CN113556340B - Portable VPN terminal, data processing method and storage medium - Google Patents

Portable VPN terminal, data processing method and storage medium Download PDF

Info

Publication number
CN113556340B
CN113556340B CN202110823124.XA CN202110823124A CN113556340B CN 113556340 B CN113556340 B CN 113556340B CN 202110823124 A CN202110823124 A CN 202110823124A CN 113556340 B CN113556340 B CN 113556340B
Authority
CN
China
Prior art keywords
vpn
terminal
acquired data
data
portable
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110823124.XA
Other languages
Chinese (zh)
Other versions
CN113556340A (en
Inventor
刘春�
王豪
张凌浩
黄维维
陈飞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Leshan Power Supply Co Of State Grid Sichuan Electric Power Co
Original Assignee
Leshan Power Supply Co Of State Grid Sichuan Electric Power Co
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Leshan Power Supply Co Of State Grid Sichuan Electric Power Co filed Critical Leshan Power Supply Co Of State Grid Sichuan Electric Power Co
Priority to CN202110823124.XA priority Critical patent/CN113556340B/en
Publication of CN113556340A publication Critical patent/CN113556340A/en
Application granted granted Critical
Publication of CN113556340B publication Critical patent/CN113556340B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]

Abstract

The application discloses a portable VPN terminal, a data processing method and a storage medium, wherein the terminal comprises: the system comprises a network card, a 5G communication module, a key negotiation module, a storage module, a processor and a VPP (virtual private point) running on the processor; the network card is used for receiving the acquired data and sending the acquired data to the VPP; the VPP is used for searching the secret key in the storage module after receiving the acquired data; the VPP is also used for sending encrypted acquisition data to the 5G communication module after confirming that the secret key exists in the storage module; the 5G communication module is used for transmitting the encrypted acquired data to the VPN central terminal. The application can solve the problems of low data processing capability and insufficient broadband of information transmission when the data burst of the edge terminal equipment of the power distribution communication network grows in the related technology, thereby improving the data processing capability and the data transmission efficiency and being applicable to the power distribution communication network system.

Description

Portable VPN terminal, data processing method and storage medium
Technical Field
The present application relates to the field of communications, and in particular, to a portable VPN terminal, a data processing method, and a storage medium.
Background
With the large-scale access of new power sources and new services, the power grid structure changes over the sky and over the earth, the difficulty of power grid regulation is increased suddenly, and the power grid stability is more complex. The number of information acquisition terminal devices of a power distribution communication network is greatly increased, and business information is greatly increased, so that data acquired by the information acquisition terminal is explosive, and the bandwidth aspect of information transmission and the safety aspect of network information transmission face great challenges.
In order to enable the data collected on site to be efficiently and safely transmitted to a designated location, it is currently required to establish a VPN tunnel through a portable VPN (english: virtual Private Network, chinese: virtual private network) terminal to transmit the data collected by the terminal information. Because the traditional portable VPN terminal adopts an operating system kernel as a data plane layer, a control plane program runs in a user mode. The control plane program is responsible for key agreement and security policy management, while forwarding and encryption of data is performed at the kernel data plane. Therefore, when the kernel data plane is adopted to encrypt and forward data, the data must be switched and copied from the kernel mode to the user mode, but the process of switching and copying back and forth brings about consumption of a large amount of CPUs (English: central Processing Unit, chinese: central processing unit), the path of the data from the network card to the business process is too long, the data receiving and transmitting needs to be called by a system, the whole data processing capacity is directly caused to be too low, and the system cannot adapt to the situations of high-efficiency processing and more complex and variable safe transmission of the current data.
In addition, since the conventional portable VPN terminal adopts a 3G or 4G data transmission manner, it is difficult to cope with the explosive growth of the information data of the current terminal.
Disclosure of Invention
The application aims to solve the problems that the data processing capacity is low and the information transmission bandwidth is insufficient when the conventional portable VPN terminal faces the explosive growth of the information acquisition terminal equipment data of a power distribution communication network, and provides the portable VPN terminal, the data processing method and the storage medium.
The application is realized by the following technical scheme:
a portable VPN terminal comprising: the system comprises a network card, a 5G communication module, a key negotiation module, a storage module, a processor and a VPP (virtual private point) running on the processor; the network card is used for receiving the acquired data and sending the acquired data to the VPP; the VPP is used for searching a secret key in the storage module after receiving the acquired data; wherein, the key is generated after the key negotiation module negotiates with a VPN center terminal; the VPP is also used for encrypting the acquired data according to the secret key to obtain encrypted acquired data after confirming the secret key exists in the storage module, and sending the encrypted acquired data to the 5G communication module; the 5G communication module is used for transmitting the encrypted acquisition data to the VPN central terminal.
Based on the portable VPN terminal, VPP can directly acquire acquired data from a network card, encrypt the acquired data and forward a route, and finally transmit the encrypted acquired data to a VPN center through a 5G communication module, wherein the data forwarding and encryption are completed through a data plane layer constructed by the VPP, so that a kernel system is bypassed, CUP resource consumption of the VPN terminal is reduced, a path from the network card to a business process of the data is shortened, the problem that the data processing capacity is low when the portable VPN terminal is subjected to explosive growth of the data of the information acquisition terminal equipment of the power distribution communication network in the related art is solved, and the data processing capacity is well improved; in addition, as the 5G communication module is used for transmitting data, the data transmission of explosive growth can be dealt with, the problem that the information transmission broadband is insufficient when the portable VPN terminal faces the explosive growth of the data of the information acquisition terminal equipment of the power distribution communication network in the related technology is solved, and therefore the data transmission efficiency is greatly improved.
Further, the key negotiation module is configured to negotiate a key with the VPN center through the 5G communication module and based on an IPSec protocol, in a case where the key does not exist in the storage module; the storage module is used for storing the secret key negotiated with the VPN center.
Further, the processor deletes the secret key stored in the storage module after the 5G communication module sends the encrypted acquired data.
Further, the network card comprises a WiFi interface and an Ethernet interface; and the network card receives the acquired data through the WiFi interface or the Ethernet interface.
Further, the portable VPN terminal is a non-rack type device that adopts a box type structure.
Further, the box-type structure of the portable VPN terminal is smaller than 200mm in length, width and height.
A data processing method of a portable VPN terminal, comprising:
collecting data is received through the network card;
sending the acquired data to a VPP;
confirming the existence of a key; wherein, the key is generated after the key negotiation module negotiates with the VPN center;
encrypting the acquired data according to the key;
and transmitting the encrypted acquired data to the VPN central terminal based on the 5G communication module.
Further, the method further comprises:
under the condition that the fact that the secret key does not exist is confirmed, a secret key negotiation request is sent to the VPN center terminal based on a 5G communication module;
acquiring a key negotiated with the VPN center based on an IPSec protocol;
encrypting the acquired data according to the secret key to obtain encrypted acquired data;
and transmitting the encrypted acquired data to the VPN central terminal based on the 5G communication module.
Further, the method further comprises: and deleting the secret key after transmitting the encrypted acquired data to the VPN central terminal based on the 5G communication module.
A computer readable storage medium comprising a computer program or instructions which, when run on a computer, cause the computer to perform the data processing method of the portable VPN terminal.
Compared with the prior art, the application has the following advantages and beneficial effects:
the portable VPN terminal, the data processing method and the storage medium provided by the embodiment of the application can solve the problems that the data processing capacity is low and the information transmission bandwidth is insufficient when the data of the edge terminal equipment of the power distribution communication network is exploded and increased in the related technology, so that the data processing capacity and the data transmission efficiency are improved, and the portable VPN terminal, the data processing method and the storage medium can be applied to a power distribution communication network system.
Drawings
In order to more clearly illustrate the technical solutions of the exemplary embodiments of the present application, the drawings that are needed in the examples will be briefly described below, it being understood that the following drawings only illustrate some examples of the present application and therefore should not be considered as limiting the scope, and that other related drawings may be obtained from these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic diagram of a communication system according to an embodiment of the present application;
fig. 2 is a schematic structural diagram of a portable VPN terminal according to an embodiment of the present application;
fig. 3 is a flow chart of a data processing method based on the portable VPN terminal shown in fig. 2 according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of another portable VPN terminal device according to an embodiment of the present application.
Detailed Description
For the purpose of making apparent the objects, technical solutions and advantages of the present application, the present application will be further described in detail with reference to the following examples and the accompanying drawings, wherein the exemplary embodiments of the present application and the descriptions thereof are for illustrating the present application only and are not to be construed as limiting the present application.
Examples
The technical scheme of the embodiment of the application can be applied to various communication systems, such as a wireless fidelity (wireless fidelity, wiFi) system, a vehicle-to-object (vehicle to everything, V2X) communication system, an inter-device (D2D) communication system, a vehicle networking communication system and a fifth generation (5th generation,5G) mobile communication system, such as a new radio, NR system and the like.
The present application will present various aspects, embodiments, or features about a system that may include a plurality of devices, components, modules, etc. It is to be understood and appreciated that the various systems may include additional devices, components, modules, etc. and/or may not include all of the devices, components, modules etc. discussed in connection with the figures. Furthermore, combinations of these schemes may also be used.
In addition, in the embodiments of the present application, words such as "exemplary," "for example," and the like are used to indicate examples, illustrations, or descriptions. Any embodiment or design described herein as "exemplary" is not necessarily to be construed as preferred or advantageous over other embodiments or designs. Rather, the term use of an example is intended to present concepts in a concrete fashion.
In the embodiment of the present application, "information", "signal", "message", "channel", and "signaling" may be used in a mixed manner, and it should be noted that the meaning of the expression is consistent when the distinction is not emphasized. "of", "corresponding" and "corresponding" are sometimes used in combination, and it should be noted that the meaning of the expression is consistent when the distinction is not emphasized.
The network architecture and the service scenario described in the embodiments of the present application are for more clearly describing the technical solution of the embodiments of the present application, and do not constitute a limitation on the technical solution provided by the embodiments of the present application, and those skilled in the art can know that, with the evolution of the network architecture and the appearance of the new service scenario, the technical solution provided by the embodiments of the present application is applicable to similar technical problems.
To facilitate understanding of the embodiments of the present application, a communication system suitable for use in the embodiments of the present application will be described in detail with reference to the communication system shown in fig. 1. Fig. 1 is a schematic diagram of a communication system to which a data processing method according to an embodiment of the present application is applicable.
As shown in fig. 1, the communication system includes a network device and a terminal device.
The network device is a device with wireless receiving and transmitting function on the network side of the communication system or a chip system arranged on the device. The network devices include, but are not limited to: VPN terminal, VPN center terminal and server.
The terminal equipment is a terminal with wireless receiving and transmitting function which is accessed into the communication system or a chip system which can be arranged on the terminal. The terminal device may be an information collecting terminal, which may also be referred to as a user equipment, an access terminal, a subscriber unit, a subscriber station, a mobile station, a remote terminal, a mobile device, a user terminal, a wireless communication device, a user agent, or a user equipment. The information collecting terminal in the embodiment of the present application may be a mobile phone (mobile phone), a tablet computer (Pad), a computer with a wireless transceiving function, a Virtual Reality (VR) terminal device, an augmented reality (augmented reality, AR) terminal device, a wireless terminal in industrial control (industrial control), a wireless terminal in unmanned driving (self driving), a wireless terminal in remote medical (remote medical), a wireless terminal in smart grid (smart grid), a wireless terminal in transportation security (transportation safety), a wireless terminal in smart city (smart city), a wireless terminal in smart home (smart home), a vehicle-mounted terminal, an RSU with a terminal function, or the like.
It should be noted that, the communication method provided in the embodiment of the present application may be applied between the information acquisition terminal and the VPN terminal shown in fig. 1 and between the VPN terminal and the VPN central end, and specific implementation may refer to the following method embodiments, which are not described herein again.
It should be noted that the solution in the embodiment of the present application may also be applied to other communication systems, and the corresponding names may also be replaced by names of corresponding functions in other communication systems.
It should be understood that fig. 1 is a simplified schematic diagram that is merely exemplary for ease of understanding, and that other network devices, and/or other terminal devices, may also be included in the communication system, which are not shown in fig. 1.
The portable VPN terminal provided in the embodiment of the present application will be specifically described with reference to fig. 1 to 2.
Fig. 2 is a schematic structural diagram of a portable VPN terminal according to an embodiment of the present application. As shown in fig. 2, the portable VPN terminal includes a network card, a 5G communication module, a key negotiation module, a storage module, a processor, and a VPP running on the processor.
The network card can be used as an interface for connecting the information acquisition terminal, and the information acquisition terminal sends acquisition data to the network card.
Optionally, the network card may include a WiFi interface, and the portable VPN terminal is connected to the information collecting terminal through the WiFi interface. The information acquisition terminal can transmit acquisition data to the information acquisition terminal through WiFi.
Optionally, the network card may also include an ethernet interface, and the portable VPN terminal is connected to the information collecting terminal through the ethernet interface. The information acquisition terminal can transmit acquisition data to the information acquisition terminal through the Ethernet interface.
The 5G communication module is used for establishing a 5G communication channel between the portable VPN terminal and the VPN central terminal. Optionally, the 5G communication module includes a 5G wireless interface.
Wherein the key agreement module is used for establishing a VPN tunnel between the portable VPN terminal and the VPN central terminal, and the VPN tunnel depends on a 5G communication channel. In order to establish a VPN tunnel, a key agreement module needs to perform key agreement with the VPN central side through the 5G communication module, the key agreement being based on IPsec (english: internet Protocol Security, chinese: internet security protocol) protocol. The negotiated key may be stored in the memory module.
As shown in FIG. 2, the processor runs VPP (English: vector Packet Processing, chinese: vector packet processing). With the progressive widespread use of network virtualization technology in the telecommunications field, DPDK (english: data Plane Development Kit, chinese: data plane development suite) and software forwarding technology operating thereon began to step into the public telecommunications network. Among many DPDK-based software forwarding techniques, VPP (english: vector Packet Processing, chinese: bulk packet processing software) is increasingly being used in virtualized telecommunication devices as an efficient routing forwarding software.
In the prior art, VPP is employed in virtualized telecommunications devices or in home or enterprise gateways. Since the VPP itself has the characteristics of route forwarding, the present application creatively operates the VPP as a data plane layer in the portable VPN terminal.
After the network card receives the acquired data, the VPP directly acquires the acquired data from the network card, and searches whether a secret key generated after negotiation with the VPN central terminal exists in the storage module. And if the key exists, the VPP encrypts the acquired data according to the key and sends the encrypted acquired data to the 5G communication module. And the 5G communication module transmits the encrypted acquired data to the VPN central terminal.
In the portable VPN terminal, the VPP is used as a data plane layer, the VPP can directly acquire acquired data from the network card, encrypt the acquired data and forward the acquired data to a route, the 5G communication module is used for transmitting the encrypted acquired data to the VPN center terminal, the data forwarding and encryption are completed through the data plane layer constructed by the VPP, a kernel system is bypassed, the CPU resource consumption of the VPN terminal is reduced, the path from the network card to a service process of the data is shortened, the problem that the data processing capacity is low when the portable VPN terminal is subjected to explosive growth of the data of the information acquisition terminal equipment of the power distribution communication network in the related art is solved, and the data processing capacity is well improved.
In addition, because the 5G communication module is used for transmitting data, the problem that the information transmission broadband is insufficient when the portable VPN terminal faces the data explosive growth of the information acquisition terminal equipment of the power distribution communication network in the related technology is solved, and the data transmission efficiency is greatly improved.
Optionally, when the VPP does not find the key generated after negotiating with the VPN central terminal in the storage module, the key negotiating module negotiates a key with the VPN central terminal through the 5G communication module, and establishes a VPN tunnel. Wherein the key agreement procedure is based on the IPSec protocol. After the key agreement is successful, the storage module stores the key. The VPP encrypts the acquired data acquired from the network card based on the stored secret key, and then transmits the encrypted acquired data to the VPN center through the 5G communication module.
After receiving the encrypted collected data, the VPN center end needs to decrypt the encrypted collected data by using a negotiated key and sends the decrypted collected data to the server so that the server can perform subsequent processing on the decrypted collected data.
Optionally, the processor deletes the key stored in the storage module after the 5G communication module transmits the collected data. Namely, the portable VPN terminal of the application establishes a VPN tunnel through the 5G communication module only after receiving the collected data. If the acquired data is not received, a VPN tunnel is not established; or after the encrypted acquired data is sent, the VPN tunnel is not maintained any more, the resources occupied by the VPN tunnel are released in time, and the working efficiency of the portable VPN terminal is improved.
Optionally, the portable VPN terminal is a non-rack type device that adopts a box type structure. Further, the length, width and height of the non-rack type equipment with the box type structure are all smaller than 200mm.
The data processing method provided by the embodiment of the present application will be specifically described with reference to fig. 1 to 3. The data processing method is based on the portable VPN terminal shown in fig. 2.
Fig. 3 is a schematic flow chart of a data processing method according to an embodiment of the present application. The data processing method can be applied to communication between the VPN terminal and the VPN central end shown in fig. 1.
As shown in fig. 3, the data processing method includes the steps of:
s301, receiving acquisition data through a network card.
The network card can be used as an interface to be connected with the information acquisition terminal, and the information acquisition terminal sends acquisition data to the network card.
Optionally, the network card may include a WiFi interface, and the portable VPN terminal is connected to the information collecting terminal through the WiFi interface. The information acquisition terminal can transmit acquisition data to the information acquisition terminal through WiFi.
Optionally, the network card may also include an ethernet interface, and the portable VPN terminal is connected to the information collecting terminal through the ethernet interface. The information acquisition terminal can transmit acquisition data to the information acquisition terminal through the Ethernet interface.
S302, sending the acquired data to VPP.
After the network card receives the acquired data, the VPP can directly acquire the acquired data from the network card, thereby bypassing the operating system and avoiding the acquired data from repeatedly entering and exiting the system kernel.
S303, confirming that a key exists.
The key is generated after the key negotiation module negotiates with the VPN center.
S304, encrypting the acquired data according to the secret key.
And the VPP directly acquires the acquired data from the network card and searches whether a secret key generated after negotiation with the VPN central terminal exists in the storage module. If a key is present, the VPP encrypts the acquisition data according to the key and performs step S305.
S305, transmitting the encrypted acquired data to the VPN central terminal based on the 5G communication module.
When the VPP does not find the key generated after negotiation with the VPN central side in the storage module, step S304 and step S305 cannot be performed. At this time, the data processing method performs the steps of: sending a key negotiation request to the VPN center terminal based on a 5G communication module; acquiring a key negotiated with the VPN center based on an IPSec protocol; encrypting the acquired data according to the key; and transmitting the encrypted acquired data to the VPN central terminal based on a 5G communication module.
Optionally, after sending the encrypted collected data to the VPN central end, the negotiated key may be deleted. Namely, the portable VPN terminal of the application establishes a VPN tunnel through the 5G communication module only after receiving the collected data. If the acquired data is not received, a VPN tunnel is not established; or after the encrypted acquired data is sent, the VPN tunnel is not maintained any more, the resources occupied by the VPN tunnel are released in time, and the working efficiency of the portable VPN terminal is improved.
Based on the data processing method, VPPs in the portable VPN terminal can directly acquire acquired data from the network card, encrypt the acquired data and forward the acquired data to a route, and transmit the encrypted acquired data to a VPN center through a 5G communication module, wherein the forwarding and encryption of the data are completed through a data plane layer constructed by the VPPs, so that a kernel system is bypassed, CPU resource consumption of the VPN terminal is reduced, a path from the network card to a service process of the data is shortened, the problem that the data processing capacity is low when the portable VPN terminal is subjected to explosive growth of the data of the information acquisition terminal equipment of the power distribution communication network in the related art is solved, and the data processing capacity is well improved.
Fig. 4 is a schematic structural diagram of another portable VPN terminal device according to an embodiment of the present application. The portable VPN terminal device is a network device, and may be a chip (system) or other parts or components that can be provided in the network device. As shown in fig. 4, the portable VPN terminal 400 may include a processor 401. Optionally, the portable VPN terminal 400 may further comprise a memory 402 and/or a transceiver 403. Wherein the processor 401 is coupled to the memory 402 and the transceiver 403, e.g. may be connected by a communication bus.
The following describes the respective constituent elements of the portable VPN terminal 400 in detail with reference to fig. 4:
the processor 401 is a control center of the portable VPN terminal 400, and may be one processor or a collective name of a plurality of processing elements. For example, processor 401 is one or more central processing units (central processing unit, CPU) and may also be an integrated circuit (application specific integrated circuit, ASIC) or one or more integrated circuits configured to implement embodiments of the present application, such as: one or more microprocessors (digital signal processor, DSPs), or one or more field programmable gate arrays (field programmable gate array, FPGAs).
Alternatively, the processor 401 may perform various functions of the portable VPN terminal 400 by running or executing a software program stored in the memory 402 and calling data stored in the memory 402.
In a particular implementation, processor 401 may include one or more CPUs, such as CPU0 and CPU1 shown in FIG. 4, as an embodiment.
In a specific implementation, as an embodiment, the portable VPN terminal 400 may also include a plurality of processors, such as the processor 401 and the processor 404 shown in fig. 2. Each of these processors may be a single-core processor (single-CPU) or a multi-core processor (multi-CPU). A processor herein may refer to one or more devices, circuits, and/or processing cores for processing data (e.g., computer program instructions).
The memory 402 is configured to store a software program for executing the solution of the present application, and the processor 401 controls the execution of the software program, and the specific implementation may refer to the above method embodiment, which is not described herein again.
Alternatively, memory 402 may be, but is not limited to, a read-only memory (ROM) or other type of static storage device, a random access memory (random access memory, RAM) or other type of dynamic storage device, which may store static information and instructions, or an electrically erasable programmable read-only memory (electrically erasable programmable read-only memory, EEPROM), a compact disc read-only memory (compact disc read-only memory) or other optical disk storage, optical disk storage (including compact disc, laser disc, optical disc, digital versatile disc, blu-ray disc, etc.), magnetic disk storage media or other magnetic storage devices, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer. The memory 402 may be integrated with the processor 401 or may exist separately and be coupled to the processor 401 through an interface circuit (not shown in fig. 4) of the portable VPN terminal 400, which is not particularly limited in the embodiment of the present application.
A transceiver 403 for communication with other portable VPN terminals. For example, the portable VPN terminal 400 is a terminal device, and the transceiver 403 may be used to communicate with a network device or with another terminal device. As another example, the portable VPN terminal 400 is a network device and the transceiver 403 may be used to communicate with the terminal device or with another network device.
Alternatively, the transceiver 403 may include a receiver and a transmitter (not separately shown in fig. 4). The receiver is used for realizing the receiving function, and the transmitter is used for realizing the transmitting function.
Alternatively, the transceiver 403 may be integrated with the processor 401, or may exist separately, and be coupled to the processor 401 through an interface circuit (not shown in fig. 4) of the portable VPN terminal 400, which is not specifically limited by the embodiment of the present application.
It should be noted that the configuration of the portable VPN terminal 400 shown in fig. 4 does not limit the portable VPN terminal, and an actual portable VPN terminal may include more or less components than those shown in the drawings, or may combine some components, or may have a different arrangement of components.
In addition, the technical effects of the portable VPN terminal 400 may refer to the technical effects of the communication method described in the foregoing method embodiment, and will not be described herein.
The embodiment of the application also provides a chip system, which comprises: a processor coupled to a memory for storing programs or instructions which, when executed by the processor, cause the system-on-a-chip to perform the functions of any of the method embodiments described above.
Alternatively, the processor in the system-on-chip may be one or more. The processor may be implemented in hardware or in software. When implemented in hardware, the processor may be a logic circuit, an integrated circuit, or the like. When implemented in software, the processor may be a general purpose processor, implemented by reading software code stored in a memory.
Alternatively, the memory in the system-on-chip may be one or more. The memory may be integral with the processor or separate from the processor, and the application is not limited.
The memory may be a non-transitory processor, such as a ROM, which may be integrated on the same chip as the processor, or may be separately provided on different chips, and the type of memory and the manner of providing the memory and the processor are not particularly limited in the present application.
The system-on-chip may be, for example, a field programmable gate array (field programmable gate array, FPGA), an application specific integrated chip (application specific integrated circuit, ASIC), a system on chip (SoC), a central processing unit (central processor unit, CPU), a network processor (network processor, NP), a digital signal processing circuit (digital signal processor, DSP), a microcontroller (micro controller unit, MCU), a programmable controller (programmable logic device, PLD) or other integrated chip.
It should be appreciated that the processor in embodiments of the application may be a central processing unit (central processing unit, CPU), which may also be other general purpose processors, digital signal processors (digital signal processor, DSP), application specific integrated circuits (application specific integrated circuit, ASIC), off-the-shelf programmable gate arrays (field programmable gate array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
It should also be appreciated that the memory in embodiments of the present application may be either volatile memory or nonvolatile memory, or may include both volatile and nonvolatile memory. The nonvolatile memory may be a read-only memory (ROM), a Programmable ROM (PROM), an Erasable PROM (EPROM), an electrically Erasable EPROM (EEPROM), or a flash memory. The volatile memory may be random access memory (random access memory, RAM) which acts as an external cache. By way of example but not limitation, many forms of random access memory (random access memory, RAM) are available, such as Static RAM (SRAM), dynamic Random Access Memory (DRAM), synchronous Dynamic Random Access Memory (SDRAM), double data rate synchronous dynamic random access memory (DDR SDRAM), enhanced Synchronous Dynamic Random Access Memory (ESDRAM), synchronous Link DRAM (SLDRAM), and direct memory bus RAM (DR RAM).
The above embodiments may be implemented in whole or in part by software, hardware (e.g., circuitry), firmware, or any other combination. When implemented in software, the above-described embodiments may be implemented in whole or in part in the form of a computer program product. The computer program product comprises one or more computer instructions or computer programs. When the computer instructions or computer program are loaded or executed on a computer, the processes or functions described in accordance with embodiments of the present application are produced in whole or in part. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable apparatus. The computer instructions may be stored in a computer-readable storage medium or transmitted from one computer-readable storage medium to another computer-readable storage medium, for example, the computer instructions may be transmitted from one website site, computer, server, or data center to another website site, computer, server, or data center by wired (e.g., infrared, wireless, microwave, etc.). The computer readable storage medium may be any available medium that can be accessed by a computer or a data storage device such as a server, data center, etc. that contains one or more sets of available media. The usable medium may be a magnetic medium (e.g., floppy disk, hard disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium. The semiconductor medium may be a solid state disk.
It should be understood that the term "and/or" is merely an association relationship describing the associated object, and means that three relationships may exist, for example, a and/or B may mean: there are three cases, a alone, a and B together, and B alone, wherein a, B may be singular or plural. In addition, the character "/" herein generally indicates that the associated object is an "or" relationship, but may also indicate an "and/or" relationship, and may be understood by referring to the context.
In the present application, "at least one" means one or more, and "a plurality" means two or more. "at least one of" or the like means any combination of these items, including any combination of single item(s) or plural items(s). For example, at least one (one) of a, b, or c may represent: a, b, c, a-b, a-c, b-c, or a-b-c, wherein a, b, c may be single or plural.
It should be understood that, in various embodiments of the present application, the sequence numbers of the foregoing processes do not mean the order of execution, and the order of execution of the processes should be determined by the functions and internal logic thereof, and should not constitute any limitation on the implementation process of the embodiments of the present application.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
It will be clear to those skilled in the art that, for convenience and brevity of description, the specific working procedures of the above-described systems, apparatuses and units may refer to the corresponding procedures in the foregoing method embodiments, which are not repeated here.
In the several embodiments provided by the present application, it should be understood that the disclosed systems, devices, and methods may be implemented in other manners. For example, the apparatus embodiments described above are merely illustrative, and for example, the division of the units is merely a logical function division, and there may be additional divisions when actually implemented, for example, multiple units or components may be combined or integrated into one system, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other form.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the scheme of the embodiment.
In addition, each functional unit in the embodiments of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit.
The functions, if implemented in the form of software functional units, may be stored on a computer readable storage medium for sale or use as a stand alone product. Based on this understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a server, a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a read-only memory (ROM), a random access memory (random access memory, RAM), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The foregoing description of the embodiments has been provided for the purpose of illustrating the general principles of the application, and is not meant to limit the scope of the application, but to limit the application to the particular embodiments, and any modifications, equivalents, improvements, etc. that fall within the spirit and principles of the application are intended to be included within the scope of the application.

Claims (8)

1. A portable VPN terminal, comprising: the system comprises a network card, a 5G communication module, a key negotiation module, a storage module, a processor and a VPP (virtual private point) running on the processor;
the network card is used for receiving the acquired data and sending the acquired data to the VPP;
the VPP is used for searching a secret key in the storage module after receiving the acquired data; wherein, the key is generated after the key negotiation module negotiates with a VPN center terminal;
the VPP is also used for encrypting the acquired data according to the secret key to obtain encrypted acquired data after confirming the secret key exists in the storage module, and sending the encrypted acquired data to the 5G communication module;
the 5G communication module is used for transmitting the encrypted acquired data to the VPN central terminal;
the key negotiation module is used for negotiating a key with the VPN central terminal through the 5G communication module and based on IPSec protocol under the condition that the key does not exist in the storage module;
the storage module is used for storing the secret key negotiated with the VPN central terminal;
and the processor deletes the secret key stored in the storage module after the 5G communication module sends the encrypted acquired data.
2. A portable VPN terminal according to claim 1, wherein said network card includes a WiFi interface and an ethernet interface; and the network card receives the acquired data through the WiFi interface or the Ethernet interface.
3. A portable VPN terminal according to any of claims 1-2, characterized in that said portable VPN terminal is a non-rack device in a box-like structure.
4. A portable VPN terminal according to claim 3, characterized in that the box-like structure of said portable VPN terminal is less than 200mm long, wide and high.
5. A data processing method based on the portable VPN terminal of claim 1, comprising:
collecting data is received through the network card;
sending the acquired data to a VPP;
confirming the existence of a key; wherein, the key is generated after the key negotiation module negotiates with the VPN center;
encrypting the acquired data according to the key;
and transmitting the encrypted acquired data to the VPN central terminal based on the 5G communication module.
6. The data processing method according to claim 5, further comprising:
under the condition that the fact that the secret key does not exist is confirmed, a secret key negotiation request is sent to the VPN center terminal based on a 5G communication module;
acquiring a key negotiated with the VPN center based on an IPSec protocol;
encrypting the acquired data according to the secret key to obtain encrypted acquired data;
and transmitting the encrypted acquired data to the VPN central terminal based on the 5G communication module.
7. The data processing method of claim 6, further comprising: and deleting the secret key after transmitting the encrypted acquired data to the VPN central terminal based on the 5G communication module.
8. A computer-readable storage medium, characterized in that the computer-readable storage medium comprises a computer program or instructions, which, when run on a computer, cause the computer to perform the data processing method of a portable VPN terminal according to any of the claims 5-7.
CN202110823124.XA 2021-07-21 2021-07-21 Portable VPN terminal, data processing method and storage medium Active CN113556340B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110823124.XA CN113556340B (en) 2021-07-21 2021-07-21 Portable VPN terminal, data processing method and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110823124.XA CN113556340B (en) 2021-07-21 2021-07-21 Portable VPN terminal, data processing method and storage medium

Publications (2)

Publication Number Publication Date
CN113556340A CN113556340A (en) 2021-10-26
CN113556340B true CN113556340B (en) 2023-09-26

Family

ID=78103702

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110823124.XA Active CN113556340B (en) 2021-07-21 2021-07-21 Portable VPN terminal, data processing method and storage medium

Country Status (1)

Country Link
CN (1) CN113556340B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114025018A (en) * 2021-11-29 2022-02-08 北京天融信网络安全技术有限公司 Data processing method, device, network equipment and computer readable storage medium
CN114500368B (en) * 2022-04-07 2022-06-17 成都网讯优速信息技术有限公司 Data transmission method and device and router adopting device

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1561040A (en) * 2004-02-24 2005-01-05 武汉虹信通信技术有限责任公司 Transmission method of universal radio transparent VPN network bridge system based on GRPS/CDMA 2000 1X
CN102158385A (en) * 2010-11-23 2011-08-17 东莞宇龙通信科技有限公司 Data information transmission device and method applied to mobile terminal
CN104467898A (en) * 2013-09-25 2015-03-25 北京国通创安报警网络技术有限公司 Portable intelligent terminal and method for conducting data transmission with portable intelligent terminal
WO2017071296A1 (en) * 2015-10-30 2017-05-04 深圳市中兴微电子技术有限公司 Vpn-based secure data access method, device and system
WO2020125839A1 (en) * 2018-12-18 2020-06-25 GRID INVENT gGmbH Electronic element and electrically controlled display element

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102377629B (en) * 2010-08-20 2014-08-20 华为技术有限公司 Method and device for communicating with server in IMS (IP multimedia subsystem) core network by using terminal to pass through private network as well as network system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1561040A (en) * 2004-02-24 2005-01-05 武汉虹信通信技术有限责任公司 Transmission method of universal radio transparent VPN network bridge system based on GRPS/CDMA 2000 1X
CN102158385A (en) * 2010-11-23 2011-08-17 东莞宇龙通信科技有限公司 Data information transmission device and method applied to mobile terminal
CN104467898A (en) * 2013-09-25 2015-03-25 北京国通创安报警网络技术有限公司 Portable intelligent terminal and method for conducting data transmission with portable intelligent terminal
WO2017071296A1 (en) * 2015-10-30 2017-05-04 深圳市中兴微电子技术有限公司 Vpn-based secure data access method, device and system
WO2020125839A1 (en) * 2018-12-18 2020-06-25 GRID INVENT gGmbH Electronic element and electrically controlled display element

Also Published As

Publication number Publication date
CN113556340A (en) 2021-10-26

Similar Documents

Publication Publication Date Title
CN109150688B (en) IPSec VPN data transmission method and device
US11765578B2 (en) Security negotiation method and apparatus
CN113556340B (en) Portable VPN terminal, data processing method and storage medium
CN105493524A (en) End-to-end M2M service layer sessions
WO2012174722A1 (en) Method and apparatus for providing a virtual sim for mobile communications
CN111200798A (en) V2X message transmission method, device and system
US10419212B2 (en) Methods, systems, apparatuses, and devices for securing network communications using multiple security protocols
EP4328815A1 (en) Federated learning method, federated learning system, first device, and third device
US11546304B2 (en) Multi-domain message routing with E2E tunnel protection
US20240089779A1 (en) Processing terminal device sensing data using a network function element
CN116783917A (en) Method, device and system for acquiring security parameters
WO2020140842A1 (en) Data transmission method, device and system
CN115669185A (en) Data transmission method, device and storage medium
CN108322464B (en) Key verification method and device
CN116963054A (en) WLAN multilink TDLS key derivation
CN114650531A (en) Method for realizing multiple security enhancement functions based on USIM card and USIM card
EP4027673A1 (en) Communication method, apparatus and system
CN115801388B (en) Message transmission method, device and storage medium
WO2022104740A1 (en) Method and apparatus for updating non-public network subscription information
CN215990843U (en) VPN terminal communication system based on IPSec protocol
CN115134806B (en) IPSec security reinforcement transmission method, CPE and network transmission system
CN115277037A (en) Communication method, network device, and computer-readable storage medium
WO2024082099A1 (en) Communication method, electronic device and storage medium
EP4231751A1 (en) Wireless communication method, device, and system
CN116614469A (en) Service processing method, device, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant