CN109257174A - A kind of application method of quantum key in VPWS business - Google Patents
A kind of application method of quantum key in VPWS business Download PDFInfo
- Publication number
- CN109257174A CN109257174A CN201811417083.9A CN201811417083A CN109257174A CN 109257174 A CN109257174 A CN 109257174A CN 201811417083 A CN201811417083 A CN 201811417083A CN 109257174 A CN109257174 A CN 109257174A
- Authority
- CN
- China
- Prior art keywords
- data packet
- vpws
- equipment
- business
- encapsulation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0852—Quantum cryptography
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0485—Networking architectures for enhanced packet encryption processing, e.g. offloading of IPsec packet processing or efficient security association look-up
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Physics & Mathematics (AREA)
- Electromagnetism (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
A kind of application method of quantum key in VPWS business, can solve the lower technical problem of traditional VPWS service security.The following steps are included: correct configure basic service used;Configure two layers of bridged cryptographic;When data packet enters PE equipment, exchange chip is without any processing, and data packet is directly redirected to multi-core CPU;After multi-core CPU receives data packet, judge whether the data packet received walks enciphering/deciphering process, if you do not need to encryption, then walk normal VPWS forwarding;Assuming that judging that data packet needs to carry out enciphering/deciphering processing, then encryption encapsulation is carried out to data packet or decryption encapsulates, packaged data packet is sent to the close card of state;After the close card of state receives message, the hardware encryption and decryption of complete paired data packet, then turn round and be sent to multi-core CPU;After multi-core CPU receives the data packet of revolution, data packet is processed and is sent out.The present invention ensures that the completion of VPWS business data transmission and confidentiality are compared with traditional VPWS business to greatest extent, has absolute predominance in safety.
Description
Technical field
The present invention relates to computer networking technologies and field of quantum security communication, and in particular to a kind of quantum key is in VPWS
Application method in business.
Background technique
VPWS (Virtual Private Wire Service), refer to construction on the infrastructure of mpls network,
Two layers of transparent transmission of high speed are provided between a pair of of port of two routers, it can be saturating by the original ether network packet of local end PE equipment
It is bright to be transmitted to far-end PE equipment, it is a kind of two layers of VPN agreement.
IPSEC (Internet Protocol Security) is a kind of machine for ensuring IP layers of communication security end to end
System, its not instead of individual agreement, a series of set of agreements and service that complete safety is provided for IP network, packet
Include AH agreement, ESP agreement, IKE agreement and for network authentication and some algorithms of encryption etc..IPSEC provides two kinds of encapsulation
Mode is transmission mode and tunnel mode respectively.Tunnel mode is sent out after Resealing the data packet of other agreements by tunnel
It send, provides forwarding information by new frame head, will pass through the packed load data of internet transmitting.
Quantum communications refer to a kind of novel communication modes that information transmitting is carried out using entangled quantum effect, are nearly 20
The new interdisciplinary that year grows up, is quantum theory and the new research field that information theory combines.This recent subject is
Gradually from theory to experiment, and to functionization develop.The information transmission of highly effective and safe is increasingly subject to the concern of people.Quantum is close
Key distribution can provide the shared key of unconditional security based on quantum physics and informatics to separate the user of two places,
It is considered as the highest cipher mode of safety.Its safety is ensured by quantum-mechanical basic principle, even if listener-in
With unlimited computing capability, any information of security key can not be also obtained.Quantum key distribution technology is generally acknowledged is used for
It generates and the up-and-coming technology of shared key, the technology is based on " Heisenberg uncertainty principle " and " the not reproducible original of quantum
Reason " guarantees that transmitting-receiving both ends can generate and share random key, therefore the key that quantum key distribution process generates is theoretically
It is unconditional security.
Since traditional VPWS business datum is all using plaintext transmission in public network, this, which just leaves to listener-in, can multiply it
Machine.Transmitted in public network in view of VPWS business needed there are safety issue a kind of new technical solution by quantum key with
VPWS combines closely to solve the problems, such as the safe transparent transmission of VPWS business datum.
Summary of the invention
A kind of application method of the quantum key proposed by the present invention in VPWS business can solve traditional VPWS business peace
The lower technical problem of full property.
To achieve the above object, the technical solution adopted by the present invention is as follows:
Communication system is built using quantum key management equipment and business data transmission equipment.
The quantum key management equipment is for generating quantum key and being handed down to traffic-carrying device;
The traffic-carrying device is the set for being used for transmission the equipment of VPWS business data packet;
The traffic-carrying device at least will include two PE equipment.
Key is quantum key, is to be handed down to traffic-carrying device by quantum key management equipment, using IPSEC VPN
The middle mode using quantum key carries out encryption and decryption.
Specific step is as follows:
Step 1, correct to configure basic service used, guarantee that basic service is normal, including quantum cryptography configuration, IPSEC are matched
It sets, VPWS configuration, IPSEC uses tunnel encapsulation mode;
Step 2, two layers of bridged cryptographic are configured, by the UNI mouth and above-mentioned IPSEC tunnel interface bridge in VPWS business networking
It connects, indicates that the VPWS business is encrypted based on the SA of the tunnel interface;
Described UNI mouthfuls be bridge joint enter to interface, for identifying pseudo-wire;
Step 3, when data packet enters PE equipment, exchange chip is without any processing, is directly redirected to data packet more
Core CPU;
The data packet enters PE equipment, including two kinds of situations: being on the one hand that data packet is set from UNI mouthfuls of private network side into PE
It is standby, i.e. encryption flow;On the other hand be data packet from public network side NNI mouthful enter PE equipment, that is, decrypt process;
The exchange chip is without any processing, and data packet is directly redirected to multi-core CPU, it is therefore an objective to: make VPWS industry
Business is gone weak forwarding process, and the hardware feature of forwarding chip is indifferent to;
Step 4, after multi-core CPU receives data packet, judge whether the data packet received walks enciphering/deciphering process, if be not required to
It encrypts, then walks normal VPWS forwarding;
It is described to judge whether data packet walks enciphering/deciphering process, including two aspects: to be on the one hand encryption flow;On the other hand
It is decryption process;
Further, for encryption flow, i.e., data packet enters PE equipment from UNI mouthfuls of private network side, and is redirected to more
Core CPU: looking into the inbound port attribute list of the UNI mouth of PE equipment, judges whether the UNI mouthfuls have with IPSEC tunnel interface bridge tags
Effect, if it is valid, encryption flow is walked, if in vain, walking normal VPWS process, not encrypting;
Further, for decrypting process, i.e., data packet enters PE equipment for NNI mouthfuls from public network side, and is redirected to more
Core CPU: the tag head of data packet is peeled off, then determines whether to decryption processing according to the special field in data packet, if
It needs, then walks to decrypt process, otherwise, walk normal VPWS process;
Step 5, it is assumed that in step 4, judge that data packet needs to carry out enciphering/deciphering processing, then encryption envelope is carried out to data packet
Dress or decryption encapsulation, are sent to the close card of state for packaged data packet;
The encryption encapsulation or decryption encapsulation refer to, carry out according to the format of the close card of the tunnel IPSEC format and state to message
Encapsulation.Since this programme is to complete data enciphering/deciphering by the close card of state, so necessary encapsulation is carried out to data packet, wherein sealing
The content of dress includes the encapsulation of quantum key, encapsulation of the close clamp of ESP encapsulation and state etc.;
Further, encryption is encapsulated: takes the IPSEC ACL under the tunnel face IPSEC, looks into ACL and hit to obtain SA index,
Two layers of encapsulation, the first encapsulation of the progress tunnel IPSEC format are carried out according to the information in SA table, is then sealed according to the format of the close card of state
Dress;
Further, decryption is encapsulated: extracts ESP in data packet SPI values, SA table is searched for according to SPI value, then
According to the information etc. in forwarding information, SA table, packet encapsulation is completed according to the format of the close card of state;
Step 6, after the close card of state receives message, the hardware encryption and decryption of complete paired data packet, then turn round and be sent to multicore
CPU;
Step 7, after multi-core CPU receives the data packet of revolution, corresponding processing is done to data packet, is sent out from the outlet of PE equipment
It goes out;
Further, for encrypting end, i.e. for data packet from private network side to public network side, multi-core CPU receives the data packet of revolution
Afterwards, according to forwarding table information, the information such as label, public network MAC and VLAN are packaged to message, and send out from the NNI of PE mouth;
Further, for decrypting end, i.e. for data packet from public network side to private network side, multi-core CPU receives the data packet of revolution
Afterwards, message is decapsulated, finds outgoing interface further according to Label Forwarding Information Base, sent out from the UNI mouth of PE equipment;
From the foregoing, it will be observed that the application method the present invention provides a kind of quantum key in VPWS business, the present invention passes through more
The close card of core CPU and state completes the encryption and decryption to user data package, and core concept is that pseudo-wire is bridged to IPSEC tunnel to connect
Mouthful, the SA for borrowing the ready-made tunnel face IPSEC carries out key encapsulation, the close card of state then is sent by packaged message,
The encryption and decryption of data are completed in the close card of state.
The present invention in order to guarantee VPWS business public network transmission absolute safety, Data Encryption Techniques are introduced into VPWS
In business, the data for transmitting VPWS business in public network ensure VPWS business datum from becoming ciphertext in plain text to greatest extent
The completion of transmission and confidentiality are compared with traditional VPWS business, have absolute predominance in safety.
Detailed description of the invention
Fig. 1 is the flow chart of the method for the present invention;
Fig. 2 is transmission device structural schematic diagram of the present invention;
Fig. 3 is the basic structure schematic diagram of present device;
Fig. 4 is present invention encryption encapsulation flow chart;
Fig. 5 is present invention decryption encapsulation flow chart;
Fig. 6 is present invention encryption message sending process figure;
Fig. 7 is present invention decryption message sending process figure;
Fig. 8 is encryption flow figure of the present invention;
Fig. 9 is present invention decryption flow chart.
Specific embodiment
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention
In attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is
A part of the embodiment of the present invention, instead of all the embodiments.
The present invention provides a kind of application method of quantum key in VPWS business, one side communication system uses quantum
Key management apparatus and business data transmission equipment are built;The core concept of another aspect scheme of the invention is to be bridged to pseudo-wire
IPSEC tunnel interface, the SA for borrowing the ready-made tunnel face IPSEC carries out key encapsulation, then by packaged message
It is sent to the close card of state, completes the encryption and decryption of data in the close card of state.
The quantum key management equipment is for generating quantum key and being handed down to traffic-carrying device;
The traffic-carrying device is the set for being used for transmission the equipment of VPWS business data packet;
The traffic-carrying device at least will include two equipment of PE1 and PE2, such as Fig. 2.
As shown in Figure 1, the application method of quantum key of the invention in VPWS business is as follows:
S100, correct configuration basic service used, guarantee that basic service is normal, including quantum cryptography configuration, IPSEC are matched
It sets, VPWS configuration, IPSEC uses tunnel encapsulation mode;
Two layers of S200, configuration bridged cryptographic, by the UNI mouth and above-mentioned IPSEC tunnel interface bridge in VPWS business networking
It connects, indicates that the VPWS business is encrypted based on the SA of the tunnel interface;
Described UNI mouthfuls be bridge joint enter to interface, for identifying pseudo-wire;
S300, when data packet enters PE equipment, exchange chip is without any processing, and data packet is directly redirected to multicore
CPU;
After S400, multi-core CPU receive data packet, judge whether the data packet received walks enciphering/deciphering process, if you do not need to
Normal VPWS forwarding is then walked in encryption;
S500, assume to judge that data packet needs to carry out enciphering/deciphering processing in step S400, then encrypt data packet
Encapsulation or decryption encapsulation, are sent to the close card of state for packaged data packet;
After S600, the close card of state receive message, the hardware encryption and decryption of complete paired data packet, then turn round and be sent to multicore
CPU;
After S700, multi-core CPU receive the data packet of revolution, corresponding processing is done to data packet, is sent out from the outlet of PE equipment
It goes out.
It elaborates below to the specific steps of the embodiment of the present invention:
S100, correct configuration basic service used, guarantee that basic service is normal, including VPWS is configured, IPSEC configuration, is measured
Sub- encryption configuration, IPSEC use tunnel encapsulation mode;
The above-mentioned business correctly configures, comprising:
I configuration VPWS
Guarantee that VPWS business is normal, can normally carry out data transmission;
II configuring IPSEC
Configuration includes the L3 interface and IP, IPSEC correlation profile, acl, ipsec_ that correlation establishes IKE communication
Tunnel interface etc., and guarantee the success of two IPSEC tunnel interface negotiations on PE1 and PE2, state UP;
III configuration quantum cryptography
Guarantee the normal of authentication and quantum-key distribution process;
The authentication refers to that traffic-carrying device sends identification authentication data, quantum to quantum key management equipment
Key management apparatus sends identity validation after authentication success to traffic-carrying device and enters the application quantum key stage;
The quantum-key distribution process refers to that after authentication success, quantum key management equipment can give business
Transmission device issues quantum key, and business could carry out enciphering/deciphering processing with the quantum key.
Two layers of S200, configuration bridged cryptographic, by the UNI mouth and above-mentioned IPSEC tunnel interface bridge in VPWS business networking
It connects, indicates that the VPWS business is encrypted based on the SA of the tunnel interface;
Described UNI mouthfuls be bridge joint enter to interface, for identifying pseudo-wire;
Two layers of bridged cryptographic configuration, is one field of increase in UNI mouthful of incoming interface attribute list, the field with
The binding of IPSEC tunnel interface, when the field is effective in UNI mouthfuls of incoming interface attribute list, then VPWS enters encryption;
S300, when data packet enters PE (PE1 or PE2) equipment, exchange chip is without any processing, directly by data packet weight
It is directed to multi-core CPU, the basic structure of equipment is as shown in Figure 3;
The data packet enters PE (PE1 or PE2) equipment, including two kinds of situations: being on the one hand data packet from private network side UNI
Mouth enters PE equipment, i.e. encryption flow;On the other hand be data packet from public network side NNI mouthful enter PE equipment, that is, decrypt process;
The exchange chip is without any processing, and data packet is directly redirected to multi-core CPU, it is therefore an objective to: make VPWS industry
Business is gone weak forwarding process, and the hardware feature of forwarding chip is indifferent to;
After S400, multi-core CPU receive data packet, judge whether the data packet received walks enciphering/deciphering process, if you do not need to
Normal VPWS forwarding is then walked in encryption;
It is described to judge whether data packet walks enciphering/deciphering process, including two aspects: to be on the one hand encryption flow;On the other hand
It is decryption process;
Specifically, as shown in figure 8, for encryption flow, i.e., data packet enters PE equipment from UNI mouthfuls of private network side, and is weighed
It is directed to multi-core CPU: looking into the inbound port attribute list of the UNI mouth of PE equipment, judge the UNI mouthfuls and IPSEC tunnel interface bridge joint mark
Whether will is effective, if it is valid, encryption flow is walked, if in vain, walking normal VPWS process, not encrypting;
Specifically, as shown in figure 9, that is, data packet enters PE equipment for NNI mouthfuls from public network side, and is weighed for decrypting process
It is directed to multi-core CPU: the tag head of data packet is peeled off, then determined whether at decryption according to the special field in data packet
Reason, if it is desired, then walk to decrypt process, otherwise, walk normal VPWS process;
S500, assume to judge that data packet needs to carry out enciphering/deciphering processing in step S400, then encrypt data packet
Encapsulation or decryption encapsulation, are sent to the close card of state for packaged data packet;
The encryption encapsulation or decryption encapsulation refer to, carry out according to the format of the close card of the tunnel IPSEC format and state to message
Encapsulation.Since this programme is to complete data enciphering/deciphering by the close card of state, so necessary encapsulation is carried out to data packet, wherein sealing
The content of dress includes the encapsulation of quantum key, encapsulation of the close clamp of ESP encapsulation and state etc.;
Specifically, encryption is encapsulated: takes the IPSEC ACL under the tunnel face IPSEC, looks into ACL and hit to obtain SA index, root
Two layers of encapsulation, the first encapsulation of the progress tunnel IPSEC format are carried out according to the information in SA table, is then sealed according to the format of the close card of state
Dress, encryption encapsulation process are as shown in Figure 4;
Specifically, decryption is encapsulated: extracts ESP in data packet SPI values, SA table is searched for according to SPI value, then root
According to the information etc. in forwarding information, SA table, packet encapsulation, decryption encapsulation process such as Fig. 5 institute are completed according to the format of the close card of state
Show;
After S600, the close card of state receive message, the hardware encryption and decryption of complete paired data packet, then turn round and be sent to multicore
CPU;
After S700, multi-core CPU receive the data packet of revolution, corresponding processing is done to data packet, is sent out from the outlet of PE equipment
It goes out;
Specifically, for encrypting end, i.e., data packet is from private network side to public network side, after multi-core CPU receives the data packet of revolution,
According to forwarding table information, the information such as label, public network MAC and VLAN is packaged to message, and send out from the NNI of PE mouth, added
Close message sending process is as shown in Figure 6;
Specifically, for decrypting end, i.e. data packet is from public network side to private network side, after multi-core CPU receives the data packet of revolution,
Message is decapsulated, finds outgoing interface further according to Label Forwarding Information Base, is sent out from the UNI mouth of PE equipment, decryption message hair
Send process as shown in Figure 7;
From the foregoing, it will be observed that the application method the embodiment of the invention provides a kind of quantum key in VPWS business, makes VPWS
Business encrypted transmission in public network, and key is that quantum key is compared with traditional VPWS business, safety is guaranteed,
Make communicating pair more secure and reliable.
The above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;Although with reference to the foregoing embodiments
Invention is explained in detail, those skilled in the art should understand that: it still can be to aforementioned each implementation
Technical solution documented by example is modified or equivalent replacement of some of the technical features;And these modification or
Replacement, the spirit and scope for technical solution of various embodiments of the present invention that it does not separate the essence of the corresponding technical solution.
Claims (7)
1. a kind of application method of quantum key in VPWS business, it is characterised in that: the following steps are included:
S100, basic service used is correctly configured, guarantees that basic service is normal, including quantum cryptography configures, IPSEC is configured,
VPWS configuration, IPSEC use tunnel encapsulation mode;
Two layers of S200, configuration bridged cryptographic, by the UNI mouth and above-mentioned IPSEC tunnel interface bridge joint in VPWS business networking, table
Show that the VPWS business is encrypted based on the SA of the tunnel interface;
Described UNI mouthfuls be bridge joint enter to interface, for identifying pseudo-wire;
S300, when data packet enters PE equipment, exchange chip is without any processing, and data packet is directly redirected to multi-core CPU;
After S400, multi-core CPU receive data packet, judge whether the data packet received walks enciphering/deciphering process, if you do not need to plus
It is close, then walk normal VPWS forwarding;
S500, assume to judge that data packet needs to carry out enciphering/deciphering processing in step S400, then carry out encryption encapsulation to data packet
Or decryption encapsulation, packaged data packet is sent to the close card of state;
After S600, the close card of state receive message, the hardware encryption and decryption of complete paired data packet, then turn round and be sent to multi-core CPU;
After S700, multi-core CPU receive the data packet of revolution, corresponding processing is done to data packet, is sent out from the outlet of PE equipment.
2. application method of the quantum key according to claim 1 in VPWS business, it is characterised in that: the step
In S300:
The data packet enters PE equipment, including two kinds of situations: being on the one hand data packet enters PE equipment from UNI mouthfuls of private network side,
That is encryption flow;On the other hand be data packet from public network side NNI mouthful enter PE equipment, that is, decrypt process;
The exchange chip is without any processing, and data packet is directly redirected to multi-core CPU, and VPWS business is made to go weak forwarding flow
Journey is indifferent to the hardware feature of forwarding chip.
3. application method of the quantum key according to claim 2 in VPWS business, it is characterised in that: the step
It is described to judge whether data packet walks enciphering/deciphering process, including two aspects: to be on the one hand encryption flow in S400;On the other hand it is
Decrypt process;
For encryption flow, i.e., data packet enters PE equipment from UNI mouthfuls of private network side, and is redirected to multi-core CPU: looking into PE equipment
UNI mouth inbound port attribute list, judge the UNI mouthfuls and IPSEC tunnel interface bridge tags it is whether effective, if it is valid,
Encryption flow is walked, if in vain, walking normal VPWS process, not encrypting;
For decrypting process, i.e., data packet enters PE equipment for NNI mouthfuls from public network side, and is redirected to multi-core CPU: by data packet
Tag head peel off, decryption processing is then determined whether to according to the special field in data packet, if it is desired, then walk decryption stream
Otherwise journey walks normal VPWS process.
4. application method of the quantum key according to claim 3 in VPWS business, it is characterised in that: the step
In S500, the encryption encapsulation or decryption encapsulation refer to, seal according to the format of the close card of the tunnel IPSEC format and state to message
Dress, wherein the content encapsulated includes the encapsulation of the encapsulation of quantum key, the close clamp of ESP encapsulation and state;
Encryption is encapsulated: taking the IPSECACL under the tunnel face IPSEC, looks into ACL and hit to obtain SA index, according to the letter in SA table
Breath carries out two layers of encapsulation, the first encapsulation of the progress tunnel IPSEC format, then encapsulates according to the format of the close card of state;
Decryption is encapsulated: extracting ESP SPI values in data packet, according to SPI value search SA table, then according to forwarding information,
Information in SA table completes packet encapsulation according to the format of the close card of state.
5. application method of the quantum key according to claim 4 in VPWS business, it is characterised in that: the step
In S700,
For encrypting end, i.e., data packet is from private network side to public network side, after multi-core CPU receives the data packet of revolution, according to forwarding table
Information is packaged the information such as label, public network MAC and VLAN to message, and sends out from the NNI of PE mouth;
For decrypting end, i.e. data packet is from public network side to private network side, after multi-core CPU receives the data packet of revolution, carries out to message
Decapsulation, finds outgoing interface further according to Label Forwarding Information Base, sends out from the UNI mouth of PE equipment.
6. application method of the quantum key in VPWS business described in -5 any one according to claim 1, it is characterised in that:
Communication system used is built using quantum key management equipment and business data transmission equipment;
The quantum key management equipment is for generating quantum key and being handed down to traffic-carrying device;
The traffic-carrying device is the set for being used for transmission the equipment of VPWS business data packet.
7. application method of the quantum key according to claim 6 in VPWS business, it is characterised in that: the business passes
Transfer device at least will include two PE equipment.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811417083.9A CN109257174A (en) | 2018-11-26 | 2018-11-26 | A kind of application method of quantum key in VPWS business |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811417083.9A CN109257174A (en) | 2018-11-26 | 2018-11-26 | A kind of application method of quantum key in VPWS business |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109257174A true CN109257174A (en) | 2019-01-22 |
Family
ID=65042092
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811417083.9A Pending CN109257174A (en) | 2018-11-26 | 2018-11-26 | A kind of application method of quantum key in VPWS business |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109257174A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112491821A (en) * | 2020-11-12 | 2021-03-12 | 杭州迪普科技股份有限公司 | IPSec message forwarding method and device |
CN117221012A (en) * | 2023-11-07 | 2023-12-12 | 新华三技术有限公司 | Decryption and encryption method and device |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102904792A (en) * | 2012-09-21 | 2013-01-30 | 北京华为数字技术有限公司 | Service carrying method and router |
US20130322258A1 (en) * | 2012-06-05 | 2013-12-05 | Cisco Technology, Inc. | Managing trace requests over tunneled links |
CN104519055A (en) * | 2014-12-11 | 2015-04-15 | 曙光信息产业(北京)有限公司 | VPN (virtual private network) service implementation method, VPN service implementation device and VPN server |
CN107995086A (en) * | 2017-12-26 | 2018-05-04 | 南京航空航天大学 | A kind of method of business datum encrypted transmission in intelligence manufacture Internet of Things based on VPDN and IPSEC |
CN108616355A (en) * | 2018-05-03 | 2018-10-02 | 盛科网络(苏州)有限公司 | Software handshake negotiates the CAPWAP tunnel DTLS encipher-decipher methods of hardware enciphering and deciphering |
-
2018
- 2018-11-26 CN CN201811417083.9A patent/CN109257174A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20130322258A1 (en) * | 2012-06-05 | 2013-12-05 | Cisco Technology, Inc. | Managing trace requests over tunneled links |
CN102904792A (en) * | 2012-09-21 | 2013-01-30 | 北京华为数字技术有限公司 | Service carrying method and router |
CN104519055A (en) * | 2014-12-11 | 2015-04-15 | 曙光信息产业(北京)有限公司 | VPN (virtual private network) service implementation method, VPN service implementation device and VPN server |
CN107995086A (en) * | 2017-12-26 | 2018-05-04 | 南京航空航天大学 | A kind of method of business datum encrypted transmission in intelligence manufacture Internet of Things based on VPDN and IPSEC |
CN108616355A (en) * | 2018-05-03 | 2018-10-02 | 盛科网络(苏州)有限公司 | Software handshake negotiates the CAPWAP tunnel DTLS encipher-decipher methods of hardware enciphering and deciphering |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112491821A (en) * | 2020-11-12 | 2021-03-12 | 杭州迪普科技股份有限公司 | IPSec message forwarding method and device |
CN112491821B (en) * | 2020-11-12 | 2022-05-31 | 杭州迪普科技股份有限公司 | IPSec message forwarding method and device |
CN117221012A (en) * | 2023-11-07 | 2023-12-12 | 新华三技术有限公司 | Decryption and encryption method and device |
CN117221012B (en) * | 2023-11-07 | 2024-01-26 | 新华三技术有限公司 | Decryption and encryption method and device |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107453869B (en) | A method of realizing the IPSecVPN of quantum safety | |
CN107294711B (en) | Power information intranet message encryption issuing method based on VXLAN technology | |
US8379638B2 (en) | Security encapsulation of ethernet frames | |
CN107104977B (en) | Block chain data secure transmission method based on SCTP | |
CN109088870A (en) | A kind of method of new energy plant stand generator unit acquisition terminal secure accessing platform | |
CN102035845B (en) | Switching equipment for supporting link layer secrecy transmission and data processing method thereof | |
CN104660602A (en) | Quantum key transmission control method and system | |
Khan et al. | Design and implementation of security gateway for synchrophasor based real-time control and monitoring in smart grid | |
JP2006148982A (en) | Security method for transmission in telecommunication network | |
CN102057615B (en) | The system and method that the multiple connections packet associated with security association by concatenating reduces encryption overhead | |
CN109104428A (en) | Internet of things data quantum encrypted transmission equipment and transmission method | |
CN104468126B (en) | A kind of safe communication system and method | |
CN107040446A (en) | A kind of vpn tunneling protocol implementing method | |
CN104883372B (en) | A kind of data transmission method of anti-fraud and attack resistance based on mobile Ad hoc network | |
US9106618B2 (en) | Control plane encryption in IP/MPLS networks | |
CN109257174A (en) | A kind of application method of quantum key in VPWS business | |
CN103167489B (en) | The wireless public network means of communication with security protection in electric power system | |
JP3789098B2 (en) | Network system, network access device, network server, and network access control method | |
KR101329968B1 (en) | Method and system for determining security policy among ipsec vpn devices | |
CN107995086A (en) | A kind of method of business datum encrypted transmission in intelligence manufacture Internet of Things based on VPDN and IPSEC | |
CN109257388A (en) | Pseudo-wire encryption method in a kind of MPLS-TP | |
CN107454116A (en) | The optimization method and device of IPsec ESP agreements under single tunnel mode | |
CN109361684B (en) | Dynamic encryption method and system for VXLAN tunnel | |
Dubroca | MACsec: Encryption for the wired LAN | |
KR101886367B1 (en) | Generation of device individual session key in inter-object communication network and verification of encryption and decryption function between devices using it |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190122 |
|
RJ01 | Rejection of invention patent application after publication |