CN104468540A - Working mode switching method and PE device - Google Patents
Working mode switching method and PE device Download PDFInfo
- Publication number
- CN104468540A CN104468540A CN201410692567.XA CN201410692567A CN104468540A CN 104468540 A CN104468540 A CN 104468540A CN 201410692567 A CN201410692567 A CN 201410692567A CN 104468540 A CN104468540 A CN 104468540A
- Authority
- CN
- China
- Prior art keywords
- equipment
- encryption parameter
- authentication
- switching
- self
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
Landscapes
- Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Small-Scale Networks (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a working mode switching method and a PE device. The method comprises the steps that when the PE device receives a switchover detecting message from a CB device, encryption parameters are arranged in a switchover detecting responding message to be sent to the CB device; if a switchover detecting confirmation message from the CB device is received within the preset time, authentication is carried out on first verification data carried in the switchover detecting confirmation message according to the encryption parameters or the encryption parameters and the encryption parameters of the CB device in the switchover detecting message; after authentication passes, the working mode is switched to a port expanding running mode from an independent running mode. The PE device running in the independent running mode is protected against working mode switching caused by the attack of a counterfeit switchover message in the network, and the safety of working mode switching is improved.
Description
Technical field
The present invention relates to communication technical field, particularly a kind of Working mode switching method.The present invention also relates to a kind of PE (Port extender Device, ports-Extending) equipment simultaneously.
Background technology
IRF (Intelligent Resilient Framework, intelligent elastic framework) is a kind of novel software virtualization technology.Wherein, longitudinally the core concept of (Enhanced) IRF is on parent device (namely controlling bridge (Control Bridge) equipment) by multiple stage PE equipment connection, after carrying out necessary configuration, every platform PE device virtualization is become one block of remote interface plate of parent device, by parent device unified management.Use this Intel Virtualization Technology, the port density of parent device can be improved with lower cost, simplified network topology.
In actual applications, PE equipment can support two kinds of mode of operations, and a kind of mode of operation is independent operation mode, and in this operating mode, PE equipment runs as a switch, not by the management of CB equipment; Another kind of mode of operation is ports-Extending operational mode, and this mode of operation operates in longitudinal IRF system, and in this operating mode, PE equipment is virtual as the remote interface plate of CB equipment, and one piece of business board as CB equipment runs.
At present, conveniently user uses, and usually adopts following manner to realize the switching of above-mentioned two kinds of mode of operations: time initial, PE equipment is default is in independent operation mode, and supports plug and play; Follow-up once receive the switching probe messages that CB equipment sends, just it is checked, check result meet mode of operation switch require time, at once the mode of operation of self is switched to ports-Extending operational mode by independent operating module, that is, autoboot and entry port expansion operational mode.Here, this switching probe messages is that CB equipment is periodically sent by vertical stack port after completing vertical stack configuration.
But, the switching mode of above-mentioned this mode of operation is easy to be attacked by network attack person, the counterfeit switching probe messages of such as network attack person is attacked PE equipment, make PE equipment ports-Extending operational mode should do not automatically switched to during switching working mode, IRF system business is caused to there is very large potential safety hazard, visible, the fail safe of the switching mode of this mode of operation is poor.
Summary of the invention
The invention provides a kind of Working mode switching method and PE equipment, the problem that the fail safe in order to solve existing mode of operation switching mode is poor.
Particularly, Working mode switching method of the present invention is applied in the system including PE equipment and CB equipment, and described method comprises:
The encryption parameter of self, when receiving the switching probe messages from described CB equipment, is carried in switching detection response message and sends to described CB equipment by described PE equipment;
If receive the switching detection confirmation message from described CB equipment in Preset Time, then according to the encryption parameter of the described CB equipment carried in self encryption parameter or the encryption parameter of self and described switching probe messages, switch the first verification data that carries in detection confirmation message carry out authentication to described, to be described CB equipment generate according to the encryption parameter of the described PE equipment carried in described switching detection response message or the encryption parameter of described PE equipment and the encryption parameter of self described first verification data;
After authentication is passed through, the mode of operation of self is switched to ports-Extending operational mode by independent operation mode.
Correspondingly, the invention allows for a kind of PE equipment, this PE equipment is applied to and includes self with in the system of CB equipment, comprising:
Respond module, for when receiving the switching probe messages from described CB equipment, being carried at the encryption parameter of described PE equipment in switching detection response message and sending to described CB equipment;
Authentication module, during for receiving the switching detection confirmation message from described CB equipment in Preset Time, then according to the encryption parameter of described PE equipment, or the encryption parameter of the described CB equipment carried in the encryption parameter of described PE equipment and described switching probe messages, authentication is carried out to the described first verification data carried in detection confirmation message that switches, described first verification data is the encryption parameter of described CB equipment according to the described PE equipment carried in described switching detection response message, or the encryption parameter of described PE equipment and the encryption parameter of self generate,
Handover module, after confirming that authentication is passed through in described authentication module, switches to ports-Extending operational mode by the mode of operation of described PE equipment by independent operation mode.
As can be seen here, by applying technical scheme of the present invention, PE equipment is when receiving the switching probe messages from CB equipment, the encryption parameter of self is carried at switch in detection response message and sends to described CB equipment, in conjunction with the encryption parameter of self or the encryption parameter of the encryption parameter of self and CB equipment, authentication is carried out to the first verification data carried in the detection of the switching from the CB equipment confirmation message received in Preset Time, and by rear ability, the mode of operation of self is switched to ports-Extending operational mode by independent operation mode in authentication.Thus make the PE equipment operating in independent operation mode avoid the mode of operation caused because the attack by counterfeit switching probe messages in network to switch, the basis ensureing PE equipment plug and play simplicity and ease for use improves the fail safe that PE equipment mode of operation switches.
Accompanying drawing explanation
Fig. 1 is the schematic flow sheet of a kind of Working mode switching method that the present invention proposes;
Fig. 2 is the structural representation of a kind of PE equipment that the present invention proposes.
Embodiment
For solving the problem proposed in background technology, the present invention proposes a kind of Working mode switching method, by instruction PE equipment, secure authentication being carried out to the switching probe messages received, improve the fail safe that PE equipment mode of operation switches.
As shown in Figure 1, be the schematic flow sheet of a kind of mode switching method that the present invention proposes, the method is applied to and comprises in the IRF system of PE equipment and CB equipment, and the method comprises the following steps:
The encryption parameter of self, when receiving the switching probe messages from CB equipment, is carried in switching detection response message and sends to CB equipment by S101, PE equipment.
In this step, after PE equipment receives and switches probe messages, and no longer as prior art, directly switching probe messages is checked, but first respond CB equipment, namely, send out one to CB equipment and switch detection response message, carry some encryption parameters self arranged in this response message, so that follow-up CB equipment at least responds one again according to these encryption parameters switch detection confirmation message, self just determines the need of the switching carrying out mode of operation, to improve the fail safe of switching mode after carrying out relevant treatment to this switching detection confirmation message.
S102, if PE equipment receives the switching detection confirmation message from CB equipment in Preset Time, then PE equipment is according to the encryption parameter of the CB equipment carried in the encryption parameter of self or the encryption parameter of self and switching probe messages, carries out authentication to switching the first verification data carried in detection confirmation message.
Here, above-mentioned first verification data is CB equipment the encryption parameter of PE equipment or the encryption parameter of PE equipment that carry in detection response message and the encryption parameter of self generate according to switching.
Particularly, in above-mentioned steps S102, for PE equipment, namely it start the timer of self after switching detection response message is issued CB equipment, if do not receive the switching detection confirmation message that CB equipment sends in the Preset Time (can according to the actual conditions value of network) of timing, then be considered as the switching detection of this mode of operation for illegal detection, now, PE equipment still keeps current independent operation mode, and switching probe messages is done discard processing; If receive the switching detection confirmation message that CB equipment sends in the Preset Time of timing, then after authentication process (concrete processing procedure is follow-up to be described) being carried out to it, then determine the switching the need of carrying out mode of operation.
Further, in above-mentioned steps S102, for PE equipment, after receiving switching detection confirmation message, following two schemes can be adopted to realize switching the authentication operations detecting the first verification data carried in confirmation message:
The first scheme, only according to the encryption parameter of PE equipment, carries out authentication to switching the first verification data carried in detection confirmation message.
In suc scheme, based on the consideration of switching mode security performance, the timestamp that the random number that the encryption parameter of PE equipment can produce when receiving and switching probe messages for PE equipment, PE equipment produce when receiving and switching probe messages and PE equipment receive at least two encryption parameters in the address information (such as address information is the MAC Address of port) of the port switching probe messages.Such as, random number and timestamp, random number and MAC Address etc. can be carried to switch in detection response message and send to CB equipment by PE equipment.
First scheme, simultaneously according to the encryption parameter of PE equipment, and the encryption parameter of CB equipment, carry out authentication to switching the first verification data carried in detection confirmation message.
In suc scheme, because PE equipment and CB equipment both sides all provide encryption parameter, so, the encryption parameter of PE equipment can be one or more, and the encryption parameter of CB equipment also can be one or more.
Be one for the encryption parameter of CB equipment below, the concrete encryption parameter of equipment both sides be described:
Under first scheme, the encryption parameter of CB equipment can for switching the address information of the source port (namely CB equipment sends the port switching probe messages) of probe messages, the MAC Address of such as source port, this parameter is carried at and switches in probe messages, and follow-up extraction from switching probe messages by PE equipment obtains.
In this case, the encryption parameter of PE equipment can be multiple, such as, can receive at least two encryption parameters in the address information of the port switching probe messages for random number, timestamp and PE equipment in the first scheme above-mentioned; The encryption parameter of PE equipment also can be one, such as, can receive an encryption parameter in the address information of the port switching probe messages for random number, timestamp and PE equipment in the first scheme above-mentioned.
Here, consider that the encryption parameter of PE equipment is that PE equipment is when receiving the address information of port switching probe messages, it is a preset parameter, now, the encryption parameter of CB equipment is also a preset parameter, follow-uply carries out authentication according to these two parameters to first verification data, be easy to by network attack person counterfeit, based on this, in one preferred embodiment of the invention, the encryption parameter of PE equipment be in the first scheme above-mentioned random number and timestamp one of them.
It should be noted that, the present invention is not limited in the parameter mentioned in above-mentioned two schemes as encryption parameter, carries out authentication, other parameters also can be adopted as encryption parameter, will not enumerate at this first verification data.
Further, in above-mentioned steps S102, for PE equipment, no matter adopt above-mentioned any scheme to carry out authentication to first verification data, concrete authentication mode can have following two kinds:
The first authentication mode, the second verification msg that PE equipment will generate according to the encryption parameter of self or the encryption parameter of the encryption parameter of self and CB equipment, with first verification data comparison; When comparison result meets pre-conditioned, determine that first verification data passes through authentication.
Under this authentication mode, PE equipment can generate above-mentioned second verification msg sending to switch after detection response message to CB equipment, also can follow-up need to carry out authentication to first verification data time regeneration above-mentioned second verification msg.Such as, only provide encryption parameter by PE equipment and encryption parameter be random number in the first scheme above-mentioned and timestamp time, PE equipment can after sending switching detection response message to CB equipment, generation second verification msg is encrypted to corresponding random number and timestamp, correspondingly, follow-up CB equipment, after receiving switching detection response message, also can be encrypted generation first verification data to corresponding random number and timestamp.
It should be noted that, in embodiments of the present invention, in advance built-in identical encryption rule on PE equipment with CB equipment, therefore, it is identical with the concrete generative process that CB equipment generates first verification data that PE equipment generates the second verification msg, the attack of the person that avoiding problems network attack, because although network attack person can counterfeit switching probe messages, but it cannot know concrete encryption rule, even if PE equipment can be responded, the first verification data carried also by authentication, cannot this provides for improved the fail safe of switching working mode.
In addition, for the concrete generative process of first verification data and the second verification msg, existing multiple encryption algorithms can be adopted to generate, be not described in detail in this.
Below in conjunction with an embody rule scene, exemplary illustration is carried out to the first authentication mode:
After supposing that PE equipment receives switching probe messages R, in the switching detection response message P that CB equipment sends, carry PE equipment receive random number A that the MAC Address (being called SMAC1) of port, the PE equipment that switch probe messages R produces when receiving and switching probe messages R and the timestamp B that PE equipment produces when receiving and switching probe messages R, afterwards, start timer, in the Preset Time of timing, wait for the response of CB equipment.
Meanwhile, PE equipment extracts the MAC Address (being called SMAC2) that CB equipment sends the port of this switching probe messages R from the switching probe messages R received, and according to built-in encryption rule, apply certain cryptographic algorithm random number A and SMAC2 is encrypted obtain character string A ' (A '=S1 (A, SMAC2), S1 is certain cryptographic algorithm), apply another kind of cryptographic algorithm timestamp B and SMAC1 is encrypted obtain character string B ' (B '=S2 (B, SMAC1), S2 is another kind of cryptographic algorithm, such as HASH algorithm).Finally A ' and B ' is encrypted and obtains character string X (X=D (A ', B '), D is certain cryptographic algorithm), using character string X as the second verification msg.
Correspondingly, after CB equipment receives and switches detection response message P, CB equipment can extract SMAC1, random number A and timestamp B from the message P received, according to built-in encryption rule, and apply S1 to random number A and SMAC2 be encrypted obtain character string A ' (A '=S1 (A, SMAC2), SMAC2 is the MAC Address that CB equipment sends the port switching probe messages R), application S2 is encrypted timestamp B and SMAC1 and obtains character string B ' (B '=S2 (B, SMAC1)).Subsequently, CB equipment by certain cryptographic algorithm to character string A ' and character string B ' be encrypted obtain character string Y (Y=E (A ', B '), E is certain cryptographic algorithm), this character string is carried to switch in detection confirmation message Q as first verification data and responds.
Afterwards, PE equipment is after receiving switching detection confirmation message Q, the X that self can be generated and the Y switched in detection confirmation message Q compares, if comparison result meets pre-conditioned (this pre-conditioned arrange in advance according to corresponding cryptographic algorithm), then determine that first verification data is by authentication, carry out follow-up mode of operation switching action; If comparison result does not meet pre-conditioned, be also considered as the switching detection of this mode of operation for illegal detection, follow-up PE equipment still keeps current independent operation mode, and switching probe messages is done discard processing.Here, this is pre-conditioned, and to can be first verification data identical with the second verification msg, may also be the two and meet certain operation rule.
The second authentication mode, the partial parameters in the encryption parameter of PE equipment utilization self or the encryption parameter of the encryption parameter of self and CB equipment, is decrypted first verification data; Utilize the parameter except partial parameters in the encryption parameter of self encryption parameter or the encryption parameter of self and CB equipment, authentication is carried out to the data after deciphering.
Under this authentication mode, if PE equipment is according to two encryption parameters, carry out authentication to first verification data, so, PE equipment first can select one from these two encryption parameters, first verification data is decrypted, afterwards, then by the parameter in these two encryption parameters except the parameter selected, compare with the encryption parameter after deciphering, such as whether both comparisons are consistent, and determine whether first verification data passes through authentication according to comparison result.
If PE equipment is according to plural encryption parameter, authentication is carried out to first verification data, so, the verification msg that PE equipment can generate according to partial parameters in plural encryption parameter, first verification data is decrypted, afterwards, then by the verification msg of the parameter generation in plural encryption parameter except partial parameters, compare with the data after deciphering, and determine whether first verification data passes through authentication according to comparison result.
Certainly, in this case, PE equipment also can according to certain parameter in plural encryption parameter, first verification data is decrypted, afterwards, again by the verification msg that the parameter in plural encryption parameter except certain parameter generates, compare with the data after deciphering, and determine whether first verification data passes through authentication according to comparison result.
Below in conjunction with the application scenarios under the first authentication mode, exemplary illustration is carried out to the second authentication mode:
Identical with the application scenarios under the first authentication mode: CB equipment generates the process of Y.With the application scenarios under the first authentication mode unlike: PE equipment does not generate the process of X after receiving and switching probe messages.
In such a scenario, PE equipment is after receiving switching detection confirmation message Q, can apply certain decipherment algorithm to switch the Y carried in detection confirmation message Q be decrypted draw A " (A "=D (Y, B '), D is certain decipherment algorithm), afterwards, PE equipment is again to A " and by algorithm S1 random number A and SMAC2 is encrypted obtain character string A ' (A '=S1 (A, SMAC2), S1 is certain algorithm) compare, if comparison result meets pre-conditioned, then determine that first verification data passes through authentication, carry out follow-up mode of operation switching action, if comparison result does not meet pre-conditioned, be also considered as the switching detection of this mode of operation for illegal detection, follow-up PE equipment still keeps current independent operation mode, and switching probe messages is done discard processing.
S103, after authentication is passed through, switches to ports-Extending operational mode by the mode of operation of self by independent operation mode.
Can be found out by above flow process, PE equipment of the present invention is when receiving the switching probe messages from CB equipment, the encryption parameter of self is carried at switch in detection response message and sends to CB equipment, in conjunction with the encryption parameter of self or the encryption parameter of the encryption parameter of self and CB equipment, authentication is carried out to the first verification data carried in the detection of the switching from the CB equipment confirmation message received in Preset Time, and by rear ability, the mode of operation of self is switched to ports-Extending operational mode by independent operation mode in authentication.Thus make the PE equipment operating in independent operation mode avoid the mode of operation caused because the attack by counterfeit switching probe messages in network to switch, the basis ensureing PE equipment plug and play simplicity and ease for use improves the fail safe that PE equipment mode of operation switches.
For reaching above object, the invention allows for a kind of PE equipment, as shown in Figure 2, PE equipment is applied to and includes self with in the system of CB equipment, comprising:
Respond module 210, for when receiving the switching probe messages from CB equipment, being carried at the encryption parameter of PE equipment in switching detection response message and sending to CB equipment;
Authentication module 220, during for receiving the switching detection confirmation message from CB equipment in Preset Time, then according to the encryption parameter of the CB equipment carried in the encryption parameter of PE equipment or the encryption parameter of PE equipment and switching probe messages, carry out authentication to switching the first verification data that carries in detection confirmation message, first verification data is CB equipment according to switching the encryption parameter of PE equipment or the encryption parameter of PE equipment that carry in detection response message and the encryption parameter of self generates;
Handover module 230, for after authentication module 220 confirms that authentication is passed through, switches to ports-Extending operational mode by the mode of operation of PE equipment by independent operation mode.
In concrete application scenarios, above-mentioned authentication module 220, specifically at the encryption parameter of PE equipment being the random number that PE equipment produces when receiving and switching probe messages, the timestamp that PE equipment produces when receiving and switching probe messages, and PE equipment receive switch probe messages port address information at least two encryption parameters time, according to the encryption parameter of PE equipment, or the encryption parameter of PE equipment and switch in probe messages the address information of source port of the switching probe messages of carrying, authentication is carried out to switching the first verification data carried in detection confirmation message, or, the encryption parameter of PE equipment be random number and timestamp one of them time, according to the encryption parameter of PE equipment and the address information of source port switching the switching probe messages of carrying in probe messages, carry out authentication to switching the first verification data carried in detection confirmation message.
In concrete application scenarios, above-mentioned authentication module 220, specifically for the second verification msg will generated according to the encryption parameter of the encryption parameter of PE equipment or the encryption parameter of PE equipment and CB equipment, with first verification data comparison, and when comparison result meets pre-conditioned, determine that first verification data passes through authentication.
In concrete application scenarios, above-mentioned authentication module 220, specifically for the partial parameters in the encryption parameter of encryption parameter or PE equipment that utilizes PE equipment and the encryption parameter of CB equipment, first verification data is decrypted, and utilize the parameter in the encryption parameter of the encryption parameter of PE equipment or the encryption parameter of PE equipment and CB equipment except partial parameters, authentication is carried out to the data after deciphering.
In concrete application scenarios, above-mentioned handover module 230, also for do not receive in Preset Time from CB equipment switching detection confirmation message, or authentication module 220 confirm authentication not by time, keep current independent operation mode.
Through the above description of the embodiments, those skilled in the art can be well understood to the present invention can by hardware implementing, and the mode that also can add necessary general hardware platform by software realizes.Based on such understanding, technical scheme of the present invention can embody with the form of software product, it (can be CD-ROM that this software product can be stored in a non-volatile memory medium, USB flash disk, portable hard drive etc.) in, comprise some instructions and perform each method implementing described in scene of the present invention in order to make a computer equipment (can be personal computer, server, or the network equipment etc.).
It will be appreciated by those skilled in the art that accompanying drawing is a schematic diagram preferably implementing scene, the module in accompanying drawing or flow process might not be that enforcement the present invention is necessary.
It will be appreciated by those skilled in the art that the module in the device implemented in scene can carry out being distributed in the device of enforcement scene according to implementing scene description, also can carry out respective change and being arranged in the one or more devices being different from this enforcement scene.The module of above-mentioned enforcement scene can merge into a module, also can split into multiple submodule further.
The invention described above sequence number, just to describing, does not represent the quality implementing scene.
Be only several concrete enforcement scene of the present invention above, but the present invention is not limited thereto, the changes that any person skilled in the art can think of all should fall into protection scope of the present invention.
Claims (10)
1. a Working mode switching method, is characterized in that, described method is applied to and includes ports-Extending PE equipment and control in the system of bridge CB equipment, and described method comprises:
The encryption parameter of self, when receiving the switching probe messages from described CB equipment, is carried in switching detection response message and sends to described CB equipment by described PE equipment;
If receive the switching detection confirmation message from described CB equipment in Preset Time, then according to the encryption parameter of the described CB equipment carried in self encryption parameter or the encryption parameter of self and described switching probe messages, switch the first verification data that carries in detection confirmation message carry out authentication to described, to be described CB equipment generate according to the encryption parameter of the described PE equipment carried in described switching detection response message or the encryption parameter of described PE equipment and the encryption parameter of self described first verification data;
After authentication is passed through, the mode of operation of self is switched to ports-Extending operational mode by independent operation mode.
2. the method for claim 1, it is characterized in that, described PE equipment is according to the encryption parameter of the described CB equipment carried in the encryption parameter of self or the encryption parameter of self and described switching probe messages, authentication is carried out to the described first verification data carried in detection confirmation message that switches, specifically comprises:
If the encryption parameter of described PE equipment is the random number that described PE equipment produces when receiving described switching probe messages, the timestamp that described PE equipment produces when receiving described switching probe messages, and described PE equipment receives at least two encryption parameters in the address information of the port of described switching probe messages, then described PE equipment is according to the encryption parameter of self, or the address information of the source port of the described switching probe messages of carrying in the encryption parameter of self and described switching probe messages, authentication is carried out to the described first verification data carried in detection confirmation message that switches,
If the encryption parameter of described PE equipment be described random number and described timestamp one of them, then described PE equipment is according to the address information of the source port of the described switching probe messages of carrying in the encryption parameter of self and described switching probe messages, carries out authentication to the described first verification data carried in detection confirmation message that switches.
3. method as claimed in claim 2, it is characterized in that, described PE equipment carries out authentication by following manner to described second verification msg:
The second verification msg that described PE equipment will generate according to the encryption parameter of self or the encryption parameter of the encryption parameter of self and described CB equipment, with described first verification data comparison;
When comparison result meets pre-conditioned, determine that described first verification data passes through authentication.
4. method as claimed in claim 2, it is characterized in that, described PE equipment carries out authentication by following manner to described second verification msg:
Partial parameters in the encryption parameter of described PE equipment utilization self or the encryption parameter of the encryption parameter of self and described CB equipment, is decrypted described first verification data;
Utilize the parameter except partial parameters in the encryption parameter of self encryption parameter or the encryption parameter of self and described CB equipment, authentication is carried out to the data after deciphering.
5. the method as described in any one of claim 1-4, is characterized in that, described method also comprises:
Described PE equipment does not receive the switching detection confirmation message from described CB equipment in described Preset Time, or when authentication is not passed through, keeps current independent operation mode.
6. a ports-Extending PE equipment, is characterized in that, described PE equipment is applied to and includes self and control, in the system of bridge CB equipment, to comprise:
Respond module, for when receiving the switching probe messages from described CB equipment, being carried at the encryption parameter of described PE equipment in switching detection response message and sending to described CB equipment;
Authentication module, during for receiving the switching detection confirmation message from described CB equipment in Preset Time, then according to the encryption parameter of described PE equipment, or the encryption parameter of the described CB equipment carried in the encryption parameter of described PE equipment and described switching probe messages, authentication is carried out to the described first verification data carried in detection confirmation message that switches, described first verification data is the encryption parameter of described CB equipment according to the described PE equipment carried in described switching detection response message, or the encryption parameter of described PE equipment and the encryption parameter of self generate,
Handover module, after confirming that authentication is passed through in described authentication module, switches to ports-Extending operational mode by the mode of operation of described PE equipment by independent operation mode.
7. equipment as claimed in claim 6, is characterized in that,
Described authentication module, specifically for being the random number that described PE equipment produces when receiving described switching probe messages at the encryption parameter of described PE equipment, the timestamp that described PE equipment produces when receiving described switching probe messages, and described PE equipment is when receiving at least two encryption parameters in the address information of the port of described switching probe messages, according to the encryption parameter of described PE equipment, or the address information of the source port of the described switching probe messages of carrying in the encryption parameter of described PE equipment and described switching probe messages, authentication is carried out to the described first verification data carried in detection confirmation message that switches, or,
The encryption parameter of described PE equipment be described random number and described timestamp one of them time, according to the address information of the source port of the described switching probe messages of carrying in the encryption parameter of described PE equipment and described switching probe messages, authentication is carried out to the described first verification data carried in detection confirmation message that switches.
8. equipment as claimed in claim 7, is characterized in that,
Described authentication module, specifically for the second verification msg will generated according to the encryption parameter of the encryption parameter of described PE equipment or the encryption parameter of described PE equipment and described CB equipment, with described first verification data comparison, and when comparison result meets pre-conditioned, determine that described first verification data passes through authentication.
9. equipment as claimed in claim 7, it is characterized in that, described authentication module, specifically for utilizing the partial parameters in the encryption parameter of the encryption parameter of the encryption parameter of described PE equipment or described PE equipment and described CB equipment, described first verification data is decrypted, and utilize the parameter in the encryption parameter of the encryption parameter of the encryption parameter of described PE equipment or described PE equipment and described CB equipment except partial parameters, authentication is carried out to the data after deciphering.
10. the equipment as described in any one of claim 6-9, is characterized in that,
Described handover module, also for not receiving the switching detection confirmation message from described CB equipment in described Preset Time, or when described authentication module confirms that authentication is not passed through, keeps current independent operation mode.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410692567.XA CN104468540B (en) | 2014-11-26 | 2014-11-26 | A kind of Working mode switching method and PE equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410692567.XA CN104468540B (en) | 2014-11-26 | 2014-11-26 | A kind of Working mode switching method and PE equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104468540A true CN104468540A (en) | 2015-03-25 |
| CN104468540B CN104468540B (en) | 2018-04-06 |
Family
ID=52913912
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410692567.XA Active CN104468540B (en) | 2014-11-26 | 2014-11-26 | A kind of Working mode switching method and PE equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104468540B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107959584A (en) * | 2017-10-31 | 2018-04-24 | 新华三技术有限公司 | Information configuring methods and device |
| CN114866303A (en) * | 2022-04-26 | 2022-08-05 | 武昌理工学院 | Anti-hijacking detection signal authentication method |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100118882A1 (en) * | 2008-11-10 | 2010-05-13 | H3C Technologies Co., Ltd. | Method, Apparatus, and System For Packet Transmission |
| CN103746816A (en) * | 2014-02-18 | 2014-04-23 | 飞天诚信科技股份有限公司 | Multifunctional authenticator and working method thereof |
| CN104158709A (en) * | 2014-08-06 | 2014-11-19 | 杭州华三通信技术有限公司 | Optical module identification method and port extender |
-
2014
- 2014-11-26 CN CN201410692567.XA patent/CN104468540B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100118882A1 (en) * | 2008-11-10 | 2010-05-13 | H3C Technologies Co., Ltd. | Method, Apparatus, and System For Packet Transmission |
| CN103746816A (en) * | 2014-02-18 | 2014-04-23 | 飞天诚信科技股份有限公司 | Multifunctional authenticator and working method thereof |
| CN104158709A (en) * | 2014-08-06 | 2014-11-19 | 杭州华三通信技术有限公司 | Optical module identification method and port extender |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107959584A (en) * | 2017-10-31 | 2018-04-24 | 新华三技术有限公司 | Information configuring methods and device |
| CN107959584B (en) * | 2017-10-31 | 2021-07-02 | 新华三技术有限公司 | Information configuration method and device |
| CN114866303A (en) * | 2022-04-26 | 2022-08-05 | 武昌理工学院 | Anti-hijacking detection signal authentication method |
| CN114866303B (en) * | 2022-04-26 | 2023-05-26 | 武昌理工学院 | Anti-hijacking detection signal authentication method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104468540B (en) | 2018-04-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10601801B2 (en) | Identity authentication method and apparatus | |
| CN108235799B (en) | Block generation method, device, storage medium and block chain network | |
| US10097530B2 (en) | Security authentication method and bidirectional forwarding detection BFD device | |
| CN106301774B (en) | Safety chip, its encryption key generation method and encryption method | |
| US10659226B2 (en) | Data encryption method, decryption method, apparatus, and system | |
| EP3197121A1 (en) | Information security realizing method and system based on digital certificate | |
| CN105245541A (en) | Authentication method and system and equipment | |
| EP3457309B1 (en) | Processing method for presenting copy attack, and server and client | |
| US20160330179A1 (en) | System and method for key exchange based on authentication information | |
| CN103067160A (en) | Method and system of generation of dynamic encrypt key of encryption secure digital memory card (SD) | |
| CN103475463B (en) | Encryption implementation method and device | |
| CN108681677A (en) | Based on the double net computer methods of USB interface security isolation, apparatus and system | |
| WO2014149490A4 (en) | Secure end-to-end permitting system for device operations | |
| US9749314B1 (en) | Recovery mechanism for fault-tolerant split-server passcode verification of one-time authentication tokens | |
| CN105721153A (en) | System and method for key exchange based on authentication information | |
| CN102833256A (en) | Method and cloud system for registering cluster control server and node control server | |
| CN105262773A (en) | A verification method and apparatus for an IOT system | |
| CN103369529A (en) | Identity authentication method, access point (AP) and access controller (AC) | |
| CN106254312B (en) | method and device for achieving server attack prevention through virtual machine heterogeneous | |
| US9762388B2 (en) | Symmetric secret key protection | |
| JP2013118500A (en) | Authentication device, authentication method, and authentication program | |
| CN117077123A (en) | Service processing method and device for multiple password cards and electronic equipment | |
| CN104468540A (en) | Working mode switching method and PE device | |
| CN113992427A (en) | Data encryption sending method and device based on adjacent nodes | |
| CN103873257A (en) | Secrete key updating, digital signature and signature verification method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| EXSB | Decision made by sipo to initiate substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Applicant after: Xinhua three Technology Co., Ltd. Address before: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Applicant before: Huasan Communication Technology Co., Ltd. |
|
| CB02 | Change of applicant information | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |