CN105959308A - Internal network IP data packet management method and system, and devices - Google Patents
Internal network IP data packet management method and system, and devices Download PDFInfo
- Publication number
- CN105959308A CN105959308A CN201610515335.6A CN201610515335A CN105959308A CN 105959308 A CN105959308 A CN 105959308A CN 201610515335 A CN201610515335 A CN 201610515335A CN 105959308 A CN105959308 A CN 105959308A
- Authority
- CN
- China
- Prior art keywords
- terminal
- mark
- packet
- gateway
- address
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides an internal network IP data packet management method. An identification gateway receives a first IP data packet sent by a terminal; the identification gateway determines identification parameters according to the first IP data packet, wherein the identification parameters comprise terminal identification parameters and data packet identification parameters; the identification gateway generates a first identifier according to the identification parameters and an identifier generation rule, wherein the identifier generation rule is the rule for processing the identification parameters, thereby generating the identifier; the identification gateway fills the first identifier in the message header of the first IP data packet, thereby generating an identified IP data packet; and the identification gateway sends the identified IP data packet to a verification gateway. The method, the system and the devices are used for solving the safety management problem of all IP data packets sent by all terminals in the internal network of an enterprise in the prior art and satisfying the safety demands for forgery prevention and non-repudiation.
Description
Technical field
The present invention relates to field of information security technology, be specifically related to a kind of Intranet IP packet
Management method, Apparatus and system.
Background technology
Internet technology is fast-developing and extensively application one side promotes economical and society
Development, on the other hand also brings unprecedented challenge, and network security becomes
A difficult problem faced by Internet user and ISP are necessary.In internet environment,
Traditional virus accelerates spread speed, expands spread scope, and various for net
The novel attack method of network agreement and vulnerability of application program also emerges in an endless stream.Some are illegal
Advanced network technology as novel guilty tool or means, is engaged in the non-net of justice by molecule
Network is movable, and this not only have impact on network stabilization and runs and the normal use of user, Er Qiehui
Cause heavy economic losses, even can threaten nation's security.
Along with the development of the internal network that enterprise builds voluntarily, some enterprise is to Intranet
The management of safe class is very strict, not only effectively to shield and attack from outside network
Hitting, the terminal in internal network to be guaranteed is accessing data center or the access of Intranet
During outer net, all IP packets needs sent are by strict certification, it is ensured that internal
The safety of information, and after going wrong, it is possible to orientation problem point fast and accurately,
Thus ensure inner-mesh network safety.
The most fundamentally solve the IP packet that in corporate intranet, terminal sends and be required for root
Be authenticated according to the feature of terminal and packet itself, and realize authentication information anti-counterfeiting,
The security requirement of resisting denying, is field of information security technology problem demanding prompt solution.
Summary of the invention
The technical problem to be solved be for prior art in the presence of above-mentioned
Defect, it is provided that a kind of Intranet IP packet management method, Apparatus and system, is used for solving
The peace of all IP packets that all terminals send in corporate intranet present in prior art
The problem of full management, and the security requirement of anti-counterfeiting, resisting denying can be reached.
For achieving the above object, the present invention provides a kind of Intranet IP packet management method,
Including:
Mark gateway receives the IP packet that terminal sends, a described IP packet
Including terminal MAC address and IP address of terminal;
Mark gateway determines identification parameter according to a described IP packet, and described mark is joined
Number includes the terminal identification parameters for identifying the terminal sending IP packet and for identifying
The package identification parameter of IP packet;
Mark gateway generates the first mark according to described identification parameter and mark create-rule;
Described first mark is filled in a described IP data packet messages head by mark gateway,
Generate mark IP packet, and send described mark IP packet to validation gateway.
Preferably, described terminal identification parameters includes terminal MACID;
Described terminal MACID is that mark gateway is according to described IP address of terminal and terminal
MAC Address inquiry terminal information table obtains, and described terminal information table is all in Intranet
Corresponding relation between MAC Address and IP address and the MACID of terminal.
Preferably, described package identification parameter include packet random identification parameter and/or
Packets fields identification parameter, described packets fields identification parameter is according to IP packet
In specific fields generate.
Preferably, described packets fields identification parameter includes timestamp and load, described
Timestamp is that the terminal calculated according to NTP information sends described IP data
The time value of bag, described load is the described IP that the byte according to payload calculates
The byte length value of data pack load.
Preferably, described mark gateway is raw according to described identification parameter and mark create-rule
Become the first mark, comprise the following steps:
With timestamp, IP address of terminal and load as the factor, and with terminal MAC address
For key, perform digital signature according to default hash function, generate digital signature character
String;By the specified byte in described digital signature character string and the byte group of terminal MACID
Symphysis becomes the first mark.
Preferably, at mark gateway, described first mark is filled in described IP data
After in packet voice head, described method also includes: by a described IP data packet messages head
Marker bit attribute be set to identified.
Preferably, described mark gateway is according to described IP address of terminal and terminal MAC ground
Location inquiry terminal information table obtains terminal MACID, specifically includes:
Mark gateway inquires about terminal information table according to described terminal MAC address, if inquiring about into
Merit, then compare described IP address of terminal with the IP address in terminal information table, if
Both are different, then the IP address in terminal information table is updated to described IP address of terminal.
Preferably, described method also includes:
If mark gateway loses according to the inquiry terminal information table inquiry of described terminal MAC address
Lose, then generate corresponding with described terminal MAC address according to described terminal MAC address
Terminal MACID, and by described terminal MACID generated and terminal MAC and terminal
The corresponding relation of IP address inserts terminal information table.
The present invention also provides for a kind of Intranet IP packet management method, including:
Validation gateway receives the mark IP packet that mark gateway sends, and extracts described mark
Know the first mark in IP data packet messages head;
Validation gateway determines identification parameter according to described mark IP packet, and described mark is joined
Number includes the terminal identification parameters for identifying the terminal sending IP packet and for identifying
The package identification parameter of IP packet;
Validation gateway generates the second mark according to described identification parameter and mark create-rule;
More described first mark of validation gateway and the second mark, if both are identical, then go
Except the first mark in described mark IP data packet messages head, generate the 2nd IP packet,
And send described 2nd IP packet to outer net.
Preferably, first in validation gateway extracts described mark IP data packet messages head
Before mark, described method also includes: identify IP packet report described in validation gateway identification
The attribute of the marker bit in literary composition head, if identified, then extracts described mark IP packet
The first mark in heading.
Preferably, described terminal identification parameters includes terminal MACID, validation gateway according to
Described mark IP packet and mark create-rule determine described terminal MACID.
Preferably, described terminal identification parameters also includes IP address of terminal and terminal MAC
Address, described IP address of terminal and terminal MAC address are that validation gateway is according to described end
End MACID inquiry terminal information table obtains, and described terminal information table is all in Intranet
Corresponding relation between MAC Address and IP address and the MACID of terminal.
Preferably, described package identification parameter include packet random identification parameter and/or
Packets fields identification parameter, described packets fields identification parameter is according to IP packet
In specific fields generate.
Preferably, described packets fields identification parameter includes timestamp and load, described
Timestamp is that the terminal calculated according to NTP information sends described IP data
The time value of bag, described load is the described IP that the byte according to payload calculates
The byte length value of data pack load.
Preferably, described according to described identification parameter and mark create-rule generate second mark
Know, comprise the steps:
With timestamp, IP address of terminal and load as the factor, and with terminal MAC address
For key, perform digital signature according to default hash function, generate digital signature character
String;By the specified byte in described digital signature character string and the byte group of terminal MACID
Symphysis becomes the second mark.
The present invention provides a kind of mark gateway, including:
First receives unit, for receiving the IP packet that terminal sends, and described the
One IP packet includes terminal MAC address and IP address of terminal;
First parameters unit, for determining identification parameter according to a described IP packet,
Described identification parameter includes the terminal identification parameters for identifying the terminal sending IP packet
With the package identification parameter for identifying IP packet;
First mark unit, for generating according to described identification parameter and mark create-rule
First mark, and described first mark is filled in a described IP data packet messages head,
Generate mark IP packet;
First transmitting element, for sending described mark IP packet to validation gateway.
Preferably, described first parameters unit includes first terminal parameter module, for really
Fixed described terminal identification parameters, described terminal identification parameters includes terminal MACID;Described
Terminal MACID is that mark gateway is according to described IP address of terminal and terminal MAC address
Inquiry terminal information table obtains, and described terminal information table is all terminals in Intranet
Corresponding relation between MAC Address and IP address and MACID.
Preferably, described first parameters unit includes the first packet parameter module, is used for
Determine that package identification parameter, described package identification parameter include packet random identification
Parameter and/or packets fields identification parameter, described packets fields identification parameter is basis
Specific fields in IP packet generates.
Preferably, described first packet parameter module:
Specifically for determining packets fields identification parameter, described packets fields mark ginseng
Number includes that timestamp and load, described timestamp are to calculate according to NTP information
The terminal drawn sends the time value of described IP packet, effectively carries according to described load
The byte length value of the described IP data pack load that the byte of lotus calculates.
Preferably, described first mark unit, specifically for timestamp, terminal IP ground
Location and load are the factor, and with terminal MAC address as key, according to default Hash letter
Number performs digital signature, generates digital signature character string;By described digital signature character string
In specified byte and terminal MACID combination of bytes generate first mark.
Preferably, described first mark unit:
Also including mark module, described mark module will for identifying unit described first
After described first mark fills in a described IP data packet messages head, by described first
Marker bit attribute in IP data packet messages head is set to identified.
Preferably, described first terminal parameter module, specifically for according to described terminal MAC
Address lookup terminal information table, if successful inquiring, then by described IP address of terminal and terminal
Compare in IP address in information table, if both are different, then by terminal information table
IP address is updated to described IP address of terminal.
Preferably, described first terminal parameter module:
It is additionally operable to inquire about terminal information table according to described terminal MAC address, if mark gateway
Inquire about unsuccessfully, then according to described end according to described terminal MAC address inquiry terminal information table
End MAC Address generates terminal MACID corresponding with described terminal MAC address, and
By the correspondence pass of described terminal MACID generated and terminal MAC and IP address of terminal
System inserts terminal information table.
The present invention also provides for a kind of validation gateway, it is characterised in that including:
Second receives unit, for receiving the mark IP packet that mark gateway sends;
Second parameters unit, for extracting first in described mark IP data packet messages head
Mark, and determine identification parameter, described identification parameter bag according to described mark IP packet
Include the terminal identification parameters for identifying the terminal sending IP packet and for identifying IP
The package identification parameter of packet;
Second mark unit, for generating according to described identification parameter and mark create-rule
Second mark;
Authentication unit, for the most described first mark and the second mark, if both are identical,
Then remove the first mark in described mark IP data packet messages head, generate the 2nd IP data
Bag;
Second transmitting element, for sending described 2nd IP packet to outer net.
Preferably, described second parameters unit:
Including marker recognition module, identify the labelling in described mark IP data packet messages head
The attribute of position, if identified, then the second parameters unit extracts described mark IP packet
The first mark in heading.
Preferably, described second parameters unit:
Including the second terminal parameter module, it is used for determining terminal identification parameters, described terminal
Identification parameter includes terminal MACID, validation gateway according to described mark IP packet and
Mark create-rule determines described terminal MACID.
Preferably, described second terminal parameter unit:
Specifically for determining IP address of terminal and terminal MAC address, described terminal IP ground
Location and terminal MAC address are that validation gateway is according to described terminal MACID inquiry terminal letter
Breath table obtains, and described terminal information table is MAC Address and the IP of all terminals in Intranet
Corresponding relation between address and MACID.
Preferably, described second parameters unit:
Including the second packet parameter module, it is used for determining described package identification parameter,
Described package identification parameter includes packet random identification parameter and/or packets fields mark
Knowing parameter, described packets fields identification parameter is according to the specific fields in IP packet
Generate.
Preferably, described second packet parameter module, specifically for determining packet word
Segment identification parameter, described packets fields identification parameter includes timestamp and load, described
Timestamp is that the terminal calculated according to NTP information sends described IP data
The time value of bag, described load is the described IP that the byte according to payload calculates
The byte length value of data pack load.
Preferably, described second mark unit, specifically for timestamp, terminal IP ground
Location and load are the factor, and with terminal MAC address as key, according to default Hash letter
Number performs digital signature, generates digital signature character string;By described digital signature character string
In specified byte and terminal MACID combination of bytes generate second mark.
The present invention also provides for a kind of Intranet IP packet management system, including:
Terminal, is used for sending IP packet;
Mark gateway, for the mark gateway as described in any one of claim 16-23, is used for
Receive the IP packet that terminal sends, according to described terminal and IP package identification
IP packet, and send the IP packet after mark;
Validation gateway, for the validation gateway as described in any one of claim 24-30, is used for
Receive the IP packet after the mark that mark gateway sends, verify the IP after described mark
Packet, removes the mark in the IP packet after the mark by checking, and to outer net
Send the IP packet after removing mark.
The management method of Intranet IP packet provided by the present invention, Apparatus and system, energy
Enough all IP packets all for Intranet terminals sent are according to terminal and packet itself
Feature is identified, and is traced to the source mark by corresponding verification method, it is achieved right
The anti-counterfeiting of Intranet authentification of message, the safety management of resisting denying.
Accompanying drawing explanation
For the technical scheme in the clearer explanation embodiment of the present invention, below will be to reality
The accompanying drawing used required for executing during example describes does to be introduced simply, it should be apparent that, retouch below
Accompanying drawing in stating is some embodiments of the present invention, for those of ordinary skill in the art,
On the premise of not paying creative work, it is also possible to obtain the attached of other according to these accompanying drawings
Figure.
The flow process signal of a kind of Intranet IP packet management method that Fig. 1 provides for the present invention
Figure;
Fig. 2 shows for the flow process of the another kind of Intranet IP packet management method that the present invention provides
It is intended to;
The structural representation of the mark gateway that Fig. 3 provides for the present invention;
The structural representation of the validation gateway that Fig. 4 provides for the present invention;
The system schematic of the Intranet IP packet management system that Fig. 5 provides for the present invention;
Fig. 6 is IP packet header form.
Detailed description of the invention
For making those skilled in the art be more fully understood that technical scheme, knot below
Close drawings and Examples the present invention is described in further detail.Obviously, described reality
Executing example is a part of embodiment of the present invention rather than whole embodiments.Based on the present invention
In embodiment, those of ordinary skill in the art are not under making creative work premise
The every other embodiment obtained, broadly falls into the scope of protection of the invention.
The flow process signal of a kind of Intranet IP packet management method that Fig. 1 provides for the present invention
Figure, a kind of Intranet IP packet management method as shown in Figure 1, including:
Step S101, mark gateway receives the IP packet that terminal sends.
Concrete, for terminal all of in Intranet being carried out safety management, need in terminal
Side connection identifier gateway, identifies gateway and is responsible for receiving all IP packets that terminal sends,
And described IP packet is identified, a described IP packet includes terminal MAC
Address and IP address of terminal, owing to mark gateway is that terminal sends first after IP packet
Individual network receiving node, so identifying source entrained in the IP packet that gateway receives
MAC Address is the MAC Address of terminal, and entrained source IP address is the IP of terminal
Address.
Step S102, mark gateway determines identification parameter according to a described IP packet,
Described identification parameter includes terminal identification parameters and packet identification parameter.
Concrete, described terminal identification parameters sends the terminal of IP packet for identifying,
Described package identification parameter is used for identifying IP packet, and mark gateway determines both
Identification parameter, it is possible to realize i.e. terminal being identified, terminal can be sent again
IP packet is identified.
In described terminal identification parameters, mainly include terminal MACID, described terminal
MACID inquires about eventually according to described IP address of terminal and terminal MAC address for mark gateway
Client information table obtain, described terminal information table be in Intranet the MAC Address of all terminals and
Corresponding relation between IP address and MACID, described terminal information table is institute in Intranet
Some mark gateways safeguard a table of synchronized update jointly, can be stored in each mark
In gateway, it is also possible to the most individually store, all of mark gateway use to access and extract
Mode, for convenience of describe, the present embodiment use in each mark gateway synchronized update
Storage mode, the step below repeats no more.
In addition to terminal MACID, the terminal identification parameters in the present embodiment also includes terminal IP
Address and terminal MAC address.
Described package identification parameter, including according to preset rule generate packet with
Machine identification parameter, and/or the packets fields generated according to the specific fields in IP packet
Identification parameter, described default rule includes calculating random parameter according to hash function.This
The package identification parameter that invention provides, calculating according to hash function including stochastic generation
The random parameter drawn, it is possible to unique identification data bag also has antifalsification, it addition, this
The package identification that invention is provided, also includes according to the specific fields in IP packet raw
The parameter become, the field including extracting directly ad-hoc location and length-specific carries out changing
The parameter gone out, or the parameter that specific fields is calculated because with IP packet
Feature relevant, there is more preferable antifalsification.
Further, due to the time dependent parameter entrained by IP packet, and IP
The uniqueness that the payload of packet self is had, described according in IP packet
The packets fields identification parameter that specific fields generates includes: timestamp and load, described
Timestamp is that the terminal calculated according to NTP information sends described IP data
The time value of bag, described load is the described IP that the byte according to payload calculates
The byte length value of data pack load.
It should be understood that the parameter of stochastic generation with according to packet specific fields generate
Parameter can also use simultaneously.
Preferably, terminal information table provided by the present invention, support all of mark gateway
Carrying out synchronized update, specific implementation is, mark gateway is according to described terminal MAC ground
Location inquiry terminal information table, when successful inquiring, believes described IP address of terminal with terminal
Compare in IP address in breath table, as both are different, then by the IP in terminal information table
Address is updated to described IP address of terminal.When inquiring about unsuccessfully, mark gateway is according to described
Terminal MAC address generates terminal MACID corresponding with described terminal MAC address,
Mark gateway is by described terminal MACID generated and terminal MAC and IP address of terminal
Corresponding relation insert terminal information table.
Step S103, mark gateway generates according to described identification parameter and mark create-rule
First mark.
Concrete, described mark create-rule is for process to generate mark to identification parameter
The rule known.
The mark generation step that the present invention provides includes:
With timestamp, IP address of terminal and load for the factor, with terminal MAC address it is
Key, performs digital signature according to default hash function, generates digital signature character string,
All by the specified byte in described digital signature character string and terminal MACID
Combination of bytes generates identifier.
Illustrate, take the most-significant byte bit in digital signature character string, as identifier
Least-significant byte, takes whole 8 bit of the MACID that total length is 8bit as identifier
Most-significant byte, collectively constitutes the identifier of 16bit length.May be appreciated, it is also possible to peek word
8 bit of other ad-hoc locations in signature character string, and whole 8 of MACID
Bit together, is combined into the identifier that total length is 16bit in particular order.
Step S104, described first mark is filled in described IP data by mark gateway
In packet voice head, generate mark IP packet.
Concrete, mark gateway needs to be encapsulated in the mark of generation the header of IP packet
In, as shown in Figure 6, Fig. 6 is the header format of IP packet, owing to mark gateway is raw
The mark become belongs to use in Intranet, can be filled in identifier-location, it is also possible to
Fill in the ad-hoc location of option.
Preferably, it is also possible to the marker bit in a described IP data packet messages head is arranged
For identified.As shown in Figure 6, marker bit is set to identified.
Step S105, mark gateway sends described mark IP packet to validation gateway.
A kind of Intranet IP packet management method provided by the present invention, mark gateway receives
After the IP packet that terminal sends, determine identification parameters according to IP packet, including end
End parameter and packet parameter, and by hash function etc., described identification parameters is carried out
Computations generates identifier, then is filled in by identifier as in the header of IP packet, gives birth to
Become the IP packet after mark.Can realize in Intranet, the IP packet that terminal is sent
Carry out tracing to the source and anti-counterfeiting, the object of safety management of resisting denying.
Fig. 2 shows for the flow process of the another kind of Intranet IP packet management method that the present invention provides
Being intended to, another kind of Intranet IP packet management method as shown in Figure 2 includes:
Step S201, validation gateway receives the mark IP packet that mark gateway sends.
Concrete, in Intranet, it is provided with what terminal was sent by mark gateway in end side
After all IP packets are identified, it is right to need at outer net gateway or intranet data center etc.
Interior network termination carries out the network node side of safety certification, arranges validation gateway, to carrying mark
The IP packet that knowledge gateway is identified carries out safety verification, to the number that cannot pass through checking
Do not provide intranet data business according to bag or refuse its access external network, it is possible to illegally
IP packet trace to the source.
Step S202, validation gateway extracts first in described mark IP data packet messages head
Mark.
Concrete, validation gateway extracts the identifier of the IP data packet messages head after mark,
To carry out contrast verification.
Preferably, first in validation gateway extracts described mark IP data packet messages head
Before mark, validation gateway first identifies the marker bit in IP packet header, when described mark
When note position is identified, validation gateway extracts in described mark IP data packet messages head again
First mark, when described flag is not for identifying, can abandon IP packet, not be
It provides corresponding business, and traces to the source.
Step S203, validation gateway determines identification parameter according to described mark IP packet,
Described identification parameter includes terminal identification parameters and packet identification parameter.
Concrete, described terminal identification parameters sends the terminal of IP packet for identifying,
Described package identification parameter is used for identifying IP packet, with provided by the present invention upper one
Step S102 of method is identical, and here is omitted.
Described terminal identification parameters includes terminal MACID, and validation gateway is according to described mark
IP packet and mark create-rule determine described terminal MACID.Owing to validation gateway connects
In the IP packet received, the end message carried, only include IP address of terminal (packet
Source IP address), but in actual application, IP address can often convert, so validation gateway
The MACID carried in needing to accord with according to IP packet self identification determines terminal iidentification
Parameter.
Described terminal identification parameters, also includes: IP address of terminal and terminal MAC address,
Described IP address of terminal and terminal MAC address by validation gateway according to described terminal
MACID inquiry terminal information table obtains, and described terminal information table is all terminals in Intranet
MAC Address and IP address and MACID between corresponding relation.
Package identification parameter includes: mark at random according to the packet that default rule generates
Know parameter, and/or the packets fields mark generated according to the specific fields in IP packet
Parameter, described default rule includes calculating random parameter according to hash function.
The described packets fields identification parameter generated according to the specific fields in IP packet,
Including: timestamp and load, described timestamp is to calculate according to NTP information
The terminal drawn sends the time value of described IP packet, effectively carries according to described load
The byte length value of the described IP data pack load that the byte of lotus calculates.
Step S204, validation gateway generates according to described identification parameter and mark create-rule
Second mark.
Described mark create-rule is to process identification parameter to generate the rule of mark,
Described mark create-rule, specifically includes: with timestamp, IP address of terminal and load
Lotus is the factor, with terminal MAC address as key, performs number according to default hash function
Word is signed, and generates digital signature character string, specific by described digital signature character string
All combination of bytes of byte and terminal MACID generate identifier.
Except IP address of terminal and terminal MAC address are to inquire about out according to MACID,
Identical with step S102 of a upper method provided by the present invention, repeat no more.
It is understood that the terminal information table that validation gateway and mark gateway are inquired about is
Share, its storage and update mode with described in step S102 of a method in the present invention,
But validation gateway not responsible renewal terminal information table, may only inquire about.
Step S205, more described first mark of validation gateway and the second mark, if both
Identical, then remove the first mark in described mark IP data packet messages head, generate second
IP packet.
Concrete, after checking, validation gateway removes mark, thus prevents data mark
Know the safety problem caused that leaks.
Step S206, validation gateway sends described 2nd IP packet to outer net.
Concrete, validation gateway can send IP number to outer net gateway or intranet data center
According to bag, for Terminal for service.
Intranet IP packet management method provided by the present invention, is extracted by validation gateway
Identifier in the IP packet of tape identification, and according to the identifier identical with mark gateway
Create-rule generates the identifier carried in checking identifier and IP packet and compares,
Further ensure the security performance of Intranet IP packet, it is achieved Intranet IP packet can trace back
Source, anti-counterfeiting and resisting denying.
The structural representation of the mark gateway that Fig. 3 provides for the present invention.As it is shown on figure 3,
The mark gateway that the present invention provides includes:
First receives unit 301, for receiving the IP packet that terminal sends, institute
State an IP packet and include terminal MAC address and IP address of terminal;
First parameters unit 302, for determining mark ginseng according to a described IP packet
Number, described identification parameter includes the terminal iidentification for identifying the terminal sending IP packet
Parameter and for identifying the package identification parameter of IP packet;
Described first parameters unit 302 includes first terminal parameter module 3021, for really
Fixed described terminal identification parameters, described terminal identification parameters includes terminal MACID;Described
Terminal MACID is that mark gateway is according to described IP address of terminal and terminal MAC address
Inquiry terminal information table obtains, and described terminal information table is all terminals in Intranet
Corresponding relation between MAC Address and IP address and MACID;Specifically for according to institute
State terminal MAC address inquiry terminal information table, if successful inquiring, then by described terminal IP
Compare with the IP address in terminal information table in address, if both are different, then by terminal
IP address in information table is updated to described IP address of terminal;It is additionally operable to according to described terminal
MAC Address inquiry terminal information table, if mark gateway is according to described terminal MAC address
Inquiry terminal information table is inquired about unsuccessfully, then generate with described according to described terminal MAC address
Terminal MACID that terminal MAC address is corresponding, and described terminal MACID that will generate
Terminal information table is inserted with the corresponding relation of terminal MAC and IP address of terminal.
Described first parameters unit 302 includes the first packet parameter module 3022, is used for
Determine that package identification parameter, described package identification parameter include packet random identification
Parameter and/or packets fields identification parameter, described packets fields identification parameter is basis
Specific fields in IP packet generates.Described first packet parameter module is specifically used
In determining packets fields identification parameter, described packets fields identification parameter includes the time
Stamp and load, described timestamp is the terminal calculated according to NTP information
Sending the time value of described IP packet, described load is the byte meter according to payload
The byte length value of the described IP data pack load drawn.
First mark unit 303, for raw according to described identification parameter and mark create-rule
Become the first mark, and described first mark is filled in a described IP data packet messages head
In, generate mark IP packet;Specifically for timestamp, IP address of terminal and load
For the factor, and with terminal MAC address as key, perform number according to default hash function
Word is signed, and generates digital signature character string;Specific by described digital signature character string
The combination of bytes of byte and terminal MACID generates the first mark.
Described first mark unit 303 includes mark module 3031, for described first
Described first mark is filled in a described IP data packet messages head by mark unit 303
After, the marker bit attribute in a described IP data packet messages head is set to identified.
First transmitting element 304, for sending described mark IP packet to validation gateway.
The mark gateway that the present invention provides, the IP data that the terminal received can be sent
Bag, generates identifier according to the feature of terminal and IP packet self according to certain algorithm,
And IP packet is identified, may be used for the IP packet that terminal in Intranet is sent
Carry out the safety management of anti-counterfeiting, resisting denying.
The structural representation of the validation gateway that Fig. 4 provides for the present invention, as shown in Figure 4
Validation gateway includes:
Second receives unit 401, for receiving the mark IP packet that mark gateway sends;
Second parameters unit 402, for extracting in described mark IP data packet messages head
First mark, and determine identification parameter according to described mark IP packet, described mark is joined
Number includes the terminal identification parameters for identifying the terminal sending IP packet and for identifying
The package identification parameter of IP packet;
Including marker recognition module 4021, identify in described mark IP data packet messages head
The attribute of marker bit, if identified, then extracts in described mark IP data packet messages head
First mark;
Including the second terminal parameter module 4022, it is used for determining terminal identification parameters, described
Terminal identification parameters includes terminal MACID, according to described mark IP packet and mark
Create-rule determines described terminal MACID;
Including the second packet parameter module 4023, it is used for determining that described package identification is joined
Number, described package identification parameter includes packet random identification parameter and/or packet word
Segment identification parameter, described packets fields identification parameter is specific according in IP packet
Field generates, specifically for determining packets fields identification parameter, and described packet word
Segment identification parameter includes that timestamp and load, described timestamp are according to NTP
The terminal that information calculates sends the time value of described IP packet, and described load is root
Byte length value according to the described IP data pack load that the byte of payload calculates.
Second mark unit 403, for raw according to described identification parameter and mark create-rule
Become the second mark;Specifically for timestamp, IP address of terminal and load as the factor, and
With terminal MAC address as key, perform digital signature according to default hash function, raw
Become digital signature character string;By the specified byte in described digital signature character string and terminal
The combination of bytes of MACID generates the second mark.
Authentication unit 404, for the most described first mark and the second mark, if both phases
With, then remove the first mark in described mark IP data packet messages head, generate the 2nd IP
Packet;
Second transmitting element 405, for sending described 2nd IP packet to outer net.
The validation gateway that the present invention provides, after receiving the mark that mark gateway sends
IP packet, to mark after IP packet in marker extraction after, and according to mark
The rule that gateway is identical generates identifier and contrasts with the mark extracted, thus verifies
The legitimacy of IP packet, accomplishes to trace to the source simultaneously.
The system schematic of the Intranet IP packet management system that Fig. 5 provides for the present invention,
Intranet IP packet management system as shown in Figure 5 includes:
Terminal 501, is used for sending IP packet;
Mark gateway 502, for the mark gateway as described in any one of claim 16-23,
For receiving the IP packet that terminal sends, according to described terminal and IP package identification institute
State IP packet, and send the IP packet after mark;
Validation gateway 503, for the validation gateway as described in any one of claim 24-30,
IP packet after receiving the mark that mark gateway sends, after verifying described mark
IP packet, removes the mark in the IP packet after the mark by checking, and outwards
Net sends the IP packet after removing mark.
The system that the present invention provides, the IP number after receiving the mark that mark gateway sends
According to bag, after the marker extraction in the IP packet after mark, and according to mark gateway
Identical rule generates identifier and contrasts with the mark extracted, thus verifies IP number
According to the legitimacy of bag, accomplish to trace to the source simultaneously.
In several embodiments provided herein, it should be understood that disclosed side
Method, equipment and system, can realize by another way.Such as, described above
Apparatus embodiments be only schematic, the division of described functional module, be only one
The division of logic function, actual can have other dividing mode when realizing, the most multiple
Module can in conjunction with or be desirably integrated into another system, or some features can be neglected
Slightly, or do not perform.
It is last it is noted that above example is only in order to illustrate technical scheme,
It is not intended to limit;Although the present invention being described in detail with reference to previous embodiment,
It will be understood by those within the art that: it still can be to foregoing embodiments institute
The technical scheme recorded is modified, or wherein portion of techniques feature is carried out equivalent replaces
Change;And these amendments or replacement, do not make the essence of appropriate technical solution depart from this
The spirit and scope of bright each embodiment technical scheme.
Claims (31)
1. an Intranet IP packet management method, it is characterised in that including:
Mark gateway receives the IP packet that terminal sends, a described IP packet
Including terminal MAC address and IP address of terminal;
Mark gateway determines identification parameter according to a described IP packet, and described mark is joined
Number includes the terminal identification parameters for identifying the terminal sending IP packet and for identifying
The package identification parameter of IP packet;
Mark gateway generates the first mark according to described identification parameter and mark create-rule;
Described first mark is filled in a described IP data packet messages head by mark gateway,
Generate mark IP packet, and send described mark IP packet to validation gateway.
Intranet IP packet management method the most according to claim 1, its feature exists
In, described terminal identification parameters includes terminal MACID;
Described terminal MACID is that mark gateway is according to described IP address of terminal and terminal
MAC Address inquiry terminal information table obtains, and described terminal information table is all in Intranet
Corresponding relation between MAC Address and IP address and the MACID of terminal.
Intranet IP packet management method the most according to claim 1, its feature exists
In, described package identification parameter includes packet random identification parameter and/or packet word
Segment identification parameter, described packets fields identification parameter is specific according in IP packet
Field generates.
Intranet IP packet management method the most according to claim 3, its feature exists
In, described packets fields identification parameter includes that timestamp and load, described timestamp are
The terminal calculated according to NTP information sends the time of described IP packet
Value, described load is that the described IP packet that the byte according to payload calculates carries
The byte length value of lotus.
Intranet IP packet management method the most according to claim 4, its feature exists
In, described mark gateway generates the first mark according to described identification parameter and mark create-rule
Know, comprise the following steps:
With timestamp, IP address of terminal and load as the factor, and with terminal MAC address
For key, perform digital signature according to default hash function, generate digital signature character
String;
By the specified byte in described digital signature character string and the byte of terminal MACID
Combination producing first identifies.
Intranet IP packet management method the most according to claim 1, its feature exists
In, at mark gateway, described first mark is filled in a described IP data packet messages head
After in, described method also includes:
Marker bit attribute in a described IP data packet messages head is set to identified.
Intranet IP packet management method the most according to claim 2, its feature exists
In, described mark gateway is inquired about eventually according to described IP address of terminal and terminal MAC address
Client information table obtains terminal MACID, specifically includes:
Mark gateway inquires about terminal information table according to described terminal MAC address, if inquiring about into
Merit, then compare described IP address of terminal with the IP address in terminal information table, if
Both are different, then the IP address in terminal information table is updated to described IP address of terminal.
Intranet IP packet management method the most according to claim 7, its feature exists
In, described method also includes:
If mark gateway loses according to the inquiry terminal information table inquiry of described terminal MAC address
Lose, then generate corresponding with described terminal MAC address according to described terminal MAC address
Terminal MACID, and by described terminal MACID generated and terminal MAC and terminal
The corresponding relation of IP address inserts terminal information table.
9. an Intranet IP packet management method, it is characterised in that including:
Validation gateway receives the mark IP packet that mark gateway sends, and extracts described mark
Know the first mark in IP data packet messages head;
Validation gateway determines identification parameter according to described mark IP packet, and described mark is joined
Number includes the terminal identification parameters for identifying the terminal sending IP packet and for identifying
The package identification parameter of IP packet;
Validation gateway generates the second mark according to described identification parameter and mark create-rule;
More described first mark of validation gateway and the second mark, if both are identical, then go
Except the first mark in described mark IP data packet messages head, generate the 2nd IP packet,
And send described 2nd IP packet to outer net.
Intranet IP packet management method the most according to claim 9, its feature
It is, the first mark in validation gateway extracts described mark IP data packet messages head
Before, described method also includes:
The attribute of the marker bit in mark IP data packet messages head described in validation gateway identification,
If identified, then extract the first mark in described mark IP data packet messages head.
11. Intranet IP packet management methods according to claim 9, its feature
Being, described terminal identification parameters includes terminal MACID, and validation gateway is according to described mark
Know IP packet and mark create-rule determines described terminal MACID.
12. Intranet IP packet management methods according to claim 11, its feature
Being, described terminal identification parameters also includes IP address of terminal and terminal MAC address,
Described IP address of terminal and terminal MAC address are that validation gateway is according to described terminal
MACID inquiry terminal information table obtains, and described terminal information table is all ends in Intranet
Corresponding relation between MAC Address and IP address and the MACID of end.
13. Intranet IP packet management methods according to claim 9, its feature
Being, described package identification parameter includes packet random identification parameter and/or packet
Field identification parameter, described packets fields identification parameter is according to the spy in IP packet
Determine what field generated.
14. Intranet IP packet management methods according to claim 13, its feature
Being, described packets fields identification parameter includes timestamp and load, described timestamp
For the terminal that calculates according to NTP information send described IP packet time
Between be worth, described load is the described IP packet that the byte according to payload calculates
The byte length value of load.
15. Intranet IP packet management methods according to claim 14, its feature
Be, described according to described identification parameter and mark create-rule generate second mark, bag
Include following steps:
With timestamp, IP address of terminal and load as the factor, and with terminal MAC address
For key, perform digital signature according to default hash function, generate digital signature character
String;
By the specified byte in described digital signature character string and the byte of terminal MACID
Combination producing second identifies.
16. 1 kinds of mark gateways, it is characterised in that including:
First receives unit, for receiving the IP packet that terminal sends, and described the
One IP packet includes terminal MAC address and IP address of terminal;
First parameters unit, for determining identification parameter according to a described IP packet,
Described identification parameter includes the terminal identification parameters for identifying the terminal sending IP packet
With the package identification parameter for identifying IP packet;
First mark unit, for generating according to described identification parameter and mark create-rule
First mark, and described first mark is filled in a described IP data packet messages head,
Generate mark IP packet;
First transmitting element, for sending described mark IP packet to validation gateway.
17. mark gateways according to claim 16, it is characterised in that described
One parameters unit:
Including first terminal parameter module, it is used for determining described terminal identification parameters, described
Terminal identification parameters includes terminal MACID;Described terminal MACID is mark gateway root
Inquire about what terminal information table obtained according to described IP address of terminal and terminal MAC address, institute
State MAC Address and IP address and MACID that terminal information table is all terminals in Intranet
Between corresponding relation.
18. mark gateways according to claim 16, it is characterised in that described
One parameters unit:
Including the first packet parameter module, it is used for determining package identification parameter, described
Package identification parameter includes packet random identification parameter and/or packets fields mark ginseng
Number, described packets fields identification parameter is to generate according to the specific fields in IP packet
's.
19. mark gateways according to claim 18, it is characterised in that described
One packet parameter module:
Specifically for determining packets fields identification parameter, described packets fields mark ginseng
Number includes that timestamp and load, described timestamp are to calculate according to NTP information
The terminal drawn sends the time value of described IP packet, effectively carries according to described load
The byte length value of the described IP data pack load that the byte of lotus calculates.
20. mark gateways according to claim 19, it is characterised in that described
One mark unit, specifically for timestamp, IP address of terminal and load as the factor, and
With terminal MAC address as key, perform digital signature according to default hash function, raw
Become digital signature character string;By the specified byte in described digital signature character string and terminal
The combination of bytes of MACID generates the first mark.
21. mark gateways according to claim 16, it is characterised in that described
One mark unit:
Also including mark module, described mark module will for identifying unit described first
After described first mark fills in a described IP data packet messages head, by described first
Marker bit attribute in IP data packet messages head is set to identified.
22. mark gateways according to claim 17, it is characterised in that described
One terminal parameter module, specifically for inquiring about end message according to described terminal MAC address
Table, if successful inquiring, then by described IP address of terminal and the IP address in terminal information table
Compare, if both are different, then the IP address in terminal information table is updated to described
IP address of terminal.
23. mark gateways according to claim 22, it is characterised in that described
One terminal parameter module:
It is additionally operable to inquire about terminal information table according to described terminal MAC address, if mark gateway
Inquire about unsuccessfully, then according to described end according to described terminal MAC address inquiry terminal information table
End MAC Address generates terminal MACID corresponding with described terminal MAC address, and
By the correspondence pass of described terminal MACID generated and terminal MAC and IP address of terminal
System inserts terminal information table.
24. 1 kinds of validation gateway, it is characterised in that including:
Second receives unit, for receiving the mark IP packet that mark gateway sends;
Second parameters unit, for extracting first in described mark IP data packet messages head
Mark, and determine identification parameter, described identification parameter bag according to described mark IP packet
Include the terminal identification parameters for identifying the terminal sending IP packet and for identifying IP
The package identification parameter of packet;
Second mark unit, for generating according to described identification parameter and mark create-rule
Second mark;
Authentication unit, for the most described first mark and the second mark, if both are identical,
Then remove the first mark in described mark IP data packet messages head, generate the 2nd IP data
Bag;
Second transmitting element, for sending described 2nd IP packet to outer net.
25. validation gateway according to claim 24, it is characterised in that described
Two parameters unit:
Including marker recognition module, identify the labelling in described mark IP data packet messages head
The attribute of position, if identified, then the second parameters unit extracts described mark IP packet
The first mark in heading.
26. validation gateway according to claim 24, it is characterised in that described
Two parameters unit:
Including the second terminal parameter module, it is used for determining terminal identification parameters, described terminal
Identification parameter includes terminal MACID, validation gateway according to described mark IP packet and
Mark create-rule determines described terminal MACID.
27. validation gateway according to claim 26, it is characterised in that described
Two terminal parameter unit:
Specifically for determining IP address of terminal and terminal MAC address, described terminal IP ground
Location and terminal MAC address are that validation gateway is according to described terminal MACID inquiry terminal letter
Breath table obtains, and described terminal information table is MAC Address and the IP of all terminals in Intranet
Corresponding relation between address and MACID.
28. validation gateway according to claim 24, it is characterised in that described
Two parameters unit:
Including the second packet parameter module, it is used for determining described package identification parameter,
Described package identification parameter includes packet random identification parameter and/or packets fields mark
Knowing parameter, described packets fields identification parameter is according to the specific fields in IP packet
Generate.
29. validation gateway according to claim 28, it is characterised in that:
Described second packet parameter module, specifically for determining packets fields mark ginseng
Number, described packets fields identification parameter includes that timestamp and load, described timestamp are
The terminal calculated according to NTP information sends the time of described IP packet
Value, described load is that the described IP packet that the byte according to payload calculates carries
The byte length value of lotus.
30. validation gateway according to claim 29, it is characterised in that described
Two mark unit, specifically for timestamp, IP address of terminal and load as the factor, and
With terminal MAC address as key, perform digital signature according to default hash function, raw
Become digital signature character string;By the specified byte in described digital signature character string and terminal
The combination of bytes of MACID generates the second mark.
31. 1 kinds of Intranet IP packet management systems, it is characterised in that including:
Terminal, is used for sending IP packet;
Mark gateway, for the mark gateway as described in any one of claim 16-23, is used for
Receive the IP packet that terminal sends, according to described terminal and IP package identification
IP packet, and send the IP packet after mark;
Validation gateway, for the validation gateway as described in any one of claim 24-30, is used for
Receive the IP packet after the mark that mark gateway sends, verify the IP after described mark
Packet, removes the mark in the IP packet after the mark by checking, and to outer net
Send the IP packet after removing mark.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610515335.6A CN105959308B (en) | 2016-06-30 | 2016-06-30 | A kind of Intranet IP data package management method, apparatus and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610515335.6A CN105959308B (en) | 2016-06-30 | 2016-06-30 | A kind of Intranet IP data package management method, apparatus and system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105959308A true CN105959308A (en) | 2016-09-21 |
CN105959308B CN105959308B (en) | 2019-03-15 |
Family
ID=56903391
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610515335.6A Active CN105959308B (en) | 2016-06-30 | 2016-06-30 | A kind of Intranet IP data package management method, apparatus and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105959308B (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106411723A (en) * | 2016-12-12 | 2017-02-15 | 郑州云海信息技术有限公司 | Message processing method and device |
CN109040025A (en) * | 2018-07-09 | 2018-12-18 | 新华三技术有限公司 | A kind of message processing method and device |
CN109802937A (en) * | 2018-11-30 | 2019-05-24 | 浙江远望信息股份有限公司 | A method of IP spoofing under intelligent terminal TCP is attacked in discovery |
CN111262823A (en) * | 2018-12-03 | 2020-06-09 | 郑州信大捷安信息技术股份有限公司 | Security gateway and data processing method thereof |
CN111277602A (en) * | 2020-01-23 | 2020-06-12 | 奇安信科技集团股份有限公司 | Network data packet identification processing method and device, electronic equipment and storage medium |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101848085A (en) * | 2009-03-25 | 2010-09-29 | 华为技术有限公司 | Communication system, verification device, and verification and signature method for message identity |
CN102404326A (en) * | 2011-11-23 | 2012-04-04 | 北京星网锐捷网络技术有限公司 | Method, system and device for validating safety of messages |
CN105207778A (en) * | 2014-07-03 | 2015-12-30 | 清华大学深圳研究生院 | Method of realizing package identity identification and digital signature on access gateway equipment |
-
2016
- 2016-06-30 CN CN201610515335.6A patent/CN105959308B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101848085A (en) * | 2009-03-25 | 2010-09-29 | 华为技术有限公司 | Communication system, verification device, and verification and signature method for message identity |
CN102404326A (en) * | 2011-11-23 | 2012-04-04 | 北京星网锐捷网络技术有限公司 | Method, system and device for validating safety of messages |
CN105207778A (en) * | 2014-07-03 | 2015-12-30 | 清华大学深圳研究生院 | Method of realizing package identity identification and digital signature on access gateway equipment |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106411723A (en) * | 2016-12-12 | 2017-02-15 | 郑州云海信息技术有限公司 | Message processing method and device |
CN109040025A (en) * | 2018-07-09 | 2018-12-18 | 新华三技术有限公司 | A kind of message processing method and device |
CN109802937A (en) * | 2018-11-30 | 2019-05-24 | 浙江远望信息股份有限公司 | A method of IP spoofing under intelligent terminal TCP is attacked in discovery |
CN109802937B (en) * | 2018-11-30 | 2021-08-17 | 浙江远望信息股份有限公司 | Method for discovering IP spoofing attack under TCP of intelligent terminal equipment |
CN111262823A (en) * | 2018-12-03 | 2020-06-09 | 郑州信大捷安信息技术股份有限公司 | Security gateway and data processing method thereof |
CN111262823B (en) * | 2018-12-03 | 2022-04-15 | 郑州信大捷安信息技术股份有限公司 | Security gateway and data processing method thereof |
CN111277602A (en) * | 2020-01-23 | 2020-06-12 | 奇安信科技集团股份有限公司 | Network data packet identification processing method and device, electronic equipment and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN105959308B (en) | 2019-03-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105959308A (en) | Internal network IP data packet management method and system, and devices | |
KR100651715B1 (en) | Method for generating and accepting address automatically in IPv6-based Internet and data structure thereof | |
US11050664B2 (en) | Encapsulation method, device and node | |
CN111526023B (en) | Block chain uplink data security authentication method and system based on IPK | |
CN106899404A (en) | Vehicle-mounted CAN FD bus communication systems and method based on wildcard | |
CN108243181A (en) | A kind of car networking terminal, data ciphering method and car networking server | |
CN109688243B (en) | Sensing node IPv 6address allocation method based on trusted identity | |
CN106534086B (en) | A kind of equipment authentication method, terminal device, server and system | |
CN111726368B (en) | SRv 6-based inter-domain source address verification method | |
CN105721153A (en) | System and method for key exchange based on authentication information | |
CN106060078A (en) | User information encryption method, user registration method and user validation method applied to cloud platform | |
CN103902887A (en) | Method and device for identifying file source through signature | |
CN114389835A (en) | IPv6 option explicit source address encryption security verification gateway and verification method | |
CN110098939A (en) | Message authentication method and device | |
CN111211905A (en) | Identity management method for Fabric alliance chain members based on certificate-free authentication | |
CN107342964B (en) | A kind of message parsing method and equipment | |
CN105205705A (en) | Method and apparatus of automatic entrance into account book of electronic invoice | |
CN105610872B (en) | Internet-of-things terminal encryption method and internet-of-things terminal encryption device | |
CN101394395B (en) | Authentication method, system and device | |
CN107135190A (en) | The data traffic ownership recognition methods connected based on Transport Layer Security and device | |
CN103067411B (en) | Prevent the DoS attack method and apparatus in DS-Lite networking | |
CN114520751A (en) | Tunnel transmission method and device based on software defined wide area network | |
CN103220673A (en) | Wireless local area network (WLAN) user authentication method, authentication server and user equipment (UE) | |
CN107707508A (en) | Applied business recognition methods and device | |
CN104079408A (en) | Method for enhancing communication safety in industrial control system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |