CN104468540B - A kind of Working mode switching method and PE equipment - Google Patents
A kind of Working mode switching method and PE equipment Download PDFInfo
- Publication number
- CN104468540B CN104468540B CN201410692567.XA CN201410692567A CN104468540B CN 104468540 B CN104468540 B CN 104468540B CN 201410692567 A CN201410692567 A CN 201410692567A CN 104468540 B CN104468540 B CN 104468540B
- Authority
- CN
- China
- Prior art keywords
- equipment
- encryption parameter
- switching
- itself
- probe messages
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
Abstract
The invention discloses a kind of Working mode switching method and PE equipment.This method includes:The encryption parameter of itself is carried when receiving the switching probe messages from CB equipment and is sent to CB equipment in detection response message is switched by PE equipment;If the switching detection confirmation message from CB equipment is received in preset time, then according to the encryption parameter of the CB equipment carried in the encryption parameter of itself or the encryption parameter of itself and switching probe messages, the first verification data carried in confirmation message is detected to switching and authenticated;After authentication passes through, the mode of operation of itself is switched into ports-Extending operational mode by independent operation mode.The present invention makes the PE equipment for operating in independent operation mode avoid the mode of operation switching caused by the attack of counterfeit switching probe messages in by network, improves the security of mode of operation switching.
Description
Technical field
The present invention relates to communication technical field, more particularly to a kind of Working mode switching method.The present invention also relates to
A kind of PE (Port extender Device, ports-Extending) equipment.
Background technology
IRF (Intelligent Resilient Framework, intelligent elastic framework) is that a kind of new software is virtual
Change technology.Wherein, longitudinal direction (Enhanced) IRF core concept is that more PE equipment are connected into parent device (i.e. control bridge
(Control Bridge) equipment) on, carry out it is necessary with postponing, every PE device virtualization is long-range into one piece of parent device
Interface board, it is managed collectively by parent device.Using this virtualization technology, the port that parent device can be improved with relatively low cost is close
Degree, simplify network topology.
In actual applications, PE equipment can support two kinds of mode of operations, and a kind of mode of operation is independent operation mode,
Under the mode of operation, PE equipment is run as an interchanger, is not managed by CB equipment;Another mode of operation is that port is expanded
Operational mode is opened up, the mode of operation is operated in longitudinal IRF systems, and in this operating mode, PE equipment is virtual as CB equipment
Remote interface plate, as CB equipment one piece of business board run.
At present, used in order to facilitate user, generally use following manner realizes the switching of above two mode of operation:Initially
When, PE equipment is default to be in independent operation mode, and supports plug and play;It is follow-up to be visited once receiving the switching that CB equipment is sent
Observe and predict text, just it checked, inspection result meet mode of operation switching require when, at once by the mode of operation of itself by
Independent operating module switches to ports-Extending operational mode, i.e. automatic to restart simultaneously entry port extension operational mode.Herein,
The switching probe messages are that CB equipment is sent after vertical stack configuration is completed periodically through vertical stack port.
But the switching mode of above-mentioned this mode of operation is easy to be attacked by network attack person, such as network attack person
Counterfeit switching probe messages are attacked PE equipment so that PE equipment should not automatically switch to end during switching working mode
Mouth extension operational mode, causes IRF system business very big potential safety hazard to be present, it is seen then that the switching mode of this mode of operation
Security it is poor.
The content of the invention
The invention provides a kind of Working mode switching method and PE equipment, to solve existing mode of operation switching side
The problem of security of formula is poor.
Specifically, Working mode switching method of the invention is applied to include in the system of PE equipment and CB equipment, institute
The method of stating includes:
The PE equipment carries the encryption parameter of itself when receiving the switching probe messages from the CB equipment
The CB equipment is sent in detection response message is switched;
If the switching detection confirmation message from the CB equipment is received in preset time, according to the encryption of itself
The encryption parameter of the CB equipment carried in parameter or the encryption parameter of itself and the switching probe messages, to described
The first verification data that carries is authenticated in switching detection confirmation message, the first verification data be the CB equipment according to
The encryption parameter of the PE equipment carried in the switching detection response message or the encryption parameter of the PE equipment and from
The encryption parameter generation of body;
After authentication passes through, the mode of operation of itself is switched into ports-Extending operational mode by independent operation mode.
Correspondingly, the invention also provides a kind of PE equipment, the PE equipment applications are in include itself and CB equipment
In system, including:
Respond module, for when receiving the switching probe messages from the CB equipment, by the PE equipment plus
Close parameter carries and the CB equipment is sent in detection response message is switched;
Authentication module, when detecting confirmation message for receiving the switching from the CB equipment in preset time, then
According to the institute carried in the encryption parameter and the switching probe messages of the encryption parameter of the PE equipment or the PE equipment
The encryption parameter of CB equipment is stated, the first verification data that carries in the switching detection confirmation message is authenticated, described the
One checking data be the CB equipment according to the encryption parameter of the PE equipment carried in the switching detection response message or
What the encryption parameter of PE equipment described in person and the encryption parameter of itself generated;
Handover module, for after the authentication module confirms that authentication passes through, by the mode of operation of the PE equipment by only
Vertical operational mode switches to ports-Extending operational mode.
As can be seen here, by applying the technical scheme of the present invention, PE equipment is receiving the detection of the switching from CB equipment
During message, the encryption parameter of itself is carried the CB equipment is sent in detection response message is switched, with reference to adding for itself
Close parameter or the encryption parameter of itself and the encryption parameter of CB equipment, CB equipment is come to what is received in preset time
Switching detection confirmation message in the first verification data that carries authenticated, and just by the Working mould of itself after authentication passes through
Formula switches to ports-Extending operational mode by independent operation mode.So that the PE equipment for operating in independent operation mode avoids
Mode of operation switches caused by the attack of counterfeit switching probe messages in by network, is ensureing that PE equipment plug and play is easy
Property and ease for use on the basis of improve PE equipment mode of operation switching security.
Brief description of the drawings
Fig. 1 is a kind of schematic flow sheet of Working mode switching method proposed by the present invention;
Fig. 2 is a kind of structural representation of PE equipment proposed by the present invention.
Embodiment
To solve the problems, such as proposed in background technology, the present invention proposes a kind of Working mode switching method, passes through finger
Show that PE equipment carries out secure authentication to the switching probe messages received, improve the security of PE equipment mode of operation switching.
As shown in figure 1, being a kind of schematic flow sheet of mode switching method proposed by the present invention, this method is applied to include
In the IRF systems of PE equipment and CB equipment, this method comprises the following steps:
S101, PE equipment carry the encryption parameter of itself when receiving the switching probe messages from CB equipment
CB equipment is sent in switching detection response message.
In this step, after PE equipment receives switching probe messages, and no longer as prior art, directly to switching
Probe messages are checked, but first respond CB equipment, i.e. send out a switching detection response message to CB equipment, this response report
Some encryption parameters of itself setting are carry in text, so that follow-up CB equipment responds one again depending at least on these encryption parameters
Switching detection confirmation message, after itself carries out relevant treatment to this switching detection confirmation message, just decide whether to carry out work
The switching of operation mode, to improve the security of switching mode.
S102, if PE equipment receives the switching detection confirmation message from CB equipment, PE equipment in preset time
According to the encryption parameter of CB equipment carried in the encryption parameter of itself or the encryption parameter of itself and switching probe messages,
The first verification data carried in confirmation message is detected to switching to authenticate.
Herein, above-mentioned first verification data is CB equipment adding according to the PE equipment carried in switching detection response message
The encryption parameter and the encryption parameter generation of itself of close parameter or PE equipment.
Specifically, in above-mentioned steps S102, for PE equipment, switching detection response message is issued CB equipment by it
Afterwards, that is, the timer of itself is started, if do not received in the preset time (can be according to the actual conditions value of network) of timing
The switching sent to CB equipment detects confirmation message, then the switching detection for being considered as this mode of operation is illegal detection, now,
PE equipment still keeps current independent operation mode, and switching probe messages are done into discard processing;If timing it is default when
The interior switching detection confirmation message for receiving CB equipment and sending, then carrying out authentication process to it, (concrete processing procedure is subsequently entered
Row explanation) after, then decide whether to be operated the switching of pattern.
Further,, can after switching detection confirmation message is received for PE equipment in above-mentioned steps S102
To realize the authentication operations that the first verification data carried in confirmation message is detected to switching using following two schemes:
The first scheme, only in accordance with the encryption parameter of PE equipment, the carried in confirmation message first checking is detected to switching
Data are authenticated.
In suc scheme, the consideration based on switching mode security performance, the encryption parameter of PE equipment can be PE equipment
Receive switching probe messages caused by random number, PE equipment receive switching probe messages caused by timestamp,
And PE equipment receive switching probe messages port address information (such as address information be port MAC Address) in extremely
Few two encryption parameters.Visited for example, PE equipment can carry random number and timestamp, random number and MAC Address etc. in switching
Survey in response message and be sent to CB equipment.
Second scheme, while according to the encryption parameter of PE equipment, and the encryption parameter of CB equipment, switching detection is confirmed
The first verification data carried in message is authenticated.
In suc scheme, because PE equipment and CB equipment both sides are each provided with encryption parameter, then, the encryption of PE equipment
Parameter can be one or more, and the encryption parameter of CB equipment can also be one or more.
Below so that the encryption parameter of CB equipment is one as an example, the specific encryption parameter of equipment both sides is illustrated:
Under second scheme, the encryption parameter of CB equipment can be source port (the i.e. CB equipment of switching probe messages
Send the port of switching probe messages) address information, such as the MAC Address of source port, this parameter is to carry to visit in switching
Observe and predict in text, subsequently extracted and obtained from switching probe messages by PE equipment.
In this case, the encryption parameter of PE equipment can be it is multiple, for example, can be the first above-mentioned scheme in
Machine number, timestamp and PE equipment receive at least two encryption parameters in the address information of the port of switching probe messages;PE
The encryption parameter of equipment can also be one, for example, can be random number, timestamp and PE equipment in the first above-mentioned scheme
Receive an encryption parameter in the address information of the port of switching probe messages.
Herein, it is contemplated that the encryption parameter of PE equipment is the address letter for the port that PE equipment receives switching probe messages
It is a preset parameter during breath, now, the encryption parameter of CB equipment is also a preset parameter, subsequently according to the two parameters
First verification data is authenticated, it is easy to which by network attack, person is counterfeit, based on this, in a preferred embodiment of the present invention
In, the encryption parameter of PE equipment is one of random number and timestamp in the first above-mentioned scheme.
It should be noted that the parameter that the present invention is not limited in referring in above two scheme is as encryption parameter, it is right
First verification data is authenticated, and can also use other specification to will not enumerate herein as encryption parameter.
Further, in above-mentioned steps S102, for PE equipment, no matter using above-mentioned any scheme to the
One checking data are authenticated, and specific authentication mode can have following two:
The first authentication mode, PE equipment is by according to the encryption parameter of itself or the encryption parameter of itself and CB equipment
Encryption parameter generation second checking data, compared with first verification data;When comparison result meets preparatory condition, it is determined that
First verification data passes through authentication.
Under this authentication mode, PE equipment can generate above-mentioned the after switching detection response message is sent to CB equipment
Two checking data, above-mentioned second checking data can also be regenerated when subsequently needing to authenticate first verification data.Example
Such as, when only by PE equipment offer encryption parameter and encryption parameter being the random number and timestamp in the first above-mentioned scheme, PE
Generation can be encrypted to corresponding random number and timestamp after switching detection response message is sent to CB equipment in equipment
Second checking data, correspondingly, follow-up CB equipment, also can be to corresponding random number and time after switching detection response message is received
Generation first verification data is encrypted in stamp.
It should be noted that in embodiments of the present invention, the built-in identical encryption in PE equipment and CB equipment in advance
Rule, therefore, the checking data of PE equipment generation second are identical with the specific generating process of CB equipment generation first verification data, this
The attack for the person that avoids network attack, although because network attack person can be with counterfeit switching probe messages, it can not know
Specific encryption rule, even if PE equipment can be responded, the first verification data of carrying also can not by authentication, this provides for improved
The security of switching working mode.
In addition, for first verification data and second checking data specific generating process, can use it is existing it is a variety of plus
Close algorithm generation, will not be described in detail herein.
It is illustrative to the first authentication mode with reference to a concrete application scene:
Assuming that after PE equipment receives switching probe messages R, carried in the switching detection response message P sent to CB equipment
PE equipment receives the MAC Address (being referred to as SMAC1) of switching probe messages R port, PE equipment is receiving switching probe messages R
Caused random number A and PE equipment are receiving timestamp B caused by switching probe messages R, afterwards, start timing
Device, the response of CB equipment is waited in the preset time of timing.
At the same time, PE equipment extracts CB equipment from the switching probe messages R received and sends switching probe messages R
Port MAC Address (be referred to as SMAC2), and according to built-in encryption rule, using certain AES by random number A and
SMAC2 is encrypted to obtain character string A ' (A '=S1 (A, SMAC2), S1 are certain AES), is calculated using another kind encryption
Timestamp B and SMAC1 are encrypted to obtain character string B ' by method, and (B '=S2 (B, SMAC1), S2 are another AES, example
Such as HASH algorithms).Finally it is encrypted to obtain character string X (X=D (A ', B ') to A ' and B ', D is certain AES), by word
Symbol string X is as the second checking data.
Correspondingly, after CB equipment receives switching detection response message P, CB equipment can extract from the message P received
SMAC1, random number A and timestamp B, random number A and SMAC2 are encrypted according to built-in encryption rule, and using S1
Character string A ' (A '=S1 (A, SMAC2), SMAC2 are the MAC Address for the port that CB equipment sends switching probe messages R) is obtained,
Timestamp B and SMAC1 are encrypted using S2 to obtain character string B ' (B '=S2 (B, SMAC1)).Then, CB equipment passes through certain
AES is encrypted to obtain character string Y (Y=E (A ', B ') to character string A ' and character string B ', and E is certain AES),
This character string is carried as first verification data and responded in switching detection confirmation message Q.
Afterwards, the X of itself generation and switching detection can be confirmed report by PE equipment after switching detection confirmation message Q is received
Y in literary Q is compared, if comparison result meets preparatory condition, (this preparatory condition is set in advance according to corresponding AES
Put), it is determined that first verification data carries out follow-up mode of operation switching action by authentication;If comparison result is not met
Preparatory condition, the switching detection for being also considered as this mode of operation are illegal detection, and follow-up PE equipment still keeps current independent fortune
Row mode, and switching probe messages are done into discard processing.Herein, this preparatory condition can be first verification data and the second checking
Data are identical or the two meets certain operation rule.
Second of authentication mode, the encryption parameter or the encryption parameter of itself of PE equipment utilizations itself and CB equipment
Partial parameters in encryption parameter, first verification data is decrypted;Encryption parameter or the encryption of itself using itself
Data after decryption are authenticated by the parameter in the encryption parameter of parameter and CB equipment in addition to partial parameters.
Under this authentication mode, if PE equipment is according to two encryption parameters, first verification data is authenticated,
So, PE equipment can first select one from the two encryption parameters, and first verification data is decrypted, and then will
Parameter in the two encryption parameters in addition to the parameter of selection, it is compared with the encryption parameter after decryption, such as compares two
Whether person is consistent, and determines whether first verification data passes through authentication according to comparison result.
If PE equipment is according to more than two encryption parameters, first verification data is authenticated, then, PE equipment
The checking data that can be generated according to partial parameters in more than two encryption parameters, first verification data is decrypted, it
Afterwards, then by the parameter in more than two encryption parameters in addition to partial parameters the checking data generated, with the data after decryption
It is compared, and determines whether first verification data passes through authentication according to comparison result.
Certainly, in this case, some parameter that PE equipment can also be in more than two encryption parameters, to
One checking data are decrypted, and then are tested what the parameter in more than two encryption parameters in addition to some parameter generated
Data are demonstrate,proved, are compared with the data after decryption, and determine whether first verification data passes through authentication according to comparison result.
It is illustrative to second of authentication mode with reference to the application scenarios under the first authentication mode:
It is with the application scenarios identical under the first authentication mode:CB equipment generates Y process.With the first authentication side
Unlike application scenarios under formula:After PE equipment receives switching probe messages, X process is not generated.
In such a scenario, PE equipment can apply certain decipherment algorithm to switching after switching detection confirmation message Q is received
The Y carried in detection confirmation message Q, which is decrypted, draws A " (A "=D (Y, B '), and D is certain decipherment algorithm), afterwards, PE equipment
Obtained character string A ' is encrypted to A " and by algorithm S1 by random number A and SMAC2 again, and (A '=S1 (A, SMAC2), S1 are
Certain algorithm) it is compared, if comparison result meets preparatory condition, it is determined that first verification data is carried out follow-up by authentication
Mode of operation switching action;If comparison result does not meet preparatory condition, the switching detection for being also considered as this mode of operation is non-
Method detects, and follow-up PE equipment still keeps current independent operation mode, and switching probe messages are done into discard processing.
S103, after authentication passes through, ports-Extending is switched to run mould by independent operation mode the mode of operation of itself
Formula.
The PE equipment that the present invention is can be seen that by above flow is receiving the switching probe messages from CB equipment
When, itself encryption parameter is carried and is sent to CB equipment in detection response message is switched, with reference to itself encryption parameter or
The encryption parameter of person itself and the encryption parameter of CB equipment, the switching from CB equipment received in preset time is detected
The first verification data carried in confirmation message is authenticated, and just by the mode of operation of itself by independently transporting after authentication passes through
Row mode switches to ports-Extending operational mode.So that the PE equipment for operating in independent operation mode is avoided because in by network
Mode of operation switches caused by the attack of counterfeit switching probe messages, is ensureing PE equipment plug and play simplicities and ease for use
On the basis of improve PE equipment mode of operation switching security.
To achieve the above objectives, the invention also provides a kind of PE equipment, as shown in Fig. 2 PE equipment applications are in including
In the system of itself and CB equipment, including:
Respond module 210, for when receiving the switching probe messages from CB equipment, by the encryption parameter of PE equipment
Carrying is sent to CB equipment in detection response message is switched;
Authentication module 220, when detecting confirmation message for receiving switching from CB equipment in preset time, then root
Encryption according to the CB equipment carried in the encryption parameter of PE equipment or the encryption parameter of PE equipment and switching probe messages is joined
Number, the first verification data that carries in confirmation message is detected to switching and is authenticated, first verification data is CB equipment according to cutting
Change the encryption parameter of the PE equipment carried in detection response message or the encryption parameter of PE equipment and the encryption parameter life of itself
Into;
Handover module 230, for after authentication module 220 confirms that authentication passes through, by the mode of operation of PE equipment by independence
Operational mode switches to ports-Extending operational mode.
In specific application scenarios, above-mentioned authentication module 220, specifically for being PE equipment in the encryption parameter of PE equipment
Receive switching probe messages caused by random number, PE equipment receive switching probe messages caused by timestamp,
And PE equipment receive switching probe messages port address information at least two encryption parameters when, according to PE equipment
The ground of the source port of the switching probe messages carried in the encryption parameter and switching probe messages of encryption parameter or PE equipment
Location information, the first verification data carried in confirmation message is detected to switching and authenticated;Or the encryption parameter in PE equipment
For one of random number and timestamp when, detected according to the switching that carries in the encryption parameter of PE equipment and switching probe messages
The address information of the source port of message, the first verification data carried in confirmation message is detected to switching and authenticated.
In specific application scenarios, above-mentioned authentication module 220, specifically for by the encryption parameter according to PE equipment or
The encryption parameter of person's PE equipment and the second checking data of the encryption parameter generation of CB equipment, are compared with first verification data, and
When comparison result meets preparatory condition, determine that first verification data passes through authentication.
In specific application scenarios, above-mentioned authentication module 220, specifically for using PE equipment encryption parameter or
Partial parameters in the encryption parameter of PE equipment and the encryption parameter of CB equipment, first verification data is decrypted, and utilizes
Ginseng in the encryption parameter of PE equipment or the encryption parameter of PE equipment and the encryption parameter of CB equipment in addition to partial parameters
Data after decryption are authenticated by number.
In specific application scenarios, above-mentioned handover module 230 is additionally operable to not receive in preset time and set from CB
Standby switching detection confirmation message, or authentication module 220 confirm authentication not by when, keep current independent operating mould
Formula.
Through the above description of the embodiments, those skilled in the art can be understood that the present invention can lead to
Hardware realization is crossed, the mode of necessary general hardware platform can also be added by software to realize.Based on such understanding, this hair
Bright technical scheme can be embodied in the form of software product, and the software product can be stored in a non-volatile memories
In medium (can be CD-ROM, USB flash disk, mobile hard disk etc.), including some instructions are causing a computer equipment (can be
Personal computer, server, or network equipment etc.) perform method described in each implement scene of the present invention.
It will be appreciated by those skilled in the art that accompanying drawing is a schematic diagram for being preferable to carry out scene, module in accompanying drawing or
Flow is not necessarily implemented necessary to the present invention.
It will be appreciated by those skilled in the art that the module in device in implement scene can be described according to implement scene into
Row is distributed in the device of implement scene, can also carry out one or more dresses that respective change is disposed other than this implement scene
In putting.The module of above-mentioned implement scene can be merged into a module, can also be further split into multiple submodule.
The invention described above sequence number is for illustration only, does not represent the quality of implement scene.
Disclosed above is only several specific implementation scenes of the present invention, and still, the present invention is not limited to this, Ren Heben
What the technical staff in field can think change should all fall into protection scope of the present invention.
Claims (10)
1. a kind of Working mode switching method, it is characterised in that methods described is applied to include ports-Extending PE equipment and control
In the system of bridge CB equipment processed, methods described includes:
The encryption parameter of itself is carried and cut when receiving the switching probe messages from the CB equipment by the PE equipment
Change in detection response message and be sent to the CB equipment;
If receiving the switching detection confirmation message from the CB equipment in preset time, joined according to the encryption of itself
The encryption parameter of the CB equipment carried in number or the encryption parameter of itself and the switching probe messages, cuts to described
Change in detection confirmation message the first verification data carried to be authenticated, the first verification data is the CB equipment according to institute
State the encryption parameter of the PE equipment carried in switching detection response message or the encryption parameter of the PE equipment and itself
Encryption parameter generation;
After authentication passes through, the mode of operation of itself is switched into ports-Extending operational mode by independent operation mode.
2. the method as described in claim 1, it is characterised in that the PE equipment according to the encryption parameter of itself or itself
Encryption parameter and the switching probe messages in the encryption parameter of the CB equipment that carries, report is confirmed to the switching detection
The first verification data carried in text is authenticated, and is specifically included:
If the encryption parameter of the PE equipment be the PE equipment receive it is described switching probe messages caused by random number,
The PE equipment timestamp and PE equipment caused by receive the switching probe messages receive the switching and visited
Observe and predict at least two encryption parameters in the address information of the port of text, then the PE equipment according to itself encryption parameter or
The address letter of the source port of the switching probe messages carried in the encryption parameter of person itself and the switching probe messages
Breath, the first verification data carried in the switching detection confirmation message is authenticated;
If the encryption parameter of the PE equipment is one of the random number and the timestamp, the PE equipment is according to certainly
The address information of the source port of the switching probe messages carried in the encryption parameter of body and the switching probe messages is right
The first verification data carried in the switching detection confirmation message is authenticated.
3. method as claimed in claim 2, it is characterised in that the PE equipment is by following manner to the described first checking number
According to being authenticated:
The PE equipment is by according to the encryption parameter of itself or the encryption parameter of itself and the life of the encryption parameter of the CB equipment
Into second checking data, compared with the first verification data;
When comparison result meets preparatory condition, determine that the first verification data passes through authentication.
4. method as claimed in claim 2, it is characterised in that the PE equipment is by following manner to the described first checking number
According to being authenticated:
In the encryption parameter or the encryption parameter of itself of the PE equipment utilizations itself and the encryption parameter of the CB equipment
Partial parameters, the first verification data is decrypted;
Using in the encryption parameter of itself or the encryption parameter of itself and the encryption parameter of the CB equipment remove partial parameters it
Outer parameter, the data after decryption are authenticated.
5. the method as described in claim any one of 1-4, it is characterised in that methods described also includes:
The PE equipment does not receive the switching detection confirmation message from the CB equipment, Huo Zhe in the preset time
Authentication not by when, keep current independent operation mode.
6. a kind of ports-Extending PE equipment, it is characterised in that the PE equipment applications are in including itself and control bridge CB equipment
System in, including:
Respond module, for when receiving the switching probe messages from the CB equipment, the encryption of the PE equipment to be joined
Number carries and the CB equipment is sent in detection response message is switched;
Authentication module, when detecting confirmation message for receiving switching from the CB equipment in preset time, then basis
The CB carried in the encryption parameter and the switching probe messages of the encryption parameter of the PE equipment or the PE equipment
The encryption parameter of equipment, the first verification data carried in the switching detection confirmation message is authenticated, described first tests
Card data are encryption parameter of the CB equipment according to the PE equipment carried in the switching detection response message or institute
State PE equipment encryption parameter and itself encryption parameter generation;
Handover module, for after the authentication module confirms that authentication passes through, by the mode of operation of the PE equipment by independently transporting
Row mode switches to ports-Extending operational mode.
7. equipment as claimed in claim 6, it is characterised in that
The authentication module, the switching spy is being received for the PE equipment specifically for the encryption parameter in the PE equipment
Observe and predict random number caused by text, the PE equipment is receiving timestamp and described caused by the switching probe messages
When PE equipment receives at least two encryption parameter in the address information of the port of the switching probe messages, according to the PE
The switching detection carried in the encryption parameter and the switching probe messages of the encryption parameter of equipment or the PE equipment
The address information of the source port of message, the first verification data carried in the switching detection confirmation message is authenticated;
Or
When the encryption parameter of the PE equipment is one of the random number and the timestamp, according to the PE equipment
The address information of the source port of the switching probe messages carried in encryption parameter and the switching probe messages, to described
The first verification data carried in switching detection confirmation message is authenticated.
8. equipment as claimed in claim 7, it is characterised in that
The authentication module, specifically for by the encryption parameter of the encryption parameter according to the PE equipment or the PE equipment
And the second checking data of the encryption parameter generation of the CB equipment, compared with the first verification data, and in comparison result
When meeting preparatory condition, determine that the first verification data passes through authentication.
9. equipment as claimed in claim 7, it is characterised in that the authentication module, specifically for utilizing the PE equipment
Partial parameters in the encryption parameter of the encryption parameter and the CB equipment of encryption parameter or the PE equipment, to described
One checking data are decrypted, and utilize the encryption parameter or the encryption parameter of the PE equipment of the PE equipment and described
Parameter in the encryption parameter of CB equipment in addition to partial parameters, the data after decryption are authenticated.
10. the equipment as described in claim any one of 6-9, it is characterised in that
The handover module, it is additionally operable to not receive the switching detection from the CB equipment in the preset time and confirms report
Text, or the authentication module confirm authentication not by when, keep current independent operation mode.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410692567.XA CN104468540B (en) | 2014-11-26 | 2014-11-26 | A kind of Working mode switching method and PE equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410692567.XA CN104468540B (en) | 2014-11-26 | 2014-11-26 | A kind of Working mode switching method and PE equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104468540A CN104468540A (en) | 2015-03-25 |
| CN104468540B true CN104468540B (en) | 2018-04-06 |
Family
ID=52913912
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410692567.XA Active CN104468540B (en) | 2014-11-26 | 2014-11-26 | A kind of Working mode switching method and PE equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104468540B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107959584B (en) * | 2017-10-31 | 2021-07-02 | 新华三技术有限公司 | Information configuration method and device |
| CN114866303B (en) * | 2022-04-26 | 2023-05-26 | 武昌理工学院 | Anti-hijacking detection signal authentication method |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103746816A (en) * | 2014-02-18 | 2014-04-23 | 飞天诚信科技股份有限公司 | Multifunctional authenticator and working method thereof |
| CN104158709A (en) * | 2014-08-06 | 2014-11-19 | 杭州华三通信技术有限公司 | Optical module identification method and port extender |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101394361B (en) * | 2008-11-10 | 2011-07-27 | 杭州华三通信技术有限公司 | Packet transmission method, device and system |
-
2014
- 2014-11-26 CN CN201410692567.XA patent/CN104468540B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103746816A (en) * | 2014-02-18 | 2014-04-23 | 飞天诚信科技股份有限公司 | Multifunctional authenticator and working method thereof |
| CN104158709A (en) * | 2014-08-06 | 2014-11-19 | 杭州华三通信技术有限公司 | Optical module identification method and port extender |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104468540A (en) | 2015-03-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3068093B1 (en) | Security authentication method and bidirectional forwarding detection method | |
| US10601801B2 (en) | Identity authentication method and apparatus | |
| EP3197121B1 (en) | Information security realizing method and system based on digital certificate | |
| CN112019332A (en) | Encryption and decryption method based on micro-service, API gateway system and equipment | |
| CN109413010B (en) | Terminal authentication method, device and system | |
| CN106790156A (en) | A kind of smart machine binding method and device | |
| US20160227413A1 (en) | Terminal, Network Locking and Network Uunlocking Method for Same, and Storage Medium | |
| CN107368737A (en) | A kind of processing method for preventing copy-attack, server and client | |
| CN111178884A (en) | Information processing method, device, equipment and readable storage medium | |
| CN104468571A (en) | Configuration file backup and recovery method and system | |
| WO2013189330A2 (en) | Data backup and recovery method and system for mobile terminal | |
| CN102571488B (en) | Failure processing method, device and system for encryption card | |
| CN104468540B (en) | A kind of Working mode switching method and PE equipment | |
| CN105787376A (en) | Data security access method and apparatus | |
| CN106941418B (en) | SSL VPN configuration information synchronization method and device | |
| CN104993932A (en) | Method for improving signature safety | |
| CN104284333A (en) | Mobile terminal personal data encryption backing-up, recovering and synchronizing controlling method and device | |
| CN105391741A (en) | Access device safety control method, device and system | |
| CN103384249A (en) | Network access authentication method, device and system and authentication server | |
| CN112487380A (en) | Data interaction method, device, equipment and medium | |
| CN106537962B (en) | Wireless network configuration, access and access method, device and equipment | |
| CN107404476A (en) | The guard method of data safety and device in big data cloud environment | |
| CN105357670B (en) | A kind of router | |
| CN105610667B (en) | The method and apparatus for establishing Virtual Private Network channel | |
| CN106998327A (en) | A kind of connection control method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| EXSB | Decision made by sipo to initiate substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Address after: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Applicant after: Xinhua three Technology Co., Ltd. Address before: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Applicant before: Huasan Communication Technology Co., Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |