CN113839776B - Method and system for safety interconnection protocol between network management and router - Google Patents

Method and system for safety interconnection protocol between network management and router Download PDF

Info

Publication number
CN113839776B
CN113839776B CN202111428148.1A CN202111428148A CN113839776B CN 113839776 B CN113839776 B CN 113839776B CN 202111428148 A CN202111428148 A CN 202111428148A CN 113839776 B CN113839776 B CN 113839776B
Authority
CN
China
Prior art keywords
dscp
module
router
key
channel
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111428148.1A
Other languages
Chinese (zh)
Other versions
CN113839776A (en
Inventor
杨林
马琳茹
王雯
苏文蕾
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Institute of Network Engineering Institute of Systems Engineering Academy of Military Sciences
Original Assignee
Institute of Network Engineering Institute of Systems Engineering Academy of Military Sciences
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Institute of Network Engineering Institute of Systems Engineering Academy of Military Sciences filed Critical Institute of Network Engineering Institute of Systems Engineering Academy of Military Sciences
Priority to CN202111428148.1A priority Critical patent/CN113839776B/en
Publication of CN113839776A publication Critical patent/CN113839776A/en
Application granted granted Critical
Publication of CN113839776B publication Critical patent/CN113839776B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/02Standardisation; Integration
    • H04L41/0246Exchanging or transporting network management information using the Internet; Embedding network management web servers in network elements; Web-services-based protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/28Restricting access to network management systems or functions, e.g. using authorisation function to access network configuration
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/068Network architectures or network communication protocols for network security for supporting key management in a packet data network using time-dependent keys, e.g. periodically changing keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5007Internet protocol [IP] addresses

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Small-Scale Networks (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention provides a method and a system for a secure interconnection protocol between a network manager and a router. The method comprises the following steps: step S1, access authentication; step S2, channel establishment and parameter negotiation; step S3, updating a periodic key; step S4, terminating the protocol; step S5, overtime maintenance; therefore, the functions of automatic discovery, safe access authentication, data encapsulation, anti-replay, ciphertext transmission and the like of the network management equipment and the router equipment are realized, the access of illegal equipment is effectively prevented, the equipment is prevented from being illegally attacked in multiple layers from access control to message forwarding, the functions of equipment identity safety identification and the like are provided, and a safe interaction means between the network management equipment and the managed equipment is provided.

Description

Method and system for safety interconnection protocol between network management and router
Technical Field
The invention belongs to the field of communication protocols, and particularly relates to a method and a system for a secure interconnection protocol between a network manager and a router.
Background
With the widespread use of networks, the interconnection of devices is becoming more complex, and also faces various security problems, and there is an increasing need to ensure security on network connections. In order to meet the requirements of new network environments on higher and higher security and reliability, network management and secure interconnection of managed devices are increasingly emphasized, and network management security standards and protocols are continuously updated and enhanced.
The interconnection protocol among the traditional network devices can not effectively prevent the access of illegal devices, has low safety degree and no good protectiveness, has great hidden trouble in the communication safety of users, and can not ensure the interconnection safety of network management and router devices.
Disclosure of Invention
In view of the above technical problems, the present invention provides a secure interconnection protocol scheme for use between a network manager and a router. The scheme can realize the functions of automatic discovery, safe access authentication, data encapsulation, anti-replay, ciphertext transmission and the like of network management and router equipment, and effectively prevent illegal equipment access. Specifically, firstly, the network manager starts to send a negotiation message to the router to start access authentication, judges whether the router completes security access according to a port security policy, and if the judgment is passed, the equipment maintenance message carries out validity check through encryption and decryption, integrity check and anti-replay processing; secondly, the validity of the key is closely related to the message transmission of the gateway, the message transmission between the network manager and the router is encrypted by using the negotiated key, the key is updated and negotiated after the key is overtime, the new key negotiation process adopts the original key for encryption, and the message transmission is in a failure state before the key is updated; thirdly, when the equipment maintenance fails, the network manager initiates a request to remove the connection. The encryption mechanism in the safety interconnection protocol provided by the scheme completely participates, no plaintext transmission exists in the whole process, the equipment is prevented from being illegally attacked in multiple layers from access control to message forwarding, functions such as equipment identity safety identification are provided, and a safety interaction means between the network management equipment and the managed equipment is provided.
The invention discloses a method for a safety interconnection protocol between a network manager and a router in a first aspect. The method comprises the following steps:
step S1, access authentication, specifically including:
a DSCP (Device Security Access Protocol) module of a network manager sends a key negotiation starting request to an encryption module of the network manager, the encryption module of the network manager performs key negotiation with the encryption module of a router after receiving the key negotiation starting request, two parties of the key negotiation judge whether to complete Security Access according to port Security policy configuration, and if the judgment is passed, the two parties enter a Device maintenance stage;
step S2, channel establishment and parameter negotiation, specifically including:
the network management initiates a channel establishment request to the router, the router distributes a management channel security label and an IP address for a channel to be established after receiving the channel establishment request, and the network management configures a DSCP channel table according to the management channel security label and configures network card information according to the IP address;
step S3, periodic key update, specifically including:
step S3.1, after the key updating time of the DSCP module of the network management is expired, actively triggering a periodic key updating process, and sending a key negotiation starting message to the encryption module of the network management to trigger a new round of key negotiation;
step S3.2, after the encryption module of the network manager completes the key agreement, the encryption module sends a key agreement completion notice to the DSCP modules of the devices at the two ends;
step S3.3, the DSCP module of the network management updates the DSCP channel table configuration of the network management based on the new key, and sends a key updating request message to the DSCP module of the router by using the original key;
step S3.4, after receiving the key updating request, the DSCP module of the router judges that the communication opposite end finishes the key negotiation, updates the DSCP channel table of the router by a new key and sends a key updating response message;
step S4, terminating the protocol, specifically including:
the DSCP module of the network manager triggers the deletion of the DSCP connection information by sending a protocol termination request to the router;
step S5, the maintenance timeout specifically includes:
and the DSCP module of the network manager and the DSCP module of the router maintain the connection validity of the DSCP by sending a device maintenance request, and if the maintenance is overtime, the corresponding item of the DSCP channel table is deleted.
According to the method of the first aspect of the present invention, the step S1 specifically includes:
step S1.1, the DSCP module of the network management starts a key negotiation process, the encryption module of the network management encapsulates and sends a key negotiation message to the encryption module of the router at the opposite end, and the encryption module of the router carries out key negotiation with the encryption module of the network management after receiving the key negotiation message;
step S1.2, after the network manager and the router finish the link key agreement, the key agreement completion message is informed to the DSCP module key of the network manager;
and S1.3, after receiving the key negotiation completion message, the DSCP module of the network manager judges whether to complete security access according to the port security policy configuration, if the judgment is passed, the DSCP enters the equipment maintenance stage, and if the judgment is failed, a security event is recorded.
According to the method of the first aspect of the present invention, the step S1 further includes:
step S1.4, after the access authentication is completed, the DSCP module of the network manager sends a device maintenance request message in a protocol channel, and sends the message to the router after encryption;
and S1.5, when the equipment maintenance request message is received, the encryption module of the router firstly carries out decryption and integrity check, then completes anti-replay processing, and sends a legal equipment maintenance message to the DSCP module of the router.
According to the method of the first aspect of the present invention, the step S2 specifically includes:
step S2.1, after the access authentication is completed, the network manager sends a channel establishment request message to the router;
step S2.2, after the router receives the channel establishment request, the router distributes a management channel security label and an IP address for the channel to be established, and then sends a channel establishment response message to the network manager;
and S2.3, after receiving the channel establishment response message, the DSCP module of the network manager configures a DSCP channel table of the network manager according to the channel security mark, and configures network card IP and gateway address according to the obtained IP address to complete channel establishment.
According to the method of the first aspect of the present invention, the step S2 further includes:
and S2.4, after the establishment of the channel is completed, when the gateway or the router transmits the message to the other side, the gateway or the router transmits the respective message to be transmitted to the respective DSCP module, the respective DSCP module determines the channel matched with the message to be transmitted in the established channel after receiving the message to be transmitted, performs encapsulation encryption and integrity calculation by using the negotiated secret key, and transmits the message through the matched channel.
According to the method of the first aspect of the present invention, the step S3 specifically includes:
step S3.1, after the key updating time of the DSCP module of the network management is expired, actively triggering a periodic key updating process, and sending a key negotiation starting message to the encryption module of the network management to trigger a new round of key negotiation;
step S3.2, after the encryption module of the network manager completes the key agreement, the encryption module sends a key agreement completion notice to the DSCP modules of the devices at the two ends;
step S3.3, the DSCP module of the network management updates the DSCP channel table configuration of the network management based on the new key, and sends a key updating request message to the DSCP module of the router by using the original key;
and step S3.4, after receiving the key updating request, the router judges that the opposite communication terminal completes key negotiation, updates the DSCP channel table of the router by using a new key and sends a key updating response message.
According to the method of the first aspect of the present invention, the step S5 specifically includes:
step S5.1, the DSCP module of the network management and the DSCP module of the router send a device maintenance request to the DSCP module of the opposite terminal device under the trigger of a device maintenance timer to maintain the effectiveness of DSCP connection, and the DSCP module of the network management and the DSCP module of the router return a device maintenance response to the received device maintenance request;
and S5.2, the DSCP module of the network manager and the DSCP module of the router count the receiving of the equipment maintenance response, if the equipment maintenance response is not received within the specified retransmission times of the equipment maintenance request, the equipment maintenance is considered to be failed, the DSCP module of the network manager and the DSCP module of the router delete respective DSCP entries, and send a DSCP connection interruption state notification to authentication decision software.
The second aspect of the invention discloses a safety interconnection protocol system used between a network manager and a router. The system comprises a network manager and a router, wherein the network manager and the router respectively comprise a DSCP module and an encryption module; wherein:
in the access authentication phase:
the DSCP module of the network management sends a key negotiation starting request to the encryption module of the network management, the encryption module of the network management performs key negotiation with the encryption module of the router after receiving the key negotiation starting request, both sides of the key negotiation judge whether to complete security access according to port security policy configuration, and if the judgment is passed, the both sides enter an equipment maintenance stage;
in the channel establishment and parameter negotiation stage:
the network management initiates a channel establishment request to the router, the router distributes a management channel security label and an IP address for a channel to be established after receiving the channel establishment request, and the network management configures a DSCP channel table according to the management channel security label and configures network card information according to the IP address;
in the periodic key update phase:
after the key updating time expires, the DSCP module of the network manager actively triggers a periodic key updating process, and sends a key negotiation starting message to the encryption module of the network manager to trigger a new round of key negotiation;
after the encryption module of the network manager completes the key negotiation, the encryption module sends a key negotiation completion notice to the DSCP modules of the two-end equipment;
the DSCP module of the network management updates the DSCP channel table configuration of the network management based on the new key, and sends a key updating request message to the DSCP module of the router by using the original key;
after receiving the key updating request, the DSCP module of the router judges that the opposite communication terminal completes key negotiation, updates the DSCP channel table of the router by using a new key and sends a key updating response message;
in the protocol termination phase:
calling a DSCP module of the network manager to trigger the deletion of DSCP connection information by sending a protocol termination request to the router;
in the maintenance timeout phase:
and calling the DSCP module of the network manager and the DSCP module of the router to maintain the connection effectiveness of the DSCP by sending a device maintenance request, and deleting the corresponding item of the DSCP channel table when the maintenance is overtime.
According to the system of the second aspect of the present invention, in the access authentication phase:
the DSCP module of the network management starts a key negotiation process, the encryption module of the network management encapsulates and sends a key negotiation message to the encryption module of the router of the opposite terminal, and the encryption module of the router carries out key negotiation with the encryption module of the network management after receiving the key negotiation message;
when the network manager and the router finish the link key negotiation, the network manager informs the DSCP module key of the network manager of the key negotiation finishing message;
after receiving the key negotiation completion message, the DSCP module of the network manager judges whether the security access is completed or not according to the port security policy configuration, if the judgment is passed, the device enters the equipment maintenance stage, and if the judgment is failed, the security event is recorded.
According to the system of the second aspect of the present invention, in the access authentication phase:
after the access authentication is completed, the DSCP module of the network manager sends a device maintenance request message in a protocol channel, and sends the message to the router after encryption;
when the device maintenance request message is received, the encryption module of the router firstly carries out decryption and integrity verification, then completes anti-replay processing, and sends a legal device maintenance message to the DSCP module of the router.
According to the system of the second aspect of the present invention, in the channel establishment and parameter negotiation stage:
after the access authentication is completed, the network manager sends a channel establishment request message to the router;
after receiving the channel establishing request, the router distributes a management channel security mark and an IP address for the channel to be established, and then sends a channel establishing response message to the network manager;
after receiving the channel establishment response message, the DSCP module of the network manager configures a DSCP channel table of the network manager according to the channel security mark, and configures network card IP and gateway address according to the obtained IP address to complete channel establishment.
According to the system of the second aspect of the present invention, in the channel establishment and parameter negotiation stage:
after the establishment of the channel is completed, when the gateway or the router transmits a message to the other side, the gateway or the router transmits the respective message to be transmitted to the respective DSCP module, the respective DSCP module determines a channel matched with the message to be transmitted in the established channel after receiving the message to be transmitted, performs encapsulation encryption and integrity calculation by using a negotiated secret key, and transmits the message through the matched channel.
According to the system of the second aspect of the invention, in the maintenance timeout phase:
the DSCP module of the network management and the DSCP module of the router send a device maintenance request to the DSCP module of the opposite terminal device under the trigger of the device maintenance timer to maintain the effectiveness of the DSCP connection, and the DSCP module of the network management and the DSCP module of the router return a device maintenance response to the received device maintenance request;
the DSCP module of the network manager and the DSCP module of the router count the receiving of the equipment maintenance response, if the equipment maintenance response is not received within the specified retransmission times of the equipment maintenance request, the equipment maintenance is considered to be failed, the DSCP module of the network manager and the DSCP module of the router delete respective DSCP entries, and send a DSCP connection interruption state notification to the authentication decision software.
A third aspect of the invention discloses an electronic device. The electronic device comprises a memory and a processor, wherein the memory stores a computer program, and the processor implements the steps of the method for the secure interconnection protocol between the network manager and the router according to any one of the first aspect of the disclosure when executing the computer program.
A fourth aspect of the invention discloses a computer-readable storage medium. The computer readable storage medium has stored thereon a computer program which, when executed by a processor, implements the steps of a method for secure interconnection protocol between a network manager and a router according to any one of the first aspect of the present disclosure.
In summary, in the technical scheme provided by the present invention, functions such as device automatic discovery, secure access authentication, data adaptation, anti-replay, ciphertext transmission, and the like are realized through modules such as encryption adaptation, transmission processing, authentication management, and the like, so that access of an illegal device is effectively prevented, and the device is prevented from being attacked illegally from multiple layers from access control to message forwarding. The scheme is as follows: (1) the contents such as the processing flow of the equipment safety interconnection protocol are specified; (2) the method is suitable for the security access authentication function on the network security router and the network management equipment; (3) and provides a safe interaction means for controlling, managing and service messages between network management equipment and a router. Compared with the existing protocol, the encryption mechanism in the safety interconnection protocol provided by the invention completely participates, no plaintext transmission exists in the whole process, the safety of interconnection between the network management equipment and the router is well ensured, and the safety degree is greatly improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the embodiments or the description in the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings can be obtained by those skilled in the art without creative efforts.
FIG. 1 is a schematic diagram of a secure interconnection protocol (Security interconnect protocol) operating hierarchy between a gateway and a router according to an embodiment of the present invention;
FIG. 2 is a diagram illustrating the functional components of a secure interconnect protocol according to an embodiment of the present invention;
fig. 3 is a flowchart illustrating access authentication and device maintenance according to an embodiment of the present invention;
FIG. 4 is a flowchart illustrating channel establishment and parameter negotiation according to an embodiment of the present invention;
FIG. 5 is a flow chart illustrating a key update according to an embodiment of the present invention;
FIG. 6 is a flowchart illustrating protocol termination and maintenance timeout according to an embodiment of the present invention;
fig. 7 is a block diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The invention discloses a method for a safety interconnection protocol between a network manager and a router in a first aspect.
FIG. 1 is a schematic diagram of a secure interconnection protocol (Security interconnect protocol) operating hierarchy between a gateway and a router according to an embodiment of the present invention; as shown in fig. 1, the security interconnection protocol works in a link layer, an ethernet is used as a transmission entity, a protocol adaptation layer is designed between the security interconnection protocol and the network layer, and mapping of a network layer message and a security interconnection protocol label is completed.
FIG. 2 is a diagram illustrating the functional components of a secure interconnect protocol according to an embodiment of the present invention; as shown in fig. 2, the secure interconnection protocol function is composed of functions of transmission error correction, encryption interface adaptation, transmission processing, authentication management, link processing, and the like. (1) And encryption adaptation, namely completing adaptation functions such as hardware interface, format encapsulation and the like, and completing rate limitation before sending the link key negotiation message to the encryption module. (2) And transmission processing, namely, providing a link security transmission function for an upper control and management protocol and a service message by utilizing link encryption, integrity and anti-replay among network equipment. (3) And authentication management, wherein the security authentication is used for access authentication of the software equipment operating the security interconnection protocol, the link key agreement is developed by triggering the encryption module, and authentication validity judgment is carried out based on the key agreement result and the returned opposite end node number, so that the security access authentication function between the network equipment is completed.
The method comprises the following steps:
step S1, access authentication, specifically including:
a DSCP (Device Security Access Protocol) module of a network manager sends a key negotiation starting request to an encryption module of the network manager, the encryption module of the network manager performs key negotiation with the encryption module of a router after receiving the key negotiation starting request, two parties of the key negotiation judge whether to complete Security Access according to port Security policy configuration, and if the judgment is passed, the two parties enter a Device maintenance stage;
step S2, channel establishment and parameter negotiation, specifically including:
the network management initiates a channel establishment request to the router, the router distributes a management channel security label and an IP address for a channel to be established after receiving the channel establishment request, and the network management configures a DSCP channel table according to the management channel security label and configures network card information according to the IP address;
step S3, periodic key update, specifically including:
step S3.1, after the key updating time of the DSCP module of the network management is expired, actively triggering a periodic key updating process, and sending a key negotiation starting message to the encryption module of the network management to trigger a new round of key negotiation;
step S3.2, after the encryption module of the network manager completes the key agreement, the encryption module sends a key agreement completion notice to the DSCP modules of the devices at the two ends;
step S3.3, the DSCP module of the network management updates the DSCP channel table configuration of the network management based on the new key, and sends a key updating request message to the DSCP module of the router by using the original key;
step S3.4, after receiving the key updating request, the DSCP module of the router judges that the communication opposite end finishes the key negotiation, updates the DSCP channel table of the router by a new key and sends a key updating response message;
step S4, terminating the protocol, specifically including:
the DSCP module of the network manager triggers the deletion of the DSCP connection information by sending a protocol termination request to the router;
step S5, the maintenance timeout specifically includes:
and the DSCP module of the network manager and the DSCP module of the router maintain the connection validity of the DSCP by sending a device maintenance request, and if the maintenance is overtime, the corresponding item of the DSCP channel table is deleted.
In some embodiments, the step S1 specifically includes:
step S1.1, the DSCP module of the network management starts a key negotiation process, the encryption module of the network management encapsulates and sends a key negotiation message to the encryption module of the router at the opposite end, and the encryption module of the router carries out key negotiation with the encryption module of the network management after receiving the key negotiation message;
step S1.2, after the network manager and the router finish the link key agreement, the key agreement completion message is informed to the DSCP module key of the network manager;
and S1.3, after receiving the key negotiation completion message, the DSCP module of the network manager judges whether to complete security access according to the port security policy configuration, if the judgment is passed, the DSCP enters the equipment maintenance stage, and if the judgment is failed, a security event is recorded.
In some embodiments, the step S1 further includes:
step S1.4, after the access authentication is completed, the DSCP module of the network manager sends a device maintenance request message in a protocol channel, and sends the message to the router after encryption;
and S1.5, when the equipment maintenance request message is received, the encryption module of the router firstly carries out decryption and integrity check, then completes anti-replay processing, and sends a legal equipment maintenance message to the DSCP module of the router.
Fig. 3 is a flowchart illustrating access authentication and device maintenance according to an embodiment of the present invention; as shown in fig. 3, the security interconnection protocol DSCP module of the network management starts a key agreement process, the encryption module encapsulates and sends a key agreement message to the encryption module of the security router of the opposite end, and the encryption module of the router performs key agreement with the encryption module of the network management after receiving the key agreement message. When the network manager and the security router complete the link key negotiation, the DSCP module is informed of the completion of the key negotiation. After receiving the key agreement completion message, the network management DSCP module judges whether the security access is completed or not according to the port security policy configuration, if the judgment is failed, the security event is recorded, and authentication decision software is reported; and if the judgment is passed, entering an equipment maintenance flow. After the access authentication is completed, the DSCP module sends a device maintenance request message in the protocol channel, and sends the message to the security router after encryption. When receiving the equipment maintenance message, the encryption module firstly carries out decryption and integrity check, then completes anti-replay processing, and sends the legal equipment maintenance message to the DSCP module.
In some embodiments, the step S2 specifically includes:
step S2.1, after the access authentication is completed, the network manager sends a channel establishment request message to the router;
step S2.2, after the router receives the channel establishment request, the router distributes a management channel security label and an IP address for the channel to be established, and then sends a channel establishment response message to the network manager;
and S2.3, after receiving the channel establishment response message, the DSCP module of the network manager configures a DSCP channel table of the network manager according to the channel security mark, and configures network card IP and gateway address according to the obtained IP address to complete channel establishment.
In some embodiments, the step S2 further includes:
and S2.4, after the establishment of the channel is completed, when the gateway or the router transmits the message to the other side, the gateway or the router transmits the respective message to be transmitted to the respective DSCP module, the respective DSCP module determines the channel matched with the message to be transmitted in the established channel after receiving the message to be transmitted, performs encapsulation encryption and integrity calculation by using the negotiated secret key, and transmits the message through the matched channel.
FIG. 4 is a flowchart illustrating channel establishment and parameter negotiation according to an embodiment of the present invention; as shown in fig. 4, after the DSCP security authentication is completed, the channel establishment and parameter negotiation process is triggered, and the network manager sends a channel establishment request message to the router. After receiving the channel establishing request, the router distributes a management channel security mark and an IP address for the router, and then sends a channel establishing response message to the network manager. After receiving the channel establishment response, the network management DSCP configures a DSCP channel table according to the channel security mark, and configures network card IP and gateway address according to the obtained IP address. When the message is sent to the DSCP module, the matched channel and the negotiated key are sent after being packaged, encrypted and integrality calculated.
In some embodiments, the step S3 specifically includes:
step S3.1, after the key updating time of the DSCP module of the network management is expired, actively triggering a periodic key updating process, and sending a key negotiation starting message to the encryption module of the network management to trigger a new round of key negotiation;
step S3.2, after the encryption module of the network manager completes the key agreement, the encryption module sends a key agreement completion notice to the DSCP modules of the devices at the two ends;
step S3.3, the DSCP module of the network management updates the DSCP channel table configuration of the network management based on the new key, and sends a key updating request message to the DSCP module of the router by using the original key;
and step S3.4, after receiving the key updating request, the router judges that the opposite communication terminal completes key negotiation, updates the DSCP channel table of the router by using a new key and sends a key updating response message.
FIG. 5 is a flow chart illustrating a key update according to an embodiment of the present invention; as shown in fig. 5, after the key update time expires, the DSCP module actively triggers a periodic key update process, and sends a key agreement start message to the encryption module to trigger a new round of key agreement. And after the encryption module finishes the key negotiation, sending a key negotiation completion notice to the DSCP modules of the two-end equipment. And the network management DSCP module updates the DSCP channel table configuration based on the new key and sends a key updating request message to the opposite terminal DSCP module by using the original key. After receiving the key updating request, the opposite terminal equipment judges that the opposite communication terminal finishes the key negotiation, updates the DSCP channel table by a new key, sends a key updating response message and enables the DSCP initiating the key updating party to stop sending the key updating request.
In some embodiments, the step S5 specifically includes:
step S5.1, the DSCP module of the network management and the DSCP module of the router send a device maintenance request to the DSCP module of the opposite terminal device under the trigger of a device maintenance timer to maintain the effectiveness of DSCP connection, and the DSCP module of the network management and the DSCP module of the router return a device maintenance response to the received device maintenance request;
and S5.2, the DSCP module of the network manager and the DSCP module of the router count the receiving of the equipment maintenance response, if the equipment maintenance response is not received within the specified retransmission times of the equipment maintenance request, the equipment maintenance is considered to be failed, the DSCP module of the network manager and the DSCP module of the router delete respective DSCP entries, and send a DSCP connection interruption state notification to authentication decision software.
FIG. 6 is a flowchart illustrating protocol termination and maintenance timeout according to an embodiment of the present invention; as shown in fig. 6, the network management DSCP module triggers the deletion of DSCP connection information by sending a protocol termination request. The DSCP modules at two ends send a device maintenance request to the DSCP module at the opposite end under the trigger of the device maintenance timer to maintain the effectiveness of the DSCP connection, and the DSCP module returns a device maintenance response to the received device maintenance request. The DSCP module counts the receiving of the equipment maintenance response, if the equipment maintenance response is not received within the specified retransmission times of the equipment maintenance request, the equipment maintenance is considered to be failed, the DSCP module deletes the DSCP table entry and sends a DSCP connection interruption state notice to the authentication decision software.
The second aspect of the invention discloses a safety interconnection protocol system used between a network manager and a router. The system comprises a network manager and a router, wherein the network manager and the router respectively comprise a DSCP module and an encryption module; wherein:
in the access authentication phase:
the DSCP module of the network management sends a key negotiation starting request to the encryption module of the network management, the encryption module of the network management performs key negotiation with the encryption module of the router after receiving the key negotiation starting request, both sides of the key negotiation judge whether to complete security access according to port security policy configuration, and if the judgment is passed, the both sides enter an equipment maintenance stage;
in the channel establishment and parameter negotiation stage:
the network management initiates a channel establishment request to the router, the router distributes a management channel security label and an IP address for a channel to be established after receiving the channel establishment request, and the network management configures a DSCP channel table according to the management channel security label and configures network card information according to the IP address;
in the periodic key update phase:
after the key updating time expires, the DSCP module of the network manager actively triggers a periodic key updating process, and sends a key negotiation starting message to the encryption module of the network manager to trigger a new round of key negotiation;
after the encryption module of the network manager completes the key negotiation, the encryption module sends a key negotiation completion notice to the DSCP modules of the two-end equipment;
the DSCP module of the network management updates the DSCP channel table configuration of the network management based on the new key, and sends a key updating request message to the DSCP module of the router by using the original key;
after receiving the key updating request, the DSCP module of the router judges that the opposite communication terminal completes key negotiation, updates the DSCP channel table of the router by using a new key and sends a key updating response message;
in the protocol termination phase:
calling a DSCP module of the network manager to trigger the deletion of DSCP connection information by sending a protocol termination request to the router;
in the maintenance timeout phase:
and calling the DSCP module of the network manager and the DSCP module of the router to maintain the connection effectiveness of the DSCP by sending a device maintenance request, and deleting the corresponding item of the DSCP channel table when the maintenance is overtime.
According to the system of the second aspect of the present invention, in the access authentication phase:
the DSCP module of the network management starts a key negotiation process, the encryption module of the network management encapsulates and sends a key negotiation message to the encryption module of the router of the opposite terminal, and the encryption module of the router carries out key negotiation with the encryption module of the network management after receiving the key negotiation message;
when the network manager and the router finish the link key negotiation, the network manager informs the DSCP module key of the network manager of the key negotiation finishing message;
after receiving the key negotiation completion message, the DSCP module of the network manager judges whether the security access is completed or not according to the port security policy configuration, if the judgment is passed, the device enters the equipment maintenance stage, and if the judgment is failed, the security event is recorded.
According to the system of the second aspect of the present invention, in the access authentication phase:
after the access authentication is completed, the DSCP module of the network manager sends a device maintenance request message in a protocol channel, and sends the message to the router after encryption;
when the device maintenance request message is received, the encryption module of the router firstly carries out decryption and integrity verification, then completes anti-replay processing, and sends a legal device maintenance message to the DSCP module of the router.
According to the system of the second aspect of the present invention, in the channel establishment and parameter negotiation stage:
after the access authentication is completed, the network manager sends a channel establishment request message to the router;
after receiving the channel establishing request, the router distributes a management channel security mark and an IP address for the channel to be established, and then sends a channel establishing response message to the network manager;
after receiving the channel establishment response message, the DSCP module of the network manager configures a DSCP channel table of the network manager according to the channel security mark, and configures network card IP and gateway address according to the obtained IP address to complete channel establishment.
According to the system of the second aspect of the present invention, in the channel establishment and parameter negotiation stage:
after the establishment of the channel is completed, when the gateway or the router transmits a message to the other side, the gateway or the router transmits the respective message to be transmitted to the respective DSCP module, the respective DSCP module determines a channel matched with the message to be transmitted in the established channel after receiving the message to be transmitted, performs encapsulation encryption and integrity calculation by using a negotiated secret key, and transmits the message through the matched channel.
According to the system of the second aspect of the invention, in the maintenance timeout phase:
the DSCP module of the network management and the DSCP module of the router send a device maintenance request to the DSCP module of the opposite terminal device under the trigger of the device maintenance timer to maintain the effectiveness of the DSCP connection, and the DSCP module of the network management and the DSCP module of the router return a device maintenance response to the received device maintenance request;
the DSCP module of the network manager and the DSCP module of the router count the receiving of the equipment maintenance response, if the equipment maintenance response is not received within the specified retransmission times of the equipment maintenance request, the equipment maintenance is considered to be failed, the DSCP module of the network manager and the DSCP module of the router delete respective DSCP entries, and send a DSCP connection interruption state notification to the authentication decision software.
A third aspect of the invention discloses an electronic device. The electronic device comprises a memory and a processor, wherein the memory stores a computer program, and the processor implements the steps of the method for the secure interconnection protocol between the network manager and the router according to any one of the first aspect of the disclosure when executing the computer program.
Fig. 7 is a block diagram of an electronic device according to an embodiment of the present invention, and as shown in fig. 7, the electronic device includes a processor, a memory, a communication interface, a display screen, and an input device, which are connected by a system bus. Wherein the processor of the electronic device is configured to provide computing and control capabilities. The memory of the electronic equipment comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The communication interface of the electronic device is used for carrying out wired or wireless communication with an external terminal, and the wireless communication can be realized through WIFI, an operator network, Near Field Communication (NFC) or other technologies. The display screen of the electronic equipment can be a liquid crystal display screen or an electronic ink display screen, and the input device of the electronic equipment can be a touch layer covered on the display screen, a key, a track ball or a touch pad arranged on the shell of the electronic equipment, an external keyboard, a touch pad or a mouse and the like.
It will be understood by those skilled in the art that the structure shown in fig. 7 is only a partial block diagram related to the technical solution of the present disclosure, and does not constitute a limitation of the electronic device to which the solution of the present application is applied, and a specific electronic device may include more or less components than those shown in the drawings, or combine some components, or have a different arrangement of components.
A fourth aspect of the invention discloses a computer-readable storage medium. The computer readable storage medium has stored thereon a computer program which, when executed by a processor, implements the steps of a method for secure interconnection protocol between a network manager and a router according to any one of the first aspect of the present disclosure.
In summary, in the technical scheme provided by the present invention, functions such as device automatic discovery, secure access authentication, data adaptation, anti-replay, ciphertext transmission, and the like are realized through modules such as encryption adaptation, transmission processing, authentication management, and the like, so that access of an illegal device is effectively prevented, and the device is prevented from being attacked illegally from multiple layers from access control to message forwarding. The scheme is as follows: (1) the contents such as the processing flow of the equipment safety interconnection protocol are specified; (2) the method is suitable for the security access authentication function on the network security router and the network management equipment; (3) and provides a safe interaction means for controlling, managing and service messages between network management equipment and a router. Compared with the existing protocol, the encryption mechanism in the safety interconnection protocol provided by the invention completely participates, no plaintext transmission exists in the whole process, the safety of interconnection between the network management equipment and the router is well ensured, and the safety degree is greatly improved.
It should be noted that the technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, however, as long as there is no contradiction between the combinations of the technical features, the scope of the present description should be considered. The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.

Claims (9)

1. A method for a secure interconnection protocol between a network manager and a router, the method comprising:
step S1, access authentication, specifically including:
a DSCP (Device Security Access Protocol) module of a network manager sends a key negotiation starting request to an encryption module of the network manager, the encryption module of the network manager performs key negotiation with the encryption module of a router after receiving the key negotiation starting request, two parties of the key negotiation judge whether to complete Security Access according to port Security policy configuration, and if the judgment is passed, the two parties enter a Device maintenance stage;
step S2, channel establishment and parameter negotiation, specifically including:
the network management initiates a channel establishment request to the router, the router distributes a management channel security label and an IP address for a channel to be established after receiving the channel establishment request, and the network management configures a DSCP channel table according to the management channel security label and configures network card information according to the IP address;
step S3, periodic key update, specifically including:
step S3.1, after the key updating time of the DSCP module of the network management is expired, actively triggering a periodic key updating process, and sending a key negotiation starting message to the encryption module of the network management to trigger a new round of key negotiation;
step S3.2, after the encryption module of the network manager completes the key agreement, the encryption module sends a key agreement completion notice to the DSCP modules of the devices at the two ends;
step S3.3, the DSCP module of the network management updates the DSCP channel table configuration of the network management based on the new key, and sends a key updating request message to the DSCP module of the router by using the original key;
step S3.4, after receiving the key updating request, the DSCP module of the router judges that the communication opposite end finishes the key negotiation, updates the DSCP channel table of the router by a new key and sends a key updating response message;
step S4, terminating the protocol, specifically including:
the DSCP module of the network manager triggers the deletion of the DSCP connection information by sending a protocol termination request to the router;
step S5, the maintenance timeout specifically includes:
and the DSCP module of the network manager and the DSCP module of the router maintain the connection validity of the DSCP by sending a device maintenance request, and if the maintenance is overtime, the corresponding item of the DSCP channel table is deleted.
2. The method according to claim 1, wherein the step S1 specifically includes:
step S1.1, the DSCP module of the network management starts a key negotiation process, the encryption module of the network management encapsulates and sends a key negotiation message to the encryption module of the router at the opposite end, and the encryption module of the router carries out key negotiation with the encryption module of the network management after receiving the key negotiation message;
step S1.2, after the network manager and the router finish the link key agreement, the key agreement completion message is informed to the DSCP module key of the network manager;
and S1.3, after receiving the key negotiation completion message, the DSCP module of the network manager judges whether to complete security access according to the port security policy configuration, if the judgment is passed, the DSCP enters the equipment maintenance stage, and if the judgment is failed, a security event is recorded.
3. The method according to claim 2, wherein said step S1 further comprises:
step S1.4, after the access authentication is completed, the DSCP module of the network manager sends a device maintenance request message in a protocol channel, and sends the message to the router after encryption;
and S1.5, when the equipment maintenance request message is received, the encryption module of the router firstly carries out decryption and integrity check, then completes anti-replay processing, and sends a legal equipment maintenance message to the DSCP module of the router.
4. The method according to claim 3, wherein the step S2 specifically includes:
step S2.1, after the access authentication is completed, the network manager sends a channel establishment request message to the router;
step S2.2, after the router receives the channel establishment request, the router distributes a management channel security label and an IP address for the channel to be established, and then sends a channel establishment response message to the network manager;
and S2.3, after receiving the channel establishment response message, the DSCP module of the network manager configures a DSCP channel table of the network manager according to the channel security mark, and configures network card IP and gateway address according to the obtained IP address to complete channel establishment.
5. The method of claim 4, wherein the step S2 further includes:
and S2.4, after the establishment of the channel is completed, when the gateway or the router transmits the message to the other side, the gateway or the router transmits the respective message to be transmitted to the respective DSCP module, the respective DSCP module determines the channel matched with the message to be transmitted in the established channel after receiving the message to be transmitted, performs encapsulation encryption and integrity calculation by using the negotiated secret key, and transmits the message through the matched channel.
6. The method according to claim 1, wherein the step S5 specifically includes:
step S5.1, the DSCP module of the network management and the DSCP module of the router send a device maintenance request to the DSCP module of the opposite terminal device under the trigger of a device maintenance timer to maintain the effectiveness of DSCP connection, and the DSCP module of the network management and the DSCP module of the router return a device maintenance response to the received device maintenance request;
and S5.2, the DSCP module of the network manager and the DSCP module of the router count the receiving of the equipment maintenance response, if the equipment maintenance response is not received within the specified retransmission times of the equipment maintenance request, the equipment maintenance is considered to be failed, the DSCP module of the network manager and the DSCP module of the router delete respective DSCP entries, and send a DSCP connection interruption state notification to authentication decision software.
7. A Security interconnection Protocol system used between network management and router is characterized in that the system comprises a network management and a router, wherein the network management and the router respectively comprise a DSCP (Device Security Access Protocol) module and an encryption module; wherein:
in the access authentication phase:
the DSCP module of the network management sends a key negotiation starting request to the encryption module of the network management, the encryption module of the network management performs key negotiation with the encryption module of the router after receiving the key negotiation starting request, both sides of the key negotiation judge whether to complete security access according to port security policy configuration, and if the judgment is passed, the both sides enter an equipment maintenance stage;
in the channel establishment and parameter negotiation stage:
the network management initiates a channel establishment request to the router, the router distributes a management channel security label and an IP address for a channel to be established after receiving the channel establishment request, and the network management configures a DSCP channel table according to the management channel security label and configures network card information according to the IP address;
in the periodic key update phase:
after the key updating time expires, the DSCP module of the network manager actively triggers a periodic key updating process, and sends a key negotiation starting message to the encryption module of the network manager to trigger a new round of key negotiation;
after the encryption module of the network manager completes the key negotiation, the encryption module sends a key negotiation completion notice to the DSCP modules of the two-end equipment;
the DSCP module of the network management updates the DSCP channel table configuration of the network management based on the new key, and sends a key updating request message to the DSCP module of the router by using the original key;
after receiving the key updating request, the DSCP module of the router judges that the opposite communication terminal completes key negotiation, updates the DSCP channel table of the router by using a new key and sends a key updating response message;
in the protocol termination phase:
calling a DSCP module of the network manager to trigger the deletion of DSCP connection information by sending a protocol termination request to the router;
in the maintenance timeout phase:
and calling the DSCP module of the network manager and the DSCP module of the router to maintain the connection effectiveness of the DSCP by sending a device maintenance request, and deleting the corresponding item of the DSCP channel table when the maintenance is overtime.
8. An electronic device, characterized in that the electronic device comprises a memory and a processor, the memory stores a computer program, and the processor implements the steps of a method for secure interconnection protocol between a network manager and a router according to any one of claims 1 to 6 when executing the computer program.
9. A computer-readable storage medium, having stored thereon a computer program which, when being executed by a processor, implements the steps of a method for secure interconnection protocol between a network manager and a router according to any one of claims 1 to 6.
CN202111428148.1A 2021-11-29 2021-11-29 Method and system for safety interconnection protocol between network management and router Active CN113839776B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111428148.1A CN113839776B (en) 2021-11-29 2021-11-29 Method and system for safety interconnection protocol between network management and router

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111428148.1A CN113839776B (en) 2021-11-29 2021-11-29 Method and system for safety interconnection protocol between network management and router

Publications (2)

Publication Number Publication Date
CN113839776A CN113839776A (en) 2021-12-24
CN113839776B true CN113839776B (en) 2022-02-15

Family

ID=78971824

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111428148.1A Active CN113839776B (en) 2021-11-29 2021-11-29 Method and system for safety interconnection protocol between network management and router

Country Status (1)

Country Link
CN (1) CN113839776B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105471596A (en) * 2014-08-04 2016-04-06 杭州华三通信技术有限公司 Network management method and network management device
CN108111352A (en) * 2017-12-26 2018-06-01 迈普通信技术股份有限公司 A kind of Router Security control method, network management platform and system
CN111641639A (en) * 2020-05-28 2020-09-08 深圳供电局有限公司 IPv6 network safety protection system

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100456689C (en) * 2003-08-06 2009-01-28 华为技术有限公司 Network management safety authentication method
CN104702430A (en) * 2013-12-10 2015-06-10 中兴通讯股份有限公司 Method and system for managing networks, and network element devices
CN107547466A (en) * 2016-06-23 2018-01-05 南京中兴软件有限责任公司 A kind of simple network protocol authentication method and device
US10757105B2 (en) * 2017-06-12 2020-08-25 At&T Intellectual Property I, L.P. On-demand network security system
GB2605095A (en) * 2019-11-29 2022-09-21 Ram Kishore Vemulpali Sri Intelligent service layer for separating application from physical networks and extending service layer intelligence

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105471596A (en) * 2014-08-04 2016-04-06 杭州华三通信技术有限公司 Network management method and network management device
CN108111352A (en) * 2017-12-26 2018-06-01 迈普通信技术股份有限公司 A kind of Router Security control method, network management platform and system
CN111641639A (en) * 2020-05-28 2020-09-08 深圳供电局有限公司 IPv6 network safety protection system

Also Published As

Publication number Publication date
CN113839776A (en) 2021-12-24

Similar Documents

Publication Publication Date Title
TWI362859B (en)
JP4159328B2 (en) Network, IPsec setting server device, IPsec processing device, and IPsec setting method used therefor
US8510549B2 (en) Transmission of packet data over a network with security protocol
JP3629237B2 (en) Node device and communication control method
US8806608B2 (en) Authentication server and method for controlling mobile communication terminal access to virtual private network
US8370630B2 (en) Client device, mail system, program, and recording medium
CN107277058B (en) Interface authentication method and system based on BFD protocol
US20080244716A1 (en) Telecommunication system, telecommunication method, terminal thereof, and remote access server thereof
US7694015B2 (en) Connection control system, connection control equipment and connection management equipment
CN113839776B (en) Method and system for safety interconnection protocol between network management and router
WO2017210914A1 (en) Method and apparatus for transmitting information
CN113839787B (en) Bidirectional authentication local area network security access protocol method and system
CN113839777B (en) Security interconnection protocol method and system for router equipment
CN114915536A (en) Network architecture based on SDP component and terminal equipment safety protection method facing novel network
CN100490375C (en) Strong authentication method based on symmetric encryption algorithm
CN100428667C (en) Strong authentication method for digital signature mode using public key encrgption algorithm
KR20230039722A (en) Pre-shared key PSK update method and device
CN109429226B (en) Temporary user certificate generation method, user card, terminal and network equipment
US20080205363A1 (en) Method for operating a VoIP terminal device and a VoIP terminal device
CN115348112B (en) Method for local area network exchange equipment access authentication and trusted networking
CN114157419B (en) Security routing protocol method and system based on OSPF
JP4568857B2 (en) Authentication transmission system
JP7433620B1 (en) Communication method, communication device and computer program
CN113839969B (en) Network management protocol method and system for bidirectional authentication
WO2023241363A1 (en) Communication protection method and system, electronic device, and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant