CN110290151A - File transmitting method, device and read/write memory medium - Google Patents
File transmitting method, device and read/write memory medium Download PDFInfo
- Publication number
- CN110290151A CN110290151A CN201910649126.4A CN201910649126A CN110290151A CN 110290151 A CN110290151 A CN 110290151A CN 201910649126 A CN201910649126 A CN 201910649126A CN 110290151 A CN110290151 A CN 110290151A
- Authority
- CN
- China
- Prior art keywords
- transmission path
- transmission
- security level
- message
- path
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
- H04L63/205—Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0485—Networking architectures for enhanced packet encryption processing, e.g. offloading of IPsec packet processing or efficient security association look-up
Abstract
The application provides a kind of file transmitting method, device and read/write memory medium, is related to field of communication technology.This method comprises: obtaining the security level of transmission path, the transmission path is the path that transmitting terminal is formed to links all between receiving end, the link is a node to the physical circuit between adjacent node, and the security level of the transmission path is determined according to the predetermined level of all links in the transmission path;Message is sent in the transmission path according to transmission strategy corresponding to the security level of the transmission path, the transmission strategy includes that encrypted transmission or progress plaintext transmission are carried out to the message.Determine whether message needs encrypted transmission by the predetermined level of every section of link in transmission path, it is contemplated that transmission situation of the message in every section of link improves message safety.
Description
Technical field
This application involves fields of communication technology, and in particular to a kind of file transmitting method, device and storage can be read
Medium.
Background technique
In transmission services message, a variety of links may be passed through, such as had plenty of by the Internet lines, have plenty of by
4G route, some or MSTP (Multiple Spanning Tree Protocol, Multiple Spanning Tree Protocol) special line, message exist
It during transmission over networks, may be monitored, information is stolen, and existing message transmission usually first encrypts message, encrypts
Message afterwards does tunnel encapsulation again, still, relative to not encrypting, whether to network transceiver device or to transmission path, all
It will increase additional calculating and bandwidth cost.
Summary of the invention
In view of this, the embodiment of the present application is designed to provide a kind of file transmitting method, device and storage can be read
Medium increases extra computation and bandwidth cost to improve cipher mode existing in the prior art to the network equipment and transmission path
Excessive problem.
The embodiment of the present application provides a kind of file transmitting method, which comprises obtains safety of transmission path etc.
Grade, the transmission path are the path that transmitting terminal is formed to links all between receiving end, and the link is a node to phase
Physical circuit between neighbors, the security level of the transmission path are according to the pre- of all links in the transmission path
What if grade determined;Report is sent in the transmission path according to transmission strategy corresponding to the security level of the transmission path
Text, the transmission strategy include that encrypted transmission or progress plaintext transmission are carried out to the message.
During above-mentioned realization, after the encryption correlated condition in the security level satisfaction transmission strategy of transmission path
Encrypted transmission is carried out to message, just the message in the transmission path is encrypted when transmission path safety is lower,
Message in transmission path is not encrypted when transmission path safety is higher, reduces cryptographic operation, reduce network
The consumption of the computing resource of transceiver and transmission path and bandwidth cost;Further, also according to every section of chain in transmission path
The default property on road determines the safety of transmission path, ensure that the safety of message transmissions.
Optionally, the security level for obtaining transmission path, comprising: send to controller for inquiring the transmission road
The query message of diameter, and receive the security level for the transmission path that the controller returns;Or it receives under the controller
The transmission path safe list of hair obtains safety of the transmission path of the message etc. in the transmission path safe list
Grade, it include the security level of at least one preconfigured transmission path in the transmission path safe list.
During above-mentioned realization, the security level that network transceiver device is returned based on controller, or pacify in transmission path
It is inquired in full list, to determine the security level of transmission path, improves the determination efficiency of security level.
Optionally, the transmission strategy according to corresponding to the security level of the transmission path is in the transmission path
Send message, comprising: when the security level of the transmission path is lower than the first security level, by the message in the transmission
Encrypted transmission is carried out in path;Wherein, the security level of the transmission path refers to lower than the first security level in the transmission
The predetermined level of at least one section link is lower than the first predetermined level on path;When the security level of the transmission path is equal to institute
When stating the first security level, the message is subjected to plaintext transmission, the safety of the transmission path etc. in the transmission path
Grade is equal to the first security level, and to refer to that the predetermined level of each section of link on the transmit path is equal to first default etc.
Grade.
Optionally, described when the security level of the transmission path is lower than the first security level, by the message in institute
It states and carries out encrypted transmission in transmission path, comprising: when the security level of the transmission path is lower than the second security level, to institute
It states after message carries out the encryption of internet security agreement and authentication processing, sends the message in the transmission path, described the
Two security levels are lower than first security level, wherein the security level of the transmission path, which is lower than the second security level, is
Refer to that the predetermined level of at least one section link on the transmit path is lower than the second predetermined level, second predetermined level is small
In first predetermined level;When the security level of the transmission path is equal to second security level, to the message
The message, the safety of the transmission path etc. are sent in the transmission path after carrying out the encryption of internet security agreement
Grade is equal to the second security level, and to refer to that the predetermined level of each section of link on the transmit path is equal to second default etc.
Grade.
During above-mentioned realization, a variety of different encryption policies are corresponded to based on multiple security levels, thus for difference
The transmission path of safety carries out different degrees of message encryption, and the transmission path different to safety executes corresponding safe coefficient
Message encryption processing, improve the accuracy of encryption, ensure that the safety of message when transmission path safety is lower,
Transmission path safety saves the computing resource and bandwidth cost of network transceiver device and transmission path when higher.
The embodiment of the present application also provides a kind of file transmitting methods, which comprises the purpose interconnection based on message
FidonetFido address and network topology structure are that the message plans transmission path, the transmission path be transmitting terminal to receiving end it
Between all links composition path, the link is from a node to the physical circuit adjacent node;Based on the biography
The predetermined level of every section of link determines the security level of the transmission path on defeated path so that the transmitting terminal of the message according to
Transmission strategy corresponding to the security level of the transmission path sends the message, the transmission plan in the transmission path
It slightly include that encrypted transmission or progress plaintext transmission are carried out to the message.
During above-mentioned realization, controller determines transmission path based on the predetermined level of every section of link in transmission path
Security level, the security level of the safe sex determination transmission path of all links, has ensured transmission path on reference transmission path
The accuracy of safety evaluation improves the degree of reliability of message transmission.
Optionally, the predetermined level based on every section of link in the transmission path determines the safety of the transmission path
Grade, comprising: when the predetermined level of at least one section link is lower than the first predetermined level on the transmit path, described in determination
The security level of transmission path is lower than the first security level;The predetermined level of each section of link on the transmit path is impartial
When first predetermined level, determine that the security level of the transmission path is first security level.
During above-mentioned realization, if having in transmission path the predetermined level of any one section of link it is lower when i.e. determine should
The security level of transmission path is lower, needs to encrypt message, to ensure that biography of the message in entire transmission path
Defeated safety.
The embodiment of the present application also provides a kind of packet transmission device, described device includes: that security level obtains module, is used
In the security level for obtaining transmission path, the transmission path is the path that transmitting terminal is formed to links all between receiving end,
The link is a node to the physical circuit between adjacent node, and the security level of the transmission path is according to the biography
What the predetermined level of all links in defeated path determined;Message sending module, for the safety etc. according to the transmission path
Transmission strategy corresponding to grade sends message in the transmission path, and the transmission strategy includes encrypting to the message
Transmission carries out plaintext transmission.
During above-mentioned realization, after the encryption correlated condition in the security level satisfaction transmission strategy of transmission path
Encrypted transmission is carried out to message, just the message in the transmission path is encrypted when transmission path safety is lower,
Is reduced by cryptographic operation, is reduced without encryption for message in the transmission path when transmission path safety is higher
The consumption of the computing resource of network transceiver device and transmission path and bandwidth cost;Further, also according to every in transmission path
The default property of section link determines the safety of transmission path, ensure that the safety of message transmissions.
Optionally, the security level obtains module and is specifically used for: sending to controller for inquiring the transmission path
Query message, and receive the security level for the transmission path that the controller returns;Or it receives the controller and issues
Transmission path safe list, the security level of the transmission path of the message is obtained in the transmission path safe list,
It include the security level of at least one preconfigured transmission path in the transmission path safe list.
During above-mentioned realization, the security level that network transceiver device is returned based on controller, or pacify in transmission path
It is inquired in full list, to determine the security level of transmission path, improves the determination efficiency of security level.
Optionally, the message sending module is specifically used for: when the security level of the transmission path is lower than the first safety
When grade, the message is subjected to encrypted transmission in the transmission path, wherein the security level of the transmission path is lower than
First security level refers to the predetermined level of at least one section link on the transmit path lower than the first predetermined level;Work as institute
When stating the security level of transmission path equal to first security level, the message is carried out in the transmission path in plain text
Transmission, the security level of the transmission path are equal to the first security level and refer to each section of link on the transmit path
Predetermined level is equal to the first predetermined level.
Optionally, the message sending module is specifically used for: safe lower than second in the security level of the transmission path
When grade, after carrying out the encryption of internet security agreement and authentication processing to the message, in the transmission path described in transmission
Message, second security level are lower than first security level, wherein the security level of the transmission path is lower than second
Security level refers to that the predetermined level of at least one section link on the transmit path is lower than second predetermined level, described
Second predetermined level is less than first predetermined level;It is equal to second security level in the security level of the transmission path
When, the message, the biography are sent in the transmission path after carrying out the encryption of internet security agreement to the message
The security level in defeated path is equal to the second security level and refers to the predetermined level of each section of link on the transmit path all
Equal to the second predetermined level.
During above-mentioned realization, a variety of different encryption policies are corresponded to based on multiple security levels, thus for difference
The transmission path of safety carries out different degrees of message encryption, and the transmission path different to safety executes corresponding safe coefficient
Message encryption processing, improve the accuracy of encryption, ensure that the safety of message when transmission path safety is lower,
Transmission path safety saves the computing resource and bandwidth cost of network transceiver device and transmission path when higher.
The embodiment of the present application also provides a kind of packet transmission device, described device includes: transmission path planning module, is used
In based on message purpose Internet protocol address and network topology structure be the message plan transmission path, the transmission road
Diameter is the path that transmitting terminal is formed to links all between receiving end, and the link is from a node to adjacent node
Physical circuit;Safety determining module, for determining the transmission based on the predetermined level of every section of link in the transmission path
The security level in path, so that the transmitting terminal of message transmission strategy according to corresponding to the security level of the transmission path
The message is sent in the transmission path, the transmission strategy includes carrying out encrypted transmission to the message or carrying out in plain text
Transmission.
During above-mentioned realization, controller determines transmission path based on the predetermined level of every section of link in transmission path
Security level, the security level of the safe sex determination transmission path of all links, has ensured transmission path on reference transmission path
The accuracy of safety evaluation improves the degree of reliability of message transmission.
Optionally, the safety determining module is specifically used for: at least one section of link is pre- on the transmit path
If grade is lower than the first predetermined level, determine the security level of the transmission path lower than first security level;Institute
When stating the predetermined level of each section of link in transmission path and being equal to first predetermined level, the transmission path is determined
Security level is first security level.
During above-mentioned realization, if having in transmission path the predetermined level of any one section of link it is lower when i.e. determine should
The security level of transmission path is lower, needs to encrypt message, to ensure that biography of the message in entire transmission path
Defeated safety.
The embodiment of the present application also provides a kind of network transceiver device, the network transceiver device includes memory and processing
Device is stored with program instruction in the memory and executes any of the above-described when the processor reads and runs described program instruction
Step in method.
The embodiment of the present application also provides a kind of control equipment, the control equipment includes memory and processor, described
Program instruction is stored in memory to execute in any of the above-described method when the processor reads and runs described program instruction
The step of.
The embodiment of the present application also provides a kind of read/write memory medium, calculating is stored in the read/write memory medium
Machine program instruction when the computer program instructions are read and run by a processor, executes the step in any of the above-described method.
Detailed description of the invention
Technical solution in ord to more clearly illustrate embodiments of the present application will make below to required in the embodiment of the present application
Attached drawing is briefly described, it should be understood that the following drawings illustrates only some embodiments of the application, therefore should not be seen
Work is the restriction to range, for those of ordinary skill in the art, without creative efforts, can be with
Other relevant attached drawings are obtained according to these attached drawings.
Fig. 1 is a kind of process signal of file transmitting method applied to network transceiver device provided by the embodiments of the present application
Figure;
Fig. 2 is a kind of flow diagram of file transmitting method applied to control equipment provided by the embodiments of the present application;
Fig. 3 is a kind of structural block diagram of packet transmission device 30 provided by the embodiments of the present application;
Fig. 4 is the structural block diagram of another packet transmission device 40 provided by the embodiments of the present application.
Icon: 30- packet transmission device;31- security level obtains module;32- message sending module;40- message is sent
Device;41- transmission path planning module;42- safety determining module.
Specific embodiment
Below in conjunction with attached drawing in the embodiment of the present application, technical solutions in the embodiments of the present application is described.
Through the applicant the study found that the both ends communicated on network, in order to reduce the sense to physical network (Underlay)
Know, enhance the flexibility of network, virtual network (Overlay) is usually constructed with tunnel style, the beginning and end difference in tunnel
For the both ends of network communication, in this way when physical network media changes or egress line changes, to upper layer network
It will not have an impact.Meanwhile the safety in order to guarantee message, usually by transmission path send message before to message into
Tunnel encapsulation is done again after row encryption.Tunnel encapsulation is done after message encryption, after message has gone out equipment, so that it may not have to worry stolen
It takes, still, relative to not encrypting, encryption has burden, whether to network transceiver device or to transmission path, all can
Increase additional calculating and bandwidth cost, in fact, for some routes, such as MSTP (Multiple Spanning Tree
Protocol, Multiple Spanning Tree Protocol) special line, it is not necessary to it encrypts, because safety is secure, but for open interconnection
Net transmission line, it is necessary to encrypt, because safety does not ensure.And it in the prior art can not be according to each section of link in transmission path
Safety message encrypt using flexible encryption policy or does not encrypt transmissions, to network transceiver device and transmission path
Bring biggish calculating and bandwidth cost.
To solve the above-mentioned problems, the embodiment of the present application provides a kind of file transmitting method, which answers
For transmitting terminal, which is usually network transceiver device, for example, computer, smart phone or other be able to carry out message receipts
The terminal device of hair.
Referring to FIG. 1, Fig. 1 is a kind of file transmitting method applied to network transceiver device provided by the embodiments of the present application
Flow diagram, the specific steps of the file transmitting method can be such that
Step S12: the security level of transmission path is obtained.
Transmission path is the path that transmitting terminal is formed to links all between receiving end, and link is a node to adjacent segments
Physical circuit between point.
Such as computer 1 to router 1 is link 1, router 1 to router 2 is link 2, router 2 to router 3
For link 3, router 3 to mobile terminal 1 is link 4, then computer 1 to the transmission path 1 between mobile terminal 1 includes link
1, link 2, link 3, link 4.
It can be seen that the transmission mode of every section of link in same transmission path, network security attribute etc. may be not identical, because
The security level of transmission path is determined according to the predetermined level of all links in the transmission path in this present embodiment, with
Guarantee that all links of the transmission path of a safety are all safe, to improve the safety of the message by the transmission path
Property.
Step S14: message is sent according to transmission strategy corresponding to the security level of transmission path in a transmission path.
It should be understood that transmission strategy includes carrying out encrypted transmission or progress plaintext transmission to message.In transmission path
For that corresponding encrypted transmission or plaintext transmission can be selected to transmit message in transmission strategy when corresponding security level.
During above-mentioned realization, after the encryption correlated condition in the security level satisfaction transmission strategy of transmission path
Encrypted transmission is carried out to message, just the message in the transmission path is encrypted when transmission path safety is lower,
Cryptographic operation is reduced, computing resource consumption and the bandwidth cost of network transceiver device and transmission path are reduced;Further, also
The safety that transmission path is determined according to the safety of every section of link in transmission path, ensure that the safety of message transmissions.
Optionally, step S12 may include: and send to controller for inquiring the query message of transmission path, and receive
The security level for the transmission path that controller returns.
Wherein, the security level for the transmission path that controller returns, which can be, equally to be sent by message, and network transmitting-receiving is set
Standby message for receiving controller return and the security level that the transmission path in its content is obtained after parsing.
Network transceiver device determines safety of transmission path etc. after needing to be communicated with controller in above-mentioned implementation
Grade, locally can not altered data, safety with higher.
Optionally, step S12, which specifically may also is that, receives the transmission path safe list that controller issues, on transmission road
The security level of the transmission path of message is obtained in diameter safe list.
It include the peace of at least one preconfigured transmission path in transmission path safe list in above-mentioned implementation
Congruent grade, network transceiver device it needs to be determined that transmission path security level when directly locally carry out table lookup, passing
The security level that transmission path is obtained in defeated path safe list, improves efficiency.
For step S14, which be can specifically include: when the security level of transmission path is lower than the first security level
When, message is subjected to encrypted transmission in a transmission path;When the security level of transmission path is equal to the first security level, will report
Text carries out plaintext transmission in a transmission path.
Wherein, the security level of transmission path refers on the transmit path at least one section of link lower than the first security level
Predetermined level be lower than the first predetermined level;The security level of transmission path is equal to the first security level and refers on the transmit path
The predetermined level of each section of link be equal to the first predetermined level.
Wherein, the first predetermined level can refer to that one section of link is high safety grade, such as naked smooth pricker, MSTP special line, SDH be special
The link of the classifications such as line, safety are determined by route itself, do not need additional safety measure guarantee transmission data safety, message
It can be transmitted on the grade link with clear-text way;Second predetermined level can refer to that one section of link is intermediate security grade, such as
3G/4G leased-line link needs additional safety measure guarantee to transmit data safety, but does not have to the integrality for ensureing data, report
Text needs to transmit on the grade link by cipher mode.
Wherein, encrypted transmission, which can be, carries out encrypted transmission to message based on technologies such as internet security agreements.
Optionally, it is lower than the first security level for safety but safety still has different transmission paths, can also draws
Divide more specific security level, then " when the security level of transmission path is lower than the first security level, by message in transmission path
Middle carry out encrypted transmission " includes: to carry out internet peace to message when the security level of transmission path is lower than the second security level
After full agreement encryption and authentication processing, message is sent in a transmission path, and the second security level is lower than the first security level;It is passing
The security level in defeated path be greater than or equal to the second security level when, to message carry out the encryption of internet security agreement after
Message is sent in transmission path.
Wherein, the security level of transmission path refers on the transmit path at least one section of link lower than the second security level
Predetermined level be lower than the second predetermined level, the second predetermined level is less than the first predetermined level;The security level etc. of transmission path
Refer to that the predetermined level of each section of link on the transmit path is equal to the second predetermined level in the second security level.
Internet security agreement (Internet Protocol Security, be abbreviated as IPsec) is a protocol package, is led to
Cross network transmission protocol race (some agreements that are mutually related for the grouping of IP agreement being encrypted and being authenticated to protect IP agreement
Set).IPsec is designed to provide (1) entrance to gate dielectric safety, under this mechanism, the safety of packet communication
More machines (can even is that entire local area network) is supplied to by individual node;(2) end-to-end packet communication safety, by as end
The computer of point completes safety operation.
Ipsec certification is carried out based on the packet header IPSec, and the packet header IPSec is one for providing IP datagram integrality and recognizing
The mechanism of card.Its integrality is to guarantee that datagram not by unintentionally or the mode of malice changes, and authenticates coming for then verify data
Source (identification host, user, network etc.).The authentication header itself does not support any type of encryption in fact, it cannot be guaranteed
Pass through the credibility of the Internet data sent.Authentication header is only in the outlet, import or use of encryption by locality
The safety of message transmissions can be improved in organ in the case where limiting.
Ipsec encryption is based on package security protocol (Encapsulated Security Payload, abridge ESP) packet header
Carry out, the integrality and credible sex service ESP agreement that IP datagram is provided design with both of which work: tunnel mode and
Transmission mode.The difference of the two is that the content of the ESP loading section of IP datagram is different.In tunnel mode, entire IP number
It is all packaged and encrypts in ESP load according to report.After this completion, real IP source address and destination address can be by
Hide the general data sent for Internet.A kind of typical usage of this mode is exactly to lead between firewall-firewall
Cross the host or topology hiding carried out when the connection of Virtual Private Network.
It should be understood that usually also needing to carry out tunnel to message before sending message in addition to ipsec encryption and certification
Encapsulation.
The present embodiment corresponds to a variety of different encryption policies in above-mentioned steps, based on multiple security levels, to be directed to
The transmission path of different safeties carries out different degrees of message encryption, and the transmission path different to safety executes corresponding safety
The message encryption of degree is handled, and is improved the accuracy of encryption, be ensure that the safety of message when transmission path safety is lower
Property, the computing resource and bandwidth cost of network transceiver device and transmission path are saved when transmission path safety is higher.
The present embodiment additionally provides a kind of file transmitting method applied to control equipment, which can be can
The electronic equipment that global network is monitored and is communicated with each node.Referring to FIG. 2, Fig. 2 is the embodiment of the present application
A kind of flow diagram of file transmitting method applied to control equipment of offer.The specific steps of the file transmitting method can
With as follows:
Step S22: purpose Internet protocol address and network topology structure based on message are that message plans transmission path.
Accordingly, transmission path is the path that transmitting terminal is formed to links all between receiving end, and link is to save from one
It puts to the physical circuit between adjacent node.
Optionally, controller is when purpose Internet protocol address determines in the present embodiment, the network based on transmission network
Topological structure, which determines, transmits the used time or by the less route of node as transmission path between transmitting terminal and receiving end.Wherein,
The corresponding field that Internet protocol address can be OpenFlow protocol rule in the head of the message sent as needed obtains,
Such as the corresponding field of OpenFlow protocol rule includes that " xx.com " can then determine that message needs are sent in message
The corresponding Internet protocol address of xx.com, so that it is determined that purpose Internet protocol address.
It should be understood that before step S22, it is also necessary to obtain the topological structure of network, step can be with are as follows: passes through
Topology Discovery mode obtains whole net topology structure.
Step S24: determining the security level of transmission path based on the predetermined level of every section of link in transmission path, so that report
Transmitting terminal transmission strategy according to corresponding to the security level of transmission path of text sends message, transmission strategy in a transmission path
Including carrying out encrypted transmission to message or carrying out plaintext transmission.
Optionally, the predetermined level of link can be is determined according to Linktype, link egress network type etc..
For step S24, the present embodiment, can be in any of transmission path for the safety of strict guarantee transmission path
Directly assert that the safety of the transmission path is poor when link security is poor, specific steps include:
Step S24.1: it when the predetermined level of at least one section link is lower than the first predetermined level on the transmit path, determines
The security level of transmission path is lower than the first security level.
Step S24.2: it when the predetermined level of each section of link on the transmit path is equal to the first predetermined level, determines
The security level of transmission path is the first security level.
Optionally, it is illustrated with MSTP special line, 4G route, the Internet lines, the present embodiment can be pre- by first
If grade is set as 3,3 are set by the predetermined level for the link that chain way outlet is MSTP special line, is 4G route by chain way outlet
The predetermined level of link be set as 2, set 1 for the predetermined level for the link that chain way outlet is the Internet lines.Then passing
When the chain way outlet of all links is MSTP special line in defeated path, the predetermined level of all links is equal to 3, determines transmission road
The security level of diameter is the first security level, there is the link that chain way outlet is 4G route or the Internet lines in a transmission path
When, the link there are predetermined level less than 3 determines the security level of transmission path lower than the first security level.
Wherein, the predetermined level of link should specifically be arranged why be worth can be according to the value of the first predetermined level of link
Specifically adjusted.
When the security level of transmission path is lower than the first security level, network transceiver device can be encrypted message
It sends, to guarantee transmission security.When the security level of transmission path is equal to the first security level, network transceiver device can be with
Plaintext transmission is carried out to message, to reduce the consumption of computing resource and bandwidth.
The embodiment of the present application also provides a kind of packet transmission devices 30, are applied to network transceiver device, referring to FIG. 3,
Fig. 3 is a kind of structural block diagram of packet transmission device 30 provided by the embodiments of the present application.
Packet transmission device 30 includes:
Security level obtains module 31, and for obtaining the security level of transmission path, transmission path is transmitting terminal to reception
The path of all link compositions, link are a node to the physical circuit between adjacent node, the peace of transmission path between end
Congruent grade is determined according to the predetermined level of all links in transmission path;
Message sending module 32, in a transmission path for the transmission strategy according to corresponding to the security level of transmission path
Message is sent, transmission strategy includes that encrypted transmission or progress plaintext transmission are carried out to message.
Wherein, security level obtains module 31 and is specifically used for: sending the inquiry report for inquiring transmission path to controller
Text, and receive the security level of the transmission path of controller return;Or the transmission path safe list that controller issues is received,
The security level of the transmission path of message is obtained in transmission path safe list, includes being pre-configured in transmission path safe list
At least one transmission path security level.
Message sending module 32 is specifically used for: when the security level of transmission path is lower than the first security level, by message
Encrypted transmission is carried out in a transmission path, wherein the security level of the transmission path refers to lower than the first security level in institute
The predetermined level of at least one section link in transmission path is stated lower than the first predetermined level;When the security level of transmission path is higher than
Or when being equal to the first security level, message is subjected to plaintext transmission, the security level etc. of the transmission path in a transmission path
Refer to that the predetermined level of each section of link on the transmit path is equal to the first predetermined level in the first security level.
Optionally, message sending module 32 also particularly useful for: transmission path security level be lower than the second security level
When, after carrying out the encryption of internet security agreement and authentication processing to message, message, the second security level are sent in a transmission path
Lower than the first security level, wherein the security level of the transmission path refers to lower than the second security level on the transmission road
The predetermined level of at least one section link is lower than second predetermined level on diameter, and second predetermined level is less than described first
Predetermined level;When the security level of transmission path is greater than or equal to the second security level, internet security association is carried out to message
Message is sent after view encryption in a transmission path, the security level of the transmission path is equal to the second security level and refers to
The predetermined level of each section of link in the transmission path is equal to the second predetermined level.
The embodiment of the present application also provides a kind of packet transmission devices 40, are applied to control equipment, referring to FIG. 4, Fig. 4 is
The structural block diagram of another packet transmission device 40 provided by the embodiments of the present application.
Packet transmission device 40 includes:
Transmission path planning module 41, for based on message purpose Internet protocol address and network topology structure be report
Text planning transmission path, transmission path are the path that transmitting terminal is formed to links all between receiving end, and link is to save from one
It puts to the physical circuit between adjacent node;
Safety determining module 42, for determining the peace of transmission path based on the predetermined level of every section of link in transmission path
Congruent grade, so that the transmitting terminal of message transmission strategy according to corresponding to the security level of transmission path is sent in a transmission path
Message, transmission strategy include that encrypted transmission or progress plaintext transmission are carried out to message.
Wherein, safety determining module 42 is specifically used for: at least one section of link is default etc. on the transmit path
When grade is lower than the first predetermined level, determine the security level of the transmission path lower than first security level;In the biography
When the predetermined level of each section of link on defeated path is equal to first predetermined level, the safety of the transmission path is determined
Grade is first security level.
The embodiment of the present application also provides a kind of network transceiver device, which includes memory and processing
Device is stored with program instruction in memory, when processor reads and runs program instruction, executes in the determination method that token renews
Step in either method.
The embodiment of the present application also provides a kind of control equipment, controlling equipment includes memory and processor, in memory
It is stored with program instruction, when processor reads and runs program instruction, executes the step in any of the above-described method.
It should be understood that the network transceiver device, control equipment can be PC (personal computer,
PC), tablet computer, smart phone, personal digital assistant (personal digital assistant, PDA), server etc. have
There is the electronic equipment of logic computing function and network transmission.
The embodiment of the present application also provides a kind of read/write memory medium, calculating is stored in the read/write memory medium
Machine program instruction when the computer program instructions are read and run by a processor, executes any of the above-described file transmitting method
In step.
In conclusion the embodiment of the present application provides a kind of file transmitting method, device and desirable storage medium, the side
Method includes: to obtain the security level of transmission path, and the transmission path is what transmitting terminal was formed to links all between receiving end
Path, the link are a node to the physical circuit between adjacent node, and the security level of the transmission path is basis
What the predetermined level of all links in the transmission path determined;According to biography corresponding to the security level of the transmission path
Defeated strategy sends message in the transmission path, and the transmission strategy includes carrying out encrypted transmission to the message or carrying out bright
Text transmission.
During above-mentioned realization, after the encryption correlated condition in the security level satisfaction transmission strategy of transmission path
Encrypted transmission is carried out to message, just the message in the transmission path is encrypted when transmission path safety is lower,
Cryptographic operation is reduced, computing resource consumption and the bandwidth cost of network transceiver device and transmission path are reduced;Further, also
The safety that transmission path is determined according to the safety of every section of link in transmission path, ensure that the safety of message transmissions.
In several embodiments provided herein, it should be understood that disclosed equipment can also pass through others
Mode is realized.The apparatus embodiments described above are merely exemplary, for example, the block diagram in attached drawing is shown according to this Shen
The architecture, function and operation in the cards of the equipment of multiple embodiments please.In this regard, each box in block diagram
Can represent a part of a module, section or code, a part of the module, section or code include one or
Multiple executable instructions for implementing the specified logical function.It should also be noted that in some implementations as replacement,
Function marked in the box can also occur in a different order than that indicated in the drawings.For example, two continuous boxes are real
It can be basically executed in parallel on border, they can also be executed in the opposite order sometimes, and this depends on the function involved.?
It should be noted that the combination of each box and block diagram in block diagram, can function or movement as defined in executing it is dedicated
Hardware based system is realized, or can be realized using a combination of dedicated hardware and computer instructions.
In addition, each functional module in each embodiment of the application can integrate one independent portion of formation together
Point, it is also possible to modules individualism, an independent part can also be integrated to form with two or more modules.
It, can be with if the function is realized and when sold or used as an independent product in the form of software function module
It is stored in a computer readable storage medium.Therefore the present embodiment additionally provides stores in a kind of read/write memory medium
There are computer program instructions, when the computer program instructions are read and run by a processor, executes block data storage side
Step in any one of method the method.Based on this understanding, the technical solution of the application is substantially in other words to existing
The part of part or the technical solution that technology contributes can be embodied in the form of software products, and the computer is soft
Part product is stored in a storage medium, including some instructions are used so that a computer equipment (can be individual calculus
Machine, server or network equipment etc.) execute each embodiment the method for the application all or part of the steps.And it is aforementioned
Storage medium include: USB flash disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), random access memory
The various media that can store program code such as (RAM, RanDOm Access Memory), magnetic or disk.
The above description is only an example of the present application, the protection scope being not intended to limit this application, for ability
For the technical staff in domain, various changes and changes are possible in this application.Within the spirit and principles of this application, made
Any modification, equivalent substitution, improvement and etc. should be included within the scope of protection of this application.It should also be noted that similar label and
Letter indicates similar terms in following attached drawing, therefore, once it is defined in a certain Xiang Yi attached drawing, then in subsequent attached drawing
In do not need that it is further defined and explained.
The above, the only specific embodiment of the application, but the protection scope of the application is not limited thereto, it is any
Those familiar with the art within the technical scope of the present application, can easily think of the change or the replacement, and should all contain
Lid is within the scope of protection of this application.
It should be noted that, in this document, relational terms such as first and second and the like are used merely to a reality
Body or operation are distinguished with another entity or operation, are deposited without necessarily requiring or implying between these entities or operation
In any actual relationship or order or sequence.Moreover, the terms "include", "comprise" or its any other variant are intended to
Non-exclusive inclusion, so that the process, method, article or equipment including a series of elements is not only wanted including those
Element, but also including other elements that are not explicitly listed, or further include for this process, method, article or equipment
Intrinsic element.In the absence of more restrictions, the element limited by sentence " including ... ", it is not excluded that including
There is also other identical elements in the process, method, article or equipment of the element.
Claims (11)
1. a kind of file transmitting method, which is characterized in that the described method includes:
The security level of transmission path is obtained, the transmission path is the road that transmitting terminal is formed to links all between receiving end
Diameter, the link are a node to the physical circuit between adjacent node, and the security level of the transmission path is according to institute
State the predetermined level determination of all links in transmission path;
Message, the biography are sent in the transmission path according to transmission strategy corresponding to the security level of the transmission path
Defeated strategy includes that encrypted transmission or progress plaintext transmission are carried out to the message.
2. file transmitting method according to claim 1, which is characterized in that the security level for obtaining transmission path,
Include:
It sends to controller for inquiring the query message of the transmission path, and receives the transmission that the controller returns
The security level in path;Or
The transmission path safe list that the controller issues is received, obtains the message in the transmission path safe list
Transmission path security level, include the peace of at least one preconfigured transmission path in the transmission path safe list
Congruent grade.
3. file transmitting method according to claim 1, which is characterized in that the safety etc. according to the transmission path
Transmission strategy corresponding to grade sends message in the transmission path, comprising:
When the security level of the transmission path is lower than the first security level, the message is carried out in the transmission path
Encrypted transmission, wherein the security level of the transmission path refers on the transmit path at least lower than the first security level
There is the predetermined level of one section of link lower than the first predetermined level;
When the security level of the transmission path is equal to first security level, by the message in the transmission path
Carry out plaintext transmission, the security level of the transmission path is equal to the first security level and refers on the transmit path each
The predetermined level of section link is equal to the first predetermined level.
4. file transmitting method according to claim 3, which is characterized in that when the security level of the transmission path is lower than
When the first security level, the message is subjected to encrypted transmission in the transmission path, comprising:
When the security level of the transmission path is lower than the second security level, internet security agreement is carried out to the message and is added
After close and authentication processing, the message is sent in the transmission path, second security level is lower than first safety
Grade, wherein the security level of the transmission path refers on the transmit path at least one lower than the second security level
The predetermined level of section link is lower than the second predetermined level, and second predetermined level is less than first predetermined level;Described
When the security level of transmission path is equal to second security level, the encryption of internet security agreement is carried out to the message
The message is sent in the transmission path afterwards, the security level of the transmission path is equal to the second security level and refers in institute
The predetermined level for stating each section of link in transmission path is equal to the second predetermined level.
5. a kind of file transmitting method, which is characterized in that the described method includes:
Purpose Internet protocol address and network topology structure based on message are that the message plans transmission path, the transmission
Path is the path that transmitting terminal is formed to links all between receiving end, and the link is from a node to adjacent node
Physical circuit;
The security level of the transmission path is determined based on the predetermined level of every section of link in the transmission path, so that the report
Described in transmitting terminal transmission strategy according to corresponding to the security level of the transmission path of text is sent in the transmission path
Message, the transmission strategy include that encrypted transmission or progress plaintext transmission are carried out to the message.
6. file transmitting method according to claim 5, which is characterized in that described based on every section of chain in the transmission path
The predetermined level on road determines the security level of the transmission path, comprising:
When the predetermined level of at least one section link is lower than the first predetermined level on the transmit path, the transmission road is determined
The security level of diameter is lower than the first security level;
When the predetermined level of each section of link on the transmit path is equal to first predetermined level, the biography is determined
The security level in defeated path is first security level.
7. a kind of packet transmission device, which is characterized in that described device includes:
Security level obtains module, and for obtaining the security level of transmission path, the transmission path is transmitting terminal to receiving end
Between all links composition path, the link is a node to the physical circuit between adjacent node, the transmission road
The security level of diameter is determined according to the predetermined level of all links in the transmission path;
Message sending module, for the transmission strategy according to corresponding to the security level of the transmission path in the transmission path
Middle transmission message, the transmission strategy include that encrypted transmission or progress plaintext transmission are carried out to the message.
8. a kind of packet transmission device, which is characterized in that described device includes:
Transmission path planning module, for based on message purpose Internet protocol address and network topology structure be the message
Plan transmission path, the transmission path is the path that form to links all between receiving end of transmitting terminal, the link for from
One node is to the physical circuit between adjacent node;
Safety determining module, for determining the transmission path based on the predetermined level of every section of link in the transmission path
Security level, so that the transmitting terminal of message transmission strategy according to corresponding to the security level of the transmission path is described
The message is sent in transmission path, the transmission strategy includes that encrypted transmission or progress plaintext transmission are carried out to the message.
9. a kind of network transceiver device, which is characterized in that the network transceiver device includes memory and processor, the storage
Program instruction is stored in device, when the processor reads and runs described program instruction, perform claim requires any one of 1-4 institute
State the step in method.
10. a kind of control equipment, which is characterized in that the control equipment includes memory and processor, is deposited in the memory
Program instruction is contained, when the processor reads and runs described program instruction, perform claim requires any one of 5-6 the method
In step.
11. a kind of read/write memory medium, which is characterized in that be stored with computer program in the read/write memory medium and refer to
It enables, when the computer program instructions are read and run by a processor, perform claim is required in any one of 1-6 the method
Step.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910649126.4A CN110290151B (en) | 2019-07-16 | 2019-07-16 | Message sending method and device and readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910649126.4A CN110290151B (en) | 2019-07-16 | 2019-07-16 | Message sending method and device and readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110290151A true CN110290151A (en) | 2019-09-27 |
| CN110290151B CN110290151B (en) | 2021-10-08 |
Family
ID=68023168
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910649126.4A Active CN110290151B (en) | 2019-07-16 | 2019-07-16 | Message sending method and device and readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110290151B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111343088A (en) * | 2020-02-21 | 2020-06-26 | 清华大学 | Message transmission method and device, terminal and storage medium |
| CN115694778A (en) * | 2022-09-14 | 2023-02-03 | 广州芳禾数据有限公司 | Tobacco data cross-domain secure circulation method and system |
Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101188498A (en) * | 2007-12-19 | 2008-05-28 | 华为技术有限公司 | Communication terminal and communication method |
| CN101188492A (en) * | 2006-11-17 | 2008-05-28 | 中兴通讯股份有限公司 | System and method for realizing secure service |
| CN101192922A (en) * | 2006-11-17 | 2008-06-04 | 中兴通讯股份有限公司 | A method for establishing secure channel between both communication parties |
| CN101335692A (en) * | 2007-06-27 | 2008-12-31 | 华为技术有限公司 | Method for negotiating security capability between PCC and PCE and network system thereof |
| CN102104478A (en) * | 2009-12-16 | 2011-06-22 | 中兴通讯股份有限公司 | Method and device for improving safety of EPON system |
| CN102368736A (en) * | 2011-11-10 | 2012-03-07 | 华为技术有限公司 | Message sending method and equipment |
| CN104092668A (en) * | 2014-06-23 | 2014-10-08 | 北京航空航天大学 | Method for constructing safety service of reconfigurable network |
| CN104539439A (en) * | 2015-01-12 | 2015-04-22 | 中国联合网络通信集团有限公司 | Data transmission method and terminal |
| US20160234188A1 (en) * | 2013-10-21 | 2016-08-11 | Huawei Technologies Co., Ltd. | Method for determining path computation element and communications device |
| CN106685924A (en) * | 2016-11-25 | 2017-05-17 | 合肥海亚信息科技有限公司 | Network security detection system based on firewall |
| CN109462605A (en) * | 2018-12-17 | 2019-03-12 | 北京邮电大学 | A kind of IM communication system and its communication means |
| CN109617790A (en) * | 2019-01-02 | 2019-04-12 | 北京北信源软件股份有限公司 | A kind of instant communicating method and instantaneous communication system for supporting message transmission channel to be classified |
-
2019
- 2019-07-16 CN CN201910649126.4A patent/CN110290151B/en active Active
Patent Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101188492A (en) * | 2006-11-17 | 2008-05-28 | 中兴通讯股份有限公司 | System and method for realizing secure service |
| CN101192922A (en) * | 2006-11-17 | 2008-06-04 | 中兴通讯股份有限公司 | A method for establishing secure channel between both communication parties |
| CN101335692A (en) * | 2007-06-27 | 2008-12-31 | 华为技术有限公司 | Method for negotiating security capability between PCC and PCE and network system thereof |
| CN101188498A (en) * | 2007-12-19 | 2008-05-28 | 华为技术有限公司 | Communication terminal and communication method |
| CN102104478A (en) * | 2009-12-16 | 2011-06-22 | 中兴通讯股份有限公司 | Method and device for improving safety of EPON system |
| CN102368736A (en) * | 2011-11-10 | 2012-03-07 | 华为技术有限公司 | Message sending method and equipment |
| US20160234188A1 (en) * | 2013-10-21 | 2016-08-11 | Huawei Technologies Co., Ltd. | Method for determining path computation element and communications device |
| CN104092668A (en) * | 2014-06-23 | 2014-10-08 | 北京航空航天大学 | Method for constructing safety service of reconfigurable network |
| CN104539439A (en) * | 2015-01-12 | 2015-04-22 | 中国联合网络通信集团有限公司 | Data transmission method and terminal |
| CN106685924A (en) * | 2016-11-25 | 2017-05-17 | 合肥海亚信息科技有限公司 | Network security detection system based on firewall |
| CN109462605A (en) * | 2018-12-17 | 2019-03-12 | 北京邮电大学 | A kind of IM communication system and its communication means |
| CN109617790A (en) * | 2019-01-02 | 2019-04-12 | 北京北信源软件股份有限公司 | A kind of instant communicating method and instantaneous communication system for supporting message transmission channel to be classified |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111343088A (en) * | 2020-02-21 | 2020-06-26 | 清华大学 | Message transmission method and device, terminal and storage medium |
| CN115694778A (en) * | 2022-09-14 | 2023-02-03 | 广州芳禾数据有限公司 | Tobacco data cross-domain secure circulation method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110290151B (en) | 2021-10-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101300806B (en) | System and method for processing secure transmissions | |
| ES2311752T3 (en) | FLOW LABELS. | |
| Cunha et al. | Network slicing security: Challenges and directions | |
| CN106713320A (en) | Terminal data transmission method and device | |
| CN110326267A (en) | Network security with Alternative digital certificate | |
| CN106657105B (en) | The sending method and device of target resource | |
| CN105765946A (en) | A method and system of supporting service chaining in a data network | |
| CN110690962B (en) | Application method and device of service node | |
| CN111726368B (en) | SRv 6-based inter-domain source address verification method | |
| US20210271776A1 (en) | System and method for privacy policy enforcement | |
| CN110290151A (en) | File transmitting method, device and read/write memory medium | |
| US7248582B2 (en) | Method and system for labeling data in a communications system | |
| CN108933763A (en) | A kind of data message sending method, the network equipment, control equipment and network system | |
| CN107659400A (en) | A kind of quantum secret communication method and device based on mark identification | |
| Tennekoon et al. | Prototype implementation of fast and secure traceability service over public networks | |
| CN110198320A (en) | A kind of ciphered information transmission method | |
| US20080244268A1 (en) | End-to-end network security with traffic visibility | |
| Fakeeh | Privacy and security problems in fog computing | |
| CN107454116A (en) | The optimization method and device of IPsec ESP agreements under single tunnel mode | |
| CN110177116A (en) | Intelligence melts the safety data transmission method and device of mark network | |
| CN108055285A (en) | A kind of intrusion prevention method and apparatus based on OSPF Routing Protocols | |
| Kumar | Security enhancement in mobile ad-hoc network using novel data integrity based hash protection process | |
| CN112367124B (en) | Quantum relay node virtualization method and device | |
| CN109479048A (en) | Fuzzy search sequence for information centre's networking (ICN) encoded video stream | |
| Faisal et al. | Investigation of security challenges from the perspective of stakeholders in IoT |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |