CN114465788A - Multi-fusion gateway information encryption publishing method and device - Google Patents
Multi-fusion gateway information encryption publishing method and device Download PDFInfo
- Publication number
- CN114465788A CN114465788A CN202210076316.3A CN202210076316A CN114465788A CN 114465788 A CN114465788 A CN 114465788A CN 202210076316 A CN202210076316 A CN 202210076316A CN 114465788 A CN114465788 A CN 114465788A
- Authority
- CN
- China
- Prior art keywords
- converged
- gateway
- network
- data
- convergence
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0485—Networking architectures for enhanced packet encryption processing, e.g. offloading of IPsec packet processing or efficient security association look-up
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/061—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/062—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying encryption of the keys
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application relates to the technical field of power automation, in particular to an intelligent gateway, and specifically relates to a multi-fusion gateway information encryption issuing method and a device thereof; based on the converged networking system, the converged networking system comprises a first network and a second network, and the method comprises the following steps: packaging the data; constructing a signaling bearing channel between a fusion non-access layer and a fusion gateway; transmitting the encapsulated data through the signaling bearer channel; authenticating the converged non-access stratum; after the authentication is passed, a service bearing channel between the fusion gateway and the service gateway is established; decapsulating the received data; carrying out two-layer network forwarding on the decapsulated data; matching the data in the table items of the two-layer multicast group, and sending the matched information to the workstation; according to the technical scheme, the stability and the safety of the intelligent power grid for data transmission requirements are achieved through a multi-network fusion technology and a longitudinal encryption technology.
Description
Technical Field
The application relates to the technical field of power automation, in particular to an intelligent gateway, and specifically relates to a multi-fusion gateway information encryption issuing method and a device thereof.
Background
The intelligent power grid dispatching technology support system realizes a province, region and county integrated dispatching management system taking 'intensive operation, source end maintenance, distributed application, flat management and optimized flow' as a core. Because the intelligent power grid dispatching technical support system adopts a distributed acquisition mode, a work station is required to be dispatched and configured remotely in the mode, the network extends remotely from a main network of the ground dispatching system, and a ground dispatching master station is required to be longitudinally connected with each power supply station in a long distance through an Ethernet.
According to the requirement of the power monitoring system safety protection regulation of the order of 14 from the committee of departure and modification: the special vertical encryption authentication device or the encryption authentication gateway for the electric power and corresponding facilities which are detected and authenticated by a national specified department should be arranged at the vertical connection position of the production control area and the wide area network. However, for the current situation of the regulation and control system, the longitudinal joint referred to herein only includes a communication gateway section from the front server of the regulation and control center to the substation, but does not include a main network of the regulation and control center to the dispatching work station sections of each county, so that the security protection of the power monitoring system has weak links, and corresponding measures must be taken to avoid potential safety hazards.
And with the popularization of internet communication technology, especially for the wide use of 5G networks, it is also necessary to provide an information transmission method with multi-network convergence.
Disclosure of Invention
The embodiment of the application provides a multi-fusion gateway information encryption issuing method and a device thereof, which are used for realizing the information security and transmission stability of data in the intelligent power grid scheduling process through a longitudinal encryption technology under a multi-network fusion infrastructure.
In order to achieve the above purpose, the embodiments of the present application employ the following technical solutions:
in a first aspect, an embodiment of the present application provides a method for encrypting and publishing information of multiple converged gateways, where, based on a converged networking system, the converged networking system includes a first network and a second network, and the method includes:
packaging the data;
constructing a signaling bearing channel between a fusion non-access layer and a fusion gateway;
transmitting the encapsulated data through the signaling bearer channel;
authenticating the converged non-access stratum;
after the authentication is passed, a service bearing channel between the fusion gateway and the service gateway is established;
decapsulating the received data;
carrying out two-layer network forwarding on the decapsulated data;
and matching the data in the two-layer multicast group list item, and sending the matched information to the workstation.
Further, the authentication of the converged non-access stratum comprises the following specific methods:
and verifying the converged non-access stratum at a second network networking slice.
Further, the step of constructing a signaling bearer channel between the converged non-access stratum and the converged gateway includes the following steps:
acquiring the IP address of the convergence gateway through the first acquisition, and establishing an IP encryption tunnel with the convergence gateway through the first acquisition; and transmitting the converged non-access layer protocol to the converged gateway through the IP security tunnel so that the converged gateway transmits the converged non-access layer protocol to the second network converged networking slice, and finishing the establishment of a signaling bearer channel between the converged non-access layer and the converged gateway.
Further, the establishment of the IP encryption tunnel includes the establishment of the IP encryption tunnel by the longitudinal encryption device.
Further, before authenticating the converged non-access stratum, the method further includes: and registering the converged non-access stratum through the signaling bearer channel and the converged gateway.
Further, before verifying the converged non-access stratum for the second network networking slice, the method further includes: and registering the converged non-access layer in the second network networking slice through the signaling bearer channel and the converged gateway.
Further, the vertical encryption device is provided with three levels of key management: the main secret key, the equipment public and private keys and the working secret key exchange the secret keys of the two parties through local and remote longitudinal encryption, the working secret key generated in real time is encrypted and transmitted through an RSA or SM2 algorithm, the two parties generating secret key synchronization firstly verify the identity mutually, after the secret keys are matched, a tunnel is successfully established, a required IP packet filtering strategy is configured, and the ciphertext communication of the message is realized.
Further, before the data is split, the following specific methods are also included:
and marking a Virtual Network Identification (VNI) label on an encapsulation head of the data message.
Further, the two-layer network forwarding includes: and finding an MAC table item matched with the VNI label and the destination MAC address of the decapsulated data message from a local MAC table, and determining that the broadcast data message decapsulated by the VXLAN is subjected to two-layer multicast forwarding according to the fact that the destination MAC address of the decapsulated data message is a broadcast MAC address and the destination IP address is a broadcast IP address, wherein the multicast and the IP message have the same steps.
In a second aspect, an embodiment of the present application further provides a device for encrypting and publishing information of multiple converged gateways, where, based on a converged networking system, the converged networking system includes a first network and a second network, and the device includes: the packaging module is used for packaging data; the signaling channel construction module is used for constructing a signaling bearing channel between the converged non-access stratum and the converged gateway; the transmission module is used for transmitting the encapsulated data; the authentication module is used for authenticating the fusion non-access layer; the decapsulation module is used for decapsulating the encapsulated data; a service bearing channel constructing module, configured to construct a service bearing channel; the forwarding module is used for performing two-layer network forwarding on the decapsulated data; and the matching module is used for matching the data in the two-layer multicast group table entry.
According to the technical scheme, the stability and the safety of the intelligent power grid for data transmission requirements are achieved through a multi-network fusion technology and a longitudinal encryption technology.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
The methods, systems, and/or processes of the figures are further described in accordance with the exemplary embodiments. These exemplary embodiments will be described in detail with reference to the drawings. These exemplary embodiments are non-limiting exemplary embodiments in which example numbers represent similar mechanisms throughout the various views of the drawings.
Fig. 1 is a block diagram of a multi-convergence gateway information encryption distribution apparatus according to some embodiments of the application;
fig. 2 is a flowchart illustrating a method for encrypting and publishing information of a multi-convergence gateway according to some embodiments of the present application.
Detailed Description
In order to better understand the technical solutions, the technical solutions of the present application are described in detail below with reference to the drawings and specific embodiments, and it should be understood that the specific features in the embodiments and examples of the present application are detailed descriptions of the technical solutions of the present application, and are not limitations of the technical solutions of the present application, and the technical features in the embodiments and examples of the present application may be combined with each other without conflict.
In the following detailed description, numerous specific details are set forth by way of examples in order to provide a thorough understanding of the relevant guidance. It will be apparent, however, to one skilled in the art that the present application may be practiced without these specific details. In other instances, well-known methods, procedures, systems, compositions, and/or circuits have been described at a relatively high-level, without detail, in order to avoid unnecessarily obscuring aspects of the present application.
Flowcharts are used herein to illustrate the implementations performed by systems according to embodiments of the present application. It should be expressly understood that the processes performed by the flowcharts may be performed out of order. Rather, these implementations may be performed in the reverse order or simultaneously. In addition, at least one other implementation may be added to the flowchart. One or more implementations may be deleted from the flowchart.
Referring to fig. 2, a flowchart of a method for encrypting and publishing information of multiple converged gateways according to some embodiments of the present application is shown, where the method is based on a converged networking system, and the converged networking system includes a first network and a second network; in other embodiments, a third network may be further included, and the setting of the number of networks may be implemented according to a specific network architecture.
The method provided by the embodiment specifically includes the following steps:
data encapsulation;
data encryption;
data transmission;
unpacking;
and (4) data transmission.
With respect to the above five steps, on the basis of specifically including the following step S1, step S8, some alternative embodiments will be described, which should be understood as examples, and should not be understood as technical features essential to implementing the present solution.
Step S1, the data is encapsulated.
Step S11, a virtual network representation VNI label is marked on the encapsulation header of the data packet.
Step S12, encapsulate the data message, and determine its IP address.
Step S2, constructing a signaling bearing channel between the converged non-access stratum and the converged gateway.
And step S21, acquiring the IP address of the convergence gateway through the first network, and establishing the IP encryption tunnel based on the longitudinal encryption equipment with the convergence gateway through the first network.
In this embodiment, the vertical encryption device is provided with three levels of key management: the main secret key, the equipment public and private keys and the working secret key exchange the secret keys of the two parties through local and remote longitudinal encryption, the working secret key generated in real time is encrypted and transmitted through an RSA or SM2 algorithm, the two parties generating secret key synchronization firstly verify the identity mutually, after the secret keys are matched, a tunnel is successfully established, a required IP packet filtering strategy is configured, and the ciphertext communication of the message is realized.
Step S22, the converged non-access layer protocol is transmitted to the converged gateway through the IP encryption tunnel, so that the converged gateway transmits the converged non-access layer protocol to the second network converged networking slice, and the establishment of the signaling bearer channel between the converged non-access layer and the converged gateway is completed.
In this embodiment, the first network is a WI-FI network, and the second network is a 5G network.
Therefore, the specific method for constructing the signaling bearer channel between the converged non-access stratum and the converged gateway is as follows:
and acquiring the IP address of the convergence gateway through Wi-Fi, establishing an IP encryption tunnel with the convergence gateway through the Wi-Fi, and transmitting a convergence non-access layer protocol to the convergence gateway through the IP encryption tunnel, so that the convergence gateway transmits the convergence non-access layer protocol to a 5G network convergence networking slice, and the establishment of a signaling bearer channel between the convergence non-access layer and the convergence gateway is completed.
Based on the prior art, the Wi-Fi network is accessed to the 5G core network to realize the fusion networking of the Wi-Fi and the 5G mobile network, so that the load pressure of the 5G core network is overlarge, and the service access rate is influenced; the application provides a method for service access, which is used for solving the technical problem;
a Non-access stratum (NAS) exists in a radio communication protocol stack of UMTS, and serves as a functional layer between a core network and user equipment, and the NAS supports signaling and data transmission between the core network and the user equipment, where the mentioned converged Non-access stratum is a terminal side running a Non-access stratum signaling protocol instance, and can be used to implement Wi-Fi access to a 5G converged networking slice;
the convergence gateway is provided with a data interface connected with a data network and is used for realizing interconnection of a Wi-Fi network and a 5G network with the data network, so that a dual-mode terminal (Wi-Fi +5G) can initiate service access to the data network through a service bearing channel and the convergence gateway;
the signalling bearer channels mentioned here are used to support the transmission of signalling, and the transfer of any actual application information between the communication equipments is always accompanied by the transfer of control information, which works according to a given communication protocol, to transfer the application information safely, reliably and efficiently to the destination, which is called signalling in the telecommunication network, which allows program-controlled exchanges, network databases, other "intelligent" nodes in the network to exchange the following relevant information: call setup, monitoring, teardown, information required for distributed application processes (queries/responses between processes or user-to-user data), network management information. Signaling is the control signals required to ensure normal communications in a wireless communication system for rank-ordered operation throughout the network in addition to transmitting user information.
And step S3, transmitting the encapsulated data through the signaling bearer channel.
And step S4, authenticating the converged non-access stratum.
And step S41, registering the converged non-access stratum in the second network networking slice through a signaling bearer channel and a converged gateway.
And step S42, verifying the converged non-access stratum in the second network networking slice.
In this embodiment, the second network networking slice is a 5G fusion networking slice, specifically, network resources are flexibly allocated and networked as needed, a plurality of mutually isolated logic subnets with different characteristics are virtualized based on a 5G network, each end-to-end network slice is formed by combining a wireless network, a transmission network and a core network, and is uniformly managed by an end-to-end slice management system; the method and the system realize the isolation from the original 5G service by the butt joint of the fusion gateway and the independent 5G fusion networking slice.
Step S5, a service bearer channel is established with the convergence gateway.
The service bearer channel mentioned in this embodiment is used to implement transmission of service data between the terminal and the convergence gateway, where the service data is data generated in a service processing process, for example, voice data in a call process, video data in a video process, and the like, are all sent to the convergence gateway by the terminal through the service bearer channel.
Based on the technical scheme, when no 5G signal exists and only a Wi-Fi signal exists, the embodiment of the application can acquire the IP address of the convergence gateway through the Wi-Fi network and establish an IP security tunnel with the convergence gateway through the Wi-Fi access point; and transmitting the converged non-access layer protocol to the converged gateway through the IP security tunnel so that the converged gateway transmits the converged non-access layer protocol to the 5G converged networking slice, and finishing the establishment of a Wi-Fi signaling bearer channel between the converged non-access layer and the converged gateway.
In step S6, the received data is decapsulated.
And step S7, performing two-layer network forwarding on the decapsulated data.
Step S71, find out the MAC entry matching the VNI tag and the destination MAC address of the decapsulated data packet from the local MAC table.
And step S72, according to the decapsulated data message, the destination MAC address is a broadcast MAC address, and the destination IP address is a broadcast IP address.
Step S73, determining the broadcast data message after de-encapsulation to perform two-layer multicast forwarding, wherein the multicast and IP message steps are the same.
And step S8, matching the data in the item of the two-layer multicast group, and sending the matched information to the workstation.
The embodiment further provides a device for encrypting and publishing information of multiple converged gateways, which is based on a converged networking system, in this embodiment, the converged networking system includes a first network and a second network, where the device includes:
the packaging module is used for packaging data;
the signaling channel construction module is used for constructing a signaling bearing channel between the converged non-access stratum and the converged gateway;
the transmission module is used for transmitting the encapsulated data;
the authentication module is used for authenticating the fusion non-access layer;
the decapsulation module is used for decapsulating the encapsulated data;
a service bearing channel constructing module, configured to construct a service bearing channel;
the forwarding module is used for performing two-layer network forwarding on the decapsulated data;
and the matching module is used for matching the data in the two-layer multicast group table entry.
It should be understood that, for technical terms that are not noun-explained in the above, a person skilled in the art can deduce and unambiguously determine the meaning of the reference according to the above disclosure, for example, for terms such as some thresholds and coefficients, a person skilled in the art can deduce and determine according to the logical relationship before and after, and the value range of these values can be selected according to the actual situation, for example, 0.1 to 1, for example, 1 to 10, for example, 50 to 100, and is not limited herein.
The skilled person can determine some preset, reference, predetermined, set and preference labels of technical features/technical terms, such as threshold, threshold interval, threshold range, etc., without any doubt according to the above disclosure. For some technical characteristic terms which are not explained, the technical solution can be clearly and completely implemented by those skilled in the art by reasonably and unambiguously deriving the technical solution based on the logical relations in the previous and following paragraphs. The prefixes of unexplained technical feature terms, such as "first," "second," "example," "target," and the like, may be unambiguously derived and determined from the context. Suffixes of technical feature terms not explained, such as "set", "list", etc., can also be derived and determined unambiguously from the preceding and following text.
The above disclosure of the embodiments of the present application will be apparent to those skilled in the art from the above disclosure. It should be understood that the process of deriving and analyzing technical terms, which are not explained, by those skilled in the art based on the above disclosure is based on the contents described in the present application, and thus the above contents are not an inventive judgment of the overall scheme.
Having thus described the basic concept, it will be apparent to those skilled in the art that the foregoing detailed disclosure is to be considered merely illustrative and not restrictive of the broad application. Various modifications, improvements and adaptations to the present application may occur to those skilled in the art, although not explicitly described herein. Such modifications, improvements and adaptations are proposed in the present application and thus fall within the spirit and scope of the exemplary embodiments of the present application.
Also, this application uses specific terminology to describe embodiments of the application. Reference throughout this specification to "one embodiment," "an embodiment," and/or "some embodiments" means that a particular feature, structure, or characteristic described in connection with at least one embodiment of the present application is included in at least one embodiment of the present application. Therefore, it is emphasized and should be appreciated that two or more references to "an embodiment" or "one embodiment" or "an alternative embodiment" in various portions of this specification are not necessarily to the same embodiment. Furthermore, some features, structures, or characteristics of at least one embodiment of the present application may be combined as appropriate.
In addition, those skilled in the art will recognize that the various aspects of the application may be illustrated and described in terms of several patentable species or contexts, including any new and useful combination of procedures, machines, articles, or materials, or any new and useful modifications thereof. Accordingly, various aspects of the present application may be embodied entirely in hardware, entirely in software (including firmware, resident software, micro-code, etc.) or in a combination of hardware and software. The above hardware or software may be referred to as a "unit", "component", or "system". Furthermore, aspects of the present application may be represented as a computer product, including computer readable program code, embodied in at least one computer readable medium.
A computer readable signal medium may comprise a propagated data signal with computer program code embodied therein, for example, on a baseband or as part of a carrier wave. The propagated signal may take any of a variety of forms, including electromagnetic, optical, and the like, or any suitable combination. A computer readable signal medium may be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code on a computer readable signal medium may be propagated over any suitable medium, including radio, electrical cable, fiber optic cable, RF, or the like, or any combination of the preceding.
Computer program code required for the execution of aspects of the present application may be written in any combination of one or more programming languages, including object oriented programming, such as Java, Scala, Smalltalk, Eiffel, JADE, Emerald, C + +, C #, VB.NET, Python, and the like, or similar conventional programming languages, such as the "C" programming language, Visual Basic, Fortran 2003, Perl, COBOL 2002, PHP, ABAP, dynamic programming languages, such as Python, Ruby, and Groovy, or other programming languages. The programming code may execute entirely on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the latter scenario, the remote computer may be connected to the user's computer through any network format, such as a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet), or in a cloud computing environment, or as a service, such as a software as a service (SaaS).
Additionally, the order of the process elements and sequences described herein, the use of numerical letters, or other designations are not intended to limit the order of the processes and methods unless otherwise indicated in the claims. While various presently contemplated embodiments of the invention have been discussed in the foregoing disclosure by way of example, it should be understood that such detail is solely for that purpose and that the appended claims are not limited to the disclosed embodiments, but, on the contrary, are intended to cover all modifications and equivalent arrangements that are within the spirit and scope of the embodiments herein. For example, although the system components described above may be implemented by hardware means, they may also be implemented by software-only solutions, such as installing the described system on an existing server or mobile device.
It should also be appreciated that in the foregoing description of embodiments of the present application, various features are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure aiding in the understanding of at least one embodiment of the invention. However, this method of disclosure is not intended to require more features than are expressly recited in the claims. Indeed, the embodiments may be characterized as having less than all of the features of a single embodiment disclosed above.
Claims (10)
1. A multi-convergence gateway information encryption release method is characterized in that based on a convergence networking system, the convergence networking system comprises a first network and a second network, and the method comprises the following steps:
packaging the data;
constructing a signaling bearing channel between a fusion non-access layer and a fusion gateway;
transmitting the encapsulated data through the signaling bearer channel;
authenticating the converged non-access stratum;
after the authentication is passed, a service bearing channel between the fusion gateway and the service gateway is established;
decapsulating the received data;
carrying out two-layer network forwarding on the decapsulated data;
and matching the data in the two-layer multicast group list item, and sending the matched information to the workstation.
2. The multi-convergence gateway information encryption and release method according to claim 1, wherein the authentication of the convergence non-access stratum layer comprises the following specific methods:
and verifying the converged non-access stratum at a second network networking slice.
3. The method for encrypting and publishing the information of the multiple converged gateways according to claim 1, wherein the step of constructing the signaling bearer channel between the converged non-access stratum and the converged gateway comprises the steps of:
acquiring the IP address of the convergence gateway through a first network, and establishing an IP encryption tunnel with the convergence gateway through the first network; and transmitting a converged non-access stratum protocol to the converged gateway through the IP encryption tunnel so that the converged gateway transmits the converged non-access stratum protocol to the second network converged networking slice, and finishing the establishment of a signaling bearer channel between the converged non-access stratum and the converged gateway.
4. The multi-convergence gateway information encryption distribution method according to claim 2, wherein the establishment of the IP encryption tunnel comprises an IP encryption tunnel established through a vertical encryption device.
5. The multi-convergence gateway information encryption release method according to claim 1, further comprising, before authenticating the convergence non-access stratum layer: and registering the converged non-access stratum through the signaling bearer channel and the converged gateway.
6. The method for encrypting and publishing the information of the multi-convergence gateway according to claim 2, wherein before verifying the convergence non-access stratum of the second network networking slice, the method further comprises: and registering the converged non-access stratum in the second network networking slice through the signaling bearer channel and the converged gateway.
7. The multi-convergence gateway information encryption distribution method according to claim 4, wherein the vertical encryption device has three levels of key management: the main secret key, the equipment public and private keys and the working secret key exchange the secret keys of the two parties through local and remote longitudinal encryption, the working secret key generated in real time is encrypted and transmitted through an RSA or SM2 algorithm, the two parties generating secret key synchronization firstly verify the identity mutually, after the secret keys are matched, a tunnel is successfully established, a required IP packet filtering strategy is configured, and the ciphertext communication of the message is realized.
8. The information encryption and distribution method for multiple converged gateways according to claim 1, further comprising the following specific methods before the data is split-packaged:
and marking a Virtual Network Identification (VNI) label on an encapsulation head of the data message.
9. The method according to claim 1, wherein the two-layer network forwarding comprises: and finding an MAC table item matched with the VNI label and the destination MAC address of the decapsulated data message from a local MAC table, and determining that the decapsulated broadcast data message is subjected to two-layer multicast forwarding according to the fact that the destination MAC address of the decapsulated data message is a broadcast MAC address and the destination IP address is a broadcast IP address, wherein the multicast and the IP message have the same steps.
10. The utility model provides a many convergence gateway information encryption issue device which characterized in that, based on convergence networking system, convergence networking system includes first network and second network, the device includes:
the packaging module is used for packaging data;
the signaling channel construction module is used for constructing a signaling bearing channel between the fusion non-access layer and the fusion gateway;
the transmission module is used for transmitting the encapsulated data;
the authentication module is used for authenticating the fusion non-access layer;
the decapsulation module is used for decapsulating the encapsulated data;
a service bearing channel constructing module, configured to construct a service bearing channel;
the forwarding module is used for performing two-layer network forwarding on the decapsulated data;
and the matching module is used for matching the data in the two-layer multicast group table entry.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210076316.3A CN114465788A (en) | 2022-01-24 | 2022-01-24 | Multi-fusion gateway information encryption publishing method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210076316.3A CN114465788A (en) | 2022-01-24 | 2022-01-24 | Multi-fusion gateway information encryption publishing method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114465788A true CN114465788A (en) | 2022-05-10 |
Family
ID=81411442
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210076316.3A Pending CN114465788A (en) | 2022-01-24 | 2022-01-24 | Multi-fusion gateway information encryption publishing method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114465788A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116248969A (en) * | 2022-12-30 | 2023-06-09 | 北京航天控制仪器研究所 | Video transmission system and method for multi-network system fusion |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101547132A (en) * | 2008-03-25 | 2009-09-30 | 华为技术有限公司 | Method, system and device for establishing data forwarding tunnel |
| CN103428220A (en) * | 2013-08-23 | 2013-12-04 | 中国人民解放军理工大学 | Virtual reconstruction ubiquitous network architecture based on identity-position separation |
| US20170244705A1 (en) * | 2016-02-18 | 2017-08-24 | Electronics And Telecommunications Research Institute | Method of using converged core network service, universal control entity, and converged core network system |
| CN107294711A (en) * | 2017-07-11 | 2017-10-24 | 国网辽宁省电力有限公司 | A kind of power information Intranet message encryption dissemination method based on VXLAN technologies |
| CN107426346A (en) * | 2017-07-06 | 2017-12-01 | 浙江宇视科技有限公司 | A kind of two layer message passes through safely the method and system of three-layer network |
| CN110913394A (en) * | 2019-11-27 | 2020-03-24 | 成都西加云杉科技有限公司 | Service access method, device, equipment and readable storage medium |
| CN111698245A (en) * | 2020-06-10 | 2020-09-22 | 成都国泰网信科技有限公司 | VxLAN security gateway and two-layer security network construction method based on state cryptographic algorithm |
-
2022
- 2022-01-24 CN CN202210076316.3A patent/CN114465788A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101547132A (en) * | 2008-03-25 | 2009-09-30 | 华为技术有限公司 | Method, system and device for establishing data forwarding tunnel |
| CN103428220A (en) * | 2013-08-23 | 2013-12-04 | 中国人民解放军理工大学 | Virtual reconstruction ubiquitous network architecture based on identity-position separation |
| US20170244705A1 (en) * | 2016-02-18 | 2017-08-24 | Electronics And Telecommunications Research Institute | Method of using converged core network service, universal control entity, and converged core network system |
| CN107426346A (en) * | 2017-07-06 | 2017-12-01 | 浙江宇视科技有限公司 | A kind of two layer message passes through safely the method and system of three-layer network |
| CN107294711A (en) * | 2017-07-11 | 2017-10-24 | 国网辽宁省电力有限公司 | A kind of power information Intranet message encryption dissemination method based on VXLAN technologies |
| CN110913394A (en) * | 2019-11-27 | 2020-03-24 | 成都西加云杉科技有限公司 | Service access method, device, equipment and readable storage medium |
| CN111698245A (en) * | 2020-06-10 | 2020-09-22 | 成都国泰网信科技有限公司 | VxLAN security gateway and two-layer security network construction method based on state cryptographic algorithm |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116248969A (en) * | 2022-12-30 | 2023-06-09 | 北京航天控制仪器研究所 | Video transmission system and method for multi-network system fusion |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107294711B (en) | Power information intranet message encryption issuing method based on VXLAN technology | |
| EP1556990B1 (en) | Bridged cryptographic vlan | |
| CN101867530B (en) | Things-internet gateway system based on virtual machine and data interactive method | |
| CN102377629B (en) | Method and device for communicating with server in IMS (IP multimedia subsystem) core network by using terminal to pass through private network as well as network system | |
| CN101917272B (en) | Secret communication method and system among neighboring user terminals | |
| US20080198863A1 (en) | Bridged Cryptographic VLAN | |
| US7280520B2 (en) | Virtual wireless local area networks | |
| CN104619040A (en) | Method and system for quickly connecting WIFI equipment | |
| CN104168173A (en) | Method and device for terminal to achieve private network traversal to be in communication with server in IMS core network and network system | |
| CN109474507B (en) | Message forwarding method and device | |
| CN103188351A (en) | IPSec VPN communication service processing method and system under IPv6 environment | |
| CN101641935A (en) | Power distribution system secure access communication system and method | |
| CN110300108A (en) | A kind of power distribution automation message encryption transmission method, system, terminal and storage medium | |
| CN107786974A (en) | The method and system that cell phone application communicates with equipment safety in a kind of LAN | |
| Zhou et al. | Efficient application of GPRS and CDMA networks in SCADA system | |
| CN111342952B (en) | Safe and efficient quantum key service method and system | |
| CN114727291A (en) | Local distribution system, method, device, network equipment and storage medium | |
| CN108092969A (en) | The system and method for Intelligent Mobile Robot acquisition image access electric power Intranet | |
| CN104038931B (en) | Adapted electrical communication system and its communication means based on LTE network | |
| CN104954339B (en) | A kind of power emergency repair remote communication method and system | |
| CN114465788A (en) | Multi-fusion gateway information encryption publishing method and device | |
| CN105228144B (en) | Cut-in method, apparatus and system based on temporary MAC address | |
| CN103167489B (en) | The wireless public network means of communication with security protection in electric power system | |
| CN116546011A (en) | Intelligent substation business data braiding method based on multi-access edge computing technology | |
| CN115714780A (en) | Alliance chain self-discovery method based on cross-multi-union chain and multi-relay chain |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |