CN110290151B - Message sending method and device and readable storage medium - Google Patents
Message sending method and device and readable storage medium Download PDFInfo
- Publication number
- CN110290151B CN110290151B CN201910649126.4A CN201910649126A CN110290151B CN 110290151 B CN110290151 B CN 110290151B CN 201910649126 A CN201910649126 A CN 201910649126A CN 110290151 B CN110290151 B CN 110290151B
- Authority
- CN
- China
- Prior art keywords
- transmission path
- security level
- message
- level
- security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
- H04L63/205—Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0485—Networking architectures for enhanced packet encryption processing, e.g. offloading of IPsec packet processing or efficient security association look-up
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application provides a message sending method, a message sending device and a readable storage medium, and relates to the technical field of communication. The method comprises the following steps: acquiring the security level of a transmission path, wherein the transmission path is a path formed by all links from a sending end to a receiving end, the link is a physical line from one node to an adjacent node, and the security level of the transmission path is determined according to the preset levels of all the links in the transmission path; and sending a message in the transmission path according to a transmission strategy corresponding to the security level of the transmission path, wherein the transmission strategy comprises the steps of carrying out encryption transmission or plaintext transmission on the message. Whether the message needs to be encrypted for transmission is determined through the preset grade of each section of link on the transmission path, the transmission condition of the message in each section of link is considered, and the message safety is improved.
Description
Technical Field
The present application relates to the field of communications technologies, and in particular, to a message sending method, an apparatus, and a readable storage medium.
Background
When a service message is transmitted, it may pass through various links, for example, some may pass through an internet line, some may pass through a 4G line, some may pass through a MSTP (Multiple Spanning Tree Protocol) dedicated line, the message may be monitored and information may be stolen during transmission on the network, the existing message transmission usually encrypts the message first, and then tunnel-encapsulates the encrypted message, but, compared with the case of no encryption, extra calculation and bandwidth overhead are added to both a network transceiver and a transmission path.
Disclosure of Invention
In view of this, embodiments of the present application provide a message sending method, an apparatus and a readable storage medium, so as to solve the problems in the prior art that an encryption manner adds extra computation to a network device and a transmission path and that bandwidth overhead is too high.
The embodiment of the application provides a message sending method, which comprises the following steps: acquiring the security level of a transmission path, wherein the transmission path is a path formed by all links from a sending end to a receiving end, the link is a physical line from one node to an adjacent node, and the security level of the transmission path is determined according to the preset levels of all the links in the transmission path; and sending a message in the transmission path according to a transmission strategy corresponding to the security level of the transmission path, wherein the transmission strategy comprises the steps of carrying out encryption transmission or plaintext transmission on the message.
In the implementation process, the message is encrypted and transmitted after the security level of the transmission path meets the encryption related conditions in the transmission strategy, the message on the transmission path is encrypted when the security of the transmission path is lower, and the message on the transmission path is not encrypted when the security of the transmission path is higher, so that the encryption operation is reduced, and the computing resource consumption and bandwidth overhead of the network transceiving equipment and the transmission path are reduced; furthermore, the safety of the transmission path is determined according to the presettiness of each link in the transmission path, so that the safety of message transmission is ensured.
Optionally, the obtaining the security level of the transmission path includes: sending an inquiry message for inquiring the transmission path to a controller, and receiving the security level of the transmission path returned by the controller; or receiving a transmission path safety list issued by the controller, and acquiring the safety level of the transmission path of the message in the transmission path safety list, wherein the transmission path safety list comprises the safety level of at least one transmission path configured in advance.
In the implementation process, the network transceiver determines the security level of the transmission path based on the security level returned by the controller or by querying in the transmission path security list, so that the determination efficiency of the security level is improved.
Optionally, the sending a packet in the transmission path according to the transmission policy corresponding to the security level of the transmission path includes: when the security level of the transmission path is lower than a first security level, the message is encrypted and transmitted in the transmission path; the safety level of the transmission path is lower than a first safety level, which means that the preset level of at least one section of link on the transmission path is lower than the first preset level; and when the security level of the transmission path is equal to the first security level, performing plaintext transmission on the message in the transmission path, wherein the fact that the security level of the transmission path is equal to the first security level means that the preset level of each link on the transmission path is equal to the first preset level.
Optionally, when the security level of the transmission path is lower than the first security level, performing encrypted transmission on the packet in the transmission path, including: when the security level of the transmission path is lower than a second security level, after the message is subjected to internet security protocol encryption and authentication processing, the message is sent in the transmission path, wherein the second security level is lower than the first security level, and the fact that the security level of the transmission path is lower than the second security level means that the preset level of at least one section of link on the transmission path is lower than the second preset level which is lower than the first preset level; and when the security level of the transmission path is equal to the second security level, sending the message in the transmission path after performing internet security protocol encryption processing on the message, wherein the fact that the security level of the transmission path is equal to the second security level means that the preset level of each section of link on the transmission path is equal to the second preset level.
In the implementation process, the encryption strategies corresponding to different security levels are performed on the basis of multiple security levels, so that message encryption of different degrees is performed on transmission paths with different security levels, message encryption processing corresponding to the security degrees is performed on the transmission paths with different security levels, the encryption accuracy is improved, the security of the message is ensured when the security of the transmission path is low, and the computing resources and bandwidth overhead of network transceiving equipment and the transmission path are saved when the security of the transmission path is high.
The embodiment of the present application further provides a message sending method, where the method includes: planning a transmission path for the message based on a destination internet protocol address and a network topology structure of the message, wherein the transmission path is a path formed by all links from a sending end to a receiving end, and the link is a physical line from one node to an adjacent node; and determining the security level of the transmission path based on the preset level of each link on the transmission path, so that the sending end of the message sends the message in the transmission path according to a transmission strategy corresponding to the security level of the transmission path, wherein the transmission strategy comprises encryption transmission or plaintext transmission of the message.
In the implementation process, the controller determines the security level of the transmission path based on the preset level of each link on the transmission path, and determines the security level of the transmission path by referring to the security of all links on the transmission path, so that the accuracy of the security evaluation of the transmission path is guaranteed, and the reliability of message sending is improved.
Optionally, the determining the security level of the transmission path based on the preset level of each link on the transmission path includes: when the preset level of at least one section of link on the transmission path is lower than a first preset level, determining that the security level of the transmission path is lower than the first security level; and when the preset level of each section of link on the transmission path is equal to the first preset level, determining that the security level of the transmission path is the first security level.
In the implementation process, the security level of the transmission path is determined to be low as long as the preset level of any link in the transmission path is low, and the message needs to be encrypted, so that the transmission security of the message in the whole transmission path is ensured.
The embodiment of the present application further provides a message sending apparatus, where the apparatus includes: the system comprises a security level acquisition module, a transmission path acquisition module and a transmission path management module, wherein the security level acquisition module is used for acquiring the security level of the transmission path, the transmission path is a path formed by all links from a sending end to a receiving end, the link is a physical line from a node to an adjacent node, and the security level of the transmission path is determined according to the preset level of all the links in the transmission path; and the message sending module is used for sending a message in the transmission path according to a transmission strategy corresponding to the security level of the transmission path, wherein the transmission strategy comprises encryption transmission or plaintext transmission of the message.
In the implementation process, the message is encrypted and transmitted after the security level of the transmission path meets the encryption related conditions in the transmission strategy, the message on the transmission path is encrypted when the security of the transmission path is lower, and the message on the transmission path is not encrypted when the security of the transmission path is higher, so that the encryption operation is reduced, and the computing resource consumption and bandwidth overhead of the network transceiver and the transmission path are reduced; furthermore, the safety of the transmission path is determined according to the presettiness of each link in the transmission path, so that the safety of message transmission is ensured.
Optionally, the security level obtaining module is specifically configured to: sending an inquiry message for inquiring the transmission path to a controller, and receiving the security level of the transmission path returned by the controller; or receiving a transmission path safety list issued by the controller, and acquiring the safety level of the transmission path of the message in the transmission path safety list, wherein the transmission path safety list comprises the safety level of at least one transmission path configured in advance.
In the implementation process, the network transceiver determines the security level of the transmission path based on the security level returned by the controller or by querying in the transmission path security list, so that the determination efficiency of the security level is improved.
Optionally, the message sending module is specifically configured to: when the security level of the transmission path is lower than a first security level, the message is encrypted and transmitted in the transmission path, wherein the fact that the security level of the transmission path is lower than the first security level means that the preset level of at least one section of link on the transmission path is lower than the first preset level; and when the security level of the transmission path is equal to the first security level, performing plaintext transmission on the message in the transmission path, wherein the fact that the security level of the transmission path is equal to the first security level means that the preset level of each link on the transmission path is equal to the first preset level.
Optionally, the message sending module is specifically configured to: when the security level of the transmission path is lower than a second security level, after the message is subjected to internet security protocol encryption and authentication processing, the message is sent in the transmission path, wherein the second security level is lower than the first security level, and the fact that the security level of the transmission path is lower than the second security level means that the preset level of at least one section of link on the transmission path is lower than the second preset level which is lower than the first preset level; and when the security level of the transmission path is equal to the second security level, sending the message in the transmission path after performing internet security protocol encryption processing on the message, wherein the fact that the security level of the transmission path is equal to the second security level means that the preset level of each section of link on the transmission path is equal to the second preset level.
In the implementation process, the encryption strategies corresponding to different security levels are performed on the basis of multiple security levels, so that message encryption of different degrees is performed on transmission paths with different security levels, message encryption processing corresponding to the security degrees is performed on the transmission paths with different security levels, the encryption accuracy is improved, the security of the message is ensured when the security of the transmission path is low, and the computing resources and bandwidth overhead of network transceiving equipment and the transmission path are saved when the security of the transmission path is high.
The embodiment of the present application further provides a message sending apparatus, where the apparatus includes: a transmission path planning module, configured to plan a transmission path for a packet based on a destination internet protocol address and a network topology of the packet, where the transmission path is a path formed by all links from a sending end to a receiving end, and the link is a physical line from one node to an adjacent node; and the security determining module is used for determining the security level of the transmission path based on the preset level of each link on the transmission path, so that the sending end of the message sends the message in the transmission path according to a transmission strategy corresponding to the security level of the transmission path, wherein the transmission strategy comprises encryption transmission or plaintext transmission of the message.
In the implementation process, the controller determines the security level of the transmission path based on the preset level of each link on the transmission path, and determines the security level of the transmission path by referring to the security of all links on the transmission path, so that the accuracy of the security evaluation of the transmission path is guaranteed, and the reliability of message sending is improved.
Optionally, the security determination module is specifically configured to: when the preset level of at least one section of link on the transmission path is lower than a first preset level, determining that the security level of the transmission path is lower than the first security level; and when the preset level of each section of link on the transmission path is equal to the first preset level, determining that the security level of the transmission path is the first security level.
In the implementation process, the security level of the transmission path is determined to be low as long as the preset level of any link in the transmission path is low, and the message needs to be encrypted, so that the transmission security of the message in the whole transmission path is ensured.
The embodiment of the present application further provides a network transceiver device, where the network transceiver device includes a memory and a processor, where the memory stores program instructions, and the processor executes the steps in any of the above methods when reading and executing the program instructions.
The embodiment of the application further provides a control device, which comprises a memory and a processor, wherein the memory stores program instructions, and the processor executes the steps of any method when reading and running the program instructions.
The embodiment of the present application further provides a readable storage medium, in which computer program instructions are stored, and when the computer program instructions are read and executed by a processor, the steps in any one of the methods are executed.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required to be used in the embodiments of the present application will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and that those skilled in the art can also obtain other related drawings based on the drawings without inventive efforts.
Fig. 1 is a schematic flowchart of a message sending method applied to a network transceiver device according to an embodiment of the present application;
fig. 2 is a schematic flowchart of a message sending method applied to a control device according to an embodiment of the present application;
fig. 3 is a block diagram of a message sending apparatus 30 according to an embodiment of the present application;
fig. 4 is a block diagram of a structure of another message sending apparatus 40 according to an embodiment of the present application.
Icon: 30-a message sending device; 31-security level obtaining module; 32-a message sending module; 40-a message sending device; 41-transmission path planning module; 42-security determination module.
Detailed Description
The technical solution in the embodiments of the present application will be described below with reference to the drawings in the embodiments of the present application.
The applicant researches and discovers that in order to reduce the perception of a physical network (Underlay) and enhance the flexibility of the network, a virtual network (Overlay) is usually constructed in a tunnel mode at two ends of communication on the network, and the starting point and the ending point of the tunnel are two ends of network communication respectively, so that when a physical network medium changes or an egress line changes, the upper network is not influenced. Meanwhile, to ensure the security of the message, the message is usually encrypted before being sent through the transmission path and then tunnel-encapsulated. The encrypted message is packaged in a tunnel, and after the message exits from the device, the message is not stolen, but the encryption is burdened compared with the encryption without encryption, and extra calculation and bandwidth overhead are increased no matter for a network transceiver or a transmission path. However, in the prior art, a flexible encryption strategy cannot be adopted to encrypt or send a message without encryption according to the security of each link in a transmission path, which brings large calculation and bandwidth overhead to network transceiver equipment and the transmission path.
In order to solve the above problem, an embodiment of the present application provides a message sending method, where the message sending method is applied to a sending end, and the sending end is generally a network transceiver device, such as a computer, a smart phone, or other terminal devices capable of sending and receiving messages.
Referring to fig. 1, fig. 1 is a schematic flowchart of a message sending method applied to a network transceiver device according to an embodiment of the present application, where the message sending method includes the following specific steps:
step S12: and acquiring the security level of the transmission path.
The transmission path is a path formed by all links from the sending end to the receiving end, and the link is a physical line from one node to an adjacent node.
For example, if the computer 1 to the router 1 is a link 1, the router 1 to the router 2 is a link 2, the router 2 to the router 3 is a link 3, and the router 3 to the mobile terminal 1 is a link 4, the transmission path 1 between the computer 1 and the mobile terminal 1 includes the link 1, the link 2, the link 3, and the link 4.
It can be seen that the transmission mode, the network security attribute, and the like of each link in the same transmission path may be different, and therefore, the security level of the transmission path in this embodiment is determined according to the preset levels of all links in the transmission path, so as to ensure that all links of a secure transmission path are secure, thereby improving the security of the message passing through the transmission path.
Step S14: and sending the message in the transmission path according to the transmission strategy corresponding to the security level of the transmission path.
It should be understood that the transmission policy includes encrypted transmission or clear transmission of the message. When the transmission path is at the corresponding security level, the corresponding encrypted transmission or plaintext transmission can be selected in the transmission strategy to transmit the message.
In the implementation process, the message is encrypted and transmitted after the security level of the transmission path meets the encryption related conditions in the transmission strategy, and the message on the transmission path is encrypted when the security of the transmission path is low, so that the encryption operation is reduced, and the computing resource consumption and bandwidth overhead of the network transceiving equipment and the transmission path are reduced; furthermore, the safety of the transmission path is determined according to the safety of each link section in the transmission path, so that the safety of message transmission is ensured.
Alternatively, step S12 may include: and sending an inquiry message for inquiring the transmission path to the controller, and receiving the security level of the transmission path returned by the controller.
The security level of the transmission path returned by the controller may be sent by the same message, and the network transceiver device receives and analyzes the message returned by the controller to obtain the security level of the transmission path in the content of the message.
In the implementation mode, the network transceiver determines the security level of the transmission path after communicating with the controller, data cannot be tampered locally, and the network transceiver has high security.
Optionally, step S12 may specifically be: and receiving a transmission path safety list issued by the controller, and acquiring the safety level of the transmission path of the message in the transmission path safety list.
The transmission path security list in the implementation manner includes the security level of at least one transmission path configured in advance, and the network transceiver directly performs table query locally when the security level of the transmission path needs to be determined, so as to obtain the security level of the transmission path in the transmission path security list, thereby improving efficiency.
For step S14, the step may specifically include: when the security level of the transmission path is lower than the first security level, the message is encrypted and transmitted in the transmission path; and when the security level of the transmission path is equal to the first security level, the message is transmitted in the plaintext in the transmission path.
The safety level of the transmission path is lower than the first safety level, namely the preset level of at least one section of link on the transmission path is lower than the first preset level; the transmission path has a security level equal to the first security level, which means that the predetermined level of each link on the transmission path is equal to the first predetermined level.
The first preset level can mean that a section of link is a high security level, for example, links of the categories such as bare optical fiber, MSTP dedicated line, SDH dedicated line, etc., the security is determined by the line itself, no additional security measures are required to ensure the security of data transmission, and messages can be transmitted on the link of the level in a plaintext manner; the second preset level may refer to that a section of link is of a medium security level, for example, a 3G/4G dedicated link, and additional security measures are required to ensure the security of data transmission, but data integrity is not required to be ensured, and a message needs to be transmitted on the link of the medium security level through an encryption manner.
The encrypted transmission may be encrypted transmission of the message based on technologies such as internet security protocol.
Optionally, for a transmission path with security lower than the first security level but still different security, a more specific security level may be further divided, and then "performing encrypted transmission of a message in the transmission path when the security level of the transmission path is lower than the first security level" includes: when the security level of the transmission path is lower than a second security level, after the message is subjected to internet security protocol encryption and authentication processing, the message is sent in the transmission path, and the second security level is lower than the first security level; and when the security level of the transmission path is higher than or equal to the second security level, the message is sent in the transmission path after the message is subjected to internet security protocol encryption processing.
The safety level of the transmission path is lower than the second safety level, namely the preset level of at least one section of link on the transmission path is lower than the second preset level, and the second preset level is smaller than the first preset level; the transmission path has a security level equal to the second security level, which means that the preset level of each link on the transmission path is equal to the second preset level.
Internet Protocol Security (IPsec) is a Protocol packet that protects the network transport Protocol suite (a collection of interrelated protocols) of the IP Protocol by encrypting and authenticating packets of the IP Protocol. IPsec is designed to provide (1) ingress-to-ingress communication security, a mechanism in which packet communication security is provided by a single node to multiple machines (and possibly even to an entire local area network); (2) the end-to-end packet communication is safe, and the safety operation is completed by a computer as an end point.
IPSec authentication is based on IPSec headers, which is a mechanism for providing IP datagram integrity and authentication. Integrity is to ensure that the datagram is not altered in an inadvertent or malicious way, while authentication verifies the origin of the data (identifying the host, user, network, etc.). The authentication header itself does not support any form of encryption, and it does not guarantee the trustworthiness of data sent over the Internet. The authentication header can improve the safety of message transmission only under the condition that the export, import or use of encryption is limited by local authorities.
IPSec encryption is based on the Encapsulated Security Payload (ESP) header, and the ESP protocol, which provides the integrity and trustworthiness services of IP datagrams, is designed to operate in two modes: tunnel mode and transport mode. The difference between the two is that the content of the ESP payload portion of the IP datagram is different. In tunnel mode, the entire IP datagram is encapsulated and encrypted in the ESP payload. When this is done, both the true IP source and destination addresses can be hidden as normal data sent over the Internet. A typical use of this mode is host or topology hiding at firewall-to-firewall connections over virtual private networks.
It should be appreciated that in addition to IPSec encryption and authentication, it is often necessary to tunnel the message before it is sent.
In the above steps, the embodiment corresponds to multiple different encryption strategies based on multiple security levels, so that message encryption of different degrees is performed for transmission paths with different security levels, and message encryption processing of corresponding security degrees is performed on the transmission paths with different security levels, thereby improving encryption accuracy, ensuring message security when the transmission path security is low, and saving computational resources and bandwidth overhead of network transceiver equipment and the transmission path when the transmission path security is high.
The embodiment also provides a message sending method applied to a control device, where the control device may be an electronic device capable of monitoring a global network and communicating with each node. Referring to fig. 2, fig. 2 is a schematic flowchart of a message sending method applied to a control device according to an embodiment of the present application. The specific steps of the message sending method can be as follows:
step S22: and planning a transmission path for the message based on the destination internet protocol address and the network topology structure of the message.
Correspondingly, a transmission path is a path formed by all links from a sending end to a receiving end, and a link is a physical line from one node to an adjacent node.
Optionally, in this embodiment, when the destination internet protocol address is determined, the controller determines, based on a network topology of the transmission network, that a line which is used for transmission between the sending end and the receiving end or passes through fewer nodes is used as a transmission path. The internet protocol address may be obtained according to a corresponding field of an OpenFlow protocol rule in a header of a message to be sent, for example, if the corresponding field of the OpenFlow protocol rule in the message includes "xx.
It should be understood that before step S22, the topology of the network needs to be acquired, and the steps may be: and acquiring the topology structure of the whole network in a topology discovery mode.
Step S24: and determining the security level of the transmission path based on the preset level of each link on the transmission path, so that a sending end of the message sends the message in the transmission path according to a transmission strategy corresponding to the security level of the transmission path, wherein the transmission strategy comprises encryption transmission or plaintext transmission of the message.
Alternatively, the preset level of the link may be determined according to a link type, a link egress network type, and the like.
For step S24, in order to strictly ensure the security of the transmission path, the present embodiment may directly determine that the security of the transmission path is poor when the security of any link of the transmission path is poor, and the specific steps include:
step S24.1: and when the preset level of at least one section of link on the transmission path is lower than the first preset level, determining that the security level of the transmission path is lower than the first security level.
Step S24.2: and when the preset grade of each section of link on the transmission path is equal to the first preset grade, determining the safety grade of the transmission path as the first safety grade.
Optionally, as exemplified by an MSTP dedicated line, a 4G line, and an internet line, in this embodiment, the first preset level may be set to 3, the preset level of the link with the MSTP dedicated line as a link exit is set to 3, the preset level of the link with the 4G line as a link exit is set to 2, and the preset level of the link with the internet line as a link exit is set to 1. When the link outlets of all the links in the transmission path are MSTP dedicated lines, the preset levels of all the links are equal to 3, the security level of the transmission path is determined to be the first security level, when links with link outlets of 4G lines or internet lines exist in the transmission path, links with the preset levels smaller than 3 exist, and the security level of the transmission path is determined to be lower than the first security level.
What value the preset level of the link should be specifically set to may be specifically adjusted according to the value of the first preset level of the link.
When the security level of the transmission path is lower than the first security level, the network transceiver device can encrypt and send the message to ensure the transmission security. When the security level of the transmission path is equal to the first security level, the network transceiver device may send the message in plaintext, so as to reduce consumption of computing resources and bandwidth.
Fig. 3 is a block diagram of a structure of a message sending apparatus 30 according to an embodiment of the present application, where fig. 3 is a schematic diagram of a message sending apparatus 30 applied to a network transceiver.
The message transmission device 30 includes:
a security level obtaining module 31, configured to obtain a security level of a transmission path, where the transmission path is a path formed by all links from a sending end to a receiving end, the link is a physical line from one node to an adjacent node, and the security level of the transmission path is determined according to preset levels of all links in the transmission path;
the message sending module 32 is configured to send a message in the transmission path according to a transmission policy corresponding to the security level of the transmission path, where the transmission policy includes performing encryption transmission or plaintext transmission on the message.
The security level obtaining module 31 is specifically configured to: sending an inquiry message for inquiring the transmission path to the controller, and receiving the security level of the transmission path returned by the controller; or receiving a transmission path safety list issued by the controller, and acquiring the safety level of the transmission path of the message in the transmission path safety list, wherein the transmission path safety list comprises the safety level of at least one transmission path configured in advance.
The message sending module 32 is specifically configured to: when the security level of a transmission path is lower than a first security level, carrying out encryption transmission on a message in the transmission path, wherein the fact that the security level of the transmission path is lower than the first security level means that the preset level of at least one section of link on the transmission path is lower than the first preset level; when the security level of the transmission path is higher than or equal to a first security level, the message is transmitted in a plaintext in the transmission path, and the fact that the security level of the transmission path is equal to the first security level means that the preset level of each link on the transmission path is equal to the first preset level.
Optionally, the message sending module 32 is further specifically configured to: when the security level of a transmission path is lower than a second security level, after the message is subjected to internet security protocol encryption and authentication processing, the message is sent in the transmission path, wherein the second security level is lower than the first security level, the fact that the security level of the transmission path is lower than the second security level means that the preset level of at least one section of link on the transmission path is lower than the second preset level, and the second preset level is lower than the first preset level; and when the security level of the transmission path is higher than or equal to a second security level, sending the message in the transmission path after carrying out internet security protocol encryption processing on the message, wherein the security level of the transmission path equal to the second security level means that the preset level of each section of link on the transmission path is equal to the second preset level.
Fig. 4 is a block diagram of a structure of another message sending apparatus 40 according to an embodiment of the present application, where fig. 4 is a schematic diagram of a message sending apparatus 40 applied to a control device.
The message transmitting apparatus 40 includes:
a transmission path planning module 41, configured to plan a transmission path for a message based on a destination internet protocol address and a network topology of the message, where the transmission path is a path formed by all links from a sending end to a receiving end, and the link is a physical line from one node to an adjacent node;
and the security determining module 42 is configured to determine a security level of the transmission path based on a preset level of each link on the transmission path, so that a sending end of the message sends the message in the transmission path according to a transmission policy corresponding to the security level of the transmission path, where the transmission policy includes encryption transmission or plaintext transmission of the message.
The security determining module 42 is specifically configured to: when the preset level of at least one section of link on the transmission path is lower than a first preset level, determining that the security level of the transmission path is lower than the first security level; and when the preset level of each section of link on the transmission path is equal to the first preset level, determining that the security level of the transmission path is the first security level.
The embodiment of the present application further provides a network transceiver device, where the network transceiver device includes a memory and a processor, where the memory stores program instructions, and the processor executes steps in any method of the token duration determination method when reading and executing the program instructions.
The embodiment of the application further provides a control device, which comprises a memory and a processor, wherein the memory stores program instructions, and the processor executes the steps of any method when reading and running the program instructions.
It should be understood that the network transceiver and the control device may be a Personal Computer (PC), a tablet computer, a smart phone, a Personal Digital Assistant (PDA), a server, or other electronic devices with logic computation function and network transmission.
The embodiment of the application also provides a readable storage medium, wherein the readable storage medium stores computer program instructions, and the computer program instructions are read by a processor and executed to execute the steps in any message sending method.
To sum up, the embodiment of the present application provides a message sending method, an apparatus and a removable storage medium, where the method includes: acquiring the security level of a transmission path, wherein the transmission path is a path formed by all links from a sending end to a receiving end, the link is a physical line from one node to an adjacent node, and the security level of the transmission path is determined according to the preset levels of all the links in the transmission path; and sending a message in the transmission path according to a transmission strategy corresponding to the security level of the transmission path, wherein the transmission strategy comprises the steps of carrying out encryption transmission or plaintext transmission on the message.
In the implementation process, the message is encrypted and transmitted after the security level of the transmission path meets the encryption related conditions in the transmission strategy, and the message on the transmission path is encrypted when the security of the transmission path is low, so that the encryption operation is reduced, and the computing resource consumption and bandwidth overhead of the network transceiving equipment and the transmission path are reduced; furthermore, the safety of the transmission path is determined according to the safety of each link section in the transmission path, so that the safety of message transmission is ensured.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus may be implemented in other manners. The apparatus embodiments described above are merely illustrative, and for example, the block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of devices according to various embodiments of the present application. In this regard, each block in the block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams, and combinations of blocks in the block diagrams, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, functional modules in the embodiments of the present application may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part.
The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Therefore, the present embodiment further provides a readable storage medium, in which computer program instructions are stored, and when the computer program instructions are read and executed by a processor, the computer program instructions perform the steps of any of the block data storage methods. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a RanDOm Access Memory (RAM), a magnetic disk, or an optical disk.
The above description is only an example of the present application and is not intended to limit the scope of the present application, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present application shall be included in the protection scope of the present application. It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures.
The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present application, and shall be covered by the scope of the present application.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
Claims (10)
1. A method for sending a message, the method comprising:
acquiring the security level of a transmission path, wherein the transmission path is a path formed by all links from a sending end to a receiving end, the link is a physical line from one node to an adjacent node, and the security level of the transmission path is determined according to the preset levels of all the links in the transmission path;
when the security level of the transmission path is lower than a first security level, the message is encrypted and transmitted in the transmission path, wherein the fact that the security level of the transmission path is lower than the first security level means that the preset level of at least one section of link on the transmission path is lower than the first preset level;
and when the security level of the transmission path is equal to the first security level, performing plaintext transmission on the message in the transmission path, wherein the fact that the security level of the transmission path is equal to the first security level means that the preset level of each link on the transmission path is equal to the first preset level.
2. The message sending method according to claim 1, wherein the obtaining the security level of the transmission path comprises:
sending an inquiry message for inquiring the transmission path to a controller, and receiving the security level of the transmission path returned by the controller; or
And receiving a transmission path safety list issued by the controller, and acquiring the safety level of the transmission path of the message in the transmission path safety list, wherein the transmission path safety list comprises the safety level of at least one transmission path configured in advance.
3. The message sending method according to claim 1, wherein when the security level of the transmission path is lower than the first security level, the encrypted transmission of the message in the transmission path includes:
when the security level of the transmission path is lower than a second security level, after the message is subjected to internet security protocol encryption and authentication processing, the message is sent in the transmission path, wherein the second security level is lower than the first security level, and the fact that the security level of the transmission path is lower than the second security level means that the preset level of at least one section of link on the transmission path is lower than the second preset level which is lower than the first preset level; and when the security level of the transmission path is equal to the second security level, sending the message in the transmission path after performing internet security protocol encryption processing on the message, wherein the fact that the security level of the transmission path is equal to the second security level means that the preset level of each section of link on the transmission path is equal to the second preset level.
4. A method for sending a message, the method comprising:
planning a transmission path for the message based on a destination internet protocol address and a network topology structure of the message, wherein the transmission path is a path formed by all links from a sending end to a receiving end, and the link is a physical line from one node to an adjacent node;
determining the security level of the transmission path based on the preset level of each link on the transmission path, so that a sending end of the message performs encrypted transmission on the message in the transmission path when the security level of the transmission path is lower than a first security level, wherein the fact that the security level of the transmission path is lower than the first security level means that the preset level of at least one link on the transmission path is lower than the first preset level; and when the security level of the transmission path is equal to the first security level, performing plaintext transmission on the message in the transmission path, wherein the fact that the security level of the transmission path is equal to the first security level means that the preset level of each link on the transmission path is equal to the first preset level.
5. The message sending method according to claim 4, wherein the determining the security level of the transmission path based on the preset level of each link section on the transmission path comprises:
when the preset level of at least one section of link on the transmission path is lower than a first preset level, determining that the security level of the transmission path is lower than the first security level;
and when the preset level of each section of link on the transmission path is equal to the first preset level, determining that the security level of the transmission path is the first security level.
6. A message transmission apparatus, characterized in that the apparatus comprises:
the system comprises a security level acquisition module, a transmission path acquisition module and a transmission path management module, wherein the security level acquisition module is used for acquiring the security level of the transmission path, the transmission path is a path formed by all links from a sending end to a receiving end, the link is a physical line from a node to an adjacent node, and the security level of the transmission path is determined according to the preset level of all the links in the transmission path;
the message sending module is used for carrying out encryption transmission on the message in the transmission path when the security level of the transmission path is lower than a first security level, wherein the fact that the security level of the transmission path is lower than the first security level means that the preset level of at least one section of link on the transmission path is lower than the first preset level; and when the security level of the transmission path is equal to the first security level, performing plaintext transmission on the message in the transmission path, wherein the fact that the security level of the transmission path is equal to the first security level means that the preset level of each link on the transmission path is equal to the first preset level.
7. A message transmission apparatus, characterized in that the apparatus comprises:
a transmission path planning module, configured to plan a transmission path for a packet based on a destination internet protocol address and a network topology of the packet, where the transmission path is a path formed by all links from a sending end to a receiving end, and the link is a physical line from one node to an adjacent node;
the security determining module is configured to determine a security level of the transmission path based on a preset level of each link on the transmission path, so that a sending end of the message performs encrypted transmission on the message in the transmission path when the security level of the transmission path is lower than a first security level, where the lower security level of the transmission path is lower than the first security level, which means that the preset level of at least one link on the transmission path is lower than the first preset level; and when the security level of the transmission path is equal to the first security level, performing plaintext transmission on the message in the transmission path, wherein the fact that the security level of the transmission path is equal to the first security level means that the preset level of each link on the transmission path is equal to the first preset level.
8. A network transceiver device comprising a memory and a processor, the memory having stored therein program instructions, the processor, when reading and executing the program instructions, performing the steps of the method of any one of claims 1-3.
9. A control device comprising a memory having stored therein program instructions and a processor that, when read and executed, performs the steps of the method of claim 4 or 5.
10. A readable storage medium having stored thereon computer program instructions which, when read and executed by a processor, perform the steps of the method of any of claims 1-5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910649126.4A CN110290151B (en) | 2019-07-16 | 2019-07-16 | Message sending method and device and readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910649126.4A CN110290151B (en) | 2019-07-16 | 2019-07-16 | Message sending method and device and readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110290151A CN110290151A (en) | 2019-09-27 |
| CN110290151B true CN110290151B (en) | 2021-10-08 |
Family
ID=68023168
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910649126.4A Active CN110290151B (en) | 2019-07-16 | 2019-07-16 | Message sending method and device and readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110290151B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111343088B (en) * | 2020-02-21 | 2021-01-29 | 清华大学 | Message transmission method and device, terminal and storage medium |
| CN114461582A (en) * | 2022-01-06 | 2022-05-10 | 中信百信银行股份有限公司 | File processing method, device, equipment and storage medium |
| CN115694778A (en) * | 2022-09-14 | 2023-02-03 | 广州芳禾数据有限公司 | Tobacco data cross-domain secure circulation method and system |
| CN116095686B (en) * | 2023-01-03 | 2024-10-11 | 中国电信股份有限公司 | Wireless transmission method, device, equipment and medium for improving safety according to requirements |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101188492A (en) * | 2006-11-17 | 2008-05-28 | 中兴通讯股份有限公司 | System and method for realizing secure service |
| CN101188498A (en) * | 2007-12-19 | 2008-05-28 | 华为技术有限公司 | Communication terminal and communication method |
| CN101192922A (en) * | 2006-11-17 | 2008-06-04 | 中兴通讯股份有限公司 | A method for establishing secure channel between both communication parties |
| CN101335692A (en) * | 2007-06-27 | 2008-12-31 | 华为技术有限公司 | Method for negotiating security capability between PCC and PCE and network system thereof |
| CN102104478A (en) * | 2009-12-16 | 2011-06-22 | 中兴通讯股份有限公司 | Method and device for improving safety of EPON system |
| CN102368736A (en) * | 2011-11-10 | 2012-03-07 | 华为技术有限公司 | Message sending method and equipment |
| CN104092668A (en) * | 2014-06-23 | 2014-10-08 | 北京航空航天大学 | Method for constructing safety service of reconfigurable network |
| CN104539439A (en) * | 2015-01-12 | 2015-04-22 | 中国联合网络通信集团有限公司 | Data transmission method and terminal |
| CN106685924A (en) * | 2016-11-25 | 2017-05-17 | 合肥海亚信息科技有限公司 | Network security detection system based on firewall |
| CN109462605A (en) * | 2018-12-17 | 2019-03-12 | 北京邮电大学 | A kind of IM communication system and its communication means |
| CN109617790A (en) * | 2019-01-02 | 2019-04-12 | 北京北信源软件股份有限公司 | A kind of instant communicating method and instantaneous communication system for supporting message transmission channel to be classified |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104579946B (en) * | 2013-10-21 | 2018-01-16 | 华为技术有限公司 | Determine the method and communication equipment of path-calculating element |
-
2019
- 2019-07-16 CN CN201910649126.4A patent/CN110290151B/en active Active
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101188492A (en) * | 2006-11-17 | 2008-05-28 | 中兴通讯股份有限公司 | System and method for realizing secure service |
| CN101192922A (en) * | 2006-11-17 | 2008-06-04 | 中兴通讯股份有限公司 | A method for establishing secure channel between both communication parties |
| CN101335692A (en) * | 2007-06-27 | 2008-12-31 | 华为技术有限公司 | Method for negotiating security capability between PCC and PCE and network system thereof |
| CN101188498A (en) * | 2007-12-19 | 2008-05-28 | 华为技术有限公司 | Communication terminal and communication method |
| CN102104478A (en) * | 2009-12-16 | 2011-06-22 | 中兴通讯股份有限公司 | Method and device for improving safety of EPON system |
| CN102368736A (en) * | 2011-11-10 | 2012-03-07 | 华为技术有限公司 | Message sending method and equipment |
| CN104092668A (en) * | 2014-06-23 | 2014-10-08 | 北京航空航天大学 | Method for constructing safety service of reconfigurable network |
| CN104539439A (en) * | 2015-01-12 | 2015-04-22 | 中国联合网络通信集团有限公司 | Data transmission method and terminal |
| CN106685924A (en) * | 2016-11-25 | 2017-05-17 | 合肥海亚信息科技有限公司 | Network security detection system based on firewall |
| CN109462605A (en) * | 2018-12-17 | 2019-03-12 | 北京邮电大学 | A kind of IM communication system and its communication means |
| CN109617790A (en) * | 2019-01-02 | 2019-04-12 | 北京北信源软件股份有限公司 | A kind of instant communicating method and instantaneous communication system for supporting message transmission channel to be classified |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110290151A (en) | 2019-09-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110290151B (en) | Message sending method and device and readable storage medium | |
| US11595359B2 (en) | Method for establishing a secure private interconnection over a multipath network | |
| US10356054B2 (en) | Method for establishing a secure private interconnection over a multipath network | |
| US7539866B2 (en) | Method of cryptographing wireless data and apparatus using the method | |
| CN109948347B (en) | Data storage method and device, server and readable storage medium | |
| CN112468518B (en) | Access data processing method and device, storage medium and computer equipment | |
| JP4107213B2 (en) | Packet judgment device | |
| CN110198297B (en) | Flow data monitoring method and device, electronic equipment and computer readable medium | |
| US7139679B1 (en) | Method and apparatus for cryptographic protection from denial of service attacks | |
| CN104601550A (en) | System and method for transmitting reversely quarantined file based on cluster array | |
| CN108737446A (en) | Multi-party communications method based on dual identity and system | |
| CN109729000B (en) | Instant messaging method and device | |
| CN114844730A (en) | Network system constructed based on trusted tunnel technology | |
| CN112968910A (en) | Replay attack prevention method and device | |
| CN109195160B (en) | Tamper-proof storage system of network equipment resource detection information and control method thereof | |
| CN116346421A (en) | Ship-shore information communication method and device | |
| CN114915503A (en) | Data stream splitting processing encryption method based on security chip and security chip device | |
| CN116074028A (en) | Access control method, device and system for encrypted traffic | |
| Srinivasan et al. | HMAC-RSA: A security mechanism in cognitive radio for enhancing the security in a radio cognitive system | |
| CN107516044A (en) | A kind of recognition methods, device and system | |
| CN117978522B (en) | Network communication method, system and device based on virtual link enhanced confusion | |
| Barbareschi et al. | Enforcing Mutual Authentication and Confidentiality in Wireless Sensor Networks Using Physically Unclonable Functions: A Case Study | |
| US11929990B1 (en) | Dynamic management of servers based on environmental events | |
| Gardasu et al. | A fog computing solution for advanced security, storage techniques for platform infrastructure | |
| US11985166B2 (en) | Systems and methods for random connectivity association key negotiation for media access control security |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |