CN109547470A - Protect electrical isolation wall method, the apparatus and system of network space safety - Google Patents
Protect electrical isolation wall method, the apparatus and system of network space safety Download PDFInfo
- Publication number
- CN109547470A CN109547470A CN201811563516.1A CN201811563516A CN109547470A CN 109547470 A CN109547470 A CN 109547470A CN 201811563516 A CN201811563516 A CN 201811563516A CN 109547470 A CN109547470 A CN 109547470A
- Authority
- CN
- China
- Prior art keywords
- cyberspace
- authentication
- user terminal
- mapping
- identity
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
Abstract
The present invention provides a kind of electrical isolation wall method, apparatus and systems for protecting network space safety, including establishing authentic authentication and secure connection between the first network space and the second cyberspace being isolated by electronic wall;User terminal carries out cyberspace registration to the cyberspace that initial request accesses, and the separation mapping of safety certification and identity and network is carried out to the cyberspace;When user accesses to the second cyberspace application except the first network space being currently accessed, user terminal carries out cyberspace registration to second cyberspace, and is mapped according to the certification of identity semiology analysis across a network space safety and the separation of identity and network registered in second cyberspace.This method solve user identity in cyberspace, the safety problem of position and behavior privacy.
Description
Technical field
The present invention relates to technical field of the computer network more particularly to a kind of electrical isolation walls for protecting network space safety
Method, apparatus and system.
Background technique
With the development of information technology, people are not obtaining using internet and are manufacturing information all the time.However, interconnection
The massive information of wide-scale distribution is also that it brings greatly security risk in net, threatens the sound development of internet.For example,
Forgery and illegal imitation of brand-name products person can capture the identity information of ordinary user, and then reset and forge the data flow of the user to attack other people,
Attacker can also carry out DDoS (Distributed Denial of to it by the identity and location information of user
Service, distributed denial of service) attack, What is more by the data flow of tracking and monitoring user, and to spy upon user behavior hidden
It is private.Therefore, carrying out protection to user identity, position, behavior privacy and safety is to ensure that internet sound development is essential.
Since comprehensive cyberspace will be present in Future Internet, complicated application scenarios and diversified industry are faced
Business demand and Internet resources etc..Therefore, " electronic wall " can establish according to different environment and different demands, divides different
Cyberspace, and be managed collectively by global consolidated control centre.For example, according to different agreement, traditional IPv4 network
Two cyberspaces can be divided into IPv6 network;According to different frequency range, satellite network, 3G/4G cellular network and Wi-Fi net
Network can also be divided into three cyberspaces.In this case, it solves user and is in single network space and in multiple nets
The identity in network space, position, behavior privacy and safety problem are extremely urgent.
User security isolation mech isolation test in the prior art, which mainly concentrates on, is guaranteeing that trusted user communication is smoothly same
When, it prevents malicious intrusions, leaking data and safety management etc. is carried out to user behavior privacy.Wherein, typically representing mechanism has
The mode of aaa authentication carries out authentication to user, using firewall and NAT (Network Address Translation,
Network address translation) etc. safety prevention measures ensure user terminal safety, using IPSec (Security Architecture
For IP network, IP layer protocol safeguard construction) and GRE (Generic Routing Encapsulation, general routing
Encapsulation) etc. encryption tunneling ensure data information safe transmission.But the shortcomings that these prior arts are as follows: when user's end
Hold when being switched to another new access net from the access net in a Geju City, need with new access network re-authentication, and according to
Whether user security demand and the negotiation of new access net security deployment state update firewall system, and whether enable IPSec
Deng operation, the time of these interactive processes and operation consuming generates longer communication delay, hence it is evident that is unable to satisfy time delay sensitive type
Business demand;Moreover, user terminal needs to establish multiple safe mechanism with full when a user is in multiple cyberspaces
The different demand for security of foot, seriously increases the load of user terminal;In addition, user identity and network in conventional internet
Binding characteristic can also make user terminal be easier to be attacked, for example, IP address of the attacker by acquisition user, so that it may straight
It connects and the user is attacked.More serious situation is, when being in multiple user terminals by malicious attack for one, to close therewith
All users of connection will face the risk attacked.
Therefore, growing user demand is unable to satisfy applied to the security mechanism in conventional internet, it is difficult to adapt to
The variation of Future Internet user security problem, conventional internet framework are also that cyberspace safety belt carrys out potential threat, it is difficult to
User identity, position, behavior privacy and safety are protected.
Summary of the invention
The present invention provides a kind of electrical isolation wall method, apparatus and systems for protecting network space safety, to solve net
User identity, position, behavior privacy and safe problem in network space.
To achieve the goals above, this invention takes following technical solutions.
According to an aspect of the invention, there is provided a kind of electrical isolation wall method for protecting network space safety, comprising:
Authentic authentication is established between the first network space and the second cyberspace being isolated by electronic wall and safety connects
It connects;
User terminal carries out cyberspace registration to the cyberspace that initial request accesses, and carries out to the cyberspace
The separation of safety certification and identity and network maps;
When user to except the first network space being currently accessed the second cyberspace application access when, user terminal to
Second cyberspace carries out cyberspace registration, and according to the identity semiology analysis registered in second cyberspace
The certification of across a network space safety and the separation of identity and network mapping.
Further, described to be built between the first network space being isolated by electronic wall and the second cyberspace
Vertical authentic authentication and secure connection, comprising:
Respectively to other side's advertised information, both sides respectively carry out the information received for first network space and the second cyberspace
Verifying after both sides are proved to be successful, saves connection relationship in the mapping server device to respective cyberspace, and send respectively
Negotiate signaling, after negotiating signaling success, establishes and save secure virtual designated lane, by secure virtual designated lane mapping relations
It is stored in respective mapping server device, and issues map updating instruction to respective cyberspace, guide user's message
It spreads defeated.
Further, the method further include electronic wall isolation adjacent networks space between establish authentic authentication and
After secure connection, the cyberspace regularly sends detection signaling, maintains the connection status of secure virtual designated lane.
Further, the cyberspace, which is registered, includes:
S41 user terminal sends registration request and relevant information to cyberspace;
The registration request and relevant information that cyberspace described in S42 is sent according to user terminal, in the certification of cyberspace
Central server device selects a unused identity symbol from identity symbolic library, by the registering result comprising the identity symbol
Encryption returns to the user terminal;
S43 user terminal saves the registering result.
Further, the user terminal carries out the separation of safety certification and identity and network to the cyberspace
Mapping, specifically includes:
S501 user terminal is to the cyberspace application access authentication;
After the couple in router of cyberspace described in S502 receives the certification request of user, judge that the user terminal uses
Identity whether be the cyberspace identity, if it is, response user certification request and execute S503,
Otherwise the certification request is forwarded according to mapping relations;
After S503 user terminal receives authentication response message, parameters for authentication is sent to the couple in router of cyberspace;
Couple in router described in S504 receives parameters for authentication message, and the access symbol of terminal is added, forwards that message to
Authentication center's server unit of the cyberspace is inquired;
Authentication center's server unit of cyberspace described in S505 receives authentication challenge message, according to connecing for user terminal
Enter the end message list of cyberspace described in symbol inquiry, and information is encrypted by Encryption Algorithm and is compared, by comparing result
It is returned as inquiry;
S506: couple in router receives inquiry and returns to message, is transmitted to user end certification as a result, if authentication result is
Failure then stops executing subsequent step;If authentication result is successfully, to then follow the steps S57;
S507 couple in router is closed to the mapping that mapping server device reports routing symbol and user terminal access symbol
Mapping relations are stored and issue map updating into mapping object list, and to the cyberspace by system, mapping server device
Instruction.
Further, the user that works as recognizes to the second cyberspace application except the first network space being currently accessed
When card access, user terminal is registered to second cyberspace, and according to the identity registered in second cyberspace
The certification of semiology analysis across a network space safety and the separation of identity and network mapping, comprising:
S601 is used when user accesses to the second cyberspace application authentication except the first network space being currently accessed
Family terminal is registered to second cyberspace;
S602 user terminal is to the second cyberspace application access authentication;
When the first couple in router in S603 first network space receives the certification request of user, judge what user used
It is not the identity in first network space, then the certification request is forwarded to secure virtual according to the mapping relations of cyberspace
The starting point of designated lane;
The certification request is carried out secure package by secure virtual designated lane starting point described in S604, and is forwarded to second
Secure virtual designated lane opposite end in cyberspace;
Secure virtual designated lane opposite end described in S605 decapsulates message, user in the request message after judging decapsulation
Use it is no be the second cyberspace identity, be to then follow the steps S66, otherwise forwarded according to mapping relations;
The secure virtual designated lane opposite end S606 is the second couple in router in the second cyberspace, second access
Router replys authentication response to user terminal, and the authentication response message passes through secure virtual designated lane according to mapping relations
It is back to user terminal;
User terminal described in S607 receives authentication response message, recognizes to the transmission of the second couple in router of the second cyberspace
Demonstrate,prove parameter;
When second couple in router of the second cyberspace of S608 receives parameters for authentication message, the access symbol of terminal is added
Number, the authentication center's server unit for forwarding that message to the second cyberspace is inquired;
Authentication center's server unit of the second cyberspace of S609 receives authentication challenge message, according to connecing for user terminal
Enter the end message list of the second cyberspace of symbol inquiry, and information is encrypted by Encryption Algorithm and is compared, by comparing result
It is returned as inquiry;
The second couple in router of S610 receives inquiry and returns to message, is turned according to mapping relations by secure virtual designated lane
User terminal is issued, if authentication result is failure, stops executing subsequent step;If authentication result is successfully, to execute
Step is closed to the mapping that the mapping server device of the second cyberspace reports itself routing symbol and user terminal identity symbol
System;
When the mapping server device of the second cyberspace of S611 receives the message that mapping is reported, mapping relations storage is arrived
In the mapping object list of second cyberspace, and map updating instruction is issued to the second cyberspace.
According to another aspect of the present invention, a kind of electrical isolation wall device for protecting network space safety, packet are provided
It includes: cyberspace manager, couple in router MAR, edge access router EAR and user terminal;
The cyberspace manager, for managing the authentic authentication between the cyberspace and other cyberspaces
And secure connection, the separation mapping of safety certification and identity and network between the user terminal and cyberspace, inter-network
The safety certification and identity of network and the separation mapping of network;
The MAR, for providing a variety of linking Internets for user;
The EAR, for establishing connection with other cyberspaces.
Further, the cyberspace manager include: authentication center's server unit, mapping server device and
Channel server device:
Authentication center's server unit for receiving the information of other cyberspaces transmission, and passes through verifying institute
Whether the information stated is credible to complete to authenticate, and the registration request for receiving user terminal transmission, Xiang Suoshu user terminal
The registration response comprising the not used access symbol selected from home banking is returned, while the correlation of the user terminal being believed
Breath storage is into end message list;It is inquired and is responded to authentication challenge message is received;
The mapping server device, the connection relationship of the EAR for saving the EAR and other cyberspaces,
The connection relationship of the MAR and the user terminal reply mapping relations and respond and issue map updating to the cyberspace
Instruction;
The Channel server device, for sending and receiving the negotiation packet for establishing secure virtual designated lane, with
And it replys and negotiates response and carry out peer authentication according to authentication mechanism is negotiated.
Further, authentication center's server unit include messaging interface, registration module, authentication module with
And home banking and end message list database, the mapping server device include messaging interface, mapping block with
And map listing, the Channel server contain messaging interface, exit passageway module and peer list.
According to another aspect of the present invention, a kind of electrical isolation wall system for protecting network space safety, institute are provided
The system stated includes at least described device, and it is virtual that the system by the Channel server of described device establishes equipment safety
Designated lane realizes peer authentication between cyberspace using equipment safety virtual private channel.
The technical side provided by electrical isolation wall method, the apparatus and system of the protection network space safety of aforementioned present invention
It is as follows that case can be seen that beneficial effects of the present invention:
The cyberspace that electronic wall is isolated in the present invention is provided by authentic authentication and secure connection for each cyberspace
Separate space and exit passageway provide basic guarantee for the identity of user, position, behavior privacy and safety etc.;
It is further network by user safety authentication and identity/network separation mapping inside cyberspace in the present invention
The identity and location privacy of user provides safely guarantee in space;
The safety certification in across a network space and identity/network separation mapping in the present invention, by user in heterogeneous networks sky
Between identity symbol realize that identity is isolated with cyberspace, be further the identity of user, position, behavior personal secrets provide guarantor
Card.
The additional aspect of the present invention and advantage will be set forth in part in the description, these will become from the following description
Obviously, or practice through the invention is recognized.
Detailed description of the invention
In order to illustrate the technical solution of the embodiments of the present invention more clearly, required use in being described below to embodiment
Attached drawing be briefly described, it should be apparent that, drawings in the following description are only some embodiments of the invention, for this
For the those of ordinary skill of field, without creative efforts, it can also be obtained according to these attached drawings others
Attached drawing.
Fig. 1 is a kind of electrical isolation wall method flow chart of protection network space safety of the embodiment of the present invention 1;
Fig. 2 is a kind of electrical isolation wall device schematic diagram of protection network space safety of the embodiment of the present invention 1;
Fig. 3 is user's electronic wall shielding system schematic diagram of the Future Internet of embodiment 2;
Fig. 4 is management layer block schematic illustration in the cyberspace of embodiment 2;
Fig. 5 is the signalling interactive process schematic diagram of certification and secure connection between two cyberspaces of embodiment 2;
Fig. 6 is the signalling interactive process schematic diagram that the user of embodiment 2 is locally registered, authenticates and maps in cyberspace;
Fig. 7 is the signaling friendship of the user registration of across a network space, certification, the mapping between two cyberspaces of embodiment 2
Mutual process schematic;
Fig. 8 is that the user of embodiment 2 passes through method schematic diagram of the cyberspace safety insulating device across space communication.
Specific embodiment
Embodiments of the present invention are described below in detail, the example of the embodiment is shown in the accompanying drawings, wherein from beginning
Same or similar element or element with the same or similar functions are indicated to same or similar label eventually.Below by ginseng
The embodiment for examining attached drawing description is exemplary, and for explaining only the invention, and is not construed as limiting the claims.
Those skilled in the art of the present technique are appreciated that unless expressly stated, singular " one " used herein, " one
It is a ", " described " and "the" may also comprise plural form.It is to be further understood that being arranged used in specification of the invention
Diction " comprising " refer to that there are the feature, integer, step, operation, element and/or component, but it is not excluded that in the presence of or addition
Other one or more features, integer, step, operation, element, component and/or their group.It should be understood that when we claim member
Part is " connected " or when " coupled " to another element, it can be directly connected or coupled to other elements, or there may also be
Intermediary element.Wording "and/or" used herein includes one or more associated any cells for listing item and whole
Combination.
Those skilled in the art of the present technique are appreciated that unless otherwise defined, all terms used herein (including technology art
Language and scientific term) there is meaning identical with the general understanding of those of ordinary skill in fields of the present invention.Should also
Understand, those terms such as defined in the general dictionary, which should be understood that, to be had and the meaning in the context of the prior art
The consistent meaning of justice, and unless defined as here, it will not be explained in an idealized or overly formal meaning.
In order to facilitate understanding of embodiments of the present invention, further by taking specific embodiment as an example below in conjunction with attached drawing to be solved
Explanation is released, and each embodiment does not constitute the restriction to the embodiment of the present invention.
The electrical isolation wall method of a kind of protection network space safety of the embodiment of the present invention, it is intended to be pacified by cyberspace
Full isolation, the certification of user identity symbol and mapping solve user disparate networks space interior and between safety, privacy concern.
Embodiment 1
Fig. 1 is a kind of electrical isolation wall method flow chart of protection network space safety of the embodiment of the present invention 1, comprising:
S1 established between the first network space being isolated by electronic wall and the second cyberspace authentic authentication and
Secure connection.
Authentic authentication and peace are established between the first network space being isolated by electronic wall and the second cyberspace
Full connection, comprising:
Respectively to other side's advertised information, both sides respectively carry out the information received for first network space and the second cyberspace
Verifying after both sides are proved to be successful, saves connection relationship in the mapping server device to respective cyberspace, and send respectively
Negotiate signaling, after negotiating signaling success, establishes and save secure virtual designated lane, by secure virtual designated lane mapping relations
It is stored in respective mapping server device, and issues map updating instruction to respective cyberspace, guide user's message
It spreads defeated.
Specifically comprise the following steps:
S101: first network space and the second cyberspace notice oneself cyberspace information, key etc. to other side respectively,
Whether this type of information is used to verify other side credible;
S102: when first network space and the second cyberspace receive the information such as the space of other side, key, respectively by close
Whether key mechanism etc. verifies other side credible;
S103: when the inquiry knot that at least one cyberspace receives in the first network space and the second cyberspace
When fruit shows that other side is insincere, the cyberspace for receiving insincere result sends refuse information to insincere other side;When described
When first network space and the second cyberspace receive query result and show that other side is credible, first network space and the second network
Space executes S104;
S104: authentication center's server unit of first network space and the second cyberspace is further completed to authenticate, and builds
Vertical connection relationship, and connection relationship is stored in respective mapping server device;
S105: it is dedicated logical that secure virtual is established in the negotiation of the Channel server device of first network space and the second cyberspace
Road sends and negotiates signaling comprising encryption mechanism, authentication mechanism, exit passageway attribute etc.;
S106: it when receiving negotiation signaling, when a both sides at least side disagrees the content of negotiation signaling of other side, then sends out
Refusal is sent to establish exit passageway message;When both sides agree to the content of negotiation signaling of other side, step S107 is executed:
S107: the first network space and the second cyberspace carries out peer authentication according to authentication mechanism is negotiated,
Other side is added in the peer list of Channel server device according to authentication response, and safety is established according to exit passageway attribute
Virtual private channel;
S108: secure virtual designated lane mapping relations are stored in by the first network space and the second cyberspace
In respective mapping server device, and map updating instruction is issued to respective cyberspace, and user's message is guided to spread
It is defeated;
S109: the Channel server device in the first network space and the second cyberspace regularly sends detection letter
It enables, maintains passage connection state.
When establishing authentic authentication and secure connection by the adjacent networks space initial negotiation that electronic wall is isolated, both sides' difference
Oneself cyberspace information, key etc. are noticed, corresponding operation is executed, negotiates interaction signaling and is derived from step by step according to corresponding scene.
The cyberspace that S2 user terminal accesses initial request carries out cyberspace registration, and to the cyberspace into
The separation of row safety certification and identity and network maps.
When user's initial request accesses the cyberspace, user terminal is registered to this cyberspace first, by itself
Identity information, end message, authentication key etc. send authentication center's service of the cyberspace to the communication means of safety
Device device, authentication center's server unit and mapping server device execute sky according to the identity symbol and accordingly result of registration
Between internal security certification with identity/network separate mapping.
Wherein, user terminal carries out the separation mapping of safety certification and identity and network to the cyberspace, specifically
Include the following steps:
S201: user terminal is to the cyberspace application access authentication;
S202: after the couple in router of the cyberspace receives the certification request of user, judge that the user terminal makes
Whether identity is the identity of the cyberspace, if it is, responding the certification request of user and executing step
Rapid 3, otherwise the certification request is forwarded according to mapping relations;
S203: after user terminal receives authentication response message, the certifications such as physical address, identity symbol, key ginseng will be included
Number is sent to the couple in router of cyberspace;
S204: the couple in router receives parameters for authentication message, and the access symbol of terminal is added, forwards that message to
Authentication center's server unit of the cyberspace is inquired;
S205: authentication center's server unit of the cyberspace receives authentication challenge message, according to user terminal
The end message list of cyberspace described in symbol inquiry is accessed, and information is encrypted by Encryption Algorithm and is compared, comparison is tied
Fruit returns as inquiry;
S206: couple in router receives inquiry and returns to message, is transmitted to user end certification as a result, if authentication result is
Failure then stops executing subsequent step;If authentication result is successfully, to then follow the steps S207;
S207: couple in router is closed to the mapping that mapping server device reports routing symbol and user terminal access symbol
Mapping relations are stored and issue map updating into mapping object list, and to the cyberspace by system, mapping server device
Instruction.
S3 is when user accesses to the second cyberspace application except the first network space being currently accessed, user terminal
Cyberspace registration is carried out to second cyberspace, and is held according to the identity symbol registered in second cyberspace
The certification of row across a network space safety and the separation of identity and network mapping, specifically comprise the following steps:
S301: when user accesses to the second cyberspace application authentication except the first network space being currently accessed,
User terminal is registered to second cyberspace;
S302: user terminal is to the second cyberspace application access authentication;
S303: when the first couple in router in first network space receives the certification request of user, judge that user uses
Be not first network space identity, then the certification request is forwarded to safe void according to the mapping relations of cyberspace
The starting point of quasi- designated lane;
S304: the certification request is carried out secure package by secure virtual designated lane starting point, and is forwarded to the
Secure virtual designated lane opposite end in two cyberspaces;
S305: secure virtual designated lane opposite end decapsulates message, uses in the request message after judging decapsulation
Family use it is no be the second cyberspace identity, be to then follow the steps S306, otherwise forwarded according to mapping relations;
S306: secure virtual designated lane opposite end is the second couple in router in the second cyberspace, and described second connects
Enter router and reply authentication response to user terminal, the authentication response message is dedicated logical by secure virtual according to mapping relations
Road is back to user terminal;
S307: the user terminal receives authentication response message, sends to the second couple in router of the second cyberspace
Include the parameters for authentication such as physical address, identity symbol, key;
When second couple in router of the S308: the second cyberspace receives parameters for authentication message, the access symbol of terminal is added
Number, the authentication center's server unit for forwarding that message to the second cyberspace is inquired;
Authentication center's server unit of S309: the second cyberspace receives authentication challenge message, according to user terminal
The end message list of the second cyberspace of symbol inquiry is accessed, and information is encrypted by Encryption Algorithm and is compared, comparison is tied
Fruit returns as inquiry;
S310: the second couple in router receives inquiry and returns to message, passes through secure virtual designated lane according to mapping relations
It is transmitted to user terminal, if authentication result is failure, stops executing subsequent step;If authentication result is successfully, to hold
Row step reports the mapping of itself routing symbol Yu user terminal identity symbol to the mapping server device of the second cyberspace
Relationship;
When the mapping server device of S311: the second cyberspace receives the message that mapping is reported, mapping relations are stored
Map updating instruction is issued into the mapping object list of the second cyberspace, and to the second cyberspace.
Preferably, cyberspace, which is registered, includes:
S41 user terminal sends registration request and relevant information to cyberspace;
The registration request and relevant information that cyberspace described in S42 is sent according to user terminal, in the certification of cyberspace
Central server device selects a unused identity symbol from identity symbolic library, by the registering result comprising the identity symbol
Encryption returns to the user terminal;
S43 user terminal saves the registering result.
Fig. 2 is a kind of electrical isolation wall device schematic diagram of protection network space safety of the embodiment of the present invention 1, referring to figure
2, which includes: cyberspace manager, couple in router (MultipleAccess Router, MAR), edge access road
By device (Edge Access Router, EAR), broad sense Switch Router (General Switch Router, GSR) and user
Terminal.
Cyberspace manager, for managing authentic authentication and safety between the cyberspace and other cyberspaces
Connection, the separation mapping of safety certification and identity and network between the user terminal and cyberspace, the peace of across a network
Full certification and the separation of identity and network mapping;
MAR, for providing a variety of linking Internets for user;
EAR, for establishing connection with other cyberspaces;
GSR, for transmitting the routing iinformation of exchange routing symbol.
Preferably, cyberspace manager includes: authentication center's server unit, mapping server device and channel service
Device device.
Authentication center's server unit, for receiving the information of other cyberspaces transmission, and the letter described by verifying
Whether breath is credible to complete to authenticate, and the registration request for receiving user terminal transmission, Xiang Suoshu user terminal return to packet
Registration response containing the not used access symbol selected from home banking, while the relevant information of the user terminal being stored
Into end message list;It is inquired and is responded to authentication challenge message is received.
Mapping server device, the connection relationship of the EAR for saving the EAR and other cyberspaces, the MAR
With the connection relationship of the user terminal, replys mapping relations response and issue map updating instruction to the cyberspace.
Channel server device, for sending and receiving the negotiation packet for establishing secure virtual designated lane, and reply
Negotiate response and carries out peer authentication according to authentication mechanism is negotiated.
Preferably, authentication center's server unit includes messaging interface, registration module, authentication module and home banking
With end message list database, the mapping server device includes messaging interface, mapping block and mapping column
Table, the Channel server contain messaging interface, exit passageway module and peer list.
Further, described the embodiment of the invention provides a kind of electrical isolation wall system for protecting network space safety
System contain at least two devices discussed above, the system is established device by the Channel server of described device and is pacified
Peer authentication between cyberspace is realized using equipment safety virtual private channel in full virtual private channel.
Embodiment 2
The embodiment of the present invention 2 provides a kind of user's electronic wall partition method for Future Internet, and Fig. 3 is this implementation
User's electronic wall shielding system schematic diagram of the Future Internet of example 2, as shown in figure 3, two cyberspace (1 Hes of cyberspace
Cyberspace 2) it is isolated by electronic wall.According to the division of Figure 13 topological diagram, each cyberspace is divided into two sides level, manages
Level and exchange routing level.In management layer, authentication center's device, mapping server device and channel clothes are arranged in cyberspace
Business device device, is referred to as cyberspace manager AM.In exchange routing level, major deployments include multiple access router
(Multiple Access Router, MAR), broad sense Switch Router (General Switch Router, GSR), edge connect
Enter the infrastructure such as router (Edge Access Router, EAR) and user terminal, wherein MAR is mainly that user's offer is more
The router of kind linking Internet, GSR are used for data forwarding, and EAR mainly establishes connection with other cyberspaces.
Further, Fig. 4 is management layer block schematic illustration in the cyberspace of the present embodiment 2, as shown in figure 4, definition
The major function frame of management layer server unit includes authentication center's server unit, mapping server device and channel
The module frame of server.Authentication center's server unit includes messaging interface, registration module, authentication module and mark
Library and end message list database.Mapping server device includes messaging interface, mapping block and map listing.It is logical
Road server contains messaging interface, exit passageway module and peer list.
Further, by illustrating the signalling interactive process of cyberspace safety insulating device in conjunction with Fig. 3 to Fig. 7, mainly
Include three parts: authenticating the signalling interactive process with secure connection between two cyberspaces, user is inside cyberspace
Registration, certification, signalling interactive process and user the across a network space between two cyberspaces mapped are registered, authenticate, are reflected
The signalling interactive process penetrated.
Fig. 5 is the signalling interactive process schematic diagram of certification and secure connection between two cyberspaces of the present embodiment, such as
Shown in Fig. 5, specific signalling interactive process is as follows:
1a) cyberspace 1 and spatial network 2 notice the information such as oneself cyberspace information, key to other side respectively, described
Whether information is used to verify other side credible;
2a) the cyberspace manager AM1 of cyberspace 1 and the cyberspace manager AM2 of cyberspace 2 receive other side
The information such as space, key when, it is whether credible by verifying other side such as key mechanisms in authentication center's server unit respectively;
When 3a) query result that AM1 and AM2 receives authentication center's server unit shows that other side is credible, authentication center
Server unit is further completed to authenticate, the edge access router EAR1 by cyberspace 1 and the side by cyberspace 2
Edge couple in router EAR2 establishes a connection, and connection relationship is stored in respective mapping device;
4a) the Channel server device of AM1 establishes secure virtual designated lane to the transmission of the Channel server device of AM2
Negotiation packet, message include encryption mechanism, authentication mechanism, exit passageway attribute etc.;
5a) the Channel server device of AM2 receives negotiation packet, and inquiry cyberspace 2 is subjected to the correlation of cyberspace 1
Mechanism and channel attributes reply to other side and negotiate response:
6a) the Channel server device of AM1 carries out peer authentication according to authentication mechanism is negotiated;
7a) other side is added in peer list according to authentication response for Channel server device;
8a) Channel server device establishes secure virtual designated lane in EAR1 and EAR2 according to exit passageway attribute, will
Secure virtual designated lane mapping relations are stored in respective mapping server device;
9a) AM1 and AM2 issues map updating instruction to respective cyberspace, and guidance user's message spreads defeated;
10a) EAR1 and EAR2 regularly sends detection signaling, maintains exit passageway connection.
Fig. 6 is the signalling interactive process schematic diagram that the present embodiment user is locally registered, authenticates and maps in cyberspace, such as
Shown in Fig. 6, specific Signalling exchange is as follows:
1b) terminal 1 is registered to cyberspace 1, by the note comprising the end messages such as MAC1, UID1, key1 and authentication key
Volume request is sent to the AM1 of cyberspace 1;
After 2b) AM1 receives the registration request of terminal 1, selected from the home banking of authentication center's server unit unused
Access symbol AID1, and this is denoted as in home banking and has been used, returned to the registration comprising AID1 to terminal 1 and respond, simultaneously
The relevant information of terminal 1 is stored into end message list;
3b) terminal 1 receives registration response message, saves oneself in the identity symbol of the cyberspace, to 1 Shen of cyberspace
It please access authentication;
4b) MAR1 receives the certification request of terminal 1, judges that user uses the identity in the cyberspace
AID1 replys authentication response;
5b) terminal 1 receives authentication response message, sends to MAR1 comprising parameters for authentication such as MAC1, UID1, key1;
6b) MAR1 receives parameters for authentication, and the access symbol AID1 of terminal is added, and forwards that message to recognizing in AM1
Card central server is inquired;
7b) authentication center's server of AM1 receives authentication challenge message, according to the access symbol inquiry terminal of user terminal
Information list, and information is encrypted by Encryption Algorithm and is compared, it is returned comparing result as inquiry;
8b) MAR1 receives inquiry and returns to message, is transmitted to user end certification result;
After 9b) authenticating successfully, mapping server of the MAR1 into AM1 reports itself routing symbol RID1 and user terminal body
The mapping relations of part symbol AID1;
When 10b) mapping server device receives the message that mapping is reported, by mapping relations storage to mapping server device
Map listing in, reply mapping relations response, and to cyberspace issue map updating instruction.
Fig. 7 is the signalling interactive process signal of the user's registration of across a network space, certification, mapping between two cyberspaces
Figure.It should be noted that the premise of this interactive process is that two cyberspaces have already passed through authentic authentication, secure virtual is established
Designated lane.As shown in fig. 7, specific signalling interactive process is as follows:
When 1c) terminal 1 is registered to cyberspace 2, terminal 1 passes through authentication center server of the safety communicating method to AM2
Device sends registration request, and registration request includes MAC1, UID1, key1 etc.;
After 2c) AM2 authentication center server unit receives the registration request of terminal 1, from authentication center's server unit
Not used access symbol XID2 is selected in home banking, and this is denoted as in home banking and has been used, and includes to the return of terminal 1
The registration of XID2 responds, while by the storage of the relevant information of terminal 1 into end message list;
3c) terminal 1 sends across space certification request to AM2;
When 4c) MAR1 receives the certification request of terminal 1, judging the identity used not is 1 internal indicator of cyberspace,
EAR1 is forwarded to according to mapping relations;
When 5c) EAR1 is received across the next certification request in space, which is carried out by safety according to exit passageway attribute
Encapsulation, the secure virtual designated lane opposite end EAR2 being sent in cyberspace 2;
6c) EAR2 decapsulates message, judges that the message is to return to the certification request of cyberspace 2 by exit passageway
Multiple across space authentication response;
When 7c) EAR1 receives the message of exit passageway opposite end, message is decapsulated, is transmitted to MAR1 according to mapping relations;
8c) MAR1 receives across space authentication response, is sent to terminal 1;
9c) terminal 1 receives across space authentication response message, sends to EAR2 comprising the certifications such as MAC1, UID1, key1 ginseng
Number;
When 10c) MAR1 receives across the space parameters for authentication of terminal 1, judging the identity used not is in cyberspace 1
Portion's mark, is forwarded to EAR1 according to mapping relations;
When 11c) EAR1 receives across space parameters for authentication, across the space parameters for authentication is pacified according to exit passageway attribute
Full encapsulation, the secure virtual designated lane opposite end EAR2 being sent in cyberspace 2;
12c) EAR2 decapsulates message, judges that the message is across space parameters for authentication, by the identity symbol XID2 of terminal 1
It joins message, the authentication center's server unit for forwarding the message to AM2 is inquired;
After 13c) authentication center's server unit of AM2 receives authentication challenge, according to the access symbol inquiry terminal of terminal 1
Information list, and information is encrypted by Encryption Algorithm and is compared, it is returned comparing result as inquiry;
14c) EAR2 is received after inquiry returns to message, by exit passageway to 1 return authentication result of terminal;
When 15c) EAR1 receives the message of exit passageway opposite end, message is decapsulated, is transmitted to MAR1 according to mapping relations;
16c) MAR1 receives authentication result, is sent to terminal 1;
After 17c) authenticating successfully, EAR2 reports the mapping relations of XID2 and RID44 to the mapping server of AM2;
18c) simultaneously to the mapping relations of exit passageway opposite end EAR1 more new terminal 1 and EAR1;
When 19c) mapping server of AM2 receives the message that mapping is reported, by mapping relations storage into map listing, return
Multiple mapping relations report response, and issue map updating instruction to cyberspace 2;
20c) EAR1 replys mapping relations update response to EAR2.
Further, Fig. 8 is the user of the present embodiment by method of the cyberspace safety insulating device across space communication
Schematic diagram illustrates the present invention to the identity of user terminal, position, privacy and peace by the specific embodiment of Fig. 8 communication process
Full guarantee.In Fig. 8, user terminal 1 respectively to cyberspace 1 and 2 authentication registration of cyberspace, obtains cyberspace 1
2 identity symbol XID2 of identity symbol AID1 and cyberspace, and mapping relations are established with MAR1 and EAR2.User terminal 2 is
To 2 authentication registration of cyberspace, 2 identity symbol XID1 of cyberspace is obtained, and establishes mapping relations with MAR2.In cyberspace
Global update, terminal 1 and the communication process of terminal 2 are specific as follows for mapping relations between portion and cyberspace:
When 1d) terminal 1 sends request of data to terminal 2, it is sent to MAR1;
2d) MAR1 inquires whether data destination is inside cyberspace, if then replacing with AID by mapping relations
RID, and be forwarded according to routing table, if not being then forwarded to corresponding edge router, Fig. 8 is to be forwarded to EAR1;
3d) EAR1 is packaged raw data packets according to the secure virtual designated lane of negotiation, is sent to cyberspace 2
EAR2;
4d) EAR2 decapsulates raw data packets according to the secure virtual designated lane of negotiation;
5d) EAR2 inquires whether data destination is inside cyberspace, if then replacing with XID by mapping relations
RID, and be forwarded according to routing table, if not being then forwarded to corresponding edge router, Fig. 8, which is shown, replaces source XID2
It is changed to RID44, target XID1 replaces with RID11, and passes through routing forwarding to RID11;
6d) request of data is submitted to terminal 2 by the route forwarding table of inquiry data destination and itself by RID11;
7d) terminal 2 receives carry out the request of self terminal 1 after, to terminal 1 reply data response;
8d) MAR2 inquires whether data destination is inside cyberspace, if then replacing with XID by mapping relations
RID, and be forwarded according to routing table, if not being then forwarded to corresponding edge router, Fig. 8, which is shown, replaces source XID1
It is changed to RID11, target XID2 replaces with RID44, and passes through routing forwarding to RID44;
9d) source RID11 will be replaced with XID1 according to mapping relations first by EAR2, and target RID44 replaces with XID2, then
Raw data packets are packaged according to the secure virtual designated lane of negotiation, are sent to the EAR1 of cyberspace 1;
10d) EAR1 decapsulates raw data packets according to the secure virtual designated lane of negotiation, and is asked according to data
Ask packet source back to MAR1;
11d) MAR1 is delivered to terminal 1 according to data request packet source.
Those skilled in the art will be understood that Fig. 2 only for simplicity and the quantity of disparate networks element that shows may
Less than the quantity in a real network, but it is this omit be undoubtedly with will not influence inventive embodiments are carried out it is clear, abundant
Disclosure premised on.
Those skilled in the art will be understood that above-mentioned lifted signaling mutually hands over process only to implement in order to better illustrate the present invention
The technical solution of example, rather than to the restriction that the embodiment of the present invention is made.It is any that process is mutually handed over to carry out signaling according to user property
Method, be all contained in the range of the embodiment of the present invention.
With the device of the embodiment of the present invention carry out the detailed process of user's electronic wall partition method in secure network space with
Preceding method embodiment is similar, and details are not described herein again.
In conclusion the embodiment of the present invention provides safety assurance by Certificate Authority function for cyberspace;Pass through user
Guarantee is provided safely according to identity and the identity for being separated into cyberspace user and location privacy of network;By being user not
Different identity symbol with cyberspace realizes cyberspace isolation, mentions for user identity, position, the behavior personal secrets of user
For guaranteeing.
As seen through the above description of the embodiments, those skilled in the art can be understood that the present invention can
It realizes by means of software and necessary general hardware platform.Based on this understanding, technical solution of the present invention essence
On in other words the part that contributes to existing technology can be embodied in the form of software products, the computer software product
It can store in storage medium, such as ROM/RAM, magnetic disk, CD, including some instructions are used so that a computer equipment
(can be personal computer, server or the network equipment etc.) executes the certain of each embodiment or embodiment of the invention
Method described in part.
The same or similar parts between the embodiments can be referred to each other in this specification, and each embodiment emphasis is said
Bright is the difference from other embodiments.For the description of device, since it is substantially similar to method reality
Example is applied, so describing fairly simple, the relevent part can refer to the partial explaination of embodiments of method.Device described above
Embodiment is only schematical, wherein the unit as illustrated by the separation member may or may not be physically
Separated, component shown as a unit may or may not be physical unit, it can and it is in one place, or
It may be distributed over multiple network units.Some or all of the modules therein can be selected to realize according to the actual needs
The purpose of this embodiment scheme.Those of ordinary skill in the art are without creative efforts, it can understand simultaneously
Implement.
The foregoing is only a preferred embodiment of the present invention, but scope of protection of the present invention is not limited thereto,
In the technical scope disclosed by the present invention, any changes or substitutions that can be easily thought of by anyone skilled in the art,
It should be covered by the protection scope of the present invention.Therefore, protection scope of the present invention should be with scope of protection of the claims
Subject to.
Claims (10)
1. a kind of electrical isolation wall method for protecting network space safety characterized by comprising
Authentic authentication and secure connection are established between the first network space and the second cyberspace being isolated by electronic wall;
User terminal carries out cyberspace registration to the cyberspace that initial request accesses, and carries out safety to the cyberspace
Certification and the separation of identity and network mapping;
When user accesses to the second cyberspace application except the first network space being currently accessed, user terminal is to described
The second cyberspace carry out cyberspace registration, and according to the identity semiology analysis inter-network registered in second cyberspace
The certification of network space safety and the separation of identity and network mapping.
2. the method according to claim 1, wherein described in the first network being isolated by electronic wall
Authentic authentication and secure connection are established between space and the second cyberspace, comprising:
Respectively to other side's advertised information, both sides respectively test the information received for first network space and the second cyberspace
Card after both sides are proved to be successful, saves connection relationship in the mapping server device to respective cyberspace, and send association respectively
Quotient's signaling after negotiating signaling success, is established and is saved secure virtual designated lane, secure virtual designated lane mapping relations are protected
Map updating instruction is issued there are in respective mapping server device, and to respective cyberspace, guides user's message stream
Transmission.
3. the method according to claim 1, wherein the method further includes the adjacent net in electronic wall isolation
After establishing authentic authentication and secure connection between network space, the cyberspace regularly sends detection signaling, maintains safety empty
The connection status of quasi- designated lane.
4. the method according to claim 1, wherein the cyberspace registration includes:
S41 user terminal sends registration request and relevant information to cyberspace;
The registration request and relevant information, the authentication center of cyberspace that cyberspace described in S42 is sent according to user terminal take
Business device device selects a unused identity symbol from identity symbolic library, will encrypt comprising the registering result of the identity symbol
Return to the user terminal;
S43 user terminal saves the registering result.
5. the method according to claim 1, wherein the user terminal carries out safety to the cyberspace
Certification and the separation of identity and network mapping, specifically include:
S501 user terminal is to the cyberspace application access authentication;
After the couple in router of cyberspace described in S502 receives the certification request of user, the body that the user terminal uses is judged
Part identify whether be the cyberspace identity, if it is, response user certification request and execute S503, otherwise
The certification request is forwarded according to mapping relations;
After S503 user terminal receives authentication response message, parameters for authentication is sent to the couple in router of cyberspace;
Couple in router described in S504 receives parameters for authentication message, and the access symbol of terminal is added, and forwards that message to described
Authentication center's server unit of cyberspace is inquired;
Authentication center's server unit of cyberspace described in S505 receives authentication challenge message, is accorded with according to the access of user terminal
The end message list of number inquiry cyberspace, and information is encrypted by Encryption Algorithm and is compared, using comparing result as
Inquiry returns;
S506: couple in router receives inquiry and returns to message, is transmitted to user end certification as a result, if authentication result is to lose
It loses, then stops executing subsequent step;If authentication result is successfully, to then follow the steps S57;
S507 couple in router reports the mapping relations of routing symbol and user terminal access symbol to mapping server device, reflects
Server unit is penetrated by mapping relations storage into mapping object list, and issue map updating instruction to the cyberspace.
6. the method according to claim 1, wherein described works as user to the first network space being currently accessed
Except the access of the second cyberspace application authentication when, user terminal is registered to second cyberspace, and according in institute
State the certification of identity semiology analysis across a network space safety and the separation of identity and network mapping of the registration of the second cyberspace, packet
It includes:
For S601 when user accesses to the second cyberspace application authentication except the first network space being currently accessed, user is whole
It holds to the second cyberspace registration;
S602 user terminal is to the second cyberspace application access authentication;
When the first couple in router in S603 first network space receives the certification request of user, judge that user uses is not
It is dedicated to be then forwarded to secure virtual according to the mapping relations of cyberspace by the identity in first network space for the certification request
The starting point in channel;
The certification request is carried out secure package by secure virtual designated lane starting point described in S604, and is forwarded to the second network
Secure virtual designated lane opposite end in space;
Secure virtual designated lane opposite end described in S605 decapsulates message, and user uses in the request message after judging decapsulation
Whether be the second cyberspace identity, be to then follow the steps S66, otherwise forwarded according to mapping relations;
The secure virtual designated lane opposite end S606 is the second couple in router in the second cyberspace, the second access routing
Device replys authentication response to user terminal, and the authentication response message is returned according to mapping relations by secure virtual designated lane
To user terminal;
User terminal described in S607 receives authentication response message, sends certification ginseng to the second couple in router of the second cyberspace
Number;
When second couple in router of the second cyberspace of S608 receives parameters for authentication message, the access symbol of terminal is added, it will
Authentication center's server unit that the message is transmitted to the second cyberspace is inquired;
Authentication center's server unit of the second cyberspace of S609 receives authentication challenge message, is accorded with according to the access of user terminal
Number inquiry the second cyberspace end message list, and by Encryption Algorithm to information encrypt compare, using comparing result as
Inquiry returns;
The second couple in router of S610 receives inquiry and returns to message, is transmitted to according to mapping relations by secure virtual designated lane
User terminal stops executing subsequent step if authentication result is failure;If authentication result is successfully, to then follow the steps
The mapping relations of itself routing symbol Yu user terminal identity symbol are reported to the mapping server device of the second cyberspace;
When the mapping server device of the second cyberspace of S611 receives the message that mapping is reported, by mapping relations storage to second
In the mapping object list of cyberspace, and map updating instruction is issued to the second cyberspace.
7. a kind of electrical isolation wall device for protecting network space safety characterized by comprising cyberspace manager connects
Enter router MAR, edge access router EAR and user terminal;
The cyberspace manager, for managing authentic authentication and peace between the cyberspace and other cyberspaces
Full connection, the separation mapping of safety certification and identity and network between the user terminal and cyberspace, across a network
The separation of safety certification and identity and network maps;
The MAR, for providing a variety of linking Internets for user;
The EAR, for establishing connection with other cyberspaces.
8. device according to claim 7, which is characterized in that the cyberspace manager includes: authentication center's clothes
Business device device, mapping server device and Channel server device:
Authentication center's server unit, for receiving the information of other cyberspaces transmission, and described by verifying
Whether information is credible to complete to authenticate, and the registration request for receiving user terminal transmission, and Xiang Suoshu user terminal returns
Registration response comprising the not used access symbol selected from home banking, while the relevant information of the user terminal being deposited
It stores up in end message list;It is inquired and is responded to authentication challenge message is received;
The mapping server device, the connection relationship of the EAR for saving the EAR and other cyberspaces are described
The connection relationship of MAR and the user terminal reply mapping relations response and issue map updating instruction to the cyberspace;
The Channel server device for sending and receiving the negotiation packet for establishing secure virtual designated lane, and returns
It is multiple to negotiate response and carry out peer authentication according to authentication mechanism is negotiated.
9. device according to claim 8, which is characterized in that authentication center's server unit includes information receiving and transmitting
Module, registration module, authentication module and home banking and end message list database, the mapping server device include
Messaging interface, mapping block and map listing, the Channel server contain messaging interface, exit passageway module
And peer list.
10. a kind of electrical isolation wall system for protecting network space safety, which is characterized in that the system contains at least two
The described in any item devices of claim 7-9, the system establish equipment safety void by the Channel server of described device
Quasi- designated lane realizes peer authentication between cyberspace using equipment safety virtual private channel.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811563516.1A CN109547470B (en) | 2018-12-20 | 2018-12-20 | Electronic isolation wall method, device and system for protecting network space security |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811563516.1A CN109547470B (en) | 2018-12-20 | 2018-12-20 | Electronic isolation wall method, device and system for protecting network space security |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109547470A true CN109547470A (en) | 2019-03-29 |
| CN109547470B CN109547470B (en) | 2020-10-27 |
Family
ID=65855975
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811563516.1A Expired - Fee Related CN109547470B (en) | 2018-12-20 | 2018-12-20 | Electronic isolation wall method, device and system for protecting network space security |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109547470B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110855634A (en) * | 2019-10-24 | 2020-02-28 | 北京电信易通信息技术股份有限公司 | Cross-network switching service system and method based on secure network |
| CN111817854A (en) * | 2020-06-04 | 2020-10-23 | 中国电子科技集团公司第三十研究所 | Security authentication method and system based on centerless identification mapping synchronous management |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1838638A (en) * | 2006-03-21 | 2006-09-27 | 杭州华为三康技术有限公司 | VPN data forwarding method and VPN device for data forwarding |
| CN102025702A (en) * | 2009-09-17 | 2011-04-20 | 中兴通讯股份有限公司 | Network based on identity and position separation frame, and backbone network and network element thereof |
| CN102164149A (en) * | 2011-05-17 | 2011-08-24 | 北京交通大学 | Method for guarding against mapping cheat based on identifying separation mapping network |
| CN103618749A (en) * | 2013-12-12 | 2014-03-05 | 绵阳芯联芯网络科技有限公司 | Method for achieving protection of passive optical network user based on separate mapping mechanism |
| US20160212778A1 (en) * | 2014-02-21 | 2016-07-21 | Yaana Technologies, Inc. | Method and System for Data Flow Management of User Equipment in a Tunneling Packet Data Network |
| CN107533486A (en) * | 2015-10-13 | 2018-01-02 | 甲骨文国际公司 | For the high-efficiency network isolation in multi-tenant cluster environment and the system and method for load balance |
| CN107835194A (en) * | 2017-12-01 | 2018-03-23 | 浙江九州量子信息技术股份有限公司 | A kind of encipher-decipher method learnt automatically based on multiple terminals communication |
-
2018
- 2018-12-20 CN CN201811563516.1A patent/CN109547470B/en not_active Expired - Fee Related
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1838638A (en) * | 2006-03-21 | 2006-09-27 | 杭州华为三康技术有限公司 | VPN data forwarding method and VPN device for data forwarding |
| CN102025702A (en) * | 2009-09-17 | 2011-04-20 | 中兴通讯股份有限公司 | Network based on identity and position separation frame, and backbone network and network element thereof |
| CN102164149A (en) * | 2011-05-17 | 2011-08-24 | 北京交通大学 | Method for guarding against mapping cheat based on identifying separation mapping network |
| CN103618749A (en) * | 2013-12-12 | 2014-03-05 | 绵阳芯联芯网络科技有限公司 | Method for achieving protection of passive optical network user based on separate mapping mechanism |
| US20160212778A1 (en) * | 2014-02-21 | 2016-07-21 | Yaana Technologies, Inc. | Method and System for Data Flow Management of User Equipment in a Tunneling Packet Data Network |
| CN107533486A (en) * | 2015-10-13 | 2018-01-02 | 甲骨文国际公司 | For the high-efficiency network isolation in multi-tenant cluster environment and the system and method for load balance |
| CN107835194A (en) * | 2017-12-01 | 2018-03-23 | 浙江九州量子信息技术股份有限公司 | A kind of encipher-decipher method learnt automatically based on multiple terminals communication |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110855634A (en) * | 2019-10-24 | 2020-02-28 | 北京电信易通信息技术股份有限公司 | Cross-network switching service system and method based on secure network |
| CN111817854A (en) * | 2020-06-04 | 2020-10-23 | 中国电子科技集团公司第三十研究所 | Security authentication method and system based on centerless identification mapping synchronous management |
| CN111817854B (en) * | 2020-06-04 | 2022-03-18 | 中国电子科技集团公司第三十研究所 | Security authentication method and system based on centerless identification mapping synchronous management |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109547470B (en) | 2020-10-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Alladi et al. | PARTH: A two-stage lightweight mutual authentication protocol for UAV surveillance networks | |
| US10812526B2 (en) | Moving target defense for securing internet of things (IoT) | |
| Lu et al. | 5G vehicle-to-everything services: Gearing up for security and privacy | |
| Choudhary et al. | Internet of drones (iod): Threats, vulnerability, and security perspectives | |
| Tuna et al. | A survey on information security threats and solutions for Machine to Machine (M2M) communications | |
| Sun et al. | Security and Privacy in the Internet of Vehicles | |
| Liyanage et al. | Enhancing security of software defined mobile networks | |
| Benzarti et al. | A survey on attacks in Internet of Things based networks | |
| Shashidhara et al. | A robust user authentication protocol with privacy-preserving for roaming service in mobility environments | |
| CN108667601A (en) | A kind of method, apparatus and equipment of transmission data | |
| Kabulov et al. | Security Threats and Challenges in Iot Technologies | |
| CN104735037B (en) | A kind of method for network authorization, apparatus and system | |
| Bhattacharjya et al. | Secure IoT structural design for smart homes | |
| CN109547470A (en) | Protect electrical isolation wall method, the apparatus and system of network space safety | |
| Rathod et al. | Blockchain for future wireless networks: A decade survey | |
| Badr et al. | Security and privacy in the Internet of Things: threats and challenges | |
| Sudha et al. | A review on privacy requirements and application layer security in internet of things (IoT) | |
| Vasiyeva | SECURITY THREATS IN IOT TECHNOLOGIES | |
| Pepito et al. | Open source 5g security testbed for edge computing | |
| CN101616087A (en) | Be associated to the router of safety means | |
| CN107948140A (en) | The method of calibration and system of portable set | |
| Askar | SDN based 5G VANET: a review | |
| EP3107322B1 (en) | Network security appliance to imitate a wireless access point of a local area network through coordination of multiple radios | |
| Liang et al. | Analysis and protection of DDoS attack based on RSSP-II protocol | |
| Selis | Establishing trusted Machine-to-Machine communications in the Internet of Things through the use of behavioural tests |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20201027 Termination date: 20211220 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |