CN108848111B - Decentralized virtual private network building method based on block chain technology - Google Patents
Decentralized virtual private network building method based on block chain technology Download PDFInfo
- Publication number
- CN108848111B CN108848111B CN201810884401.6A CN201810884401A CN108848111B CN 108848111 B CN108848111 B CN 108848111B CN 201810884401 A CN201810884401 A CN 201810884401A CN 108848111 B CN108848111 B CN 108848111B
- Authority
- CN
- China
- Prior art keywords
- network
- virtual private
- user
- node
- access
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4633—Interconnection of networks using encapsulation techniques, e.g. tunneling
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0272—Virtual private networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/104—Peer-to-peer [P2P] networks
- H04L67/1042—Peer-to-peer [P2P] networks using topology management mechanisms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3066—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3297—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Business, Economics & Management (AREA)
- Physics & Mathematics (AREA)
- Algebra (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Analysis (AREA)
- Mathematical Optimization (AREA)
- Mathematical Physics (AREA)
- Pure & Applied Mathematics (AREA)
- Business, Economics & Management (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a decentralized virtual private network building method based on a block chain technology. In addition, the invention can establish a multi-to-multi decentralized virtual private network, and the decentralized network organization structure is also beneficial to enhancing the robustness of the network, thereby improving the safety of the virtual private network and reducing the network operation risk.
Description
Technical Field
The invention belongs to the technical field of virtual private network construction, and particularly relates to a decentralized virtual private network construction method based on a block chain technology.
Background
The virtual private network can enable foreign personnel to conveniently access the internal network of the unit through the Internet to obtain intranet resources, and can greatly improve the work efficiency, so that the virtual private network is widely applied to scenes such as large enterprises and public institutions, the internal of industrial alliances and the like, and remarkable economic benefits are obtained. At present, the networking method of the virtual private network is simpler, usually a virtual private network server is erected in the network, and foreign personnel locally access the intranet by connecting the virtual private network server through the internet; the communication data between the client terminal and the virtual private network server are encrypted, which is substantially equivalent to packaging a private data channel on a public network by using an encryption technology.
The current virtual private networks mainly include an MPLS virtual private network, an SSL virtual private network, and an IPSec virtual private network according to different configuration protocols. The MPLS virtual private network is an IP virtual private network based on the MPLS technology, and is an IP virtual private network implemented by applying the MPLS (Multiprotocol Label Switching) technology to a network routing and Switching device, simplifying the routing manner of a core router, and using Label Switching in combination with the conventional routing technology. MPLS has the advantage of combining two-layer switching and three-layer routing technologies, and has superior performance in addressing the significant problems of IP networks, such as virtual private networks, service classification, and traffic engineering. Therefore, the MPLS virtual private network is also more and more appreciated by operators in terms of solving the problem of enterprise interconnection and providing various new services, and becomes an important means for providing value-added services for IP network operators. The MPLS virtual private network can be divided into a two-layer MPLS virtual private network and a three-layer MPLS virtual private network; SSL virtual private networking is a virtual private networking technology based on HTTPS (Secure HTTP, HTTP protocol that supports SSL) and operates between a transport layer and an application layer. The SSL virtual private network fully utilizes the identity authentication, data encryption and message integrity verification mechanism based on the certificate provided by the SSL protocol, and can establish secure connection for communication between application layers. The SSL virtual private network is widely applied to remote security access based on Web, and provides security guarantee for a user to remotely access an internal network of a company; the IPSec virtual private network is a virtual private network technology based on an IPSec protocol, and the IPSec protocol provides tunnel security guarantee; IPSec is an IETF designed end-to-end mechanism for securing data security based on IP communications, which provides high quality, interoperable, cryptography-based security guarantees for data transmitted over the Internet.
However, the above-mentioned simple networking methods have some natural defects objectively, and as the deep exposure of the application becomes more and more obvious, firstly, the security problem is the problem, on one hand, the network structure is simple, so that the attack and intrusion become easy, on the other hand, the wide application of the wireless mobile terminal increases the risk, and when the user roams between access points, the solution using any advanced encryption technology has the possibility of being broken; furthermore, compatibility problems with products and solutions are significant, and many vendors or service providers are reluctant or unable to comply with virtual private network technology standards, and mixing products from different vendors may present technical problems.
The block chain technology is pushed to the front by digital encryption currency represented by bitcoin, and the block chain technology breaks the dependence of a practical application scene on a centralized system by means of a system consensus mechanism realized by a bottom algorithm, so that a decentralized distributed autonomous system becomes possible, and the safety and the stability of the operation of the system are greatly enhanced. Therefore, the block chain technology has good conformity with the virtual private network networking scene with high safety and good compatibility. At present, exploratory applications of the block chain technology in the fields of finance, warranty and the like are widely spread, and application methods in the aspect of network construction still need to be explored.
Disclosure of Invention
In view of the above, the present invention provides a method for building a decentralized virtual private network based on a block chain technology, and simultaneously considers a system pre-planning stage and a real-time control stage to obtain an optimal operation strategy of the system.
A decentralized virtual private network building method based on block chain technology comprises the following steps:
(1) constructing a virtual private network framework consisting of a plurality of distributed peer server nodes;
(2) designing a network consensus mechanism to ensure the validity of the virtual private network user access;
(3) the virtual private network data packet is encrypted by using an asymmetric encryption algorithm, so that the network data security is enhanced;
(4) and a network data organization form is optimized by adopting a data blocking and packaging method, so that network compatibility is improved.
Further, the specific implementation method of the step (1) is as follows: the method comprises the steps that a one-to-many network structure of a traditional centralized network server for a plurality of network users is changed into a multi-to-many new network structure of a plurality of distributed network servers for the plurality of network users, a plurality of server nodes with equal positions and the same functions exist in the new network structure, and the new network structure has the functions of validity verification, data processing and storage and is the core of the whole network; on the contrary, the user nodes in the network participate in the process of verifying the network consensus legality, but do not have the functions of network data processing and storage, and a plurality of server nodes can be located at the same actual place or distributed in each branch of a company or a unit to mutually verify identity data sharing.
Further, the network consensus mechanism designed in step (2) performs authentication on user access by relying on participation of all online nodes in the network, including distributed server nodes and accessed user nodes, and a user can access the virtual private network only when most network online nodes pass authentication.
Further, the network consensus mechanism designed in the step (2) is as follows: when a user requests to access the virtual private network, identity authentication information is sent to all online nodes in the network, all online nodes respectively judge the validity of a new access user and broadcast the judgment result in the whole network range, if the total number of the online nodes judging that the new access user is valid exceeds a set value, the validity of the new access user is admitted and the new access user is allowed to access the virtual private network, otherwise, the access of the new access user is refused.
Further, the specific criteria for determining whether the new access user has validity are as follows: assuming that n user nodes and m server nodes are in the virtual private network, the system judges that the new access user has validity when the following relational expression is satisfied;
wherein: m and n are both natural numbers greater than 1, AiIs the judgment result of the ith user node, if the ith user nodePoint decision new access user rule Ai1, otherwise Ai=0;BjIs the judgment result of the jth server node, if the jth server node judges that the new access user is a rule Bj1, otherwise Bj0; k is a set weight coefficient, when k is 1, the effectiveness of the judgment result of the server node is the same as that of the judgment result of the user node, and when k is more than 1, the judgment result of the server node is more reliable than that of the user node.
Further, the specific implementation method of the step (3) is as follows: and the newly accessed user node encrypts the request password by using a private key and broadcasts the encrypted request password to other online nodes in the virtual private network, the online nodes in the network decrypt the received ciphertext by using the public key, the decrypted result is compared with the node registration information in the network, and if the same registration information exists, the newly accessed user node is judged to be a legal node, otherwise, the newly accessed user node is an illegal node.
Further, the specific implementation method of the step (4) is as follows: data in the virtual private network is packaged in a block form by adopting a data organization form of a block chain in a bit currency system, wherein block authentication information is packaged in a block head, and a block body comprises storage data and an access record of a current block; and the legal node can access and acquire corresponding block data after being successfully authenticated.
The distributed decentralized virtual private network is established by introducing the block chain technology, and the data packet is encrypted by introducing the asymmetric encryption algorithm while judging the access validity based on network consensus, so that the safety of the virtual private network is ensured. In addition, the invention can establish a multi-to-multi decentralized virtual private network, and the decentralized network organization structure is also beneficial to enhancing the robustness of the network, thereby improving the safety of the virtual private network and reducing the network operation risk.
Drawings
Fig. 1(a) is a schematic structural diagram of a conventional virtual private network system.
Fig. 1(b) is a schematic structural diagram of the virtual private network system according to the present invention.
Fig. 2(a) is a schematic diagram of an authentication process of a conventional vpn system.
Fig. 2(b) is a schematic diagram of the authentication process of the vpn system according to the present invention.
Detailed Description
In order to more specifically describe the present invention, the following detailed description is provided for the technical solution of the present invention with reference to the accompanying drawings and the specific embodiments.
The invention relates to a decentralized virtual private network building method based on a block chain technology, which comprises the following steps:
(1) a virtual private network framework is constructed that includes a plurality of distributed peer server network nodes.
The traditional "one-to-many" network architecture of one centralized network server to many network users as shown in fig. 1(a) is changed to a new "many-to-many" network architecture of a plurality of distributed network servers to many network users as shown in fig. 1 (b).
The virtual private network is a layered distributed mode, namely a plurality of network service nodes with equal status and same function exist on the upper layer, has the functions of validity verification, data processing, storage and the like, and is the core of the whole network; the user node is different from the user node which only participates in network data access in the traditional networking mode, and also participates in the process of verifying the network consensus by the legality of other network nodes while participating in the data access. The server nodes at the upper layer can be located at the same actual place, and can also be distributed to various branches of a company or an organization, and the server nodes mutually verify identity data sharing.
(2) A network consensus mechanism is designed to ensure the validity of virtual private network user access.
As shown in fig. 2(a), the conventional validity authentication is only performed between the access user and the central server, the access user inputs a password, the password is encrypted by the network embedded encryption algorithm and then sent to the central server, the central server decrypts the ciphertext and compares the decrypted ciphertext with the user registration information stored in the central server, if the comparison result is consistent, the access user is considered to be a valid user, otherwise, the access user is considered to be an illegal user, and the user is denied access. The traditional identity validity verification has low security, and once an encryption algorithm is cracked, the illegal access of the virtual private network becomes extremely easy. The identity authentication of the consensus mechanism designed by the invention depends on the participation of all online nodes in the network, including distributed peer-to-peer server nodes and network access nodes, and a user can access the virtual private network only when most of the network participation nodes pass the identity authentication. If a network attack is wanted, only one or a plurality of nodes cannot be attacked, most network consensus nodes must be attacked in a short time to destroy the network consensus rules, and the attack of the most network consensus nodes in the short time is extremely difficult, so that the whole virtual private network has very high reliability.
As shown in fig. 2(b), when a user wants to access the virtual private network, the user sends identity authentication information to all participating nodes in the network, and all participating nodes respectively judge the validity of the new access node and broadcast the judgment result in the whole network range, and if the total number of the new access node judged to be the valid node exceeds a set value, the validity of the new node is admitted to allow the new node to access the virtual private network, and otherwise the access of the new node is rejected. And allowing the node to resubmit the network access request, and if the access request is continuously verified for a certain number of times, prohibiting the node from initiating the access request within a certain time period.
Suppose there are n registered user nodes and m server nodes in the virtual private network, respectively using Ai,BjI.e., 1, n, j.1, m. If the ith registered user node or the jth server node considers that the request access node is a legal node, A is providedi=1,Bj1, otherwise has Ai=0,Bj0. Then the system determines that the new access node is legitimate when the following conditions are met:
wherein: k is a weight coefficient, when k is 1, the judgment result of the server node and the judgment result of the registered user node have the same effect, and when k is larger than 1, the judgment result of the server node has higher reliability than the judgment result of the registered user node, but the value of k is not too large, otherwise, the judgment result of the individual server node can play a decisive role.
(3) And the virtual private network data packet is encrypted by using an asymmetric encryption algorithm, so that the network data security is enhanced.
The invention adopts an asymmetric encryption algorithm represented by an elliptic curve encryption algorithm to realize the validity verification of the network access request. Two asymmetric ciphers, called public and private keys, respectively, are used in the encryption and decryption process. The new access node encrypts the request password by using a private key and broadcasts the request password to the participating nodes in the virtual private network, the participating nodes in the network decrypt the received ciphertext by using the public key, the decrypted result is compared with the node registration information in the network, and if the same registration information exists, the new access node is judged to be a legal node, otherwise, the new access node is judged to be an illegal node.
(4) And a network data organization form is optimized by adopting a data blocking and packaging method, so that network compatibility is improved.
The data in the virtual private network is packaged in the form of blocks by adopting a data organization form in a similar bitcoin system. The legal node which obtains the network access consensus obtains the write-in authority of the current block. The block head and the block body form a complete block, the system version number, the time stamp, the Hash value of the current block, the random number and the time stamp are recorded in the block head, other data, data change records and data access records are recorded in the block body, and the root of the Merkle tree is searched through the Hash process and recorded in the block head.
The block chain technology requires that a node for acquiring the current block writing authority must add a time stamp in a block header to determine the writing time of the block, which naturally provides convenience for establishing data validity and network security, and is easy to determine the generation, access, modification time, and the like of data.
The legal user can access and acquire corresponding data after successful authentication. Therefore, all the virtual private networks and hardware devices based on the block chain technology can realize good compatibility only by adjusting the system consensus rule and the encryption rule.
We next used a lan network containing 10 PCs to verify the feasibility and effectiveness of the present invention, where 1 is the node that newly requested access to the vpn, 5 of the remaining 9 PCs simulate vpn access nodes, and 4 simulate distributed peer server nodes. The adopted PC models are as follows: dall (DELL), 3667-R1838/R2848 commercial desktop computer complete machine, i5-6400 CPU, 8G memory. The following two experiments were performed with the system set up:
1. system effectiveness test:
the node newly requesting to access the virtual private network broadcasts a network access request and encrypted identity authentication information in the network, 5 network access nodes and 4 distributed peer server nodes decrypt the corresponding identity authentication information after receiving the network access request and judge the identity of the newly requested access node, and 9 nodes are all determined to be legal and allowed to access; in contrast experiments, the node newly requesting to access the virtual private network broadcasts a network access request and encrypted wrong identity information in the network, and 9 nodes are verified to be illegal and are not allowed to access the virtual private network.
2. And (3) network consensus mechanism effectiveness test:
the node newly requesting to access the virtual private network broadcasts a network access request and encrypted authentication information in the network, and k is set to be 1 in a network consensus mechanism, namely, the method adoptsThe uploading of judgment results of 5 network access nodes is prevented, only 4 distributed peer server nodes upload 'identity legal' verification information in the network, and the verification result of the network about the identity of the new node is illegal because the setting is not satisfiedConsensus condition (4)>4.5, not true); in contrast experiment, k is set to 1.5 in the network consensus mechanism, i.e. the method is adoptedOther conditions are not changed, the verification result of the network about the identity of the new node is legal because the set consensus condition (6) is met>4.5, true).
The embodiments described above are presented to enable a person having ordinary skill in the art to make and use the invention. It will be readily apparent to those skilled in the art that various modifications to the above-described embodiments may be made, and the generic principles defined herein may be applied to other embodiments without the use of inventive faculty. Therefore, the present invention is not limited to the above embodiments, and those skilled in the art should make improvements and modifications to the present invention based on the disclosure of the present invention within the protection scope of the present invention.
Claims (1)
1. A decentralized virtual private network building method based on block chain technology comprises the following steps:
(1) a virtual private network framework consisting of a plurality of distributed peer server nodes is established, a distributed decentralized virtual private network is established by introducing a block chain technology, and an asymmetric encryption algorithm is introduced to encrypt a data packet while judging the access validity based on network consensus so as to ensure the safety of a virtual professional network; in addition, by establishing a multi-to-multi decentralized virtual private network, the decentralized network organization structure is also beneficial to enhancing the robustness of the network, the safety of the virtual private network can be improved, and the network operation risk is reduced; the specific implementation method comprises the following steps: the method comprises the steps that a one-to-many network structure of a traditional centralized network server for a plurality of network users is changed into a multi-to-many new network structure of a plurality of distributed network servers for the plurality of network users, a plurality of server nodes with equal positions and the same functions exist in the new network structure, and the new network structure has the functions of validity verification, data processing and storage and is the core of the whole network; the user nodes in the network participate in the process of verifying the network consensus for legality, but do not have the functions of network data processing and storage, and a plurality of server nodes can be located at the same actual place and can also be distributed in each branch of a company or a unit to mutually verify identity data sharing;
(2) designing a network consensus mechanism to ensure the validity of the user access of the virtual private network, wherein the identity authentication of the user access by the network consensus mechanism depends on the participation of all online nodes in the network, including distributed server nodes and accessed user nodes, and the user can access the virtual private network only when most network online nodes pass the identity authentication;
the network consensus mechanism is as follows: when a user requests to access the virtual private network, identity authentication information is sent to all online nodes in the network, all online nodes respectively judge the legality of a new access user and broadcast the judgment result in the whole network range, if the total number of the online nodes which judge that the new access user is legal exceeds a set value, the legality of the new access user is admitted and the new access user is allowed to access the virtual private network, otherwise, the access of the new access user is refused;
the specific criteria for judging whether the new access user has validity are as follows: assuming that n user nodes and m server nodes are in the virtual private network, the system judges that the new access user has validity when the following relational expression is satisfied;
wherein: m and n are both natural numbers greater than 1, AiIf the ith user node judges that the new access user is the judgment result of the ith user node, the judgment result is a new access user combination rule Ai1, otherwise Ai=0;BjIs the judgment result of the jth server node, if the jth server node judges that the new access user is a rule Bj1, otherwise Bj0; k is a set weight coefficient, when k is 1, the judgment result of the server node is equal to the judgment result of the user node in effectiveness, and when k is more than 1, the judgment result of the server node is shownThe result has more credibility than the judgment result of the user node;
(3) the method for encrypting the virtual private network data packet by using the asymmetric encryption algorithm to strengthen the network data security comprises the following specific steps: the newly accessed user node encrypts the request password by using a private key and broadcasts the request password to other online nodes in the virtual private network, the online nodes in the network decrypt the received ciphertext by using the public key, the decrypted result is compared with the node registration information in the network, and if the same registration information exists, the newly accessed user node is judged to be a legal node, otherwise, the newly accessed user node is an illegal node;
(4) a network data organization form is optimized by adopting a data blocking encapsulation method, network compatibility is improved, and the specific implementation method comprises the following steps: data in the virtual private network is packaged in a block form by adopting a data organization form of a block chain in a bit currency system, wherein block authentication information is packaged in a block head, and a block body comprises storage data and an access record of a current block; and the legal node can access and acquire corresponding block data after being successfully authenticated.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810884401.6A CN108848111B (en) | 2018-08-06 | 2018-08-06 | Decentralized virtual private network building method based on block chain technology |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810884401.6A CN108848111B (en) | 2018-08-06 | 2018-08-06 | Decentralized virtual private network building method based on block chain technology |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108848111A CN108848111A (en) | 2018-11-20 |
CN108848111B true CN108848111B (en) | 2021-09-10 |
Family
ID=64195308
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810884401.6A Active CN108848111B (en) | 2018-08-06 | 2018-08-06 | Decentralized virtual private network building method based on block chain technology |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108848111B (en) |
Families Citing this family (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109102261A (en) * | 2018-08-02 | 2018-12-28 | 刘卓 | Based on the encryption currency for matching the decentralization for winning banknote, safety, power saving |
CN111598564B (en) * | 2019-02-20 | 2023-11-21 | 华为技术有限公司 | Block chain node connection establishment method, device and equipment |
CN110708383B (en) * | 2019-10-12 | 2022-06-07 | 深圳市迅雷网络技术有限公司 | Network connection method of block chain node and related equipment |
CN110839029B (en) * | 2019-11-14 | 2021-06-25 | 腾讯科技(深圳)有限公司 | Micro-service registration method and device |
CN111131420B (en) * | 2019-12-12 | 2022-05-31 | 腾讯科技(深圳)有限公司 | Electronic resource transfer method, device and storage medium |
CN111460468A (en) * | 2020-02-27 | 2020-07-28 | 山东公链信息科技有限公司 | Block chain encryption and decryption method and system based on fault-tolerant mechanism |
CN112291356B (en) * | 2020-11-02 | 2022-01-04 | 大连理工大学 | Self-verification variable name distributed storage method based on CNFS protocol |
CN112738751B (en) * | 2020-12-08 | 2023-07-04 | 中车工业研究院有限公司 | Wireless sensor access authentication method, device and system |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106453271A (en) * | 2016-09-21 | 2017-02-22 | 江苏通付盾科技有限公司 | Identity registration method and system, identity authentication method and system |
CN107181765A (en) * | 2017-07-25 | 2017-09-19 | 光载无限(北京)科技有限公司 | Network digital identity identifying method based on block chain technology |
CN107196966A (en) * | 2017-07-05 | 2017-09-22 | 北京信任度科技有限公司 | The identity identifying method and system of multi-party trust based on block chain |
CN107959676A (en) * | 2017-11-27 | 2018-04-24 | 杭州云象网络技术有限公司 | A kind of back end hot-plug method for supporting block chain technology secrecy system |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10129238B2 (en) * | 2016-02-10 | 2018-11-13 | Bank Of America Corporation | System for control of secure access and communication with different process data networks with separate security features |
-
2018
- 2018-08-06 CN CN201810884401.6A patent/CN108848111B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106453271A (en) * | 2016-09-21 | 2017-02-22 | 江苏通付盾科技有限公司 | Identity registration method and system, identity authentication method and system |
CN107196966A (en) * | 2017-07-05 | 2017-09-22 | 北京信任度科技有限公司 | The identity identifying method and system of multi-party trust based on block chain |
CN107181765A (en) * | 2017-07-25 | 2017-09-19 | 光载无限(北京)科技有限公司 | Network digital identity identifying method based on block chain technology |
CN107959676A (en) * | 2017-11-27 | 2018-04-24 | 杭州云象网络技术有限公司 | A kind of back end hot-plug method for supporting block chain technology secrecy system |
Also Published As
Publication number | Publication date |
---|---|
CN108848111A (en) | 2018-11-20 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108848111B (en) | Decentralized virtual private network building method based on block chain technology | |
US7346773B2 (en) | Enabling stateless server-based pre-shared secrets | |
US9819666B2 (en) | Pass-thru for client authentication | |
CN103959735B (en) | For providing the system and method communicated in safe multicasting cluster | |
CN103427998B (en) | The authentication of a kind of Internet data distribution and data ciphering method | |
US8417949B2 (en) | Total exchange session security | |
WO2019178942A1 (en) | Method and system for performing ssl handshake | |
JP2005027312A (en) | Reduction of network configuration complexity using transparent virtual private networks | |
WO2008083628A1 (en) | A authentication server and a method,a system,a device for bi-authenticating in a mesh network | |
US20180115520A1 (en) | Dark virtual private networks and secure services | |
CN113364811B (en) | Network layer safety protection system and method based on IKE protocol | |
CN113849815B (en) | Unified identity authentication platform based on zero trust and confidential calculation | |
JP4783340B2 (en) | Protecting data traffic in a mobile network environment | |
CN108769988A (en) | A kind of local mesh wireless networks of the certificate verification security mechanism based on 802.1x | |
WO2009018510A1 (en) | Systems and methods for implementing a mutating internet protocol security | |
CN107493294A (en) | A kind of secure accessing and management control method of the OCF equipment based on rivest, shamir, adelman | |
Park et al. | Survey for secure IoT group communication | |
US20230077053A1 (en) | Authentication using a decentralized and/or hybrid dencentralized secure crypographic key storage method | |
CN107979466A (en) | The safe Enhancement Method of iSCSI protocol based on Diffie-Hellman agreements | |
Pimentel et al. | OCP: A protocol for secure communication in federated content networks | |
CN113783693A (en) | Key agreement and authentication method based on limited application protocol CoAP | |
Ren et al. | A detailed implement and analysis of MPLS VPN based on IPSec | |
Alhumrani et al. | Cryptographic protocols for secure cloud computing | |
Khandkar et al. | Extended TLS: Masking Server Host Identity on the Internet Using Encrypted TLS Handshake | |
Pradeep et al. | Formal Verification of CHAP PPP authentication Protocol for Smart City/Safe City Applications. |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
EE01 | Entry into force of recordation of patent licensing contract | ||
EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20181120 Assignee: HANGZHOU HUA TING TECHNOLOGY Co.,Ltd. Assignor: HANGZHOU YUNXIANG NETWORK TECHNOLOGY Co.,Ltd. Contract record no.: X2023980033410 Denomination of invention: A Method of Constructing Decentralized Virtual Private Network Based on Blockchain Technology Granted publication date: 20210910 License type: Common License Record date: 20230313 |