of enterprise's industrial control system Because security protection and business are operated together in same server after the system reform, and the system reform, there is many management Problem, the problems such as such as malfunction elimination interface is unintelligible.
IPsec (Internet Protocol Security, protocol safety) is a kind of frame structure of open standard, By using the security service of encryption to ensure to be maintained secrecy and the communication of safety on Internet protocol (IP) network, it can It is to realize terminal to the whole protecting tunnel of main website and fully transparent for master station application system.IPsec frame structures are applicable In the data acquisition communication security protection based on wireless terminal, but the IPsec frame structures of main flow are mainly non-using RSA at present The symmetric cryptographic algorithms such as symmetric cryptographic algorithm, 3DES/AES and MD5/SHA-1 hashing algorithms, the wherein private of asymmetric cryptographic algorithm Key security determines the security of whole security protection system;The RSA1024 of current main flow has been found to and dangerous, existing rank Section foreign countries promote mainly RSA2048, by increasing the difficulty that key length increase is cracked.Therefore, Password Management office of country of China is in recent years To push SM serial algorithms, asymmetric arithmetic SM2 therein uses security intensity geometry ellipse algorithm higher, rather than The algorithm of Big prime theorem is based on using RSA.
Based on above technical reason, the present invention proposes system and the side of a kind of use ppp protocol encapsulations IPsec frame structures Method.
The content of the invention
In view of this, the embodiment of the present invention provides system and the side of a kind of use ppp protocol encapsulations IPsec frame structures Method, it is widely used, and can realize the communication security of industrial end.
On the one hand, there is provided a kind of system of use ppp protocol encapsulations IPsec frame structures, the system includes that user is empty Between and kernel spacing, wherein the user's space include management module, business module, key negotiation module, dial module, it is described Management module includes management message module and initialization management module, and the management message module is used to receive the remote of master station device Thread management message, the initialization management module is used to receive the initialization procedure of digital certificate system;The business module bag Startup and Network conf iotag. module and business data processing module are included, the startup and Network conf iotag. module are used to realize electricity The self-inspection of startup, network settings, routing function treatment, the business data processing module are used to realize that business acquisition terminal is gathered Business datum, and front end processor is transferred it to by ppp agreements and IPsec frame structures;The key negotiation module be used for Master station device is interacted;The dial module is used to configure GPRS module by AT command set, and is entered with ppp agreements Row parsing;The kernel spacing includes kernel-driven module, kernel tasks module, kernel setup and state-storage module, kernel Algorithmic dispatching module, kernel interface module, serial port module and industry that the kernel-driven module is used for needed for encapsulating GPRS module The interface driver of business acquisition terminal;The kernel tasks module be used for security service and network service are provided needed for Bridge, Route functions;SAD, SPD configuration information that the kernel setup and state-storage module are used for needed for storing IPsec;In described Accounting method scheduler module is used to encapsulate SM1/2/3 algorithms, and for the encryption and certification of IPsec-tools provide algorithm packaging;Institute Kernel interface module is stated for interacting between kernel spacing and user's space.
On the other hand, there is provided a kind of business datum receiving/transmission method using above-mentioned IPsec frame structures system, it is described It is interconnected by Ethernet interface between IPsec frame structures system and business acquisition terminal, methods described includes:
Business datum is received, security strategy matching is carried out;
Source address conversion is carried out to business datum, and searches security association;
Business datum is encrypted, and produces ESP packets;And
By ESP packets by route querying, and then sent to business acquisition terminal by wireless network.
Further, there is provided a kind of business datum receiving/transmission method using above-mentioned IPsec frame structures system, it is described It is interconnected by serial ports between IPsec frame structures system and business acquisition terminal, methods described includes:
Business datum is received from serial ports;
Security strategy is carried out to business datum to match and search its security association;
Business datum is encrypted, and produces ESP packets;And
By ESP packets by route querying, and then sent to business acquisition terminal by wireless network.
Relative to prior art, ppp protocol encapsulations IPsec frame structures system provided in an embodiment of the present invention and adopt Realize being based on using the SM serial algorithms of national Password Management office with the business datum receiving/transmission method of the IPsec frame structure systems The IPsec frame structures of ppp protocol encapsulations, so as to realize the communication security of industrial end;It can be realized to network interface type, string in addition The safeguard protection of the variform service terminal such as the shape of the mouth as one speaks, industrial bus, and it is not limited to the guarantor of legacy network devices or network primary station Shield, using quite varied.
Brief description of the drawings
In order to illustrate more clearly of technical scheme, the accompanying drawing to be used needed for implementation method will be made below Simply introduce, it should be apparent that, drawings in the following description are only some embodiments of the present invention, general for this area For logical technical staff, on the premise of not paying creative work, other accompanying drawings can also be obtained according to these accompanying drawings.
Fig. 1 is the circuit theory schematic diagram of IPsec frame structures system provided in an embodiment of the present invention;
Fig. 2 is to use to include the industry spot of the systems of IPsec frame structures shown in Fig. 1 and the connection diagram of computer room;
