CN108632201A - Encryption device, decryption device and judge message whether the method that encrypt or decrypt - Google Patents

Encryption device, decryption device and judge message whether the method that encrypt or decrypt Download PDF

Info

Publication number
CN108632201A
CN108632201A CN201710157499.0A CN201710157499A CN108632201A CN 108632201 A CN108632201 A CN 108632201A CN 201710157499 A CN201710157499 A CN 201710157499A CN 108632201 A CN108632201 A CN 108632201A
Authority
CN
China
Prior art keywords
message
encryption
detection
encrypted
module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN201710157499.0A
Other languages
Chinese (zh)
Inventor
胡俊涛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to CN201710157499.0A priority Critical patent/CN108632201A/en
Publication of CN108632201A publication Critical patent/CN108632201A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • H04L63/205Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a kind of encryption device, decryption device and judge message whether the method that encrypt or decrypt, including first detection module and encrypting module, wherein, the first detection module, for carrying out deep message detection and analysis to message, judge whether it needs to encrypt according to analysis result, it would be desirable to which encrypted message is sent to encrypting module;The encrypting module, for receiving the encrypted message of needs and being encrypted.Further, the encrypting module is additionally operable to, and encryption label is stamped for encrypted message.The present invention judges whether it needs to carry out encryption and decryption operation, under the premise of guarantee information same safety, greatly reduces the workload of encryption and decryption, so as to effectively promote the efficiency of encryption and decryption by carrying out deep message detection and analysis to message.

Description

Encryption device, decryption device and judge message whether the method that encrypt or decrypt
Technical field
The present invention relates to field of communication technology, more particularly to a kind of encryption device decrypts device and judges whether message is wanted The method of encryption or decryption.
Background technology
With the continuous development of computer network, global IT application has become the main trend of human development.But due to meter Calculation machine network has many characteristics, such as connection diversity, the opening of terminal nonunf ormity and network, interconnectivity, causes net Network is easily by hacker, strange visitor, Malware and other attacks agaainst the law, so the safety and secrecy of network information are one heavy to closing The problem of wanting.And the most popular method to ensure information safety is exactly that transmission information is encrypted, i.e., using specific at information source Encryption Algorithm encrypted into row information, transmit encrypted information, it is final to obtain letter then in receiving terminal into the decryption of row information The true content of breath.Accordingly even when information is stolen in transmission process, it can also ensure the safety of information.
Fig. 1 is existing data transmission encipher-decipher method schematic diagram.Referring to Fig. 1, the transmitting terminal shared one of the same network A encryption equipment, when some transmitting terminal transmission data, encryption equipment is encrypted according to the five-tuple information extraction of message needs Message, be sent to external network after encryption;In receiving terminal, deciphering machine is according to the encrypted report of five-tuple information extraction of message Text is decrypted, and is sent to corresponding receiving terminal.
Since only according to five-tuple or seven tuple informations identification message, (the five-tuple information includes source IP to encryption equipment Location, source port, purpose IP address, destination interface and protocol number;Seven tuple information includes interface index, source IP address, source Port numbers, purpose IP address, destination slogan, protocol number and type of service (tos)), and the message that different applications generates Source port and destination interface wide coverage, or even have the case where multiplexed port, cause the same terminal to generate so exhausted big Segment message five-tuple or seven tuple informations are similar.Therefore, encryption equipment substantially to some transmitting terminal generate all messages all Perform cryptographic operation;Likewise, all messages that deciphering machine substantially generates the transmitting terminal perform decryption oprerations.
It can be seen that existing data transmission encipher-decipher method is matched using message five-tuple or seven tuple informations, excessively Simply, matching granularity is too big, and the network data for causing a large amount of security levels low also performs cryptographic operation, and considerably increasing need not The resource consumption wanted and time waste.
In addition, as network application emerges one after another, peer-to-peer network (Peer to Peer, P2P), online game, IPTV, The emerging services such as WEBTV occupy internet major part bandwidth, in fact, user to the partial data, pacifies without data completely The requirement of full property;And the significant data that user is concerned about, such as mail, account log in, file transmits, and really need guarantee transmission peace Full flow then accounting very little.At this point, the performance of encryption and decryption has become a bottleneck of message transmission rate, therefore, find One not only can guarantee data transmission security but also can quickly encryption and decryption method it is extremely urgent.
Invention content
In order to solve the above technical problem, the present invention provides a kind of encryption device, decryption device and whether judge message The method encrypted or decrypted, the efficiency of encryption and decryption when can effectively promote data transmission.
In order to reach the object of the invention, what the technical solution of the embodiment of the present invention was realized in:
An embodiment of the present invention provides a kind of encryption devices, including first detection module and encrypting module, wherein
The first detection module judges that it is for carrying out deep message detection and analysis to message according to analysis result It is no to need to encrypt, it would be desirable to which that encrypted message is sent to encrypting module;
The encrypting module, for receiving the encrypted message of needs and it being encrypted.
Further, the encrypting module is additionally operable to:Encryption label is stamped for encrypted message.
Further, the encrypting module is that encrypted message stamps encryption label, specially:The VLAN of message is set Priority fields and/or dscp field are the value made an appointment.
Further, the first detection module carries out deep message detection and analysis to message, specially:By with it is advance The protocol characteristic library of storage is matched, and determines the type of service of message.
The embodiment of the present invention additionally provides a kind of decryption device, including third detection module and the second deciphering module, wherein
Whether the third detection module carries encryption label for detection messages, if carrying encryption label, judges to report Text is ciphertext, sends it to the second deciphering module;
Second deciphering module for receiving the ciphertext from third detection module, and is decrypted it.
The embodiment of the present invention additionally provide it is a kind of judging whether message wants encrypted method, including:
Deep message detection and analysis are carried out to message;
Judge whether it needs to encrypt according to analysis result;
To needing encrypted message to be encrypted.
Further, the method further includes:Encryption label is stamped for encrypted message.
Further, described to stamp encryption label for encrypted message, specially:The VLAN of message is set Priority fields and/or dscp field are the value made an appointment.
Further, described that deep message detection and analysis are carried out to message, specially:By special with pre-stored agreement Sign library is matched, and determines the type of service of message.
The embodiment of the present invention additionally provide it is a kind of judge the method whether to be decrypted of message, including:
Whether detection messages carry encryption label;
If carrying encryption label, judge that message for ciphertext, is decrypted it.
Technical scheme of the present invention has the advantages that:
Encryption device provided by the invention, decryption device and judge message whether the method that encrypt or decrypt, by right Message carries out deep message detection and analysis, judges whether it needs to carry out encryption and decryption operation, before ensureing the same safety of information It puts, greatly reduces the workload of encryption and decryption, to effectively improve the efficiency of encryption and decryption.
Description of the drawings
Attached drawing described herein is used to provide further understanding of the present invention, and is constituted part of this application, this hair Bright illustrative embodiments and their description are not constituted improper limitations of the present invention for explaining the present invention.In the accompanying drawings:
Fig. 1 is existing data transmission encipher-decipher method schematic diagram;
Fig. 2 is the structural schematic diagram of the encryption device of first embodiment of the invention;
Fig. 3 is the structural schematic diagram of the encryption device of second embodiment of the invention;
Fig. 4 is the structural schematic diagram of the decryption device of first embodiment of the invention;
Fig. 5 is the structural schematic diagram of the decryption device of second embodiment of the invention;
Fig. 6 is the structural schematic diagram of the decryption device of third embodiment of the invention;
Fig. 7 is the structural schematic diagram of the decryption device of fourth embodiment of the invention;
Fig. 8 judges whether message wants the flow diagram of encrypted method for first embodiment of the invention;
Fig. 9 is the flow diagram for judging method that whether message is decrypted of first embodiment of the invention;
Figure 10 is the flow diagram for judging method that whether message is decrypted of second embodiment of the invention;
Figure 11 is a kind of practical application scene schematic diagram of the ciphering and deciphering device of the present invention;
Figure 12 is a kind of message interaction process figure of practical application scene of the ciphering and deciphering device of the present invention.
Specific implementation mode
To make the objectives, technical solutions, and advantages of the present invention clearer, below in conjunction with attached drawing to the present invention Embodiment be described in detail.It should be noted that in the absence of conflict, in the embodiment and embodiment in the application Feature mutually can arbitrarily combine.
With reference to Fig. 2, an embodiment of the present invention provides a kind of encryption device, including first detection module and encrypting module, In,
First detection module, for carrying out deep message detection (Deep Packet Inspection, DPI) point to message Analysis, judges whether it needs to encrypt, it would be desirable to which encrypted message is sent to encrypting module according to analysis result;
Encrypting module, for receiving the encrypted message of needs and it being encrypted.
Further, the encrypting module is additionally operable to:Encryption label is stamped for encrypted message.
It is worth noting that heretofore described encryption label, can be arranged any position in messages, such as answer End with layer load or header;When being arranged in header, the ICP/IP protocol of header can be used Reserved field, or field can have been used by the ICP/IP protocol on multiplexing packet head.
Further, the position of the encryption label storage is configurable.
Specifically, according to different communication protocol and transmitting scene, encryption label can be placed on different positions, with suitable Answer various network environments.For example, in the environment without VLAN (Virtual Local Area Network), it can be encryption Label is placed on the id field on the heads IP, TOS fields, Flags fields, option fields etc.;It, can be in the environment with VLAN Encryption label is arranged in 802.1Q frame header positions, such as VLAN PRI (Priority) field.
Further, the first detection module carries out deep message detection and analysis, specially to message:By with it is pre- The protocol characteristic library first stored is matched, and determines the type of service of message.
It should be noted that different applications often relies on different agreements, and different agreements has its special Fingerprint, these fingerprints may be specific port, specific character string or specific Bit sequences.Knowledge based on " tagged word " Other technology is by the detection to " fingerprint " information in specific data message in Business Stream to determine the type of service of message.Example Such as, the identification of Bittorrent agreements analyzes its peer protocol by the method for reverse engineering, and so-called peer protocol refers to Be the agreement that information is exchanged between peer and peer.Peer protocol is shaken hands by one, it is followed by the message flow of cycle, often Before a message, all there are one numbers to indicate the length of message.It is first to send 19 first, and then in its handshake procedure It is character string " BitTorrent protocol ".So " 19BitTorrent Protocol " is exactly the " special of Bittorrent Levy word ".
Further, the first detection module carries out deep message detection and analysis, specially to message:Pass through detection The control stream of message, determines the type of service of message.
It should be noted that the control stream and Business Stream of certain business are separation, Business Stream does not have any feature, this In the case of, it is necessary to it first identifies control stream, and is parsed according to the agreement of control stream, identified from protocol contents corresponding Business Stream.For example, SIP, H323 agreement belong to this type.SIP/H323 obtains it by signalling interactive process, negotiation The voice flow of data channel, usually RTP formats encapsulation.That is, purely detection rtp streaming can not obtain this rtp streaming It is that is established by which kind of agreement, only by detecting the protocol interaction of SIP/H323, just can determine that the type of service of message.
Further, with reference to Fig. 3, the encryption device further includes sending module, wherein
The first detection module, is additionally operable to:Encrypted message will not needed and be sent to sending module;
The encrypting module, is additionally operable to:Encrypted message is sent to sending module;
The sending module for receiving the message from first detection module and encrypting module, and is sent it to logical Believe opposite end.
With reference to Fig. 4, the embodiment of the present invention additionally provides a kind of decryption device, including the second detection module and the first decryption mould Block, wherein
Second detection module judges that it is for carrying out deep message detection and analysis to message according to analysis result No is ciphertext, if so, sending it to the first deciphering module;
First deciphering module for receiving the ciphertext from the second detection module, and is decrypted it.
Further, with reference to Fig. 5, the decryption device further includes the first receiving module, wherein
Second detection module, is additionally operable to:If message is not ciphertext, the first receiving module is sent it to;
First deciphering module, is additionally operable to:Message after decryption is sent to the first receiving module;
First receiving module, for receiving the message from the second detection module and the first deciphering module.
With reference to Fig. 6, the embodiment of the present invention additionally provides a kind of decryption device, including third detection module and the second decryption mould Block, wherein
The third detection module, for detecting whether the message received carries encryption label, if carrying encryption label, Judge that the message received for ciphertext, sends it to the second deciphering module;
Second deciphering module for receiving the ciphertext from third detection module, and is decrypted it.
It is worth noting that heretofore described encryption label, can be arranged any position in messages, such as answer End with layer load or header;When being arranged in header, the ICP/IP protocol of header can be used Reserved field, or field can have been used by the ICP/IP protocol on multiplexing packet head.
Further, the position of the encryption label storage is configurable.
Specifically, according to different communication protocol and transmitting scene, encryption label can be placed on different positions, with suitable Answer various network environments.For example, in the environment without VLAN (Virtual Local Area Network), it can be encryption Label is placed on the id field on the heads IP, TOS fields, Flags fields, option fields etc.;It, can be in the environment with VLAN Encryption label is arranged in 802.1Q frame header positions, such as VLAN PRI (Priority) field.
Further, with reference to Fig. 7, the decryption device further includes the second receiving module, wherein
The third detection module, is additionally operable to:If message is not ciphertext, the second receiving module is sent it to;
Second deciphering module, is additionally operable to:Message after decryption is sent to the second receiving module;
Second receiving module, for receiving the message from third detection module and the second deciphering module.
With reference to Fig. 8, the embodiment of the present invention additionally provide it is a kind of judging whether message wants encrypted method, including walk as follows Suddenly:
Deep message detection and analysis are carried out to message;
Judge whether it needs to encrypt according to analysis result;
To needing encrypted message to be encrypted.
Further, the method further includes:Encryption label is stamped for encrypted message.
It is worth noting that heretofore described encryption label, can be arranged any position in messages, such as answer End with layer load or header;When being arranged in header, the ICP/IP protocol of header can be used Reserved field, or field can have been used by the ICP/IP protocol on multiplexing packet head.
Further, the position of the encryption label storage is configurable.
Specifically, according to different communication protocol and transmitting scene, encryption label can be placed on different positions, with suitable Answer various network environments.For example, in the environment without VLAN (Virtual Local Area Network), it can be encryption Label is placed on the id field on the heads IP, TOS fields, Flags fields, option fields etc.;It, can be in the environment with VLAN Encryption label is arranged in 802.1Q frame header positions, such as VLAN PRI (Priority) field.
Further, deep message detection and analysis are carried out to message, specially:By with pre-stored protocol characteristic library It is matched, determines the type of service of message.
It should be noted that different applications often relies on different agreements, and different agreements has its special Fingerprint, these fingerprints may be specific port, specific character string or specific Bit sequences.Knowledge based on " tagged word " Other technology is by the detection to " fingerprint " information in specific data message in Business Stream to determine the type of service of message.Example Such as, the identification of Bittorrent agreements analyzes its peer protocol by the method for reverse engineering, and so-called peer protocol refers to Be the agreement that information is exchanged between peer and peer.Peer protocol is shaken hands by one, it is followed by the message flow of cycle, often Before a message, all there are one numbers to indicate the length of message.It is first to send 19 first, and then in its handshake procedure It is character string " BitTorrent protocol ".So " 19BitTorrent Protocol " is exactly the " special of Bittorrent Levy word ".
Further, deep message detection and analysis are carried out to message, specially:By the control stream of detection messages, determine The type of service of message.
It should be noted that the control stream and Business Stream of certain business are separation, Business Stream does not have any feature, this In the case of, it is necessary to it first identifies control stream, and is parsed according to the agreement of control stream, identified from protocol contents corresponding Business Stream.For example, SIP, H323 agreement belong to this type.SIP/H323 obtains it by signalling interactive process, negotiation The voice flow of data channel, usually RTP formats encapsulation.That is, purely detection rtp streaming can not obtain this rtp streaming It is that is established by which kind of agreement, only by detecting the protocol interaction of SIP/H323, just can determine that the type of service of message.
Further, the method further includes:Encrypted message will not needed or encrypted message is sent to communication pair End.
With reference to Fig. 9, the embodiment of the present invention additionally provide it is a kind of judging the method whether to be decrypted of message, including walk as follows Suddenly:
Deep message detection and analysis are carried out to message, judge whether it is ciphertext according to analysis result;
If it is ciphertext, it is decrypted.
Further, the method further includes:By the message of message or non-ciphertext after decryption, it is sent to corresponding reception End.
Referring to Fig.1 0, the embodiment of the present invention additionally provide it is a kind of judging the method whether to be decrypted of message, including walk as follows Suddenly:
Whether the message that detection receives carries encryption label;
If carrying encryption label, judge that the message received for ciphertext, is decrypted it.
It is worth noting that heretofore described encryption label, can be arranged any position in messages, such as answer End with layer load or header;When being arranged in header, the ICP/IP protocol of header can be used Reserved field, or field can have been used by the ICP/IP protocol on multiplexing packet head.
Further, the position of the encryption label storage is configurable.
Specifically, according to different communication protocol and transmitting scene, encryption label can be placed on different positions, with suitable Answer various network environments.For example, in the environment without VLAN (Virtual Local Area Network), it can be encryption Label is placed on the id field on the heads IP, TOS fields, Flags fields, option fields etc.;It, can be in the environment with VLAN Encryption label is arranged in 802.1Q frame header positions, such as VLAN PRI (Priority) field.
Further, the method further includes:By the message of message or non-ciphertext after decryption, it is sent to corresponding reception End.
The specific implementation scene of the present invention is as shown in figure 11, it is assumed that the high data message of this example medium security level is postal The first detection is arranged then without the requirement in terms of safety in number of packages evidence, remaining data message between transmitting terminal and encryption equipment Module, the first detection module have deep message detection DPI functions;Third detection module, institute are set before deciphering machine It states third detection module and has encryption label detection function.
It is worth noting that the deep message of first detection module detects DPI functions in the present invention, determine that the present invention adds The performance of decryption.By largely being tested to a few money mainstream DPI products and component in the market, it was demonstrated that existing DPI products With component to protocol massages and keyword recognition accuracy rate close to 100%, it can be ensured that all significant datas all by plus It is transmitted again after close operation.
Specific message interaction process such as Figure 12, mainly includes the following steps that:Transmitting terminal is by first detection module to message Deep message detection and analysis are carried out, judge whether it needs to encrypt according to analysis result, then to needing encrypted message (safety The high data traffic of rank, such as mail applications data, account log in, file transmits) it is encrypted and stamps encryption label, then It is sent to Correspondent Node;To not needing encrypted message (the general data traffic of safe class, such as amusement, news), directly It is sent to Correspondent Node.
In receiving terminal, whether the message for detecting reception carries encryption label, if the message received carries encryption label, sentences The message that disconnecting is received is the high data traffic of encrypted security level, is decrypted to it, is subsequently forwarded to receiving terminal;To not having There is the message for carrying encryption label, indicates that message is the general data traffic of safe class of unencryption, be forwarded directly to receive End.
It is worth noting that first detection module of the invention carries out deep message detection and analysis, this process to message Although can also take, verify through a large number of experiments, the efficiency of DPI detections is higher by 1 to 3 than conventional encryption algorithm efficiency The order of magnitude, and the high data of security level accounting very little usually in all transmission datas, compared with cryptographic operation, entire mistake Journey meeting is efficiently more than at least one order of magnitude.Therefore, present example can be in the feelings for ensureing user's significant data transmission safety Under condition, by reducing the workload of encryption and decryption, the efficiency to data encrypting and deciphering is greatly improved.
One of ordinary skill in the art will appreciate that all or part of step in the above method can be instructed by program Related hardware is completed, and described program can be stored in computer readable storage medium, such as read-only memory, disk or CD Deng.Optionally, all or part of step of above-described embodiment can also be realized using one or more integrated circuits, accordingly Ground, the form that hardware may be used in each module/unit in above-described embodiment are realized, the shape of software function module can also be used Formula is realized.The present invention is not limited to the combinations of the hardware and software of any particular form.
The foregoing is only a preferred embodiment of the present invention, is not intended to restrict the invention, for the skill of this field For art personnel, the invention may be variously modified and varied.All within the spirits and principles of the present invention, any made by repair Change, equivalent replacement, improvement etc., should all be included in the protection scope of the present invention.

Claims (10)

1. a kind of encryption device, which is characterized in that including first detection module and encrypting module, wherein
The first detection module, for message carry out deep message detection and analysis, according to analysis result judge its whether need It encrypts, it would be desirable to which encrypted message is sent to encrypting module;
The encrypting module, for receiving the encrypted message of needs and it being encrypted.
2. encryption device according to claim 1, which is characterized in that the encrypting module is additionally operable to:For encrypted report Text stamps encryption label.
3. encryption device according to claim 2, which is characterized in that the encrypting module is stamped for encrypted message to be added Secret mark label, specially:It is the value made an appointment that the VLAN Priority fields of message and/or dscp field, which is arranged,.
4. encryption device according to claim 1, which is characterized in that the first detection module carries out depth report to message Text detection and analysis, specially:By being matched with pre-stored protocol characteristic library, the type of service of message is determined.
5. a kind of decryption device, which is characterized in that including third detection module and the second deciphering module, wherein
Whether the third detection module carries encryption label for detection messages, if carrying encryption label, judges that message is Ciphertext sends it to the second deciphering module;
Second deciphering module for receiving the ciphertext from third detection module, and is decrypted it.
Judging whether message wants encrypted method 6. a kind of, which is characterized in that including:
Deep message detection and analysis are carried out to message;
Judge whether it needs to encrypt according to analysis result;
To needing encrypted message to be encrypted.
7. according to the method described in claim 6, it is characterized in that, further including:Encryption label is stamped for encrypted message.
8. the method according to the description of claim 7 is characterized in that described stamp encryption label for encrypted message, specifically For:It is the value made an appointment that the VLAN Priority fields of message and/or dscp field, which is arranged,.
9. according to the method described in claim 6, it is characterized in that, described carry out deep message detection and analysis to message, specifically For:By being matched with pre-stored protocol characteristic library, the type of service of message is determined.
10. a kind of judging the method whether to be decrypted of message, which is characterized in that including:
Whether detection messages carry encryption label;
If carrying encryption label, judge that message for ciphertext, is decrypted it.
CN201710157499.0A 2017-03-16 2017-03-16 Encryption device, decryption device and judge message whether the method that encrypt or decrypt Withdrawn CN108632201A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710157499.0A CN108632201A (en) 2017-03-16 2017-03-16 Encryption device, decryption device and judge message whether the method that encrypt or decrypt

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710157499.0A CN108632201A (en) 2017-03-16 2017-03-16 Encryption device, decryption device and judge message whether the method that encrypt or decrypt

Publications (1)

Publication Number Publication Date
CN108632201A true CN108632201A (en) 2018-10-09

Family

ID=63687687

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710157499.0A Withdrawn CN108632201A (en) 2017-03-16 2017-03-16 Encryption device, decryption device and judge message whether the method that encrypt or decrypt

Country Status (1)

Country Link
CN (1) CN108632201A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112655184A (en) * 2020-08-31 2021-04-13 华为技术有限公司 Security protection method, device and storage medium
CN112839035A (en) * 2020-12-29 2021-05-25 合安科技技术有限公司 Safe communication control method and device for street lamp and related equipment

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150089026A1 (en) * 2011-09-29 2015-03-26 Avvasi Inc. Systems and languages for media policy decision and control and methods for use therewith
CN105072025A (en) * 2015-08-05 2015-11-18 北京科技大学 Safe protective gateway and system for modern industrial control system network communication
CN105656655A (en) * 2014-11-14 2016-06-08 华为技术有限公司 Method, device and system for network security management
CN106161015A (en) * 2016-09-29 2016-11-23 长春大学 A kind of quantum key distribution method based on DPI

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150089026A1 (en) * 2011-09-29 2015-03-26 Avvasi Inc. Systems and languages for media policy decision and control and methods for use therewith
CN105656655A (en) * 2014-11-14 2016-06-08 华为技术有限公司 Method, device and system for network security management
CN105072025A (en) * 2015-08-05 2015-11-18 北京科技大学 Safe protective gateway and system for modern industrial control system network communication
CN106161015A (en) * 2016-09-29 2016-11-23 长春大学 A kind of quantum key distribution method based on DPI

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112655184A (en) * 2020-08-31 2021-04-13 华为技术有限公司 Security protection method, device and storage medium
WO2022041186A1 (en) * 2020-08-31 2022-03-03 华为技术有限公司 Security protection method and device and storage medium
CN112839035A (en) * 2020-12-29 2021-05-25 合安科技技术有限公司 Safe communication control method and device for street lamp and related equipment

Similar Documents

Publication Publication Date Title
CN111740951B (en) Method for transmitting data packet by cloud security dynamic network and protocol
JP5116752B2 (en) Efficient key derivation for the security of end-to-end networks with traffic visibility
CN105763557B (en) Exchange chip or NP cooperate with the method and system for completing message IPSEC encryption with CPU
CN101335615B (en) Method used in key consultation of USB KEY audio ciphering and deciphering device
US20160315913A1 (en) Scalable Intermediate Network Device Leveraging SSL Session Ticket Extension
Lucena et al. Syntax and semantics-preserving application-layer protocol steganography
EP3185466A1 (en) Encrypted communications method and communications terminal, and computer storage medium
CN101521667B (en) Method and device for safety data communication
CN108090370A (en) Instant messaging encryption method and system based on index
Bąk et al. Application of perfectly undetectable network steganography method for malware hidden communication
CN106549757A (en) The data authenticity identification method of WEB service, service end and client
CN108632201A (en) Encryption device, decryption device and judge message whether the method that encrypt or decrypt
US20080244268A1 (en) End-to-end network security with traffic visibility
CN107493287A (en) Industry control network data security system
CN100380831C (en) Digital modulation-demodulation method for safe information transmission
CN115150067A (en) TLS protocol construction method and system based on network covert channel
CN108337089A (en) Signalling encryption and decryption method, device and terminal
Clark Encryption advances to meet Internet challenges
Awadh et al. Efficiently Secure Data Communications Based on CBC-RC6 and the Overflow Field of Timestamp Option in an IPv4 Packet
Kataria et al. IMAGE ENCRYPTION TECHNIQUES AND COMPARATIVE ANALYSIS
CN104394005A (en) Active group classification system based on background server
Wang et al. A novel distributed covert channel in HTTP
Shree et al. Analysis of Cryptography and Comparison of its Various Techniques.
CN107864123A (en) A kind of network talkback machine safe transmission method and system
Ouk et al. Hybrid of asymmetric cryptography (RSA) and symmetric cryptography (OTP)

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication
WW01 Invention patent application withdrawn after publication

Application publication date: 20181009