CN108632201A - Encryption device, decryption device and judge message whether the method that encrypt or decrypt - Google Patents
Encryption device, decryption device and judge message whether the method that encrypt or decrypt Download PDFInfo
- Publication number
- CN108632201A CN108632201A CN201710157499.0A CN201710157499A CN108632201A CN 108632201 A CN108632201 A CN 108632201A CN 201710157499 A CN201710157499 A CN 201710157499A CN 108632201 A CN108632201 A CN 108632201A
- Authority
- CN
- China
- Prior art keywords
- message
- encryption
- detection
- encrypted
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
- H04L63/205—Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a kind of encryption device, decryption device and judge message whether the method that encrypt or decrypt, including first detection module and encrypting module, wherein, the first detection module, for carrying out deep message detection and analysis to message, judge whether it needs to encrypt according to analysis result, it would be desirable to which encrypted message is sent to encrypting module;The encrypting module, for receiving the encrypted message of needs and being encrypted.Further, the encrypting module is additionally operable to, and encryption label is stamped for encrypted message.The present invention judges whether it needs to carry out encryption and decryption operation, under the premise of guarantee information same safety, greatly reduces the workload of encryption and decryption, so as to effectively promote the efficiency of encryption and decryption by carrying out deep message detection and analysis to message.
Description
Technical field
The present invention relates to field of communication technology, more particularly to a kind of encryption device decrypts device and judges whether message is wanted
The method of encryption or decryption.
Background technology
With the continuous development of computer network, global IT application has become the main trend of human development.But due to meter
Calculation machine network has many characteristics, such as connection diversity, the opening of terminal nonunf ormity and network, interconnectivity, causes net
Network is easily by hacker, strange visitor, Malware and other attacks agaainst the law, so the safety and secrecy of network information are one heavy to closing
The problem of wanting.And the most popular method to ensure information safety is exactly that transmission information is encrypted, i.e., using specific at information source
Encryption Algorithm encrypted into row information, transmit encrypted information, it is final to obtain letter then in receiving terminal into the decryption of row information
The true content of breath.Accordingly even when information is stolen in transmission process, it can also ensure the safety of information.
Fig. 1 is existing data transmission encipher-decipher method schematic diagram.Referring to Fig. 1, the transmitting terminal shared one of the same network
A encryption equipment, when some transmitting terminal transmission data, encryption equipment is encrypted according to the five-tuple information extraction of message needs
Message, be sent to external network after encryption;In receiving terminal, deciphering machine is according to the encrypted report of five-tuple information extraction of message
Text is decrypted, and is sent to corresponding receiving terminal.
Since only according to five-tuple or seven tuple informations identification message, (the five-tuple information includes source IP to encryption equipment
Location, source port, purpose IP address, destination interface and protocol number;Seven tuple information includes interface index, source IP address, source
Port numbers, purpose IP address, destination slogan, protocol number and type of service (tos)), and the message that different applications generates
Source port and destination interface wide coverage, or even have the case where multiplexed port, cause the same terminal to generate so exhausted big
Segment message five-tuple or seven tuple informations are similar.Therefore, encryption equipment substantially to some transmitting terminal generate all messages all
Perform cryptographic operation;Likewise, all messages that deciphering machine substantially generates the transmitting terminal perform decryption oprerations.
It can be seen that existing data transmission encipher-decipher method is matched using message five-tuple or seven tuple informations, excessively
Simply, matching granularity is too big, and the network data for causing a large amount of security levels low also performs cryptographic operation, and considerably increasing need not
The resource consumption wanted and time waste.
In addition, as network application emerges one after another, peer-to-peer network (Peer to Peer, P2P), online game, IPTV,
The emerging services such as WEBTV occupy internet major part bandwidth, in fact, user to the partial data, pacifies without data completely
The requirement of full property;And the significant data that user is concerned about, such as mail, account log in, file transmits, and really need guarantee transmission peace
Full flow then accounting very little.At this point, the performance of encryption and decryption has become a bottleneck of message transmission rate, therefore, find
One not only can guarantee data transmission security but also can quickly encryption and decryption method it is extremely urgent.
Invention content
In order to solve the above technical problem, the present invention provides a kind of encryption device, decryption device and whether judge message
The method encrypted or decrypted, the efficiency of encryption and decryption when can effectively promote data transmission.
In order to reach the object of the invention, what the technical solution of the embodiment of the present invention was realized in:
An embodiment of the present invention provides a kind of encryption devices, including first detection module and encrypting module, wherein
The first detection module judges that it is for carrying out deep message detection and analysis to message according to analysis result
It is no to need to encrypt, it would be desirable to which that encrypted message is sent to encrypting module;
The encrypting module, for receiving the encrypted message of needs and it being encrypted.
Further, the encrypting module is additionally operable to:Encryption label is stamped for encrypted message.
Further, the encrypting module is that encrypted message stamps encryption label, specially:The VLAN of message is set
Priority fields and/or dscp field are the value made an appointment.
Further, the first detection module carries out deep message detection and analysis to message, specially:By with it is advance
The protocol characteristic library of storage is matched, and determines the type of service of message.
The embodiment of the present invention additionally provides a kind of decryption device, including third detection module and the second deciphering module, wherein
Whether the third detection module carries encryption label for detection messages, if carrying encryption label, judges to report
Text is ciphertext, sends it to the second deciphering module;
Second deciphering module for receiving the ciphertext from third detection module, and is decrypted it.
The embodiment of the present invention additionally provide it is a kind of judging whether message wants encrypted method, including:
Deep message detection and analysis are carried out to message;
Judge whether it needs to encrypt according to analysis result;
To needing encrypted message to be encrypted.
Further, the method further includes:Encryption label is stamped for encrypted message.
Further, described to stamp encryption label for encrypted message, specially:The VLAN of message is set
Priority fields and/or dscp field are the value made an appointment.
Further, described that deep message detection and analysis are carried out to message, specially:By special with pre-stored agreement
Sign library is matched, and determines the type of service of message.
The embodiment of the present invention additionally provide it is a kind of judge the method whether to be decrypted of message, including:
Whether detection messages carry encryption label;
If carrying encryption label, judge that message for ciphertext, is decrypted it.
Technical scheme of the present invention has the advantages that:
Encryption device provided by the invention, decryption device and judge message whether the method that encrypt or decrypt, by right
Message carries out deep message detection and analysis, judges whether it needs to carry out encryption and decryption operation, before ensureing the same safety of information
It puts, greatly reduces the workload of encryption and decryption, to effectively improve the efficiency of encryption and decryption.
Description of the drawings
Attached drawing described herein is used to provide further understanding of the present invention, and is constituted part of this application, this hair
Bright illustrative embodiments and their description are not constituted improper limitations of the present invention for explaining the present invention.In the accompanying drawings:
Fig. 1 is existing data transmission encipher-decipher method schematic diagram;
Fig. 2 is the structural schematic diagram of the encryption device of first embodiment of the invention;
Fig. 3 is the structural schematic diagram of the encryption device of second embodiment of the invention;
Fig. 4 is the structural schematic diagram of the decryption device of first embodiment of the invention;
Fig. 5 is the structural schematic diagram of the decryption device of second embodiment of the invention;
Fig. 6 is the structural schematic diagram of the decryption device of third embodiment of the invention;
Fig. 7 is the structural schematic diagram of the decryption device of fourth embodiment of the invention;
Fig. 8 judges whether message wants the flow diagram of encrypted method for first embodiment of the invention;
Fig. 9 is the flow diagram for judging method that whether message is decrypted of first embodiment of the invention;
Figure 10 is the flow diagram for judging method that whether message is decrypted of second embodiment of the invention;
Figure 11 is a kind of practical application scene schematic diagram of the ciphering and deciphering device of the present invention;
Figure 12 is a kind of message interaction process figure of practical application scene of the ciphering and deciphering device of the present invention.
Specific implementation mode
To make the objectives, technical solutions, and advantages of the present invention clearer, below in conjunction with attached drawing to the present invention
Embodiment be described in detail.It should be noted that in the absence of conflict, in the embodiment and embodiment in the application
Feature mutually can arbitrarily combine.
With reference to Fig. 2, an embodiment of the present invention provides a kind of encryption device, including first detection module and encrypting module,
In,
First detection module, for carrying out deep message detection (Deep Packet Inspection, DPI) point to message
Analysis, judges whether it needs to encrypt, it would be desirable to which encrypted message is sent to encrypting module according to analysis result;
Encrypting module, for receiving the encrypted message of needs and it being encrypted.
Further, the encrypting module is additionally operable to:Encryption label is stamped for encrypted message.
It is worth noting that heretofore described encryption label, can be arranged any position in messages, such as answer
End with layer load or header;When being arranged in header, the ICP/IP protocol of header can be used
Reserved field, or field can have been used by the ICP/IP protocol on multiplexing packet head.
Further, the position of the encryption label storage is configurable.
Specifically, according to different communication protocol and transmitting scene, encryption label can be placed on different positions, with suitable
Answer various network environments.For example, in the environment without VLAN (Virtual Local Area Network), it can be encryption
Label is placed on the id field on the heads IP, TOS fields, Flags fields, option fields etc.;It, can be in the environment with VLAN
Encryption label is arranged in 802.1Q frame header positions, such as VLAN PRI (Priority) field.
Further, the first detection module carries out deep message detection and analysis, specially to message:By with it is pre-
The protocol characteristic library first stored is matched, and determines the type of service of message.
It should be noted that different applications often relies on different agreements, and different agreements has its special
Fingerprint, these fingerprints may be specific port, specific character string or specific Bit sequences.Knowledge based on " tagged word "
Other technology is by the detection to " fingerprint " information in specific data message in Business Stream to determine the type of service of message.Example
Such as, the identification of Bittorrent agreements analyzes its peer protocol by the method for reverse engineering, and so-called peer protocol refers to
Be the agreement that information is exchanged between peer and peer.Peer protocol is shaken hands by one, it is followed by the message flow of cycle, often
Before a message, all there are one numbers to indicate the length of message.It is first to send 19 first, and then in its handshake procedure
It is character string " BitTorrent protocol ".So " 19BitTorrent Protocol " is exactly the " special of Bittorrent
Levy word ".
Further, the first detection module carries out deep message detection and analysis, specially to message:Pass through detection
The control stream of message, determines the type of service of message.
It should be noted that the control stream and Business Stream of certain business are separation, Business Stream does not have any feature, this
In the case of, it is necessary to it first identifies control stream, and is parsed according to the agreement of control stream, identified from protocol contents corresponding
Business Stream.For example, SIP, H323 agreement belong to this type.SIP/H323 obtains it by signalling interactive process, negotiation
The voice flow of data channel, usually RTP formats encapsulation.That is, purely detection rtp streaming can not obtain this rtp streaming
It is that is established by which kind of agreement, only by detecting the protocol interaction of SIP/H323, just can determine that the type of service of message.
Further, with reference to Fig. 3, the encryption device further includes sending module, wherein
The first detection module, is additionally operable to:Encrypted message will not needed and be sent to sending module;
The encrypting module, is additionally operable to:Encrypted message is sent to sending module;
The sending module for receiving the message from first detection module and encrypting module, and is sent it to logical
Believe opposite end.
With reference to Fig. 4, the embodiment of the present invention additionally provides a kind of decryption device, including the second detection module and the first decryption mould
Block, wherein
Second detection module judges that it is for carrying out deep message detection and analysis to message according to analysis result
No is ciphertext, if so, sending it to the first deciphering module;
First deciphering module for receiving the ciphertext from the second detection module, and is decrypted it.
Further, with reference to Fig. 5, the decryption device further includes the first receiving module, wherein
Second detection module, is additionally operable to:If message is not ciphertext, the first receiving module is sent it to;
First deciphering module, is additionally operable to:Message after decryption is sent to the first receiving module;
First receiving module, for receiving the message from the second detection module and the first deciphering module.
With reference to Fig. 6, the embodiment of the present invention additionally provides a kind of decryption device, including third detection module and the second decryption mould
Block, wherein
The third detection module, for detecting whether the message received carries encryption label, if carrying encryption label,
Judge that the message received for ciphertext, sends it to the second deciphering module;
Second deciphering module for receiving the ciphertext from third detection module, and is decrypted it.
It is worth noting that heretofore described encryption label, can be arranged any position in messages, such as answer
End with layer load or header;When being arranged in header, the ICP/IP protocol of header can be used
Reserved field, or field can have been used by the ICP/IP protocol on multiplexing packet head.
Further, the position of the encryption label storage is configurable.
Specifically, according to different communication protocol and transmitting scene, encryption label can be placed on different positions, with suitable
Answer various network environments.For example, in the environment without VLAN (Virtual Local Area Network), it can be encryption
Label is placed on the id field on the heads IP, TOS fields, Flags fields, option fields etc.;It, can be in the environment with VLAN
Encryption label is arranged in 802.1Q frame header positions, such as VLAN PRI (Priority) field.
Further, with reference to Fig. 7, the decryption device further includes the second receiving module, wherein
The third detection module, is additionally operable to:If message is not ciphertext, the second receiving module is sent it to;
Second deciphering module, is additionally operable to:Message after decryption is sent to the second receiving module;
Second receiving module, for receiving the message from third detection module and the second deciphering module.
With reference to Fig. 8, the embodiment of the present invention additionally provide it is a kind of judging whether message wants encrypted method, including walk as follows
Suddenly:
Deep message detection and analysis are carried out to message;
Judge whether it needs to encrypt according to analysis result;
To needing encrypted message to be encrypted.
Further, the method further includes:Encryption label is stamped for encrypted message.
It is worth noting that heretofore described encryption label, can be arranged any position in messages, such as answer
End with layer load or header;When being arranged in header, the ICP/IP protocol of header can be used
Reserved field, or field can have been used by the ICP/IP protocol on multiplexing packet head.
Further, the position of the encryption label storage is configurable.
Specifically, according to different communication protocol and transmitting scene, encryption label can be placed on different positions, with suitable
Answer various network environments.For example, in the environment without VLAN (Virtual Local Area Network), it can be encryption
Label is placed on the id field on the heads IP, TOS fields, Flags fields, option fields etc.;It, can be in the environment with VLAN
Encryption label is arranged in 802.1Q frame header positions, such as VLAN PRI (Priority) field.
Further, deep message detection and analysis are carried out to message, specially:By with pre-stored protocol characteristic library
It is matched, determines the type of service of message.
It should be noted that different applications often relies on different agreements, and different agreements has its special
Fingerprint, these fingerprints may be specific port, specific character string or specific Bit sequences.Knowledge based on " tagged word "
Other technology is by the detection to " fingerprint " information in specific data message in Business Stream to determine the type of service of message.Example
Such as, the identification of Bittorrent agreements analyzes its peer protocol by the method for reverse engineering, and so-called peer protocol refers to
Be the agreement that information is exchanged between peer and peer.Peer protocol is shaken hands by one, it is followed by the message flow of cycle, often
Before a message, all there are one numbers to indicate the length of message.It is first to send 19 first, and then in its handshake procedure
It is character string " BitTorrent protocol ".So " 19BitTorrent Protocol " is exactly the " special of Bittorrent
Levy word ".
Further, deep message detection and analysis are carried out to message, specially:By the control stream of detection messages, determine
The type of service of message.
It should be noted that the control stream and Business Stream of certain business are separation, Business Stream does not have any feature, this
In the case of, it is necessary to it first identifies control stream, and is parsed according to the agreement of control stream, identified from protocol contents corresponding
Business Stream.For example, SIP, H323 agreement belong to this type.SIP/H323 obtains it by signalling interactive process, negotiation
The voice flow of data channel, usually RTP formats encapsulation.That is, purely detection rtp streaming can not obtain this rtp streaming
It is that is established by which kind of agreement, only by detecting the protocol interaction of SIP/H323, just can determine that the type of service of message.
Further, the method further includes:Encrypted message will not needed or encrypted message is sent to communication pair
End.
With reference to Fig. 9, the embodiment of the present invention additionally provide it is a kind of judging the method whether to be decrypted of message, including walk as follows
Suddenly:
Deep message detection and analysis are carried out to message, judge whether it is ciphertext according to analysis result;
If it is ciphertext, it is decrypted.
Further, the method further includes:By the message of message or non-ciphertext after decryption, it is sent to corresponding reception
End.
Referring to Fig.1 0, the embodiment of the present invention additionally provide it is a kind of judging the method whether to be decrypted of message, including walk as follows
Suddenly:
Whether the message that detection receives carries encryption label;
If carrying encryption label, judge that the message received for ciphertext, is decrypted it.
It is worth noting that heretofore described encryption label, can be arranged any position in messages, such as answer
End with layer load or header;When being arranged in header, the ICP/IP protocol of header can be used
Reserved field, or field can have been used by the ICP/IP protocol on multiplexing packet head.
Further, the position of the encryption label storage is configurable.
Specifically, according to different communication protocol and transmitting scene, encryption label can be placed on different positions, with suitable
Answer various network environments.For example, in the environment without VLAN (Virtual Local Area Network), it can be encryption
Label is placed on the id field on the heads IP, TOS fields, Flags fields, option fields etc.;It, can be in the environment with VLAN
Encryption label is arranged in 802.1Q frame header positions, such as VLAN PRI (Priority) field.
Further, the method further includes:By the message of message or non-ciphertext after decryption, it is sent to corresponding reception
End.
The specific implementation scene of the present invention is as shown in figure 11, it is assumed that the high data message of this example medium security level is postal
The first detection is arranged then without the requirement in terms of safety in number of packages evidence, remaining data message between transmitting terminal and encryption equipment
Module, the first detection module have deep message detection DPI functions;Third detection module, institute are set before deciphering machine
It states third detection module and has encryption label detection function.
It is worth noting that the deep message of first detection module detects DPI functions in the present invention, determine that the present invention adds
The performance of decryption.By largely being tested to a few money mainstream DPI products and component in the market, it was demonstrated that existing DPI products
With component to protocol massages and keyword recognition accuracy rate close to 100%, it can be ensured that all significant datas all by plus
It is transmitted again after close operation.
Specific message interaction process such as Figure 12, mainly includes the following steps that:Transmitting terminal is by first detection module to message
Deep message detection and analysis are carried out, judge whether it needs to encrypt according to analysis result, then to needing encrypted message (safety
The high data traffic of rank, such as mail applications data, account log in, file transmits) it is encrypted and stamps encryption label, then
It is sent to Correspondent Node;To not needing encrypted message (the general data traffic of safe class, such as amusement, news), directly
It is sent to Correspondent Node.
In receiving terminal, whether the message for detecting reception carries encryption label, if the message received carries encryption label, sentences
The message that disconnecting is received is the high data traffic of encrypted security level, is decrypted to it, is subsequently forwarded to receiving terminal;To not having
There is the message for carrying encryption label, indicates that message is the general data traffic of safe class of unencryption, be forwarded directly to receive
End.
It is worth noting that first detection module of the invention carries out deep message detection and analysis, this process to message
Although can also take, verify through a large number of experiments, the efficiency of DPI detections is higher by 1 to 3 than conventional encryption algorithm efficiency
The order of magnitude, and the high data of security level accounting very little usually in all transmission datas, compared with cryptographic operation, entire mistake
Journey meeting is efficiently more than at least one order of magnitude.Therefore, present example can be in the feelings for ensureing user's significant data transmission safety
Under condition, by reducing the workload of encryption and decryption, the efficiency to data encrypting and deciphering is greatly improved.
One of ordinary skill in the art will appreciate that all or part of step in the above method can be instructed by program
Related hardware is completed, and described program can be stored in computer readable storage medium, such as read-only memory, disk or CD
Deng.Optionally, all or part of step of above-described embodiment can also be realized using one or more integrated circuits, accordingly
Ground, the form that hardware may be used in each module/unit in above-described embodiment are realized, the shape of software function module can also be used
Formula is realized.The present invention is not limited to the combinations of the hardware and software of any particular form.
The foregoing is only a preferred embodiment of the present invention, is not intended to restrict the invention, for the skill of this field
For art personnel, the invention may be variously modified and varied.All within the spirits and principles of the present invention, any made by repair
Change, equivalent replacement, improvement etc., should all be included in the protection scope of the present invention.
Claims (10)
1. a kind of encryption device, which is characterized in that including first detection module and encrypting module, wherein
The first detection module, for message carry out deep message detection and analysis, according to analysis result judge its whether need
It encrypts, it would be desirable to which encrypted message is sent to encrypting module;
The encrypting module, for receiving the encrypted message of needs and it being encrypted.
2. encryption device according to claim 1, which is characterized in that the encrypting module is additionally operable to:For encrypted report
Text stamps encryption label.
3. encryption device according to claim 2, which is characterized in that the encrypting module is stamped for encrypted message to be added
Secret mark label, specially:It is the value made an appointment that the VLAN Priority fields of message and/or dscp field, which is arranged,.
4. encryption device according to claim 1, which is characterized in that the first detection module carries out depth report to message
Text detection and analysis, specially:By being matched with pre-stored protocol characteristic library, the type of service of message is determined.
5. a kind of decryption device, which is characterized in that including third detection module and the second deciphering module, wherein
Whether the third detection module carries encryption label for detection messages, if carrying encryption label, judges that message is
Ciphertext sends it to the second deciphering module;
Second deciphering module for receiving the ciphertext from third detection module, and is decrypted it.
Judging whether message wants encrypted method 6. a kind of, which is characterized in that including:
Deep message detection and analysis are carried out to message;
Judge whether it needs to encrypt according to analysis result;
To needing encrypted message to be encrypted.
7. according to the method described in claim 6, it is characterized in that, further including:Encryption label is stamped for encrypted message.
8. the method according to the description of claim 7 is characterized in that described stamp encryption label for encrypted message, specifically
For:It is the value made an appointment that the VLAN Priority fields of message and/or dscp field, which is arranged,.
9. according to the method described in claim 6, it is characterized in that, described carry out deep message detection and analysis to message, specifically
For:By being matched with pre-stored protocol characteristic library, the type of service of message is determined.
10. a kind of judging the method whether to be decrypted of message, which is characterized in that including:
Whether detection messages carry encryption label;
If carrying encryption label, judge that message for ciphertext, is decrypted it.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710157499.0A CN108632201A (en) | 2017-03-16 | 2017-03-16 | Encryption device, decryption device and judge message whether the method that encrypt or decrypt |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710157499.0A CN108632201A (en) | 2017-03-16 | 2017-03-16 | Encryption device, decryption device and judge message whether the method that encrypt or decrypt |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108632201A true CN108632201A (en) | 2018-10-09 |
Family
ID=63687687
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710157499.0A Withdrawn CN108632201A (en) | 2017-03-16 | 2017-03-16 | Encryption device, decryption device and judge message whether the method that encrypt or decrypt |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108632201A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112655184A (en) * | 2020-08-31 | 2021-04-13 | 华为技术有限公司 | Security protection method, device and storage medium |
CN112839035A (en) * | 2020-12-29 | 2021-05-25 | 合安科技技术有限公司 | Safe communication control method and device for street lamp and related equipment |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20150089026A1 (en) * | 2011-09-29 | 2015-03-26 | Avvasi Inc. | Systems and languages for media policy decision and control and methods for use therewith |
CN105072025A (en) * | 2015-08-05 | 2015-11-18 | 北京科技大学 | Safe protective gateway and system for modern industrial control system network communication |
CN105656655A (en) * | 2014-11-14 | 2016-06-08 | 华为技术有限公司 | Method, device and system for network security management |
CN106161015A (en) * | 2016-09-29 | 2016-11-23 | 长春大学 | A kind of quantum key distribution method based on DPI |
-
2017
- 2017-03-16 CN CN201710157499.0A patent/CN108632201A/en not_active Withdrawn
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20150089026A1 (en) * | 2011-09-29 | 2015-03-26 | Avvasi Inc. | Systems and languages for media policy decision and control and methods for use therewith |
CN105656655A (en) * | 2014-11-14 | 2016-06-08 | 华为技术有限公司 | Method, device and system for network security management |
CN105072025A (en) * | 2015-08-05 | 2015-11-18 | 北京科技大学 | Safe protective gateway and system for modern industrial control system network communication |
CN106161015A (en) * | 2016-09-29 | 2016-11-23 | 长春大学 | A kind of quantum key distribution method based on DPI |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112655184A (en) * | 2020-08-31 | 2021-04-13 | 华为技术有限公司 | Security protection method, device and storage medium |
WO2022041186A1 (en) * | 2020-08-31 | 2022-03-03 | 华为技术有限公司 | Security protection method and device and storage medium |
CN112839035A (en) * | 2020-12-29 | 2021-05-25 | 合安科技技术有限公司 | Safe communication control method and device for street lamp and related equipment |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111740951B (en) | Method for transmitting data packet by cloud security dynamic network and protocol | |
JP5116752B2 (en) | Efficient key derivation for the security of end-to-end networks with traffic visibility | |
CN105763557B (en) | Exchange chip or NP cooperate with the method and system for completing message IPSEC encryption with CPU | |
CN101335615B (en) | Method used in key consultation of USB KEY audio ciphering and deciphering device | |
US20160315913A1 (en) | Scalable Intermediate Network Device Leveraging SSL Session Ticket Extension | |
Lucena et al. | Syntax and semantics-preserving application-layer protocol steganography | |
EP3185466A1 (en) | Encrypted communications method and communications terminal, and computer storage medium | |
CN101521667B (en) | Method and device for safety data communication | |
CN108090370A (en) | Instant messaging encryption method and system based on index | |
Bąk et al. | Application of perfectly undetectable network steganography method for malware hidden communication | |
CN106549757A (en) | The data authenticity identification method of WEB service, service end and client | |
CN108632201A (en) | Encryption device, decryption device and judge message whether the method that encrypt or decrypt | |
US20080244268A1 (en) | End-to-end network security with traffic visibility | |
CN107493287A (en) | Industry control network data security system | |
CN100380831C (en) | Digital modulation-demodulation method for safe information transmission | |
CN115150067A (en) | TLS protocol construction method and system based on network covert channel | |
CN108337089A (en) | Signalling encryption and decryption method, device and terminal | |
Clark | Encryption advances to meet Internet challenges | |
Awadh et al. | Efficiently Secure Data Communications Based on CBC-RC6 and the Overflow Field of Timestamp Option in an IPv4 Packet | |
Kataria et al. | IMAGE ENCRYPTION TECHNIQUES AND COMPARATIVE ANALYSIS | |
CN104394005A (en) | Active group classification system based on background server | |
Wang et al. | A novel distributed covert channel in HTTP | |
Shree et al. | Analysis of Cryptography and Comparison of its Various Techniques. | |
CN107864123A (en) | A kind of network talkback machine safe transmission method and system | |
Ouk et al. | Hybrid of asymmetric cryptography (RSA) and symmetric cryptography (OTP) |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WW01 | Invention patent application withdrawn after publication | ||
WW01 | Invention patent application withdrawn after publication |
Application publication date: 20181009 |