Fig. 3 is using the network interface type service terminal deployment schematic diagram of IPsec frame structures system shown in Fig. 1;
Fig. 4 is business data transmission transmission flow schematic diagram in the deployment of the service terminal of network interface type shown in Fig. 3;
Fig. 5 is business data transmission reception schematic flow sheet in the deployment of the service terminal of network interface type shown in Fig. 3;
Fig. 6 is using the serial ports type service terminal deployment schematic diagram of IPsec frame structures system shown in Fig. 1;
Fig. 7 is business data transmission transmission flow schematic diagram in the deployment of the service terminal of serial ports type shown in Fig. 6;
Fig. 8 is business data transmission reception schematic flow sheet in the deployment of the service terminal of serial ports type shown in Fig. 6.
Specific embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete Site preparation is described, it is clear that described embodiment is only a part of embodiment of the invention, rather than whole embodiments.It is based on Embodiment in the present invention, it is every other that those of ordinary skill in the art are obtained under the premise of creative work is not made Embodiment, belongs to the scope of protection of the invention.
Fig. 1 is referred to, the embodiment of the present invention provides a kind of system 100 of use ppp protocol encapsulations IPsec frame structures, The protocol system includes user's space 10A and kernel spacing 10B.
In the present embodiment, the user's space 10A runs different scheduler modules, specifically includes management module 20, industry Business module 30, key protocol module 35 and dial module 40.
As shown in figure 1, the management module 20 includes management message module 21 and initialization management module 22.Wherein, manage Reason message module 21 is used to receive the remote management message of master station device (or main website VPN) 300, to carry out the system 100 Status monitoring, software upgrading and security strategy such as issue at the management function;Initialization management module 22 is used to receive digital certificate system The initialization procedure united to IPsec frame structures system 100, IP address section, ppp the agreements dialing such as to IPsec both sides' protection Access point, serial ports configuration etc. information initialized.
Fig. 2 is system provided in an embodiment of the present invention 100 with computer room connection diagram.Included in industry spot The system 100(This equipment)With industrial end 200, such as business acquisition terminal, main website VPN300 is included in computer room (i.e. main website) And acquisition server 400, it is connected by interchanger 500 between main website VPN300 and acquisition server 400.
Further, the business module 30 includes starting and Network conf iotag. module 31 and business data processing module 32. Wherein, start and Network conf iotag. module 31 is used to realize that the self-inspection of the electrifying startup of this IPsec frame structures system 100, network set Put, routing function treatment etc..Business data processing module 32 is used to realize business acquisition terminal capturing service data, and passes through Ppp agreements and IPsec frame structures transfer it to front end processor.
In the present embodiment, the key negotiation module 35 be used for interacted with main website VPN300, carry out key agreement and The associative operations such as key exchange.Operated by these and ultimately form this IPsec frame structures system 100 and main website VPN300's IPsec SA(Security association, Security Association)With SP (Security Policy, security strategy) information.
The dial module 40 is used to be instructed automatically by AT (attention) after electricity in IPsec frame structures system 100 Set pair GPRS module is configured, and is parsed with ppp agreements, also realizes that dialing status monitoring and ppp broken strings are redialed in addition Etc. function.
In addition, in the present embodiment, the system 100 still further comprises a task scheduling performing module 36, for right Management module 20, business module 30, key negotiation module 35, dial module 40 carry out task scheduling.
In the present embodiment, the kernel spacing 10B includes kernel-driven module 50, kernel tasks module 60, kernel setup With state-storage module 70, kernel interface 80 and kernel algorithm scheduler module 90.
Wherein, the serial port module and present device that kernel-driven module 50 is used for needed for encapsulating GPRS module of the present invention are protected The interface driver of the business acquisition terminal of shield, is that above-mentioned each module calls offer package interface in kernel.
Kernel tasks module 60 realizes the flow chart of data processing of IPsec using IPsec-tools technologies, there is provided security service With the function such as Bridge, the Route needed for network service.Kernel setup is mainly used in storing IPsec with state-storage module 70 Required SAD (Security Association Database, security association database), SPD (Security Policy Database, Security Policy Database) configuration information.Kernel algorithm scheduler module 90 is used to encapsulate SM1/2/3 algorithms, and is The encryption and certification of IPsec-tools provide algorithm packaging.
In addition, kernel interface module 80 is used for interacting between kernel spacing 10B and user's space 10A.In the present embodiment, The main system interface such as including socket, PF_KEY and proc of kernel interface module 80, to realize configuration loading, the real-time shape of system The functions such as state inquiry.
The system 100 of use ppp protocol encapsulations IPsec frame structures provided in an embodiment of the present invention, it uses country close The SM serial algorithms of code management board realize the IPsec frame structures based on ppp protocol encapsulations, so as to realize the communication of industrial end Safety;Its advantage also resides in and is capable of achieving to protect the safety of the variform service terminal equipment such as network interface type, serial ports type, industrial bus Shield, and the protection of legacy network devices or network primary station is not limited to, using quite varied.In the present embodiment, the industry is whole End refers to industrial circle(The energy, chemical industry, etc. industry)Terminal, these terminals generally comprise acquisition function(Such as above-mentioned business Acquisition terminal)And control function.
Embodiment one:Network interface type service terminal is disposed
Fig. 3 is referred to, it is to dispose schematic diagram using the network interface type service terminal of above-mentioned IPsec frame structures system 100, In the present embodiment, the integrated GPRS wireless dial-ups module of the IPsec frame structures system 100, between business acquisition terminal 200 It is interconnected by Ethernet interface (ethernet), it is adaptable to which the interface of business acquisition terminal is Ethernet interface application scenarios.
Business acquisition terminal 200 and IPsec frame structures system 100 are each configured with IP, and in the present embodiment, its device is matched somebody with somebody It is set to route pattern.Implement, the IPsec frame structures system 100 is filled by ppp protocol encapsulations IPsec with main website Set up vertical vpn tunneling.Business acquisition terminal 200 sets up TCP connections long, and transmission services gathered data with front end processor.
After IPsec frame structures system 100 and master station device set up vpn tunneling, business data transmission transmitting-receiving flow is such as Shown in Fig. 4 and Fig. 5.In the present embodiment, as shown in Fig. 2 when business acquisition terminal 200 sends data, can be sent out to system 100 first ARP request is sent, when system 100 responds the ARP request, business acquisition terminal 200 sends the data to system 100.Needs are indicated , because system 100 establishes vpn tunneling with the main website VPN300 of computer room, system 100 can be from business acquisition terminal 200 receive data, it is also possible to receive data from the main website VPN300 of computer room by wireless GPRS.
When the transmission of data is when being sent to the acquisition server 400 of computer room from business acquisition terminal 200, to perform Fig. 4 institutes The flow shown.
As shown in figure 4, in business data transmission transmission process, first, IPsec frame structures system 100 receives business Data, are carried out security strategy (Security Policy, SP) matching;Then source address conversion (Source is carried out Network Address Translation, SNAT), search corresponding SA(Security association, Security Association), (SA is defined and is provided security protocol, the algorithm and close that safeguard protection is used by IP bags to carry out data encryption The information such as key), the security performance of IPSEC can be held consultation (IKE key agreements) in the process, generation really can be used to The key of encrypting traffic, the ESP (EncapsulatingSecurity Payload, IP encapsulating security payload (esp)) of generation Packet by wireless network by after route querying, being transmitted.
As shown in figure 5, during business data transmission reception, first, IPsec frame structures system 100 receives ESP After packet, SA is searched, carry out data deciphering, carry out destination address conversion(DestinationNAT, DNAT), pacified After full strategy (SP) matching, business acquisition terminal 200 is sent to by route.
Embodiment two:Serial ports type service terminal is disposed
Fig. 6 is referred to, it is to dispose schematic diagram using the serial ports type service terminal of above-mentioned IPsec frame structures system 100. In the present embodiment, business acquisition terminal 200 passes through serial ports RS232 (" data terminal equipments(DTE)And data communications equipment(DCE) Between SERIAL BINARY DATA Fabric Interface technical standard) interconnected with IPsec frame structures system 100, business acquisition terminal 200 IP address need not be configured, and IPsec frame structures system 100 needs to configure IP address.In addition, present device passes through ppp Protocol encapsulation IPsec sets up vpn tunneling with master station device, and sets up TCP connections long, and then transmission services collection number with front end processor According to.
Business datum transmitting-receiving flow such as Fig. 7 that present device is set up after IPsec VPN and TCP connections long with master station device And shown in Fig. 8.
As shown in fig. 7, in business data transmission transmission process, first, IPsec frame structures system 100 connects from serial ports Business datum is received, business datum is connected by TCP and is transmitted using send functions;IPsec frame structures system 100 According to the corresponding SA of SP matched and searcheds, data encryption is carried out, the security performance of IPSEC can be held consultation in the process (IKE is close Key is consulted), produce the real key that can be used to encrypting traffic, the ESP packets of generation by after route querying, by nothing Gauze network is transmitted.
As shown in figure 8, during business data transmission reception, first, IPsec frame structures system 100 receives ESP Packet, searches SA, carries out data deciphering, and packet is handed in into layer treatment (flow of more than the dotted line T shown in Fig. 7); Upper TCP receives ESP packets (including but not limited to 101 protocol datas) using recv functions, by ESP packets by string Mouthful business acquisition terminal 200 is sent to, is received by business acquisition terminal 200 and parsed after business datum and processed.
In the present embodiment, the business datum receiving/transmission method is not limited to use in business acquisition terminal 200, its Being usable in other has the industrial end of control function(For the energy, chemical industry, etc. terminal).It is provided in an embodiment of the present invention Using the business datum receiving/transmission method of IPsec frame structures system 100, it uses the SM serial algorithm realities of national Password Management office The IPsec frame structures of ppp protocol encapsulations are now based on, so as to realize the communication security of industrial end;It can be realized to net in addition The safeguard protection of the variforms such as the shape of the mouth as one speaks, serial ports type (such as industrial bus) industrial end, and it is not limited to legacy network devices or net The protection of network main website, therefore with widely used advantage.
Finally it should be noted that:The preferred embodiments of the present invention are the foregoing is only, are not intended to limit the invention, Although being described in detail to the present invention with reference to the foregoing embodiments, for a person skilled in the art, it still may be used Modified with to the technical scheme described in foregoing embodiments, or equivalent is carried out to which part technical characteristic. All any modification, equivalent substitution and improvements within the spirit and principles in the present invention, made etc., should be included in of the invention Within protection domain.

Claims (9)

1. a kind of system of use ppp protocol encapsulations IPsec frame structures, the system includes user's space and kernel spacing, Characterized in that, the user's space includes:
Management module, the management module includes management message module and initialization management module, and the management message module is used In the remote management message for receiving master station device, the initialization management module is used to receive the initialization of digital certificate system Journey;The initialization management module is used to receive IP address section, the ppp agreements group that digital certificate system protects IPsec both sides Number access point, the initialization procedure of serial ports configuration information;
Business module, the business module includes starting and Network conf iotag. module and business data processing module, the startup And Network conf iotag. module is used to realize the self-inspection of electrifying startup, network settings, routing function treatment, the business data processing mould Block is used to realize business acquisition terminal capturing service data, and is transferred it to by ppp agreements and IPsec frame structures preposition Machine;
Key negotiation module, the key negotiation module is used to be interacted with master station device, forms IPsec SA and SP information; And
Dial module, the dial module is used to configure GPRS module by AT command set, and is solved with ppp agreements Analysis;
The kernel spacing includes:
Kernel-driven module, the serial port module and business acquisition terminal that kernel-driven module is used for needed for encapsulating GPRS module connects Mouth drives;
Kernel tasks module, Bridge, Route work(that kernel tasks module is used for needed for providing security service and network service Energy;
Kernel setup and state-storage module, SAD that the kernel setup and state-storage module are used for needed for storing IPsec, SPD configuration information;
Kernel algorithm scheduler module, the kernel algorithm scheduler module is used to encapsulate SM1/2/3 algorithms, and is IPsec-tools Encryption and certification provide algorithm packaging;And
Kernel interface module, the kernel interface module is used for interacting between kernel spacing and user's space.
2. IPsec frame structures system as claimed in claim 1, it is characterised in that the dial module is further used for reality Existing dialing status monitoring and ppp broken string redialing functions.
3. IPsec frame structures system as claimed in claim 1, it is characterised in that the kernel tasks module is used IPsec-tools technologies realize the flow chart of data processing of IPsec.
4. IPsec frame structures system as claimed in claim 1, it is characterised in that the kernel interface module includes Socket, PF_KEY and proc system interface.
5. IPsec frame structures system as claimed in claim 1, it is characterised in that further include that a task scheduling is held Row module, for carrying out task scheduling to management module, business module, key negotiation module, dial module.
6. it is a kind of using as described in claim 1-5 any one IPsec frame structure systems business datum receiving/transmission method, institute State and be interconnected by Ethernet interface between IPsec frame structures system and business acquisition terminal, methods described includes:
Business datum is received, security strategy matching is carried out;
Source address conversion is carried out to business datum, and searches security association;
Business datum is encrypted, and produces ESP packets;And
By ESP packets by route querying, and then sent to business acquisition terminal by wireless network.
7. business datum receiving/transmission method as claimed in claim 6, it is characterised in that methods described is further included:
Receive ESP packets;
Security association is searched according to ESP packets;
Data encryption is carried out to ESP packets;
Destination address conversion is carried out to ESP packets, and carries out security strategy matching;
By ESP packets by route querying, and sent to business acquisition terminal by wireless network.
8. it is a kind of using as described in claim 1-5 any one IPsec frame structure systems business datum receiving/transmission method, institute State and be interconnected by serial ports between IPsec frame structures system and business acquisition terminal, methods described includes:
Business datum is received from serial ports;
Security strategy is carried out to business datum to match and search its security association;
Business datum is encrypted, and produces ESP packets;And
By ESP packets by route querying, and then sent to business acquisition terminal by wireless network.
9. business datum receiving/transmission method as claimed in claim 8, it is characterised in that methods described is further included:
Receive ESP packets;
Security association is searched according to ESP packets;
Data encryption is carried out to ESP packets;
ESP packets are sent to business acquisition terminal by serial ports.
CN201310530738.4A 2013-10-31 2013-10-31 A kind of system and method for use ppp protocol encapsulations IPsec frame structures Active CN103763301B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201310530738.4A CN103763301B (en) 2013-10-31 2013-10-31 A kind of system and method for use ppp protocol encapsulations IPsec frame structures

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310530738.4A CN103763301B (en) 2013-10-31 2013-10-31 A kind of system and method for use ppp protocol encapsulations IPsec frame structures

Publications (2)

Publication Number Publication Date
CN103763301A CN103763301A (en) 2014-04-30
CN103763301B true CN103763301B (en) 2017-06-13

Family

ID=50530461

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310530738.4A Active CN103763301B (en) 2013-10-31 2013-10-31 A kind of system and method for use ppp protocol encapsulations IPsec frame structures

Country Status (1)

Country Link
CN (1) CN103763301B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106254231A (en) * 2016-08-18 2016-12-21 中京天裕科技(北京)有限公司 A kind of industrial safety encryption gateway based on state and its implementation
CN108881470B (en) * 2018-07-06 2020-11-17 山东中瑞新能源科技有限公司 Data remote transmission monitoring system and implementation method thereof
CN111596962B (en) * 2019-02-20 2023-05-30 中标软件有限公司 Real-time microkernel system based on high-speed protocol channel and initialization method thereof
CN112367391A (en) * 2020-11-04 2021-02-12 青岛联众芯云科技有限公司 Internet of things-based special transformer acquisition terminal system and method thereof
CN113709119B (en) * 2021-08-12 2023-02-03 南京华盾电力信息安全测评有限公司 Password security gateway, system and use method

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101094056A (en) * 2007-05-30 2007-12-26 重庆邮电大学 Security system of wireless industrial control network, and method for implementing security policy
CN101127454A (en) * 2006-08-18 2008-02-20 北京国智恒电力管理科技有限公司 Power monitoring information security access device
CN101494624A (en) * 2008-10-22 2009-07-29 珠海市鸿瑞信息技术有限公司 Electric force special public network communication secure gateway
CN101662359A (en) * 2009-08-17 2010-03-03 珠海市鸿瑞信息技术有限公司 Security protection method of communication data of special electricity public network

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100759489B1 (en) * 2004-11-18 2007-09-18 삼성전자주식회사 Method and appratus for security of ip security tunnel using public key infrastructure in a mobile communication network

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101127454A (en) * 2006-08-18 2008-02-20 北京国智恒电力管理科技有限公司 Power monitoring information security access device
CN101094056A (en) * 2007-05-30 2007-12-26 重庆邮电大学 Security system of wireless industrial control network, and method for implementing security policy
CN101494624A (en) * 2008-10-22 2009-07-29 珠海市鸿瑞信息技术有限公司 Electric force special public network communication secure gateway
CN101662359A (en) * 2009-08-17 2010-03-03 珠海市鸿瑞信息技术有限公司 Security protection method of communication data of special electricity public network

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
基于GPRS的远程监控系统的应用研究;朱炫鹏;《中国优秀硕士学位论文全文数据库信息科技辑》;20070815(第02期);正文第39-52页 *
基于IPSec协议的VPN网络安全技术的研究与实现;胡珊;《中国优秀硕士学位论文全文数据库信息科技辑》;20030615(第02期);正文第22-42页 *
基于IPSec的VPN的研究与实现;沈俊霞;《中国优秀硕士学位论文全文数据库信息科技辑》;20100415(第04期);正文第27-43页 *

Also Published As

Publication number Publication date
CN103763301A (en) 2014-04-30

Similar Documents

Publication Publication Date Title
CN109842585B (en) Network information safety protection unit and protection method for industrial embedded system
CN103763301B (en) A kind of system and method for use ppp protocol encapsulations IPsec frame structures
CN202856781U (en) Industrial control system main station safety device
CN100594690C (en) Method and device for safety strategy uniformly treatment in safety gateway
CN102882789B (en) A kind of data message processing method, system and equipment
CN101217435B (en) L2TP over IPSEC remote access method and device
CN200962604Y (en) Vertical encryption authentication gateway device special for power
CN108810023A (en) Safe encryption method, key sharing method and safety encryption isolation gateway
CN110636052B (en) Power consumption data transmission system
CN105812322B (en) The method for building up and device of internet safety protocol safe alliance
CN109104428A (en) Internet of things data quantum encrypted transmission equipment and transmission method
CN102932377A (en) Method and device for filtering IP (Internet Protocol) message
CN107181716A (en) A kind of secure communication of network system and method based on national commercial cipher algorithm
CN102664896A (en) Safety network transmission system and method based on hardware encryption
CN108964880A (en) A kind of data transmission method and device
CN111756627A (en) Cloud platform security access gateway of electric power monitored control system
CN104954339B (en) A kind of power emergency repair remote communication method and system
CN106603499A (en) Safety communication reconstruction method and system for power distribution terminal
CN102111377A (en) Network cipher machine
CN111464550B (en) HTTPS transparent protection method for message processing equipment
CN102868523A (en) IKE (Internet Key Exchange) negotiation method
CN103269301A (en) Desktop type IPSecVPN cryptographic machine and networking method
CN109257174A (en) A kind of application method of quantum key in VPWS business
CN106685896A (en) Plaintext data acquisition method and system within SSH protocol multi-layer channel
CN103581034B (en) Message mirroring and encrypted transmitting method

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP01 Change in the name or title of a patent holder
CP01 Change in the name or title of a patent holder

Address after: 510080 water Donggang 8, Dongfeng East Road, Yuexiu District, Guangzhou, Guangdong.

Patentee after: ELECTRIC POWER RESEARCH INSTITUTE, GUANGDONG POWER GRID CO., LTD.

Address before: 510080 water Donggang 8, Dongfeng East Road, Yuexiu District, Guangzhou, Guangdong.

Patentee before: Electrical Power Research Institute of Guangdong Power Grid Corporation