CN116506142A - Method for realizing security gateway in FC network - Google Patents
Method for realizing security gateway in FC network Download PDFInfo
- Publication number
- CN116506142A CN116506142A CN202211713996.1A CN202211713996A CN116506142A CN 116506142 A CN116506142 A CN 116506142A CN 202211713996 A CN202211713996 A CN 202211713996A CN 116506142 A CN116506142 A CN 116506142A
- Authority
- CN
- China
- Prior art keywords
- node
- security
- data packet
- gateway
- security gateway
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 33
- 238000004891 communication Methods 0.000 claims abstract description 32
- 238000005538 encapsulation Methods 0.000 claims abstract description 9
- 238000012795 verification Methods 0.000 claims description 13
- 238000005516 engineering process Methods 0.000 claims description 12
- 238000013507 mapping Methods 0.000 claims description 12
- 231100000279 safety data Toxicity 0.000 claims description 11
- 238000006243 chemical reaction Methods 0.000 claims description 6
- 230000005540 biological transmission Effects 0.000 description 8
- 238000010586 diagram Methods 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 238000004806 packaging method and process Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000001681 protective effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0485—Networking architectures for enhanced packet encryption processing, e.g. offloading of IPsec packet processing or efficient security association look-up
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/126—Applying verification of the received information the source of the received data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
- H04L63/205—Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Abstract
The invention belongs to the technical field of computer communication, and particularly relates to a method for realizing a security gateway in an FC network. The method comprises the following steps: the service S1 sends an authentication request to a security gateway in the node B; the method comprises the steps that identity authentication is carried out on a security gateway of a node A and a security gateway of a node B, a security policy related to communication is negotiated according to identity information, and under the condition that identity authentication is completed by two parties and the security policy related to communication is negotiated, S1 sends an original IP packet to the security gateway of the node A; the security gateway of the node A completes the ipsec encapsulation of the original IP packet according to the stored security policy to become a security data packet; the security gateway of the node A converts the security data packet into an FC data packet corresponding to an FC-2 layer in the FC network and sends the FC data packet to the security gateway of the node B; the security gateway of the node B converts the received FC data packet into a security data packet; the security gateway of the node B completes the decapsulation of the security data packet according to the stored security policy and forwards the decapsulated original IP packet to the service Q2.
Description
Technical Field
The invention belongs to the technical field of computer communication, and particularly relates to a method for realizing a security gateway in an FC network.
Background
With the development of avionics technology, information interaction between airborne networks is more frequent, and an FC network is a network for information interaction between the current airborne services. The traditional FC network is mainly oriented to data transmission communication, when FC network nodes communicate, the two parties of communication cannot confirm the identities of each other, in the data packet transmission process, safety protection treatment is not carried out, the data packet is easy to steal and tamper by an attacker, and tampered malicious data packets possibly damage the nodes, so that the whole FC network is in an unsafe state.
Disclosure of Invention
The invention aims to: the traditional FC communication node cannot complete identity authentication, is easy to be attacked by identity impersonation attack, man-in-the-middle attack, replay attack and the like, does not take protective measures in the data transmission process, is easy to be stolen and tampered by an attacker, and can enable the whole FC network to be in an unsafe state. The ipsec technology is a common identity authentication and information security transmission technology at present, but cannot be directly applied to an FC network due to different protocols between an Ethernet and the FC communication network, and in order to solve the problems, a security gateway implementation method in the FC network needs to be provided.
The technical scheme is as follows:
a method for implementing a security gateway in an FC network, when a service S1 of a node a needs to communicate to a node B service Q2, the method comprising:
step one: the service S1 calls a security gateway interface in the node A to send an authentication request to a security gateway in the node B;
step two: the security gateways of the node A and the node B carry out identity authentication, and negotiate out a security policy related to communication according to the identity information, and the security gateways of the node A and the node B both store the security policy;
step three: under the condition that the two parties finish identity authentication and negotiate a communication related security policy, S1 sends an original IP packet to a security gateway of a node A;
step four: the security gateway of the node A completes the ipsec encapsulation of the original IP packet according to the stored security policy to become a security data packet;
step five: the security gateway of the node A converts the security data packet into an FC data packet corresponding to an FC-2 layer in the FC network and sends the FC data packet to the security gateway of the node B;
step six: after receiving the FC data packet, the security gateway of the node B converts the FC data packet into a security data packet;
step seven: the security gateway of the node B completes the unpacking of the security data packet according to the stored security policy;
step eight: the security gateway of the node B forwards the decapsulated original IP packet to the service Q2.
Further, in the second step, the security gateway of the node a and the node B perform identity authentication, which specifically includes:
the node A security gateway sends a node A digital certificate and signature information generated according to the node A digital certificate to the node B security gateway;
after the node B security gateway receives the information, the node B security gateway performs signature verification operation on the signature information by using the digital certificate of the node A, and the legitimacy of the identity of the node A is determined according to the signature verification result;
after the identity verification of A passes, the node B gateway sends the digital certificate and signature information of the node B to the node A gateway;
after the node A security gateway receives the information, the node A security gateway performs signature verification operation on the signature information by using the digital certificate of the node B, and the legitimacy of the identity of the node B is determined according to the signature verification result;
the digital certificates used by the node A and the node B gateway are generated by the CA node and preset in the respective security gateway.
Further, in the second step, a security policy related to communication is negotiated according to the identity information, which specifically includes:
key exchange: after the identity authentication is successful, the node A gateway generates a random number N1, encrypts the random number by using a public key in the node B gateway digital certificate and sends the encrypted random number to the node B security gateway; the node B security gateway generates a random number N2 after receiving the random number, encrypts the random number N2 by using a public key in a node A gateway digital certificate and sends the encrypted random number N2 to the node A gateway, and the node B security gateway negotiates a session key by using a key negotiation algorithm after both gateways acquire the random number N1 and the random number N2;
security policy negotiation: the node A sends a security policy used by the node A and a random number N3 to the security gateway of the node B, wherein the security policy comprises an encryption algorithm, an authentication algorithm, a key negotiation algorithm and a key length which are encapsulated and used next by the ipsec; the node B security gateway matches the security policy received by the node A with the security policy stored by the self security gateway, and sends the common security policy and the random number N4 to the node A security gateway under the condition that the common security policy exists; the security policy is protected by session key encryption in the negotiation process.
Further, after obtaining the common security policy, the method further comprises: and negotiating an encryption key and an authentication key according to the random number N3 and the random number N4.
Further, the fourth step specifically includes:
step 4-1: selection of a security policy: mapping the IP address of the opposite-end gateway and the stored security policy, firstly obtaining the security policy according to the mapping, judging whether the security policy is outdated, discarding and restarting identity authentication if the security policy is outdated, and using the security policy if the security policy is not outdated;
step 4-2: and (3) encrypting the data packet: encrypting the original IP packet by adopting an encryption algorithm in the security policy and the negotiated encryption key, and encrypting the whole original IP packet to obtain an encrypted data packet;
step 4-3: authentication data generation: generating data packet authentication information by adopting an authentication algorithm in a security policy and the negotiated authentication key, generating HMAC data, and filling the HMAC data to the end of an encrypted data packet to obtain an authentication data packet;
step 4-4: generating a safety data packet: generating the packet head of the safety data packet according to the information of the original IP packet and the information of the authentication data packet, wherein the load of the safety data packet consists of the authentication data packet.
Further, the fifth step specifically includes:
conversion is performed by using the IP Over FC technology: firstly, the node A obtains a forwarding PORT corresponding to the IP address of a destination end according to an IP address lookup table of a security data packet, if the mapping does not exist, the security gateway sends an FC_ARP request to an FC network, updates a gateway mapping table after obtaining an entry, completes the encapsulation of the FC data packet according to the obtained PORT_ID, and takes the whole security data packet as the load of the FC data packet during encapsulation.
Further, the sixth step specifically includes:
unpacking the FC-2 layer data packet, and removing the packet head of the data packet to obtain the safety data packet information.
Further, step seven specifically includes:
step 7-1: security policy selection: selecting corresponding security policy information according to the IP address of the sender;
step 7-2: and (3) checking the integrity of the data packet: removing the packet head of the security data packet to obtain an authentication data packet; removing HMAC data in the authentication data packet to obtain an encrypted data packet; comparing the HMAC value of the encrypted data packet generated according to the authentication algorithm in the security policy with the HMAC value of the authentication data packet, if the HMAC value is different, directly discarding the data packet, and turning to the same step 7-3;
step 7-3: and decrypting the encrypted data packet by using a secret key contained in the security policy to obtain an original IP packet.
The beneficial technical effects are as follows:
aiming at the information security problem faced by the communication of multiple embedded nodes through the FC network, the invention realizes the secure communication of data between nodes by a method of realizing a proxy gateway based on the ipsec technology, thereby improving the security of the FC network.
Drawings
FIG. 1 is a schematic diagram of a system architecture according to the present invention.
Detailed Description
The invention provides a design method of a security gateway in an FC network. The method realizes the security gateway through the ipsec technology and the ip packet and FC data packet conversion technology. Aiming at the problem that node communication in an FC network cannot provide identity authentication and information encryption, the security of the FC network communication is ensured on the premise of realizing stable transmission of a system by the aid of the identity authentication and encryption technology in the ipsec technology. Aiming at the problem that the ipsec data packet cannot be transmitted in the FC network, the type conversion from the ipsec packet to the FC-2 layer data packet is realized. The system applied by the method is an FC network communication system consisting of a plurality of embedded nodes in a platform, wherein the communication nodes comprise uniform security gateways, each node is provided with a plurality of services, the security gateways realize an ipsec technical protocol stack, the security gateways comprise identity authentication information, communication states, encryption and decryption calls and the like, and meanwhile, the security gateways comprise data packet conversion after the ipsec encapsulation is finished, and the ip packet is converted into a data packet of an FC-2 layer; when the FC node service communicates, the security gateway proxy completes the identity authentication and data receiving and transmitting functions between services.
The present invention will be described in detail below with reference to the accompanying drawings.
A method for realizing a security gateway in an FC network comprises the steps that an applied system is an FC network communication system composed of a plurality of embedded nodes in a platform, the security communication of data between nodes is realized by a method for realizing a proxy gateway based on the ipsec technology, the communication data is encapsulated and converted, and the communication data is sent through the FC network, so that the security of FC network information transmission is improved.
A method for realizing a security gateway in an FC network is provided, and a network architecture diagram of the method is shown in figure 1. The method is applied to data communication in the FC network. The system consists of communication nodes and an FC network. Each communication node comprises a security gateway which is responsible for identity authentication and information security transmission between the nodes. The security gateway stores the identity information of both communication parties and the communication strategy, and is responsible for converting between the ipsec data packet and the FC network data packet.
When the node a service S1 needs to communicate with the node B service Q2, the following steps are performed:
step one: the service S1 calls a security gateway interface in the node A to send an authentication request to a security gateway in the node B, and the step II is transferred.
Step two: the security gateways of the node A and the node B carry out identity authentication, and negotiate out a security policy related to communication according to the identity information, and the security gateways of the node A and the node B both store the security policy; the second step can be specifically divided into the following steps:
step 2-1: and the identity authentication part is used for sending the digital certificate of the node A and signature information generated according to the digital certificate to the node B by the security gateway of the node A. And after the node B gateway receives the information, performing signature verification operation on the signature information by using the digital certificate, and determining the legitimacy of the identity of the node A according to a signature verification result. After the validity verification is passed, the node B gateway sends the digital certificate and signature information to the node A gateway. The node A gateway completes the identity authentication of the node B gateway through the same steps. The digital certificates used by the node A and the node B gateway are generated by the CA node and preset in the security gateway.
Step 2-2: and the node B generates a random number N2 after receiving the random number, encrypts the random number by using the public key in the digital certificate of the node A gateway, sends the random number to the node A gateway, and negotiates a session key by using a key negotiation algorithm after both gateways acquire the random number N1 and the random number N2.
Step 2-3: security policy negotiation: the node A sends a security policy used by the node A and a random number N3 to the security gateway of the node B, wherein the security policy comprises an encryption algorithm, an authentication algorithm, a key negotiation algorithm and a key length which are encapsulated and used next by the ipsec; the node B security gateway matches the security policy received by the node A with the security policy stored by the self security gateway, and sends the common security policy and the random number N4 to the node A security gateway under the condition that the common security policy exists; the security policy is protected by session key encryption in the negotiation process.
Step three: under the condition that the two parties finish identity authentication and negotiate a communication related security policy, S1 sends an original IP packet to a security gateway, and the step four is performed.
Step four: and the security gateway completes the ipsec encapsulation of the original IP packet according to the stored security policy to become a security data packet, and the step five is shifted.
The fourth step specifically comprises:
step 4-1: security policy selection since the security gateway maintains security policies among all gateways that complete identity authentication with themselves, the security policies need to be selected before transmission. In the implementation process, mapping the IP address of the opposite-end gateway and the stored security policy, firstly obtaining the security policy according to the mapping when sending, judging whether the security policy is outdated, discarding if the security policy exceeds a preset time threshold, and turning to the second step to restart identity authentication. If not, the security policy is used.
Step 4-2: and encrypting the data packet, namely encrypting the original IP packet by adopting an encryption algorithm in the security policy and the negotiated encryption key, and encrypting the whole original IP packet to obtain an encrypted data packet.
Step 4-3: generating authentication data, namely generating data packet authentication information by adopting an authentication algorithm in a security policy and the negotiated authentication key, generating HMAC data, and filling the HMAC data to the tail end of an encrypted data packet to obtain an authentication data packet.
Step 4-4: generating a safety data packet: generating the packet head of the safety data packet according to the information of the original IP packet and the information of the authentication data packet, wherein the load of the safety data packet consists of the authentication data packet. Step five: the security gateway of the node A converts the security data packet into an FC data packet corresponding to the FC-2 layer in the FC network and sends the FC data packet to the security gateway of the node B. The IP Over FC technology is adopted for conversion, firstly, a forwarding PORT corresponding to the IP address of a destination end is obtained according to an IP address lookup table, if the mapping does not exist, a security gateway sends an FC_ARP request to an FC network, the gateway mapping table is updated after the table entry is obtained, the packaging of the FC data packet is completed according to the obtained PORT_ID, and the whole security data packet is used as the load of the FC data packet during packaging. .
Step six: after receiving the FC data packet, the security gateway of the node B converts the FC data packet into a security data packet: unpacking the FC-2 layer data packet, removing the packet head of the data packet, and obtaining the safe data packet information.
Step seven: and the security gateway of the node B completes the decapsulation of the security data packet according to the stored security policy, and the step eight is shifted.
The seventh step specifically comprises:
step 7-1: and selecting the security policy, namely selecting corresponding security policy information according to the IP address of the sender.
Step 7-2: and (3) checking the integrity of the data packet: removing the packet head of the security data packet to obtain an authentication data packet; removing HMAC data in the authentication data packet to obtain an encrypted data packet; and (3) comparing the HMAC value of the encrypted data packet generated according to the authentication algorithm in the security policy with the HMAC value of the authentication data packet, if the HMAC value is different, directly discarding the data packet, and turning to the same step 7-3.
Step 7-3: and decrypting the encrypted data packet by using a secret key contained in the security policy to obtain an original IP packet.
Step eight: the security gateway of the node B forwards the decapsulated original IP packet to the service Q2.
Claims (8)
1. A method for implementing a security gateway in an FC network, wherein when a service S1 of a node a needs to communicate with a node B service Q2, the method comprises:
step one: the service S1 calls a security gateway interface in the node A to send an authentication request to a security gateway in the node B;
step two: the security gateways of the node A and the node B carry out identity authentication, and negotiate out a security policy related to communication according to the identity information, and the security gateways of the node A and the node B both store the security policy;
step three: under the condition that the two parties finish identity authentication and negotiate a communication related security policy, S1 sends an original IP packet to a security gateway of a node A;
step four: the security gateway of the node A completes the ipsec encapsulation of the original IP packet according to the stored security policy to become a security data packet;
step five: the security gateway of the node A converts the security data packet into an FC data packet corresponding to an FC-2 layer in the FC network and sends the FC data packet to the security gateway of the node B;
step six: after receiving the FC data packet, the security gateway of the node B converts the FC data packet into a security data packet;
step seven: the security gateway of the node B completes the unpacking of the security data packet according to the stored security policy;
step eight: the security gateway of the node B forwards the decapsulated original IP packet to the service Q2.
2. The method for implementing a security gateway in an FC network according to claim 1, wherein in the second step, the security gateway of the node a and the security gateway of the node B perform identity authentication, specifically including:
the node A security gateway sends a node A digital certificate and signature information generated according to the node A digital certificate to the node B security gateway;
after the node B security gateway receives the information, the node B security gateway performs signature verification operation on the signature information by using the digital certificate of the node A, and the legitimacy of the identity of the node A is determined according to the signature verification result;
after the identity verification of A passes, the node B gateway sends the digital certificate and signature information of the node B to the node A gateway;
after the node A security gateway receives the information, the node A security gateway performs signature verification operation on the signature information by using the digital certificate of the node B, and the legitimacy of the identity of the node B is determined according to the signature verification result;
the digital certificates used by the node A and the node B gateway are generated by the CA node and preset in the respective security gateway.
3. The method for implementing a security gateway in an FC network according to claim 1, wherein in step two, a security policy related to communication is negotiated according to identity information, specifically including:
key exchange: after the identity authentication is successful, the node A gateway generates a random number N1, encrypts the random number by using a public key in the node B gateway digital certificate and sends the encrypted random number to the node B security gateway; the node B security gateway generates a random number N2 after receiving the random number, encrypts the random number N2 by using a public key in a node A gateway digital certificate and sends the encrypted random number N2 to the node A gateway, and the node B security gateway negotiates a session key by using a key negotiation algorithm after both gateways acquire the random number N1 and the random number N2;
security policy negotiation: the node A sends a security policy used by the node A and a random number N3 to the security gateway of the node B, wherein the security policy comprises an encryption algorithm, an authentication algorithm, a key negotiation algorithm and a key length which are encapsulated and used next by the ipsec; the node B security gateway matches the security policy received by the node A with the security policy stored by the self security gateway, and sends the common security policy and the random number N4 to the node A security gateway under the condition that the common security policy exists; the security policy is protected by session key encryption in the negotiation process.
4. A method of implementing a security gateway in an FC network according to claim 3, wherein after obtaining a common security policy, the method further comprises: and negotiating an encryption key and an authentication key according to the random number N3 and the random number N4.
5. The method for implementing a security gateway in an FC network according to claim 3, wherein step four specifically comprises:
step 4-1: selection of a security policy: mapping the IP address of the opposite-end gateway and the stored security policy, firstly obtaining the security policy according to the mapping, judging whether the security policy is outdated, discarding and restarting identity authentication if the security policy is outdated, and using the security policy if the security policy is not outdated;
step 4-2: and (3) encrypting the data packet: encrypting the original IP packet by adopting an encryption algorithm in the security policy and the negotiated encryption key, and encrypting the whole original IP packet to obtain an encrypted data packet;
step 4-3: authentication data generation: generating data packet authentication information by adopting an authentication algorithm in a security policy and the negotiated authentication key, generating HMAC data, and filling the HMAC data to the end of an encrypted data packet to obtain an authentication data packet;
step 4-4: generating a safety data packet: generating the packet head of the safety data packet according to the information of the original IP packet and the information of the authentication data packet, wherein the load of the safety data packet consists of the authentication data packet.
6. The method for implementing a security gateway in an FC network according to claim 5, wherein step five specifically comprises:
conversion is performed by using the IP Over FC technology: firstly, the node A obtains a forwarding PORT corresponding to the IP address of a destination end according to an IP address lookup table of a security data packet, if the mapping does not exist, the security gateway sends an FC_ARP request to an FC network, updates a gateway mapping table after obtaining an entry, completes the encapsulation of the FC data packet according to the obtained PORT_ID, and takes the whole security data packet as the load of the FC data packet during encapsulation.
7. A method for implementing a security gateway in an FC network according to claim 3, wherein step six specifically comprises:
unpacking the FC-2 layer data packet, and removing the packet head of the data packet to obtain the safety data packet information.
8. A method for implementing a security gateway in an FC network according to claim 3, wherein step seven specifically comprises:
step 7-1: security policy selection: selecting corresponding security policy information according to the IP address of the sender;
step 7-2: and (3) checking the integrity of the data packet: removing the packet head of the security data packet to obtain an authentication data packet; removing HMAC data in the authentication data packet to obtain an encrypted data packet; comparing the HMAC value of the encrypted data packet generated according to the authentication algorithm in the security policy with the HMAC value of the authentication data packet, if the HMAC value is different, directly discarding the data packet, and turning to the same step 7-3;
step 7-3: and decrypting the encrypted data packet by using a secret key contained in the security policy to obtain an original IP packet.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211713996.1A CN116506142A (en) | 2022-12-29 | 2022-12-29 | Method for realizing security gateway in FC network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211713996.1A CN116506142A (en) | 2022-12-29 | 2022-12-29 | Method for realizing security gateway in FC network |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116506142A true CN116506142A (en) | 2023-07-28 |
Family
ID=87327251
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211713996.1A Pending CN116506142A (en) | 2022-12-29 | 2022-12-29 | Method for realizing security gateway in FC network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116506142A (en) |
-
2022
- 2022-12-29 CN CN202211713996.1A patent/CN116506142A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US6976177B2 (en) | Virtual private networks | |
| US8984268B2 (en) | Encrypted record transmission | |
| JP3783142B2 (en) | Communication system, communication device, communication method, and communication program for realizing the same | |
| US20080307110A1 (en) | Conditional BGP advertising for dynamic group VPN (DGVPN) clients | |
| US20090210699A1 (en) | Method and apparatus for secure network enclaves | |
| JP2002247047A (en) | Session shared key sharing method, radio terminal authenticating method, radio terminal and base station device | |
| WO2009082889A1 (en) | A method for internet key exchange negotiation and device, system thereof | |
| WO2007041918A1 (en) | Method and system for obtaining ssh host key of managed device | |
| CN113904809B (en) | Communication method, device, electronic equipment and storage medium | |
| CN115567210A (en) | Method and system for realizing zero trust access by quantum key distribution | |
| CN115567205A (en) | Method and system for realizing encryption and decryption of network session data stream by quantum key distribution | |
| WO2009082950A1 (en) | Key distribution method, device and system | |
| CN115001686A (en) | Global quantum security device and system | |
| CN115459912A (en) | Communication encryption method and system based on quantum key centralized management | |
| CN110430221A (en) | A kind of NDP-ESP network security method based on Neighbor Discovery Protocol | |
| Mosko et al. | Mobile sessions in content-centric networks | |
| US20070055870A1 (en) | Process for secure communication over a wireless network, related network and computer program product | |
| CN114614984B (en) | Time-sensitive network secure communication method based on cryptographic algorithm | |
| CN113746861B (en) | Data transmission encryption and decryption method and encryption and decryption system based on national encryption technology | |
| CN114039812B (en) | Data transmission channel establishment method, device, computer equipment and storage medium | |
| CN115733683A (en) | Method for realizing Ethernet link self-organizing encryption tunnel by adopting quantum key distribution | |
| CN116506142A (en) | Method for realizing security gateway in FC network | |
| KR20230039722A (en) | Pre-shared key PSK update method and device | |
| CN112954679B (en) | DH algorithm-based LoRa terminal secure access method | |
| US11343089B2 (en) | Cryptography system and method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |