CN101640690A - Method and system for guaranteeing network security as well as DHCP server and client - Google Patents

Method and system for guaranteeing network security as well as DHCP server and client Download PDF

Info

Publication number
CN101640690A
CN101640690A CN200910189903A CN200910189903A CN101640690A CN 101640690 A CN101640690 A CN 101640690A CN 200910189903 A CN200910189903 A CN 200910189903A CN 200910189903 A CN200910189903 A CN 200910189903A CN 101640690 A CN101640690 A CN 101640690A
Authority
CN
China
Prior art keywords
client
dhcp
encryption
request message
service end
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN200910189903A
Other languages
Chinese (zh)
Other versions
CN101640690B (en
Inventor
方遒
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CN2009101899038A priority Critical patent/CN101640690B/en
Publication of CN101640690A publication Critical patent/CN101640690A/en
Application granted granted Critical
Publication of CN101640690B publication Critical patent/CN101640690B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Small-Scale Networks (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a method for guaranteeing network security. The method comprises the following steps: receiving a dynamic host configuration protocol (DHCP) request message sent by a client; encrypting the DHCP request message by the client according to encryption and decryption pre-share information configured between a server and the client, wherein the DHCP request message comprises anunencrypted media access control (MAC) address of the client; acquiring the encryption and decryption pre-share information configured between the server and the client according to the unencrypted MAC address of the client in the DHCP request message; and decrypting the DHCP request message according to the encryption and decryption pre-share information to acquire the clear text of the DHCP request message. The embodiment of the invention also discloses a system for guaranteeing the network security as well as the DHCP server and the client, and can guarantee the security of an automatic IPaddresses configuring process by adopting a DHCP technology.

Description

The method that guarantees network security, system and DHCP service end and client
Technical field
The present invention relates to the communication technology, the method that particularly guarantees network security, system and DHCP service end and client.
Background technology
DHCP (Dynamic Host Configuration Protocol, DHCP) is one and is the automatic configuration of IP of main frame (Internet Protocol, Internet protocol) agreement of address, adopt CLIENT-SERVER (client-service end) mode to realize, based on the application on UDP (User DatagramProtocol, the User Datagram Protoco (UDP)) layer, udp port number employing well-known port number encapsulation, CLIENT uses 68, and SERVER uses 67.
In the electrifying startup process of base station, if it is not right not dispose local terminal and upper level network element IP address (including but not limited to base station controller, core net or network management system) or IP address configuration, then can't set up maintenance channel, and then start after downloading correct software version with upper level network element.At this moment, adopt the DHCP technology, the base station is as DHCP CLIENT, upper level network element is as DHCP SERVER (perhaps having special DHCP SERVER server), DHCP CLIENT is to DHCP SERVER application IP address, then can set up the maintenance channel between base station and the upper level network element, and then start after downloading correct software version.
In research process of the present invention, the inventor finds the safety guarantee in the present networks, and such as IPsec (internet safety) agreement, the IP address of clear and definite opposite end can begin to hold consultation, thereby safety guarantee is carried out in the transmission of IP network earlier.And when the electrifying startup of base station, if configuration file not to or do not have under the situation of configuration file, address unknown for the IP of opposite end really, then the safety guarantee in the present networks can't cover and adopt the DHCP technology to carry out the automatic layoutprocedure of IP address.
Summary of the invention
In view of this, the embodiment of the invention provides a kind of method that guarantees network security, system and DHCP service end and client, so that the process that adopts the DHCP technology to carry out the automatic configuration in IP address is carried out safety guarantee.
The embodiment of the invention provides a kind of method that guarantees network security, and comprises
Receive the dynamic host configuration protocol DHCP request message that client sends, described DHCP request message is encrypted according to the shared in advance information of the encryption and decryption that disposes between service end and the client through client, and described DHCP request message comprises the media access control MAC address of the client of not encrypted;
Share information in advance according to the encryption and decryption that the MAC Address of the client of the not encrypted that comprises in the described DHCP request message obtains to dispose between server end and the client;
Share information in advance according to described encryption and decryption described DHCP request message is decrypted, obtain the plaintext of described DHCP request message.
The embodiment of the invention also provides a kind of method that guarantees network security, and comprises
Sharing information in advance according to the encryption and decryption that disposes between service end and the client encrypts the DHCP request message;
According to the DHCP request message through encrypting, structure comprises the DHCP request message of client mac address;
Send through the DHCP request message encrypting and comprise client mac address to service end.
The embodiment of the invention also provides a kind of DHCP service end, comprising:
The service end receiving element is used to receive the DHCP request message that client sends; Described DHCP request message is encrypted according to the shared in advance information of the encryption and decryption that disposes between service end and the client through client, and the DHCP request message comprises the media access control MAC address of the client of not encrypted;
Service end encryption and decryption information acquisition unit is used for the encryption and decryption that the MAC Address of the client of the not encrypted that comprises according to the DHCP request message that described receiving element receives obtains to dispose between service end and the client and shares information in advance;
Service end decrypting device, the encryption and decryption that is used for obtaining according to described service end encryption and decryption information acquisition unit are shared information in advance described DHCP request message are decrypted, and obtain the plaintext of described DHCP request message.
The embodiment of the invention also provides a kind of dhcp client, it is characterized in that, comprises
The client encrypt unit is used for sharing information in advance according to the encryption and decryption that disposes between service end and the client DHCP request message is encrypted;
The client structural unit is used for according to the DHCP request message through the encryption of described client encrypt unit, and structure comprises the DHCP request message of the MAC Address of client;
The client transmitting element, be used to send described client structural unit structure through the DHCP request message of MAC Address encrypting and comprise client to service end.
The embodiment of the invention also provides a kind of system that guarantees network security, and comprises DHCP service end and the dhcp client described among the above embodiment.
The method that guarantees network security, system and the DHCP service end, the dhcp client that utilize in the embodiment of the invention to be provided, adopt the DHCP technology to obtain in the process of IP address, Client is with under communicating by letter of Server is in the protection of network security, the stifled leak of having gone up the IP safety approach in dhcp process when Client starts, avoided the assailant can change message in the DHCP reciprocal process, cause Client can't normally obtain the IP address, thereby Client can't normally start; Perhaps, the assailant can eavesdrop message, obtains IP address allocated, and the Client that disguises oneself as communicates by letter with Server, and the lighter Client can't normally start, weight person even can attack problems such as Server.
Description of drawings
Fig. 1 is the general reciprocal process of DHCP Client-Server;
Fig. 2 is the method flow diagram that guarantees network security that the embodiment of the invention provides;
Fig. 3 is the method flow diagram that guarantees network security that another embodiment of the present invention provides;
Fig. 4 is the method flow diagram that guarantees network security that another embodiment of the present invention provides;
Fig. 5 is the method flow diagram that guarantees network security that another embodiment of the present invention provides;
Fig. 6 is the method flow diagram that guarantees network security that another embodiment of the present invention provides;
Fig. 7 is the DHCP service end schematic diagram that another embodiment of the present invention provides;
Fig. 8 is the DHCP service end schematic diagram that another embodiment of the present invention provides;
Fig. 9 is the DHCP service end schematic diagram that another embodiment of the present invention provides;
Figure 10 is the dhcp client schematic diagram that another embodiment of the present invention provides;
Figure 11 is the dhcp client schematic diagram that another embodiment of the present invention provides.
Embodiment
The embodiment of the invention provides the method that guarantees network security, device and system, this method, device and system can be applied to various mobile networks, comprise GSM (Global System for Mobilecommunications, global system for mobile communications), WCDMA (Wideband Code DivisionMultiple Access, Wideband Code Division Multiple Access (WCDMA)), TD-SCDMA (Time Division-Synchronous CodeDivision Multiple Access, TD SDMA) and LTE (Long Time Evolution, Long Term Evolution) etc. among the various mobile networks, can also be applied to the network element of any deployment DHCP Server and DHCPClient, main frame or server.The process that adopts methods, devices and systems that guarantee network security that the embodiment of the invention provides to adopt the DHCP technology to carry out the automatic configuration of IP address when base station initiated is carried out safety guarantee.
Fig. 1 is the general reciprocal process of DHCP Client-Server, comprising:
Step 1:Client sends out DHCP DISCOVER message to Server, is used to find DHCP Server server.
Step 2:Server returns DHCP OFFER message to Client, is used to represent that Server has been found that.
Step 3:Client sends out DHCP REQUEST message to Server, is used to ask the IP address of this machine, and Server is Client distributing IP address according to place, the IP address network segment of oneself.
Step 4:Server returns the DHCPACK message to Client, is used to distribute the IP address of Client.
Client obtains IP address entrained in the DHCP ACK message after receiving the DHCP ACK message that Server returns, and enters the continuity state.If Client has noted the network address of using last time, and also wishes to re-use this address when application IP addresses, DHCP REQUEST and DHCP ACK process can be omitted.
At DHCP reciprocal process as shown in Figure 1, the embodiment of the invention provides a kind of method that guarantees network security, and as shown in Figure 2, comprises step:
101, receive the dynamic host configuration protocol DHCP request message that client sends;
Wherein, the DHCP request message is encrypted according to the shared in advance information of the encryption and decryption that disposes between service end and the client through client, and the DHCP request message comprises the media access control MAC address of the client of not encrypted;
Should be pointed out that the DHCP request message among all embodiment of the present invention can be for being used to find the message of DHCP Server, as DHCP DISCOVER message, also can be for the message of the IP address that is used to ask this machine, as DHCP REQUEST message.
102, share information in advance according to the encryption and decryption that the MAC Address of the client of the not encrypted that comprises in the DHCP request message obtains to dispose between service end and the client;
103, share information in advance according to described encryption and decryption described DHCP request message is decrypted, obtain the plaintext of DHCP request message.
According to the method that guarantees network security that the embodiment of the invention provides, under can making Client and communicating by letter of Server being in the protection of network security, avoided adopting the DHCP technology to obtain in the process of IP address and eavesdropped, intercept and capture, perhaps attack.
Based on embodiment as shown in Figure 2, the method that guarantees network security that another embodiment of the present invention provides also comprises step as shown in Figure 3
104, after the plaintext that obtains the DHCP request message, structure dhcp response message, and share information in advance according to the encryption and decryption that disposes between Server that is obtained and the Client dhcp response message is encrypted;
105, the dhcp response message after transmission is encrypted is to Client, so that Client shares information in advance according to the encryption and decryption that disposes between Server and the Client, the dhcp response message after encrypting is decrypted, and obtains the plaintext of dhcp response message.
Should be pointed out that among all embodiment of the present invention that if the DHCP request message is the message that is used to find DHCPServer, as DHCP DISCOVER message, the dhcp response message can be the message that is used to represent that Server has been found that, as DHCP OFFER message; If the DHCP request message is the message that is used to ask the IP address of this machine, as DHCP REQUEST message, the dhcp response message can be for being used to distribute the IP address message of Client, as DHCPACK message.
Based on embodiment as shown in Figure 2, the method that guarantees network security that another embodiment of the present invention provides as shown in Figure 4, comprise step 100, the encryption and decryption that the MAC Address of the Client of the not encrypted that comprises in according to the DHCP request message obtains to dispose between Server and the Client is shared before the information in advance, also comprises: the MAC Address of pre-stored Client and encryption and decryption are shared the corresponding relation between the information in advance.
The encryption and decryption that disposes between Server among all embodiment of the present invention and the Client is shared the encapsulation mode that information can comprise message in advance, enciphering and deciphering algorithm, identifying algorithm and key, in addition, if the encapsulation mode of message is a tunnel mode, encryption and decryption is shared the IP head that information also comprises the tunnel in advance.
At DHCP reciprocal process as shown in Figure 1, another embodiment of the present invention provides a kind of method that guarantees network security, and as shown in Figure 5, comprises step:
201, share information in advance according to the encryption and decryption that disposes between Server and the Client DHCP request message is encrypted;
202, according to the DHCP request message through encrypting, structure comprises the DHCP request message of the MAC Address of Client;
203, the DHCP request message that sends the MAC Address of passing through encryption and comprising Client is to Server.
According to the method that guarantees network security that the embodiment of the invention provides, under can making Client and communicating by letter of Server being in the protection of network security, avoided adopting the DHCP technology to obtain in the process of IP address and eavesdropped, intercept and capture, perhaps attack.
Based on embodiment as shown in Figure 5, the method that guarantees network security that another embodiment of the present invention provides also comprises step as shown in Figure 6:
204, receive the dhcp response message that Server sends;
Wherein, the dhcp response message is for sharing dhcp response message after information is encrypted through Server in advance according to the encryption and decryption that disposes between Server and the Client, and the encryption and decryption that disposes between Server and the Client is shared information in advance, and to be Server obtain through encrypting and comprise the Client MAC Address that the DHCP request message of Client MAC Address comprised according to described;
205, share information in advance according to the encryption and decryption that disposes between Server and the Client, the dhcp response message that receives is decrypted, obtain the plaintext of dhcp response message.
When above method embodiment was applied to base station and upper level network element, wherein, the base station was as Client, and upper level network element comprises as Server:
Before the electrifying startup of base station, dispose encryption and decryption respectively and share information in advance in base station and upper level network element, comprise encapsulation mode, enciphering and deciphering algorithm, identifying algorithm and key, if encapsulation mode is a tunnel mode, encryption and decryption is shared the IP head that information also comprises the tunnel in advance.In upper level network element, set up base station MAC address and the pre-information incidence relation of sharing.
The base station sends the DHCP request message, during as DHCP DISCOVER or DHCP REQUEST, shares information in advance according to encryption and decryption and finishes encryption to whole message.
Upper level network element receives the DHCP request message, as DHCP DISCOVER or DHCPREQUEST, according to the source end MAC Address in the DHCP request message, the i.e. MAC Address of base station, get access to encryption and decryption and share information in advance, the DHCP request message is decrypted and obtains expressly.
After upper level network element is received the DHCP request message, structure dhcp response message, as DHCP OFFER or DHCP ACK message, and according to the source end MAC Address in the DHCP request message, it is the MAC Address of base station, the encryption and decryption that obtains is shared information in advance, the dhcp response message is encrypted, and the dhcp response message is issued the base station.
Information is shared in advance according to encryption and decryption in the base station, the dhcp response message is decrypted obtain expressly, and obtains information such as local terminal IP address that upper level network element returns and upper level network element IP address from DHCP ACK message.
In follow-up operation, the base station can be used the IP address that acquires to carry out IKE (secret key exchange agreement protocol) and be consulted, and then follow-up interaction flow is carried out IPsec encrypt.
The method of utilizing in the embodiment of the invention to be provided that guarantees network security, the process that begins to communicate by letter with upper level network element from the base station electrifying startup just is under the protection of network security, the stifled leak of the IP safety approach in the base station initiated dhcp process, avoided the assailant can change message in the DHCP reciprocal process, cause the base station can't normally obtain the IP address, thereby the base station can't normally start; Perhaps, the assailant can eavesdrop message, obtains IP address allocated, communicates by letter with upper level network element in the base station that disguises oneself as, and the lighter base station can't normally start, weight person even can attack problems such as upper level network element.
Encryption and decryption among all embodiment of the present invention is shared information in advance can carry out the required encryption and decryption information of encryption and decryption for adopting the IPsec agreement, in DHCP reciprocal process, owing to adopt and come index encryption and decryption information at source MAC, SPI value in the IPsec head is exactly not have use value, and the SPI value can extend this as arbitrary value.
As shown in Figure 7, another embodiment of the present invention also provides the DHCP service end, comprising:
Server receiving element 301 is used to receive the DHCP request message that Client sends;
Wherein, the DHCP request message is encrypted according to the shared in advance information of the encryption and decryption that disposes between Server and the Client through Client, and the DHCP request message comprises the media access control MAC address of the Client of not encrypted;
Server encryption and decryption information acquisition unit 302 is used for the encryption and decryption that the MAC Address of the Client of the not encrypted that comprises according to the DHCP request message that receiving element 301 receives obtains to dispose between Server and the Client and shares information in advance;
Server decrypting device 303 is used for sharing information in advance according to encryption and decryption the DHCP request message is decrypted, and obtains the plaintext of DHCP request message.
According to the DHCP Server that the embodiment of the invention provides, under can making Client and communicating by letter of Server being in the protection of network security, avoided adopting the DHCP technology to obtain in the process of IP address and eavesdropped, intercept and capture, perhaps attack.
Based on embodiment as shown in Figure 7, the DHCP Server that another embodiment of the present invention provides as shown in Figure 8, also comprises:
Server message structural unit 304 is used to construct the dhcp response message, and shares information in advance according to the encryption and decryption that disposes between Server that is obtained and the Client dhcp response message is encrypted;
Server transmitting element 305, be used to send dhcp response message after the encryption to Client, so that Client shares information in advance according to the encryption and decryption that disposes between Server and the Client, the dhcp response message after encrypting is decrypted, obtain the plaintext of dhcp response message.
Based on embodiment as shown in Figure 7, the DHCP Server that another embodiment of the present invention provides as shown in Figure 9, also comprises:
Server memory cell 306, be used to store the MAC Address of Client and the corresponding relation between the shared in advance information of encryption and decryption, so that the corresponding relation that Server encryption and decryption information acquisition unit 302 is shared between the information in advance according to MAC Address and the encryption and decryption of the Client of storage in the Server memory cell 306 obtains the shared in advance information of required encryption and decryption.
As shown in figure 10, another embodiment of the present invention also provides dhcp client, comprising:
Client ciphering unit 401, the encryption and decryption that is used for disposing between Server and the Client are shared information in advance the DHCP request message are encrypted;
Client structural unit 402 is used for according to the DHCP request message through encrypting, and structure comprises the DHCP request message of the MAC Address of Client;
Client transmitting element 403 is used to send through the DHCP request message of MAC Address encrypting and comprise Client to Server.
According to the DHCP Client that the embodiment of the invention provides, under can making Client and communicating by letter of Server being in the protection of network security, avoided adopting the DHCP technology to obtain in the process of IP address and eavesdropped, intercept and capture, perhaps attack.
Based on dhcp client as shown in figure 10, another embodiment of the present invention also comprises as shown in figure 11:
Client receiving element 404 is used to receive the dhcp response message that Server sends;
Wherein, the dhcp response message is for sharing dhcp response message after information is encrypted through Server in advance according to the encryption and decryption that disposes between Server and the Client, and the encryption and decryption that disposes between Server and the Client is shared information in advance, and to be Server obtain through encrypting and comprise the Client MAC Address that the DHCP request message of Client MAC Address comprised according to described;
Client decrypting device 405 is used for sharing information in advance according to the encryption and decryption that disposes between Server and the Client, and the dhcp response message that receives is decrypted, and obtains the plaintext of dhcp response message.
Another embodiment of the present invention also provides a kind of system that guarantees network security, and this system comprises DHCP service end and the dhcp client described in the above embodiment.
DHCP service end among all embodiment of the present invention can be arranged in mobile network's upper strata network element, and dhcp client can be arranged in the base station of mobile radio network.
The method that guarantees network security, system and the DHCP service end, the dhcp client that utilize in the embodiment of the invention to be provided, adopt the DHCP technology to obtain in the process of IP address, Client is with under communicating by letter of Server is in the protection of network security, the stifled leak of having gone up the IP safety approach in dhcp process when Client starts, avoided the assailant can change message in the DHCP reciprocal process, cause Client can't normally obtain the IP address, thereby Client can't normally start; Perhaps, the assailant can eavesdrop message, obtains IP address allocated, and the Client that disguises oneself as communicates by letter with Server, and the lighter Client can't normally start, weight person even can attack problems such as Server.
One of ordinary skill in the art will appreciate that: all or part of step that realizes said method embodiment can be finished by the relevant hardware of program command, aforementioned program can be stored in the computer read/write memory medium, this program is carried out the step that comprises said method embodiment when carrying out; And aforesaid storage medium comprises: various media that can be program code stored such as ROM, RAM, magnetic disc or CD.
More than disclosed only be several specific embodiment of the present invention, obviously, those skilled in the art can carry out various changes and modification and not break away from the spirit and scope of the present invention the present invention.Like this, if of the present invention these are revised and modification belongs within the scope of claim of the present invention and equivalent technologies thereof, then the present invention also is intended to comprise these changes and modification interior.

Claims (14)

1, a kind of method that guarantees network security is characterized in that, comprises
Receive the dynamic host configuration protocol DHCP request message that client sends, described DHCP request message is encrypted according to the shared in advance information of the encryption and decryption that disposes between service end and the client through client, and described DHCP request message comprises the media access control MAC address of the client of not encrypted;
Share information in advance according to the encryption and decryption that the MAC Address of the client of the not encrypted that comprises in the described DHCP request message obtains to dispose between server end and the client;
Share information in advance according to described encryption and decryption described DHCP request message is decrypted, obtain the plaintext of described DHCP request message.
2, the method that guarantees network security as claimed in claim 1 is characterized in that, after the described acquisition expressly, also comprise,
Structure dhcp response message, and after sharing information in advance described dhcp response message encrypted according to the encryption and decryption that disposes between service end that is obtained and the client, send dhcp response message after the described encryption to client, so that client is shared information in advance according to the encryption and decryption that disposes between described service end and the client, dhcp response message after the described encryption is decrypted, obtains the plaintext of described dhcp response message.
3, the method that guarantees network security as claimed in claim 1 is characterized in that, described DHCP request message is specially DHCP DISCOVER message, perhaps DHCP REQUEST message.
4, the method that guarantees network security as claimed in claim 2 is characterized in that,
When described DHCP request message was specially DHCP DISCOVER message, described dhcp response message was a DHCP OFFER message; Perhaps
When described DHCP request message was specially DHCP REQUEST message, described dhcp response message was a DHCP ACK message.
5, the method that guarantees network security as claimed in claim 1, it is characterized in that, the encryption and decryption that the MAC Address of the client of the not encrypted that comprises in according to described DHCP request message obtains to dispose between service end and the client is shared before the information in advance, also comprises: the MAC Address of pre-stored client and encryption and decryption are shared the corresponding relation between the information in advance.
As any described method that guarantees network security of claim 1 to 5, it is characterized in that 6, the encryption and decryption that disposes between described service end and the client is shared encapsulation mode, enciphering and deciphering algorithm, identifying algorithm and the key that information comprises message in advance.
7, the method that guarantees network security as claimed in claim 6 is characterized in that, when the encapsulation mode of described message was tunnel mode, described encryption and decryption was shared the IP head that information also comprises the tunnel in advance.
8, a kind of method that guarantees network security is characterized in that, comprises
Sharing information in advance according to the encryption and decryption that disposes between service end and the client encrypts the DHCP request message;
According to the DHCP request message through encrypting, structure comprises the DHCP request message of client mac address;
Send through the DHCP request message encrypting and comprise client mac address to service end.
9, the method that guarantees network security as claimed in claim 8 is characterized in that, sends through the DHCP request message encrypting and comprise client mac address to after the service end, also comprise,
Receive the dhcp response message that described service end sends, described dhcp response message is for sharing dhcp response message after information is encrypted through described service end in advance according to the encryption and decryption that disposes between described service end and the client, and the encryption and decryption that disposes between described service end and the client is shared information in advance, and to be described service end obtain through encrypting and comprise the client mac address that the DHCP request message of client mac address comprised according to described;
Share information in advance according to the encryption and decryption that disposes between described service end and the client, the dhcp response message that receives is decrypted, obtain the plaintext of described dhcp response message.
10, a kind of DHCP service end is characterized in that, comprising:
The service end receiving element is used to receive the DHCP request message that client sends; Described DHCP request message is encrypted according to the shared in advance information of the encryption and decryption that disposes between service end and the client through client, and the DHCP request message comprises the media access control MAC address of the client of not encrypted;
Service end encryption and decryption information acquisition unit is used for the encryption and decryption that the MAC Address of the client of the not encrypted that comprises according to the DHCP request message that described receiving element receives obtains to dispose between service end and the client and shares information in advance;
Service end decrypting device, the encryption and decryption that is used for obtaining according to described service end encryption and decryption information acquisition unit are shared information in advance described DHCP request message are decrypted, and obtain the plaintext of described DHCP request message.
11, DHCP service end as claimed in claim 10 is characterized in that, also comprises:
Service end message structural unit is used to construct the dhcp response message, and the encryption and decryption that disposes between service end that is obtained according to described service end encryption and decryption information acquisition unit and the client is shared information in advance the dhcp response message is encrypted;
The service end transmitting element, be used to send dhcp response message after the encryption to client, so that client is shared information in advance according to the encryption and decryption that disposes between service end and the client, the dhcp response message after the described encryption is decrypted, obtain the plaintext of dhcp response message.
12, a kind of dhcp client is characterized in that, comprises
The client encrypt unit is used for sharing information in advance according to the encryption and decryption that disposes between service end and the client DHCP request message is encrypted;
The client structural unit is used for according to the DHCP request message through the encryption of described client encrypt unit, and structure comprises the DHCP request message of the MAC Address of client;
The client transmitting element, be used to send described client structural unit structure through the DHCP request message of MAC Address encrypting and comprise client to service end.
13, dhcp client as claimed in claim 12 is characterized in that, also comprises
The client receiving element is used to receive the dhcp response message that service end sends; Described dhcp response message is for sharing dhcp response message after information is encrypted through service end in advance according to the encryption and decryption that disposes between service end and the client, and the encryption and decryption that disposes between service end and the client is shared information in advance, and to be service end obtain through encrypting and comprise the client mac address that the DHCP request message of client mac address comprised according to described;
The client decrypting device is used for sharing information in advance according to the encryption and decryption that disposes between service end and the client, and the dhcp response message that described client receiving element is received is decrypted, and obtains the plaintext of dhcp response message.
14, a kind of system that guarantees network security is characterized in that, comprises as claim 10 or 11 any described DHCP service ends with as claim 12 or 13 any described dhcp clients.
CN2009101899038A 2009-08-27 2009-08-27 Method and system for guaranteeing network security as well as DHCP server and client Active CN101640690B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2009101899038A CN101640690B (en) 2009-08-27 2009-08-27 Method and system for guaranteeing network security as well as DHCP server and client

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2009101899038A CN101640690B (en) 2009-08-27 2009-08-27 Method and system for guaranteeing network security as well as DHCP server and client

Publications (2)

Publication Number Publication Date
CN101640690A true CN101640690A (en) 2010-02-03
CN101640690B CN101640690B (en) 2012-07-04

Family

ID=41615481

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2009101899038A Active CN101640690B (en) 2009-08-27 2009-08-27 Method and system for guaranteeing network security as well as DHCP server and client

Country Status (1)

Country Link
CN (1) CN101640690B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102970301A (en) * 2012-11-29 2013-03-13 无锡华御信息技术有限公司 Server and terminal admission control method and system based on dynamic host configuration protocol (DHCP)
EP2595082A1 (en) * 2011-10-18 2013-05-22 Huawei Device Co., Ltd. Method and authentication server for verifying access identity of set-top box
CN104639471A (en) * 2013-11-06 2015-05-20 航天信息股份有限公司 Method for processing message subpackages

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101247356B (en) * 2007-02-13 2011-02-16 华为技术有限公司 DHCP message passing method and system
CN101364974B (en) * 2007-08-10 2011-09-07 北京三星通信技术研究有限公司 Extended diameter method for DHCP related KEY transmission

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2595082A1 (en) * 2011-10-18 2013-05-22 Huawei Device Co., Ltd. Method and authentication server for verifying access identity of set-top box
US8832727B2 (en) 2011-10-18 2014-09-09 Huawei Device Co., Ltd. Method and authentication server for verifying access identity of set-top box
CN102970301A (en) * 2012-11-29 2013-03-13 无锡华御信息技术有限公司 Server and terminal admission control method and system based on dynamic host configuration protocol (DHCP)
CN102970301B (en) * 2012-11-29 2015-04-29 无锡华御信息技术有限公司 Server and terminal admission control method and system based on dynamic host configuration protocol (DHCP)
CN104639471A (en) * 2013-11-06 2015-05-20 航天信息股份有限公司 Method for processing message subpackages
CN104639471B (en) * 2013-11-06 2018-08-24 航天信息股份有限公司 A kind of method of message subpackage processing

Also Published As

Publication number Publication date
CN101640690B (en) 2012-07-04

Similar Documents

Publication Publication Date Title
EP3293934B1 (en) Cloud storage method and system
EP3432532B1 (en) Key distribution and authentication method, apparatus and system
EP2666316B1 (en) Method and apparatus for authenticating a communication device
US20190230503A1 (en) Protocol for establishing a secure communications session with an anonymous host over a wireless network
EP3005640B1 (en) Gateway, client device and methods for facilitating communcation between a client device and an application server
CN101296086B (en) Method, system and device for access authentication
CN102231725B (en) Method, equipment and system for authenticating dynamic host configuration protocol message
US11456999B2 (en) Network monitoring apparatus, and remote encryption and remote activation method, device and system thereof
US20090019281A1 (en) Secure host network address configuration
CN109921898A (en) IPv6 stateless address generation method and device
CN106452770A (en) Data encryption method and apparatus, data decryption method and apparatus, and system
EP2896177A1 (en) Method and devices for registering a client to a server
EP3993319A1 (en) Secure distribution of configuration to facilitate a privacy-preserving virtual private network system
CN105429962A (en) General intermediate network service establishing method and system facing encryption data
CN104135471A (en) Anti-hijack communication method of DNS (Domain Name System)
CN101640690B (en) Method and system for guaranteeing network security as well as DHCP server and client
CN101827106A (en) DHCP safety communication method, device and system
CN103595534B (en) A kind of holding equipment revokes data ciphering and deciphering system and the implementation method of operation
CN103746993A (en) Cloud storage data encryption method with client-controlled decryption private key and server-performed encryption and decryption
EP3688959B1 (en) System for securing deployed security cameras
US20170331798A1 (en) Encrypted-bypass webrtc-based voice and/or video communication method
WO2014205703A1 (en) Method and device for detecting shared access, and terminal device
CN102651736B (en) DHCP-based authentication method, DHCP server and DHCP client side
CN103888416B (en) Prevent the method and device of IP information leakages that safety-protection system terminal device stores
EP3355546A1 (en) Device identification encryption

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant