CN117375859A - Information transmission method and device, storage medium and electronic device - Google Patents
Information transmission method and device, storage medium and electronic device Download PDFInfo
- Publication number
- CN117375859A CN117375859A CN202210753855.6A CN202210753855A CN117375859A CN 117375859 A CN117375859 A CN 117375859A CN 202210753855 A CN202210753855 A CN 202210753855A CN 117375859 A CN117375859 A CN 117375859A
- Authority
- CN
- China
- Prior art keywords
- target
- information
- key chain
- server
- communication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000005540 biological transmission Effects 0.000 title claims abstract description 63
- 238000000034 method Methods 0.000 title claims abstract description 59
- 238000004891 communication Methods 0.000 claims abstract description 171
- 238000004590 computer program Methods 0.000 claims description 16
- 238000012795 verification Methods 0.000 claims description 14
- 230000008859 change Effects 0.000 claims description 9
- 238000004806 packaging method and process Methods 0.000 claims description 2
- 230000006870 function Effects 0.000 description 14
- 238000010586 diagram Methods 0.000 description 7
- 238000012545 processing Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 2
- 230000007613 environmental effect Effects 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000006872 improvement Effects 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000026676 system process Effects 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention provides an information transmission method and device, a storage medium and an electronic device, comprising the following steps: obtaining message information to be encrypted sent by a server; obtaining key chain parameters matched with a target communication link through a key chain application module, wherein the key chain application module is configured in a communication module of a target linux system, and the target communication link is a communication link established between a server and a target router; encrypting the message information by utilizing key chain parameters in a key chain application module to obtain first encrypted information; the first encryption information is transmitted to the target router over the target communication link. Therefore, the technical problem of low information transmission safety in the linux system is solved.
Description
Technical Field
The embodiment of the invention relates to the field of communication, in particular to an information transmission method and device, a storage medium and an electronic device.
Background
In SDN controller age, the controller needs to respond to network state change and send a path to the router, and try to ensure that the service is not interrupted, wherein the network state change is mainly provided by a BGP server, the BGP server keeps communication with the router, and the controller is informed of which changes occur in the network state according to information reported by the router; the path issuing function is mainly provided by a PCEP server, the PCEP server sends the path information calculated by the controller to a router, and the router forwards the service message according to the latest path. The transmission security of BGP, PCEP server and router is critical to the correctness of service.
In the traditional deployment scenario, BGP and PCEP servers are deployed directly to Linux servers, which do not support keychain functions, so that although routers support keychain functions, BGP and PCEP servers still cannot use keychain functions to realize secure transmission. That is, the existing method for transmitting information in the linux system has the technical problem of low information transmission safety.
In view of the above problems, no effective solution has been proposed at present
Disclosure of Invention
The embodiment of the invention provides an information transmission method and device, a storage medium and an electronic device, which are used for at least solving the problem of lower information transmission safety in a linux system in the related technology.
According to an embodiment of the present invention, there is provided an information transmission method including: obtaining message information to be encrypted sent by a server; obtaining key chain parameters matched with a target communication link through a key chain application module, wherein the key chain application module is configured in a communication module of a target linux system, and the target communication link is a communication link established between the server and a target router; encrypting the message information by using the key chain parameter in the key chain application module to obtain first encrypted information; transmitting the first encryption information to the target router through the target communication link.
According to another embodiment of the present invention, there is provided another information transmission method including: the method comprises the steps that key chain parameters determined from a pre-configured key chain parameter set are sent to a communication module in a target linux system through a server installed in the target linux system; and transmitting message information to be encrypted to the communication module, so that the communication module sends first encrypted information obtained by encrypting the message information to a target router through a target communication link, wherein the first encrypted information is obtained by encrypting the message information by a key chain application module configured in the communication module by using the key chain parameter, and the key chain parameter is matched with the target communication link.
According to still another embodiment of the present invention, there is provided an information transmission apparatus including: the first acquisition unit is used for acquiring message information to be encrypted, which is sent by the server; the second acquisition unit is used for acquiring key chain parameters matched with a target communication link through a key chain application module, wherein the key chain application module is configured in a communication module of a target linux system, and the target communication link is a communication link established between the server and a target router; the encryption unit is used for encrypting the message information by utilizing the key chain parameters in the key chain application module to obtain first encrypted information; and the transmission unit is used for transmitting the first encryption information to the target router through the target communication link.
According to still another embodiment of the present invention, there is provided another information transmission apparatus including: the transmission unit is used for transmitting the key chain parameters determined from the pre-configured key chain parameter set to the communication module in the target linux system through a server installed in the target linux system; the transmission unit is used for transmitting message information to be encrypted to the communication module, so that the communication module sends first encrypted information obtained after the message information is encrypted to a target router through a target communication link, wherein the first encrypted information is obtained by encrypting the message information by a key chain application module configured in the communication module through the key chain parameter, and the key chain parameter is matched with the target communication link.
According to a further embodiment of the invention, there is also provided a computer readable storage medium having stored therein a computer program, wherein the computer program is arranged to perform the steps of any of the method embodiments described above when run.
According to a further embodiment of the invention, there is also provided an electronic device comprising a memory having stored therein a computer program and a processor arranged to run the computer program to perform the steps of any of the method embodiments described above.
According to the embodiment of the invention, the message information to be encrypted, which is sent by the server, is obtained; obtaining key chain parameters matched with a target communication link through a key chain application module, wherein the key chain application module is configured in a communication module of a target linux system, and the target communication link is a communication link established between the server and a target router; encrypting the message information by using the key chain parameter in the key chain application module to obtain first encrypted information; and transmitting the first encryption information to the target router through the target communication link, so that the problem of low information transmission safety in the linux system is solved.
Drawings
FIG. 1 is a schematic diagram of a computer terminal structure according to an embodiment of the present invention;
fig. 2 is a flowchart of an information transmission method according to an embodiment of the present invention;
fig. 3 is an environmental schematic diagram of an information transmission method according to an embodiment of the present invention;
FIG. 4 is a flow chart of an environment configuration method according to another embodiment of the present invention;
fig. 5 is a timing diagram of an information transmission method according to an embodiment of the present invention;
fig. 6 is a schematic structural view of an information transmission apparatus according to an embodiment of the present invention;
fig. 7 is a schematic structural diagram of an information transmission apparatus according to another embodiment of the present invention.
Detailed Description
Embodiments of the present invention will be described in detail below with reference to the accompanying drawings in conjunction with the embodiments.
It should be noted that the terms "first," "second," and the like in the description and the claims of the present invention and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order.
First, terms related to the present application will be described:
PCEP server: the PCEP is a network transport protocol, and the PCEP server communicates with the router using the PCEP protocol, sends instructions to the router, or the router reports the network conditions to the PCEP server.
SDN: software define network, software defined networking.
SDN controller: and the controller is used for realizing SDN and dynamically modifying the network by acquiring the network state.
And (3) a management and control system: the gateway and the SDN controller are combined to jointly manage the control network, so that SDN is realized.
keychain: a key chain comprising a number of keys and an encryption algorithm.
dock vessel: a system operating based on the docker container technology.
kubernetes: an open source system for automatically deploying, expanding and managing containerized applications. It combines the containers that make up the application into a logical unit to facilitate management and service discovery.
kubernetes IP address: the kubernetes system presents an IP address to the external network.
Linux operating system: linux is a UNIX-like operating system of free and open source code.
TCP/IP module: the Linux operating system is a module specially used for creating and maintaining TCP links.
socket: a handle or identity of a TCP link.
The method embodiments provided in the embodiments of the present application may be performed in a mobile terminal, a computer terminal or similar computing device. Taking the operation on a computer terminal as an example, fig. 1 is a block diagram of a hardware structure of a computer terminal operated by an information transmission method according to an embodiment of the present invention. As shown in fig. 1, the computer terminal may include one or more (only one is shown in fig. 1) processors 102 (the processor 102 may include, but is not limited to, a microprocessor MCU or a processing device such as a programmable logic device FPGA) and a memory 104 for storing data, wherein the computer terminal may further include a transmission device 106 for communication functions and an input-output device 108. It will be appreciated by those skilled in the art that the configuration shown in fig. 1 is merely illustrative and is not intended to limit the configuration of the computer terminal described above. For example, the computer terminal may also include more or fewer components than shown in FIG. 1, or have a different configuration than shown in FIG. 1.
The memory 104 may be used to store a computer program, for example, a software program of application software and a module, such as a computer program corresponding to an information transmission method in an embodiment of the present invention, and the processor 102 executes the computer program stored in the memory 104 to perform various functional applications and data processing, that is, implement the above-mentioned method. Memory 104 may include high-speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some examples, the memory 104 may further include memory remotely located with respect to the processor 102, which may be linked to the mobile terminal through a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The transmission means 106 is arranged to receive or transmit data via a network. Specific examples of the network described above may include a wireless network provided by a communication provider of a computer terminal. In one example, the transmission device 106 includes a network adapter (Network Interface Controller, simply referred to as NIC) that can communicate with the internet by linking with other network devices through a base station. In one example, the transmission device 106 may be a Radio Frequency (RF) module, which is used to communicate with the internet wirelessly.
In this embodiment, an information transmission method is provided, which may be implemented by a communication module in a linux system, and fig. 2 is a flowchart of an information transmission method according to an embodiment of the present invention, as shown in fig. 2, where the flowchart includes the following steps:
step S202, obtaining message information to be encrypted sent by a server;
as an alternative, the server may be one of BGP or PCEP servers running in the linux system. It should be noted that, in the age of SDN controller, the controller needs to respond to the network state change, issue a path to the router, and try to ensure that the service is not interrupted, where the network state change is mainly provided by a BGP server, the BGP server keeps communication with the router, and notifies the controller of which changes occur in the network state according to the information reported by the router; the path issuing function is mainly provided by a PCEP server, the PCEP server sends the path information calculated by the controller to a router, and the router forwards the service message according to the latest path.
In the foregoing embodiment of the present application, a communication module in the linux system may be used as an execution body to obtain the message information to be encrypted by the BGP or PCEP server.
Step S204, obtaining key chain parameters matched with a target communication link through a key chain application module, wherein the key chain application module is configured in a communication module of a target linux system, and the target communication link is a communication link established between a server and a target router;
step S206, encrypting the message information by utilizing the key chain parameter in the key chain application module to obtain first encrypted information;
step S208, transmitting the first encryption information to the target router through the target communication link.
In one exemplary embodiment, a kubernetes environment is running in the target linux system, and a key chain configuration module is configured in a server deployed in the kubernetes environment, where the key chain configuration module is configured to obtain a key chain parameter set, and the server includes a first server for detecting a network state change and a second server for calculating an information transmission path.
As shown in fig. 3, an environmental schematic diagram of an alternative information transmission method in the present embodiment is described. As an optional manner, the key chain application module may be a keychain application module, configured in a TCP/IP module in the linux system, and configured to store a keychain parameter and a virtual IP address of kubernetes bound to a certain TCP link, and perform special processing on the link bound with the keychain parameter, for example, when sending a message, adding an encryption field according to the keychain parameter and the kubernetes IP address, and when receiving the message, performing authentication according to the keychain parameter and the kubernetes IP address. Wherein the encryption algorithm is an encryption algorithm already supported by the Linux operating system.
As shown in fig. 3, the first server and the second server (i.e., the PCEP server and the BGP server in the figure) may be configured with a key chain configuration module, where the key chain configuration module may be a keychain configuration module, and its functions are: the user needs to configure the keychain parameter and the kubernetes IP address in the browser, and the keychain configuration module provides a configuration interface and stores configuration. When the BGP and PCEP servers establish links with the router, the keychain configuration module sets keychain parameters and IP addresses of kubernetes to a keychain application module in a TCP/IP module of the Linux operating system.
The environment in which the above-described method may be performed is further described below in conjunction with fig. 3. As shown in fig. 3, the linux system processes a message to be sent through a TCP/IP module, and communicates with a router outside the system through a NAT gateway. In a specific embodiment, the linux system shown in fig. 3 may be operated with a kubernetes environment, and the linux system operated with the kubernetes environment is further preconfigured with a PCEP server and a BGP server. The user may further configure the PCEP server and BGP server through a browser, e.g., configure the keychain parameters in the PCEP server and BGP server. The PCEP server and the BGP server can establish communication with the router only through TCP/IP modules in the linux system, wherein the TCP/IP modules provided with the keychain application module are used for encrypting messages issued by the PCEP server and the BGP server by utilizing keychain parameters, assembling the encrypted messages, and sending the encrypted messages to the router.
In an exemplary embodiment, before the obtaining the message information sent by the server, the method further includes receiving a link identifier of the target communication link sent by the server and a key chain parameter configured for the target route in advance; binding the key chain parameter and the link identification.
In an exemplary embodiment, before the obtaining the message information sent by the server, the method further includes: configuring a key chain application module in a communication module of the initial linux system to obtain a target linux system; installing kubernetes environment in the target linux system; a first server for detecting network state change and a second server for calculating an information transmission path are deployed in a kubernetes environment, wherein key chain parameter sets are configured in the first server and the second server, and the servers comprise the first server and the second server.
An environment configuration method of the present application is described below with reference to fig. 4:
s402, installing a linux operating system supporting a keychain function;
s404, kubernetes are installed;
s406, installing BGP and PCEP servers;
it can be understood that this step may be performed when the managed version is installed, or BGP and PCEP may be installed separately. The BGP and PCEP servers integrate a keychain configuration module and provide a configuration interface for co-users to configure all parameters.
S408, configuring key parameters and kubernetes IP addresses on BGP and PCEP servers;
it should be noted that, since BGP and PCEP servers may connect to one or more routers, and the keychain parameters bound by these routers may be the same or different, the keychain configuration module on BGP and PCEP servers supports setting default keychain parameters and supporting setting keychain parameters of a certain router. The kubernetes IP address is an external network IP address of the kubernetes environment.
S410, configuring a keychain parameter on a router;
one or more key-type hain parameters of the router can be configured on the network manager, or the key-type hain parameters can be configured on the router, and then the network manager is triggered to synchronously configure from the router.
S412, configuring router parameters on BGP and PCEP servers;
and configuring a router set to which BGP and PCEP servers can be connected. In configuring a router, it may be set whether the router uses a keychain function.
S414, the BGP, PCEP server and router conduct encryption transmission based on the key-type parameters.
It can be understood that before the information transmission starts, determining whether to use the keychain function, if the keychain function is used, and if the user configures the keychain parameter bound by the router in S408, then performing encrypted transmission by using the bound keychain parameter; if the user does not configure the key-in parameter for the router in S408, the encrypted transmission is performed using the default key-in parameter. If it is determined before the transmission starts that the keychain function is not used, normal TCP/IP communication is performed.
As an alternative, the method may further provide a user interface, where the user needs to configure the keychain parameter, the kubernetes IP address, whether the router starts the keychain function, and the keychain parameter bound by the router on the gateway interface or a similar network management tool. The user can also set default keychain parameters, and certain routers are selected in batches to bind the default keychain parameters, so that user operation is reduced.
In an exemplary embodiment, encrypting, in the keychain application module, the message information by using the keychain parameter, to obtain first encrypted information includes: encrypting the message information based on the key chain parameter to obtain an encrypted field; and acquiring a message header and message content of the message information, and packaging the message header, the message content and the encryption field into first encryption information.
In an exemplary embodiment, after the sending the first encrypted information to the target router through the target communication link, the method further includes: obtaining second encryption information sent by a target router through a target communication link, wherein the second encryption information is encryption information obtained by encrypting message information to be transmitted to a server by the target router by utilizing key chain parameters; performing security verification on the second encrypted information based on the key chain parameter; transmitting the second encryption information to the server if the verification is passed; in case of authentication failure, the second encryption information is discarded.
In an exemplary embodiment, the encrypting, in the key chain application module, the message information by using the key chain parameter to obtain first encrypted information further includes: acquiring a first communication address configured for a target linux system, wherein the first communication address is a virtual address corresponding to a kubernetes environment pre-configured in the target linux system; replacing a second communication address in the message information by using the first communication address to obtain reference message information, wherein the second communication address is a communication address of a server; encrypting the content of the reference message in the reference message information based on the key chain parameter to obtain a reference encryption field; and forming first encryption information by the reference message header, the reference message content and the reference encryption field in the reference message information.
In an exemplary embodiment, after the sending the first encrypted information to the target router through the target communication link, the method further includes: the method comprises the steps of obtaining third encryption information sent by a target router through a target communication link, wherein the third encryption information is encryption information obtained by encrypting message information to be transmitted to a server by the target router through key chain parameters, and a communication address carried in the third encryption information is a first communication address; based on key chain parameters and carrying out security verification on the three encrypted information; under the condition that the verification is passed, replacing the first communication address in the third encrypted information with the second communication address, and sending the third encrypted information to the server; in the case of authentication failure, the third encryption information is discarded.
In the above embodiment of the present invention, the message information to be encrypted sent by the server is obtained; obtaining key chain parameters matched with a target communication link through a key chain application module, wherein the key chain application module is configured in a communication module of a target linux system, and the target communication link is a communication link established between a server and a target router; encrypting the message information by utilizing key chain parameters in a key chain application module to obtain first encrypted information; the first encryption information is transmitted to the target router over the target communication link. Therefore, the technical problem of low information transmission safety in the linux system is solved.
In this embodiment, another information transmission method is provided, which may be implemented by the PCEP server or BGP server in fig. 3, and includes: the method comprises the steps that key chain parameters determined from a pre-configured key chain parameter set are sent to a communication module in a target linux system through a server installed in the target linux system; and transmitting the message information to be encrypted to the communication module, so that the communication module transmits first encrypted information obtained by encrypting the message information to the target router through a target communication link, wherein the first encrypted information is obtained by encrypting the message information by a key chain application module configured in the communication module through key chain parameters, and the key chain parameters are matched with the target communication link.
In an exemplary embodiment, before the above-mentioned key chain parameter determined from the pre-configured key chain parameter set is sent to the communication module in the target linux system, the method further includes: and searching key chain parameters matched with the target router in the key chain parameter set, wherein a plurality of router identifications and a plurality of key chain parameters which are respectively preconfigured are stored in the key chain parameter set.
In one exemplary embodiment, further comprising: transmitting a link establishment request to the communication module to establish a target communication link between the server and the target router through the communication module; and under the condition that the establishment of the target communication link is successful, acquiring a link identification matched with the target communication link.
In one exemplary embodiment, further comprising: the method comprises the steps that a kubernetes environment is operated in a target linux system, a key chain configuration module is configured in a server deployed in the kubernetes environment, the key chain configuration module is used for acquiring a key chain parameter set, and the server comprises a first server used for detecting network state change and a second server used for calculating an information transmission path.
In an exemplary embodiment, after the sending the message information to be encrypted to the communication module to send the first encrypted information to the target router through the target communication link, the method further includes: and obtaining second encryption information sent by the communication module, wherein the second encryption information is obtained by encrypting message information to be transmitted to the server by the target router by utilizing key chain parameters, and the second encryption information passes the security verification of the communication module.
In an exemplary embodiment, the transmitting the message information to be encrypted to the communication module further includes: and sending a first communication address configured for the target linux system to the communication module so as to send encryption information based on the first communication address through the communication module, wherein the first communication address is a virtual address corresponding to a kubernetes environment pre-configured in the target linux system.
In an exemplary embodiment, after the sending the message information to be encrypted to the communication module, the method further includes: and acquiring third encrypted information sent by the communication module, wherein the third encrypted information is encrypted information passing through security verification, and a communication address carried in the third encrypted information is a second communication address, and the second communication address is a communication address of the server.
In order to facilitate understanding of the technical solutions provided by the present invention, the following detailed description will be made with reference to embodiments of specific scenarios.
The specific work coordination flow of each module of the present application is described with reference to the timing chart of the information transmission method shown in fig. 5:
step S502 to step S506, the user configures default keychain parameters and kubernetes IP addresses on the BGP or PCEP server, adds the configuration of the router A (including the keychain parameters), and triggers the BGP or PCEP server to actively build links to the router A;
next, as shown in steps S508 to S512, the BGP or PCEP server tries to establish a TCP link with the router a, and the TCP/IP module of the Linux operating system requests to establish a TCP link with the router a through the gateway of kubernetes according to the IP address of the router a. After successful link establishment, the TCP/IP module returns a linked socket to the BGP or PCEP server;
step S514 and step S516, the key-type configuration module in the server finds that the key-type parameter is already bound by the router A, configures the key-type parameter and the kubernetes IP address bound by the router A to the key-type application module through the socket, and binds the key-type parameter and the kubernetes IP address to the socket;
in step S518, the BGP or PCEP server invokes the TCP/IP module according to the protocol, and sends the message to each other based on the socket and the router a. When the TCP/IP module sends a message to the router A by using a socket, the keychain application module adds an encryption field to the message according to the keychain parameter and the kubernetes IP address bound by the socket.
In step S520 to step S524, when receiving the message, the router a uses the encryption field to perform security authentication, if the authentication is passed, replies the message to the BGP or PCEP server, and if the authentication is not passed, discards the message. Similarly, router a will also add an encryption field when sending a message to BGP or PCEP servers. When the TCP/IP module of the BGP or PCEP server receives the encrypted message on the socket, the keychain application module carries out security authentication on the message according to the keychain parameter and the kubernetes IP address bound by the socket. If the authentication is passed, the TCP/IP module gives the message to the BGP or PCEP server for processing, and if the authentication is not passed, the message is discarded.
Through the implementation mode of the application, the message information to be encrypted, which is sent by the server, is obtained; obtaining key chain parameters matched with a target communication link through a key chain application module, wherein the key chain application module is configured in a communication module of a target linux system, and the target communication link is a communication link established between a server and a target router; encrypting the message information by utilizing key chain parameters in a key chain application module to obtain first encrypted information; the first encryption information is transmitted to the target router over the target communication link. The keychain safety transmission based on kubernetes is realized, the communication safety can be improved, the safety problem is avoided, the service is prevented from being attacked and interrupted, and the technical problem of lower safety of information transmission in a linux system is solved.
From the description of the above embodiments, it will be clear to a person skilled in the art that the method according to the above embodiments may be implemented by means of software plus the necessary general hardware platform, but of course also by means of hardware, but in many cases the former is a preferred embodiment. Based on such understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art in the form of a software product stored in a storage medium (e.g. ROM/RAM, magnetic disk, optical disk) comprising instructions for causing a terminal device (which may be a mobile phone, a computer, a server, or a network device, etc.) to perform the method according to the embodiments of the present invention.
In this embodiment, an information transmission device is further provided, and the device is used to implement the foregoing embodiments and preferred embodiments, and will not be described in detail. As used below, the term "module" may be a combination of software and/or hardware that implements a predetermined function. While the means described in the following embodiments are preferably implemented in software, implementation in hardware, or a combination of software and hardware, is also possible and contemplated.
Fig. 6 is a schematic structural diagram of an information transmission apparatus according to an embodiment of the present invention, and as shown in fig. 6, the information transmission apparatus includes a first acquisition unit 602, a second acquisition unit 604, an encryption unit 606, and a transmission unit 608.
A first obtaining unit 602, configured to obtain message information to be encrypted sent by a server;
a second obtaining unit 604, configured to obtain, by using a key chain application module, a key chain parameter that is matched with a target communication link, where the key chain application module is configured in a communication module of the target linux system, and the target communication link is a communication link established between a server and a target router;
the encryption unit 606 is configured to encrypt the message information in the key chain application module by using the key chain parameter to obtain first encrypted information;
a transmission unit 608 for transmitting the first encryption information to the target router via the target communication link.
Fig. 7 is a schematic structural view of an information transmission apparatus according to another embodiment of the present invention, which includes a transmitting unit 702 and a transmitting unit 704 as shown in fig. 7.
A sending unit 702, configured to send, through a server installed in the target linux system, a key chain parameter determined from a preset key chain parameter set to a communication module in the target linux system;
and a transmission unit 704, configured to transmit the message information to be encrypted to the communication module, so that the communication module sends first encrypted information obtained by encrypting the message information to the target router through the target communication link, where the first encrypted information is obtained by encrypting the message information by using a key chain parameter by a key chain application module configured in the communication module, and the key chain parameter is matched with the target communication link.
It should be noted that each of the above modules may be implemented by software or hardware, and for the latter, it may be implemented by, but not limited to: the modules are all located in the same processor; alternatively, the above modules may be located in different processors in any combination.
Embodiments of the present invention also provide a computer readable storage medium having a computer program stored therein, wherein the computer program is arranged to perform the steps of any of the method embodiments described above when run.
In one exemplary embodiment, the computer readable storage medium may include, but is not limited to: a usb disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), a removable hard disk, a magnetic disk, or an optical disk, or other various media capable of storing a computer program.
An embodiment of the invention also provides an electronic device comprising a memory having stored therein a computer program and a processor arranged to run the computer program to perform the steps of any of the method embodiments described above.
In an exemplary embodiment, the electronic apparatus may further include a transmission device and an input-output device, wherein the transmission device is linked with the processor, and the input-output device is linked with the processor.
Specific examples in this embodiment may refer to the examples described in the foregoing embodiments and the exemplary implementation, and this embodiment is not described herein.
It will be appreciated by those skilled in the art that the modules or steps of the invention described above may be implemented in a general purpose computing device, they may be concentrated on a single computing device, or distributed across a network of computing devices, they may be implemented in program code executable by computing devices, so that they may be stored in a storage device for execution by computing devices, and in some cases, the steps shown or described may be performed in a different order than that shown or described herein, or they may be separately fabricated into individual integrated circuit modules, or multiple modules or steps of them may be fabricated into a single integrated circuit module. Thus, the present invention is not limited to any specific combination of hardware and software.
The above description is only of the preferred embodiments of the present invention and is not intended to limit the present invention, but various modifications and variations can be made to the present invention by those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the principle of the present invention should be included in the protection scope of the present invention.
Claims (18)
1. An information transmission method, comprising:
obtaining message information to be encrypted sent by a server;
obtaining key chain parameters matched with a target communication link through a key chain application module, wherein the key chain application module is configured in a communication module of a target linux system, and the target communication link is a communication link established between the server and a target router;
encrypting the message information by using the key chain parameter in the key chain application module to obtain first encrypted information;
transmitting the first encryption information to the target router through the target communication link.
2. The method according to claim 1, wherein before the step of obtaining the message information sent by the server, the method further comprises:
receiving a link identifier of the target communication link sent by the server and the key chain parameter configured for the target route in advance;
binding the key chain parameter and the link identification.
3. The method according to claim 2, wherein a kubernetes environment is running in the target linux system, and a key chain configuration module is configured in a server deployed in the kubernetes environment, wherein the key chain configuration module is configured to obtain the key chain parameter set, and the server includes a first server for detecting a network state change and a second server for calculating an information transmission path.
4. The method according to claim 1, wherein encrypting the message information in the keychain application module using the keychain parameter to obtain first encrypted information includes:
encrypting the message information based on the key chain parameter to obtain an encryption field;
and acquiring a message header and message content of the message information, and packaging the message header, the message content and the encryption field into the first encryption information.
5. The method of claim 1, wherein after the sending the first encrypted information to the target router over the target communication link, further comprises:
acquiring second encryption information sent by the target router through the target communication link, wherein the second encryption information is encryption information obtained by encrypting message information to be transmitted to the server by the target router by utilizing the key chain parameter;
performing security verification on the second encryption information based on the key chain parameter;
transmitting the second encryption information to the server in case of verification passing;
and discarding the second encryption information in case of verification failure.
6. The method of claim 1, wherein the encrypting the message information in the keychain application module using the keychain parameter obtains first encrypted information, further comprising:
acquiring a first communication address configured for the target linux system, wherein the first communication address is a virtual address corresponding to a kubernetes environment which is pre-configured in the target linux system;
replacing a second communication address in the message information by using the first communication address to obtain reference message information, wherein the second communication address is the communication address of the server;
encrypting the content of the reference message in the reference message information based on the key chain parameter to obtain a reference encryption field;
and forming the first encryption information by the reference message header, the reference message content and the reference encryption field in the reference message information.
7. The method of claim 6, further comprising, after the sending the first encrypted information to the target router over the target communication link:
acquiring third encryption information sent by the target router through the target communication link, wherein the third encryption information is obtained by encrypting message information to be transmitted to the server by the target router through the key chain parameter, and a communication address carried in the third encryption information is the first communication address;
performing security verification on the three encrypted information based on the key chain parameters;
replacing the first communication address in the third encryption information with the second communication address and sending the third encryption information to the server under the condition that verification is passed;
and discarding the third encryption information in case of verification failure.
8. An information transmission method, comprising:
the method comprises the steps that key chain parameters determined from a pre-configured key chain parameter set are sent to a communication module in a target linux system through a server installed in the target linux system;
and transmitting message information to be encrypted to the communication module, so that the communication module sends first encrypted information obtained by encrypting the message information to a target router through a target communication link, wherein the first encrypted information is obtained by encrypting the message information by a key chain application module configured in the communication module by using the key chain parameter, and the key chain parameter is matched with the target communication link.
9. The method of claim 8, further comprising, prior to said sending the keychain parameters determined from the pre-configured keychain parameter set to the communication module in the target linux system:
and searching the key chain parameters matched with the target router in the key chain parameter set, wherein a plurality of router identifications and a plurality of key chain parameters which are respectively preconfigured are stored in the key chain parameter set.
10. The method as recited in claim 9, further comprising:
transmitting a link establishment request to the communication module to establish the target communication link between the server and the target router through the communication module;
and under the condition that the establishment of the target communication link is successful, acquiring a link identification matched with the target communication link.
11. The method of claim 9, wherein a kubernetes environment is running within the target linux system, and a keychain configuration module is configured in a server deployed within the kubernetes environment, wherein the keychain configuration module is configured to obtain the keychain parameter set, and the server includes a first server for detecting a network state change and a second server for calculating an information transmission path.
12. The method of claim 8, wherein after sending the message information to be encrypted to the communication module to send the first encrypted information to the target router via the target communication link, further comprising:
and obtaining second encryption information sent by the communication module, wherein the second encryption information is obtained by encrypting message information to be transmitted to the server by the target router through the key chain parameter, and the second encryption information passes the security verification of the communication module.
13. The method of claim 8, wherein transmitting the message information to be encrypted to the communication module further comprises:
and sending a first communication address configured for the target linux system currently to the communication module so as to send the encryption information based on the first communication address through the communication module, wherein the first communication address is a virtual address corresponding to a kubernetes environment which is configured in the target linux system in advance.
14. The method according to claim 13, further comprising, after the sending the message information to be encrypted to the communication module:
and acquiring third encryption information sent by the communication module, wherein the third encryption information is encryption information passing through security verification, and a communication address carried in the third encryption information is a second communication address, and the second communication address is the communication address of the server.
15. An information transmission apparatus, comprising:
the first acquisition unit is used for acquiring message information to be encrypted, which is sent by the server;
the second acquisition unit is used for acquiring key chain parameters matched with a target communication link through a key chain application module, wherein the key chain application module is configured in a communication module of a target linux system, and the target communication link is a communication link established between the server and a target router;
the encryption unit is used for encrypting the message information by utilizing the key chain parameters in the key chain application module to obtain first encrypted information;
and the transmission unit is used for transmitting the first encryption information to the target router through the target communication link.
16. An information transmission apparatus, comprising:
the transmission unit is used for transmitting the key chain parameters determined from the pre-configured key chain parameter set to the communication module in the target linux system through a server installed in the target linux system;
the transmission unit is used for transmitting message information to be encrypted to the communication module, so that the communication module sends first encrypted information obtained after the message information is encrypted to a target router through a target communication link, wherein the first encrypted information is obtained by encrypting the message information by a key chain application module configured in the communication module through the key chain parameter, and the key chain parameter is matched with the target communication link.
17. A computer readable storage medium, characterized in that a computer program is stored in the computer readable storage medium, wherein the computer program, when being executed by a processor, implements the steps of the method as claimed in any one of claims 1 to 7 or 8 to 14.
18. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the steps of the method of any one of claims 1 to 7 or 8 to 14 when the computer program is executed.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210753855.6A CN117375859A (en) | 2022-06-29 | 2022-06-29 | Information transmission method and device, storage medium and electronic device |
| PCT/CN2023/076264 WO2024001212A1 (en) | 2022-06-29 | 2023-02-15 | Information transmission method and apparatus, and storage medium and electronic apparatus |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210753855.6A CN117375859A (en) | 2022-06-29 | 2022-06-29 | Information transmission method and device, storage medium and electronic device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117375859A true CN117375859A (en) | 2024-01-09 |
Family
ID=89383950
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210753855.6A Pending CN117375859A (en) | 2022-06-29 | 2022-06-29 | Information transmission method and device, storage medium and electronic device |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN117375859A (en) |
| WO (1) | WO2024001212A1 (en) |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| GB2415064B (en) * | 2004-06-10 | 2008-01-09 | Symbian Software Ltd | Computing device with a process-based keystore and method for operating a computing device |
| US10356087B1 (en) * | 2016-08-26 | 2019-07-16 | Intelligent Waves Llc | System, method and computer program product for credential provisioning in a mobile device platform |
| CN106778322A (en) * | 2016-11-15 | 2017-05-31 | 平安科技(深圳)有限公司 | A kind of data managing method and terminal based on Keychain |
| IL299314A (en) * | 2020-06-26 | 2023-02-01 | Urugus S A | Anonymous, authenticated and private satellite tasking system |
-
2022
- 2022-06-29 CN CN202210753855.6A patent/CN117375859A/en active Pending
-
2023
- 2023-02-15 WO PCT/CN2023/076264 patent/WO2024001212A1/en unknown
Also Published As
| Publication number | Publication date |
|---|---|
| WO2024001212A1 (en) | 2024-01-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10951429B2 (en) | Server initiated remote device registration | |
| KR102047197B1 (en) | Discovering Wide Area Services for the Internet of Things | |
| CN112020844B (en) | System, function and interface for interconnected multi-domain network fragmentation control and management | |
| CN106878199B (en) | Configuration method and device of access information | |
| CN105430059A (en) | Smart client routing | |
| US11223989B2 (en) | Method for managing handover roaming | |
| CN111786867B (en) | Data transmission method and server | |
| KR102382894B1 (en) | Apparatus and method for managing events in communication system | |
| CN103179100A (en) | Method and device for preventing the attack on a domain name system tunnel | |
| CN104917605A (en) | Key negotiation method and device during terminal device switching | |
| US10367720B2 (en) | Method for obtaining a powerline communication route | |
| WO2021057802A1 (en) | Das system management method and device, electronic device, and storage medium | |
| US10177973B2 (en) | Communication apparatus, communication method, and communication system | |
| CN114615080B (en) | Remote communication method and device for industrial equipment and equipment | |
| CN112583639A (en) | Configuration method and device of network equipment | |
| CN111435947A (en) | Electronic message control | |
| US11343744B2 (en) | Method for managing handover roaming | |
| Almheiri et al. | IoT Protocols–MQTT versus CoAP | |
| US9942823B2 (en) | Communication terminal, communication method, and communication program | |
| CN117375859A (en) | Information transmission method and device, storage medium and electronic device | |
| CN110336793A (en) | A kind of Intranet access method and relevant apparatus | |
| CN113824789B (en) | Configuration method, device, equipment and storage medium of access descriptor | |
| CN110351721A (en) | Access method and device, the storage medium, electronic device of network slice | |
| CN108259292B (en) | Method and device for establishing tunnel | |
| US20170019845A1 (en) | Communication terminal, communication method, and program-containing storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication |