CN105610667A - Method and device for establishing channel of virtual private network - Google Patents

Method and device for establishing channel of virtual private network Download PDF

Info

Publication number
CN105610667A
CN105610667A CN201510979993.6A CN201510979993A CN105610667A CN 105610667 A CN105610667 A CN 105610667A CN 201510979993 A CN201510979993 A CN 201510979993A CN 105610667 A CN105610667 A CN 105610667A
Authority
CN
China
Prior art keywords
private network
virtual private
network equipment
passage
registrar
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201510979993.6A
Other languages
Chinese (zh)
Other versions
CN105610667B (en
Inventor
李小勇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Huayun Zhongsheng Technology Co., Ltd
Original Assignee
SHENZHEN HUACHENGFENG ELECTRONICS INDUSTRY Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by SHENZHEN HUACHENGFENG ELECTRONICS INDUSTRY Co Ltd filed Critical SHENZHEN HUACHENGFENG ELECTRONICS INDUSTRY Co Ltd
Priority to CN201510979993.6A priority Critical patent/CN105610667B/en
Publication of CN105610667A publication Critical patent/CN105610667A/en
Application granted granted Critical
Publication of CN105610667B publication Critical patent/CN105610667B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0478Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/1066Session management
    • H04L65/1073Registration or de-registration

Abstract

This invention relates to a method for establishing a channel of a virtual private network. The method comprises the following steps of sending a registration request of a virtual private network equipment carrying a physical identifier of a first virtual private network equipment to a register server; receiving a secret key, which is corresponding to the physical identifier of the first virtual private network equipment and is returned by the register server according to the registration request of the virtual private network equipment, and an address of a second virtual private network equipment; encrypting information required for establishing the channel of the virtual private network according to the secret key to acquire encrypted information; and sending the encrypted information to the second virtual private network equipment according to the address of the second virtual private network equipment to enable the second virtual private network equipment to decode the encrypted information by the secret key acquired from the register server to establish the channel of the virtual private network. By adopting the method provided by the embodiment of the invention, the first virtual private network equipment is unnecessary to configure; when the first virtual private network equipment accesses the network, the channel of the virtual private network is established automatically; and thus, the channel of the virtual private network is established more simply and efficiently.

Description

Set up the method and apparatus of Virtual Private Network passage
Technical field
The present invention relates to virtual private network technology field, particularly relate to a kind of Virtual Private Network passage set upMethod and apparatus.
Background technology
Along with the fast development of internet, in common network, set up VPN (VirtualPrivateNetwork,Virtual Private Network) passage, can have access to Intranet resource whenever and wherever possible by VPN passage. Setting up VPNIn the conventional method of passage, be provided with vpn server, connect vpn server by internet, needVpn server is carried out to complicated configuration and set up VPN passage, the process of setting up VPN passage is more numerousTrivial.
Summary of the invention
Based on this, be necessary the problem loaded down with trivial details for the process of setting up Virtual Private Network passage, provide one to buildThe method and apparatus of vertical Virtual Private Network passage.
Set up a method for Virtual Private Network passage, described method comprises:
The Virtual Private Network facility registration request that carries the first Virtual Private Network equipment physical label is sent toRegistrar;
Receive described registrar request returned according to described Virtual Private Network facility registration with described firstThe address of the key that Virtual Private Network equipment physical label is corresponding and the second Virtual Private Network equipment;
Be encrypted acquisition enciphered message according to described key to setting up the required information of Virtual Private Network passage,And according to the address of described the second Virtual Private Network equipment by described enciphered message send to described second virtual speciallyUse net equipment, the key pair that described the second Virtual Private Network equipment utilization is got from described registrarDescribed enciphered message deciphers to set up Virtual Private Network passage.
In an embodiment, described method also comprises therein:
Described registrar extracts described first from the described Virtual Private Network facility registration request receivingVirtual Private Network equipment physical label, from described registrar search whether record described first virtual speciallyWith net equipment physical label, if extract corresponding with described the first Virtual Private Network equipment physical label closeThe address of key and described the second Virtual Private Network equipment also sends to described the first Virtual Private Network equipment.
In an embodiment, described method also comprises therein:
Described registrar extracts described the first Virtual Private Network equipment physical label, and looks in encryption libraryLook for the algorithm mark corresponding with described the first Virtual Private Network equipment physical label, according to the algorithm mark findingKnow corresponding key schedule and generate key.
In an embodiment, the described registrar of described reception is according to described Virtual Private Network equipment thereinThe key corresponding with described the first Virtual Private Network equipment physical label that registration request returns and second virtual speciallyAfter address with net equipment, also comprise:
Send first according to the address of described the second Virtual Private Network equipment to described the second Virtual Private Network equipmentThe digital certificate of Virtual Private Network equipment;
Receive described the second Virtual Private Network equipment to the feedback sending after being verified of described digital certificateInformation;
Carry out described required to setting up Virtual Private Network passage according to described key in response to described feedback informationInformation is encrypted the step that obtains enciphered message.
In an embodiment, described method also comprises therein:
In the time detecting that described Virtual Private Network passage interrupts, resend for setting up described virtual privateThe enciphered message in Netcom road is to re-establish described VPN passage;
In the time setting up the described Virtual Private Network passage frequency of failure and reach preset times, failure information is uploadedTo described registrar.
The above-mentioned method of setting up Virtual Private Network passage, in the time of the first Virtual Private Network equipment access network, toRegistrar sends the request of Virtual Private Network facility registration, in the request of Virtual Private Network facility registration, has carriedThe first Virtual Private Network equipment physical label, registrar receive the request of Virtual Private Network facility registration itAfter, the information of setting up Virtual Private Network passage corresponding with the first VPN device identification is sent toThe first Virtual Private Network equipment, the first Virtual Private Network equipment is according to the information and second of setting up Virtual Private NetworkVirtual Private Network equipment is set up Virtual Private Network passage. Like this, setting up in the process of Virtual Private Network passage,Do not need the first Virtual Private Network equipment to be configured, in the time of the first Virtual Private Network equipment access network,Can automatically set up Virtual Private Network passage, make to set up Virtual Private Network passage more simple, efficient.
Set up a device for Virtual Private Network passage, described device comprises:
Request sending module, for carrying the Virtual Private Network of the first Virtual Private Network equipment physical labelFacility registration request sends to registrar;
Set up information receiving module, note according to described Virtual Private Network equipment for receiving described registrarKey and second virtual private corresponding with described the first Virtual Private Network equipment physical label that volume request is returnedThe address of net equipment;
Path Setup module, for carrying out setting up the required information of Virtual Private Network passage according to described keyEncrypt and obtain enciphered message, and according to the address of described the second Virtual Private Network equipment, described enciphered message is sent outGive described the second Virtual Private Network equipment, described the second Virtual Private Network equipment utilization is taken from described registrationThe key that business device gets deciphers to set up Virtual Private Network passage to described enciphered message.
In an embodiment, described registrar is for establishing from the described Virtual Private Network receiving thereinIn standby registration request, extract described the first Virtual Private Network equipment physical label, search from described registrarWhether record described the first Virtual Private Network equipment physical label, if extract with described first virtual speciallyWith the address of key corresponding to net equipment physical label and described the second Virtual Private Network equipment and described in sending toThe first Virtual Private Network equipment.
In an embodiment, described registrar is used for extracting described the first Virtual Private Network equipment thereinPhysical label, and in encryption library, search the algorithm corresponding with described the first Virtual Private Network equipment physical labelMark, identifies corresponding key schedule according to the algorithm finding and generates key.
In an embodiment, described device also comprises therein:
Certificate sending module, for according to the address of described the second Virtual Private Network equipment to described second virtualPrivate network equipment sends the digital certificate of the first Virtual Private Network equipment;
Feedback information receiver module, for receiving described the second Virtual Private Network equipment to described digital certificateThe feedback information that is verified rear transmission;
Described Path Setup module also for carry out in response to described feedback information described according to described key to buildingThe vertical required information of Virtual Private Network passage is encrypted the step that obtains enciphered message.
In an embodiment, described device also comprises therein:
Passage re-establishes module, in the time detecting that described Virtual Private Network passage interrupts, again sends outSend enciphered message for setting up described Virtual Private Network passage to re-establish described Virtual Private Network rutonRoad;
Transmission module on failure information, for reaching default time when setting up the described Virtual Private Network passage frequency of failureWhen number, failure information is uploaded to described registrar.
The above-mentioned method of setting up Virtual Private Network passage, in the time of the first Virtual Private Network equipment access network, toRegistrar sends the request of Virtual Private Network facility registration, in the request of Virtual Private Network facility registration, has carriedThe first Virtual Private Network equipment physical label, registrar receive the request of Virtual Private Network facility registration itAfter, the information of setting up Virtual Private Network passage corresponding with the first VPN device identification is sent toThe first Virtual Private Network equipment, the first Virtual Private Network equipment is according to the information and second of setting up Virtual Private NetworkVirtual Private Network equipment is set up Virtual Private Network passage. Like this, setting up in the process of Virtual Private Network passage,Do not need the first Virtual Private Network equipment to be configured, in the time of the first Virtual Private Network equipment access network,Can automatically set up Virtual Private Network passage, make to set up Virtual Private Network passage more simple, efficient.
Brief description of the drawings
Fig. 1 is the applied environment figure of Virtual Private Network device registering system in an embodiment;
Fig. 2 is the schematic flow sheet of setting up the method for Virtual Private Network passage in an embodiment;
Fig. 3 is the schematic flow sheet of the step of Virtual Private Network device certificate checking in an embodiment;
Fig. 4 is the schematic flow sheet that re-establishes the step of Virtual Private Network passage in an embodiment;
Fig. 5 is the structured flowchart of setting up the device of Virtual Private Network passage in an embodiment;
Fig. 6 is the structured flowchart of setting up the device of Virtual Private Network passage in another embodiment;
Fig. 7 is the structured flowchart of setting up the device of Virtual Private Network passage in another embodiment.
Detailed description of the invention
In order to make object of the present invention, technical scheme and advantage clearer, below in conjunction with accompanying drawing and realityExecute example, the present invention is further elaborated. Only should be appreciated that specific embodiment described hereinOnly, in order to explain the present invention, be not intended to limit the present invention.
Fig. 1 is the applied environment figure that sets up Virtual Private Network channel system in an embodiment. Virtual Private NetworkDevice registering system comprises registrar 102, first network connection device 104, second network connection device106, the first Virtual Private Network equipment 108, the second Virtual Private Network equipment 110, first terminal 112 andTwo terminals 114. Wherein registrar 102 is connected to internet, and the first Virtual Private Network equipment 108 passes throughFirst network connection device 104 is connected to internet, and the second Virtual Private Network equipment 110 is special by secondNet equipment 106 is connected to internet, 106 of first network connection device 104 and second network connection devicesHolding the dynamic assignment network address, can be specifically switch or router. The first Virtual Private Network equipment 108With the second Virtual Private Network equipment 110 at the different network segments. First terminal 112 is that the first Virtual Private Network is establishedTerminal in the standby 108 place network segments, is connected with the first Virtual Private Network equipment 108 by network. Second eventuallyEnd 114 is terminals in the second Virtual Private Network equipment 110 place network segments, virtual special with second by networkConnect with net equipment 110.
As shown in Figure 2, in one embodiment, provide a kind of method of setting up Virtual Private Network passage, thisEmbodiment is applied to the first Virtual Private Network in the Virtual Private Network device registering system in Fig. 1 with the methodOn equipment 108, illustrate. The method specifically comprises the steps:
Step 202, please by the Virtual Private Network facility registration that carries the first Virtual Private Network equipment physical labelAsk and send to registrar.
Particularly, the first Virtual Private Network equipment 108 is being connected to by first network connection device 104 mutuallyWhen networking, the first Virtual Private Network equipment 108 obtains net from the address pool of first network connection device 104Network address and segment number. Segment number is the unique identification for distinguishing the network segment, and segment number specifically can be passed through netNetwork address and subnet mask are determined. The first Virtual Private Network equipment 108 is getting the network address and the network segmentAfter number, send the request of Virtual Private Network facility registration to registrar 102. Virtual Private Network equipment noteVolume request comprises the first Virtual Private Network equipment physical label, the network address and segment number. First is virtualPrivate network equipment physical label is the unique identification of the first Virtual Private Network equipment 108, can be specifically physicsAddress or factory number etc. The second Virtual Private Network equipment 110 is connecting by second network connection device 106While receiving internet, the second Virtual Private Network equipment 110 also can be from the address of second network connection device 106In pond, obtain the network address and segment number, and to registrar 102 send Virtual Private Network facility registration pleaseAsk. Registrar 102 receives after the request of Virtual Private Network facility registration, extracts Virtual Private Network equipmentInformation in registration request, and by the information of extracting and the first Virtual Private Network equipment physical label or secondVirtual Private Network equipment physical label corresponding stored.
In one embodiment, in registrar 102, can obtain in advance Virtual Private Network equipment physical labelAnd be stored in registrar 102, registrar 102 is receiving the first Virtual Private Network equipment 108The request of Virtual Private Network facility registration time, extract the first Virtual Private Network equipment physical label, whether searchStore the first Virtual Private Network equipment physical label, if find, extracted and the first virtual privateThe address of the key that net equipment physical label is corresponding and the second Virtual Private Network equipment and send to first virtual speciallyWith net equipment 108; If do not find, can return to the first Virtual Private Network equipment 108 letter of registration failureBreath.
Step 204, receives registrar request is returned according to Virtual Private Network facility registration virtual with firstThe address of the key that private network equipment physical label is corresponding and the second Virtual Private Network equipment.
Particularly, in registrar 102, be preset with and the first Virtual Private Network equipment physical label orKey corresponding to two Virtual Private Network equipment physical labels, and with the first Virtual Private Network equipment physical labelThe second corresponding Virtual Private Network equipment physical label, the second Virtual Private Network equipment 110 is for firstVirtual Private Network equipment 108 is set up the Virtual Private Network equipment of Virtual Private Network.
Registrar 102 receives the Virtual Private Network equipment note that the first Virtual Private Network equipment 108 sendsAfter volume request, by the information storage in the request of Virtual Private Network facility registration, and extract the first virtual privateNet equipment physical label is searched corresponding key and the second Virtual Private Network equipment physical label, and extracts and theThe network address and the net of the second Virtual Private Network equipment 110 that two Virtual Private Network equipment physical labels are correspondingSegment number, registrar 102 is by the network address of the key finding, the second Virtual Private Network equipment 110And segment number sends to the first Virtual Private Network equipment 108. Registrar 102 receive second virtualAfter the Virtual Private Network facility registration request that private network equipment 110 sends, will with the second Virtual Private Network equipmentThe network address of the key that physical label is corresponding and the first Virtual Private Network equipment 106 and segment number send toTwo Virtual Private Network equipment 110.
Step 206, is encrypted to obtain and adds secret letter setting up the required information of Virtual Private Network passage according to keyBreath, and according to the address of the second Virtual Private Network equipment, enciphered message is sent to the second Virtual Private Network equipment,The key that the second Virtual Private Network equipment utilization is got from registrar is deciphered to set up to enciphered messageVirtual Private Network passage.
Particularly, the first Virtual Private Network equipment 108 receives the key and that registrar 102 returnsBehind the network address of two Virtual Private Network equipment 110, utilize the key returning to setting up virtual private passage instituteThe information needing is encrypted, and sets up the required information of virtual private passage and specifically can comprise that setting up passage usesAES, random number and protocol version at least one. Protocol version can be specifically SSLThe version number of (SecureSocketsLayer, SSL) agreement. The first Virtual Private Network equipment 108By being encrypted generation enciphered message to setting up tunnel information needed, establish according to the second Virtual Private NetworkEnciphered message is sent to the second Virtual Private Network equipment 110 by standby 110 the network address. The second Virtual Private NetworkEquipment 110 utilizes the key getting from registrar 102 to be decrypted enciphered message, extracts whereinCome to set up and encrypt with the first Virtual Private Network equipment 108 for setting up the AES of Virtual Private Network passageVirtual Private Network passage. Virtual Private Network passage can be based on SSL (SecureSocketsLayer, safetySocket layer) agreement set up encrypted tunnel, AES can be specifically 3DES algorithm or AES256 algorithm.
In one embodiment, setting up the first Virtual Private Network equipment 108 place network segments and second virtualThe private network equipment 110 place network segments have been set up after VPN passage, the first Virtual Private Network equipment 108First terminal 112 in the network segment of place can directly be established by Virtual Private Network passage and the second Virtual Private NetworkThe second terminal 114 in the standby 110 place network segments communicates.
In the present embodiment, setting up in the process of Virtual Private Network passage, do not need the first Virtual Private NetworkEquipment is configured, and in the time of the first Virtual Private Network equipment access network, can automatically set up Virtual Private NetworkPassage, makes to set up Virtual Private Network passage more simple, efficient.
In one embodiment, this method of setting up Virtual Private Network also comprises: registrar extracts firstVirtual Private Network equipment physical label, and in encryption library, search and the first Virtual Private Network equipment physical labelCorresponding algorithm mark, identifies corresponding key schedule according to the algorithm finding and generates key.
Particularly, in registrar 102, be preset with encryption library, in encryption library, be provided with multiple for setting upThe AES in tunnel can be specifically that (DataEncryptionStandard-3, third generation data add 3DESData Encryption Standard) (AdvancedEncryptionStandard-256 uses 256 keys for algorithm, AES256Advanced Encryption Standard) algorithm and SHA (SecureHashAlgorithm, Secure Hash Algorithm) algorithm etc.,Every kind of algorithm has unique algorithm mark, and is provided with that Virtual Private Network equipment physical label and algorithm identifyCorresponding relation. When registrar 102 receives the void that carries the first Virtual Private Network equipment physical labelWhile intending the request of private network facility registration, search the algorithm mark corresponding with the first Virtual Private Network equipment physical labelKnow, and extraction algorithm identifies corresponding AES in encryption library, and generate according to the AES extractingCorresponding key.
In the present embodiment, by registrar 102, encryption library being set, can be according to different virtualPrivate network equipment physical label searches corresponding key schedule in encryption library, and according in encryption libraryDifferent key schedules generates different keys, and sets up different Virtual Private Network encrypted tunnels, makesVirtual Private Network encrypted tunnel is safer.
As shown in Figure 3, in one embodiment, provide a kind of method of setting up Virtual Private Network passage, shouldMethod specifically comprises the step of Virtual Private Network device certificate checking, and these step concrete steps are as follows:
Step 302, sends first according to the address of the second Virtual Private Network equipment to the second Virtual Private Network equipmentThe digital certificate of Virtual Private Network equipment.
Particularly, the first Virtual Private Network equipment 108 sends the first void to the second Virtual Private Network equipment 110Intend the digital certificate of private network equipment 108. In digital certificate, specifically comprise the first Virtual Private Network equipment 108Identity information, at least one in the period of validity of certificate signature and digital certificate.
Step 304, the second Virtual Private Network equipment that receives is to the feedback sending after being verified of digital certificateInformation.
Particularly, the second Virtual Private Network equipment 110 receives that the first Virtual Private Network equipment 108 sendsDigital certificate, the identity information in extraction digital certificate and certificate signature are to the first Virtual Private Network equipment 108Identity verify, after being verified, send to the first Virtual Private Network equipment 108 letter being verifiedBreath; If checking is not passed through, send authentication failed information to the first Virtual Private Network equipment 108.
Step 306, in response to feedback information, enters setting up the required information of Virtual Private Network passage according to keyRow is encrypted and is obtained enciphered message.
Particularly, the first Virtual Private Network equipment 108 receives the checking of the second Virtual Private Network equipment 110After information, the first Virtual Private Network equipment 108 can utilize key to setting up Virtual Private Network passage instituteThe information needing is encrypted generation enciphered message, and enciphered message is sent to the second Virtual Private Network equipment110。
In the present embodiment, by the second Virtual Private Network equipment 110 to the first Virtual Private Network equipment 108Digital certificate is verified, has increased the safety verification step before setting up Virtual Private Network passage, is testingCard by after could further set up Virtual Private Network passage, improved the security of Virtual Private Network passage.
As shown in Figure 4, in one embodiment, provide a kind of method of setting up Virtual Private Network passage, shouldMethod specifically also comprises the step that re-establishes Virtual Private Network passage, and this step is specific as follows:
Step 402, in the time detecting that Virtual Private Network passage interrupts, resends for setting up virtual privateThe enciphered message in Netcom road is to re-establish VPN passage.
Concrete, the first Virtual Private Network equipment 108 is detecting in the Virtual Private Network passage of having set upWhen disconnected, can extract enciphered message, and enciphered message is sent to the second Virtual Private Network equipment 110 againMake the second virtual patent network equipment 110 again decipher to re-establish Virtual Private Network passage to enciphered message.
In one embodiment, the first Virtual Private Network equipment 108 starts timing in the time sending enciphered message,Between institute's timing, reach Preset Time, Virtual Private Network passage is established not yet, and passage failure time set up in recordNumber, sends enciphered message again. Preset Time can be 3 seconds to 10 seconds, or 3 seconds to 5 seconds.
Step 404, in the time setting up the Virtual Private Network passage frequency of failure and reach preset times, by failure informationUpload to registrar.
Particularly, when the Virtual Private Network Path Setup frequency of failure of the first Virtual Private Network equipment 108While reaching preset times, failure information uploads to registrar 102. Failure information can comprise the first voidIntend private network equipment physical label, the network address of the first Virtual Private Network equipment 108, the second virtual privateAt least one in the network address of net equipment physical label and the second Virtual Private Network equipment 110.
In the present embodiment, in the time that the first Virtual Private Network equipment 108 detects that Virtual Private Network passage interrupts,Re-establish Virtual Private Network passage, to ensure the unimpeded of Virtual Private Network passage, improved Virtual Private NetworkThe security reliability of passage.
As shown in Figure 5, in one embodiment, provide a kind of device 500 of setting up Virtual Private Network passage,This device comprises: request sending module 502, set up information receiving module 504 and Path Setup module 506.
Request sending module 502, for carrying the virtual private of the first Virtual Private Network equipment physical labelThe request of net facility registration sends to registrar.
Set up information receiving module 504, for receiving registrar according to the request of Virtual Private Network facility registrationThe key corresponding with the first Virtual Private Network equipment physical label returning and the ground of the second Virtual Private Network equipmentLocation.
Path Setup module 506, for adding setting up the required information of Virtual Private Network passage according to keyClose acquisition enciphered message, and according to the address of the second Virtual Private Network equipment, enciphered message is sent to the second voidIntend private network equipment, make key that the second Virtual Private Network equipment utilization gets from registrar to encryptingDecrypts information is to set up Virtual Private Network passage.
In the present embodiment, setting up in the process of Virtual Private Network passage, do not need the first Virtual Private NetworkEquipment is configured, and in the time of the first Virtual Private Network equipment access network, can automatically set up Virtual Private NetworkPassage, makes to set up Virtual Private Network passage more simple, efficient.
In one embodiment, registrar is for the Virtual Private Network facility registration request from receivingExtract the first Virtual Private Network equipment physical label, from registrar search whether record first virtual speciallyWith net equipment physical label, if extract the key corresponding with the first Virtual Private Network equipment physical label withThe address of the second Virtual Private Network equipment also sends to the first Virtual Private Network equipment.
In the present embodiment, registrar 106 extracts Virtual Private Network equipment physical label from registration request,With the identity of checking Virtual Private Network equipment, after being verified, return to the letter of setting up Virtual Private Network passageBreath, the information security of Virtual Private Network passage is set up in guarantee.
In one embodiment, registrar is used for extracting the first Virtual Private Network equipment physical label, andIn encryption library, search the algorithm mark corresponding with the first Virtual Private Network equipment physical label, according to findingAlgorithm identify corresponding key schedule and generate key.
In the present embodiment, by registrar 102, encryption library being set, can be according to different virtualPrivate network equipment physical label searches corresponding key schedule in encryption library, and according in encryption libraryDifferent key schedules generates different keys, and sets up different Virtual Private Network encrypted tunnels, makesVirtual Private Network encrypted tunnel is safer.
As shown in Figure 6, in one embodiment, set up Virtual Private Network lane device 500 and also comprise: cardBook sending module 508 and feedback information receiver module 510.
Certificate sending module 508, for according to the address of the second Virtual Private Network equipment to the second Virtual Private NetworkEquipment sends the digital certificate of the first Virtual Private Network equipment.
Feedback information receiver module 510, for receiving the second Virtual Private Network equipment in the checking to digital certificateBy the feedback information of rear transmission.
Path Setup module 508 is also in response to feedback information, according to key to setting up virtual private NetcomThe required information in road is encrypted acquisition enciphered message.
In the present embodiment, by the second Virtual Private Network equipment 110 to the first Virtual Private Network equipment 108Digital certificate is verified, has increased the safety verification step before setting up Virtual Private Network passage, is testingCard by after could further set up Virtual Private Network passage, improved the security of Virtual Private Network passage.
As shown in Figure 7, in one embodiment, the device 500 of setting up Virtual Private Network passage also comprises:Passage re-establishes transmission module 514 on module 512 and failure information.
Passage re-establishes module 512, in the time detecting that Virtual Private Network passage interrupts, resendsThe enciphered message that is used for setting up Virtual Private Network passage is to re-establish VPN passage.
Transmission module 514 on failure information, for reaching preset times when setting up the Virtual Private Network passage frequency of failureTime, failure information is uploaded to registrar.
In the present embodiment, in the time that the first Virtual Private Network equipment 108 detects that Virtual Private Network passage interrupts,Re-establish Virtual Private Network passage, to ensure the unimpeded of Virtual Private Network passage, improved Virtual Private NetworkThe security reliability of passage, and failure information is uploaded to registrar 102, commissioning staff can be according to mistakeThe information of losing is fixed a breakdown.
Each technical characterictic of the above embodiment can combine arbitrarily, for making to describe succinctly, not rightThe all possible combination of each technical characterictic in above-described embodiment is all described, but, as long as these skillsThere is not contradiction in the combination of art feature, is all considered to be the scope that this description is recorded.
The above embodiment has only expressed several embodiment of the present invention, and it describes comparatively concrete and detailed,But can not therefore be construed as limiting the scope of the patent. It should be pointed out that for this areaThose of ordinary skill, without departing from the inventive concept of the premise, can also make some distortion and changeEnter, these all belong to protection scope of the present invention. Therefore, the protection domain of patent of the present invention should be with appended powerProfit requires to be as the criterion.

Claims (10)

1. set up a method for Virtual Private Network passage, described method comprises:
The Virtual Private Network facility registration request that carries the first Virtual Private Network equipment physical label is sent toRegistrar;
Receive described registrar request returned according to described Virtual Private Network facility registration with described firstThe address of the key that Virtual Private Network equipment physical label is corresponding and the second Virtual Private Network equipment;
Be encrypted acquisition enciphered message according to described key to setting up the required information of Virtual Private Network passage,And according to the address of described the second Virtual Private Network equipment by described enciphered message send to described second virtual speciallyUse net equipment, the key pair that described the second Virtual Private Network equipment utilization is got from described registrarDescribed enciphered message deciphers to set up Virtual Private Network passage.
2. method according to claim 1, is characterized in that, described method also comprises:
Described registrar extracts described first from the described Virtual Private Network facility registration request receivingVirtual Private Network equipment physical label, from described registrar search whether record described first virtual speciallyWith net equipment physical label, if extract corresponding with described the first Virtual Private Network equipment physical label closeThe address of key and described the second Virtual Private Network equipment also sends to described the first Virtual Private Network equipment.
3. method according to claim 1, is characterized in that, described method also comprises:
Described registrar extracts described the first Virtual Private Network equipment physical label, and looks in encryption libraryLook for the algorithm mark corresponding with described the first Virtual Private Network equipment physical label, according to the algorithm mark findingKnow corresponding key schedule and generate key.
4. method according to claim 1, is characterized in that, the described registrar root of described receptionThat return according to the request of described Virtual Private Network facility registration and described the first Virtual Private Network equipment physical label pairAfter the address of the key of answering and the second Virtual Private Network equipment, also comprise:
Send first according to the address of described the second Virtual Private Network equipment to described the second Virtual Private Network equipmentThe digital certificate of Virtual Private Network equipment;
Receive described the second Virtual Private Network equipment to the feedback sending after being verified of described digital certificateInformation;
Carry out described required to setting up Virtual Private Network passage according to described key in response to described feedback informationInformation is encrypted the step that obtains enciphered message.
5. method according to claim 1, is characterized in that, described method also comprises:
In the time detecting that described Virtual Private Network passage interrupts, resend for setting up described virtual privateThe enciphered message in Netcom road is to re-establish described VPN passage;
In the time setting up the described Virtual Private Network passage frequency of failure and reach preset times, failure information is uploadedTo described registrar.
6. a device of setting up Virtual Private Network passage, is characterized in that, described device comprises:
Request sending module, for carrying the Virtual Private Network of the first Virtual Private Network equipment physical labelFacility registration request sends to registrar;
Set up information receiving module, note according to described Virtual Private Network equipment for receiving described registrarKey and second virtual private corresponding with described the first Virtual Private Network equipment physical label that volume request is returnedThe address of net equipment;
Path Setup module, for carrying out setting up the required information of Virtual Private Network passage according to described keyEncrypt and obtain enciphered message, and according to the address of described the second Virtual Private Network equipment, described enciphered message is sent outGive described the second Virtual Private Network equipment, described the second Virtual Private Network equipment utilization is taken from described registrationThe key that business device gets deciphers to set up Virtual Private Network passage to described enciphered message.
7. device according to claim 6, is characterized in that, described registrar is used for from receivingTo the request of described Virtual Private Network facility registration in extract described the first Virtual Private Network equipment physical label,Search whether record described the first Virtual Private Network equipment physical label from described registrar, ifExtracting key and described second Virtual Private Network corresponding with described the first Virtual Private Network equipment physical label establishesStandby address also sends to described the first Virtual Private Network equipment.
8. device according to claim 6, is characterized in that, described registrar is used for extracting instituteState the first Virtual Private Network equipment physical label, and in encryption library, search with described the first Virtual Private Network and establishThe algorithm mark that standby physical label is corresponding, identifies corresponding key schedule according to the algorithm finding rawBecome key.
9. device according to claim 6, is characterized in that, described device also comprises:
Certificate sending module, for according to the address of described the second Virtual Private Network equipment to described second virtualPrivate network equipment sends the digital certificate of the first Virtual Private Network equipment;
Feedback information receiver module, for receiving described the second Virtual Private Network equipment to described digital certificateThe feedback information that is verified rear transmission;
Described Path Setup module also for carry out in response to described feedback information described according to described key to buildingThe vertical required information of Virtual Private Network passage is encrypted the step that obtains enciphered message.
10. device according to claim 6, is characterized in that, described device also comprises:
Passage re-establishes module, in the time detecting that described Virtual Private Network passage interrupts, again sends outSend enciphered message for setting up described Virtual Private Network passage to re-establish described Virtual Private Network rutonRoad;
Transmission module on failure information, for reaching default time when setting up the described Virtual Private Network passage frequency of failureWhen number, failure information is uploaded to described registrar.
CN201510979993.6A 2015-12-23 2015-12-23 The method and apparatus for establishing Virtual Private Network channel Active CN105610667B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510979993.6A CN105610667B (en) 2015-12-23 2015-12-23 The method and apparatus for establishing Virtual Private Network channel

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510979993.6A CN105610667B (en) 2015-12-23 2015-12-23 The method and apparatus for establishing Virtual Private Network channel

Publications (2)

Publication Number Publication Date
CN105610667A true CN105610667A (en) 2016-05-25
CN105610667B CN105610667B (en) 2019-01-25

Family

ID=55990212

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510979993.6A Active CN105610667B (en) 2015-12-23 2015-12-23 The method and apparatus for establishing Virtual Private Network channel

Country Status (1)

Country Link
CN (1) CN105610667B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019242730A1 (en) * 2018-06-22 2019-12-26 维沃移动通信有限公司 Network access method, terminal, and network side network element
CN110995564A (en) * 2019-12-31 2020-04-10 北京天融信网络安全技术有限公司 Message transmission method, device and secure network system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101557337A (en) * 2009-05-04 2009-10-14 成都市华为赛门铁克科技有限公司 Network tunnel establishing method, data transmission method, communication system and relevant equipment
CN101697522A (en) * 2009-10-16 2010-04-21 深圳华为通信技术有限公司 Virtual private network networking method, communication system and related equipment
CN103944795A (en) * 2013-01-18 2014-07-23 正文科技股份有限公司 Virtual private network communication system, routing devices and method thereof

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101557337A (en) * 2009-05-04 2009-10-14 成都市华为赛门铁克科技有限公司 Network tunnel establishing method, data transmission method, communication system and relevant equipment
CN101697522A (en) * 2009-10-16 2010-04-21 深圳华为通信技术有限公司 Virtual private network networking method, communication system and related equipment
CN103944795A (en) * 2013-01-18 2014-07-23 正文科技股份有限公司 Virtual private network communication system, routing devices and method thereof

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019242730A1 (en) * 2018-06-22 2019-12-26 维沃移动通信有限公司 Network access method, terminal, and network side network element
CN110636506A (en) * 2018-06-22 2019-12-31 维沃移动通信有限公司 Network access method, terminal and network side network element
CN110995564A (en) * 2019-12-31 2020-04-10 北京天融信网络安全技术有限公司 Message transmission method, device and secure network system
CN110995564B (en) * 2019-12-31 2021-11-12 北京天融信网络安全技术有限公司 Message transmission method, device and secure network system

Also Published As

Publication number Publication date
CN105610667B (en) 2019-01-25

Similar Documents

Publication Publication Date Title
KR101508360B1 (en) Apparatus and method for transmitting data, and recording medium storing program for executing method of the same in computer
WO2018040758A1 (en) Authentication method, authentication apparatus and authentication system
TW201706900A (en) Method and device for authentication using dynamic passwords
US10791106B2 (en) Digital credential with embedded authentication instructions
CN102026180A (en) M2M transmission control method, device and system
CN112953707A (en) Key encryption method, decryption method, data encryption method and decryption method
CN104836784A (en) Information processing method, client, and server
CN105721903A (en) Method and system for playing online videos
CN104901940A (en) 802.1X network access method based on combined public key cryptosystem (CPK) identity authentication
CN106576237A (en) Mobility management entity, home server, terminal, and identity authentication system and method
CN104468126A (en) Safety communication system and method
CN105007163A (en) Pre-shared key (PSK) transmitting and acquiring methods and transmitting and acquiring devices
CN101895881A (en) Method for realizing GBA secret key and pluggable equipment of terminal
CN109451504B (en) Internet of things module authentication method and system
CN111901303A (en) Device authentication method and apparatus, storage medium, and electronic apparatus
CN111327561B (en) Authentication method, system, authentication server, and computer-readable storage medium
CN103152326A (en) Distributed authentication method and authentication system
CN113965425B (en) Access method, device and equipment of Internet of things equipment and computer readable storage medium
CN105610667A (en) Method and device for establishing channel of virtual private network
CN113302895B (en) Method and apparatus for authenticating a group of wireless communication devices
CN104901967A (en) Registration method for trusted device
US8948389B2 (en) Wireless network connection method, wireless network apparatus and wireless network access point (AP) applying the method
CN106537962B (en) Wireless network configuration, access and access method, device and equipment
KR101745482B1 (en) Communication method and apparatus in smart-home system
CN108400967B (en) Authentication method and authentication system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right

Effective date of registration: 20181116

Address after: 518000 Fifth Floor, Devison Building, No. 16 South 7th High-tech Road, Nanshan District, Shenzhen City, Guangdong Province

Applicant after: Shenzhen Huayun Zhongsheng science and Technology Co Ltd

Address before: 518000 7th Floor, Devison Building, 16 South Seven High-tech Road, Nanshan District, Shenzhen City, Guangdong Province

Applicant before: SHENZHEN HUACHENGFENG ELECTRONICS INDUSTRY CO., LTD.

TA01 Transfer of patent application right
GR01 Patent grant
GR01 Patent grant
CP03 Change of name, title or address

Address after: Room 701, building 11, Shenzhen Software Park (phase 2), No. 1, Keji Middle Road, Maling community, Yuehai street, Nanshan District, Shenzhen City, Guangdong Province

Patentee after: Shenzhen Huayun Zhongsheng Technology Co., Ltd

Address before: 518000 Guangdong city of Shenzhen province Nanshan District South Road seven No. 16 Deveson building five floor

Patentee before: Shenzhen Huayun Zhongsheng science and Technology Co Ltd

CP03 Change of name, title or address