CN111083706B - Electronic device designated via secondary backoff in network access and corresponding access method - Google Patents

Electronic device designated via secondary backoff in network access and corresponding access method Download PDF

Info

Publication number
CN111083706B
CN111083706B CN201911280666.6A CN201911280666A CN111083706B CN 111083706 B CN111083706 B CN 111083706B CN 201911280666 A CN201911280666 A CN 201911280666A CN 111083706 B CN111083706 B CN 111083706B
Authority
CN
China
Prior art keywords
access
transmission
frame
equipment
level transmission
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201911280666.6A
Other languages
Chinese (zh)
Other versions
CN111083706A (en
Inventor
夏侯淑琴
吴云
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chengdu Yide Electronic Technology Co ltd
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN201911280666.6A priority Critical patent/CN111083706B/en
Publication of CN111083706A publication Critical patent/CN111083706A/en
Application granted granted Critical
Publication of CN111083706B publication Critical patent/CN111083706B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/121Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
    • H04W12/122Counter-measures against attacks; Protection against rogue devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W48/00Access restriction; Network selection; Access point selection
    • H04W48/18Selecting a network or a communication service
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W52/00Power management, e.g. TPC [Transmission Power Control], power saving or power classes
    • H04W52/02Power saving arrangements
    • H04W52/0209Power saving arrangements in terminal devices
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/70Reducing energy consumption in communication networks in wireless communication networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention provides electronic equipment designated by secondary backoff in network access and a corresponding access method, wherein a backoff value based on primary transmission is used for secondary transmission of three-level transmission, and a first backoff parameter value calculation part and a second backoff parameter value calculation part are used for dynamically calculating the backoff value of the three-level transmission based on specific parameter values of the two-level transmission in the two-level transmission, so that an attacker cannot know the backoff time from a single cracked data long frame or part of the long frame when receiving a security attack, and cannot accurately position the data long frame, possibly causing attack failure due to interference of other channel frames. And the first access equipment, the second access equipment and the fusion server are introduced into the corresponding electronic equipment and the composition system thereof, and the defense against the attack is more thorough through three-level transmission and secondary backoff, so that the confusion and uncertainty of an attacker are higher.

Description

Electronic device designated via secondary backoff in network access and corresponding access method
Technical Field
The present invention relates to the field of electronic devices, and more particularly, to an electronic device designated via secondary backoff in network access and a corresponding access method.
Background
For data transmission of electronic devices, it is objectively required to pass through a certain channel, which is limited or wireless.
Information is abstract, but must be passed through a concrete medium. For example, two-person conversations, sound waves are transmitted through the air between the two persons, and the air portion between the two persons is the channel. The channel of postal communication refers to the vehicle and the facilities it passes through. The channel of a wireless telephone is the space through which the electric waves propagate, and the channel of a wired telephone is the cable. Each channel has a specific source and sink. In multiplex communications, such as carrier telephony, where one telephone serves as the source of the transmitted information and the other as the sink of the received information, the facility between them is a channel, and the cable for transmission can be shared by a number of channels. In theoretical studies, a channel is often divided into a channel encoder, the channel itself, and a channel decoder. One can modify the encoder and decoder to achieve the best communication, so the encoder and decoder are often parts that are easy to change and design, while the channel is those parts that are relatively fixed. However, this division is more or less arbitrary and can be specified in a specific case. For example, modems and error correction coding and decoding devices are generally considered to belong to channel encoders and decoders, but sometimes the channel containing the modem is referred to as the modulation channel; the channel containing the error correction encoder and decoder is called the code channel.
All channels have an input set A, an output set B and their association, such as conditional probability P (y-x), x ∈ A, y ∈ B. These parameters may be used to define a channel.
The input set is the set of input symbols allowed by the channel. Typically, a random sequence is input, such as X1, X2, …, Xn, …, each X ∈ a (r ═ 1,2, …). The random process can be converted into a random sequence under the condition of time limit or frequency limit. When the input set a is specified, the limits, such as power limits, for each random variable X are also included. The output set is the set of symbols that the channel may output. If the output sequence is Y1, Y2, …, Yn, …, each Y ∈ B. These X and Y may be numbers or symbols or may be a set of numbers or vectors.
The channel types may be divided by the nature of the input and output sets. When both the input and output sets are discrete sets, the channel is referred to as a discrete channel. Telegraph channels and data channels belong to this category. When both the input and output sets are continuous sets, the channel is called a continuous channel. Television and telephone channels belong to this category. When one of the input and output sets is a continuous set and the other is a discrete set, the channel is referred to as a semi-discrete channel or semi-continuous channel. A continuous channel plus a digital modulator or digital demodulator is such a channel.
There is a certain probabilistic relationship between the input and the output. There is generally random interference in the channel, so there is often no definite functional relationship between the output symbols and the input symbols, and it must be represented by conditional probability P (y1, y2, …, yn | x1, x2, …, xn). Where each x and y (r ═ 1,2, …, n) are samples of the input random sequence and the output random sequence, respectively, and x ∈ a, y ∈ B. When this conditional probability can be decomposed into forms, the channel is called a memoryless channel, otherwise it is a memoryless channel. The absence of memory means that a certain output sample y is only related to the corresponding input sample x, and not to the preceding and following input samples. When only a limited number of previous input samples are concerned, it may be referred to as a limited memory channel; a memory channel is said to be asymptotic when it relates to the first infinite input samples, but the correlation tends to zero as the interval increases. In addition, when the conditional probabilities of P1, P2, …, etc. in the above formula are the same function, it is called a stationary channel. This also applies to channels with memory, i.e. the functional form of the conditional probability is unchanged when the subscripts of the variables are shifted in sequence.
Both input and output are single instances, and such channels are single user channels, or simply channels. When there is more than one input and/or output, it is called a multi-user channel, i.e. several users share one channel. However, when the information of several users is combined by the multiplexing device and then sent into the channel, the channel is still a single-user channel. A multiuser channel is only called when the source is transformed by a coder and then sent to the channel, or when several decoders are connected to the output of the channel to extract information to the sink, i.e. more than one input or output of the channel. When there are several inputs, such as Xa, Xb, …, and the output has only one Y, it is conventionally referred to as a multiple access channel. It can be specified with conditional probability P (y | Xa, Xb, …); when there is only one input X and there are several outputs Ya, Yb, …, called broadcast channels, the conditional probabilities P (Ya | X), P (Yb | X), … can be used to specify. A specific example of the broadcast channel is a degenerate broadcast channel, in which case the conditional probabilities should satisfy the following equations: that is, x, ya, yb, yc, … make up a Markov chain. A typical multiuser channel may have several inputs and several outputs. Of course, the multi-user channel has discrete and continuous, no memory and memory.
In fact, the above classifications can be combined, such as stationary memoryless discrete channels, normal memoryless stationary continuous channels, and so on. The latter means that P (y-x) is normally distributed, and this channel is often referred to as Gaussian channel.
For a channel, under the condition of multiple users or multiple terminal devices, contention may occur, and meanwhile, certain sleep mechanisms and backoff mechanisms are required, which ensure channel multiplexing on the one hand and increase the aperiodic characteristic of information transmission on the other hand.
Network access of electronic devices is an important support for ensuring that electronic devices can exchange data through a network, and in some special scenarios or due to specific limitations of the network, some security mechanisms, such as AAA servers, authentication servers, visibility of data encryption, and insecure characteristics of the public network, may cause partial data to be tampered with or lost, misused, and cause a certain rate of data packet loss, theft, and interception. Therefore, improvements in access technology are of paramount importance.
The access technology is a technology for reasonably accessing the internet in order to use the internet. With the development of network computers toward synthesis, broadband, intelligence and personalization, it is a development goal of the internet to provide users with integrated services of sound, image, data and text, and to realize multimedia communication between users, and the access technology is not well solved, and it will become a bottleneck of communication. The current major wired broadband access technologies include: common modems, N-ISDN (narrow-band integrated services digital network), CableModem and HFC (hybrid fiber coaxial), HDSL (high-speed digital subscriber loop) and SDSL (symmetric digital subscriber loop), ADSL (asymmetric digital subscriber loop) and g.lite (splitter-less ADSL), VDSL (very high-speed digital subscriber loop), HomePNA (home telephone line networking alliance), Ethernet, SDH (synchronous digital hierarchy), PON (Passive optical network) and APON (ATM Passive optical network), IM-DSL (inverse multiplexing digital subscriber loop), and the like. Generally, any broadband access technology has corresponding CO (local side equipment) and RT (customer premise equipment), but the latter is more diverse. An ordinary Modem: the common Modem is one of the main modes for realizing the narrow-band Internet access at present, the technology is mature, and the highest transmission rate reaches 56 kbps. Technically it does not rely on optical access networks; the product comprises a Modem used by a user and a Modem pool placed in a telecommunication room. Due to their lower rates, they are being gradually replaced by N-ISDN and other technologies. N-ISDN, also called as "one line", is a mature copper wire technique depending on the narrow band access of the optical access network, at present mainly utilize 2B + D to realize the telephone and Internet access, the typical download speed can reach 64kbps, can meet the needs of the present narrow band browsing basically, it is an economic and effective choice that the vast Internet users improve the speed of surfing the Net. At present, the system is opened in various cities in China, users have good response, and the system gradually replaces the common Modom. The ISDN equipment includes exchanger and terminal equipment, among which the terminal equipment is of many kinds, but in terms of function, it is mainly the free combination of ISDN network terminal, terminal adapter, router and visual telephone, etc. and at the same time it provides different interfaces (for example ISA, PCI, RS232, USB, analog telephone port and Ethernet port, etc.) to adapt different requirements. Cable Modem and HFC: cable Modem is a method for realizing user broadband data access by using Cable television network, and is also one of key technologies in hybrid fiber coaxial network. HFC is the earliest maturing and market-entering one of broadband access technologies, featuring broadband and relative economy. The HFC can provide 60 paths of analog broadcast television, at least 2 paths of telephone calls per household and data service with the rate of at least 10Mbps (the mature Cable Modem of 40Mbps is available at present) in an optical node coverage area of about 500 households. At least 200 paths of MPEG-2 video-on-demand services and other bidirectional telecommunication services can be provided by utilizing the 550M-750 MHz spectrum in the future. In the long term, the HFC Network project provides what is called a Full Service Network (FSN), i.e., various types of analog and digital services are provided in a single Network, and the transition from the above-described bandwidth sharing by multiple users to the exclusive sharing by a single user is gradual.
However, the current access technology usually uses a single access device, such as a home router, and communicates through a common access request and feedback, without considering data separation, and once cracked, great economic loss is caused, and an attacker can easily grasp the transmission rule by adopting uninterrupted or periodic transmission in the transmission, so as to intercept, capture and acquire the formulated data information.
The invention provides electronic equipment designated by secondary backoff in network access and a corresponding access method, wherein a backoff value based on primary transmission is used for secondary transmission of three-level transmission, and a first backoff parameter value calculation part and a second backoff parameter value calculation part are used for dynamically calculating the backoff value of the three-level transmission based on specific parameter values of the two-level transmission in the two-level transmission, so that an attacker cannot know the backoff time from a single cracked data long frame or part of the long frame when receiving a security attack, and cannot accurately position the data long frame, possibly causing attack failure due to interference of other channel frames. And introduce the first access equipment, second access equipment in corresponding electronic equipment and its composition system, and fuse the server, through carrying on the separation after considering on the basis of the security and amalgamating again to the access information, realize the higher separation effect of security, avoided the complete periodicity of the whole transmission at the same time, through tertiary transmission and two times to keep back off, make the defense to the attack more thorough, make the puzzlement that the attacker receives and uncertainty higher.
Disclosure of Invention
The present invention aims to provide an electronic device and a corresponding access method that are superior to the prior art in that it is specified via a secondary backoff in network access.
In order to achieve the purpose, the technical scheme of the invention is as follows:
a method of electronic device access via secondary backoff designation in network access, the method comprising:
sending a request to a first transmission identification server, obtaining the authorized transmission identification of the device by the first transmission identification server,
time division slicing with the length t is carried out on communication channels of the first access equipment, the electronic equipment and the second access equipment by adopting time division multiplexing;
and carrying out load frame framing on the fragmented channel according to a period T1, wherein T1 is integral multiple of T, carrying out control frame framing according to a period T2, T2 is integral multiple of T, carrying out signaling identification frame framing according to a period T3, the signaling identification frame at least comprises the authorized transmission identification of the equipment, T3 is integral multiple of T, and a complete long frame consists of a load frame, a control frame corresponding to the load frame and a signaling identification frame.
The electronic equipment performs primary transmission with the first access equipment and receives a first type subframe sent by the first access equipment, wherein a parameter X is received in a first block of a control frame1,X1Indicating the block sequence number of a signaling identification frame in a first type subframe which needs to be acquired during next-stage communication; after the first-stage transmission is finished and a long frame period is slept, requesting the first access equipment to perform second-stage transmission, receiving a second-stage transmission first-type subframe sent by the first access equipment, and receiving a parameter X based on a first block1Determining a corresponding sequence number block in the signaling identification frame, and acquiring a three-level transmission symmetric key B stored in the block; and, in the received second-level transmission first-type subframe sent by the first access equipment, controlling the Xth of the frame1The +1 data block at least contains a back-off parameter C1, and the electronic device passes through X1The specific value of +1 obtains the back-off parameter C1 to guide a back-off algorithm before the third-level transmission; after the second-level transmission is finished, after sleeping the backoff algorithm before the third-level transmission, which is guided by the calculation of the backoff parameter according to the C1, for a plurality of long frame periods, requesting the first access device to perform third-level transmission, and sending a third-level transmission long frame encrypted by a symmetric key B to the first access device, wherein a load frame of the third-level transmission long frame at least comprises network access information and access request header information, a signaling identification frame of the third-level transmission long frame at least comprises an authorized transmission identification of the electronic device, and the first access device performs symmetric decryption by using a key B known at the local terminal to obtain first access information, which comprises the first network access information and the first access request header information, and obtain the electronic device authorized transmission identification from the signaling identification frame of the third-level transmission long frame;
the first access equipment acquires the authorized transmission identifier of the electronic equipment from a first transmission identifier server, compares the authorized transmission identifier of the electronic equipment acquired from a signaling identifier frame of a third-level transmission long frame, if yes, allows the electronic equipment to perform network access, and transmits first access information including first network access information and first access request header information to a fusion server;
the electronic equipment and the second access equipment carry out primary transmission and receive a second type subframe sent by the second access equipment, wherein the parameter X is received in a first block of a control frame2,X2Indicating the block sequence number of a signaling identification frame in a second type subframe which needs to be acquired during next-stage communication; after the first-stage transmission is finished and a long frame period is slept, requesting a second-stage transmission to the second access equipment, receiving a second-stage transmission second-type subframe sent by the second access equipment, and receiving a parameter X based on the first block2Determining a corresponding sequence number block in the signaling identification frame, and acquiring a three-level transmission symmetric key K stored in the block; and, in the received second-level transmission first-type subframe sent by the first access equipment, controlling the Xth of the frame2The +1 data block at least contains a back-off parameter C2, and the electronic device passes through X2The specific value of +1 obtains the back-off parameter C2 to guide a back-off algorithm before the third-level transmission; after the second-level transmission is finished, after sleeping the backoff algorithm before the third-level transmission, which is guided by the calculation of the backoff parameter according to the C2, for a plurality of long frame periods, requesting a second access device to perform third-level transmission, and sending a third-level transmission long frame encrypted by a symmetric key K to the second access device, wherein a load frame of the third-level transmission long frame at least comprises network access information and access request header information, a signaling identification frame of the third-level transmission long frame at least comprises an authorized transmission identification of the electronic device, the second access device performs symmetric decryption by using the key K known by the local terminal to obtain second access information, which comprises second network access information and second access request header information, and the electronic device authorized transmission identification is obtained from the signaling identification frame of the third-level transmission long frame;
the second access equipment acquires the authorized transmission identifier of the electronic equipment from the first transmission identifier server, compares the authorized transmission identifier of the electronic equipment acquired from the signaling identifier frame of the third-level transmission long frame, if yes, allows the electronic equipment to perform network access, and transmits second access information including second network access information and second access request header information to the fusion server;
the fusion server performs bitwise insertion on the basis of first access information including first network access information and first access request header information and second access information including parity and sequence of the second network access information and the second access request header information to obtain complete network access information and access request header information, and transmits the complete network access information and access request header information to third access equipment;
and the third access equipment performs network access on the electronic equipment according to the complete network access information and the access request header information, and allows the electronic equipment to access an external network.
Preferably, in the process of connecting the electronic device and the first access device, the backoff parameter number long frame periods calculated by the instructed backoff algorithm before the third-stage transmission based on C1 specifically include:
backoff parameter value of (X)1*C1)mod 8;
That is, the back-off parameter value is specifically selected from X1And taking the product of the sum and the C1, and then taking a module of 8 to obtain the remainder which is the backoff parameter value, namely the number of the sleep long frame period transmitted by the third stage of the first access equipment.
Preferably, in the process of connecting the electronic device and the second access device, the backoff parameter number long frame periods calculated by the instructed backoff algorithm before the third-stage transmission based on C2 specifically include:
backoff parameter value of (X)2*C2)mod 8;
That is, the back-off parameter value is specifically selected from X2And taking the product of the sum and the C2, and then taking a module of 8 to obtain the remainder which is the backoff parameter value, namely the number of the sleep long frame period transmitted by the third stage of the second access equipment.
Preferably, the acquiring the transmission identifier specifically includes:
the device grant transmission identification is associated with at least a transmit request timestamp field of the electronic device, a preset local fixed cycle sequence, and an original MAC address of the electronic device.
Preferably, the preset local fixed cyclic sequence is set as follows:
and generating a random 8-bit binary group by adopting a random number generator, subsequently accessing a 6-bit isolation code, totaling 14 bits, and recycling the 14 bits of data until the length of the 14 bits of data is equal to the sending request timestamp field of the electronic equipment.
Preferably, the fusion server performs bitwise insertion based on the first access information, including the first network access information and the first access request header information, and the second access information, including parity and sequence of the second network access information and the second access request header information, to obtain complete network access information and access request header information, and transmits the complete network access information and access request header information to the third access device, which specifically includes:
and according to the binary sequence ordering of the first access information, inserting the first access information into a second access information binary sequence bit by bit, wherein a second access information binary sequence symbol of a corresponding bit is inserted before each first access information binary sequence symbol to form complete network access information and access request header information.
In addition, the present invention provides an electronic device specified via secondary backoff in network access, the electronic device comprising:
a transmission identifier request unit for sending a request to the first transmission identifier server to acquire the transmission identifier authorized by the device,
the time division multiplexing part is used for carrying out time division fragmentation with the length t by adopting time division multiplexing with the communication channels of the first access equipment, the electronic equipment and the second access equipment;
and a slice part, wherein the sliced channel is subjected to load frame framing according to a period T1, T1 is an integral multiple of T, control frame framing is performed according to a period T2, T2 is an integral multiple of T, signaling identification frame framing is performed according to a period T3, the signaling identification frame at least comprises the authorized transmission identification of the equipment, T3 is an integral multiple of T, and a complete long frame consists of a load frame, a control frame corresponding to the load frame and a signaling identification frame.
The frame cutting part cuts the long frame, and divides the load frame and the control frame data into two subframe types according to different parity bits, wherein the first type subframe comprises an even bit of a load frame, a control frame even bit corresponding to the load frame, and a complete signaling identification frame; the second type subframe comprises an odd bit of a load frame, a control frame odd bit corresponding to the odd bit and a complete signaling identification frame;
a first access request part requesting for primary transmission with the first access device and receiving a first type subframe sent by the first access device, wherein the parameter X is received in a first block of a control frame1,X1Indicating the block sequence number of a signaling identification frame in a first type subframe which needs to be acquired during next-stage communication; after the first-stage transmission is finished and a long frame period is slept, requesting the first access equipment to perform second-stage transmission, receiving a second-stage transmission first-type subframe sent by the first access equipment, and receiving a parameter X based on a first block1Determining a corresponding sequence number block in the signaling identification frame, and acquiring a three-level transmission symmetric key B stored in the block; and, in the received second-level transmission first-type subframe sent by the first access equipment, controlling the Xth of the frame1The +1 data block at least contains a back-off parameter C1, and the electronic device passes through X1The specific value of +1 obtains the back-off parameter C1 to guide a back-off algorithm before the third-level transmission; after the second-level transmission is finished, after sleeping the backoff algorithm before the third-level transmission, which is guided by the calculation of the backoff parameter according to the C1, for a plurality of long frame periods, requesting the first access device to perform third-level transmission, and sending a third-level transmission long frame encrypted by a symmetric key B to the first access device, wherein a load frame of the third-level transmission long frame at least comprises network access information and access request header information, a signaling identification frame of the third-level transmission long frame at least comprises an authorized transmission identification of the electronic device, and the first access device performs symmetric decryption by using a key B known at the local terminal to obtain first access information, which comprises the first network access information and the first access request header information, and obtain the electronic device authorized transmission identification from the signaling identification frame of the third-level transmission long frame;
the first access equipment acquires the authorized transmission identifier of the electronic equipment from a first transmission identifier server, compares the authorized transmission identifier of the electronic equipment acquired from a signaling identifier frame of a third-level transmission long frame, if yes, allows the electronic equipment to perform network access, and transmits first access information including first network access information and first access request header information to a fusion server;
a second access request part requesting for primary transmission with the second access device and receiving the second type subframe sent by the second access device, wherein the parameter X is received in the first block of the control frame2,X2Indicating the block sequence number of a signaling identification frame in a second type subframe which needs to be acquired during next-stage communication; after the first-stage transmission is finished and a long frame period is slept, requesting a second-stage transmission to the second access equipment, receiving a second-stage transmission second-type subframe sent by the second access equipment, and receiving a parameter X based on the first block2Determining a corresponding sequence number block in the signaling identification frame, and acquiring a three-level transmission symmetric key K stored in the block; and, in the received second-level transmission first-type subframe sent by the first access equipment, controlling the Xth of the frame2The +1 data block at least contains a back-off parameter C2, and the electronic device passes through X2The specific value of +1 obtains the back-off parameter C2 to guide a back-off algorithm before the third-level transmission; after the second-level transmission is finished, after sleeping the backoff algorithm before the third-level transmission, which is guided by the calculation of the backoff parameter according to the C2, for a plurality of long frame periods, requesting a second access device to perform third-level transmission, and sending a third-level transmission long frame encrypted by a symmetric key K to the second access device, wherein a load frame of the third-level transmission long frame at least comprises network access information and access request header information, a signaling identification frame of the third-level transmission long frame at least comprises an authorized transmission identification of the electronic device, the second access device performs symmetric decryption by using the key K known by the local terminal to obtain second access information, which comprises second network access information and second access request header information, and the electronic device authorized transmission identification is obtained from the signaling identification frame of the third-level transmission long frame; second accessThe equipment acquires the authorized transmission identifier of the electronic equipment from the first transmission identifier server, compares the authorized transmission identifier of the electronic equipment acquired from the signaling identifier frame of the third-level transmission long frame, if yes, allows the electronic equipment to carry out network access, and transmits second access information including second network access information and second access request header information to the fusion server by the second access equipment; the fusion server performs bitwise insertion on the basis of first access information including first network access information and first access request header information and second access information including parity and sequence of the second network access information and the second access request header information to obtain complete network access information and access request header information, and transmits the complete network access information and access request header information to third access equipment; and the third access equipment performs network access on the electronic equipment according to the complete network access information and the access request header information, and allows the electronic equipment to access an external network.
Preferably, the method further includes a first backoff parameter value calculating unit, which is used to instruct, in a process of connecting the electronic device and the first access device, a backoff parameter number long frame period calculated by the backoff algorithm before the third-stage transmission based on C1 to be specifically:
backoff parameter value of (X)1*C1)mod 8;
That is, the back-off parameter value is specifically selected from X1And taking the product of the sum and the C1, and then taking a module of 8 to obtain the remainder which is the backoff parameter value, namely the number of the sleep long frame period transmitted by the third stage of the first access equipment.
Preferably, the electronic device further includes a second backoff parameter value calculating unit, which is configured to, in a process of connecting the electronic device and the second access device, instruct a backoff algorithm before the third-stage transmission to obtain a backoff parameter long frame period based on the calculation of C2:
backoff parameter value of (X)2*C2)mod 8;
That is, the back-off parameter value is specifically selected from X2Taking the product of the sum and C2, and then taking the modulus of 8 to obtain the remainder which is the backoff parameter value, namely the third-stage transmission with the second access equipmentNumber of sleep long frame periods.
Preferably, the acquiring the transmission identifier specifically includes:
the device grant transmission identification is associated with at least a transmit request timestamp field of the electronic device, a preset local fixed cycle sequence, and an original MAC address of the electronic device.
Preferably, the preset local fixed cyclic sequence is set as follows:
and generating a random 8-bit binary group by adopting a random number generator, subsequently accessing a 6-bit isolation code, totaling 14 bits, and recycling the 14 bits of data until the length of the 14 bits of data is equal to the sending request timestamp field of the electronic equipment.
The invention further provides an access system comprising an electronic device according to any of claims 7-11, and a first access device, a second access device, a third access device, a convergence server and a first transport identity server.
The invention provides electronic equipment designated by secondary backoff in network access and a corresponding access method, wherein a backoff value based on primary transmission is used for secondary transmission of three-level transmission, and a first backoff parameter value calculation part and a second backoff parameter value calculation part are used for dynamically calculating the backoff value of the three-level transmission based on specific parameter values of the two-level transmission in the two-level transmission, so that an attacker cannot know the backoff time from a single cracked data long frame or part of the long frame when receiving a security attack, and cannot accurately position the data long frame, possibly causing attack failure due to interference of other channel frames. And introduce the first access equipment, second access equipment in corresponding electronic equipment and its composition system, and fuse the server, through carrying on the separation after considering on the basis of the security and amalgamating again to the access information, realize the higher separation effect of security, avoided the complete periodicity of the whole transmission at the same time, through tertiary transmission and two times to keep back off, make the defense to the attack more thorough, make the puzzlement that the attacker receives and uncertainty higher.
Drawings
Fig. 1 is a basic system diagram illustrating one embodiment of the claimed access system;
fig. 2 is a basic flow diagram illustrating a preferred embodiment of an electronic device access method via secondary backoff designation in network access in accordance with the present invention;
fig. 3 is a preferred embodiment of the present invention, which illustrates that the network access information and the access request header information transmitted by the third access device to the first access device and the second access device are inserted bit by bit according to parity and sequence to obtain complete network access information and access request header information;
fig. 4 is a functional preferred embodiment example of a first backoff parameter value calculating section shown in the present invention;
fig. 5 shows a functional preferred embodiment example of the second backoff parameter value calculating unit according to the present invention.
Detailed Description
The following detailed description is directed to several embodiments and advantageous effects of an electronic device and corresponding access method via secondary backoff designation in network access, which are intended to facilitate a more detailed examination and breakdown of the present invention.
For better understanding of the technical solutions of the present invention, the following detailed descriptions of the embodiments of the present invention are provided with reference to the accompanying drawings.
It should be understood that the described embodiments are only some embodiments of the invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The terminology used in the embodiments of the invention is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in the examples of the present invention and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
It should be understood that the term "and/or" as used herein is merely one type of association that describes an associated object, meaning that three relationships may exist, e.g., a and/or B may mean: a exists alone, A and B exist simultaneously, and B exists alone. In addition, the character "/" herein generally indicates that the former and latter related objects are in an "or" relationship.
It should be understood that although the terms first, second, etc. may be used in embodiments of the invention to describe methods and corresponding apparatus, these keywords should not be limited to these terms. These terms are only used to distinguish keywords from each other. For example, the first access device, the first transmission identifier server, etc. may also be referred to as the second access device, the second transmission identifier server, and similarly, the second access device, the second transmission identifier server may also be referred to as the first access device, the first transmission identifier server, etc. without departing from the scope of the embodiments of the present invention.
The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination" or "in response to a detection", depending on the context. Similarly, the phrases "if determined" or "if detected (a stated condition or event)" may be interpreted as "when determined" or "in response to a determination" or "when detected (a stated condition or event)" or "in response to a detection (a stated condition or event)", depending on the context.
As shown in fig. 1, an access system claimed in the present invention comprises:
the system comprises the electronic equipment, a first access device, a second access device, a third access device, a fusion server and a first transmission identification server.
As a superimposable preferred embodiment, the electronic device comprises:
a transmission identifier request unit for sending a request to the first transmission identifier server to acquire the transmission identifier authorized by the device,
the time division multiplexing part is used for carrying out time division fragmentation with the length t by adopting time division multiplexing with the communication channels of the first access equipment, the electronic equipment and the second access equipment;
and a slice part, wherein the sliced channel is subjected to load frame framing according to a period T1, T1 is an integral multiple of T, control frame framing is performed according to a period T2, T2 is an integral multiple of T, signaling identification frame framing is performed according to a period T3, the signaling identification frame at least comprises the authorized transmission identification of the equipment, T3 is an integral multiple of T, and a complete long frame consists of a load frame, a control frame corresponding to the load frame and a signaling identification frame.
The frame cutting part cuts the long frame, and divides the load frame and the control frame data into two subframe types according to different parity bits, wherein the first type subframe comprises an even bit of a load frame, a control frame even bit corresponding to the load frame, and a complete signaling identification frame; the second type subframe comprises an odd bit of a load frame, a control frame odd bit corresponding to the odd bit and a complete signaling identification frame;
a first access request part requesting for primary transmission with the first access device and receiving a first type subframe sent by the first access device, wherein the parameter X is received in a first block of a control frame1,X1Indicating the block sequence number of a signaling identification frame in a first type subframe which needs to be acquired during next-stage communication; after the first-stage transmission is finished and a long frame period is slept, requesting the first access equipment to perform second-stage transmission, receiving a second-stage transmission first-type subframe sent by the first access equipment, and receiving a parameter X based on a first block1Determining a corresponding sequence number block in the signaling identification frame, and acquiring a three-level transmission symmetric key B stored in the block; and, in the received second-level transmission first-type subframe sent by the first access equipment, controlling the Xth of the frame1The +1 data block at least contains a back-off parameter C1, and the electronic device passes through X1The specific value of +1 obtains the back-off parameter C1 to guide a back-off algorithm before the third-level transmission; after the second-level transmission is finished, the third-level transmission is requested to the first access equipment after sleeping the backoff parameter calculated by the guided backoff algorithm before the third-level transmission based on C1 is obtained for a plurality of long frame periods, and the third-level transmission long frame encrypted by the symmetric key B is sent to the first access equipment, wherein the third-level transmission long frame is encrypted by the symmetric key BThe load frame of the level transmission long frame at least comprises network access information and access request head information, the signaling identification frame of the third level transmission long frame at least comprises an authorized transmission identification of the electronic equipment, the first access equipment uses a key B known by a local terminal to carry out symmetric decryption, obtains first access information comprising the first network access information and the first access request head information, and obtains the authorized transmission identification of the electronic equipment from the signaling identification frame of the third level transmission long frame;
the first access equipment acquires the authorized transmission identifier of the electronic equipment from a first transmission identifier server, compares the authorized transmission identifier of the electronic equipment acquired from a signaling identifier frame of a third-level transmission long frame, if yes, allows the electronic equipment to perform network access, and transmits first access information including first network access information and first access request header information to a fusion server;
a second access request part requesting for primary transmission with the second access device and receiving the second type subframe sent by the second access device, wherein the parameter X is received in the first block of the control frame2,X2Indicating the block sequence number of a signaling identification frame in a second type subframe which needs to be acquired during next-stage communication; after the first-stage transmission is finished and a long frame period is slept, requesting a second-stage transmission to the second access equipment, receiving a second-stage transmission second-type subframe sent by the second access equipment, and receiving a parameter X based on the first block2Determining a corresponding sequence number block in the signaling identification frame, and acquiring a three-level transmission symmetric key K stored in the block; and, in the received second-level transmission first-type subframe sent by the first access equipment, controlling the Xth of the frame2The +1 data block at least contains a back-off parameter C2, and the electronic device passes through X2The specific value of +1 obtains the back-off parameter C2 to guide a back-off algorithm before the third-level transmission; after the second-level transmission is finished, the sleep is requested to carry out the third-level transmission to the second access equipment after the backoff parameter calculated by the guided backoff algorithm before the third-level transmission is based on C2 and a plurality of long frame periods, and the third-level transmission long frame encrypted by the symmetric key K is sent to the second access equipmentThe access equipment, wherein the load frame of the third-level transmission long frame at least comprises network access information and access request header information, the signaling identification frame of the third-level transmission long frame at least comprises an authorized transmission identification of the electronic equipment, the second access equipment uses a key K known by a local terminal to carry out symmetric decryption to obtain second access information which comprises the second network access information and the second access request header information, and the authorized transmission identification of the electronic equipment is obtained from the signaling identification frame of the third-level transmission long frame; the second access equipment acquires the authorized transmission identifier of the electronic equipment from the first transmission identifier server, compares the authorized transmission identifier of the electronic equipment acquired from the signaling identifier frame of the third-level transmission long frame, if yes, allows the electronic equipment to perform network access, and transmits second access information including second network access information and second access request header information to the fusion server; the fusion server performs bitwise insertion on the basis of first access information including first network access information and first access request header information and second access information including parity and sequence of the second network access information and the second access request header information to obtain complete network access information and access request header information, and transmits the complete network access information and access request header information to third access equipment; and the third access equipment performs network access on the electronic equipment according to the complete network access information and the access request header information, and allows the electronic equipment to access an external network.
As another preferred embodiment that can be superimposed, the acquiring of the transmission identifier specifically includes:
the device grant transmission identification is associated with at least a transmit request timestamp field of the electronic device, a preset local fixed cycle sequence, and an original MAC address of the electronic device.
As another preferred embodiment that can be superimposed, the preset local fixed cyclic sequence is set as follows:
and generating a random 8-bit binary group by adopting a random number generator, subsequently accessing a 6-bit isolation code, totaling 14 bits, and recycling the 14 bits of data until the length of the 14 bits of data is equal to the sending request timestamp field of the electronic equipment.
As another preferred embodiment that can be superimposed, the acquiring of the transmission identifier specifically includes: the first transmission identification server obtains a sending request timestamp field of the electronic equipment, and carries out bitwise XOR on the sending request timestamp field and a preset local fixed cyclic sequence to obtain an XOR result b1B is mixing1And obtaining the authorized transmission identifier of the equipment by the original MAC address of the back-connected electronic equipment.
As another preferred embodiment that can be superimposed, the same three-level transmission back-off parameter can be selected for the first access device and the second access device in combination, so that, for example, a centralized back-off value calculator, combining X, can be used1And X2The values of (a) and (b) and (C) 1 and (C) 2 are calculated at a centralized backoff value calculator with higher security and located locally, and the centralized backoff values obtained are handed over to the first access device and the second access device for unified use, thereby reducing data redundancy of the system and reducing overhead of separate calculation.
Referring to fig. 2, the basic flow diagram of a preferred embodiment of the electronic device access method specified by secondary backoff in network access according to the present invention is shown in fig. 2:
s100, a fusion server is preset and used for fusing subsequently separated access information;
s102, sending a request to a first transmission identifier server, obtaining the authorized transmission identifier of the equipment by the first transmission identifier server,
s104, time division slicing with the length t is carried out on communication channels of the first access equipment, the electronic equipment and the second access equipment by adopting time division multiplexing;
s106, carrying out load frame framing on the fragmented channel according to a period T1, carrying out control frame framing according to a period T2 with T1 being an integral multiple of T, carrying out signaling identification frame framing according to a period T3 with T2 being an integral multiple of T, wherein the signaling identification frame at least comprises the authorized transmission identification of the equipment, and T3 being an integral multiple of T, and a complete long frame consists of a load frame, a control frame corresponding to the load frame and a signaling identification frame.
S108, cutting the long frame, and dividing the load frame and the control frame data into two subframe types according to different parity bits, wherein the first type subframe comprises an even bit of the load frame, a control frame even bit corresponding to the load frame and a complete signaling identification frame; the second type subframe comprises an odd bit of a load frame, a control frame odd bit corresponding to the odd bit and a complete signaling identification frame;
s110, the electronic equipment and the first access equipment carry out primary transmission and receive a first type subframe sent by the first access equipment, wherein a parameter X is received in a first block of a control frame1,X1Indicating the block sequence number of a signaling identification frame in a first type subframe which needs to be acquired during next-stage communication; after the first-stage transmission is finished and a long frame period is slept, requesting the first access equipment to perform second-stage transmission, receiving a second-stage transmission first-type subframe sent by the first access equipment, and receiving a parameter X based on a first block1Determining a corresponding sequence number block in the signaling identification frame, and acquiring a three-level transmission symmetric key B stored in the block; and, in the received second-level transmission first-type subframe sent by the first access equipment, controlling the Xth of the frame1The +1 data block at least contains a back-off parameter C1, and the electronic device passes through X1The specific value of +1 obtains the back-off parameter C1 to guide a back-off algorithm before the third-level transmission; after the second-level transmission is finished, after sleeping the backoff algorithm before the third-level transmission, which is obtained by the guided backoff algorithm before the third-level transmission based on the backoff parameter calculated by C1, a third-level transmission is requested to the first access equipment, and the third-level transmission long frame encrypted by the symmetric key B is sent to the first access equipment, wherein the load frame of the third-level transmission long frame at least comprises network access information and access request header information, the signaling identification frame of the third-level transmission long frame at least comprises the authorized transmission identification of the electronic equipment, and the first access equipment uses the key B known at the local terminal to carry out symmetric transmissionDecrypting to obtain first access information including first network access information and first access request header information, and obtaining the electronic equipment authorization transmission identifier from a signaling identifier frame of a third-level transmission long frame;
s112, the first access device acquires the authorized transmission identifier of the electronic device from the first transmission identifier server, compares the authorized transmission identifier of the electronic device acquired from the signaling identifier frame of the third-level transmission long frame, if yes, allows the electronic device to perform network access, and transmits first access information including first network access information and first access request header information to the fusion server;
s114, the electronic equipment and the second access equipment carry out primary transmission and receive a second type subframe sent by the second access equipment, wherein the parameter X is received in a first block of a control frame2,X2Indicating the block sequence number of a signaling identification frame in a second type subframe which needs to be acquired during next-stage communication; after the first-stage transmission is finished and a long frame period is slept, requesting a second-stage transmission to the second access equipment, receiving a second-stage transmission second-type subframe sent by the second access equipment, and receiving a parameter X based on the first block2Determining a corresponding sequence number block in the signaling identification frame, and acquiring a three-level transmission symmetric key K stored in the block; and, in the received second-level transmission first-type subframe sent by the first access equipment, controlling the Xth of the frame2The +1 data block at least contains a back-off parameter C2, and the electronic device passes through X2The specific value of +1 obtains the back-off parameter C2 to guide a back-off algorithm before the third-level transmission; after the second-level transmission is finished, after sleeping the backoff algorithm before the third-level transmission, which is obtained by calculation based on C2, of the backoff parameter, requesting the second access device to perform third-level transmission, and sending a third-level transmission long frame encrypted by a symmetric key K to the second access device, wherein a load frame of the third-level transmission long frame at least comprises network access information and access request header information, a signaling identification frame of the third-level transmission long frame at least comprises an authorized transmission identification of the electronic device, and the second access device uses a local known terminalThe secret key K is symmetrically decrypted to obtain second access information which comprises second network access information and second access request head information, and the electronic equipment authorization transmission identification is obtained from a signaling identification frame of a third-level transmission long frame;
s118, the second access device acquires the authorized transmission identifier of the electronic device from the first transmission identifier server, compares the authorized transmission identifier of the electronic device acquired from the signaling identifier frame of the third-level transmission long frame, if yes, allows the electronic device to perform network access, and transmits second access information including second network access information and second access request header information to the fusion server;
s120, the fusion server performs bitwise insertion on the basis of the first access information, including the first network access information, the first access request header information and the second access information, including the parity and the sequence of the second network access information and the second access request header information, obtains complete network access information and access request header information, and transmits the complete network access information and access request header information to third access equipment;
and S122, the third access equipment performs network access on the electronic equipment according to the complete network access information and the access request header information, and allows the electronic equipment to access an external network.
As another stackable preferred embodiment, in a process of connecting the electronic device and the first access device, the back-off parameter number of long frame periods calculated by the back-off algorithm before the third-stage transmission based on C1 is specifically:
backoff parameter value of (X)1*C1)mod 8;
That is, the back-off parameter value is specifically selected from X1And taking the product of the sum and the C1, and then taking a module of 8 to obtain the remainder which is the backoff parameter value, namely the number of the sleep long frame period transmitted by the third stage of the first access equipment.
As another stackable preferred embodiment, in a process of connecting the electronic device and the second access device, the back-off parameter obtained by the back-off algorithm before the third-level transmission based on the calculation of C2 includes:
backoff parameter value of (X)2*C2)mod 8;
That is, the back-off parameter value is specifically selected from X2And taking the product of the sum and the C2, and then taking a module of 8 to obtain the remainder which is the backoff parameter value, namely the number of the sleep long frame period transmitted by the third stage of the second access equipment.
As another preferred embodiment that can be superimposed, the same three-level transmission back-off parameter can be selected for the first access device and the second access device in combination, so that, for example, a centralized back-off value calculator, combining X, can be used1And X2The values of (a) and (b) and (C) 1 and (C) 2 are calculated at a centralized backoff value calculator with higher security and located locally, and the centralized backoff values obtained are handed over to the first access device and the second access device for unified use, thereby reducing data redundancy of the system and reducing overhead of separate calculation.
As another preferred embodiment that can be superimposed, the acquiring of the transmission identifier specifically includes:
the device grant transmission identification is associated with at least a transmit request timestamp field of the electronic device, a preset local fixed cycle sequence, and an original MAC address of the electronic device.
As another preferred embodiment that can be superimposed, the preset local fixed cyclic sequence is set as follows:
and generating a random 8-bit binary group by adopting a random number generator, subsequently accessing a 6-bit isolation code, totaling 14 bits, and recycling the 14 bits of data until the length of the 14 bits of data is equal to the sending request timestamp field of the electronic equipment.
As another preferred embodiment that can be superimposed, the convergence server performs bitwise insertion on the basis of the first access information, including the first network access information and the first access request header information, and the second access information, including parity and sequence of the second network access information and the second access request header information, to obtain complete network access information and access request header information, and transmits the complete network access information and access request header information to the third access device, specifically including:
and according to the binary sequence ordering of the first access information, inserting the first access information into a second access information binary sequence bit by bit, wherein a second access information binary sequence symbol of a corresponding bit is inserted before each first access information binary sequence symbol to form complete network access information and access request header information.
As another preferred embodiment that can be superimposed, the acquiring of the transmission identifier specifically includes: the first transmission identification server obtains a sending request timestamp field of the electronic equipment, and carries out bitwise XOR on the sending request timestamp field and a preset local fixed cyclic sequence to obtain an XOR result b1B is mixing1And obtaining the authorized transmission identifier of the equipment by the original MAC address of the back-connected electronic equipment.
Fig. 3 is a preferred embodiment of the present invention, which illustrates that the third access device inserts the network access information and the access request header information transmitted by the first access device and the second access device bit by bit according to parity and sequence to obtain complete network access information and access request header information;
as can be seen from fig. 3, as another preferred embodiment that can be superimposed, the third access device inserts the network access information and the access request header information transmitted by the first access device and the second access device bit by bit according to parity and sequence to obtain complete network access information and access request header information, and specifically includes:
and according to the binary sequence ordering of the first access information, inserting the first access information into a second access information binary sequence bit by bit, wherein a second access information binary sequence symbol of a corresponding bit is inserted before each first access information binary sequence symbol to form complete network access information and access request header information.
Description figure 4 is a diagram illustrating a functionally preferred embodiment example of a first backoff parameter value calculating section according to the present invention;
as can be seen from fig. 4, as another superimposable preferred embodiment, the electronic device uses the first backoff parameter value calculating part to instruct, in the process of connecting the electronic device and the first access device, the backoff algorithm before the third-level transmission to obtain backoff parameters based on the backoff parameter calculated by C1, specifically:
backoff parameter value of (X)1*C1)mod 8;
That is, the back-off parameter value is specifically selected from X1And taking the product of the sum and the C1, and then taking a module of 8 to obtain the remainder which is the backoff parameter value, namely the number of the sleep long frame period transmitted by the third stage of the first access equipment.
Description fig. 5 is a diagram illustrating a functional preferred embodiment example of a second backoff parameter value calculating section according to the present invention;
as can be seen from fig. 5, as another preferred stackable embodiment, the electronic device further includes a second backoff parameter value calculating part, which is used to instruct, in a process of connecting the electronic device and the second access device, the backoff algorithm before the third-level transmission to obtain backoff parameter long frame periods based on the calculation of C2, specifically:
backoff parameter value of (X)2*C2)mod 8;
That is, the back-off parameter value is specifically selected from X2And taking the product of the sum and the C2, and then taking a module of 8 to obtain the remainder which is the backoff parameter value, namely the number of the sleep long frame period transmitted by the third stage of the second access equipment.
As another preferred embodiment that can be superimposed, the same three-level transmission back-off parameter can be selected for the first access device and the second access device in combination, so that, for example, a centralized back-off value calculator, combining X, can be used1And X2The values of (A) and (B) and (C) 1 and (C) 2 are calculated at a local centralized backoff value calculator with higher security, and the centralized backoff values obtained are handed to the first access device and the second access device for unified use, thereby reducing data redundancy of the system and reducing overhead of separate calculation, and simultaneously, the centralized backoff value calculator can be protected by using higher security measures, such as special hardware solidification encryption intermediateThe device performs rewriting processing on data transmission of the device, thereby providing higher safety.
The invention provides electronic equipment designated by secondary backoff in network access and a corresponding access method, wherein a backoff value based on primary transmission is used for secondary transmission of three-level transmission, and a first backoff parameter value calculation part and a second backoff parameter value calculation part are used for dynamically calculating the backoff value of the three-level transmission based on specific parameter values of the two-level transmission in the two-level transmission, so that an attacker cannot know the backoff time from a single cracked data long frame or part of the long frame when receiving a security attack, and cannot accurately position the data long frame, possibly causing attack failure due to interference of other channel frames. And introduce the first access equipment, second access equipment in corresponding electronic equipment and its composition system, and fuse the server, through carrying on the separation after considering on the basis of the security and amalgamating again to the access information, realize the higher separation effect of security, avoided the complete periodicity of the whole transmission at the same time, through tertiary transmission and two times to keep back off, make the defense to the attack more thorough, make the puzzlement that the attacker receives and uncertainty higher.
In all the above embodiments, in order to meet the requirements of some special data transmission and read/write functions, the above method and its corresponding devices may add devices, modules, devices, hardware, pin connections or memory and processor differences to expand the functions during the operation process.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described method, apparatus and unit may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the embodiments provided in the present invention, it should be understood that the disclosed system, apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the method steps into only one logical or functional division may be implemented in practice in another manner, e.g., multiple units or components may be combined or integrated into another system, or some features may be omitted, or not implemented. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as individual steps of the method, apparatus separation parts may or may not be logically or physically separate, or may not be physical units, and may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, the method steps, the implementation thereof, and the functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional unit.
The above-described method and apparatus may be implemented as an integrated unit in the form of a software functional unit, which may be stored in a computer readable storage medium. The software functional unit is stored in a storage medium and includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device) or a Processor (Processor) to execute some steps of the methods according to the embodiments of the present invention. And the aforementioned storage medium includes: a U disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), an NVRAM, a magnetic disk, or an optical disk, and various media capable of storing program codes.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like made within the spirit and principle of the present invention should be included in the scope of the present invention.
It should be noted that: the above embodiments are only used to explain and illustrate the technical solution of the present invention more clearly, and not to limit the same; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.

Claims (9)

1. An electronic device access method via secondary backoff in network access, the method comprising:
sending a request to a first transmission identifier server, obtaining the authorized transmission identifier of the electronic equipment by the first transmission identifier server,
time division fragmentation with the length t is carried out on communication channels of the electronic equipment and the first access equipment and the electronic equipment and the second access equipment by adopting time division multiplexing;
carrying out load frame framing on the fragmented channel according to a period T1, wherein T1 is an integral multiple of T, carrying out control frame framing according to a period T2, T2 is an integral multiple of T, carrying out signaling identification frame framing according to a period T3, the signaling identification frame at least comprises an authorized transmission identification of the electronic equipment, T3 is an integral multiple of T, and a complete long frame consists of a load frame, a control frame corresponding to the load frame and a signaling identification frame;
the electronic equipment performs primary transmission with the first access equipment and receives a first type subframe sent by the first access equipment, wherein a parameter X is received in a first block of a control frame1,X1Indicating the block sequence number of a signaling identification frame in a first type subframe which needs to be acquired during next-stage communication; after the first-stage transmission is finished and a long frame period is slept, requesting the first access equipment to perform second-stage transmission, receiving a second-stage transmission first-type subframe sent by the first access equipment, and receiving a parameter X based on a first block1Determining a corresponding sequence number block in the signaling identification frame, and acquiring a three-level transmission symmetric key B stored in the block; and transmits the first class in the received second stage transmitted by the first access equipmentIn type sub-frame, the Xth of control frame1The +1 data block at least contains a back-off parameter C1, and the electronic device passes the X-th data block1The +1 data block acquires the back-off parameter C1 for a back-off algorithm before the third-level transmission; after the second-level transmission is finished, after sleeping for a backoff parameter value calculated by a backoff algorithm before the third-level transmission based on C1 for a long frame period, requesting the first access device to perform third-level transmission, and sending a third-level transmission long frame encrypted by a symmetric key B to the first access device, wherein a load frame of the third-level transmission long frame at least comprises network access information and access request header information, a signaling identification frame of the third-level transmission long frame at least comprises the electronic device authorization transmission identification, the first access device performs symmetric decryption by using a key B known at the local terminal, acquires first access information comprising the first network access information and the first access request header information, and acquires the electronic device authorization transmission identification from the signaling identification frame of the third-level transmission long frame;
the first access equipment acquires the authorized transmission identifier of the electronic equipment from a first transmission identifier server, compares the authorized transmission identifier of the electronic equipment acquired from a signaling identifier frame of a third-level transmission long frame, allows the electronic equipment to perform network access if the authorized transmission identifier of the electronic equipment is the same as the authorized transmission identifier of the electronic equipment acquired from the signaling identifier frame of the third-level transmission long frame, and transmits first access information including first network access information and first access request header information to a fusion server;
the electronic equipment and the second access equipment carry out primary transmission and receive a second type subframe sent by the second access equipment, wherein the parameter X is received in a first block of a control frame2,X2Indicating the block sequence number of a signaling identification frame in a second type subframe which needs to be acquired during next-stage communication; after the first-stage transmission is finished and a long frame period is slept, requesting a second-stage transmission to the second access equipment, receiving a second-stage transmission second-type subframe sent by the second access equipment, and receiving a parameter X based on the first block2Determining a corresponding sequence number block in the signaling identification frame, and acquiring a three-level transmission symmetric key K stored in the block; and transmits the second transmission in the second stage sent by the received first access equipmentIn a type of subframe, the Xth of control frame2The +1 data block at least contains a back-off parameter C2, and the electronic device passes the X-th data block2The +1 data block acquires the back-off parameter C2 for a back-off algorithm before the third-level transmission; after the second-level transmission is finished, after sleeping for a backoff parameter value calculated by a backoff algorithm before the third-level transmission based on C2 for a long frame period, requesting a second access device to perform third-level transmission, and sending a third-level transmission long frame encrypted by a symmetric key K to the second access device, wherein a load frame of the third-level transmission long frame at least comprises network access information and access request header information, a signaling identification frame of the third-level transmission long frame at least comprises the electronic device authorization transmission identification, the second access device performs symmetric decryption by using the key K known by a local terminal to obtain second access information comprising the second network access information and the second access request header information, and obtains the electronic device authorization transmission identification from the signaling identification frame of the third-level transmission long frame;
the second access equipment acquires the authorized transmission identifier of the electronic equipment from the first transmission identifier server, compares the authorized transmission identifier of the electronic equipment acquired from the signaling identifier frame of the third-level transmission long frame, allows the electronic equipment to perform network access if the authorized transmission identifier of the electronic equipment is the same as the authorized transmission identifier of the electronic equipment acquired from the signaling identifier frame of the third-level transmission long frame, and transmits second access information including second network access information and second access request header information to the fusion server;
the fusion server performs bitwise insertion based on parity and sequence of first access information including first network access information and first access request header information and second access information including second network access information and second access request header information to obtain complete network access information and access request header information, and transmits the complete network access information and access request header information to a third access device, specifically: according to the binary sequence ordering of the first access information, inserting the first access information into a second access information binary sequence bit by bit, wherein a second access information binary sequence symbol of a corresponding bit is inserted in front of each first access information binary sequence symbol to form complete network access information and access request header information;
and the third access equipment performs network access on the electronic equipment according to the complete network access information and the access request header information, and allows the electronic equipment to access an external network.
2. The access method according to claim 1, wherein, in a process of connecting the electronic device and the first access device, the backoff parameter value obtained by the backoff algorithm before the third-stage transmission based on the calculation of C1 for a long frame period is specifically:
backoff parameter value of (X)1*C1)mod 8;
That is, the back-off parameter value is specifically selected from X1Taking the product of the length and the length of the C1, and then taking a module of 8 to obtain a remainder which is a backoff parameter value and is the number of sleep long frame period transmitted with the third level of the first access equipment;
in the process of connecting the electronic device and the second access device, the backoff parameter value long frame period calculated by the backoff algorithm before the third-stage transmission based on C2 is specifically:
backoff parameter value of (X)2*C2)mod 8;
That is, the back-off parameter value is specifically selected from X2And taking the product of the length and the C2, and then taking a module of 8 to obtain the remainder which is the backoff parameter value, namely the number of the sleep long frame period transmitted with the third level of the second access equipment.
3. The access method of claim 1, wherein obtaining the authorized transmission identifier of the electronic device specifically comprises:
the electronic device authorization transmission identification is associated with at least a transmission request timestamp field of the electronic device, a preset local fixed cycle sequence, and an original MAC address of the electronic device.
4. The access method according to claim 3, wherein the preset local fixed cyclic sequence is set as follows:
and generating a random 8-bit binary by adopting a random number generator, accessing a 6-bit isolation code at the end of the 8-bit binary, totaling 14 bits, and circularly using the 14-bit data until the total cycle length is equal to the length of a transmission request timestamp field of the electronic equipment.
5. An electronic device via secondary backoff in network access, the electronic device comprising:
a transmission identifier request unit for sending a request to the first transmission identifier server to obtain the transmission identifier authorized by the electronic device,
the time division multiplexing part is used for carrying out time division fragmentation with the length t on communication channels of the electronic equipment and the first access equipment and the electronic equipment and the second access equipment by adopting time division multiplexing;
a slice part, framing a load frame of a sliced channel according to a period T1, wherein T1 is an integral multiple of T, framing a control frame according to a period T2, T2 is an integral multiple of T, framing a signaling identification frame according to a period T3, the signaling identification frame at least comprises an authorized transmission identification of the electronic equipment, T3 is an integral multiple of T, and a complete long frame consists of a load frame, a control frame corresponding to the load frame and a signaling identification frame;
the frame cutting part cuts the long frame, and divides the load frame and the control frame data into two subframe types according to different parity bits, wherein the first type subframe comprises an even bit of a load frame, a control frame even bit corresponding to the load frame, and a complete signaling identification frame; the second type subframe comprises an odd bit of a load frame, a control frame odd bit corresponding to the odd bit and a complete signaling identification frame;
a first access request part requesting for primary transmission with the first access device and receiving a first type subframe sent by the first access device, wherein the parameter X is received in a first block of a control frame1,X1Indicating the block sequence number of a signaling identification frame in a first type subframe which needs to be acquired during next-stage communication; after the first-level transmission is finished and a long frame period is slept, requesting the first access equipment to perform second-level transmission, receiving a second-level transmission first-type subframe sent by the first access equipment, and based on the first-level transmission first-type subframeReceiving parameter X in block1Determining a corresponding sequence number block in the signaling identification frame, and acquiring a three-level transmission symmetric key B stored in the block; and in the received first-type subframe of the second-level transmission sent by the first access equipment, controlling the Xth of the frame1The +1 data block at least contains a back-off parameter C1, and the electronic device passes through X1The +1 data block acquires the back-off parameter C1 for a back-off algorithm before the third-level transmission; after the second-level transmission is finished, after sleeping for a backoff parameter value calculated by a backoff algorithm before the third-level transmission based on C1 for a long frame period, requesting the first access device to perform third-level transmission, and sending a third-level transmission long frame encrypted by a symmetric key B to the first access device, wherein a load frame of the third-level transmission long frame at least comprises network access information and access request header information, a signaling identification frame of the third-level transmission long frame at least comprises the electronic device authorization transmission identification, the first access device performs symmetric decryption by using a key B known at the local terminal, acquires first access information comprising the first network access information and the first access request header information, and acquires the electronic device authorization transmission identification from the signaling identification frame of the third-level transmission long frame;
the first access equipment acquires the authorized transmission identifier of the electronic equipment from a first transmission identifier server, compares the authorized transmission identifier of the electronic equipment acquired from a signaling identifier frame of a third-level transmission long frame, allows the electronic equipment to perform network access if the authorized transmission identifier of the electronic equipment is the same as the authorized transmission identifier of the electronic equipment acquired from the signaling identifier frame of the third-level transmission long frame, and transmits first access information including first network access information and first access request header information to a fusion server;
a second access request part requesting for primary transmission with the second access device and receiving the second type subframe sent by the second access device, wherein the parameter X is received in the first block of the control frame2,X2Indicating the block sequence number of a signaling identification frame in a second type subframe which needs to be acquired during next-stage communication; after the first-stage transmission is finished and a long frame period is put to sleep, requesting the second-stage transmission to the second access equipment, and receiving the second type of the second-stage transmission sent by the second access equipmentSubframe based on reception parameter X in first block2Determining a corresponding sequence number block in the signaling identification frame, and acquiring a three-level transmission symmetric key K stored in the block; and in the received first-type subframe of the second-level transmission sent by the first access equipment, controlling the Xth of the frame2The +1 data block at least contains a back-off parameter C2, and the electronic device passes through X2The +1 data block acquires the back-off parameter C2 for a back-off algorithm before the third-level transmission; after the second-level transmission is finished, after sleeping for a backoff parameter value calculated by a backoff algorithm before the third-level transmission based on C2 for a long frame period, requesting a second access device to perform third-level transmission, and sending a third-level transmission long frame encrypted by a symmetric key K to the second access device, wherein a load frame of the third-level transmission long frame at least comprises network access information and access request header information, a signaling identification frame of the third-level transmission long frame at least comprises the electronic device authorization transmission identification, the second access device performs symmetric decryption by using the key K known by a local terminal to obtain second access information comprising the second network access information and the second access request header information, and obtains the electronic device authorization transmission identification from the signaling identification frame of the third-level transmission long frame; the second access equipment acquires the authorized transmission identifier of the electronic equipment from the first transmission identifier server, compares the authorized transmission identifier of the electronic equipment acquired from the signaling identifier frame of the third-level transmission long frame, allows the electronic equipment to perform network access if the authorized transmission identifier of the electronic equipment is the same as the authorized transmission identifier of the electronic equipment acquired from the signaling identifier frame of the third-level transmission long frame, and transmits second access information including second network access information and second access request header information to the fusion server; the fusion server performs bitwise insertion based on parity and sequence of first access information including first network access information and first access request header information and second access information including second network access information and second access request header information to obtain complete network access information and access request header information, and transmits the complete network access information and access request header information to a third access device, specifically: according to the binary sequence ordering of the first access information, inserting the first access information into the binary sequence of the second access information bit by bit, wherein each binary sequence of the first access information is ordered into the binary sequence of the second access informationInserting second access information binary sequence symbols of corresponding bits before the first access information binary sequence symbols to form complete network access information and access request header information; and the third access equipment performs network access on the electronic equipment according to the complete network access information and the access request header information, and allows the electronic equipment to access an external network.
6. The electronic device according to claim 5, further comprising a first backoff parameter value calculating section, configured to calculate a backoff parameter value for a long frame period based on C1 by using a backoff algorithm before the third-stage transmission during a connection between the electronic device and the first access device, including the steps of:
backoff parameter value of (X)1*C1)mod 8;
That is, the back-off parameter value is specifically selected from X1Taking the product of the length and the length of the C1, and then taking a module of 8 to obtain a remainder which is a backoff parameter value and is the number of sleep long frame period transmitted with the third level of the first access equipment;
the method further comprises a second backoff parameter value calculation part, which is used for calculating backoff parameter values based on C2 by using a backoff algorithm before the third-level transmission in the process of connecting the electronic equipment and the second access equipment, and comprises the following steps:
backoff parameter value of (X)2*C2)mod 8;
That is, the back-off parameter value is specifically selected from X2And taking the product of the length and the C2, and then taking a module of 8 to obtain the remainder which is the backoff parameter value, namely the number of the sleep long frame period transmitted with the third level of the second access equipment.
7. The electronic device of claim 6, wherein obtaining the authorized transmission identifier of the electronic device is specifically:
the electronic device authorization transmission identification is associated with at least a transmission request timestamp field of the electronic device, a preset local fixed cycle sequence, and an original MAC address of the electronic device.
8. The electronic device of claim 7, wherein the preset local fixed cyclic sequence is set as follows:
and generating a random 8-bit binary by adopting a random number generator, accessing a 6-bit isolation code at the end of the 8-bit binary, totaling 14 bits, and circularly using the 14-bit data until the total cycle length is equal to the length of a transmission request timestamp field of the electronic equipment.
9. An electronic device access system via secondary backoff, comprising an electronic device according to any of claims 5-8, and a first access device, a second access device, a third access device, a convergence server and a first transmission identity server.
CN201911280666.6A 2019-12-13 2019-12-13 Electronic device designated via secondary backoff in network access and corresponding access method Active CN111083706B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911280666.6A CN111083706B (en) 2019-12-13 2019-12-13 Electronic device designated via secondary backoff in network access and corresponding access method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911280666.6A CN111083706B (en) 2019-12-13 2019-12-13 Electronic device designated via secondary backoff in network access and corresponding access method

Publications (2)

Publication Number Publication Date
CN111083706A CN111083706A (en) 2020-04-28
CN111083706B true CN111083706B (en) 2020-09-22

Family

ID=70314287

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911280666.6A Active CN111083706B (en) 2019-12-13 2019-12-13 Electronic device designated via secondary backoff in network access and corresponding access method

Country Status (1)

Country Link
CN (1) CN111083706B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103763356A (en) * 2014-01-08 2014-04-30 深圳大学 Establishment method, device and system for connection of secure sockets layers
CN107040495A (en) * 2016-02-03 2017-08-11 重庆小目科技有限责任公司 It is a kind of to be applied to industrial communication and the multi-stage combination identity identifying method of business

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103037473B (en) * 2011-09-30 2018-09-04 中兴通讯股份有限公司 A kind of application method and terminal of terminal-pair up-link wireless public resource
US9474087B2 (en) * 2012-10-23 2016-10-18 Lg Electronics Inc. Method and apparatus for performing backoff for scheduling request in wireless communication system
CN108174372A (en) * 2017-12-22 2018-06-15 珠海市君天电子科技有限公司 Method for network access, device, electronic equipment and storage medium
CN109474968B (en) * 2018-12-30 2021-07-16 联想(北京)有限公司 Control method, electronic equipment and network access equipment

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103763356A (en) * 2014-01-08 2014-04-30 深圳大学 Establishment method, device and system for connection of secure sockets layers
CN107040495A (en) * 2016-02-03 2017-08-11 重庆小目科技有限责任公司 It is a kind of to be applied to industrial communication and the multi-stage combination identity identifying method of business

Also Published As

Publication number Publication date
CN111083706A (en) 2020-04-28

Similar Documents

Publication Publication Date Title
DK170388B1 (en) Cable TV communication system, terminal device and head end device for use herein and methods of controlling access thereto
Lubacz et al. Principles and overview of network steganography
US6804257B1 (en) System and method for framing and protecting variable-lenght packet streams
US5473696A (en) Method and apparatus for combined encryption and scrambling of information on a shared medium network
KR100770485B1 (en) Automatic resynchronization of crypto-sync information
US6792111B1 (en) Cryptation system for packet switching networks based on digital chaotic models
Irvine et al. Data communications and networks: an engineering approach
EP2537309B1 (en) Method and apparatus providing protection and dc balance in a communication system
US5841864A (en) Apparatus and method for authentication and session key exchange in a communication system
CN110557680B (en) Audio and video data frame transmission method and system
US20160021224A1 (en) Stealth Packet Communications
CN110830393B (en) Method and device for realizing MACsec in chip stacking mode
CN105007163B (en) Transmission, acquisition methods and the transmission of wildcard, acquisition device
Guo et al. New voice over Internet protocol technique with hierarchical data security protection
CN111083706B (en) Electronic device designated via secondary backoff in network access and corresponding access method
CN101697539A (en) Bare network
WO2019184998A1 (en) Communication method, communication device, and storage medium
US5592554A (en) Method for data security in a digital telecommunication system
CN114826748B (en) Audio and video stream data encryption method and device based on RTP, UDP and IP protocols
CN110995428B (en) Electronic equipment using fusion access and corresponding access method
US6501841B1 (en) Method for providing security for a transmission of information through a plurality of frequency orthogonal subchannels
US7934089B2 (en) System and method for processing data and communicating encrypted data
MX2008001252A (en) Encrypting data in a communication network.
CN100450119C (en) Method for transferring cryptograph in IP video meeting system
US7460671B1 (en) Encryption processing apparatus and method for voice over packet networks

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20230823

Address after: 610000 No. 955, Siwei Road, Chongzhou Economic Development Zone, Chengdu, Sichuan

Patentee after: Chengdu Yide Electronic Technology Co.,Ltd.

Address before: 518000 Tangtou community, Shiyan street, Bao'an District, Shenzhen City, Guangdong Province

Patentee before: XiaHou Shuqin