CN106790200B - Chip co-processing method for DTLS encryption and decryption of CAPWAP control channel - Google Patents
Chip co-processing method for DTLS encryption and decryption of CAPWAP control channel Download PDFInfo
- Publication number
- CN106790200B CN106790200B CN201611270117.7A CN201611270117A CN106790200B CN 106790200 B CN106790200 B CN 106790200B CN 201611270117 A CN201611270117 A CN 201611270117A CN 106790200 B CN106790200 B CN 106790200B
- Authority
- CN
- China
- Prior art keywords
- message
- chip
- capwap
- encryption
- decryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/74—Address processing for routing
- H04L45/745—Address table lookup; Address filtering
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/04—Protocols specially adapted for terminals or networks with limited capabilities; specially adapted for terminal portability
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a chip co-processing method for encrypting and decrypting a DTLS (delay tolerant line) of a CAPWAP (control and provisioning of wireless access points) control channel, wherein a CAPWAP table configured in a chip is mainly searched in the decryption process, a message is decrypted according to a Key ID (identity) and an isencipherpkt field for decryption in an item, and finally the decrypted message is sent to a CPU (central processing unit) for further processing. The encryption process mainly indexes a Nexthop table configured in the chip, DTLS encryption is carried out on the message according to the state of the iscapwapControl field in the entry and the Key ID for encryption, and the encrypted message is looped back to the chip for normal message forwarding processing. The invention moves the encryption and decryption operation occupying the most CPU resource in the software processing scheme of the CAPWAP control channel message to the chip for co-processing, thereby greatly reducing the pressure of the CPU and improving the network performance.
Description
Technical Field
The invention relates to a DTLS encryption and decryption technology of a CAPWAP control channel, in particular to a chip co-processing method for DTLS encryption and decryption of the CAPWAP control channel.
Background
A control and Provisioning (CAPWAP) tunnel is used between an AC (Access Controller) device and an AP (Access Point) device, where the CAPWAP tunnel is a communication control protocol between the AC device and the AP device, defines how to communicate between the AC device and the AP device, and provides a general encapsulation and transmission mechanism for implementing interoperability between the AC device and the AP device. The wireless data frame, as it is or after being converted from 802.11 to 802.3 format, is sealed in a CAPWAP tunnel and sent to the AC device.
To ensure the security of the CAPWAP tunnel, a DTLS (data traffic layer Security) protocol may be used to protect the CAPWAP tunnel. The DTLS Protocol is an encryption Protocol used by the CAPWAP tunnel, refers to a TLS (Transport Layer Security) Protocol of a TCP (Transmission Control Protocol), and adds a DTLS Control field to a CAPWAP message to perform encryption Control on the CAPWAP message.
The DTLS encryption and decryption of the CAPWAP control channel are generally performed by using a software method (such as a CPU). As shown in fig. 1, after the CAPWAP header encapsulation is completed, the software calls openssl (Open Secure Sockets Layer) to perform DTLS encryption. This process needs to copy out the data in the Buffer, complete the software encryption, and write back to the Buffer. The process can occupy a large amount of CPU resources, and the forwarding, encryption and decryption performance of the tunnel message is limited by the CPU performance in a high-bandwidth scene.
In view of this, in chinese patent application No. 201511019516.1, we propose a chip implementation method for CAPWAPDTLS message encryption and decryption, which uses a switch routing chip to implement encapsulation and decapsulation of CAPWAP DTLS message, but this scheme only implements chip-level encryption and decryption of a CAPWAP data channel, and does not support chip-level encryption and decryption of a CAPWAP control channel message.
Disclosure of Invention
The invention aims to overcome the defects of the prior art and provides a chip co-processing method for DTLS encryption and decryption of a CAPWAP control channel, so that the encryption and decryption operation which occupies most CPU resources in a software processing scheme of a CAPWAP control channel message is moved to a chip for co-processing.
In order to achieve the purpose, the invention provides the following technical scheme: a chip coprocessing method for DTLS encryption and decryption of a CAPWAP control channel comprises the following steps:
message decryption processing in the chip: after the chip receives the message encrypted by the DTLS, checking a CAPWAP table configured in the chip to obtain a Key ID for decryption and an isencipheredPkt field for judging whether the message is an encrypted data packet, if the state of the isencipheredPkt field is checked to be correct, decrypting the message according to a corresponding Key searched by the Key ID for decryption to obtain a plaintext CAPWAP message, returning the CAPWAP message into the chip again to continuously check the CAPWAP table, and finally sending the CAPWAP message to the CPU;
message encryption processing in the chip: after receiving a message from a CPU, a chip indexes a Nexthop table configured in the chip according to Nexthop ID carried in a bus to find a corresponding Nexthop entry, the chip checks the state of an iscapwapControl field in the Nexthop entry for judging whether the message is a CAPWAP control channel message, if the state is correct, DTLS encryption is carried out on the message according to Key obtained by searching Key ID used for encryption in the Nexthop entry, the encrypted message containing an IP header is looped back into the chip, and message forwarding processing is normally carried out.
Preferably, the decryption processing process of the packet specifically includes: after receiving a message encrypted by a DTLS, a chip firstly analyzes whether the message is a local message needing to be decrypted or not, if so, the CAPWAP table is searched to obtain a Key ID and an isencrypt Pkt field for decryption, if the state of the isencrypt Pkt field is checked to be correct, the Key table is checked again according to the Key ID to obtain a Key for decryption, then a DTLS decryption algorithm is adopted to decrypt the message to obtain a plaintext CAPWAP message, the CAPWAP message is looped back to the chip again, whether the message is analyzed to be the plaintext CAPWAP message or not is judged, if so, the CAPWAP table is continuously searched to obtain a corresponding entry, the isencrypt Pkt field in the entry is checked, and if not, the chip directly sends the plaintext CAPWAP message to a CPU.
Preferably, the query fields used to look up the CAPWAP table are: the destination IP address of the message plus the source IP address plus the L4Type plus the iscapwapControl field used to determine if it is a CAPWAP control channel message.
Preferably, when the state of the isencipheredpkt field is configured to be 1, it is determined that the data packet is an encrypted data packet, i.e. no error is detected.
Preferably, in the process of message encryption processing, for a message to be sent by the CAPWAP control channel, after the CPU completes addition of a plaintext CAPWAP Header, the encrypted information is sent to the socket layer, and the encrypted information is finally sent to the chip through the ASIC _ Header for further encryption processing.
Preferably, after the chip receives the message from the CPU, the ASIC _ Header is stripped off by the chip and analyzed as the bus information.
Preferably, in the process of message encryption, after the chip receives a message from the CPU, the Nexthop table configured in the chip is indexed according to the Nexthop ID carried in the bus.
Preferably, when the state of the configured ispapwapcontrol field is 1, the message is judged to be a message from a Capwap control channel, i.e. the message is checked to be error-free.
Preferably, in the encryption processing process of the CAPWAP message in the chip, if the chip checks that the state of the isCapwapControl field is 1, the message is inserted into a DTLS header and the two-layer header is cut off, then DTLS encryption is performed on the message according to the key, the encrypted message containing the IP header is looped back into the chip, and after the chip receives the message containing the IP header, the routing table is normally searched to obtain a forwarding behavior and an exit, so that the message is forwarded.
Compared with the prior art, the invention transfers the encryption and decryption operation occupying the most CPU resource in the software processing scheme of the CAPWAP control channel message to the chip for coprocessing, thereby greatly reducing the pressure of the CPU and improving the network performance.
Drawings
FIG. 1 is a schematic diagram illustrating the prior art DTLS encryption and decryption of CAPWAP control channel by using a software method;
FIG. 2 is a schematic diagram illustrating the DTLS decryption of CAPWAP control channel according to the present invention;
fig. 3 and 4 are schematic diagrams illustrating the principle of performing DTLS encryption of the CAPWAP control channel according to the present invention.
Detailed Description
The technical solution of the embodiment of the present invention will be clearly and completely described below with reference to the accompanying drawings of the present invention.
The invention provides a chip co-processing method for DTLS encryption and decryption of a CAPWAP control channel, which is mainly used for moving the DTLS encryption and decryption operation occupying the most CPU resources in the software processing scheme of a CAPWAP control channel message to a chip for co-processing, thereby greatly reducing the pressure of a CPU and improving the network performance.
The chip comprises an incoming direction processing Engine (IPE), a storage and forwarding module (BSR), an outgoing direction processing Engine (EPE) and a WLAN processing Engine (WLAN Engine). The invention is configured with CAPWAP table in IPE direction of the chip, it uses IPDA (destination IP address) + IPSA (source IP address) to search, and Key ID for decryption and isEncryptedPkt field for judging whether it is an encrypted data packet are configured in the entry. In this embodiment, it is necessary to configure that the isencipherpdkt state is 1 as a condition for determining whether the encryption state is matched, compare whether the encryption state analyzed by the current data packet is matched with the isencipherpdkt state, determine that the current data packet is an encrypted data packet on the control channel if the encryption state is matched with the isencipherpdkt state, and determine that the current data packet is a plaintext data packet after decryption coordination processing on the control channel if the encryption state is not matched with the isencipherpdkt state.
In addition, a Nexthop entry is also configured in the chip, which contains the ID of the encryption Key and the ispapwapcontrol field for determining whether the data is capwap control channel data. In this embodiment, when the state of the isCapwapControl is configured to be 1, the isCapwapControl is identified as data of the Capwap control channel, otherwise, the state is not.
Referring to fig. 2 to 4, the chip co-processing method for DTLS encryption and decryption of a CAPWAP control channel disclosed in the present invention includes: message DTLS decryption processing and message encryption processing.
As shown in fig. 2, the following specifically describes the DTLS decryption process of the message:
step 1, after receiving a DTLS encrypted message ① from an input port, an IPE of a chip analyzes whether the message is a CAPWAP DTLS message which needs to be decrypted locally, if so, the CAPWAP table configured in the chip is searched to obtain a Key ID and an isencryptedPkt field for message decryption, if the state of the isencryptedPkt field is 1, and the current data packet is analyzed to be the DTLS encrypted message (namely, the state of the field is checked to be correct), and no other operation is performed, the message directly enters a BSR, and the Key ID for decryption is transmitted to the BSR, the EPE and the WLAN Engine in sequence along with a BUS (BUS).
The query fields used to look up the CAPWAP table are: the destination IP address (IPDA) + the source IP address (IPSA) + L4Type (CAPWAP) + iscapwapControl of the message, wherein, L4Type ═ CAPWAP, iscapwapControl field is used for judging whether the message comes from a Capwap control channel, L4Type and iscapwapControl field are resolved by the resolving module in the chip. The L4Type is four-layer feature information, and according to the CAPWAP protocol, when the UDP PORT is 5246 or 5247, the message is considered as a CAPWAP message, that is, the four-layer feature value is CAPWAP, that is, the L4Type is CAPWAP.
And 2, the BSR directly designates the message outlet as a decryption channel A of the WLAN engine, namely the message is directly sent to the outlet of the decryption channel A of the WLAN engine.
It should be noted that, when the message needs to be decrypted, the EPE directly sends the message to the outlet of the WLAN engine decryption channel a without editing the message.
And step 3, the WLAN engine decrypts the message ① entering the channel A, looks up a table according to the Key ID to obtain a Key for decryption, performs a decryption algorithm on the message according to the Key, and sends the decrypted plaintext, namely the CAPWAP message ② to the IPE again.
The decryption algorithm used here can be implemented using the existing DTLS decryption algorithm and will not be described in detail here.
And 4, after the IPE receives the CAPWAP message ② again, the analysis module in the chip checks that the message is a plaintext message, the CAPWAP table is continuously searched, after the entry is searched, the state check of the isencipherpkt is not matched due to the plaintext message, the chip logic directly sends the plaintext CAPWAP message ② to the CPU, and the CPU performs subsequent processing on the message.
Referring to fig. 3 and 4, the following describes a message encryption process in detail, and it should be noted that, for a message to be sent by the CAPWAP control channel, the CPU only adds a plaintext CAPWAP Header, and sends information related to encryption (e.g., Nexthop ID) to a socket (socket layer), and the information related to encryption is finally sent to the packet forwarding chip through a chip Header (ASIC _ Header). The message encryption processing process in the chip specifically comprises the following steps:
in step 1', the chip receives the message ① from the CPU in the BSR, and the ASIC _ Header of the message ① is automatically stripped off by the chip and analyzed as bus (bus) information, and sent to the EPE by the BSR.
And 2', the EPE indexes the Nexthop table configured in the chip according to the Nexthop ID carried in the bus information to obtain a corresponding entry, wherein the entry comprises an ID of an encryption Key and an iscapwapControl field, and the iscapwapControl field is configured to be 1, so that the chip considers that the received message comes from a CAPWAP control channel.
Step 3', after the chip checks that the isCapwapControl field is 1, a message is inserted into a DTLS header and the two-layer header is cut off, then the message ② is sent to the WLAN engine encryption channel C, and the encrypted Key is brought to the WLAN engine along with the BUS.
And 4', after receiving the message from the encryption channel C, the WLAN engine checks the information in the BUS, if encryption is needed, AES calculation ciphertext is performed according to the Key for encryption transmitted from the BUS in a mode specified by a DTLS protocol, DTLS encryption is performed to obtain an encrypted message ③ containing an IP head, and the encrypted message ③ containing the IP head is sent to IPE again for processing, wherein the used Key is obtained by searching a Key table according to the encryption Key ID on the BUS.
Step 5', after receiving the encrypted message ③ containing the IP header, the IPE normally performs a routing table lookup to obtain the ID and the exit of the forwarding behavior, sends the message to the BSR, sends the message to the EPE, the EPE performs a corresponding forwarding behavior according to the forwarding behavior ID lookup, edits the message according to the forwarding behavior to obtain a message ④ after route editing, and finally forwards the message ④ after route editing from the found exit (such as an ethernet port).
Therefore, the scope of the present invention should not be limited to the disclosure of the embodiments, but includes various alternatives and modifications without departing from the scope of the present invention, which is defined by the claims of the present patent application.
Claims (8)
1. A chip co-processing method for DTLS encryption and decryption of a CAPWAP control channel is characterized by comprising the following steps:
message decryption processing in the chip: after the chip receives the message encrypted by the DTLS, checking a CAPWAP table configured in the chip to obtain a Key ID for decryption and an isencipheredPkt field for judging whether the message is an encrypted data packet, if the state of the isencipheredPkt field is checked to be correct, decrypting the message according to a corresponding Key searched by the Key ID for decryption to obtain a plaintext CAPWAP message, returning the CAPWAP message into the chip again to continuously check the CAPWAP table, and finally sending the CAPWAP message to the CPU;
message encryption processing in the chip: after receiving a message from a CPU, a chip indexes a Nexthop table configured in the chip according to Nexthop ID carried in a bus to find a corresponding Nexthop item, the chip checks the state of an iscapwapControl field in the Nexthop item for judging whether the message is a CAPWAP control channel message, if the state is correct, DTLS encryption is carried out on the message according to Key obtained by searching the Key ID for encryption in the Nexthop item, the encrypted message containing an IP header is looped back into the chip, and message forwarding processing is normally carried out; in the process of message encryption processing, after the CPU completes the addition of a plaintext CAPWAP Header to a message to be sent by a CAPWAP control channel, the encrypted information is sent to a socket layer, and the encrypted information is finally sent to a chip through an ASIC _ Header for further encryption processing.
2. The chip co-processing method for the DTLS encryption and decryption of the CAPWAP control channel according to claim 1, wherein the decryption process of the message specifically includes: after receiving a message encrypted by a DTLS, a chip firstly analyzes whether the message is a local message needing to be decrypted or not, if so, the CAPWAP table is searched to obtain a Key ID and an isencrypt Pkt field for decryption, if the state of the isencrypt Pkt field is checked to be correct, the Key table is checked again according to the Key ID to obtain a Key for decryption, then a DTLS decryption algorithm is adopted to decrypt the message to obtain a plaintext CAPWAP message, the CAPWAP message is looped back to the chip again, whether the message is analyzed to be the plaintext CAPWAP message or not is judged, if so, the CAPWAP table is continuously searched to obtain a corresponding entry, the isencrypt Pkt field in the entry is checked, and if not, the chip directly sends the plaintext CAPWAP message to a CPU.
3. The chip co-processing method for CAPWAP control channel DTLS encryption and decryption of claim 1, wherein the query field for searching the CAPWAP table is: the destination IP address of the message plus the source IP address plus the L4Type plus the iscapwapControl field used to determine if it is a CAPWAP control channel message.
4. The CAPWAP control channel DTLS encryption and decryption chip co-processing method as claimed in claim 1, wherein when the state of the isencipheredPkt field is configured to be 1, it is determined that the data packet is encrypted, i.e. no error is detected.
5. The CAPWAP control channel DTLS encryption and decryption chip co-processing method as claimed in claim 1, wherein after a chip receives a message from a CPU, the ASIC _ Header is stripped off by the chip and analyzed as the bus information.
6. The CAPWAP control channel DTLS encryption and decryption chip co-processing method according to claim 1, wherein in the message encryption processing process, after the chip receives a message from a CPU, a Nexthop table configured in the chip is indexed according to the NexthopID carried in a bus.
7. The chip co-processing method for encryption and decryption of the DTLS of the CAPWAP control channel as claimed in claim 1, wherein when the status of the field configured for ispapcontrol is 1, it is determined that the message is from the Capwap control channel, i.e. the check is error-free.
8. The chip coprocessing method for CAPWAP control channel DTLS encryption and decryption as claimed in claim 1, wherein in the encryption processing process of CAPWAP messages in a chip, if the chip checks that the state of the ispapwapControl field is 1, the message is inserted into a DTLS header and a two-layer header is cut off, then DTLS encryption is performed on the message according to the key, the encrypted message with the IP header is looped back into the chip, and after the chip receives the message with the IP header, routing table lookup is normally performed to obtain a forwarding behavior and an exit, so as to perform message forwarding processing.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611270117.7A CN106790200B (en) | 2016-12-30 | 2016-12-30 | Chip co-processing method for DTLS encryption and decryption of CAPWAP control channel |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611270117.7A CN106790200B (en) | 2016-12-30 | 2016-12-30 | Chip co-processing method for DTLS encryption and decryption of CAPWAP control channel |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106790200A CN106790200A (en) | 2017-05-31 |
| CN106790200B true CN106790200B (en) | 2020-04-14 |
Family
ID=58951785
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201611270117.7A Active CN106790200B (en) | 2016-12-30 | 2016-12-30 | Chip co-processing method for DTLS encryption and decryption of CAPWAP control channel |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106790200B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108616355A (en) * | 2018-05-03 | 2018-10-02 | 盛科网络(苏州)有限公司 | Software handshake negotiates the CAPWAP tunnel DTLS encipher-decipher methods of hardware enciphering and deciphering |
| CN110535748B (en) * | 2019-09-09 | 2021-03-26 | 北京科东电力控制系统有限责任公司 | VPN tunnel mode optimization method and system |
| CN111092829B (en) * | 2019-12-09 | 2022-04-01 | 昆高新芯微电子(江苏)有限公司 | Multi-core switching chip based on switching architecture and data transmission method thereof |
| CN111885062B (en) * | 2020-07-23 | 2022-06-24 | 湖南中车时代通信信号有限公司 | RS485 bus-based communication system and method with authentication encryption function |
| CN112332982B (en) * | 2020-11-25 | 2022-08-26 | 苏州盛科通信股份有限公司 | Macsec decryption method and device |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102811451A (en) * | 2012-07-23 | 2012-12-05 | 福建星网锐捷网络有限公司 | Method and device for controlling connection of control and provisioning of wireless access points (Capwap) tunnel |
| CN103312449A (en) * | 2012-03-16 | 2013-09-18 | 鼎桥通信技术有限公司 | Downlink data packet transmission method under AP (Access Point) networking scene and RNC (Radio Network Controller) |
| CN105611529A (en) * | 2015-12-31 | 2016-05-25 | 盛科网络(苏州)有限公司 | Chip implementation method for encrypting and decrypting CAPWAP DTLS message |
| CN105635145A (en) * | 2015-12-31 | 2016-06-01 | 盛科网络(苏州)有限公司 | Chip-level safety protection method of CAPWAP DTLS tunnel |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080072047A1 (en) * | 2006-09-20 | 2008-03-20 | Futurewei Technologies, Inc. | Method and system for capwap intra-domain authentication using 802.11r |
-
2016
- 2016-12-30 CN CN201611270117.7A patent/CN106790200B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103312449A (en) * | 2012-03-16 | 2013-09-18 | 鼎桥通信技术有限公司 | Downlink data packet transmission method under AP (Access Point) networking scene and RNC (Radio Network Controller) |
| CN102811451A (en) * | 2012-07-23 | 2012-12-05 | 福建星网锐捷网络有限公司 | Method and device for controlling connection of control and provisioning of wireless access points (Capwap) tunnel |
| CN105611529A (en) * | 2015-12-31 | 2016-05-25 | 盛科网络(苏州)有限公司 | Chip implementation method for encrypting and decrypting CAPWAP DTLS message |
| CN105635145A (en) * | 2015-12-31 | 2016-06-01 | 盛科网络(苏州)有限公司 | Chip-level safety protection method of CAPWAP DTLS tunnel |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106790200A (en) | 2017-05-31 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106790200B (en) | Chip co-processing method for DTLS encryption and decryption of CAPWAP control channel | |
| US9992310B2 (en) | Multi-hop Wan MACsec over IP | |
| US8112622B2 (en) | Chaining port scheme for network security | |
| CN101309273B (en) | Method and device for generating safety alliance | |
| CN102571613B (en) | Method and network device for message forwarding | |
| JP5785346B1 (en) | Switching facility and data processing method supporting link layer security transmission | |
| CN106301765B (en) | Encryption and decryption chip and method for realizing encryption and decryption | |
| WO2014198060A1 (en) | Method and device for routing data message | |
| CN110830393B (en) | Method and device for realizing MACsec in chip stacking mode | |
| JP2009246801A (en) | Method of encrypting divided packet, method of decrypting encrypted divided packet, encryption apparatus and program | |
| CN105611529B (en) | The chip implementing method of CAPWAP DTLS message encryption and decryption | |
| CN103067290A (en) | Virtual Private Network (VPN) tunnel implementation method based on virtual network adapter adaptable load balancing network | |
| CN112600802B (en) | SRv6 encrypted message and SRv6 message encryption and decryption methods and devices | |
| CN113852552B (en) | Network communication method, system and storage medium | |
| CN106254231A (en) | A kind of industrial safety encryption gateway based on state and its implementation | |
| US10951520B2 (en) | SDN, method for forwarding packet by SDN, and apparatus | |
| CN106161386B (en) | Method and device for realizing IPsec (Internet protocol Security) shunt | |
| US9106618B2 (en) | Control plane encryption in IP/MPLS networks | |
| CN110636078B (en) | Method and device for realizing Cloudsec | |
| WO2011079717A1 (en) | Message transmitting method, equipment and system | |
| CN106685786B (en) | The chip implementing method of multistage ACL in a kind of wlan system | |
| CN114338116A (en) | Encryption transmission method and device and SD-WAN (secure digital-Wide area network) network system | |
| CN108924121B (en) | Multi-channel communication method and system | |
| US20210092103A1 (en) | In-line encryption of network data | |
| CN109194558B (en) | Tunnel message authentication forwarding method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address |
Address after: 215101 unit 13 / 16, 4th floor, building B, No. 5, Xinghan street, Suzhou Industrial Park, Jiangsu Province Patentee after: Suzhou Shengke Communication Co.,Ltd. Address before: 215021 unit 13 / 16, floor 4, building B, No. 5, Xinghan street, industrial park, Suzhou, Jiangsu Province Patentee before: CENTEC NETWORKS (SU ZHOU) Co.,Ltd. |
|
| CP03 | Change of name, title or address |