CN113839776A - Method and system for safety interconnection protocol between network management and router - Google Patents

Method and system for safety interconnection protocol between network management and router Download PDF

Info

Publication number
CN113839776A
CN113839776A CN202111428148.1A CN202111428148A CN113839776A CN 113839776 A CN113839776 A CN 113839776A CN 202111428148 A CN202111428148 A CN 202111428148A CN 113839776 A CN113839776 A CN 113839776A
Authority
CN
China
Prior art keywords
dscp
module
router
key
channel
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202111428148.1A
Other languages
Chinese (zh)
Other versions
CN113839776B (en
Inventor
杨林
马琳茹
王雯
苏文蕾
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Institute of Network Engineering Institute of Systems Engineering Academy of Military Sciences
Original Assignee
Institute of Network Engineering Institute of Systems Engineering Academy of Military Sciences
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Institute of Network Engineering Institute of Systems Engineering Academy of Military Sciences filed Critical Institute of Network Engineering Institute of Systems Engineering Academy of Military Sciences
Priority to CN202111428148.1A priority Critical patent/CN113839776B/en
Publication of CN113839776A publication Critical patent/CN113839776A/en
Application granted granted Critical
Publication of CN113839776B publication Critical patent/CN113839776B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/02Standardisation; Integration
    • H04L41/0246Exchanging or transporting network management information using the Internet; Embedding network management web servers in network elements; Web-services-based protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/28Restricting access to network management systems or functions, e.g. using authorisation function to access network configuration
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/068Network architectures or network communication protocols for network security for supporting key management in a packet data network using time-dependent keys, e.g. periodically changing keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5007Internet protocol [IP] addresses

Abstract

The invention provides a method and a system for a secure interconnection protocol between a network manager and a router. The method comprises the following steps: step S1, access authentication; step S2, channel establishment and parameter negotiation; step S3, updating a periodic key; step S4, terminating the protocol; step S5, overtime maintenance; therefore, the functions of automatic discovery, safe access authentication, data encapsulation, anti-replay, ciphertext transmission and the like of the network management equipment and the router equipment are realized, the access of illegal equipment is effectively prevented, the equipment is prevented from being illegally attacked in multiple layers from access control to message forwarding, the functions of equipment identity safety identification and the like are provided, and a safe interaction means between the network management equipment and the managed equipment is provided.

Description

Method and system for safety interconnection protocol between network management and router
Technical Field
The invention belongs to the field of communication protocols, and particularly relates to a method and a system for a secure interconnection protocol between a network manager and a router.
Background
With the widespread use of networks, the interconnection of devices is becoming more complex, and also faces various security problems, and there is an increasing need to ensure security on network connections. In order to meet the requirements of new network environments on higher and higher security and reliability, network management and secure interconnection of managed devices are increasingly emphasized, and network management security standards and protocols are continuously updated and enhanced.
The interconnection protocol among the traditional network devices can not effectively prevent the access of illegal devices, has low safety degree and no good protectiveness, has great hidden trouble in the communication safety of users, and can not ensure the interconnection safety of network management and router devices.
Disclosure of Invention
In view of the above technical problems, the present invention provides a secure interconnection protocol scheme for use between a network manager and a router. The scheme can realize the functions of automatic discovery, safe access authentication, data encapsulation, anti-replay, ciphertext transmission and the like of network management and router equipment, and effectively prevent illegal equipment access. Specifically, firstly, the network manager starts to send a negotiation message to the router to start access authentication, judges whether the router completes security access according to a port security policy, and if the judgment is passed, the equipment maintenance message carries out validity check through encryption and decryption, integrity check and anti-replay processing; secondly, the validity of the key is closely related to the message transmission of the gateway, the message transmission between the network manager and the router is encrypted by using the negotiated key, the key is updated and negotiated after the key is overtime, the new key negotiation process adopts the original key for encryption, and the message transmission is in a failure state before the key is updated; thirdly, when the equipment maintenance fails, the network manager initiates a request to remove the connection. The encryption mechanism in the safety interconnection protocol provided by the scheme completely participates, no plaintext transmission exists in the whole process, the equipment is prevented from being illegally attacked in multiple layers from access control to message forwarding, functions such as equipment identity safety identification are provided, and a safety interaction means between the network management equipment and the managed equipment is provided.
The invention discloses a method for a safety interconnection protocol between a network manager and a router in a first aspect. The method comprises the following steps:
step S1, access authentication, specifically including:
a DSCP (Device Security Access Protocol) module of a network manager sends a key negotiation starting request to an encryption module of the network manager, the encryption module of the network manager performs key negotiation with the encryption module of a router after receiving the key negotiation starting request, two parties of the key negotiation judge whether to complete Security Access according to port Security policy configuration, and if the judgment is passed, the two parties enter a Device maintenance stage;
step S2, channel establishment and parameter negotiation, specifically including:
the network management initiates a channel establishment request to the router, after the router receives the channel establishment request, the network management allocates a management channel security label and an IP address for a channel to be established, and then the network management configures a DSCP channel table according to the management channel security label and configures network card information according to the IP address;
step S3, periodic key update, specifically including:
after the key exceeds the valid time of the key specified by the timer, the DSCP module of the network management initiatively initiates a key updating request to the encryption module of the network management, and sends the key updating request to the DSCP module of the router by using the original key, and the router updates the DSCP channel table after receiving the new key information;
step S4, terminating the protocol, specifically including:
the DSCP module of the network manager triggers the deletion of the DSCP connection information by sending a protocol termination request to the router;
step S5, the maintenance timeout specifically includes:
and the DSCP module of the network manager and the DSCP module of the router maintain the connection validity of the DSCP by sending a device maintenance request, and if the maintenance is overtime, the corresponding item of the DSCP channel table is deleted.
According to the method of the first aspect of the present invention, the step S1 specifically includes:
step S1.1, the DSCP module of the network management starts a key negotiation process, the encryption module of the network management encapsulates and sends a key negotiation message to the encryption module of the router at the opposite end, and the encryption module of the router carries out key negotiation with the encryption module of the network management after receiving the key negotiation message;
step S1.2, after the network manager and the router finish the link key agreement, the key agreement completion message is informed to the DSCP module key of the network manager;
and S1.3, after receiving the key negotiation completion message, the DSCP module of the network manager judges whether to complete security access according to the port security policy configuration, if the judgment is passed, the DSCP enters the equipment maintenance stage, and if the judgment is failed, a security event is recorded.
According to the method of the first aspect of the present invention, the step S1 further includes:
step S1.4, after the access authentication is completed, the DSCP module of the network manager sends a device maintenance request message in a protocol channel, and sends the message to the router after encryption;
and S1.5, when the equipment maintenance request message is received, the encryption module of the router firstly carries out decryption and integrity check, then completes anti-replay processing, and sends a legal equipment maintenance message to the DSCP module of the router.
According to the method of the first aspect of the present invention, the step S2 specifically includes:
step S2.1, after the access authentication is completed, the network manager sends a channel establishment request message to the router;
step S2.2, after the router receives the channel establishment request, the router distributes a management channel security label and an IP address for the channel to be established, and then sends a channel establishment response message to the network manager;
and S2.3, after receiving the channel establishment response message, the DSCP module of the network manager configures a DSCP channel table of the network manager according to the channel security mark, and configures network card IP and gateway address according to the obtained IP address to complete channel establishment.
According to the method of the first aspect of the present invention, the step S2 further includes:
and S2.4, after the establishment of the channel is completed, when the gateway or the router transmits the message to the other side, the gateway or the router transmits the respective message to be transmitted to the respective DSCP module, the respective DSCP module determines the channel matched with the message to be transmitted in the established channel after receiving the message to be transmitted, performs encapsulation encryption and integrity calculation by using the negotiated secret key, and transmits the message through the matched channel.
According to the method of the first aspect of the present invention, the step S3 specifically includes:
step S3.1, after the key updating time of the DSCP module of the network management is expired, actively triggering a periodic key updating process, and sending a key negotiation starting message to the encryption module of the network management to trigger a new round of key negotiation;
step S3.2, after the encryption module of the network manager completes the key agreement, the encryption module sends a key agreement completion notice to the DSCP modules of the devices at the two ends;
step S3.3, the DSCP module of the network management updates the DSCP channel table configuration of the network management based on the new key, and sends a key updating request message to the DSCP module of the router by using the original key;
and step S3.4, after receiving the key updating request, the router judges that the opposite communication terminal completes key negotiation, updates the DSCP channel table of the router by using a new key and sends a key updating response message.
According to the method of the first aspect of the present invention, the step S5 specifically includes:
step S5.1, the DSCP module of the network management and the DSCP module of the router send a device maintenance request to the DSCP module of the opposite terminal device under the trigger of a device maintenance timer to maintain the effectiveness of DSCP connection, and the DSCP module of the network management and the DSCP module of the router return a device maintenance response to the received device maintenance request;
and S5.2, the DSCP module of the network manager and the DSCP module of the router count the receiving of the equipment maintenance response, if the equipment maintenance response is not received within the specified retransmission times of the equipment maintenance request, the equipment maintenance is considered to be failed, the DSCP module of the network manager and the DSCP module of the router delete respective DSCP entries, and send a DSCP connection interruption state notification to authentication decision software.
The second aspect of the invention discloses a safety interconnection protocol system used between a network manager and a router. The system comprises:
the first processing unit is configured to perform access authentication, and specifically includes:
calling a DSCP (Device Security Access Protocol) module of a network manager to send a key negotiation starting request to an encryption module of the network manager, wherein the encryption module of the network manager performs key negotiation with the encryption module of a router after receiving the key negotiation starting request, and two parties of the key negotiation judge whether to complete Security Access according to port Security policy configuration, and enter a Device maintenance stage if the judgment is passed;
the second processing unit is configured to perform channel establishment and parameter negotiation, and specifically includes:
calling the network manager to initiate a channel establishment request to the router, after the router receives the channel establishment request and distributes a management channel security label and an IP address for a channel to be established, the network manager configures a DSCP channel table according to the management channel security label and configures network card information according to the IP address;
the third processing unit is configured to perform periodic key update, and specifically includes:
calling a DSCP module of the network management to actively initiate a key updating request to an encryption module of the network management after a key exceeds the key effective time specified by a timer, sending the key updating request to the DSCP module of the router by using an original key, and updating the DSCP channel table after the router receives new key information;
the fourth processing unit is configured to perform protocol termination, and specifically includes:
calling a DSCP module of the network manager to trigger the deletion of DSCP connection information by sending a protocol termination request to the router;
the fifth processing unit is configured to execute maintenance timeout, and specifically includes:
and calling the DSCP module of the network manager and the DSCP module of the router to maintain the connection effectiveness of the DSCP by sending a device maintenance request, and deleting the corresponding item of the DSCP channel table when the maintenance is overtime.
According to the system of the second aspect of the invention, the first processing unit is specifically configured to perform the steps of:
step S1.1, the DSCP module of the network management starts a key negotiation process, the encryption module of the network management encapsulates and sends a key negotiation message to the encryption module of the router at the opposite end, and the encryption module of the router carries out key negotiation with the encryption module of the network management after receiving the key negotiation message;
step S1.2, after the network manager and the router finish the link key agreement, the key agreement completion message is informed to the DSCP module key of the network manager;
and S1.3, after receiving the key negotiation completion message, the DSCP module of the network manager judges whether to complete security access according to the port security policy configuration, if the judgment is passed, the DSCP enters the equipment maintenance stage, and if the judgment is failed, a security event is recorded.
According to the system of the second aspect of the invention, the first processing unit is further configured to perform the steps of:
step S1.4, after the access authentication is completed, the DSCP module of the network manager sends a device maintenance request message in a protocol channel, and sends the message to the router after encryption;
and S1.5, when the equipment maintenance request message is received, the encryption module of the router firstly carries out decryption and integrity check, then completes anti-replay processing, and sends a legal equipment maintenance message to the DSCP module of the router.
According to the system of the second aspect of the invention, the second processing unit is specifically configured to perform the steps of:
step S2.1, after the access authentication is completed, the network manager sends a channel establishment request message to the router;
step S2.2, after the router receives the channel establishment request, the router distributes a management channel security label and an IP address for the channel to be established, and then sends a channel establishment response message to the network manager;
and S2.3, after receiving the channel establishment response message, the DSCP module of the network manager configures a DSCP channel table of the network manager according to the channel security mark, and configures network card IP and gateway address according to the obtained IP address to complete channel establishment.
According to the system of the second aspect of the invention, the second processing unit is further configured to perform the steps of:
and S2.4, after the establishment of the channel is completed, when the gateway or the router transmits the message to the other side, the gateway or the router transmits the respective message to be transmitted to the respective DSCP module, the respective DSCP module determines the channel matched with the message to be transmitted in the established channel after receiving the message to be transmitted, performs encapsulation encryption and integrity calculation by using the negotiated secret key, and transmits the message through the matched channel.
According to the system of the second aspect of the invention, the third processing unit is specifically configured to perform the steps of:
step S3.1, after the key updating time of the DSCP module of the network management is expired, actively triggering a periodic key updating process, and sending a key negotiation starting message to the encryption module of the network management to trigger a new round of key negotiation;
step S3.2, after the encryption module of the network manager completes the key agreement, the encryption module sends a key agreement completion notice to the DSCP modules of the devices at the two ends;
step S3.3, the DSCP module of the network management updates the DSCP channel table configuration of the network management based on the new key, and sends a key updating request message to the DSCP module of the router by using the original key;
and step S3.4, after receiving the key updating request, the router judges that the opposite communication terminal completes key negotiation, updates the DSCP channel table of the router by using a new key and sends a key updating response message.
According to the system of the second aspect of the invention, the fifth processing unit is specifically configured to perform the steps of:
step S5.1, the DSCP module of the network management and the DSCP module of the router send a device maintenance request to the DSCP module of the opposite terminal device under the trigger of a device maintenance timer to maintain the effectiveness of DSCP connection, and the DSCP module of the network management and the DSCP module of the router return a device maintenance response to the received device maintenance request;
and S5.2, the DSCP module of the network manager and the DSCP module of the router count the receiving of the equipment maintenance response, if the equipment maintenance response is not received within the specified retransmission times of the equipment maintenance request, the equipment maintenance is considered to be failed, the DSCP module of the network manager and the DSCP module of the router delete respective DSCP entries, and send a DSCP connection interruption state notification to authentication decision software.
A third aspect of the invention discloses an electronic device. The electronic device comprises a memory and a processor, wherein the memory stores a computer program, and the processor implements the steps of the method for the secure interconnection protocol between the network manager and the router according to any one of the first aspect of the disclosure when executing the computer program.
A fourth aspect of the invention discloses a computer-readable storage medium. The computer readable storage medium has stored thereon a computer program which, when executed by a processor, implements the steps of a method for secure interconnection protocol between a network manager and a router according to any one of the first aspect of the present disclosure.
In summary, in the technical scheme provided by the present invention, functions such as device automatic discovery, secure access authentication, data adaptation, anti-replay, ciphertext transmission, and the like are realized through modules such as encryption adaptation, transmission processing, authentication management, and the like, so that access of an illegal device is effectively prevented, and the device is prevented from being attacked illegally from multiple layers from access control to message forwarding. The scheme is as follows: (1) the contents such as the processing flow of the equipment safety interconnection protocol are specified; (2) the method is suitable for the security access authentication function on the network security router and the network management equipment; (3) and provides a safe interaction means for controlling, managing and service messages between network management equipment and a router. Compared with the existing protocol, the encryption mechanism in the safety interconnection protocol provided by the invention completely participates, no plaintext transmission exists in the whole process, the safety of interconnection between the network management equipment and the router is well ensured, and the safety degree is greatly improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the embodiments or the description in the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings can be obtained by those skilled in the art without creative efforts.
FIG. 1 is a schematic diagram of a secure interconnection protocol (Security interconnect protocol) operating hierarchy between a gateway and a router according to an embodiment of the present invention;
FIG. 2 is a diagram illustrating the functional components of a secure interconnect protocol according to an embodiment of the present invention;
fig. 3 is a flowchart of a method for a secure interconnection protocol between a network manager and a router according to an embodiment of the present invention;
fig. 4 is a flowchart illustrating access authentication and device maintenance according to an embodiment of the present invention;
FIG. 5 is a flowchart illustrating channel establishment and parameter negotiation according to an embodiment of the present invention;
FIG. 6 is a flowchart illustrating a key update according to an embodiment of the present invention;
FIG. 7 is a flowchart illustrating protocol termination and maintenance timeout according to an embodiment of the present invention;
fig. 8 is a structural diagram of a secure interconnection protocol system used between a network manager and a router according to an embodiment of the present invention;
fig. 9 is a block diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The invention discloses a method for a safety interconnection protocol between a network manager and a router in a first aspect.
FIG. 1 is a schematic diagram of a secure interconnection protocol (Security interconnect protocol) operating hierarchy between a gateway and a router according to an embodiment of the present invention; as shown in fig. 1, the security interconnection protocol works in a link layer, an ethernet is used as a transmission entity, a protocol adaptation layer is designed between the security interconnection protocol and the network layer, and mapping of a network layer message and a security interconnection protocol label is completed.
FIG. 2 is a diagram illustrating the functional components of a secure interconnect protocol according to an embodiment of the present invention; as shown in fig. 2, the secure interconnection protocol function is composed of functions of transmission error correction, encryption interface adaptation, transmission processing, authentication management, link processing, and the like. (1) And encryption adaptation, namely completing adaptation functions such as hardware interface, format encapsulation and the like, and completing rate limitation before sending the link key negotiation message to the encryption module. (2) And transmission processing, namely, providing a link security transmission function for an upper control and management protocol and a service message by utilizing link encryption, integrity and anti-replay among network equipment. (3) And authentication management, wherein the security authentication is used for access authentication of the software equipment operating the security interconnection protocol, the link key agreement is developed by triggering the encryption module, and authentication validity judgment is carried out based on the key agreement result and the returned opposite end node number, so that the security access authentication function between the network equipment is completed.
Fig. 3 is a flowchart of a method for a secure interconnection protocol between a network manager and a router according to an embodiment of the present invention; as shown in fig. 3, the method includes:
step S1, access authentication, specifically including:
a DSCP (Device Security Access Protocol) module of a network manager sends a key negotiation starting request to an encryption module of the network manager, the encryption module of the network manager performs key negotiation with the encryption module of a router after receiving the key negotiation starting request, two parties of the key negotiation judge whether to complete Security Access according to port Security policy configuration, and if the judgment is passed, the two parties enter a Device maintenance stage;
step S2, channel establishment and parameter negotiation, specifically including:
the network management initiates a channel establishment request to the router, after the router receives the channel establishment request, the network management allocates a management channel security label and an IP address for a channel to be established, and then the network management configures a DSCP channel table according to the management channel security label and configures network card information according to the IP address;
step S3, periodic key update, specifically including:
after the key exceeds the valid time of the key specified by the timer, the DSCP module of the network management initiatively initiates a key updating request to the encryption module of the network management, and sends the key updating request to the DSCP module of the router by using the original key, and the router updates the DSCP channel table after receiving the new key information;
step S4, terminating the protocol, specifically including:
the DSCP module of the network manager triggers the deletion of the DSCP connection information by sending a protocol termination request to the router;
step S5, the maintenance timeout specifically includes:
and the DSCP module of the network manager and the DSCP module of the router maintain the connection validity of the DSCP by sending a device maintenance request, and if the maintenance is overtime, the corresponding item of the DSCP channel table is deleted.
In some embodiments, the step S1 specifically includes:
step S1.1, the DSCP module of the network management starts a key negotiation process, the encryption module of the network management encapsulates and sends a key negotiation message to the encryption module of the router at the opposite end, and the encryption module of the router carries out key negotiation with the encryption module of the network management after receiving the key negotiation message;
step S1.2, after the network manager and the router finish the link key agreement, the key agreement completion message is informed to the DSCP module key of the network manager;
and S1.3, after receiving the key negotiation completion message, the DSCP module of the network manager judges whether to complete security access according to the port security policy configuration, if the judgment is passed, the DSCP enters the equipment maintenance stage, and if the judgment is failed, a security event is recorded.
In some embodiments, the step S1 further includes:
step S1.4, after the access authentication is completed, the DSCP module of the network manager sends a device maintenance request message in a protocol channel, and sends the message to the router after encryption;
and S1.5, when the equipment maintenance request message is received, the encryption module of the router firstly carries out decryption and integrity check, then completes anti-replay processing, and sends a legal equipment maintenance message to the DSCP module of the router.
Fig. 4 is a flowchart illustrating access authentication and device maintenance according to an embodiment of the present invention; as shown in fig. 4, the security interconnection protocol DSCP module of the network management starts a key agreement process, the encryption module encapsulates and sends a key agreement message to the encryption module of the security router of the opposite end, and the encryption module of the router performs key agreement with the encryption module of the network management after receiving the key agreement message. When the network manager and the security router complete the link key negotiation, the DSCP module is informed of the completion of the key negotiation. After receiving the key agreement completion message, the network management DSCP module judges whether the security access is completed or not according to the port security policy configuration, if the judgment is failed, the security event is recorded, and authentication decision software is reported; and if the judgment is passed, entering an equipment maintenance flow. After the access authentication is completed, the DSCP module sends a device maintenance request message in the protocol channel, and sends the message to the security router after encryption. When receiving the equipment maintenance message, the encryption module firstly carries out decryption and integrity check, then completes anti-replay processing, and sends the legal equipment maintenance message to the DSCP module.
In some embodiments, the step S2 specifically includes:
step S2.1, after the access authentication is completed, the network manager sends a channel establishment request message to the router;
step S2.2, after the router receives the channel establishment request, the router distributes a management channel security label and an IP address for the channel to be established, and then sends a channel establishment response message to the network manager;
and S2.3, after receiving the channel establishment response message, the DSCP module of the network manager configures a DSCP channel table of the network manager according to the channel security mark, and configures network card IP and gateway address according to the obtained IP address to complete channel establishment.
In some embodiments, the step S2 further includes:
and S2.4, after the establishment of the channel is completed, when the gateway or the router transmits the message to the other side, the gateway or the router transmits the respective message to be transmitted to the respective DSCP module, the respective DSCP module determines the channel matched with the message to be transmitted in the established channel after receiving the message to be transmitted, performs encapsulation encryption and integrity calculation by using the negotiated secret key, and transmits the message through the matched channel.
FIG. 5 is a flowchart illustrating channel establishment and parameter negotiation according to an embodiment of the present invention; as shown in fig. 4, after the DSCP security authentication is completed, the channel establishment and parameter negotiation process is triggered, and the network manager sends a channel establishment request message to the router. After receiving the channel establishing request, the router distributes a management channel security mark and an IP address for the router, and then sends a channel establishing response message to the network manager. After receiving the channel establishment response, the network management DSCP configures a DSCP channel table according to the channel security mark, and configures network card IP and gateway address according to the obtained IP address. When the message is sent to the DSCP module, the matched channel and the negotiated key are sent after being packaged, encrypted and integrality calculated.
In some embodiments, the step S3 specifically includes:
step S3.1, after the key updating time of the DSCP module of the network management is expired, actively triggering a periodic key updating process, and sending a key negotiation starting message to the encryption module of the network management to trigger a new round of key negotiation;
step S3.2, after the encryption module of the network manager completes the key agreement, the encryption module sends a key agreement completion notice to the DSCP modules of the devices at the two ends;
step S3.3, the DSCP module of the network management updates the DSCP channel table configuration of the network management based on the new key, and sends a key updating request message to the DSCP module of the router by using the original key;
and step S3.4, after receiving the key updating request, the router judges that the opposite communication terminal completes key negotiation, updates the DSCP channel table of the router by using a new key and sends a key updating response message.
FIG. 6 is a flowchart illustrating a key update according to an embodiment of the present invention; as shown in fig. 6, after the key update time expires, the DSCP module actively triggers a periodic key update process, and sends a key agreement start message to the encryption module to trigger a new round of key agreement. And after the encryption module finishes the key negotiation, sending a key negotiation completion notice to the DSCP modules of the two-end equipment. And the network management DSCP module updates the DSCP channel table configuration based on the new key and sends a key updating request message to the opposite terminal DSCP module by using the original key. After receiving the key updating request, the opposite terminal equipment judges that the opposite communication terminal finishes the key negotiation, updates the DSCP channel table by a new key, sends a key updating response message and enables the DSCP initiating the key updating party to stop sending the key updating request.
In some embodiments, the step S5 specifically includes:
step S5.1, the DSCP module of the network management and the DSCP module of the router send a device maintenance request to the DSCP module of the opposite terminal device under the trigger of a device maintenance timer to maintain the effectiveness of DSCP connection, and the DSCP module of the network management and the DSCP module of the router return a device maintenance response to the received device maintenance request;
and S5.2, the DSCP module of the network manager and the DSCP module of the router count the receiving of the equipment maintenance response, if the equipment maintenance response is not received within the specified retransmission times of the equipment maintenance request, the equipment maintenance is considered to be failed, the DSCP module of the network manager and the DSCP module of the router delete respective DSCP entries, and send a DSCP connection interruption state notification to authentication decision software.
FIG. 7 is a flowchart illustrating protocol termination and maintenance timeout according to an embodiment of the present invention; as shown in fig. 7, the network management DSCP module triggers the deletion of DSCP connection information by sending a protocol termination request. The DSCP modules at two ends send a device maintenance request to the DSCP module at the opposite end under the trigger of the device maintenance timer to maintain the effectiveness of the DSCP connection, and the DSCP module returns a device maintenance response to the received device maintenance request. The DSCP module counts the receiving of the equipment maintenance response, if the equipment maintenance response is not received within the specified retransmission times of the equipment maintenance request, the equipment maintenance is considered to be failed, the DSCP module deletes the DSCP table entry and sends a DSCP connection interruption state notice to the authentication decision software.
The second aspect of the invention discloses a safety interconnection protocol system used between a network manager and a router. Fig. 8 is a structural diagram of a secure interconnection protocol system used between a network manager and a router according to an embodiment of the present invention; as shown in fig. 8, the system 800 includes:
the first processing unit 801 is configured to perform access authentication, and specifically includes:
calling a DSCP (Device Security Access Protocol) module of a network manager to send a key negotiation starting request to an encryption module of the network manager, wherein the encryption module of the network manager performs key negotiation with the encryption module of a router after receiving the key negotiation starting request, and two parties of the key negotiation judge whether to complete Security Access according to port Security policy configuration, and enter a Device maintenance stage if the judgment is passed;
the second processing unit 802 is configured to perform channel establishment and parameter negotiation, and specifically includes:
calling the network manager to initiate a channel establishment request to the router, after the router receives the channel establishment request and distributes a management channel security label and an IP address for a channel to be established, the network manager configures a DSCP channel table according to the management channel security label and configures network card information according to the IP address;
the third processing unit 803 is configured to perform periodic key update, and specifically includes:
calling a DSCP module of the network management to actively initiate a key updating request to an encryption module of the network management after a key exceeds the key effective time specified by a timer, sending the key updating request to the DSCP module of the router by using an original key, and updating the DSCP channel table after the router receives new key information;
the fourth processing unit 804 is configured to execute protocol termination, and specifically includes:
calling a DSCP module of the network manager to trigger the deletion of DSCP connection information by sending a protocol termination request to the router;
the fifth processing unit 805 is configured to execute maintenance timeout, and specifically includes:
and calling the DSCP module of the network manager and the DSCP module of the router to maintain the connection effectiveness of the DSCP by sending a device maintenance request, and deleting the corresponding item of the DSCP channel table when the maintenance is overtime.
According to the system of the second aspect of the present invention, the first processing unit 801 is specifically configured to perform the following steps:
step S1.1, the DSCP module of the network management starts a key negotiation process, the encryption module of the network management encapsulates and sends a key negotiation message to the encryption module of the router at the opposite end, and the encryption module of the router carries out key negotiation with the encryption module of the network management after receiving the key negotiation message;
step S1.2, after the network manager and the router finish the link key agreement, the key agreement completion message is informed to the DSCP module key of the network manager;
and S1.3, after receiving the key negotiation completion message, the DSCP module of the network manager judges whether to complete security access according to the port security policy configuration, if the judgment is passed, the DSCP enters the equipment maintenance stage, and if the judgment is failed, a security event is recorded.
According to the system of the second aspect of the present invention, the first processing unit 801 is further configured to perform the following steps:
step S1.4, after the access authentication is completed, the DSCP module of the network manager sends a device maintenance request message in a protocol channel, and sends the message to the router after encryption;
and S1.5, when the equipment maintenance request message is received, the encryption module of the router firstly carries out decryption and integrity check, then completes anti-replay processing, and sends a legal equipment maintenance message to the DSCP module of the router.
According to the system of the second aspect of the present invention, the second processing unit 802 is specifically configured to perform the following steps:
step S2.1, after the access authentication is completed, the network manager sends a channel establishment request message to the router;
step S2.2, after the router receives the channel establishment request, the router distributes a management channel security label and an IP address for the channel to be established, and then sends a channel establishment response message to the network manager;
and S2.3, after receiving the channel establishment response message, the DSCP module of the network manager configures a DSCP channel table of the network manager according to the channel security mark, and configures network card IP and gateway address according to the obtained IP address to complete channel establishment.
According to the system of the second aspect of the present invention, the second processing unit 802 is further configured to perform the following steps:
and S2.4, after the establishment of the channel is completed, when the gateway or the router transmits the message to the other side, the gateway or the router transmits the respective message to be transmitted to the respective DSCP module, the respective DSCP module determines the channel matched with the message to be transmitted in the established channel after receiving the message to be transmitted, performs encapsulation encryption and integrity calculation by using the negotiated secret key, and transmits the message through the matched channel.
According to the system of the second aspect of the present invention, the third processing unit 803 is specifically configured to perform the following steps:
step S3.1, after the key updating time of the DSCP module of the network management is expired, actively triggering a periodic key updating process, and sending a key negotiation starting message to the encryption module of the network management to trigger a new round of key negotiation;
step S3.2, after the encryption module of the network manager completes the key agreement, the encryption module sends a key agreement completion notice to the DSCP modules of the devices at the two ends;
step S3.3, the DSCP module of the network management updates the DSCP channel table configuration of the network management based on the new key, and sends a key updating request message to the DSCP module of the router by using the original key;
and step S3.4, after receiving the key updating request, the router judges that the opposite communication terminal completes key negotiation, updates the DSCP channel table of the router by using a new key and sends a key updating response message.
According to the system of the second aspect of the present invention, the fifth processing unit 805 is specifically configured to perform the following steps:
step S5.1, the DSCP module of the network management and the DSCP module of the router send a device maintenance request to the DSCP module of the opposite terminal device under the trigger of a device maintenance timer to maintain the effectiveness of DSCP connection, and the DSCP module of the network management and the DSCP module of the router return a device maintenance response to the received device maintenance request;
and S5.2, the DSCP module of the network manager and the DSCP module of the router count the receiving of the equipment maintenance response, if the equipment maintenance response is not received within the specified retransmission times of the equipment maintenance request, the equipment maintenance is considered to be failed, the DSCP module of the network manager and the DSCP module of the router delete respective DSCP entries, and send a DSCP connection interruption state notification to authentication decision software.
A third aspect of the invention discloses an electronic device. The electronic device comprises a memory and a processor, wherein the memory stores a computer program, and the processor implements the steps of the method for the secure interconnection protocol between the network manager and the router according to any one of the first aspect of the disclosure when executing the computer program.
Fig. 9 is a block diagram of an electronic device according to an embodiment of the present invention, and as shown in fig. 9, the electronic device includes a processor, a memory, a communication interface, a display screen, and an input device, which are connected by a system bus. Wherein the processor of the electronic device is configured to provide computing and control capabilities. The memory of the electronic equipment comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The communication interface of the electronic device is used for carrying out wired or wireless communication with an external terminal, and the wireless communication can be realized through WIFI, an operator network, Near Field Communication (NFC) or other technologies. The display screen of the electronic equipment can be a liquid crystal display screen or an electronic ink display screen, and the input device of the electronic equipment can be a touch layer covered on the display screen, a key, a track ball or a touch pad arranged on the shell of the electronic equipment, an external keyboard, a touch pad or a mouse and the like.
It will be understood by those skilled in the art that the structure shown in fig. 9 is only a partial block diagram related to the technical solution of the present disclosure, and does not constitute a limitation of the electronic device to which the solution of the present application is applied, and a specific electronic device may include more or less components than those shown in the drawings, or combine some components, or have a different arrangement of components.
A fourth aspect of the invention discloses a computer-readable storage medium. The computer readable storage medium has stored thereon a computer program which, when executed by a processor, implements the steps of a method for secure interconnection protocol between a network manager and a router according to any one of the first aspect of the present disclosure.
In summary, in the technical scheme provided by the present invention, functions such as device automatic discovery, secure access authentication, data adaptation, anti-replay, ciphertext transmission, and the like are realized through modules such as encryption adaptation, transmission processing, authentication management, and the like, so that access of an illegal device is effectively prevented, and the device is prevented from being attacked illegally from multiple layers from access control to message forwarding. The scheme is as follows: (1) the contents such as the processing flow of the equipment safety interconnection protocol are specified; (2) the method is suitable for the security access authentication function on the network security router and the network management equipment; (3) and provides a safe interaction means for controlling, managing and service messages between network management equipment and a router. Compared with the existing protocol, the encryption mechanism in the safety interconnection protocol provided by the invention completely participates, no plaintext transmission exists in the whole process, the safety of interconnection between the network management equipment and the router is well ensured, and the safety degree is greatly improved.
It should be noted that the technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, however, as long as there is no contradiction between the combinations of the technical features, the scope of the present description should be considered. The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.

Claims (10)

1. A method for a secure interconnection protocol between a network manager and a router, the method comprising:
step S1, access authentication, specifically including:
a DSCP (Device Security Access Protocol) module of a network manager sends a key negotiation starting request to an encryption module of the network manager, the encryption module of the network manager performs key negotiation with the encryption module of a router after receiving the key negotiation starting request, two parties of the key negotiation judge whether to complete Security Access according to port Security policy configuration, and if the judgment is passed, the two parties enter a Device maintenance stage;
step S2, channel establishment and parameter negotiation, specifically including:
the network management initiates a channel establishment request to the router, after the router receives the channel establishment request, the network management allocates a management channel security label and an IP address for a channel to be established, and then the network management configures a DSCP channel table according to the management channel security label and configures network card information according to the IP address;
step S3, periodic key update, specifically including:
after the key exceeds the valid time of the key specified by the timer, the DSCP module of the network management initiatively initiates a key updating request to the encryption module of the network management, and sends the key updating request to the DSCP module of the router by using the original key, and the router updates the DSCP channel table after receiving the new key information;
step S4, terminating the protocol, specifically including:
the DSCP module of the network manager triggers the deletion of the DSCP connection information by sending a protocol termination request to the router;
step S5, the maintenance timeout specifically includes:
and the DSCP module of the network manager and the DSCP module of the router maintain the connection validity of the DSCP by sending a device maintenance request, and if the maintenance is overtime, the corresponding item of the DSCP channel table is deleted.
2. The method according to claim 1, wherein the step S1 specifically includes:
step S1.1, the DSCP module of the network management starts a key negotiation process, the encryption module of the network management encapsulates and sends a key negotiation message to the encryption module of the router at the opposite end, and the encryption module of the router carries out key negotiation with the encryption module of the network management after receiving the key negotiation message;
step S1.2, after the network manager and the router finish the link key agreement, the key agreement completion message is informed to the DSCP module key of the network manager;
and S1.3, after receiving the key negotiation completion message, the DSCP module of the network manager judges whether to complete security access according to the port security policy configuration, if the judgment is passed, the DSCP enters the equipment maintenance stage, and if the judgment is failed, a security event is recorded.
3. The method according to claim 2, wherein said step S1 further comprises:
step S1.4, after the access authentication is completed, the DSCP module of the network manager sends a device maintenance request message in a protocol channel, and sends the message to the router after encryption;
and S1.5, when the equipment maintenance request message is received, the encryption module of the router firstly carries out decryption and integrity check, then completes anti-replay processing, and sends a legal equipment maintenance message to the DSCP module of the router.
4. The method according to claim 3, wherein the step S2 specifically includes:
step S2.1, after the access authentication is completed, the network manager sends a channel establishment request message to the router;
step S2.2, after the router receives the channel establishment request, the router distributes a management channel security label and an IP address for the channel to be established, and then sends a channel establishment response message to the network manager;
and S2.3, after receiving the channel establishment response message, the DSCP module of the network manager configures a DSCP channel table of the network manager according to the channel security mark, and configures network card IP and gateway address according to the obtained IP address to complete channel establishment.
5. The method of claim 4, wherein the step S2 further includes:
and S2.4, after the establishment of the channel is completed, when the gateway or the router transmits the message to the other side, the gateway or the router transmits the respective message to be transmitted to the respective DSCP module, the respective DSCP module determines the channel matched with the message to be transmitted in the established channel after receiving the message to be transmitted, performs encapsulation encryption and integrity calculation by using the negotiated secret key, and transmits the message through the matched channel.
6. The method according to claim 1, wherein the step S3 specifically includes:
step S3.1, after the key updating time of the DSCP module of the network management is expired, actively triggering a periodic key updating process, and sending a key negotiation starting message to the encryption module of the network management to trigger a new round of key negotiation;
step S3.2, after the encryption module of the network manager completes the key agreement, the encryption module sends a key agreement completion notice to the DSCP modules of the devices at the two ends;
step S3.3, the DSCP module of the network management updates the DSCP channel table configuration of the network management based on the new key, and sends a key updating request message to the DSCP module of the router by using the original key;
and step S3.4, after receiving the key updating request, the router judges that the opposite communication terminal completes key negotiation, updates the DSCP channel table of the router by using a new key and sends a key updating response message.
7. The method according to claim 1, wherein the step S5 specifically includes:
step S5.1, the DSCP module of the network management and the DSCP module of the router send a device maintenance request to the DSCP module of the opposite terminal device under the trigger of a device maintenance timer to maintain the effectiveness of DSCP connection, and the DSCP module of the network management and the DSCP module of the router return a device maintenance response to the received device maintenance request;
and S5.2, the DSCP module of the network manager and the DSCP module of the router count the receiving of the equipment maintenance response, if the equipment maintenance response is not received within the specified retransmission times of the equipment maintenance request, the equipment maintenance is considered to be failed, the DSCP module of the network manager and the DSCP module of the router delete respective DSCP entries, and send a DSCP connection interruption state notification to authentication decision software.
8. A secure interconnection protocol system for use between a network manager and a router, the system comprising:
the first processing unit is configured to perform access authentication, and specifically includes:
calling a DSCP (Device Security Access Protocol) module of a network manager to send a key negotiation starting request to an encryption module of the network manager, wherein the encryption module of the network manager performs key negotiation with the encryption module of a router after receiving the key negotiation starting request, and two parties of the key negotiation judge whether to complete Security Access according to port Security policy configuration, and enter a Device maintenance stage if the judgment is passed;
the second processing unit is configured to perform channel establishment and parameter negotiation, and specifically includes:
calling the network manager to initiate a channel establishment request to the router, after the router receives the channel establishment request and distributes a management channel security label and an IP address for a channel to be established, the network manager configures a DSCP channel table according to the management channel security label and configures network card information according to the IP address;
the third processing unit is configured to perform periodic key update, and specifically includes:
calling a DSCP module of the network management to actively initiate a key updating request to an encryption module of the network management after a key exceeds the key effective time specified by a timer, sending the key updating request to the DSCP module of the router by using an original key, and updating the DSCP channel table after the router receives new key information;
the fourth processing unit is configured to perform protocol termination, and specifically includes:
calling a DSCP module of the network manager to trigger the deletion of DSCP connection information by sending a protocol termination request to the router;
the fifth processing unit is configured to execute maintenance timeout, and specifically includes:
and calling the DSCP module of the network manager and the DSCP module of the router to maintain the connection effectiveness of the DSCP by sending a device maintenance request, and deleting the corresponding item of the DSCP channel table when the maintenance is overtime.
9. An electronic device, characterized in that the electronic device comprises a memory and a processor, the memory stores a computer program, and the processor implements the steps of a method for secure interconnection protocol between a network manager and a router according to any one of claims 1 to 7 when executing the computer program.
10. A computer-readable storage medium, having stored thereon a computer program which, when being executed by a processor, implements the steps of a method for secure interconnection protocol between a network manager and a router according to any one of claims 1 to 7.
CN202111428148.1A 2021-11-29 2021-11-29 Method and system for safety interconnection protocol between network management and router Active CN113839776B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111428148.1A CN113839776B (en) 2021-11-29 2021-11-29 Method and system for safety interconnection protocol between network management and router

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111428148.1A CN113839776B (en) 2021-11-29 2021-11-29 Method and system for safety interconnection protocol between network management and router

Publications (2)

Publication Number Publication Date
CN113839776A true CN113839776A (en) 2021-12-24
CN113839776B CN113839776B (en) 2022-02-15

Family

ID=78971824

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111428148.1A Active CN113839776B (en) 2021-11-29 2021-11-29 Method and system for safety interconnection protocol between network management and router

Country Status (1)

Country Link
CN (1) CN113839776B (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1581795A (en) * 2003-08-06 2005-02-16 华为技术有限公司 Network management safety authentication method
WO2014183726A1 (en) * 2013-12-10 2014-11-20 中兴通讯股份有限公司 Network management implementation method, network element devices and system
CN105471596A (en) * 2014-08-04 2016-04-06 杭州华三通信技术有限公司 Network management method and network management device
WO2017219886A1 (en) * 2016-06-23 2017-12-28 中兴通讯股份有限公司 Simple network protocol authentication method and device
CN108111352A (en) * 2017-12-26 2018-06-01 迈普通信技术股份有限公司 A kind of Router Security control method, network management platform and system
US20180359255A1 (en) * 2017-06-12 2018-12-13 At&T Intellectual Property I, L.P. On-demand network security system
CN111641639A (en) * 2020-05-28 2020-09-08 深圳供电局有限公司 IPv6 network safety protection system
US20210168125A1 (en) * 2019-11-29 2021-06-03 Sri Ram Kishore Vemulpali Intelligent service layer for separating application from physical networks and extending service layer intelligence over ip across the internet, cloud, and edge networks

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1581795A (en) * 2003-08-06 2005-02-16 华为技术有限公司 Network management safety authentication method
WO2014183726A1 (en) * 2013-12-10 2014-11-20 中兴通讯股份有限公司 Network management implementation method, network element devices and system
CN105471596A (en) * 2014-08-04 2016-04-06 杭州华三通信技术有限公司 Network management method and network management device
WO2017219886A1 (en) * 2016-06-23 2017-12-28 中兴通讯股份有限公司 Simple network protocol authentication method and device
US20180359255A1 (en) * 2017-06-12 2018-12-13 At&T Intellectual Property I, L.P. On-demand network security system
CN108111352A (en) * 2017-12-26 2018-06-01 迈普通信技术股份有限公司 A kind of Router Security control method, network management platform and system
US20210168125A1 (en) * 2019-11-29 2021-06-03 Sri Ram Kishore Vemulpali Intelligent service layer for separating application from physical networks and extending service layer intelligence over ip across the internet, cloud, and edge networks
CN111641639A (en) * 2020-05-28 2020-09-08 深圳供电局有限公司 IPv6 network safety protection system

Also Published As

Publication number Publication date
CN113839776B (en) 2022-02-15

Similar Documents

Publication Publication Date Title
TWI362859B (en)
JP3629237B2 (en) Node device and communication control method
EP1746801A2 (en) Transmission of packet data over a network with a security protocol
US8806608B2 (en) Authentication server and method for controlling mobile communication terminal access to virtual private network
US8370630B2 (en) Client device, mail system, program, and recording medium
JP3987539B2 (en) Session information management method and session information management apparatus
CN108990062B (en) Intelligent security Wi-Fi management method and system
CN107277058B (en) Interface authentication method and system based on BFD protocol
US7694015B2 (en) Connection control system, connection control equipment and connection management equipment
CN113839776B (en) Method and system for safety interconnection protocol between network management and router
CN102624724B (en) Security gateway and method for securely logging in server by gateway
WO2017210914A1 (en) Method and apparatus for transmitting information
CN113839777B (en) Security interconnection protocol method and system for router equipment
CN113839787B (en) Bidirectional authentication local area network security access protocol method and system
KR20150014345A (en) The method for ensuring operation of multiple nodes
KR20230039722A (en) Pre-shared key PSK update method and device
CN109429226B (en) Temporary user certificate generation method, user card, terminal and network equipment
US20080205363A1 (en) Method for operating a VoIP terminal device and a VoIP terminal device
CN114157419B (en) Security routing protocol method and system based on OSPF
CN113839969B (en) Network management protocol method and system for bidirectional authentication
JP7433620B1 (en) Communication method, communication device and computer program
CN115348112B (en) Method for local area network exchange equipment access authentication and trusted networking
CN113839778B (en) Secure virtual connection protocol method and system for access router
CN107733931A (en) Portal authentication method, device and portal server
WO2023241363A1 (en) Communication protection method and system, electronic device, and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant