CN114095921A - SD-WAN encryption communication system and method - Google Patents
SD-WAN encryption communication system and method Download PDFInfo
- Publication number
- CN114095921A CN114095921A CN202210057087.0A CN202210057087A CN114095921A CN 114095921 A CN114095921 A CN 114095921A CN 202210057087 A CN202210057087 A CN 202210057087A CN 114095921 A CN114095921 A CN 114095921A
- Authority
- CN
- China
- Prior art keywords
- flow table
- encrypted
- wan
- encryption
- switch
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/40—Security arrangements using identity modules
Abstract
The application relates to the field of communication, and particularly discloses an SD-WAN encryption communication system and method. The SD-WAN controller is used for generating an encrypted flow table based on a basic flow table and a session key and sending the encrypted flow table to the switch; the switch is used for receiving the encrypted flow table and sending the encrypted flow table to the special SIM card by calling an internal preset communication module; the special SIM card is arranged on the communication module and used for receiving, verifying and decrypting the encryption flow table and feeding back to the switch based on the verification and decryption result. So, through encrypting the flow table at the controller end based on the secret key, after data transmission, verify the decryption through the public key that prestores in the SIM card, avoid other people to directly falsify data in the switch configuration to guarantee communication safety.
Description
Technical Field
The present application relates to the field of communications technologies, and in particular, to an SD-WAN encrypted communication system and method.
Background
In the current SD-WAN (Software Defined Wide Area Network) in the market, which is a service formed by applying a Software Defined Network technology to a Wide Area Network scene, hereinafter referred to as SD-WAN), a lower level switch corresponding to the control of an SD-WAN controller has a problem that configuration is easily tampered with maliciously, and if the configuration of the lower level switch is tampered with maliciously, an irregular communication behavior may be performed, resulting in economic loss.
Disclosure of Invention
The application provides an SD-WAN encryption communication system and method, which aim to solve the problems that switch configuration is easy to be tampered and communication safety is low in the SD-WAN communication process in the prior art.
The above object of the present application is achieved by the following technical solutions:
in a first aspect, an embodiment of the present application provides an SD-WAN encrypted communication system, including: an SD-WAN controller, a switch and a special SIM card;
the SD-WAN controller is used for generating an encrypted flow table based on a basic flow table and a session key and sending the encrypted flow table to the switch;
the switch is used for receiving the encrypted flow table and sending the encrypted flow table to the special SIM card by calling an internal preset communication module;
the special SIM card is arranged on the communication module and used for receiving, verifying and decrypting the encryption flow table and feeding back to the switch based on the verification and decryption result.
Further, the SD-WAN controller generates an encrypted flow table based on the basic flow table and the key, including:
generating a basic flow table;
dispersing the time stamps based on a preset private key to obtain the session key;
after the session key is placed in the basic flow table, encrypting the basic flow table through a preset encryption algorithm;
calculating a digital signature based on the encryption result;
and generating an encrypted flow table according to the encryption result and the digital signature.
Further, the switch receives the encrypted flow table, and sends the encrypted flow table to the special SIM card by calling an internal preset communication module, including:
receiving the encrypted flow table;
calling an internal preset communication module, and opening a preset machine card channel through the communication module;
and sending the encryption flow table to the special SIM card through the machine card channel.
Further, the switch calls the inside communication module of predetermineeing, opens and predetermines the machine card passageway, include:
and the exchanger opens the machine card channel through the openmobile, or opens the machine card channel through the phone book channel in the special SIM card COS.
Further, the receiving, verifying and decrypting the encrypted flow table by the tailored SIM card includes:
receiving the encrypted flow table;
performing digital signature verification and session key verification on the encrypted flow table;
and decrypting the verified encrypted flow table through a preset decryption algorithm and a pre-stored public key to obtain decrypted data.
Further, the feedback of the specially-made SIM card based on the verification decryption result includes:
when the encrypted flow table passes the verification and is decrypted to obtain decrypted data, feeding back the decrypted data to the switch; or when the encrypted flow table fails the verification or the decryption is abnormal, feeding back error information to the switch.
Further, the preset encryption algorithm and the preset decryption algorithm include one or more of RSA, ECC, or SM 2.
In a second aspect, an embodiment of the present application further provides an SD-WAN encrypted communication method, applied to a SIM end, including:
receiving an encrypted flow table; the encryption flow table is generated by a preset SD-WAN controller based on the encryption of a basic flow table and a session key;
performing digital signature verification and session key verification on the encrypted flow table;
if the encrypted flow table passes the verification, decrypting the encrypted flow table information based on a pre-stored public key to obtain decrypted data;
in the verification and decryption process, if the encrypted flow table passes the verification and is decrypted to obtain decrypted data, the decrypted data is fed back to a preset switch; and if the encrypted flow table fails to pass the verification or the decryption is abnormal, feeding back preset error information to a preset switch.
Further, the basic flow table includes: flow entry matching rule information, flow entry priority information, flow entry statistical count information, flow entry action instruction set information, timeout time information of a flow entry, and identifier information of a flow entry;
the encryption flow table includes: a digital signature; wherein the digital signature is generated based on the base flow table information and the session key.
Further, the session key is generated by encrypting the timestamp by the SD-WAN controller based on an SD-WAN private key.
The technical scheme provided by the embodiment of the application can have the following beneficial effects:
in the technical scheme provided by the embodiment of the application, the system comprises an SD-WAN controller, a switch and a special SIM card. The SD-WAN controller is used for generating an encrypted flow table based on a basic flow table and a session key and sending the encrypted flow table to the switch; the switch is used for receiving the encrypted flow table and sending the encrypted flow table to the special SIM card by calling an internal preset communication module; the special SIM card is arranged on the communication module and used for receiving, verifying and decrypting the encryption flow table and feeding back to the switch based on the verification and decryption result. So, through encrypting the flow table at the controller end based on the secret key, after data transmission, verify the decryption through the public key that prestores in the SIM card, avoid other people to directly falsify data in the switch configuration to guarantee communication safety.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the application.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present application and together with the description, serve to explain the principles of the application.
Fig. 1 is a schematic structural diagram of an SD-WAN encrypted communication system according to an embodiment of the present application;
fig. 2 is a data structure diagram of an encryption flow table in an SD-WAN encryption communication system according to an embodiment of the present application;
fig. 3 is a schematic flowchart of an SD-WAN encrypted communication method according to an embodiment of the present application.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present application, as detailed in the appended claims.
Currently, a controller of the SD-WAN controls a subordinate switch to use an OpenFlow protocol, which is a network communication protocol, belongs to a data link layer, and is capable of controlling a forwarding plane (forwarding plane) of a network switch or a router, thereby changing a network path taken by a network packet.
To operate in an OpenFlow environment, any device that wants to communicate with the controller must support the OpenFlow protocol. Through this interface, the controller pushes changes to the switch/router traffic table, enabling the network administrator to partition the traffic, control the traffic for optimal performance, and begin testing new configurations and applications. In practical applications, a flow table (a unique format for transmitting a switch configuration file in an OpenFlow Protocol, hereinafter referred to as a flow table) may be sent to a subordinate switch through a pseudo-device controller IP (Internet Protocol, hereinafter referred to as an IP)/copy controller MAC Address (Media Access Control Address, hereinafter referred to as a MAC Address) or a real flow table may be tampered with to change the configuration of the subordinate switch, thereby threatening communication security and causing economic loss.
In order to solve the above problems, the present application provides an SD-WAN encrypted communication system and method to encrypt the communication process between the controller and the switch of the SD-WAN and ensure the communication security. Specific embodiments are illustrated in detail by the following examples.
Examples
Referring to fig. 1, fig. 1 is a schematic structural diagram of an SD-WAN encrypted communication system according to an embodiment of the present application, and as shown in fig. 1, the system includes: an SD-WAN controller, a switch and a special SIM card.
The SD-WAN controller is used for generating an encrypted flow table based on the basic flow table and the session key and sending the encrypted flow table to the switch.
Specifically, the controller, i.e., the SD-WAN controller, first generates a basic flow table, and then performs dispersion by using a timestamp according to a controller private key to obtain a session key. And then, the session key is placed behind the Cookie parameter of the flow table, the whole flow table is encrypted, a digital signature is generated, the digital signature is placed behind the session key parameter, the final encrypted flow table is obtained, and the final encrypted flow table is sent to the switch.
The exchanger is used for receiving the encryption flow table and sending the encryption flow table to the special SIM card by calling an internal preset communication module.
The special SIM card is arranged on the communication module and used for receiving, verifying and decrypting the encryption flow table and feeding back to the switch based on verification and decryption results.
Specifically, a communication Module, i.e., a communication Module, is added to the lower level switch of the controller, and the special SD-WAN encryption SIM (Subscriber identity Module, hereinafter referred to as SIM) is inserted into the communication Module.
In practical application, after the switch receives the encrypted flow table, a machine card channel is opened through the communication module, the encrypted flow table is transmitted to a special SIM card, and the special SIM card performs secret verification and the like. In the SIM card COS, a public key corresponding to the encrypted flow table key is stored in advance, and for example, a switch public key is provided to the SIM card manufacturer so that the manufacturer stores all the switch public keys, and the corresponding switch public key is stored in the SIM card COS during card manufacturing. After the SIM card receives the encrypted flow table, the encrypted flow table is verified through a public key, specifically comprising digital signature verification and session key verification, and after the two verifications, the encrypted flow table is decrypted. And when the verification is passed and the decrypted data is obtained through decryption, feeding back the decrypted data to the switch through the communication module, or when the verification is failed or the decryption is abnormal, directly feeding back error information through the communication module.
In addition, in the system provided by the embodiment of the present application, the algorithm used for controller encryption and SIM card decryption may be various asymmetric encryption and decryption algorithms, including RSA, ECC, SM2, and the like. Including support for various hashing algorithms including MD5, SHA1, SHA256, SM3, etc., to increase the range of use.
The embodiment of the application provides an SD-WAN encryption communication system which comprises an SD-WAN controller, a switch and a special SIM card. The controller can generate a public key and a private key, and in practical application, the controller encrypts the issued flow table by using the private key; and adding a communication module in a next-stage switch, inserting a special SD-WAN encryption SIM in the communication module, wherein the SD-WAN encryption SIM is internally provided with controller public key parameters in the COS, verifying the encrypted flow table and decrypting the flow table through a switch public key after the switch receives the flow table, and if decryption is successful, considering the data packet as issued by the controller and executing an instruction in the flow table. Therefore, other people are prevented from directly tampering the data in the switch configuration, and the communication security is ensured.
In some specific implementation processes, the special SIM card in the SD-WAN encryption communication system provided by the embodiment of the application can adopt a special COS script and support various card China Unicom 2G/3G/4G/5G, China Mobile 2G/3G/4G/5G and China telecom network access 2G/3G/4G/5G systems. And various SIM card carriers such as FF, 2FF, 3FF, 4FF, patch card, ceramic card and the like are supported. Moreover, the card is an SIM card which accords with China Unicom, China Mobile and China telecom network access standards and supports the functions of network access authentication, voice communication, short message receiving and sending, cellular mobile data and the like. In addition, the public key of the superior controller is stored in the card COS in advance, and is stored in the card for decrypting the received encrypted flow table subsequently.
In a specific implementation process, an encrypted flow table is generated and sent at a controller end, and a switch calls an equipment communication module to open a card channel after receiving the flow table. The channel can be opened through the openmobile or through a phone book in the SIM card COS, and then the encrypted flow table is transmitted to the SIM card through the phone-card channel; and the SIM card COS calls a controller public key stored in the COS after receiving the flow table, verifies and decrypts the flow table, including verifying the digital signature parameter and the session key parameter, and finally feeds back decrypted data to the switch based on a verification decryption result. If any one operation fails in the SIM card verification and decryption processes, directly skipping to feed back and returning error information.
In practical application, the flow table issued by the SD-WAN controller on the market to the switch only uses two parameters of Counters and Cookies and a self-contained secure channel of a protocol, and the content of the flow table is easily modified in forms of IP camouflage, MAC camouflage, real data packet tampering and the like, so that the flow table is unreliable, and the SIM card can decrypt the encrypted data reliably through a public key after the encrypted data is encrypted through a private key of the switch. Fig. 2 is a data structure diagram of an encryption flow table in an SD-WAN encryption communication method according to an embodiment of the present application, as shown in fig. 2:
the encryption flow table in the SD-WAN encryption communication system provided by the embodiment of the present application includes: generating an encrypted flow table from the basic flow table and the key, wherein the basic flow table comprises: the flow table entry matching rule information is Match fields, Priority information Priority of the flow table entry, statistics information Counters of the flow table entry, action instruction set information Instructions of the flow table entry, timeout information timeout of the flow table entry and identifier information Cookie of the flow table entry in fig. 2;
specifically, the Match fields can Match message fields such as an input interface, a physical input interface, data between flow tables, a two-layer message header, a three-layer message header, a four-layer port number and the like; priority: the method is used for defining the matching sequence among the flow table items, and the matching is carried out first with high priority; counters: the method is used for counting how many messages and bytes are matched with the flow table entry; instructions: the message processing method is used for defining the processing required to be carried out on the message matched with the flow table entry; timeouts: is the overtime of the flow table entry; cookie: is the identifier of the flow table item issued by the controller; the Session key Session key is generated by encrypting the timestamp by the private key of the switch; the digital signature is generated by encrypting the first 6 parameters by the session key.
Based on the same inventive concept, an SD-WAN encrypted communication method is further provided in the embodiments of the present application, and is applied to an SIM end, fig. 3 is a schematic flow diagram of the SD-WAN encrypted communication method provided in the embodiments of the present application, and as shown in fig. 3, the method at least includes:
s101, receiving an encryption flow table; wherein the encrypted flow table is generated by a preset SD-WAN controller based on the encryption of the basic flow table and the session key.
And S102, performing digital signature verification and session key verification on the encrypted flow table.
S103, if the encrypted flow table passes the verification, decrypting the encrypted flow table information based on a pre-stored public key to obtain decrypted data, and feeding back the decrypted data.
The feedback comprises the step of feeding back the decrypted data to a preset switch in the verification and decryption process if the encrypted flow table passes the verification and the decrypted data is obtained through decryption; and if the encrypted flow table fails to pass the verification or the decryption is abnormal, feeding back preset error information to a preset switch.
Further, the basic flow table includes: flow entry matching rule information, flow entry priority information, flow entry statistical count information, flow entry action instruction set information, timeout time information of a flow entry, and identifier information of a flow entry;
the encryption flow table includes: a digital signature; wherein the digital signature is generated based on the base flow table information and the session key.
Further, the session key is generated by encrypting the timestamp by the controller based on an SD-WAN private key.
The specific implementation process of the above steps can be understood with reference to the foregoing system embodiment, and is not described here again. The SD-WAN encryption communication method provided by the embodiment of the application has the advantages that the encryption mechanism for transmitting the flow table to the switch by the SD-WAN controller is complete, the SD-WAN encryption communication method can be safely, uniformly and efficiently managed, the safety, the integrity, the tightness and the diagnosis efficiency of the SD-WAN flow table are improved, and the future market requirements of the SD-WAN are met.
It is understood that the same or similar parts in the above embodiments may be mutually referred to, and the same or similar parts in other embodiments may be referred to for the content which is not described in detail in some embodiments.
It should be noted that, in the description of the present application, the terms "first", "second", etc. are used for descriptive purposes only and are not to be construed as indicating or implying relative importance. Further, in the description of the present application, the meaning of "a plurality" means at least two unless otherwise specified.
Any process or method descriptions in flow charts or otherwise described herein may be understood as representing modules, segments, or portions of code which include one or more executable instructions for implementing specific logical functions or steps of the process, and the scope of the preferred embodiments of the present application includes other implementations in which functions may be executed out of order from that shown or discussed, including substantially concurrently or in reverse order, depending on the functionality involved, as would be understood by those reasonably skilled in the art of the present application.
It should be understood that portions of the present application may be implemented in hardware, software, firmware, or a combination thereof. In the above embodiments, the various steps or methods may be implemented in software or firmware stored in memory and executed by a suitable instruction execution system. For example, if implemented in hardware, as in another embodiment, any one or combination of the following techniques, which are known in the art, may be used: a discrete logic circuit having a logic gate circuit for implementing a logic function on a data signal, an application specific integrated circuit having an appropriate combinational logic gate circuit, a Programmable Gate Array (PGA), a Field Programmable Gate Array (FPGA), or the like.
It will be understood by those skilled in the art that all or part of the steps carried by the method for implementing the above embodiments may be implemented by hardware related to instructions of a program, which may be stored in a computer readable storage medium, and when the program is executed, the program includes one or a combination of the steps of the method embodiments.
In addition, functional units in the embodiments of the present application may be integrated into one processing module, or each unit may exist alone physically, or two or more units are integrated into one module. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode. The integrated module, if implemented in the form of a software functional module and sold or used as a stand-alone product, may also be stored in a computer readable storage medium.
The storage medium mentioned above may be a read-only memory, a magnetic or optical disk, etc.
In the description herein, reference to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the application. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
Although embodiments of the present application have been shown and described above, it is understood that the above embodiments are exemplary and should not be construed as limiting the present application, and that variations, modifications, substitutions and alterations may be made to the above embodiments by those of ordinary skill in the art within the scope of the present application.
Claims (10)
1. An SD-WAN encrypted communication system, comprising: an SD-WAN controller, a switch and a special SIM card;
the SD-WAN controller is used for generating an encrypted flow table based on a basic flow table and a session key and sending the encrypted flow table to the switch;
the switch is used for receiving the encrypted flow table and sending the encrypted flow table to the special SIM card by calling an internal preset communication module;
the special SIM card is arranged on the communication module and used for receiving, verifying and decrypting the encryption flow table and feeding back to the switch based on the verification and decryption result.
2. The SD-WAN encrypted communication system of claim 1, wherein the SD-WAN controller generates an encrypted flow table based on the base flow table and the key, comprising:
generating a basic flow table;
dispersing the time stamps based on a preset private key to obtain the session key;
after the session key is placed in the basic flow table, encrypting the basic flow table through a preset encryption algorithm;
calculating a digital signature based on the encryption result;
and generating an encrypted flow table according to the encryption result and the digital signature.
3. The SD-WAN encryption communication system of claim 1, wherein the switch receives the encryption flow table and sends the encryption flow table to the tailored SIM card by invoking an internal preset communication module, comprising:
receiving the encrypted flow table;
calling an internal preset communication module, and opening a preset machine card channel through the communication module;
and sending the encryption flow table to the special SIM card through the machine card channel.
4. The SD-WAN encryption communication system according to claim 3, wherein said switch calls an internal preset communication module to open a preset card channel, comprising:
and the exchanger opens the machine card channel through the openmobile, or opens the machine card channel through the phone book channel in the special SIM card COS.
5. The SD-WAN encryption communication system of claim 2, wherein the tailored SIM card receiving and verifying decrypting the encrypted flow table comprises:
receiving the encrypted flow table;
performing digital signature verification and session key verification on the encrypted flow table;
and decrypting the verified encrypted flow table through a preset decryption algorithm and a pre-stored public key to obtain decrypted data.
6. The SD-WAN encryption communication system according to claim 5, wherein said purpose-built SIM card performs feedback based on verification decryption result, comprising:
when the encrypted flow table passes the verification and is decrypted to obtain decrypted data, feeding back the decrypted data to the switch; or when the encrypted flow table fails the verification or the decryption is abnormal, feeding back error information to the switch.
7. The SD-WAN encryption communication system according to claim 5, wherein said preset encryption algorithm and said preset decryption algorithm comprise one or more of RSA, ECC or SM 2.
8. An SD-WAN encryption communication method is applied to a SIM end, and is characterized by comprising the following steps:
receiving an encrypted flow table; the encryption flow table is generated by a preset SD-WAN controller based on the encryption of a basic flow table and a session key;
performing digital signature verification and session key verification on the encrypted flow table;
if the encrypted flow table passes the verification, decrypting the encrypted flow table information based on a pre-stored public key to obtain decrypted data;
in the verification and decryption process, if the encrypted flow table passes the verification and is decrypted to obtain decrypted data, the decrypted data is fed back to a preset switch; and if the encrypted flow table fails to pass the verification or the decryption is abnormal, feeding back preset error information to a preset switch.
9. The SD-WAN encryption communication method according to claim 8,
the basic flow table includes: flow entry matching rule information, flow entry priority information, flow entry statistical count information, flow entry action instruction set information, timeout time information of a flow entry, and identifier information of a flow entry;
the encryption flow table includes: a digital signature; wherein the digital signature is generated based on the base flow table information and the session key.
10. The SD-WAN encrypted communication method according to claim 8, wherein the session key is generated by the SD-WAN controller encrypting a timestamp based on a SD-WAN private key.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210057087.0A CN114095921A (en) | 2022-01-19 | 2022-01-19 | SD-WAN encryption communication system and method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210057087.0A CN114095921A (en) | 2022-01-19 | 2022-01-19 | SD-WAN encryption communication system and method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN114095921A true CN114095921A (en) | 2022-02-25 |
Family
ID=80308719
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210057087.0A Pending CN114095921A (en) | 2022-01-19 | 2022-01-19 | SD-WAN encryption communication system and method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114095921A (en) |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050239440A1 (en) * | 2004-04-22 | 2005-10-27 | International Business Machines Corporation | Replaceable sequenced one-time pads for detection of cloned service client |
CN102572988A (en) * | 2012-02-16 | 2012-07-11 | 福建星网锐捷网络有限公司 | Subscriber identity module switching method, device and communication equipment |
CN104113839A (en) * | 2014-07-14 | 2014-10-22 | 蓝盾信息安全技术有限公司 | Mobile data safety protection system and method based on SDN |
CN105591754A (en) * | 2016-02-26 | 2016-05-18 | 上海斐讯数据通信技术有限公司 | Authentication header authentication method and authentication header authentication system based on SDN |
CN106850443A (en) * | 2017-02-10 | 2017-06-13 | 济南浪潮高新科技投资发展有限公司 | A kind of SDN flow table issuance methods based on TPM |
-
2022
- 2022-01-19 CN CN202210057087.0A patent/CN114095921A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050239440A1 (en) * | 2004-04-22 | 2005-10-27 | International Business Machines Corporation | Replaceable sequenced one-time pads for detection of cloned service client |
CN102572988A (en) * | 2012-02-16 | 2012-07-11 | 福建星网锐捷网络有限公司 | Subscriber identity module switching method, device and communication equipment |
CN104113839A (en) * | 2014-07-14 | 2014-10-22 | 蓝盾信息安全技术有限公司 | Mobile data safety protection system and method based on SDN |
CN105591754A (en) * | 2016-02-26 | 2016-05-18 | 上海斐讯数据通信技术有限公司 | Authentication header authentication method and authentication header authentication system based on SDN |
CN106850443A (en) * | 2017-02-10 | 2017-06-13 | 济南浪潮高新科技投资发展有限公司 | A kind of SDN flow table issuance methods based on TPM |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110311883B (en) | Identity management method, device, communication network and storage medium | |
US11943343B2 (en) | ECDHE key exchange for server authentication and a key server | |
US7747862B2 (en) | Method and apparatus to authenticate base and subscriber stations and secure sessions for broadband wireless networks | |
US20070083766A1 (en) | Data transmission links | |
US7987363B2 (en) | Secure wireless communications system and related method | |
US20030210789A1 (en) | Data transmission links | |
US20040117623A1 (en) | Methods and apparatus for secure data communication links | |
JP2005515701A6 (en) | Data transmission link | |
US11394696B2 (en) | Resource request method, device and storage medium | |
CN113497778A (en) | Data transmission method and device | |
US11431728B2 (en) | Method and management node in a communication network, for supporting management of network nodes based on LLDP messages | |
US11552994B2 (en) | Methods and nodes for handling LLDP messages in a communication network | |
CN110943996B (en) | Management method, device and system for business encryption and decryption | |
CN117118628A (en) | Lightweight identity authentication method and device for electric power Internet of things and electronic equipment | |
CN114614984B (en) | Time-sensitive network secure communication method based on cryptographic algorithm | |
CN114095921A (en) | SD-WAN encryption communication system and method | |
Bäumer et al. | Terrapin Attack: Breaking SSH Channel Integrity By Sequence Number Manipulation | |
CN114928503B (en) | Method for realizing secure channel and data transmission method | |
Garba et al. | DEVELOPMENT OF AN OPTIMAL END-TO-END SHORT MESSAGE SERVICE (SMS) ENCRYPTION SCHEME FOR MOBILE DEVICES | |
CN116390088A (en) | Security authentication method and device for terminal under open loop transmission, electronic equipment and medium | |
CN115037504A (en) | Communication method and device | |
CN116094735A (en) | Password service management method, device and computer storage medium | |
CN109450930A (en) | A kind of data transmission method and device | |
GB2547039A (en) | Secured service provisioning |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20220225 |