CN115834026A - Safety encryption method based on industrial protocol - Google Patents
Safety encryption method based on industrial protocol Download PDFInfo
- Publication number
- CN115834026A CN115834026A CN202211512189.3A CN202211512189A CN115834026A CN 115834026 A CN115834026 A CN 115834026A CN 202211512189 A CN202211512189 A CN 202211512189A CN 115834026 A CN115834026 A CN 115834026A
- Authority
- CN
- China
- Prior art keywords
- data
- key
- encryption
- protocol
- data packet
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02P—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
- Y02P90/00—Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
- Y02P90/02—Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
Description
技术领域technical field
本发明属于数据加密技术领域,涉及一种基于工业协议的安全加密方法。The invention belongs to the technical field of data encryption, and relates to a safe encryption method based on industrial protocols.
背景技术Background technique
当前市场加密产品还是以虚拟专用网(VPN)为主,VPN相关技术及产品目前市场已经非常成熟,目前使用比较多的VPN产品主要以IPSec VPN和SSLVPN为主,IP安全协议(IPSec)通过Internet密钥交换协议(IKE协议)进行秘钥协商后生成一个数据加密秘钥,并用这个秘钥对传输的数据进行封装和加密,SSL一般用在移动办公人员,另外一般还需要安装客户端软件或客户端插件。Currently, encryption products in the market are mainly based on virtual private network (VPN). The market for VPN-related technologies and products is very mature. At present, the most used VPN products are mainly IPSec VPN and SSLVPN. The key exchange protocol (IKE protocol) generates a data encryption key after key negotiation, and uses this key to encapsulate and encrypt the transmitted data. SSL is generally used for mobile office workers, and generally requires the installation of client software or Client plugin.
当前标准的VPN技术及产品也存在一定的不足和缺陷,一些漏洞和缺陷也经常被黑客所利用,比如IPSec VPN产品由于采用了DH交换,存在无法抵抗“中间人”攻击的漏洞,秘钥协商过程会泄漏协商者的身份,加密算法也都以国际算法为主,算法都比较公开。另外,IKE协商使用预共享密钥的身份认证方式,存在安全性低、技术落后、不符合我国相关密码政策等问题,随着信息化与工业化深度快速融合,众多国家关键基础设施在工业业务领域面临安全考验,该发明装置基于工业协议特征动态生成加密密钥,保证数据传输的安全,为工业业务场景提供更具适应性和更为安全性的全方位的数据安全加密解决方案。The current standard VPN technology and products also have certain deficiencies and defects, some of which are often exploited by hackers. For example, because IPSec VPN products use DH exchange, there are vulnerabilities that cannot resist "man-in-the-middle" attacks. The secret key negotiation process The identity of the negotiator will be leaked, and the encryption algorithms are mainly international algorithms, and the algorithms are relatively open. In addition, IKE negotiates the use of pre-shared keys for identity authentication, which has problems such as low security, backward technology, and non-compliance with my country's relevant password policies. With the rapid integration of informatization and industrialization, many national key infrastructures Facing security challenges, the inventive device dynamically generates encryption keys based on the characteristics of industrial protocols to ensure the security of data transmission and provide a more adaptable and safer all-round data security encryption solution for industrial business scenarios.
由于当前VPN产品存在如上问题,另外传统VPN配置复杂繁琐,工业环境需要互联的节点多,带宽小,传统VPN需要改变现有的网络拓扑结构,密钥协商也会增加额外的带宽开销,所以通过传统VPN产品根本无法在工业环境部署。Due to the above problems in the current VPN products, and the complex and cumbersome configuration of the traditional VPN, the industrial environment needs to connect many nodes and the bandwidth is small, the traditional VPN needs to change the existing network topology, and the key negotiation will increase additional bandwidth overhead, so through Traditional VPN products simply cannot be deployed in industrial environments.
因此设计了一种基于工业协议的安全加密方法,通过透明方式部署,无需对现有网络拓扑做任何修改,加密密钥基于工业协议特征动态生成,该装置可以对工业协议进行内容深度解析,客户可以自定义参与密钥运算的工业协调特征属性,加密密钥基于一个出厂预置的根密钥+工业协调特征+时间参数,通过根密钥和国密算法散列生成,保证密钥能实时更新,同时无需额外的密钥协商数据,减少网络带宽开销,根密钥预置,保证了密钥的绝对安全。Therefore, a secure encryption method based on industrial protocols is designed, which is deployed in a transparent manner without any modification to the existing network topology. The encryption key is dynamically generated based on the characteristics of industrial protocols. The device can perform in-depth analysis of the content of industrial protocols. Customers You can customize the industrial coordination feature attributes involved in the key calculation. The encryption key is based on a factory preset root key + industrial coordination feature + time parameter, and is generated by hashing the root key and the national secret algorithm to ensure that the key can be real-time It is updated without additional key negotiation data, reducing network bandwidth overhead, and the root key is preset to ensure the absolute security of the key.
发明内容Contents of the invention
本发明的目的就是提供一种基于工业协议的安全加密方法,包括加密密钥运算、数据加密封装、解密密钥运算和数据解密。The purpose of the present invention is to provide a secure encryption method based on industrial protocols, including encryption key calculation, data encryption encapsulation, decryption key calculation and data decryption.
加密密钥运算具体步骤如下:The specific steps of encryption key operation are as follows:
网卡接收明文数据包,工业协议深度解析模块对数据包进行深度解析,比如modbus协议的寄存器种类、功能码、访问类型、PLC地址、寄存器地址。The network card receives plaintext data packets, and the industrial protocol deep analysis module performs in-depth analysis on the data packets, such as register types, function codes, access types, PLC addresses, and register addresses of the modbus protocol.
查询预定义的协议特征库,也就是需要参与密钥运算的内容,预定义的协议特征库可以为深度解析结果的任意几个字段,并对数据包中的协议特征数据通过国密SM3算法计算256位的HASH值(哈希值),然后前128位于后128位进行异或运算,最终的到128位的协议特征HASH值。Query the predefined protocol feature library, that is, the content that needs to participate in the key operation. The predefined protocol feature library can be any few fields of the in-depth analysis result, and the protocol feature data in the data packet is calculated by the national secret SM3 algorithm 256-bit HASH value (hash value), and then the first 128 bits are located in the last 128 bits for XOR operation, and the final 128-bit protocol characteristic HASH value.
获取系统当前时间,读取根密钥。Get the current time of the system and read the root key.
使用根密钥对计算的128位HASH值进行国密SM4加密运算,散列出一级密钥;使用根密钥对当前时间进行SM4运算,散列出二级密钥;一级密钥与二级密钥异或运算,散列出三级数据加密密钥。Use the root key to perform national secret SM4 encryption operation on the calculated 128-bit HASH value, and hash out the first-level key; use the root key to perform SM4 operation on the current time, and hash out the second-level key; the first-level key and The secondary key XOR operation hashes out the tertiary data encryption key.
数据加密封装过程如下:The process of data encryption and encapsulation is as follows:
接收明文数据包,获取数据包载荷数据。Receive plaintext packets and obtain packet payload data.
对需要加密的数据使用PKCS7Padding方式填充对齐,因为使用SM4算法,所以加密数据长度必须是SM4算法密钥长度的整数倍。Use the PKCS7Padding method to pad the data to be encrypted. Because the SM4 algorithm is used, the length of the encrypted data must be an integer multiple of the key length of the SM4 algorithm.
使用SM4算法和散列的三级加密密钥对数据加密,将协议特征HASH数据和加密数据重新封装数据包;重新计算数据包的校验和,包括IP头校验和和TCP/UDP头校验和;发送加密后的数据包。Use the SM4 algorithm and the hashed three-level encryption key to encrypt the data, repackage the data packet with the protocol characteristic HASH data and encrypted data; recalculate the checksum of the data packet, including the IP header checksum and TCP/UDP header check Checksum; send encrypted data packet.
解密密钥运算具体步骤如下:The specific steps of the decryption key operation are as follows:
网卡接收密文数据包,获取数据包载荷数据,其中前128位为协议特征HASH值,后面的为加密数据。The network card receives the ciphertext data packet and obtains the payload data of the data packet, in which the first 128 bits are the protocol characteristic HASH value, and the latter is the encrypted data.
获取系统当前时间,读取根密钥。Get the current time of the system and read the root key.
使用根密钥对前128位协议特征HASH值进行国密SM4加密运算,散列出一级密钥;使用根密钥对当前时间进行SM4运算,散列出二级密钥;一级密钥与二级密钥异或运算,散列出三级数据解密密钥。Use the root key to perform national secret SM4 encryption operation on the first 128-bit protocol characteristic HASH value, and hash out the first-level key; use the root key to perform SM4 operation on the current time, and hash out the second-level key; first-level key Exclusive OR operation with the secondary key to hash the tertiary data decryption key.
数据解密过程如下:The data decryption process is as follows:
网卡接收密文数据包,使用数据解密密钥通过SM4国密算法对数据包内容进行解密。The network card receives the ciphertext data packet, and uses the data decryption key to decrypt the content of the data packet through the SM4 national secret algorithm.
工业协议深度解析模块对解密后的数据包进行深度解析,比如modbus协议的寄存器种类、功能码、访问类型、PLC地址、寄存器地址等。The industrial protocol in-depth analysis module performs in-depth analysis on the decrypted data packets, such as register types, function codes, access types, PLC addresses, register addresses, etc. of the modbus protocol.
查询预定义的协议特征库,也就是需要参与密钥运算的内容,预定义的协议特征库为深度解析结果的任意几个字段,并对数据包中的协议特征数据通过国密SM3算法计算256位的HASH值,然后前128位于后128位进行异或运算,最终的到128位的协议特征HASH值。Query the predefined protocol feature library, that is, the content that needs to participate in the key operation. The predefined protocol feature library is any few fields of the in-depth analysis result, and the protocol feature data in the data packet is calculated by the national secret SM3 algorithm 256 Bit HASH value, then the first 128 bits are placed in the last 128 bits for XOR operation, and the final 128-bit protocol characteristic HASH value is obtained.
对得到的协议特征HASH值与收到的数据包载荷头部的HASH值对比,对比一致表示数据正确,否则数据可能被篡改,直接丢弃。Compare the obtained protocol characteristic HASH value with the HASH value of the received data packet payload header, if the comparison is consistent, the data is correct, otherwise the data may be tampered with and discarded directly.
重新封装数据包内容,去除协调特征HASH字段,还原明文数据包;转发数据包。Re-encapsulate the content of the data packet, remove the coordination feature HASH field, restore the plaintext data packet; forward the data packet.
工业网络环境具有数据节点多,网络结构复杂,带宽比较低的特点,业网络环境部署传统加密产品对网络改动很大,不容易部署,增加带宽开销,还容易受到网络攻击,对业务会带来很多不稳定因素。本发明将根密钥固化在设备内部,外部无法获取,通过协议特征和时间参数散列三级密钥体系完成对数据的加密,解决在工业环境中数据的安全加密问题;通过工业协调的特征参数和时间参数参与密钥散列,实现加密数据一包一密;采用SM3国密算法,保证数据的完整性和正确性;完全透明方式部署,无需对现有拓扑结构做任何修改。The industrial network environment has the characteristics of many data nodes, complex network structure, and relatively low bandwidth. The deployment of traditional encryption products in the industrial network environment has greatly changed the network, is not easy to deploy, increases bandwidth overhead, and is also vulnerable to network attacks. Many unstable factors. The invention solidifies the root key inside the device and cannot be obtained from the outside, completes the data encryption through the three-level key system of protocol features and time parameter hashing, and solves the problem of data security encryption in the industrial environment; through the characteristics of industrial coordination Parameters and time parameters participate in key hashing to realize encrypted data for one package and one encryption; SM3 national secret algorithm is used to ensure the integrity and correctness of data; it is deployed in a completely transparent manner without any modification to the existing topology.
附图说明Description of drawings
图1为加密密钥运算流程;Figure 1 is the encryption key calculation process;
图2为数据加密封装流程;Figure 2 is the process of data encryption encapsulation;
图3为解密密钥运算流程图;Fig. 3 is a flow chart of decryption key operation;
图4为数据解密验证流程;Figure 4 is the data decryption verification process;
图5为加密前后数据包内容示意图。Fig. 5 is a schematic diagram of the content of the data packet before and after encryption.
具体实施方式Detailed ways
一种基于工业协议的安全加密方法,包括加密密钥运算、数据加密封装、解密密钥运算和数据解密:A secure encryption method based on industrial protocols, including encryption key calculation, data encryption encapsulation, decryption key calculation and data decryption:
如图1所示,加密密钥运算具体包括如下步骤:As shown in Figure 1, the encryption key operation specifically includes the following steps:
网卡接收明文数据报文;The network card receives the plaintext data message;
将明文报文送往工业协议深度解析模块解析,如果解析成功,则查询预定义的需要参与密钥运算的协议特征库(由用户提前定义需要参与密钥运算的数据),如果不是工业协议数据或深度解析失败,则通过数据五元组(数据的源地址、目的地址、源端口、目的端口、协议)作为协议特征数据;Send the plaintext message to the industrial protocol deep analysis module for analysis. If the analysis is successful, query the predefined protocol feature library that needs to participate in the key operation (the data that needs to participate in the key operation is defined by the user in advance), if it is not industrial protocol data Or if the in-depth analysis fails, the data five-tuple (data source address, destination address, source port, destination port, protocol) is used as the protocol feature data;
对协议特征数据通过SM3算法计算HASH值,输出256位的HASH数据,然后使用前128位和后128位异或运算,获得协议特征HASH数据,并作为一级密钥散列参数;Calculate the HASH value of the protocol feature data through the SM3 algorithm, output 256-bit HASH data, and then use the first 128 bits and the last 128-bit XOR operation to obtain the protocol feature HASH data, and use it as a primary key hash parameter;
使用根密钥通过SM4算法对协议特征HASH数据运算散列一级密钥;Use the root key to hash the first-level key on the protocol feature HASH data through the SM4 algorithm;
使用根密钥通过SM4算法对系统当前时间散列二级密钥;Use the root key to hash the secondary key for the current time of the system through the SM4 algorithm;
通过一级密钥和二级密钥异或运算,散列出三级数据加密密钥;Through the XOR operation of the first-level key and the second-level key, the third-level data encryption key is hashed;
如图2所示,数据加密封装过程具体为:As shown in Figure 2, the process of data encryption and encapsulation is as follows:
接收明文数据包;Receive plaintext packets;
获取数据包载荷数据;Obtain packet payload data;
对需要加密的数据使用PKCS7Padding方式填充对齐,因为使用SM4算法,所以加密数据长度必须是SM4算法密钥长度的整数倍;Use the PKCS7Padding method to pad the data to be encrypted. Because the SM4 algorithm is used, the length of the encrypted data must be an integer multiple of the key length of the SM4 algorithm;
PKCS7Padding方式具体为:数据加密前需要对数据进行按照密钥长度的整数被对齐,假设数据长度需要填充n(n>0)个字节才对齐,那么填充n个字节,每个字节都是n;如果数据本身就已经对齐了,则填充一块长度为块大小的数据,每个字节都是块大小。The PKCS7Padding method is specifically: before data encryption, the data needs to be aligned according to the integer of the key length. Assuming that the data length needs to be filled with n (n>0) bytes to be aligned, then n bytes are filled, and each byte is It is n; if the data itself is already aligned, fill a piece of data whose length is the block size, and each byte is the block size.
使用SM4算法和散列的三级加密密钥对数据加密;Data encryption using SM4 algorithm and hashed three-level encryption key;
将协议特征HASH数据和加密数据重新封装数据包;Repackage the data packet with the protocol characteristic HASH data and encrypted data;
重新计算数据包的校验和,包括IP头校验和和TCP/UDP头校验和;Recalculate the checksum of the data packet, including the IP header checksum and the TCP/UDP header checksum;
发送加密后的数据包;Send encrypted data packets;
如图3所示,解密密钥运算过程具体为:As shown in Figure 3, the decryption key calculation process is as follows:
网卡接收加密数据报文;The network card receives encrypted data packets;
获取载荷数据前128位数据,获得协议特征HASH数据,该段数据为明文的工业协议特征数据的HASH值,通过该段数据散列解密密钥;Obtain the first 128 bits of data of the payload data, and obtain the protocol characteristic HASH data. This data is the HASH value of the industrial protocol characteristic data in plain text, and the decryption key is hashed through this data;
使用根密钥通过SM4算法对协议特征HASH数据运算散列一级密钥;Use the root key to hash the first-level key on the protocol feature HASH data through the SM4 algorithm;
使用根密钥通过SM4算法对系统当前时间散列二级密钥;Use the root key to hash the secondary key for the current time of the system through the SM4 algorithm;
通过一级密钥和二级密钥异或运算,散列出三级数据解密密钥;Through the XOR operation of the first-level key and the second-level key, the third-level data decryption key is hashed;
如图4所示,数据解密具体包括如下步骤:As shown in Figure 4, data decryption specifically includes the following steps:
接收加密数据包;Receive encrypted data packets;
提取数据包载荷数据前128位协议特征HASH数据;Extract the 128-bit protocol characteristic HASH data before the packet payload data;
通过协议HASH数据和系统时间散列解密密钥;Decryption key through protocol HASH data and system time hash;
解密加密载荷数据;Decrypt encrypted payload data;
对解密后的数据进行工业协议深度解析;Perform in-depth analysis of industrial protocols on the decrypted data;
工业协议解析成功,则查询预定义的需要参与密钥运算的协议特征库,然后对协议特征数据通过SM3算法计算HASH值,使用前128位和后128位异或运算,获得解密后的协议特征HASH数据;工业协议解析失败,则使用五元组数据作为工业协议特征数据;If the industrial protocol is successfully parsed, query the predefined protocol feature library that needs to participate in the key operation, and then calculate the HASH value of the protocol feature data through the SM3 algorithm, and use the first 128 bits and the last 128 bits of XOR operation to obtain the decrypted protocol feature HASH data; if the industrial protocol analysis fails, the five-tuple data will be used as the characteristic data of the industrial protocol;
解密后的HASH数据与接收到的载荷数据中的HASH或五元组HASH对比,对比成功,表示数据正常;对比失败表示数据被篡改或解密错误,直接丢弃;The decrypted HASH data is compared with the HASH or quintuple HASH in the received payload data. If the comparison is successful, it indicates that the data is normal; if the comparison fails, it indicates that the data has been tampered with or decrypted incorrectly, and is discarded directly;
重新封装明文数据报文,并重新计算报文的校验和,包括IP头和TCP或UDP头的校验和;Re-encapsulate the plaintext data message and recalculate the checksum of the message, including the checksum of the IP header and the TCP or UDP header;
发送解密后的数据包;Send the decrypted data packet;
如图5所示,载荷数据为实际工业协议数据,为TCP或UDP头后面的数据,本发明数据加密不修改IP头和TCP/UDP头数据,所以无需修改现有拓扑结构,直接透明串联接入即可。As shown in Figure 5, the payload data is the actual industrial protocol data, which is the data behind the TCP or UDP header. The data encryption of the present invention does not modify the IP header and TCP/UDP header data, so there is no need to modify the existing topology structure, and it can be directly and transparently connected in series Just enter.
Claims (2)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211512189.3A CN115834026A (en) | 2022-11-29 | 2022-11-29 | Safety encryption method based on industrial protocol |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211512189.3A CN115834026A (en) | 2022-11-29 | 2022-11-29 | Safety encryption method based on industrial protocol |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115834026A true CN115834026A (en) | 2023-03-21 |
Family
ID=85532707
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211512189.3A Pending CN115834026A (en) | 2022-11-29 | 2022-11-29 | Safety encryption method based on industrial protocol |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115834026A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116489244A (en) * | 2023-06-25 | 2023-07-25 | 中电科网络安全科技股份有限公司 | Service data processing method and device, electronic equipment and storage medium |
| CN118200621A (en) * | 2024-05-16 | 2024-06-14 | 深圳奥联信息安全技术有限公司 | Transparent proxy encryption storage system based on IPC (Internet protocol) monitoring video |
| CN119484045A (en) * | 2024-10-29 | 2025-02-18 | 中移(杭州)信息技术有限公司 | Data processing method, device, equipment and computer storage medium |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080130895A1 (en) * | 2006-10-25 | 2008-06-05 | Spyrus, Inc. | Method and System for Deploying Advanced Cryptographic Algorithms |
| CA2791455A1 (en) * | 2010-03-18 | 2011-09-22 | Utc Fire & Security Corporation | Method of conducting safety-critical communications |
| CN103581173A (en) * | 2013-09-11 | 2014-02-12 | 北京东土科技股份有限公司 | Safe data transmission method, system and device based on industrial Ethernet |
| CN107172028A (en) * | 2017-05-09 | 2017-09-15 | 泰豪科技股份有限公司 | A kind of fieldbus data sharing method and device |
| CN111478895A (en) * | 2020-04-03 | 2020-07-31 | 乾讯信息技术(无锡)有限公司 | Network multimedia secure transmission method and system |
| CN113472520A (en) * | 2021-08-07 | 2021-10-01 | 山东省计算中心(国家超级计算济南中心) | ModbusTCP (Transmission control protocol) security enhancement method and system |
| CN115379445A (en) * | 2022-08-23 | 2022-11-22 | 中国联合网络通信集团有限公司 | A key derivation method and device, and network equipment |
-
2022
- 2022-11-29 CN CN202211512189.3A patent/CN115834026A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080130895A1 (en) * | 2006-10-25 | 2008-06-05 | Spyrus, Inc. | Method and System for Deploying Advanced Cryptographic Algorithms |
| CA2791455A1 (en) * | 2010-03-18 | 2011-09-22 | Utc Fire & Security Corporation | Method of conducting safety-critical communications |
| CN103581173A (en) * | 2013-09-11 | 2014-02-12 | 北京东土科技股份有限公司 | Safe data transmission method, system and device based on industrial Ethernet |
| CN107172028A (en) * | 2017-05-09 | 2017-09-15 | 泰豪科技股份有限公司 | A kind of fieldbus data sharing method and device |
| CN111478895A (en) * | 2020-04-03 | 2020-07-31 | 乾讯信息技术(无锡)有限公司 | Network multimedia secure transmission method and system |
| CN113472520A (en) * | 2021-08-07 | 2021-10-01 | 山东省计算中心(国家超级计算济南中心) | ModbusTCP (Transmission control protocol) security enhancement method and system |
| CN115379445A (en) * | 2022-08-23 | 2022-11-22 | 中国联合网络通信集团有限公司 | A key derivation method and device, and network equipment |
Non-Patent Citations (2)
| Title |
|---|
| 张琳;王汝传;张永平;: "IKE协议中基于预共享密钥验证的主模式研究", 南京邮电大学学报(自然科学版), no. 05, 15 October 2007 (2007-10-15) * |
| 马李翠;黎妹红;吴倩倩;杜晔;: "智能电网通信中动态密钥加密方法的研究与改进", 北京邮电大学学报, no. 04, 13 October 2017 (2017-10-13) * |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116489244A (en) * | 2023-06-25 | 2023-07-25 | 中电科网络安全科技股份有限公司 | Service data processing method and device, electronic equipment and storage medium |
| CN116489244B (en) * | 2023-06-25 | 2023-10-20 | 中电科网络安全科技股份有限公司 | Service data processing method and device, electronic equipment and storage medium |
| CN118200621A (en) * | 2024-05-16 | 2024-06-14 | 深圳奥联信息安全技术有限公司 | Transparent proxy encryption storage system based on IPC (Internet protocol) monitoring video |
| CN119484045A (en) * | 2024-10-29 | 2025-02-18 | 中移(杭州)信息技术有限公司 | Data processing method, device, equipment and computer storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Kumar | Review on network security and cryptography | |
| CN100488168C (en) | Method for safety packaging network message | |
| US8379638B2 (en) | Security encapsulation of ethernet frames | |
| CN103929299B (en) | Self-securing lightweight network message transmitting method with address as public key | |
| CN115834026A (en) | Safety encryption method based on industrial protocol | |
| CN111245862A (en) | System for safely receiving and sending terminal data of Internet of things | |
| CN111555859A (en) | SM4-GCM algorithm and application in network security protocol | |
| CN114500013B (en) | Data encryption transmission method | |
| JP2017085559A (en) | System and method for efficient and confidential symmetric encryption in channels with limited bandwidth | |
| CN101156348A (en) | Method and apparatus for securing privacy in communications between parties using pairing functions | |
| CN105721317A (en) | SDN-based data flow encryption method and system | |
| CN101521667B (en) | Safe data communication method and device | |
| CN113746861B (en) | Data transmission encryption and decryption method and encryption and decryption system based on national encryption technology | |
| CN113572766A (en) | Power data transmission method and system | |
| Cho et al. | Securing ethernet-based optical fronthaul for 5g network | |
| CN102111273A (en) | Pre-sharing-based secure data transmission method for electric load management system | |
| CN115766172B (en) | Message forwarding method, device, equipment and medium based on DPU and national cipher | |
| Cho et al. | Secure open fronthaul interface for 5G networks | |
| CN107046548B (en) | A data packet filtering method under privacy protection | |
| CN103227742A (en) | Method for IPSec (Internet protocol security) tunnel to rapidly process messages | |
| CN106161386B (en) | Method and device for realizing IPsec (Internet protocol Security) shunt | |
| CN117640235A (en) | Double encryption method and encryption gateway based on IPsec and quantum keys | |
| CN106789524A (en) | The high speed parsing of VPN encrypted tunnels and restoring method | |
| CN117201200B (en) | Secure data transmission method based on protocol stack | |
| Dunbar | Ipsec networking standards—an overview |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| AD01 | Patent right deemed abandoned | ||
| AD01 | Patent right deemed abandoned |
Effective date of abandoning: 20251121 |