CN115549895A

CN115549895A - Encryption transmission method and device

Info

Publication number: CN115549895A
Application number: CN202110732933.XA
Authority: CN
Inventors: 冯超; 付扬; 龚兆明
Original assignee: HiSilicon Technologies Co Ltd
Current assignee: HiSilicon Technologies Co Ltd
Priority date: 2021-06-29
Filing date: 2021-06-29
Publication date: 2022-12-30
Also published as: WO2023273712A1

Abstract

The application provides an encryption transmission method and device, which can solve the problem that part of service data carried by an ODUk frame cannot be encrypted independently in an OTN. The method comprises the following steps: and encrypting the plurality of data in one encryption period one by one according to the encryption and decryption control information. A plurality of optical service unit OSU frames are transmitted. Each OSU frame carries encrypted data, and a plurality of OSU frames carry indication information of encryption and decryption control information. The method for encrypted transmission can be executed by a sending end. Based on the method, the sending end can encrypt a plurality of OSU frames in one encryption period and send the OSU frames. When a plurality of OSU frames are encrypted, a sending end may map the plurality of encrypted OSU frames into an ODUk frame, so as to use the ODUk frame to carry the plurality of encrypted OSU frames. In other words, the sending end can encrypt part of service data carried by the ODUk frame separately, so as to improve data security.

Description

Encryption transmission method and device

Technical Field

The present application relates to the field of communications, and in particular, to an encryption transmission method and apparatus.

Background

In an Optical Transport Network (OTN), an optical data unit k (ODUk) frame is used to carry service data of a plurality of different users. The sending end can encrypt the ODUk frame, so that the data security is improved.

At present, when an ODUk frame is encrypted, a sending end can encrypt all service data carried by the ODUk frame, but cannot individually encrypt part of the service data carried by the ODUk frame, and data security is still poor.

Disclosure of Invention

The embodiment of the application provides an encryption transmission method and an encryption transmission device, which can solve the problem that part of service data carried by an ODUk frame cannot be encrypted independently in an OTN.

In order to achieve the purpose, the following technical scheme is adopted in the application:

in a first aspect, an encrypted transmission method is provided. The encryption transmission method comprises the following steps: and encrypting the plurality of data in one encryption period one by one according to the encryption and decryption control information. A plurality of optical service unit OSU frames are transmitted. Each OSU frame carries encrypted data, and a plurality of OSU frames carry indication information of encryption and decryption control information.

It should be noted that the encryption transmission method described in the first aspect may be executed by a sending end, where the sending end may be an OTN device, may also be a chip (system) or other component or assembly that may be disposed in the OTN device, and may also be a device that includes the OTN device, which is not limited in this application.

Based on the encryption transmission method in the first aspect, the sending end can encrypt a plurality of OSU frames in an encryption period and send the plurality of OSU frames. When a plurality of OSU frames are encrypted, a sending end may map the plurality of encrypted OSU frames into an ODUk frame, so as to use the ODUk frame to carry the plurality of encrypted OSU frames. In other words, the sending end can encrypt part of service data carried by the ODUk frame separately, so as to improve data security.

In a possible design, the encrypting the plurality of data in one encryption cycle one by one according to the encryption and decryption control information may include: and generating a plurality of cipher blocks according to the encryption and decryption control information. The total number M of bits of the plurality of cipher blocks is greater than or equal to the total number N of bits of the plurality of data, and both M and N can be positive integers. The plurality of data is bitwise encrypted using N bits of the plurality of cipher blocks. In other words, the sending end can also generate as few cipher blocks as possible on the premise of ensuring that the total number M of bits of the generated cipher blocks is greater than or equal to the total number N of bits of the plurality of data, so as to improve the encryption efficiency. Moreover, the sending end can encrypt a plurality of data by using the password blocks with the same length as the plurality of data, thereby avoiding wasting the password blocks, reducing the number of generated password blocks, further reducing the processing time and further improving the encryption efficiency.

Optionally, the bitwise encrypting the plurality of data using the N bits of the plurality of cipher blocks may include: an ith bit of the plurality of data is encrypted using an ith bit of the N bits. Wherein i can be a positive integer, and i is less than or equal to N. In this way, a mode of encrypting a plurality of data by using N bits in a plurality of cipher blocks can be provided to implement individual encryption of a plurality of OSU frames carried by ODUk frames, so as to further improve data security.

In a possible design, the encrypted transmission method according to the first aspect may further include: and sending switching indication information to a receiving end. The switching indication information is used to indicate a key of a next key cycle, and the key cycle may include a plurality of encryption cycles. In other words, the synchronous key switching between the sending end and the receiving end can be realized through the switching indication information. Therefore, each time, such as one or more encryption periods, the key can be synchronously switched between the sending end and the receiving end, so that the same plaintext block is prevented from being encrypted into the same ciphertext block all the time, and the data security is improved.

Optionally, before sending the handover indication information to the receiving end, the encrypted transmission method according to the first aspect may further include: and sending the key switching request information to a receiving end. The key switching request information is used for indicating a receiving end to feed back key switching confirmation information. And receiving key switching confirmation information from the receiving end. The key switching confirmation information is used for indicating the sending end to send switching indication information. Therefore, before the sending end sends the switching indication information to the receiving end, the sending end and the receiving end can confirm whether the communication between the sending end and the receiving end is normal or not by using the key switching request information and the key switching confirmation information, and the condition that the sending end and the receiving end do not synchronously switch the key is avoided, so that the key can be synchronously switched between the sending end and the receiving end, and the data safety is further improved.

Optionally, after sending the handover indication information to the receiving end, the encrypted transmission method according to the first aspect may further include: and receiving key switching completion information from the receiving end. The key switching completion information is used for indicating the receiving end to complete key switching. Therefore, the sending end can judge whether the receiving end completes the key synchronous switching according to the key switching completion information, so that the synchronous key switching between the sending end and the receiving end is ensured, and the data security is improved.

In one possible design, the plurality of OSU frames carry authentication information, which is determined by the encryption/decryption control information and the plurality of encrypted data. Therefore, the receiving end can judge whether the encrypted data is tampered in the transmission process according to the authentication information so as to realize data integrity check and further improve data security.

In a second aspect, an encrypted transmission method is provided. The encryption transmission method comprises the following steps: a plurality of OSU frames within an encryption period are received. Each OSU frame carries encrypted data, and the OSU frames carry indication information which is used for indicating encryption and decryption control information. And decrypting the plurality of encrypted data one by one according to the encryption and decryption control information.

It should be noted that the encrypted transmission method described in the second aspect may be executed by a receiving end, where the receiving end may be an OTN device, may also be a chip (system) or other component or assembly that may be disposed in the OTN device, and may also be a device that includes the OTN device, which is not limited in this application.

In one possible design, the decrypting the plurality of encrypted data one by one according to the encryption and decryption control information may include: and generating a plurality of cipher blocks according to the encryption and decryption control information. The total number M of bits of the plurality of cipher blocks is greater than or equal to the total number N of bits of the plurality of encrypted data, and both M and N can be positive integers. The plurality of encrypted data is bitwise decrypted using the N bits of the plurality of cipher blocks.

Optionally, the bit-wise decrypting the plurality of encrypted data by using the N bits in the plurality of cipher blocks may include: the ith bit of the plurality of encrypted data is decrypted using the ith bit of the N bits. Wherein i can be a positive integer, and i is less than or equal to N.

In one possible design, the encrypted transmission method according to the second aspect may further include: receiving switching indication information from a transmitting end. The switching indication information is used to indicate a key of a next key cycle, and the key cycle may include a plurality of encryption cycles.

Optionally, before receiving the handover indication information from the sending end, the encrypted transmission method according to the second aspect may further include: and receiving key switching request information from the sending end and sending key switching confirmation information to the sending end. The key switching request information is used for indicating a receiving end to feed back key switching confirmation information, and the key switching confirmation information is used for indicating a sending end to send switching indication information.

Optionally, after receiving the handover indication information from the transmitting end, the encrypted transmission method according to the second aspect may further include: and sending key switching completion information to the sending end. The key switching completion information is used for indicating the receiving end to complete key switching.

In one possible design, multiple OSU frames carry authentication information. Wherein the authentication information is determined by the encryption/decryption control information and the plurality of encrypted data.

In addition, for technical effects of the encryption transmission method according to the second aspect, reference may be made to technical effects of the encryption transmission method according to the first aspect, which are not described herein again.

In a third aspect, an encrypted transmission apparatus is provided. The encryption transmission device includes: a processing module and a transceiver module. The processing module is used for encrypting a plurality of data in an encryption period one by one according to the encryption and decryption control information. And the transceiver module is used for transmitting a plurality of OSU frames. Each OSU frame carries encrypted data, and a plurality of OSU frames carry indication information of encryption and decryption control information.

In a possible design, the processing module is further configured to generate a plurality of cipher blocks according to the encryption and decryption control information. The total number M of bits of the plurality of cipher blocks is greater than or equal to the total number N of bits of the plurality of data, and both M and N can be positive integers. The processing module is further configured to encrypt the plurality of data bitwise using the N bits of the plurality of cipher blocks.

Optionally, the processing module is further configured to encrypt an ith bit of the plurality of data using an ith bit of the N bits. Wherein i can be a positive integer, and i is less than or equal to N.

In a possible design, the transceiver module is further configured to send handover indication information to the receiving end. The switching indication information is used to indicate a key of a next key cycle, and the key cycle may include multiple encryption cycles.

Optionally, the transceiver module is further configured to send the key switching request message to the receiving end. The key switching request information is used for indicating a receiving end to feed back key switching confirmation information. The receiving and sending module is also used for receiving the key switching confirmation information from the receiving end. Wherein the key switching confirmation information is used to instruct the encryption transmission apparatus described in the third aspect to send switching instruction information.

Optionally, the transceiver module is further configured to receive key switch completion information from the receiving end. The key switching completion information is used for indicating the receiving end to complete key switching.

In one possible design, the OSU frames carry authentication information, and the authentication information is determined by the encryption/decryption control information and the plurality of encrypted data.

Optionally, the transceiver module may include a receiving module and a transmitting module. The sending module is used for realizing the sending function of the encryption transmission device, and the receiving module is used for realizing the receiving function of the encryption transmission device.

Optionally, the encryption transmission apparatus according to the third aspect may further include a storage module, where the storage module stores a program or an instruction. When the processing module executes the program or the instructions, the encryption transmission apparatus is caused to execute the encryption transmission method described in the first aspect.

It should be noted that, the encryption transmission apparatus described in the third aspect may be an OTN device, may also be a chip (system) or other component or assembly that may be disposed on the OTN device, and may also be an apparatus that includes the OTN device, which is not limited in this application.

In addition, for technical effects of the encryption transmission apparatus according to the third aspect, reference may be made to technical effects of the encryption transmission method according to the first aspect, and details are not repeated here.

In a fourth aspect, an encrypted transmission apparatus is provided. The encryption transmission device includes: a processing module and a transceiver module. The transceiver module is used for receiving a plurality of OSU frames in an encryption period. Each OSU frame carries encrypted data, and the OSU frames carry indication information which is used for indicating encryption and decryption control information. And the processing module is used for decrypting the plurality of encrypted data one by one according to the encryption and decryption control information.

In a possible design, the processing module is further configured to generate a plurality of cipher blocks according to the encryption and decryption control information. The total number M of bits of the plurality of cipher blocks is greater than or equal to the total number N of bits of the plurality of encrypted data, and both M and N can be positive integers. And the processing module is also used for decrypting the plurality of encrypted data according to bits by using the N bits in the plurality of cipher blocks.

Optionally, the processing module is further configured to decrypt an ith bit in the plurality of encrypted data by using the ith bit in the N bits. Wherein i can be a positive integer, and i is less than or equal to N.

In a possible design, the transceiver module is further configured to receive handover indication information from the sending end. The switching indication information is used to indicate a key of a next key cycle, and the key cycle may include a plurality of encryption cycles.

Optionally, the transceiver module is further configured to receive key switch request information from the sending end. Wherein the key switching request information is used to instruct the encryption transmission apparatus described in the fourth aspect to feed back the key switching confirmation information. And the transceiver module is also used for sending the key switching confirmation information to the sending end. The key switching confirmation information is used for indicating the sending end to send switching indication information.

Optionally, the transceiver module is further configured to send key switch completion information to the sending end. Wherein the key switch completion information is used to instruct the encryption transmission apparatus according to the fourth aspect to complete key switch.

In one possible design, the plurality of OSU frames carry authentication information, which is determined by the encryption/decryption control information and the plurality of encrypted data.

Optionally, the encryption transmission apparatus according to the fourth aspect may further include a storage module, where the storage module stores a program or an instruction. When the processing module executes the program or the instructions, the encryption transmission apparatus is caused to execute the encryption transmission method described in the second aspect.

It should be noted that the encryption transmission apparatus in the fourth aspect may be an OTN device, may also be a chip (system) or other component or assembly that may be disposed on the OTN device, and may also be an apparatus that includes the OTN device, which is not limited in this application.

In addition, for technical effects of the encryption transmission apparatus according to the fourth aspect, reference may be made to technical effects of the encryption transmission method according to the second aspect, and details are not repeated here.

In a fifth aspect, an encryption transmission apparatus is provided. The encryption transmission device includes: a processor coupled to a memory, the memory for storing a computer program; the processor is configured to execute the computer program stored in the memory, so that the encryption transmission apparatus executes the encryption transmission method described in any one of the possible implementation manners of the first aspect and the second aspect.

In a possible design, the encryption transmission apparatus according to the fifth aspect may further include a transceiver. The transceiver may be a transceiver circuit or an input/output interface. The transceiver may be used for the encrypted transmission means to communicate with other encrypted transmission means.

In this application, the encryption transmission apparatus according to the fifth aspect may be an OTN device, or a chip system disposed inside the OTN device.

The technical effect of the encryption transmission apparatus according to the fifth aspect may refer to the technical effect of the encryption transmission method according to any one of the possible implementation manners of the first aspect or the second aspect, and is not described herein again.

In a sixth aspect, a processor is provided. Wherein the processor is configured to execute the encrypted transmission method described in any one of the possible implementations of the first aspect or the second aspect.

In a seventh aspect, an encrypted transmission system is provided. The encryption transmission system comprises a sending end and a receiving end. The sending end is configured to execute the encryption transmission method described in any possible implementation manner in the first aspect, and the receiving end is configured to execute the encryption transmission method described in any possible implementation manner in the second aspect.

In an eighth aspect, a computer-readable storage medium is provided. The computer readable storage medium includes a computer program or instructions. The computer program or the instructions, when executed on a computer, cause the computer to perform the encrypted transmission method according to any one of the possible implementations of the first aspect or the second aspect.

In a ninth aspect, a computer program product is provided, the computer program product comprising a computer program or instructions. The computer program or the instructions, when executed on a computer, cause the computer to perform the encrypted transmission method according to any one of the possible implementations of the first aspect or the second aspect.

Drawings

Fig. 1 is a schematic diagram of a network architecture according to an embodiment of the present application;

fig. 2 is a schematic diagram of a hardware structure of an OTN device according to an embodiment of the present application;

fig. 3 is a schematic diagram of a frame structure of an OTUk frame when k ≠ Cn, which is provided in the embodiment of the present application;

fig. 4 is a schematic structural diagram of an OSU frame provided in the embodiment of the present application;

fig. 5 is a schematic diagram of CTR mode encrypted data using AES according to an embodiment of the present application;

fig. 6 is a schematic diagram of decrypting data using a CTR mode of AES according to an embodiment of the present application;

FIG. 7 is a diagram of a key expansion and round-robin key provided in an embodiment of the present application;

FIG. 8 is a diagram illustrating a GCM mode encryption scheme using AES according to an embodiment of the present disclosure;

fig. 9 is a schematic flowchart of a procedure for performing ciphertext authentication by a sending end in a GCM mode according to an embodiment of the present application;

fig. 10 is a schematic flowchart of an encryption transmission method according to an embodiment of the present application;

fig. 11 is a schematic diagram of encrypting the payload of 256 consecutive OSU frames using multiple cipher blocks according to an embodiment of the present application;

fig. 12 is a first schematic diagram illustrating a synchronous key switching between a sending end and a receiving end according to an embodiment of the present application;

fig. 13 is a schematic diagram of a state machine for synchronously switching a key between a sending end and a receiving end according to an embodiment of the present application;

fig. 14 is a second schematic diagram of synchronously switching a key between a sending end and a receiving end according to the embodiment of the present application;

fig. 15 is a third schematic diagram of synchronously switching keys between a sending end and a receiving end according to the embodiment of the present application;

fig. 16 is a schematic diagram of interaction between a sending end and a receiving end according to an embodiment of the present application;

fig. 17 is a schematic flowchart of a sending end encrypting data according to an embodiment of the present application;

fig. 18 is a first schematic structural diagram of an encryption transmission apparatus according to an embodiment of the present application;

fig. 19 is a schematic structural diagram of a second encryption transmission apparatus according to an embodiment of the present application.

Detailed Description

The network architecture and the service scenario described in the embodiment of the present application are for more clearly illustrating the technical solution in the embodiment of the present application, and do not limit the technical solution provided in the embodiment of the present application. As can be known to those skilled in the art, with the evolution of network architecture and the emergence of new service scenarios, the technical solution provided in the embodiments of the present application is also applicable to similar technical problems.

The technical scheme provided by the embodiment of the application can be applied to an optical network, for example: and (3) OTN. An OTN is generally formed by connecting a plurality of OTN devices through optical fibers, and may be formed into different topology types such as linear, ring, and mesh according to specific needs.

Fig. 1 is a schematic diagram of a network architecture applicable to the embodiment of the present application. The OTN as shown in fig. 1 comprises two OTN networks (OTN network 1 and OTN network 2, respectively). Each OTN network includes a certain number of OTN devices (denoted by Nx in fig. 1, x is a positive integer), links between devices in the OTN network are intra-domain links, and links between devices in the OTN network are inter-domain links. An OTN device may have one or more functions according to actual needs. Generally, OTN devices are classified into optical layer devices, electrical layer devices, and opto-electric hybrid devices. Optical layer device refers to a device capable of processing optical layer signals, such as: optical Amplifiers (OA). An electrical layer device refers to a device capable of processing electrical layer signals, such as: apparatus capable of processing ODU signals. An opto-electric hybrid device refers to a device that has the capability to process both optical layer signals and electrical layer signals. It should be noted that, according to specific integration needs, one OTN device may integrate a plurality of different functions. The technical scheme provided by the application is suitable for OTN equipment with different forms and integration levels.

In the embodiment of the present application, a sending end refers to a device that sends service data, and a receiving end refers to a device that receives the service data from the sending end. Both the sending end and the receiving end may be OTN devices as described above. For example, if N1 in fig. 1 sends traffic data to N3, N1 is a sending end, and N3 is a receiving end. It should be noted that a sending end may also be referred to as a source end, and a receiving end may also be referred to as a sink end, which is not limited in this embodiment of the present application.

Fig. 2 shows a schematic hardware structure of an OTN device applicable to the embodiment of the present application. Specifically, an OTN device includes a power supply, a fan, an auxiliary board, and may further include a support board, a circuit board, a cross board, and a system control and communication board, where the circuit board may also include an optical layer processing board. It should be noted that the type and number of plates specifically contained in each device may vary according to specific needs. For example, a network device that is a core node may not have a tributary board. A network device that is an edge node may have multiple tributary boards. The power supply is used for supplying power to the OTN device, and may include an active power supply and a standby power supply. The fan is used for radiating heat for the equipment. The auxiliary single board is used for providing an external alarm or accessing an external clock and other auxiliary functions. The tributary boards, cross-boards and line boards are mainly used for processing electrical layer signals of the OTN (hereinafter referred to as OTN frames). The branch board is used for receiving and transmitting various service data, such as Synchronous Digital Hierarchy (SDH) service, packet service, ethernet service, and forwarding service.

Further, the branch board may be divided into a user-side light module and a signal processor. The subscriber-side optical module may be an optical transceiver for receiving and/or transmitting subscriber signals. The signal processor is used for realizing mapping and de-mapping processing of user signals to OTN frames. The cross board is used for realizing the switching of the OTN frames and completing the switching of one or more types of OTN frames. The circuit board mainly realizes the processing of the OTN frame at the line side. Specifically, the wiring board may be divided into a line side optical module and a signal processor. The line side optical module may be a line side optical transceiver for receiving and/or transmitting an OTN frame. The signal processor is used for realizing multiplexing and de-multiplexing or mapping and de-mapping processing of OTN frames at the line side. The system control and communication single board is used for realizing system control and communication. Specifically, information may be collected from different boards through a backplane, or a control instruction may be sent to a corresponding board.

Unless otherwise specified, a specific component (e.g., a bypass board) may be one or more, and the present application is not limited in any way. It should be noted that, in the embodiments of the present application, the types of the single boards included in the device, and the specific functional designs and numbers of the single boards are not limited.

In order to make the present application more clearly understood, some of the terms and techniques used in the examples of the present application are briefly described below.

1. Service data

The service data refers to services that the OTN can carry, and for example, the services may be ethernet services, packet services, wireless backhaul services, and the like.

2、OTN

In the OTN, a sending end may map service data of a user to a payload (payload) of an Optical Service Unit (OSU) frame, and add an OSU Overhead (OH) to the payload of the OSU frame to obtain an OSU frame. Then, the OSU frame is mapped into the payload of an optical payload unit k (OPUk) frame, and then OPUk overhead and optical data unit k (ODUk) overhead are added to the payload of the OPUk frame, so as to obtain an ODUk frame. Next, an optical transport unit k (OTUk) overhead and the like are added to the ODUk frame, and an OTUk frame is obtained. And finally, the transmitting end transmits the OTUk frame to the receiving end. The above payload may also be referred to as a payload region and the overhead may also be referred to as an overhead region.

Where K can be 0, 1, 2, 3, 4, cn, and flex. When k takes different values, the bit rate (i.e., transmission rate) of the OTUk frame is different. Specifically, k =0, 1, 2, 3, 4, cn, and flex respectively represent bit rates of 1.25 gigabits (Gbit)/second(s), 2.5Gbit/s, 10Gbit/s, 40Gbit/s, 100Gbit/s, n 100Gbit/s, and n 1.25Gbit/s (n ≧ 2). For example, the bit rate of the OTU2 frame is 10Gbit/s, and the bit rate of the OTU4 frame is 100Gbit/s. It should be noted that the above mentioned bit rates are approximate values. For example, the more accurate bit rate for the OPU4 frame is 104.35597533Gbit/s. Other examples are not listed.

Exemplarily, fig. 3 shows a frame structure diagram of an OTUk frame when k ≠ Cn. Referring to fig. 3, an OTUk frame has 4 rows by 4080 columns. The OSU frame payload and the OSU overhead (i.e., OSU OH) constitute an OSU frame, which is mapped into the OPUk frame payload. The OPUk payload and the OPUk overhead (i.e., OPUk OH) form an OPUk frame, the OPUk frame and the ODUk overhead (i.e., ODUk OH) form an ODUk frame, and the ODUk frame, the OTUk overhead (i.e., OTUk OH), the Frame Alignment Signal (FAS), and the Forward Error Correction (FEC) check region form an OTUk frame. Specifically, in the OTUk frame, 1 to 7 columns of the 1 st row are FAS and multi-frame alignment signal (MFAS), 8 to 14 columns of the 1 st row are OTUk OH, 1 to 14 columns of the 2 nd to 4 th rows are ODUk OH, 15 to 16 columns of the 1 st to 4 th rows are OPUk OH, 17 to 3824 columns of the 1 st to 4 th rows are OPUk payload, and 3825 to 4080 columns of the 1 st to 4 th rows are FEC check areas.

Further, fig. 4 shows a schematic structural diagram of an OSU frame applicable to the embodiment of the present application. Referring to fig. 4, the osu frame includes overhead including general overhead, mapping overhead, and Cyclic Redundancy Check (CRC), and payload. The length of the OSU frame overhead is 7 bytes and the length of the OSU frame payload is 185 bytes.

The general overhead may be used to monitor and manage the service data, and the mapping overhead may represent a mapping rule used when mapping the service data to the OSU frame payload.

n consecutive OSU frames are referred to as one encryption period, n being a positive integer. In the embodiment of the present application, the value of n is not limited, for example, n =128, 256, 512, 1024, or the like. In practical applications, n is typically 256.

It should be noted that the structure of the OSU frame in the embodiment of the present application is not limited to that shown in fig. 4, the structure of the OSU frame may be adjusted according to actual requirements, and the structure is not limited in this application, and in addition, the OSU frame may also be referred to as an optical service unit frame.

In the embodiment of the present application, another OSU frame applicable to the embodiment of the present application is also provided, and in order to distinguish from the OSU frame shown in fig. 4, the another OSU frame applicable to the embodiment of the present application provided in the present embodiment may be referred to as an OSUv frame. The OSUv frame is described below in conjunction with tables 1-3.

The OSUv frame may carry Constant Bit Rate (CBR) traffic and Variable Bit Rate (VBR) traffic. The types of the OSUv frames are different according to different services borne by the OSUv frames. Specifically, the OSUv frame may include: an OSUv frame carrying CBR traffic (abbreviated CBR _ OSUv frame), an OSUv frame carrying VBR traffic (abbreviated VBR _ OSUv frame). Wherein the CBR _ OSUv frame includes: CBR frame and CBR extension (extension) frame, which may be abbreviated as CBR _ EXT frame. The VBR _ OSUv frame includes: VBR frames and VBR extension frames, which may be referred to as VBR _ EXT frames for short.

One crypto period typically comprises 1024 OSUv frames. According to different services carried by the OSUv frame, the types of the OSUv frame in one encryption period are different.

Specifically, when carrying CBR service, one encryption period includes a CBR frame and a CBR _ EXT frame, and the CBR frame and the CBR _ EXT frame are generated in a ratio of 1. In other words, the 4 consecutive OSUv frames sent by the sending end to the receiving end sequentially include 1 CBR frame and 3 CBR _ EXT frames. Therefore, if one encryption period includes 1024 OSUv frames, 256CBR frames and 768 CBR _ EXT frames are included in the encryption period.

Wherein, the overhead of the CBR _ EXT frame does not have a Path Overhead (POH). The overhead of 1 CBR frame includes: channel overhead and multiframe header. The channel overhead of a CBR frame includes: POH1 and POH2. The multiframe frame head of 1 CBR frame comprises: a 32-multiframe header (abbreviated as M32_ P1) and a 256-multiframe header (abbreviated as M256_ P1).

The consecutive 32CBR frames may be referred to as 32CBR multiframes, and the consecutive 256CBR frames may be referred to as 256CBR multiframes. POH1 of the 32CBR multiframe may constitute 1 POH1 overhead of the 32CBR multiframe, and POH2 of the 256CBR multiframe may constitute 1 POH2 overhead of the 256CBR multiframe. The M32_ P1 of the 32CBR multiframe can constitute 1 multiframe header overhead of the 32CBR multiframe, and the multiframe header overhead of the 32CBR multiframe can be used for indicating the 32CBR multiframe. The M256_ P1 of the 256CBR multi-frame may constitute 1 multi-frame header overhead of the 256CBR multi-frame, and the multi-frame header overhead of the 256CBR multi-frame may be used to indicate the 256CBR multi-frame. Moreover, the POH1 overhead of the 32CBR multiframe is synchronized with the frame header overhead of the 32CBR multiframe, and the POH2 overhead of the 256CBR multiframe is synchronized with the frame header overhead of the 256CBR multiframe, that is, the overhead of 1 32CBR multiframe includes: POH1 overhead of 1 32CBR multiframe and multiframe header overhead of 1 32CBR multiframe, overhead of 1 256CBR multiframe includes: POH2 overhead of 1 256CBR multiframes and multiframe header overhead of 1 256CBR multiframes. In addition, the 32CBR multiframe is synchronized with the 256CBR multiframe, for example, if an encryption period includes 1024 OSUv frames, the 1 st to 8 th 32CBR multiframes in the encryption period may constitute the 1 st 256CBR multiframes of the encryption period.

Illustratively, table 1 is an overhead table of CBR frames, and referring to table 1, in the overhead of CBR frames, the sizes of POH1 and POH2 are 2 bits and 1 bit, respectively, and the sizes of M32_ P1 and M256_ P1 are 1 bit. The POH1 overhead of the 32CBR multi-frame has a size of 2 × 32=64 bits, and the multi-frame header overhead of the 32CBR multi-frame has a size of 1 × 32=32 bits. The size of POH2 overhead of a 256CBR multiframe is 1 × 256=256 bits, and the size of the multiframe header overhead of a 256CBR multiframe is 1 × 256=256 bits.

For ease of understanding, herein, the POH1 overhead of the 32CBR multiframe may be simply referred to as CBR _ POH1 overhead, and the POH2 overhead of the 256CBR multiframe may be simply referred to as CBR _ POH2 overhead. If an encryption period includes 1024 OSUv frames, the encryption period includes 8M 32_ P1 and 1M 256_ P1, that is, the encryption period includes 8 CBR _ POH1 overheads and 1 CBR _ POH2 overhead.

TABLE 1

When carrying the VBR service, one encryption period comprises a VBR frame and a VBR _ EXT frame, and the VBR frame and the VBR _ EXT frame are generated according to the proportion of 1. In other words, the 4 consecutive OSUv frames sent by the sending end to the receiving end sequentially include 1 VBR frame and 1 VBR _ EXT frame. Therefore, if one encryption period includes 1024 OSUv frames, 512 VBR frames and 512 VBR _ EXT frames are included in the encryption period.

Wherein, the overhead of the VBR frame and the VBR _ EXT frame includes: channel overhead and multiframe header. The channel overhead of a VBR frame includes: POH1 and POH2. The multi-frame header of the VBR frame comprises: a 64-multiframe header (abbreviated as M64_ P2) and a 256-multiframe header (abbreviated as M256_ P2). The channel overhead of the VBR _ EXT frame comprises POH1, and the multi-frame header of the VBR _ EXT frame comprises: 64 multiframe headers.

The 64 consecutive OSUv frames include 32 VBR frames and 32 VBR _ EXT frames, that is, the 64 consecutive OSUv frames include POH1 including 32 VBR frames and POH1 including 32 VBR _ EXT frames, which are 64 POH1 in total. The 64 POH1 in these consecutive 64 OSUv frames may be referred to as 1 VBR _ POH1 overhead.

The consecutive 64VBR frames may be referred to as 64VBR multiframes, and the consecutive 256VBR frames may be referred to as 256VBR multiframes. POH2 of 256VBR multiframes can constitute 1 POH2 overhead of 256VBR multiframes. The M64_ P2 of the 64VBR multiframe may constitute 1 multiframe header overhead of the 64VBR multiframe, which may be used to indicate the 64VBR multiframe. The M256_ P2 of the 256VBR multi-frames may constitute 1 multi-frame header overhead of the 256VBR multi-frames, and the multi-frame header overhead of the 256VBR multi-frames may be used to indicate the 256VBR multi-frames. Moreover, the POH2 overhead of the 256VBR multiframes is synchronized with the header overhead of the 256VBR multiframes, that is, the overhead of 1 256VBR multiframes includes: POH2 overhead for 1 256VBR multiframe and multiframe header overhead for 1 256VBR multiframe. Specifically, if 1 encryption cycle includes 1024 OSUv frames (i.e., 1 encryption cycle includes 16 64VBR frames), the 256VBR frames correspond to 512 consecutive OSUv frames because the 64VBR frames are not synchronized with the 256VBR frames, and thus, at least 1 complete M256_ P2 exists in the encryption cycle.

Illustratively, table 2 is an overhead table of VBR frames, and referring to table 2, in the overhead of VBR frames, the sizes of POH1, POH2, M64_ P2, and M256_ P2 are all 1 bit. The POH1 overhead of the 64VBR multi-frame has a size of 1 × 64=64 bits, and the multi-frame header overhead of the 64VBR multi-frame has a size of 1 × 64=64 bits. The POH2 overhead of the 256VBR multi-frame has a size of 1 × 256=256 bits, and the multi-frame header overhead of the 256VBR multi-frame has a size of 1 × 256=256 bits.

TABLE 2

The 64 consecutive VBR _ EXT frames may be referred to as 64vbr _extmultiframes. The M64_ P2 of the 64vbr _extmultiframe may constitute a multiframe frame header overhead of 1 64vbr _extmultiframe, which may be used to indicate the 64vbr _extmultiframe.

Illustratively, table 3 is an overhead table of VBR _ EXT frames, and referring to table 3, in the overhead of VBR _extframes, the sizes of POH1 and M64_ P2 are both 1 bit. The POH1 overhead of the 64vbr _extmultiframe is 1 × 64=64 bits, and the size of the multiframe frame header overhead of the 64vbr _extmultiframe is 1 × 64=64 bits.

For ease of understanding, the POH2 overhead of the above 256VBR multiframes may be simply referred to as VBR _ POH2 overhead herein. If an encryption period includes 1024 OSUv frames, the encryption period includes 16M 64_ P2 and at least 1M 256_ P2, that is, the encryption period includes: 16 VBR _ POH1 overhead, at least 1 full VBR _ POH2 overhead (POH 2 with 512 VBR frames, at least 1 VBR _ POH 2).

TABLE 3

The length of the OSUv frame is 192 bytes, which is the same as the length of the OSU frame described above. The OSUv frame also includes a payload. The OSUv frame payload is different from the above-described OSU frame payload in that the length of the OSUv frame payload may not be fixed to 185 bytes.

Unless otherwise specified, in this context: the OSU frame is generally the OSU frame shown in fig. 4, and the OSUv frame is generally another OSU frame provided by the above embodiments and applicable to the embodiments of the present application. The OSU frame can carry traffic data of the user, such as E1 traffic. The E1 service refers to a private line service with a nominal rate of 2.048Mb/s, and is a general name of various services using a g.703 interface, such as voice, data, image, and other services. In an implementation, the payload of an OSU frame may be the smallest unit (also referred to as the smallest tributary unit) carrying the service data of the user. The rate of one OSU frame may be a variable rate or a fixed rate. Multiple OSU frames may be combined together to carry traffic data for users at corresponding rates. Different service data are mapped to the corresponding OSU frame according to the respective speed, and a label is added in the overhead of the OSU frame to realize the end-to-end Operation Administration and Maintenance (OAM) function. Wherein, a plurality of OSU frames carrying the same service data may be continuous or discontinuous.

One ODUk frame may carry multiple OSU frames, so that service data of multiple users may be carried. When a sending end encrypts an ODUk frame, the payload of the ODUk frame is actually encrypted as a whole, and it is not possible to distinguish which of service data carried by the payload of the ODUk frame needs to be encrypted and which does not need to be encrypted, so that the sending end cannot individually encrypt part of service data in all service data carried by the ODUk frame.

3. Encryption algorithm

Encryption algorithms can be divided into three categories: symmetric encryption algorithms, asymmetric encryption algorithms and hash (hash) encryption algorithms. Symmetric encryption algorithm means that encryption and decryption all use the same key. Asymmetric encryption refers to encryption and decryption using different keys. Wherein, the symmetric encryption algorithm comprises: data Encryption Standard (DES), triple Data Encryption Algorithm (TDEA), advanced Encryption Standard (AES), and the like. The asymmetric encryption algorithm comprises the following steps: elliptic Curve Cryptography (ECC) encryption algorithm, diffie-hellman (DH) encryption algorithm, digital Signature Algorithm (DSA), and the like.

4. AES Advanced Encryption Standard (AES)

In AES, a sending end may encrypt a plaintext according to a secret key and an Initial Vector (IV), obtain a ciphertext, and send the ciphertext to a receiving end; the receiving end can decrypt the received ciphertext according to the same secret key and the initial vector to obtain a corresponding plaintext, so that the encrypted transmission of data is realized.

The AES algorithm may be divided into AES-128, AES-192, and AES-256 depending on the length of the key. The length of a key used by the AES-128 is 128 bits (bit), the length of a key used by the AES-192 is 192 bits, and the length of a key used by the AES-256 is 256 bits.

AES includes a plurality of encryption modes such as a Calculator (CTR) mode, a galois/counter mode (GCM), an Electronic Codebook (ECB) mode, and a Cipher Block Chaining (CBC) mode.

The following describes the process of encrypting data and decrypting data, taking the CTR mode of AES-256 as an example.

FIG. 5 is a diagram illustrating data encryption using the CTR mode of AES-256. Referring to fig. 5, a 128-bit cipher block (cipher) may be first generated using a 256-bit key, a 128-bit initial vector, and an AES encryption function. Then, an xor operation may be performed on the 128-bit cipher block and 128-bit plain text (plaintext) to obtain a corresponding 128-bit cipher text (cipertext).

Fig. 6 is a diagram illustrating a CTR mode for decrypting data using AES. Referring to fig. 6, a 128-bit cipher block (cipher) may be first generated using a 256-bit key, a 128-bit initial vector, and an AES encryption function. Then, the 128-bit cipher block and the 128-bit cipher text may be subjected to an exclusive or operation to obtain a corresponding 128-bit plain text.

Specifically, in fig. 5 and fig. 6, the process of generating the 128-bit cipher block by using the 256-bit key, the 128-bit initial vector and the AES encryption function includes two steps of key expansion (key expansion) and round key addition (add round key). Fig. 7 is a schematic diagram of key expansion and round-robin key provided in an embodiment of the present application. Referring to fig. 7, when performing key expansion, the 256-bit key may be expanded into a plurality of round keys (round keys) by using the 256-bit key and a key expansion function. In round keying, a 128-bit cipher block may be generated using a 128-bit initial vector, a plurality of round keys, and a round keying function. Wherein, in the CTR mode, the initial vector may be generated by a counter, and the initial vector is updated 1 time each time a cipher block is generated, e.g. the value of the initial vector is increased by 1. The specific implementation of the key expansion function and the round key function can refer to the relevant specifications in the CTR mode, and will not be described herein again.

The GCM mode of AES is different from the CTR mode in that the GCM mode can not only encrypt plaintext or decrypt ciphertext using the CTR mode, but also perform ciphertext authentication. Specifically, the sending end may encrypt the plaintext by using the CTR mode to obtain the ciphertext, and may generate the first authentication identifier by using the key, the initial vector, the ciphertext, and the authentication identifier generating function. Then, the sending end sends the ciphertext and the first authentication identification to the receiving end. The receiving end can decrypt the received ciphertext into plaintext by using the CTR mode, and can generate a second authentication identifier by using the key, the initial vector, the received ciphertext and the authentication identifier generating function. Finally, the receiving end can compare whether the first authentication identification is consistent with the second authentication identification, and if not, the ciphertext is possibly tampered in the transmission process. In other words, the GCM mode can encrypt and check the integrity of data, thereby improving the data security.

Fig. 8 is a schematic diagram of data encrypted by using GCM mode of AES according to an embodiment of the present application. Referring to fig. 8, the transmitting end may perform an authentication process for encrypting plaintext and ciphertext, and the receiving end may perform an authentication process for decrypting ciphertext and ciphertext. The plaintext encryption process and the ciphertext decryption process may refer to the data encryption and decryption process in the CTR mode, which are not described herein again. The ciphertext authentication process performed by the sending end and the receiving end is described below.

Referring to fig. 8, in the process of performing ciphertext authentication at the sending end, an Additional Authenticated Data (AAD), a key, a ciphertext, and a GHASH function may be used to generate a first hash value; then, encrypting the first hash value by using the key, the initial vector and the GCTR function to obtain a first authentication identifier; and finally, carrying the first authentication identifier by using the overhead of the OSU frame, and sending the OSU frame carrying the first authentication identifier to a receiving end. The GHASH function is a hash function, the GCTR function is an encryption function, and the specific implementation manner of the GHASH function and the GCTR function may refer to the relevant specification in the GCM mode, which is not described herein again.

Specifically, fig. 9 is a schematic flowchart of a process of performing ciphertext authentication by a sending end in the GCM mode according to the embodiment of the present application. Referring to FIG. 9, A is the predefined data, AIs typically 128 bits in length. C is ciphertext, and the length of C may be an integer multiple of 128 bits. Len (A) is the length of A, len (C) is the length of C. The value of H may be determined by the key and the value of J by the initial vector and the key. The most significant bit function may be of the form: MSB _t (T)，MSB _t (T) may be used to reserve the highest T bits in T, e.g., assuming T =3, T =01100, then MSB _t (011100) =011. Where T may be 128, so that a 128-bit authentication T may be generated. When the sending end executes the ciphertext authentication process, the sending end can input data consisting of A, C, len (A) and Len (C) and H into a GHASH function to obtain a first hash value; then, inputting the first hash value J into a GCTR function for encryption to obtain an identity authentication label; finally, the identity verification label and the MSB function are used for generating a first authentication identifier.

Correspondingly, referring to fig. 8 again, in the process that the receiving end executes the ciphertext authentication, the receiving end may generate a second hash value by using the AAD, the secret key, the received ciphertext, and the GHASH function; then, encrypting the second hash value by using the key, the initial vector and the GCTR function to obtain a second authentication identifier; and finally, comparing whether the first authentication identification is consistent with the second authentication identification, and if not, indicating that the ciphertext received by the receiving end is possibly tampered in the transmission process. The specific implementation of the receiving end executing the ciphertext authentication process may refer to the procedure of performing the ciphertext authentication by the sending end shown in fig. 9, which is not described herein again.

It should be noted that the above descriptions of the CTR mode and the GCM mode of the AES are examples, and do not limit the CTR mode and the GCM mode of the AES described in this embodiment.

The encryption transmission method provided by the embodiment of the present application will be specifically described below with reference to fig. 10 to 17.

For ease of understanding, the encryption algorithm used by the encryption transmission method shown in fig. 10 to 17 is exemplified by the AES encryption algorithm. It should be noted that the encryption algorithm used by the encryption transmission method provided in the embodiment of the present application is not limited to the AES encryption algorithm, and the encryption algorithm that can be used further includes: the encryption algorithm includes, but is not limited to, a DES encryption algorithm, a TDEA encryption algorithm, an AES encryption algorithm, an ECC encryption algorithm, a DH encryption algorithm, a DSA encryption algorithm, a hybrid encryption algorithm, and the like.

Exemplarily, fig. 10 is a schematic flowchart of an encryption transmission method provided in an embodiment of the present application. The encryption transmission method can be applied to communication between any two OTN devices shown in fig. 1.

As shown in fig. 10, the encryption transmission method includes the following steps:

s1001, the sending end encrypts a plurality of data in an encryption period one by one according to the encryption and decryption control information.

Wherein, the encryption and decryption control information can be determined by the encryption algorithm used by the sending end. For example, when the transmitting end encrypts data using the AES encryption algorithm, the encryption/decryption control information may include an initial vector and a key. The description of the initial vector and the key can refer to the related description of "AES advanced encryption standard" in the introduction of technical terminology, and will not be described herein.

It should be noted that, since the encryption algorithm used by the encryption transmission method provided in the present embodiment is an AES encryption algorithm as an example, the encryption and decryption control information in the embodiment of the present application includes an initial vector and a key, unless otherwise specified.

n consecutive OSU frames are referred to as an encryption period, n being a positive integer. Optionally, the number of OSU frames included in each encryption period is the same, where a value of n is not limited in this embodiment of the application, for example, n =128, 256, 512, or 1024, and the like.

Optionally, between the last OSU frame included in one encryption period and the first OSU frame included in the next encryption period of the encryption period, two OSU frames adjacent to each other in the payload of the OPU frame are included. That is, consecutive encryption periods occupy consecutive bytes (or bits) in the payload of one or more OPU frames.

Optionally, the multiple data in one encryption cycle may be service data of a user, or a payload of an OSU frame carrying the service data, which is not limited in this application. In other words, the sending end may map the multiple data to payloads of multiple OSU frames in one encryption cycle, and encrypt the payloads of the multiple OSU frames one by one according to the encryption and decryption control information; or, the sending end may encrypt the multiple data in one encryption period one by one according to the encryption and decryption control information, and map the encrypted multiple data to payloads of multiple OSU frames. It will be appreciated that each OSU frame carries an encrypted data.

Exemplarily, assuming that one encryption cycle includes 256 consecutive OSU frames, in one encryption cycle, the sending end may map the service data of the user into the payloads of the 256 consecutive OSU frames, and then encrypt the payloads of the 256 OSU frames one by one; alternatively, the transmitting end may divide the service data of the user into 256 parts, each of which has the same size (185 bytes) as the payload of one OSU frame, encrypt the 256 parts of service data one by one, and map the encrypted service data into the payloads of 256 consecutive OSU frames.

Optionally, in order to encrypt the overhead of the OSU frame, the plurality of data in the above-mentioned one encryption period may be OSU frames (including payload and overhead) carrying traffic data. Therefore, the payload of the OSU frame can be encrypted, and the overhead of the OSU frame can be encrypted, so that the safety of data transmission is further improved.

In some possible embodiments, the above S1001, encrypting the multiple data in one encryption cycle one by one according to the encryption and decryption control information, may include the following steps 1 and 2:

and step 1, generating a plurality of cipher blocks according to the encryption and decryption control information.

The total number M of bits of the plurality of cipher blocks is greater than or equal to the total number N of bits of the plurality of data, and M and N are positive integers.

Taking the example that the sending end maps the service data of the user into the payloads of 256 consecutive OSU frames and then encrypts the payloads of the 256 OSU frames one by one, since the payloads of the 256 OSU frames have a length of 185 × 256 bytes and the length of 1 cipher block is 128 bits (16 bytes), the sending end can generate at least 185 × 256/16=2960 cipher blocks from the initial vector and the key. It should be noted that, for the specific process of generating the cipher block by the sending end according to the initial vector and the key, reference may be made to the related description of "AES advanced encryption standard" in the above technical terminology introduction, and details are not described here again.

Optionally, 0 ≦ M-N < k2, where k2 is the length of one cipher block. In other words, the difference between the total number of bits M of the plurality of cipher blocks and the total number of bits N of the plurality of data is smaller than the length of one cipher block and greater than or equal to 0. For example, if the number of the plurality of cipher blocks is k1, the length of each cipher block is k2, the number of the plurality of data is k3, and the length of each data is k4, the total number of bits of the plurality of cipher blocks is M = k1 × k2, and the total number of bits of the plurality of data is N = k3 × k4. Therefore, a plurality of cipher blocks generated by the sending end according to the encryption and decryption control information satisfy the following conditions: 0 ≦ k1 × k2-k3 × k4 < k2. Therefore, the sending end can generate as few cipher blocks as possible on the premise of ensuring that the total number M of the generated cipher blocks is greater than or equal to the total number N of the bits of the plurality of data, so as to further improve the encryption efficiency.

It can be understood that when the total number M of bits of the plurality of cipher blocks is equal to the total number N of bits of the plurality of data, the number of cipher blocks generated by the transmitting end is the least, so that the processing time can be further reduced, and the encryption efficiency can be improved.

And 2, encrypting the plurality of data in a bitwise manner by using N bits in the plurality of cipher blocks.

The calculation mode of the bitwise encryption can be determined by an encryption algorithm used by the sending end. For example, when the sending end encrypts data by using the AES encryption algorithm, the bit-wise encryption is calculated as an exclusive-or operation, and the operation sign of the exclusive-or operation is #.

Specifically, the transmitting end may obtain N bits for encrypting data from M bits of the plurality of cipher blocks according to a first encryption rule, and bitwise encrypt the plurality of data using the N bits according to a second encryption rule.

The first encryption rule may be understood as a rule for obtaining N bits from M bits of a plurality of cipher blocks, for example, the first encryption rule may be a generation order of the cipher blocks. Specifically, obtaining N bits for encrypting data from M bits of the plurality of cipher blocks according to the first encryption rule may include the following embodiments:

mode 1, the first N bits of the M bits of the plurality of cipher blocks are determined as N bits used for encrypting data in the order in which the cipher blocks are generated. For example, assume that the M bits of the plurality of cipher blocks include c in the order of generation of the cipher blocks ₁ 、c ₂ 、…、c _M Then c can be substituted ₁ To c _N Determined as N bits for the encrypted data.

Mode 2, the last N bits of the M bits of the plurality of cipher blocks are determined as N bits used for encrypting data in the order in which the cipher blocks are generated. For example, assume that the M bits of the plurality of cipher blocks include c in the order of generation of the cipher blocks ₁ 、c ₂ 、…、c _M Then c can be substituted _T To c _M It is determined as N bits, M-T +1= N, for the encrypted data.

The second encryption rule may be understood as a rule for bitwise encrypting a plurality of data with N bits, for example, the second encryption rule may be a generation order of the cipher block. Specifically, the bitwise encryption of the plurality of data according to the second encryption rule and using the N bits may include the following embodiments:

mode 3 encrypts the ith bit of the plurality of data using the ith bit of the N bits, i being a positive integer, i ≦ N. For example, assume that N bits in a plurality of cipher blocks include c ₁ 、c ₂ 、…、c _N The plurality of data includes N bits p as follows ₁ 、p ₂ 、…、p _N The encrypted data includes the following N bits

Mode 4, encrypt the ith bit in the multiple data using the nth-i bit in the N bits, i being a positive integer, i ≦ N. For example, assume that N bits in a plurality of cipher blocks include c ₁ 、c ₂ 、…、c _N The plurality of data includes N bits p as follows ₁ 、p ₂ 、…、p _N The encrypted data includes the following N ratiosSpecially for treating chronic bronchitis

It should be noted that the first encryption rule and the second encryption rule may be configured by a user or determined by negotiation between the sending end and the receiving end, and the specific implementation of the first encryption rule and the second encryption rule is not limited in this application. Of course, in order for the receiving end to be able to correctly decrypt the plurality of data, the transmitting end and the receiving end need to use the same first encryption rule and second encryption rule.

It can be understood that the above modes 1 to 4 can provide multiple modes for encrypting multiple data by using N bits in multiple cipher blocks, so as to implement separate encryption of multiple OSU frames carried by an ODUk frame, thereby improving data security.

In some possible embodiments, the sending end may encrypt the ith bit in the plurality of data by using the ith bits of the plurality of cipher blocks according to the generation order of the plurality of cipher blocks, where i is a positive integer and i is less than or equal to N. For example, assume that multiple cipher blocks include the following M bits c in generation order ₁ 、c ₂ 、…、c _M The plurality of data includes N bits p as follows ₁ 、p ₂ 、…、p _N Where M ≧ N, the encrypted data includes N bits

The sender may encrypt 1 OSU frame at a time, for example, with an encryption cycle comprising 256 consecutive OSU frames, with the OSU bus being 12 x 128 bits (192 bytes). In 1 OSU frame, the payload (185 bytes) of the OSU frame needs to be encrypted and the overhead (7 bytes) of the OSU frame may be unencrypted. When only the payload of the OSU frame is encrypted, 11.5625 encryption blocks are required to encrypt the payload of 1 OSU frame since the length of 1 encryption block is 16 bytes. For example, to encrypt the payload of the 1 st OSU frame, 12 encryption blocks need to be generated, and after the 12 encryption blocks encrypt the payload of the 1 st OSU frame, 7 bytes remain unused for encrypting the payload of the 1 st OSU frame. To improve the utilization of the cipher block, the bytes of the 12 cipher blocks that are not used to encrypt the payload of the 1 st OSU frame may be used to encrypt the payload of the next OSU frame, i.e., the 2 nd OSU frame. By analogy, the cipher block used to encrypt the payload of the kth OSU frame includes: the unused cipher blocks in the plurality of cipher blocks used for encrypting the payload of the (k-1) th OSU frame, and the unused cipher blocks in the plurality of cipher blocks generated by the transmitting end. Wherein k is a positive integer and is less than or equal to the number of the plurality of OSU frames. In other words, when encrypting the payload of the k-1 st OSU frame, if there is an unused cipher block among a plurality of cipher blocks used to encrypt the payload of the k-1 st OSU frame, the payload of the k-th OSU frame can be encrypted using the unused bits in the unused cipher block. Therefore, the waste of the password blocks can be avoided, and the number of generated password blocks is reduced, so that the processing time is reduced, and the encryption efficiency is improved.

The following describes in detail an embodiment in which the transmitting end encrypts the ith bit of the plurality of data using the ith bits of the plurality of cipher blocks in the order in which the plurality of cipher blocks are generated, with reference to the accompanying drawings.

Fig. 11 is a schematic diagram of encrypting payloads of 256 consecutive OSU frames using multiple cipher blocks according to an embodiment of the present application. Referring to fig. 11, the payloads of 256 consecutive OSU frames have been mapped with the user's traffic data. Assuming that the payload of each OSU frame is 185 bytes in length and 1 cipher block is 16 bytes in length, the transmitting end can generate 2960 cipher blocks, where the 2960 cipher blocks include CB1, CB2, \ 8230;, CB2960 in the generation order. And, the transmitting end can encrypt the payloads of the 256 consecutive OSU frames using the generated cipher block. Specifically, taking the example of encrypting the payload of the kth OSU frame in 256 consecutive OSU frames, k is a positive integer and k is less than or equal to 256. The transmitting end may determine a frame-crossing cipher block that is not fully used among a plurality of cipher blocks used to encrypt the (k-1) th OSU frame. The transmitting end may then encrypt the payload of the kth OSU frame using the cross-frame cipher block and unused cipher blocks of the generated plurality of cipher blocks. For example, when k =1, the cross-frame cipher block does not exist, so that the transmitting end may encrypt the payload of the 1 st OSU frame using 12 cipher blocks (including CB1 to CB 12), where all bits of CB1-CB11 are used to encrypt the payload of the 1 st OSU frame, 9 bytes of CB12 are used to encrypt the payload of the 1 st OSU frame, and the remaining 7 bytes in CB12 are not used to encrypt the payload of the 1 st OSU frame. When k =2, the cross-frame cipher block is CB12, so that the transmitting end can encrypt the payload of the 2 nd OSU frame using 7 bytes of CB12 that are not used for encrypting the payload of the 1 st OSU frame and CB13 to CB 24. By analogy, the detailed description of the payload encryption of the kth OSU frame is not repeated herein.

It can be understood that based on the embodiment shown in fig. 11, when the length of the payload of one OSU frame is not an integral multiple of the length of the encryption block, the above-mentioned embodiment of encrypting the ith bit of a plurality of data using the ith bits of a plurality of cipher blocks can implement encrypting the payload of the next OSU frame using the incompletely used cipher blocks among the plurality of cipher blocks used for encrypting the payload of one OSU frame, thereby implementing that one cipher block can encrypt data across frames, thereby avoiding wasting the cipher blocks, reducing the number of generated cipher blocks, further reducing the processing time, and further improving the encryption efficiency.

It should be noted that step 1 and step 2 can be executed in parallel, thereby improving the encryption efficiency. For example, assuming that a cipher block has a length of 16 bytes, the sender may encrypt the unencrypted 16 bytes of the plurality of data in bits by using the cipher block every time the sender produces one cipher block in the process of performing step 1. Of course, step 1 may be performed before step 2, which is not limited in this application.

Based on the above description of step 1 and step 2, the sending end may also generate as few cipher blocks as possible on the premise of ensuring that the total number M of bits of the generated cipher blocks is greater than or equal to the total number N of bits of the multiple data, so as to improve the encryption efficiency. In addition, the sending end can encrypt a plurality of data by using the cipher blocks with the same data length, thereby avoiding the waste of the cipher blocks, reducing the number of the generated cipher blocks, further reducing the processing time and further improving the encryption efficiency.

In the step shown in S1001, the sending end may further encrypt, according to the encryption and decryption control information, the OSUv frames in one encryption period one by one, and in a specific implementation, the OSU frames in the foregoing method embodiment may be replaced with OSUv frames, which is not described herein again.

In the embodiment of the application, the encryption and decryption control information used by the sending end and the receiving end needs to be consistent, and the receiving end can correctly decrypt the ciphertext to obtain the plaintext corresponding to the ciphertext. Moreover, the encryption and decryption control information needs to be updated once per plaintext encryption, so as to ensure that the encryption and decryption control information used for encrypting the plaintext is not repeated every time.

In practical application, the AES encryption algorithm is used for encryption and decryption, the encryption and decryption control information includes an initial vector and a key, the initial vector needs to be updated every time plaintext is encrypted by using a cipher block, and the key needs to be updated every time a period of time elapses. Wherein the initial vector may be generated by a counter. Since the number generated by the counter has an upper limit, the key needs to be updated before the number generated by the counter reaches the upper limit to ensure that the key and the initial vector used each time plaintext is encrypted are not duplicated. Thus, the same plaintext block can be prevented from being encrypted into the same ciphertext block all the time, and data security is improved.

In order to make the encryption and decryption control information used by the sending end and the receiving end consistent, the sending end needs to send the indication information of the updated encryption and decryption control information to the receiving end every time the encryption and decryption control information is updated. Wherein, the indication information of the encryption and decryption control information may be determined by an encryption algorithm used by the transmitting end. Illustratively, when the transmitting end performs encryption using the AES encryption algorithm, the indication information of the encryption/decryption control information is used to indicate the initial vector and the key. In other words, the indication information of the encryption/decryption control information may include indication information of a key and indication information of an initial vector, the indication information of the key may include switching indication information and a key data stream, the switching indication information is used to indicate a switching position of the key (i.e. a time point of a next key cycle), and the key data stream may be determined by the key (or referred to as a key value) and a certain security algorithm at the sending end, where the security algorithm is not limited. The receiving end can obtain a key value according to the key data stream, and the key value is used as a key used in the next key period. The description in step 3 may be referred to for the related description of the handover indication information.

Alternatively, each time the encryption and decryption control information is updated, the sending end may send the indication information of the updated encryption and decryption control information to the receiving end by using a plurality of OSU frames in one encryption period. After receiving the indication information of the encryption and decryption control information from the sending end, the receiving end may determine the updated encryption and decryption control information according to the indication information. In other words, a plurality of OSU frames within one encryption period may carry indication information of encryption/decryption control information.

The key data stream can be restored to the key through a corresponding security algorithm at the receiving end, so that the key can be prevented from being transmitted in a network in a plaintext form, and the data security is improved. For example, in the case of performing encryption and decryption using the AES encryption algorithm, the indication information of the encryption and decryption control information may include: partial data of the initial vector (such as an inter-frame counter), a key data stream determined according to a key and a certain security algorithm, and switching indication information.

The key data stream, the partial data of the initial vector, and the switching indication information may all be transmitted through the overhead of a plurality of OSU frames in one encryption period, where the overhead of a plurality of OSU frames in one encryption period may be referred to as a monitoring management overhead field, and the monitoring management overhead field may include a key exchange communication channel (KCC). Specifically, the key data stream may be transmitted through a key security management channel, and the partial data of the initial vector and the switching indication information may be transmitted through a partial overhead in a monitoring management overhead domain. The key security management channel may also be referred to as a key exchange communication channel. The key data stream, the partial data of the initial vector, and the handover indication information are transmitted through the overhead of a plurality of OSU frames in one encryption period, which may refer to the following descriptions in tables 4 to 7, and are not described herein again.

The following describes an embodiment of carrying indication information of encryption and decryption control information in a plurality of OSU frames in one encryption period in detail with reference to a structural example of an initial vector.

Table 4 shows a structure of an initial vector provided in the embodiment of the present application. Referring to table 4, the initial vector includes 128 bits, and includes, in order from Most Significant Bit (MSB) to Least Significant Bit (LSB): 32-bit configuration value (cfg _ iv _ fix), 32-bit inter-frame counter (intra _ mf _ cnt), 32-bit inter-frame counter, 17 0-bits, and 15-bit intra-frame counter (inter _ mf _ cnt). The configuration value may be a fixed value and may be configured by a user. The interframe counter may be generated by the sender and the value of the interframe counter is incremented by 1 every encryption period. The intra counter counts from 1 in each encryption period, and the value of the intra counter is incremented by 1 every time 1 encryption block is generated. Note that the initial vector in table 4 includes 2 identical inter-frame counters.

TABLE 4

Table 5 shows another structure of the initial vector provided in the embodiment of the present application. Referring to table 5, the initial vector includes 128 bits, which includes, in order from the most significant bit to the least significant bit: 32-bit configuration value, 32 0 bits, 32-bit interframe counters, 17 0 bits, and 15-bit intraframe counters. The description of the configuration value, the inter-frame counter and the intra-frame counter can refer to the description in table 4, and will not be described herein again. The initial vector shown in table 5 differs from the initial vector shown in table 4 in that: the interframe counter is not repeated. It is understood that tables 4 and 5 provide 2 examples of the structure of the initial vector, and the application does not limit the specific structure of the initial vector.

TABLE 5

The sending end and the receiving end can be configured with the same configuration value, the intra-frame counter starts counting from 1 in an encryption period, so that the sending end can only send the inter-frame counter to the receiving end, and the receiving end can determine an initial vector in the encryption period according to the inter-frame counter. In other words, the indication information of the encryption/decryption control information may include: the 32-bit interframe counter of the initial vector shown in table 4 or table 5, the key data stream determined according to the key and a certain security algorithm (for example, the key encrypted by using the RSA encryption algorithm), and the handover indication information. In practical applications, the indication information of the encryption/decryption control information may be carried in the overhead of multiple OSU frames in one encryption cycle.

In order to realize integrity check on data and improve data security, optionally, a plurality of OSU frames may carry authentication information. The authentication information may be determined by the encryption/decryption control information and a plurality of encrypted data (i.e., cipher texts). For example, when the sending end encrypts data using the AES encryption algorithm, the sending end may generate an authentication identifier using a key, an initial vector, a ciphertext, and an authentication identifier generating function, and use the authentication identifier as authentication information. Specifically, the generation manner of the authentication identifier may refer to the related description of "GCM mode of AES" in the technical term introduction, and is not described herein again. In practical applications, the authentication information may be carried in the overhead of a plurality of OSU frames in one encryption period. Therefore, the receiving end can judge whether the encrypted data is falsified in the transmission process according to the authentication information, the integrity of the data is verified, and the data safety is improved.

S1002, the transmitting end transmits a plurality of OSU frames in an encryption period to the receiving end. The receiving end receives a plurality of OSU frames within one encryption period from the transmitting end.

The process of sending the OSU frame by the sending end and receiving the OSU by the receiving end may refer to the above description about the data receiving and sending of the OTN device in fig. 2, which is not described herein again.

And S1003, the receiving terminal decrypts the plurality of encrypted data one by one according to the encryption and decryption control information.

And the algorithm used by the receiving end for decrypting the plurality of encrypted data one by one is consistent with the algorithm used by the sending end. For example, when the transmitting end encrypts data using the AES encryption algorithm, the receiving end decrypts the encrypted data using the same AES encryption algorithm. For a specific implementation of S1003, reference may be made to the relevant description in S1001, and details are not repeated here.

In order to make the encryption and decryption control information used by the sending end and the receiving end consistent, the sending end needs to synchronously switch the secret key besides sending the indication information of the encryption and decryption control information to the receiving end. In some possible embodiments, for the purpose of synchronously switching the key between the sending end and the receiving end, the encrypted transmission method provided in this embodiment may further include the following steps:

and 3, the sending end sends switching indication information to the receiving end. The receiving end receives the switching indication information sent by the sending end.

The switching indication information is used for indicating a key of the next key cycle. The key cycle includes a plurality of encryption cycles, and the plurality of encryption cycles use the same key. For example, the key period includes w encryption periods, w being a positive integer. For example, w =128, 256, 512, 1024, or the like. Note that the length of the key period is smaller than the length of the interframe counter counted 1 time in a loop. For example, assume that the interframe counter starts counting from 0, and its upper count limit is 65535, i.e., the number of bits of the interframe counter is 16 bits. Then the length of the key period is less than 65535 encryption periods.

In some possible embodiments, the handover indication information may indicate the next key cycle. Fig. 12 is a first schematic diagram illustrating a synchronous handover key between a sending end and a receiving end according to an embodiment of the present application. Referring to fig. 12, the process of synchronously switching keys between the transmitting end and the receiving end may include:

s1201, a key is prepared. Specifically, the sending end may first generate a key for the next key cycle, and determine a key data stream of the key according to the key. Then, the sending end can send the key data stream to the receiving end through the key security management channel. After receiving the key data stream from the sending end, the receiving end can restore the key according to the key data stream. And the receiving end writes the restored key into the spare key area and waits for the key switching indication.

Optionally, after the receiving end restores the key, the information for preparing the key to be switched may be sent to the sending end through the key security management channel. Therefore, the sending end can judge whether the receiving end completes the recovery of the key according to the prepared key switching information, so that the sending end can be ensured to send switching indication information after the receiving end recovers the key, and the two parties can be ensured to synchronously switch the key.

S1204, the sending end sends the switching instruction information to the receiving end, and the receiving end receives the switching instruction information from the sending end.

Exemplarily, assuming that both the sending end and the receiving end currently use key0 for encryption and decryption, the sending end may send switching indication information to the receiving end, where the switching indication information is used to indicate that the key of the next key cycle is key1. And, the transmitting end encrypts data using key1 in the next key cycle. After receiving the switching indication information from the sending end, the receiving end decrypts the data by using key1 in the next key period.

Optionally, after the keys are synchronously switched, the receiving end and the sending end may also clear the inter-frame counter to enter encryption and decryption of the next key period.

The switching indication information may be carried in the monitoring management overhead domain except for the key security management channel.

In the embodiment of the application, two keys can be maintained between the sending end and the receiving end, which are a main key and a standby key respectively, wherein the main key is a currently used key, and the standby key is a key used in the next key period. Assuming that the current key0 is a master key and the key1 is a standby key, in a first key period, both the sending end and the receiving end use the key0 to encrypt and decrypt. At this time, key1 is the spare key, the transmitting end updates key1 and transmits key1 to the receiving end through KCC, and both the transmitting end and the receiving end update key1 to the spare key area. In the second key period, the key1 in the spare key area is synchronously used between the sending end and the receiving end through the switching indication information, that is, the used key is switched from key0 to key1. At this time, key0 is the spare key, the transmitting end updates key0 and transmits key0 to the receiving end through KCC, and both the transmitting end and the receiving end update key0 to the spare key area. In the third key period, through the switching indication information, key0 in the spare key area is synchronously used between the sending end and the receiving end, that is, the used key is switched from key1 to key0, and so on, and key switching in the subsequent key period is not repeated. In this way, a timed synchronous update of the key can be achieved. As can be seen from the above procedure, the spare key can be updated before the key switch is initiated, so that data security can be ensured.

Based on the description of step 3, this embodiment can implement synchronous key switching between the sending end and the receiving end through the switching indication information. Therefore, each time, such as one or more encryption periods, the key can be synchronously switched between the sending end and the receiving end, so that the same plaintext block is prevented from being encrypted into the same ciphertext block all the time, and the data security is improved.

Optionally, in step 3, before the sending end sends the switching indication information to the receiving end, the encrypted transmission method provided in this embodiment may further include: the sending end sends the key switching request information to the receiving end, and the receiving end receives the key switching request information from the sending end. The key switching request information is used for indicating a receiving end to feed back key switching confirmation information. The receiving end sends the key switching confirmation information to the sending end, and the sending end receives the key switching confirmation information from the receiving end. The key switching confirmation information is used for indicating the sending end to send switching indication information and indicating that the spare key of the receiving end is updated.

For example, referring to fig. 12 again, S1201, after preparing the key, the process of synchronously switching the key between the sending end and the receiving end may further include:

s1202, the sending end sends the key switching request information to the receiving end, and the receiving end receives the key switching request information from the sending end.

S1203, the receiving end sends the key switch confirmation message to the sending end, and the sending end receives the key switch confirmation message from the receiving end.

For example, the transmitting end may transmit key switch request information to the receiving end. After receiving the key switching request message, the receiving end may send a key switching confirmation message to the sending end to notify the sending end that the key can be synchronously switched. Therefore, before the sending end sends the switching indication information to the receiving end, the sending end and the receiving end can confirm whether the communication between the sending end and the receiving end is normal or not by using the key switching request information and the key switching confirmation information, and the condition that the sending end and the receiving end do not synchronously switch the key is avoided, so that the key can be synchronously switched between the sending end and the receiving end, and the data safety is further improved.

Optionally, the key switch completion information, the key switch request information, and the key switch confirmation information may be carried in the key security management channel, or may be carried in other overhead parts except the key security management channel in the monitoring management overhead domain, which is not limited in this application.

Optionally, in step 3, after the sending end sends the switching indication information to the receiving end, the encryption transmission method provided in this embodiment may further include: and the receiving end sends the key switching completion information to the sending end. The sending end receives the key switching completion information from the receiving end. The key switching completion information is used for indicating the receiving end to complete key switching.

For example, referring to fig. 12 again, in S1204, after the sending end sends the handover indication information to the receiving end, and the receiving end receives the handover indication information from the sending end, the process of synchronously switching the key between the sending end and the receiving end may further include:

s1205, the receiving end sends the key switching completion information to the sending end, and the sending end receives the key switching completion information from the receiving end.

For example, not only does the key to be used be switched from key1 to key 2 in synchronization between the transmitting end and the receiving end, but the receiving end can also send key switching completion information to the transmitting end. Therefore, the sending end can judge whether the receiving end completes the key synchronous switching according to the key switching completion information, so that the key can be synchronously switched between the sending end and the receiving end, and the data security is further improved.

It should be noted that, in step 3, when the sending end sends the switching indication information to the receiving end, the sending end may send the switching indication information in a plurality of consecutive encryption periods. And when receiving the key switching completion information from the receiving end, the sending end stops sending the switching indication information. Therefore, even if the first switching indication information is not correctly received by the receiving end due to accidental packet loss, the receiving end can still receive the switching indication information after the first switching indication information so as to ensure the reliability of the synchronous switching key.

In the process of exchanging the key switching request information, the key switching confirmation information, the switching indication information and the key switching completion information between the sending end and the receiving end, the key switching request information, the key switching confirmation information and the key switching completion information can be realized through KCC or overhead except KCC in a monitoring management overhead domain, and the application is not limited to this.

The transmission between the sending end and the receiving end is a bidirectional service, so the receiving end can also send information to the sending end through overhead, where the information may include the following: key switch completion information, key switch confirmation information, and the like. Meanwhile, the KCC channel is also bidirectional, and thus, the KCC channel may also return some information for confirmation, such as the ready-to-switch key information in S1201 described above.

Based on the above method embodiments, it can be known that the overhead of multiple OSU frames in one encryption period can be used to carry one or more of the following items of information: indication information of the encryption and decryption control information, authentication information, key switching completion information, key switching request information and key switching confirmation information. The indication information of the encryption and decryption control information may include indication information of an initial vector and indication information of a key, and the indication information of the key may include: switching indication information and key data stream. The handover indication information, the key handover completion information, the key handover request information, and the key handover confirmation information may be collectively referred to as key synchronization information. The indication information, the authentication information, the key switching completion information, the key switching request information, and the key switching confirmation information of the encryption/decryption control information may be collectively referred to as monitoring management information.

Specifically, the sending end may write one or more of the following information into the monitoring management overhead domain: indication information of the encryption and decryption control information, authentication information, key switching completion information, key switching request information and key switching confirmation information. The monitoring management overhead field may include a portion of overhead of each of the plurality of OSU frames in an encryption period. Illustratively, assuming that one encryption cycle includes 256 OSU frames, the monitoring management overhead field may include a partial overhead of each of the 256 OSU frames within one encryption cycle, e.g., 1 bit in a Reserved (RES) overhead in the overhead field of each OSU frame. In other words, part of the pins of each of the 256 OSU frames within one encryption cycle are grouped together as a monitoring overhead domain.

Taking 1 bit of RES of each of 256 OSU frames in one encryption period as an example, the monitoring overhead domain is 256 bits long. In some possible embodiments, table 6 is an information table carried by a monitoring management overhead domain provided in this embodiment. Referring to table 6, the monitoring management overhead field includes a Frame Alignment Signal (FAS), an inter-frame counter (i.e., indication information of an initial vector), switching indication information (key _ sw), key _ sw _ req, key _ sw _ ack, key _ sw _ ok, authentication information, indication information of a key, and reserved overhead. The frame alignment signal is used for determining the initial position of a monitoring management overhead domain in an encryption period, and the reserved overhead is used for carrying information corresponding to a newly-added management maintenance function. The switching indication information is used to indicate that the key is used in the next key cycle, for example, the switching indication information changes from "0000 (hexadecimal number)" to "FFFF (hexadecimal number)", and indicates that the key to be used is switched. Specifically, for example, if the current master key is key0, the spare key is key1, and the switching indication information is "0000 (hexadecimal number)" in the nth encryption cycle, and if the switching indication information is changed from "0000 (hexadecimal number)" to "FFFF (hexadecimal number)" in the (n + 1) th encryption cycle, the transmitting end and the receiving end may switch the key used from key0 to key1 at the frame header of the (n + 2) th encryption cycle, where the (n + 2) th encryption cycle is the 1 st encryption cycle of the next key cycle. For the detailed description of the inter-frame counter, the key switch request information, the key switch confirmation information, the key switch completion information, the authentication information, and the indication information of the key, reference may be made to the above method embodiments, which are not described herein again.

TABLE 6

Monitoring administrative overhead domains	Carried information
		224 th bit to 255 th bit	Frame alignment signal
192 th bit to 223 th bit	Interframe counter
		176 th bit to 191 th bit	Handover indication information
168 th bit to 175 th bit	Key switch request information
		Bit 160 to bit 167	Key switch confirmation information
152 th bit to 159 th bit	The key is switched overComposition information
		24 th bit to 151 th bit	Authentication information
8 th bit to 23 rd bit	Key safety management channel (KCC)
		Bit 0 to bit 7	Reserving overhead

It should be noted that, in practical applications, the length and format of the handover indication information in table 6 above may be modified. Specifically, the length of the switching indication information in table 6 is 16 bits, and optionally, the length of the switching indication information may be less than 16 bits, for example, 14 bits, 10 bits, and the like, which is not limited in this application. Of course, the lengths and formats of other information (including key switch request information, key switch confirmation information, key switch completion information, etc.) in table 6 may be modified as the switch indication information, and the specific modification manner may refer to the switch indication information, which is not described herein again.

For the key synchronization information in table 6, the value of the key synchronization information may be determined in a majority decision manner. Taking the switching indication information as an example, assuming that the length of the switching indication information is 16 bits, when a sending end sends switching indication information with a value of "FFFF (hexadecimal number)", if channel quality is suddenly degraded, the switching indication information received by a receiving end is "FFF0 (hexadecimal number)", which is equivalent to that part of bits in the switching indication information jump, at this time, since there are 12 bits 1, 4 bits 0, and most bits 1 in the switching indication information, the receiving end can still determine that the switching indication information is actually "FFFF (hexadecimal number)", and perform synchronous key switching according to the switching indication information. In this way, reliability of information transmission can be ensured.

In other possible embodiments, table 7 is another information table carried by the monitoring management overhead domain provided in this embodiment. Referring to table 7, the monitoring management overhead field includes a frame alignment signal, authentication information, key indication information, handover indication information, encryption type indication information, an inter-frame counter, and a reserved overhead. Wherein, the indication information of the key comprises 16 bits, the upper 8 bits of the indication information of the key are positioned at the 95 th bit to the 88 th bit of the monitoring management overhead domain, and the lower 8 bits of the indication information of the key are positioned at the 87 th bit to the 80 th bit of the monitoring management overhead domain. The encryption type indication information is used to indicate an encryption algorithm to be used, and may be "000001" when the transmitting end uses an AES encryption algorithm, for example. Here, the handover instruction information in table 7 may also be referred to as a Key Index (KI). The key number includes 2 bits, and for example, when the key number is "00", it indicates that the first key (key 0) is used for the next encryption period (or multiframe period), and when the key number is "01", it indicates that the second key (key 1) is used for the next encryption period (or multiframe period). For the detailed description of the frame alignment signal, the authentication information, the inter-frame counter and the reserved overhead, reference may be made to the above method embodiments, which are not described herein again.

TABLE 7

It can be understood that, in the manner that the monitoring management overhead domain is used to carry the monitoring management information, the monitoring management overhead domain is equivalent to a transmission channel for transmitting the monitoring management information, and the sending end and the receiving end may use the transmission channel to implement interaction of the monitoring management information, for example, to implement transmission of the indication information of the encryption and decryption control information and the key synchronization information in the above method embodiment. In table 6, by monitoring the handover indication information, the key handover request information, the key handover confirmation information, the key handover completion information, and the like in the management overhead domain, the sending end and the receiving end can implement transmission of information related to the synchronous handover key, and this transmission mode may be referred to as hardware handshake. In addition, the key switching request information, the key switching confirmation information and the key switching completion information can be transmitted through a KCC channel and realized by software control, and the transmission mode can be called software handshake.

Table 7 differs from table 6 in that: table 7 does not have key switching request information, key switching confirmation information, and key switching completion information, and the hardware handshake process can be omitted. Specifically, when the table 7 is used to perform synchronous key switching, the receiving end only needs to restore the key and feed back an acknowledgment message to the sending end through the KCC to inform the sending end that the key can be synchronously switched, and the sending end can perform synchronous key switching according to the acknowledgment message, so that the handshake process can be simplified compared with the synchronous key switching method shown in the table 6.

In the following, embodiments of synchronously switching keys between the transmitting end and the receiving end in step 3 are described with reference to table 6 and table 7, respectively.

When the monitoring management overhead domain shown in table 6 is used to carry key synchronization information, the implementation manner of synchronously switching keys between the sending end and the receiving end is as follows:

fig. 13 is a schematic diagram of a state machine for synchronously switching a key between a sending end and a receiving end according to an embodiment of the present application. Referring to fig. 13, both the sender and the receiver default to the initial state, and then configure to start, and each enter the next state. The sending end enters a request sending state, and the receiving end enters a request waiting state. The sending end can send the key switching request information to the receiving end in the state of sending the request. The receiving end is in a state of waiting for a request, and enters a state of sending confirmation if receiving the key switching request information from the sending end. The receiving end can send the key switching confirmation information to the sending end in the sending confirmation state. The sending end enters a sending switching indication state if receiving the key switching confirmation information from the receiving end in a sending request state. The sending end may send the switching indication information to the receiving end in the state of sending the switching indication, and switch the key currently used to the key indicated by the switching indication information in the next key cycle, for example, assuming that the key currently used by the sending end and the receiving end is the first key and the next key cycle needs to use the second key, the sending end sends the switching indication information of the second key to the receiving end, and the sending end switches the key used to the second key in the next key cycle. The receiving end is in the state of sending confirmation, and if receiving the switching indication information from the sending end, the receiving end can enter the state of completing the key switching. The receiving end can send the key switching completion information to the sending end in the state of completing the key switching, and switches the currently used key into the key indicated by the switching indication information in the next key period, and returns to the initial state. The sending end is in a state of sending a switching indication, and if receiving the key switching completion information from the receiving end, the sending end enters an initial state.

Exemplarily, fig. 14 is a second schematic diagram of a synchronous handover key between a sending end and a receiving end according to an embodiment of the present application. Referring to fig. 14, it is assumed that the key currently used by the sending end and the receiving end is key0, the next key cycle starts from the nth encryption cycle, and the key needed to be used in the next key cycle is key1. The transmitting end may transmit the switching indication information of key1 to the receiving end in the (n + 1) th encryption period, and switch the key used to key1 in the (n + 2) th encryption period. The receiving end receives the switching indication information of the key1 from the sending end in the (n + 1) th encryption period, so that the used key can be switched to the key1 in the (n + 2) th encryption period, and the key switching completion information is sent to the sending end, thereby completing the synchronous key switching between the sending end and the receiving end. Wherein, the switching indication information may indicate to switch the currently used key to the indicated key in the next encryption cycle. The receiving end may receive the switching indication information in a manner of: the switching instruction information "0000 (hexadecimal number)" in the nth crypto period is changed from "0000 (hexadecimal number)" to "FFFF (hexadecimal number)" in the (n + 1) th crypto period, the receiving end determines that the switching instruction information is received, and switches the key at the frame header of the (n + 2) th crypto period.

If the time is out (for example, the waiting time threshold is exceeded), both the sending end and the receiving end will jump to the initial state from the current state. If the configuration is started, the sending end jumps from the current state to the sending request state, and the receiving end jumps from the current state to the waiting request state. The above configuration initiation may be understood as initiating a synchronous handover key.

In the above-described fig. 13 and 14, when the transmitting side transmits the switching instruction information to the receiving side in the switching instruction transmission state, the switching instruction information may be transmitted in a plurality of consecutive encryption periods. And when receiving the key switching completion information from the receiving end, the transmitting end stops transmitting the switching indication information.

When the monitoring management overhead domain shown in table 7 is used to carry key synchronization information, the implementation manner of synchronously switching keys between the sending end and the receiving end is as follows:

fig. 15 is a third schematic diagram of synchronously switching keys between a sending end and a receiving end according to an embodiment of the present application. Referring to fig. 15, the multiframe period includes 4 encryption periods, that is, in 1 multiframe period, the sending end may send the OSU frame with 4 encryption periods to the receiving end. KI is switching indication information indicating that key0 is used for the next multiframe period when KI = 00; when KI =01, key1 is indicated to be used for the next multiframe period. Suppose that the key currently used by the sending end and the receiving end is key0, the next key cycle starts from the (n + 2) th multiframe cycle, and the key needed to be used in the next key cycle is key1. The transmitting end may send KI =00 to the receiving end in the nth multiframe period, indicating that the key used in the (n + 1) th multiframe period is key0. And transmitting KI =01 to the receiving end in the (n + 1) th multiframe period, indicating that the key used in the (n + 2) th multiframe period is key1, and switching the key used in the (n + 2) th multiframe period to key1. Correspondingly, the receiving end synchronously switches the key according to the value of KI, wherein the key used in the nth multiframe period and the (n + 1) th multiframe period is key0, and the key used in the (n + 2) th multiframe period is key1.

Wherein, the values of KI in 1 multiframe period are the same, the receiving end can adopt the mode of majority decision to confirm the value of a plurality of KI in 1 multiframe period. Assuming that 4 KI transmitted from the transmitting end to the receiving end are "01", "01" and "01" respectively in the nth multiframe period, if the channel quality is suddenly deteriorated, 4 KI received by the receiving end in the nth multiframe period are "01", "01" and "00" respectively, which is equivalent to that part of KI in the multiframe period has jump, at this time, since there are 3 KI of "01" and 1 KI of "00" and KI of "01" accounts for most, the receiving end can still determine that 4 KI in the multiframe period are "01", "01" and "01" respectively, and perform synchronization key switching according to the 4 KI. In this way, reliability of information transmission can be ensured.

It is understood that table 7 differs from table 6 in that: table 7 implements a synchronous handover key using handover indication information, and the handover indication information of table 7 occupies only a monitoring overhead field of 2 bits. In table 6, the reliability of the synchronized switching key can be ensured by the state machine shown in fig. 13, and specific reference may be made to the above description of fig. 13 and fig. 14. When table 7 is used to implement synchronous key switching, the sending end may send the same switching indication information to the receiving end in multiple encryption cycles, so as to ensure that the receiving end correctly receives the switching indication information and ensure the reliability of the synchronous key switching. In the method for synchronously switching keys shown in table 7, after the receiving end completes key recovery, the receiving end may feed back the prepared key information through the KCC channel to inform the sending end that the keys can be synchronously switched, so as to simplify the handshake process compared with the method for synchronously switching keys shown in table 6.

In some possible embodiments, the monitoring management information may be transmitted through the overhead of a plurality of OSUv frames within one encryption period. Specifically, table 8 is an information table in which overhead of an OSUv frame carries monitoring management information, and it is assumed that one encryption cycle includes 1024 OSUv frames. Referring to table 8, VBR _ POH1 and VBR _ POH2 in a VBR _osuvframe (an OSUv frame carrying VBR traffic) may respectively carry one or more of the following monitoring management information: the system comprises an interframe counter, key synchronization information, a counter of 64VBR multiframes, a key security management channel and authentication information. The CBR _ POH1 and CBR _ POH2 in the CBR _ OSUv frame (OSUv frame carrying CBR traffic) may carry one or more of the following monitoring management information, respectively: the system comprises an interframe counter, key synchronization information, a key security management channel and authentication information. Wherein "# X (X is an integer, and 0 ≦ X ≦ 15)" in table 8 indicates the xth frame in one crypto period, such as VBR _ POH1#0, which indicates the 0 th VBR _ POH1 in one crypto period. Thus, VBR _ POH1#0- #15[39 ] indicates that the 0 th VBR _ POH1 to the 15 th VBR _ POH1 in 1 crypto period carry an interframe counter, and that the 8 th to 39 th bits of each VBR _ POH1 are used to carry the interframe counter. [ 1. By analogy, the meanings of the other items in Table 8 are not described herein.

TABLE 8

Table 9 is an information table in which overhead of another OSUv frame provided in the embodiment of the present application carries monitoring management information, and it is assumed that one encryption cycle includes 1024 OSUv frames. Referring to table 9, VBR _ POH1 and VBR _ POH2 in a VBR _osuvframe (an OSUv frame carrying VBR traffic) may respectively carry one or more of the following monitoring management information: an inter-frame counter, switching indication information, a counter of 64VBR multiframes, a key security management channel and authentication information. CBR _ POH1 and CBR _ POH2 in a CBR _ OSUv frame (OSUv frame carrying CBR traffic) may carry one or more of the following monitoring management information, respectively: the system comprises an inter-frame counter, switching indication information, a key security management channel and authentication information. Wherein "# X (X is an integer, and 0 ≦ X ≦ 15)" in table 9 indicates the xth frame in one crypto period, such as VBR _ POH1#0, which indicates the 0 th VBR _ POH1 in one crypto period. Thus, VBR _ POH1#0- #15[7 ] indicates that the handover indication information is carried in each of the 0 th VBR _ POH1 to the 15 th VBR _ POH1 in 1 crypto period, and that the 6 th to 7 th bits of each VBR _ POH1 are used for carrying the handover indication information. By analogy, the meanings of the other items in the table are not repeated here.

TABLE 9

Since the VBR _ OSUv frames in 1 encryption cycle are the header overhead of the first 64VBR multiframe as the header for identifying the encryption cycle, in order to distinguish other 64VBR multiframes in the encryption cycle, the counter of the 64VBR multiframes in VBR _ POH1 is used to identify the 64VBR multiframes in 1 encryption cycle. In other words, the counter of 64VBR multiframes described above indicates that the current 64VBR multiframe is the several 64VBR multiframe in 1 encryption period. Since the header overhead of the first 256CBR multiframe in the CBR _ OSUv frame in 1 encryption cycle is used as the header for identifying the encryption cycle, and 1 encryption cycle includes 1 256CBR multiframe, there is no CBR multiframe counter in the CBR _ OSUv frame. The description of the interframe counters, the key synchronization information, the handover indication information, the key security management channels, and the authentication information in tables 8 and 9 may refer to the description in tables 6 and 7 in the above embodiments, and are not repeated herein.

When the overhead of the OSUv frame shown in table 8 is used to carry monitoring management information to implement a specific embodiment of the synchronous handover key, reference may be made to the embodiments of the synchronous handover key shown in fig. 13 to 14. In specific implementation, the manner of carrying the monitoring management information in the embodiments shown in fig. 13 to fig. 14 may be replaced by the manner of carrying the monitoring management information shown in table 8, which is not described herein again.

In table 8 and table 9, 16 inter-frame counters are transmitted for VBR _ OSUv frames in 1 encryption period, and 8 inter-frame counters are transmitted for CBR _ OSUv frames in 1 encryption period. Correspondingly, the OSU frames shown in tables 6 and 7 above are passed through only 1 interframe counter in 1 encryption cycle. Therefore, in the manner that the overhead of the OSUv frame shown in tables 8 and 9 carries the monitoring management information, even if the first inter-frame counter is not correctly received by the receiving end due to accidental packet loss, the receiving end can still receive the inter-frame counters after the first inter-frame counter, so as to ensure the reliability of encryption and decryption.

Wherein, the VBR _ OSUv frame in 1 encryption period transmits 16 inter-frame counters, and the 16 inter-frame counters have the same value; the CBR _ OSUv frame passes 8 inter-frame counters within 1 encryption period, and the values of the 8 inter-frame counters are the same. Therefore, even if the first interframe counter is not correctly received by the receiving end due to accidental packet loss, the receiving end can still receive the interframe counters after the first interframe counter, and the reliability of encryption and decryption is improved and ensured. In addition, the recovery time of the counter may also be reduced in abnormal situations.

In table 9 above, in the overhead of the VBR _ OSUv frame and the CBR _ OSUv frame within 1 encryption period, the switching indication information may be referred to as Key Indication (KI), and KI may include 2 bits, for example, when KI is "00", it indicates that the next key period uses the first key, and when KI is "01", it indicates that the next key period uses the second key.

When the overhead of the OSUv frame shown in table 9 is used to carry monitoring management information to implement a specific implementation of synchronous key switching between the sending end and the receiving end, reference may be made to the implementation of synchronous key switching shown in fig. 15, which is not described herein again. Of course, since in VBR _ OSUv frames within 1 crypto period, KI is passed 16 times; in a CBR _ OSUv frame within 1 encryption period, KI is transmitted 8 times, so in specific implementation, a multiframe period may not be used, that is, 1 time of transmission by the transmitting end may transmit an OSUv frame of 1 encryption period to the receiving end, and KI in the OSUv frame of the encryption period is transmitted 8 or 16 times.

In a VBR _ OSUv frame in 1 encryption period, KI is transmitted 16 times, and the 16 KI values are the same; in the CBR _ OSUv frame within 1 encryption period, KI is passed 8 times, and the 8 KI values are the same. For KI repeatedly transmitted in 1 encryption cycle for multiple times, the receiving end may determine values of multiple KI in the 1 encryption cycle in a majority decision manner, and the specific implementation manner may refer to the above-mentioned description of "the receiving end determines values of multiple KI in 1 multiframe cycle in a majority decision manner", which is not described herein again.

In the manner of synchronously switching keys shown in table 9, after the receiving end completes key recovery, the receiving end may only need to feed back the prepared key information through the KCC channel to inform the sending end that the keys can be synchronously switched, so as to simplify the handshake process compared with the manner of synchronously switching keys shown in table 8.

In some possible embodiments, the monitoring management information may be carried in an Operation Administration and Maintenance (OAM) cell. In other words, the transmitting end can transmit the monitoring management information to the receiving end using the OAM cell. The sending time and period of the OAM cell can be adjusted according to actual requirements, that is, the sending end can change the length of the encryption period of the service data by adjusting the sending period of the OAM, the transmission speed of the small-bandwidth service can be improved, and the period of synchronously switching the key between the sending end and the receiving end is adjusted, so that the encryption of the service data is more flexible.

Next, the present application provides an example of implementing the above encryption transmission method, which specifically includes:

fig. 16 is a schematic diagram of interaction between a sending end and a receiving end according to an embodiment of the present application. Referring to fig. 16, in a process in which a transmitting end transmits an OSU frame to a receiving end, and the receiving end receives the OSU frame from the transmitting end, the transmitting end may perform the following three steps: the receiving end can execute the following three steps: overhead processing, decryption and service data processing.

At a sending end, the service data processing step may be mapping the service data to payloads of a plurality of OSU frames in an encryption period, so as to use the OSU frames to carry the service data; the encrypting step may be encrypting the payload of the OSU frame carrying the service data; the overhead processing step may be writing monitoring management information in the overhead of the OSU frame carrying the service data. Correspondingly, at the receiving end, the overhead processing step may be to read out monitoring management information from the overhead of the OSU frame carrying the service data; the decryption step may be decrypting a payload of an OSU frame carrying the service data; the service data processing step may be to acquire the decrypted service data from the payload of the decrypted OSU frame. Wherein, monitoring the management information may include: the encryption and decryption control information includes indication information, authentication information, key switching completion information, key switching request information, and key switching confirmation information. The switching indication information, the key switching completion information, the key switching request information, and the key switching confirmation information may be collectively referred to as key synchronization information.

It should be noted that, at the sending end, the encryption step may be performed before the overhead processing step, or may be performed after the overhead processing step, which is not limited in this application. At the receiving end, the decryption step may be performed before the overhead processing step, or may be performed after the overhead processing step, which is not limited in the present application.

The following describes the procedure of the sending end executing the steps of service data processing, encryption and overhead processing, and the procedure of the receiving end executing the steps of overhead processing, decryption and service data processing, in detail, with reference to the accompanying drawings.

Fig. 17 is a schematic flowchart of a sending end encrypting data according to an embodiment of the present application. Referring to fig. 17, the OTN device may be a transmitting end or a receiving end. When the OTN device is a sending end, the process of the sending end performing the service data processing, the encryption, and the overhead processing steps may include the following implementation manners:

the sending end maps the service data into the payloads of a plurality of OSU frames in an encryption period, and maps the plurality of OSU frames to a processing channel through a cell bus (also called OSU bus) and a channel map. Then, the transmitting end performs an information processing step, which may include: the sending end obtains a key and an initial vector used by the current encryption period. And, the sending end performs an overhead processing step, which may include: the sending end determines the key used in the current encryption period, the indication information of the initial vector, the key synchronization information and the like, and writes the indication information of the encryption and decryption control information, the key synchronization information and the like into the overhead of a plurality of OSU frames in the processing channel. Then, the sending end encrypts the payloads of the plurality of OSU frames, and the sending end may encrypt the payloads of the plurality of OSU frames by using a key, an initial vector, and an AES encryption function, to obtain a plurality of encrypted OSU frames. The transmitting end further performs an authentication identification processing step, which may include: and the sending end determines a first authentication identifier by using the encrypted payloads of the OSU frames. The sending end also executes an authentication identifier writing step, and writes the first authentication identifier into the overhead of the OSU frames. And finally, the transmitting end transmits the OSU frames to the receiving end through the cell bus and the transceiving module.

Correspondingly, when the OTN device is a receiving end, the process of the receiving end performing overhead processing, decryption and service data processing may include the following embodiments:

the receiving end receives a plurality of OSU frames from the transmitting end by using the transceiving module and maps the OSU frames to the processing channel through the cell bus and the channel mapping. Then, the receiving end performs an overhead processing step, which may include: the receiving end reads the indication information of the key, the indication information of the initial vector and the key synchronization information from the overhead of a plurality of OSU frames in the processing channel. And, the receiving end further performs an information processing step, which may include: and the receiving end determines the key and the initial vector used in the current encryption period according to the indication information of the key and the indication information of the initial vector. Thereafter, the receiving end performs an authentication identification processing step, which may include: and the receiving end determines a second authentication identifier by using the payload of the undecrypted OSU frame. Finally, the receiving end decrypts the payloads of the plurality of OSU frames, namely decrypts the payloads of the plurality of OSU frames by using the key, the initial vector and the AES encryption function to obtain a plurality of decrypted OSU frames and further obtain decrypted service data. And the receiving end executes an authentication identifier reading step, reads the first authentication identifier from the overhead of the OSU frames, compares whether the first authentication identifier and the second authentication identifier are consistent, and if not, indicates that the ciphertext is possibly tampered in the transmission process.

It can be understood that, the above-mentioned processes of performing the steps of processing the service data, encrypting and overhead processing by the sending end, and the detailed implementation of performing the steps of overhead processing, decrypting and processing the service data by the receiving end may refer to the above-mentioned method embodiment, and are not described herein again.

In some possible embodiments, the cell bus may be N128 (N is a positive integer and N ≦ 12, e.g., N may be 1, 2, 3, 4, 6, 12, etc.). When N =12, the OTN device can process 1 OSU frame at a time; when N < 12, 1 OSU frame is divided into multiple OSU subframes, and the overhead of the OSU frame is located in the first OSU subframe of the multiple OSU subframes. The processing procedure of the OTN device on the plurality of OSU subframes may be: performing an overhead processing step on overhead in a first OSU sub-frame, performing an encryption or decryption step on payload in the first OSU sub-frame, and performing an encryption or decryption step on a second and subsequent OSU sub-frames.

Based on the encryption transmission method illustrated in any one of fig. 10 to 17, the transmitting end can encrypt a plurality of OSU frames within one encryption period and transmit the plurality of OSU frames. When encrypting multiple OSU frames, the sending end may map the multiple encrypted OSU frames into an ODUk frame, so as to use the ODUk frame to carry the multiple encrypted OSU frames. In other words, the sending end can encrypt part of service data carried by the ODUk frame separately, so as to improve data security. In addition, since the OSU frame can carry the small particle service, encrypting the OSU frame is equivalent to encrypting the small particle service, so that the data encryption service can be provided for the user of the small particle service. Moreover, the encryption of different particle services in the OTN can be perfected, so that the encryption can be supported for any user service, the user service is not involved, the line speed is ensured, and the end-to-end safety management is realized. The encrypted OSU frame can be transparently transmitted in the OTN, and the monitoring management of the OTN is not influenced.

The encryption transmission method provided by the embodiment of the present application is described in detail above with reference to fig. 10 to 17. The following describes in detail an encryption transmission apparatus for executing the encryption transmission method provided in the embodiment of the present application with reference to fig. 10 to 17.

For example, fig. 18 is a schematic structural diagram of an encryption transmission apparatus provided in the embodiment of the present application. As shown in fig. 18, the encryption transmission apparatus 1800 includes: a processing module 1801 and a transceiver module 1802. For convenience of explanation, fig. 18 shows only main components of the encryption transmission apparatus.

In some embodiments, the encryption transmission apparatus 1800 may be applied to the network architecture described in fig. 1 above, and performs the function of the OTN device (i.e., the sending end) that sends the service data in the network architecture. For example, assuming that N1 sends service data to N3 in the network architecture shown in fig. 1, that is, N1 is a sending end and N3 is a receiving end, the encryption transmission apparatus 1800 may perform the function of N1 in the network architecture.

The processing module 1801 is configured to encrypt, according to the encryption and decryption control information, a plurality of data in an encryption cycle one by one. A transceiver module 1802 configured to transmit a plurality of OSU frames. Each OSU frame carries encrypted data, and a plurality of OSU frames carry indication information of encryption and decryption control information.

In a possible design, the processing module 1801 is further configured to generate a plurality of cipher blocks according to the encryption and decryption control information. The total number M of bits of the plurality of cipher blocks is greater than or equal to the total number N of bits of the plurality of data, and both M and N can be positive integers. The processing module 1801 is further configured to encrypt the plurality of data bitwise using N bits of the plurality of cipher blocks.

Optionally, the processing module 1801 is further configured to encrypt an ith bit of the plurality of data using an ith bit of the N bits. Wherein i can be a positive integer, and i is less than or equal to N.

In one possible design, the transceiver module 1802 is further configured to send handover indication information to the receiving end. The switching indication information is used to indicate a key of a next key cycle, and the key cycle may include a plurality of encryption cycles.

Optionally, the transceiver module 1802 is further configured to send key switch request information to the receiving end. The key switching request information is used for indicating a receiving end to feed back key switching confirmation information. The transceiver module 1802 is further configured to receive key switching confirmation information from the receiving end. Wherein the key switch confirmation information is used to instruct the encryption transmission apparatus according to the third aspect to send the switch instruction information.

Optionally, the transceiver module 1802 is further configured to receive key switch completion information from the receiving end. The key switching completion information is used for indicating the receiving end to complete key switching.

In one possible design, the OSU frames carry authentication information, and the authentication information is determined by the encryption/decryption control information and the encrypted data.

In some possible embodiments, the encryption transmission apparatus 1800 may be applied to the network architecture described in fig. 1 above, and performs the function of the OTN device (i.e., the receiving end) receiving the service data in the network architecture. For example, assuming that N1 sends service data to N3 in the network architecture shown in fig. 1, that is, N1 is a sending end and N3 is a receiving end, the encryption transmission apparatus 1800 may perform the function of N3 in the network architecture.

The transceiver module 1802 is configured to receive a plurality of OSU frames in an encryption period. Each OSU frame carries encrypted data, and the OSU frames carry indication information which is used for indicating encryption and decryption control information. A processing module 1801, configured to decrypt, one by one, the plurality of encrypted data according to the encryption and decryption control information.

In a possible design, the processing module 1801 is further configured to generate a plurality of cipher blocks according to the encryption and decryption control information. The total number M of bits of the plurality of cipher blocks is greater than or equal to the total number N of bits of the plurality of encrypted data, and both M and N can be positive integers. The processing module 1801 is further configured to decrypt the plurality of encrypted data bitwise using N bits of the plurality of cipher blocks.

Optionally, the processing module 1801 is further configured to decrypt an ith bit in the plurality of encrypted data by using an ith bit in the N bits. Wherein i can be a positive integer, and i is less than or equal to N.

In one possible design, the transceiver module 1802 is further configured to receive handover indication information from a transmitting end. The switching indication information is used to indicate a key of a next key cycle, and the key cycle may include a plurality of encryption cycles.

Optionally, the transceiver module 1802 is further configured to receive key switch request information from a sending end. Wherein the key switching request information is used to instruct the encryption transmission apparatus described in the fourth aspect to feed back the key switching confirmation information. The transceiver module 1802 is further configured to send key switch confirmation information to the sending end. The key switching confirmation information is used for indicating the sending end to send switching indication information.

Optionally, the transceiver module 1802 is further configured to send key switch completion information to the sending end. Wherein the key switch completion information is used to instruct the encryption transmission apparatus described in the fourth aspect to complete key switch.

Alternatively, the transceiver module 1802 may include a receiving module and a transmitting module (not shown in fig. 18). The sending module is used to implement the sending function of the encryption transmission apparatus 1800, and the receiving module is used to implement the receiving function of the encryption transmission apparatus 1800.

Optionally, the encryption transmission apparatus 1800 may further include a storage module (not shown in fig. 18) that stores programs or instructions. The processing module 1801, when executing the program or instructions, enables the encrypted transmission apparatus 1800 to perform the functions of the receiving end.

Optionally, the encryption transmission apparatus 1800 may further include a storage module (not shown in fig. 18) that stores programs or instructions. The processing module 1801, when executing the program or instructions, may enable the encrypted transmission apparatus 1800 to perform the functions of the sender.

It is to be understood that the processing module 1801 involved in the encryption transmission apparatus 1800 may be implemented by a processor or a processor-related circuit component, and may be a processor or a processing unit; the transceiver module 1802 may be implemented by a transceiver or transceiver-related circuit component, and may be a transceiver or transceiver unit. The processing module 1801 may also be referred to as a processing unit 1801, and the transceiver module 1802 may also be referred to as a transceiver unit 1802.

It should be noted that the encryption transmission apparatus 1800 may be an OTN device in an OTN, a chip (system) or other component or assembly provided in the OTN device, or an apparatus including the OTN device, which is not limited in this application.

In addition, for technical effects of the encryption transmission apparatus 1800, reference may be made to the technical effects of the encryption transmission method described in the above method embodiment, which are not described herein again.

Exemplarily, fig. 19 is a schematic structural diagram of a second encryption transmission apparatus provided in the embodiment of the present application. The encryption transmission device may be the transmitting end or the receiving end, or may be a chip (system) or other components or assemblies provided at the transmitting end or the receiving end. As shown in fig. 19, the encryption transmission apparatus 1900 may include a processor 1901. Optionally, the encryption transmission apparatus 1900 may further include a memory 1902 and/or a transceiver 1903. The processor 1901 is coupled to the memory 1902 and the transceiver 1903, such as via a communication bus.

The following describes each component of the encryption transmission apparatus 1900 in detail with reference to fig. 19:

the processor 1901 is a control center of the encryption transmission apparatus 1900, and may be a single processor or a collective term for a plurality of processing elements. For example, the processor 1901 may be one or more Central Processing Units (CPUs), an Application Specific Integrated Circuit (ASIC), or one or more integrated circuits configured to implement the embodiments of the present application, such as: one or more microprocessors (digital signal processors, DSPs), or one or more Field Programmable Gate Arrays (FPGAs).

Alternatively, the processor 1901 may execute various functions of the encryption transmission apparatus 1900 by running or executing a software program stored in the memory 1902, and calling data stored in the memory 1902.

In a particular implementation, the processor 1901 may include one or more CPUs, such as CPU0 and CPU1 shown in fig. 19, as one embodiment.

In one embodiment, the encryption transmission apparatus 1900 may also include a plurality of processors, such as the processor 1901 and the processor 1904 shown in fig. 19. Each of these processors may be a single-core processor (single-CPU) or a multi-core processor (multi-CPU). A processor herein may refer to one or more devices, circuits, and/or processing cores for processing data (e.g., computer program instructions).

The memory 1902 is configured to store a software program for executing the scheme of the present application, and is controlled by the processor 1901 to execute the software program.

Alternatively, the memory 1902 may be, but is not limited to, a read-only memory (ROM) or other type of static storage device that can store static information and instructions, a Random Access Memory (RAM) or other type of dynamic storage device that can store information and instructions, an electrically erasable programmable read-only memory (EEPROM), a compact disc read-only memory (CD-ROM) or other optical disc storage, optical disc storage (including compact disc, laser disc, optical disc, digital versatile disc, blu-ray disc, etc.), magnetic disk storage or other magnetic storage devices, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer. The memory 1902 may be integrated with the processor 1901, or may be independent of the processor 1901, and is coupled to the processor 1901 through an interface circuit (not shown in fig. 19) of the encryption transmission apparatus 1900, which is not particularly limited in this embodiment of the present invention.

A transceiver 1903 for communication with other encryption transmission devices. For example, the encryption transmission apparatus 1900 is a client, and the transceiver 1903 may be used to communicate with a server.

Optionally, the transceiver 1903 may include a receiver and a transmitter (not separately shown in fig. 19). Wherein the receiver is configured to perform a receiving function and the transmitter is configured to perform a transmitting function.

Alternatively, the transceiver 1903 may be integrated with the processor 1901, or may be independent and coupled to the processor 1901 through an interface circuit (not shown in fig. 19) of the encryption transmission apparatus 1900, which is not specifically limited in this embodiment of the present invention.

It should be noted that the structure of the encryption transmission apparatus 1900 shown in fig. 19 does not constitute a limitation to the encryption transmission apparatus, and an actual encryption transmission apparatus may include more or less components than those shown in the figure, or some components may be combined, or a different arrangement of components may be used.

In addition, for technical effects of the encryption transmission apparatus 1900, reference may be made to technical effects of the encryption transmission method described in the foregoing method embodiment, and details are not described here again.

The embodiment also provides an encryption transmission system. The encryption transmission system comprises a sending end and a receiving end. The sending end may be configured to execute S1001 and S1002 in the foregoing encryption transmission method embodiment, and the receiving end may be configured to execute S1002 and S1003 in the foregoing encryption transmission method.

In the description of the present application, "at least one" means one or more, "a plurality" means two or more than two, unless otherwise specified. In addition, in order to facilitate clear description of technical solutions of the embodiments of the present application, in the embodiments of the present application, terms such as "first" and "second" are used to distinguish the same items or similar items having substantially the same functions and actions. Those skilled in the art will appreciate that the terms "first," "second," etc. do not denote any order or quantity, nor do the terms "first," "second," etc. denote any order or importance.

In addition, in the embodiments of the present application, words such as "exemplarily", "for example", etc. are used for indicating as examples, illustrations or explanations. Any embodiment or design described herein as "exemplary" is not necessarily to be construed as preferred or advantageous over other embodiments or designs. Rather, the term using examples is intended to present concepts in a concrete fashion.

This application is trueIn the examples, the subscripts are sometimes as follows ₁ It may be mistaken for a non-subscripted form such as W1, whose intended meaning is consistent when the distinction is not emphasized.

It should be understood that the processor in the embodiments of the present application may be a Central Processing Unit (CPU), and the processor may also be other general purpose processors, digital Signal Processors (DSPs), application Specific Integrated Circuits (ASICs), field Programmable Gate Arrays (FPGAs) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, and the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.

It will also be appreciated that the memory in the embodiments of the subject application can be either volatile memory or nonvolatile memory, or can include both volatile and nonvolatile memory. The non-volatile memory may be a read-only memory (ROM), a Programmable ROM (PROM), an Erasable PROM (EPROM), an Electrically Erasable PROM (EEPROM), or a flash memory. Volatile memory can be Random Access Memory (RAM), which acts as external cache memory. By way of example, but not limitation, many forms of Random Access Memory (RAM) are available, such as Static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double data rate SDRAM (DDR SDRAM), enhanced SDRAM (ESDRAM), synchlink DRAM (SLDRAM), and direct bus RAM (DR RAM).

The above embodiments may be implemented in whole or in part by software, hardware (e.g., circuitry), firmware, or any combination thereof. When implemented in software, the above-described embodiments may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions or computer programs. The procedures or functions according to the embodiments of the present application are wholly or partially generated when the computer instructions or the computer program are loaded or executed on a computer. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored in a computer readable storage medium or transmitted from one computer readable storage medium to another computer readable storage medium, for example, the computer instructions may be transmitted from one website, computer, server, or data center to another website, computer, server, or data center by wire (e.g., infrared, wireless, microwave, etc.). The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device such as a server, data center, etc. that contains one or more collections of available media. The usable medium may be a magnetic medium (e.g., floppy disk, hard disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium. The semiconductor medium may be a solid state disk.

It should be understood that the term "and/or" herein is merely one type of association relationship that describes an associated object, meaning that three relationships may exist, e.g., a and/or B may mean: a exists alone, A and B exist simultaneously, and B exists alone, wherein A and B can be singular or plural. In addition, the "/" in this document generally indicates that the former and latter associated objects are in an "or" relationship, but may also indicate an "and/or" relationship, and may be understood with particular reference to the former and latter contexts.

In the present application, "at least one" means one or more, "a plurality" means two or more. "at least one of the following" or similar expressions refer to any combination of these items, including any combination of the singular or plural items. For example, at least one (one) of a, b, or c, may represent: a, b, c, a-b, a-c, b-c, or a-b-c, wherein a, b, c may be single or multiple.

It should be understood that, in the various embodiments of the present application, the sequence numbers of the above-mentioned processes do not mean the execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation to the implementation process of the embodiments of the present application.

Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.

It can be clearly understood by those skilled in the art that, for convenience and simplicity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.

In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.

The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.

In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.

The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a portable hard disk, a read-only memory (ROM), a Random Access Memory (RAM), a magnetic disk, an optical disk, or other various media capable of storing program codes.

The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present application, and shall be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims

1. An encrypted transmission method, comprising:

encrypting a plurality of data in an encryption period one by one according to the encryption and decryption control information;

and sending a plurality of OSU frames, wherein each OSU frame carries encrypted data, and the OSU frames carry indication information of the encryption and decryption control information.

2. The method according to claim 1, wherein said encrypting a plurality of data in one encryption cycle one by one according to the encryption/decryption control information comprises:

generating a plurality of cipher blocks according to the encryption and decryption control information; the total number M of bits of the plurality of cipher blocks is greater than or equal to the total number N of bits of the plurality of data, and M and N are positive integers;

bitwise encrypting the plurality of data using N bits of the plurality of cipher blocks.

3. The method of claim 2, wherein said bitwise encrypting said plurality of data using N bits of said plurality of cipher blocks comprises:

and encrypting the ith bit in the plurality of data by using the ith bit in the N bits, wherein i is a positive integer and is less than or equal to N.

4. The method according to any one of claims 1-3, further comprising:

and sending switching indication information to a receiving end, wherein the switching indication information is used for indicating a key of the next key period, and the key period comprises a plurality of encryption periods.

5. The method of claim 4, wherein before the sending the handover indication information to the receiving end, the method further comprises:

sending key switching request information to the receiving end, wherein the key switching request information is used for indicating the receiving end to feed back key switching confirmation information;

and receiving the key switching confirmation information from the receiving end, wherein the key switching confirmation information is used for indicating the sending end to send the switching indication information.

6. The method according to claim 4 or 5, wherein after said sending handover indication information to the receiving end, the method further comprises:

and receiving key switching completion information from the receiving end, wherein the key switching completion information is used for indicating the receiving end to complete key switching.

7. An encrypted transmission method, comprising:

receiving a plurality of OSU frames in an encryption period, wherein each OSU frame carries encrypted data and carries indication information which is used for indicating encryption and decryption control information;

and decrypting the plurality of encrypted data one by one according to the encryption and decryption control information.

8. The method according to claim 7, wherein decrypting the plurality of encrypted data one by one according to the encryption/decryption control information comprises:

generating a plurality of cipher blocks according to the encryption and decryption control information; the total number M of bits of the plurality of cipher blocks is greater than or equal to the total number N of bits of the plurality of encrypted data, wherein M and N are positive integers;

and bitwise decrypting the plurality of encrypted data using the N bits in the plurality of cipher blocks.

9. The method of claim 8, wherein said bitwise decrypting the plurality of encrypted data using N bits of the plurality of cipher blocks comprises:

and decrypting the ith bit in the plurality of encrypted data by using the ith bit in the N bits, wherein i is a positive integer and is less than or equal to N.

10. The method according to any one of claims 7-9, further comprising:

receiving switching indication information from a sending end, wherein the switching indication information is used for indicating a key of a next key cycle, and the key cycle comprises a plurality of encryption cycles.

11. The method according to claim 10, wherein before said receiving the handover indication information from the transmitting end, the method further comprises:

receiving key switching request information from the sending end, wherein the key switching request information is used for indicating a receiving end to feed back key switching confirmation information;

and sending the key switching confirmation information to the sending end, wherein the key switching confirmation information is used for indicating the sending end to send the switching indication information.

12. The method according to claim 10 or 11, wherein after said receiving the handover indication information from the transmitting end, the method further comprises:

and sending key switching completion information to the sending end, wherein the key switching completion information is used for indicating a receiving end to complete key switching.

13. An encryption transmission apparatus, comprising: the device comprises a processing module and a transmitting-receiving module; wherein,

the processing module is used for encrypting a plurality of data in an encryption period one by one according to the encryption and decryption control information;

the transceiver module is configured to send a plurality of OSU frames, where each OSU frame carries an encrypted data, and the OSU frames carry indication information of the encryption and decryption control information.

14. The apparatus of claim 13, wherein the processing module is further configured to generate a plurality of cipher blocks according to the encryption and decryption control information; the total number M of bits of the plurality of cipher blocks is greater than or equal to the total number N of bits of the plurality of data, and M and N are positive integers;

the processing module is further configured to encrypt the plurality of data bitwise using N bits of the plurality of cipher blocks.

15. The apparatus of claim 14, wherein the processing module is further configured to encrypt an ith bit of the plurality of data using an ith bit of the N bits, i being a positive integer, i ≦ N.

16. The apparatus according to any of claims 13-15, wherein the transceiver module is further configured to send a handover indication message to a receiving end, where the handover indication message is used to indicate a key of a next key cycle, and the key cycle includes multiple ciphering cycles.

17. The apparatus according to claim 16, wherein the transceiver module is further configured to send a key switch request message to the receiving end, where the key switch request message is used to instruct the receiving end to feed back key switch confirmation information;

the transceiver module is further configured to receive the key switch acknowledgement message from the receiving end, where the key switch acknowledgement message is used to instruct the device to send the switch instruction message.

18. The apparatus according to claim 16 or 17, wherein the transceiver module is further configured to receive a key switch completion message from the receiving end, and the key switch completion message is used to instruct the receiving end to complete key switch.

19. An encryption transmission apparatus, comprising: the device comprises a processing module and a transmitting-receiving module; wherein,

the transceiver module is configured to receive multiple OSU frames in an encryption cycle, where each OSU frame carries an encrypted data, and the multiple OSU frames carry indication information, where the indication information is used to indicate encryption and decryption control information;

and the processing module is used for decrypting the plurality of encrypted data one by one according to the encryption and decryption control information.

20. The apparatus of claim 19, wherein the processing module is further configured to generate a plurality of cipher blocks according to the encryption and decryption control information; the total number M of bits of the plurality of cipher blocks is greater than or equal to the total number N of bits of the plurality of encrypted data, wherein M and N are positive integers;

the processing module is further configured to decrypt the plurality of encrypted data bitwise using the N bits of the plurality of cipher blocks.

21. The apparatus of claim 20, wherein the processing module is further configured to decrypt an ith bit of the plurality of encrypted data using an ith bit of the N bits, i being a positive integer, i ≦ N.

22. The apparatus according to any of claims 19-21, wherein the transceiver module is further configured to receive a handover indication information from a sending end, where the handover indication information is used to indicate a key of a next key cycle, and the key cycle includes multiple ciphering cycles.

23. The apparatus of claim 22, wherein the transceiver module is further configured to receive key switch request information from the sender, where the key switch request information is used to instruct the apparatus to feed back key switch acknowledgement information;

the transceiver module is further configured to send the key switch acknowledgement message to the sending end, where the key switch acknowledgement message is used to instruct the sending end to send the switch indication message.

24. The apparatus according to claim 22 or 23, wherein the transceiver module is further configured to send key switch completion information to the sender, where the key switch completion information is used to instruct the apparatus to complete key switch.

25. An encryption transmission apparatus, comprising: a processor coupled with a memory;

the processor configured to execute the computer program stored in the memory to cause the encryption transmission apparatus to execute the encryption transmission method according to any one of claims 1 to 12.

26. A computer-readable storage medium, comprising a computer program or instructions which, when run on a computer, cause the computer to carry out the method of encrypted transmission according to any one of claims 1 to 12.

27. A computer program product, the computer program product comprising: computer program or instructions for causing a computer to perform the method of encrypted transmission according to any one of claims 1 to 12 when said computer program or instructions are run on the computer.