[go: up one dir, main page]

CN116684768A - A management method for secure cloud OLT equipment - Google Patents

A management method for secure cloud OLT equipment Download PDF

Info

Publication number
CN116684768A
CN116684768A CN202310878462.2A CN202310878462A CN116684768A CN 116684768 A CN116684768 A CN 116684768A CN 202310878462 A CN202310878462 A CN 202310878462A CN 116684768 A CN116684768 A CN 116684768A
Authority
CN
China
Prior art keywords
message
key
data
user
olt
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310878462.2A
Other languages
Chinese (zh)
Inventor
刘欣
吴进安
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Hongsheng Fiber Communication Equipment Co ltd
Original Assignee
Shenzhen Hongsheng Fiber Communication Equipment Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Hongsheng Fiber Communication Equipment Co ltd filed Critical Shenzhen Hongsheng Fiber Communication Equipment Co ltd
Priority to CN202310878462.2A priority Critical patent/CN116684768A/en
Publication of CN116684768A publication Critical patent/CN116684768A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04QSELECTING
    • H04Q11/00Selecting arrangements for multiplex systems
    • H04Q11/0001Selecting arrangements for multiplex systems using optical switching
    • H04Q11/0062Network aspects
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/70Admission control; Resource allocation
    • H04L47/82Miscellaneous aspects
    • H04L47/825Involving tunnels, e.g. MPLS
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Small-Scale Networks (AREA)

Abstract

本发明公开了一种安全云OLT设备的管理方法,涉及设备管理领域,所述安全云OLT设备的具体管理方法为:S1,OLT设备发送加密发现报文;S2,客户端接收到OLT设备的发现报文后,解密发现报文;该安全云OLT设备的管理方法,通过OLT设备发送加密发现报文,客户端接收到OLT设备的发现报文后,解密发现报文,可以保证接入客户端的设备都是得到允许的设备,避免接入的设备为未得到允许的设备造成系统损坏,通过检查设备的MAC地址是否被用户绑定可以避免由于发送的为空设备造成资源的浪费,通过生成的通过隧道可供用户访问OLT设备,同时通过设置相邻通过隧道的重叠面积的检查功能,可以保证相邻通过隧道的信号通过率,避免造成信号干扰。

The invention discloses a management method of a security cloud OLT device, which relates to the field of device management. The specific management method of the security cloud OLT device is as follows: S1, the OLT device sends an encrypted discovery message; S2, the client receives the OLT device After discovering the message, decrypt the discovery message; the management method of the security cloud OLT device sends an encrypted discovery message through the OLT device, and after the client receives the discovery message of the OLT device, it decrypts the discovery message, which can ensure access to the client The devices at the end are all allowed devices, so as to prevent the connected devices from causing system damage due to unauthorized devices. By checking whether the MAC address of the device is bound by the user, the waste of resources caused by sending empty devices can be avoided. By generating The passing tunnel can be used for users to access the OLT equipment, and by setting the inspection function of the overlapping area of adjacent passing tunnels, the signal passing rate of adjacent passing tunnels can be guaranteed and signal interference can be avoided.

Description

一种安全云OLT设备的管理方法A management method for secure cloud OLT equipment

技术领域technical field

本发明涉及设备管理技术,具体涉及一种安全云OLT设备的管理方法。The present invention relates to equipment management technology, in particular to a management method for secure cloud OLT equipment.

背景技术Background technique

光纤接入组网架构下,接入网络中存在海量的光网络单元或者光网络终端设备,为便于描述,以下统称光网络单元ONU,为了实现对ONU设备的管理,目前采取的实现方案是光线路终端通过操作管理维护或者ONT管理控制接口代理管理ONU。Under the optical fiber access network architecture, there are a large number of optical network units or optical network terminal equipment in the access network. For the convenience of description, they are collectively referred to as optical network units ONU. The line terminal manages the ONU as an agent through the operation management and maintenance or ONT management control interface.

该方案的具体实现方式如下:OLT对外发布统一的公网管理IP地址,可通过该公网管理IP地址访问OLT所带的ONU并对其进行简单管理协议管理业务管理系统根据ONU所在OLT的公网管理IP地址发送访问ONU的SNMP报文,该SNMP报文中携带OLT的框号/槽位号/端口光纤网络终端标识信息,OLT接收通过公网转发的SNMP报文,获取该SNMP报文中的OLT/框/槽/端口/ONTID信息,并将SNMP报文转换成OAM/OMCI报文(在EPON系统中使用OAM,在GPON系统中使用OMCI),通过无源光网络线路管理通道发送到相应的ONU设备。The specific implementation of this solution is as follows: OLT releases a unified public network management IP address to the outside, and can access the ONU carried by the OLT through the public network management IP address and perform simple management protocol management on it. The network management IP address sends an SNMP message to access the ONU. The SNMP message carries the frame number/slot number/port optical network terminal identification information of the OLT. The OLT receives the SNMP message forwarded through the public network and obtains the SNMP message. OLT/box/slot/port/ONTID information in the system, and convert SNMP messages into OAM/OMCI messages (OAM is used in EPON systems, and OMCI is used in GPON systems), and sent through the passive optical network line management channel to the corresponding ONU device.

现有的OLT设备在进行使用时,接入网侧不断下沉的OLT,故障排查极难,同时现有的OLT设备在进行联网操作时相邻两个通信线路存在相互干扰。When the existing OLT equipment is in use, it is extremely difficult to troubleshoot the OLT that is continuously sinking on the access network side. At the same time, when the existing OLT equipment is networked, there is mutual interference between two adjacent communication lines.

发明内容Contents of the invention

本发明的目的是提供一种安全云OLT设备的管理方法,以解决现有技术中的上述不足之处。The purpose of the present invention is to provide a management method for a secure cloud OLT device, so as to solve the above-mentioned deficiencies in the prior art.

为了实现上述目的,本发明提供如下技术方案:一种安全云OLT设备的管理方法,所述安全云OLT设备的具体管理方法为:In order to achieve the above object, the present invention provides the following technical solutions: a management method of a secure cloud OLT device, the specific management method of the secure cloud OLT device is:

S1,OLT设备发送加密发现报文;S1, the OLT device sends an encrypted discovery message;

S2,客户端接收到OLT设备的发现报文后,解密发现报文;S2, the client decrypts the discovery message after receiving the discovery message from the OLT device;

S3,检查设备的MAC地址是否被用户绑定,若检查结果为MAC地址未被用户绑定,则将S1中发送的报文丢弃;S3, checking whether the MAC address of the device is bound by the user, if the result of the check is that the MAC address is not bound by the user, discarding the message sent in S1;

S4,若步骤S3检查结果为MAC地址被用户设备绑定,则进行密钥协商;S4, if the check result of step S3 is that the MAC address is bound by the user equipment, perform key negotiation;

S5,若步骤S4中密钥协商通过,则动态生成通过隧道,通过生成的通过隧道可供用户访问OLT设备。S5, if the key negotiation in step S4 is passed, dynamically generate a pass-through tunnel, and the generated pass-through tunnel can be used for the user to access the OLT device.

进一步地,所述OLT设备加密报文的具体方式为:Further, the specific manner of encrypting the message of the OLT device is:

A1,客户端执行待加密报文扫描后,会将原报文和新建报文的报文路径传递给报文过滤驱动,报文过滤驱动调用一个自定义的函数StaticFileEncrypt进行处理;A1, after the client scans the message to be encrypted, it will pass the message path of the original message and the new message to the message filter driver, and the message filter driver will call a custom function StaticFileEncrypt for processing;

A2,调用IoCreatFile函数打开原报文,获取报文句柄,调用rdbuf函数获取报文的字节流;A2, call the IoCreatFile function to open the original message, obtain the message handle, and call the rdbuf function to obtain the byte stream of the message;

A3,客户端调用密钥生成功能生成报文加密的对称加密密钥,并用公钥完成非对称加密后传递给报文过滤驱动,报文过滤驱动将这个密钥和其他信息组合,构造加密标识并写入字节流的头部;A3. The client invokes the key generation function to generate a symmetric encryption key for message encryption, and uses the public key to complete asymmetric encryption and then passes it to the message filter driver. The message filter driver combines this key with other information to construct an encryption identifier And write the head of the byte stream;

A4,将字节流重定向到新报文中,即向新报文中写入原报文内容,在此过程中触发IO管理器的IRP_MJ_WRITE消息,报文过滤驱动拦截后进入PreWrite回调例程,首先对IRP做预处理,将不符合加密条件的IRP过滤掉;A4. Redirect the byte stream to a new message, that is, write the original message content into the new message. During this process, the IRP_MJ_WRITE message of the IO manager is triggered. After the message filter driver intercepts it, it enters the PreWrite callback routine , first preprocess the IRP, and filter out the IRP that does not meet the encryption conditions;

A5,通过回调信息中的iopb获取即将要被加密处理的数据所在的缓冲区;A5, obtain the buffer where the data to be encrypted is located through the iopb in the callback information;

A6,从加密标识的EncryptKey参数中获取密文形式的加解密密钥,使用私钥进行非对称解密,得到明文形式的密钥;A6. Obtain the encryption and decryption key in ciphertext form from the EncryptKey parameter of the encryption identifier, and use the private key to perform asymmetric decryption to obtain the key in plaintext form;

A7,调用ExAllocatePoolWithTag函数在内核空间申请一块长度为iopb->Parameters.Write.Length的数据缓冲区;A7, call the ExAllocatePoolWithTag function to apply for a data buffer with a length of iopb->Parameters.Write.Length in the kernel space;

A8,调用RtlCopyMemory函数将步骤A2中获取到的缓冲区中的数据拷贝到新申请的缓冲区中;A8, calling the RtlCopyMemory function to copy the data in the buffer obtained in step A2 to the newly applied buffer;

A9,通过File_EncryptBuffer函数,使用AES加密算法与密钥将缓冲区中的数据加密。A9, through the File_EncryptBuffer function, use the AES encryption algorithm and key to encrypt the data in the buffer.

进一步地,所述云端解密报文的具体方法为:Further, the specific method for decrypting the message in the cloud is as follows:

B1,进入PreWrite回调例程,首先对IRP做预处理,将不符合解密条件的IRP过滤掉;B1, enter the PreWrite callback routine, first preprocess the IRP, and filter out the IRP that does not meet the decryption conditions;

B2,符合解密条件的IRP将被发往报文系统驱动,待报文系统驱动将报文密文数据读出并向IO管理器返回请求时,报文过滤驱动截获该请求,进入PostRead回调例程;B2. The IRP that meets the decryption conditions will be sent to the message system driver. When the message system driver reads the ciphertext data of the message and returns the request to the IO manager, the message filter driver intercepts the request and enters the PostRead callback example Procedure;

B3,通过回调信息中的iopb获取即将要被解密处理的数据所在缓冲区,可以通过两种途径获取到缓冲区,判断iopb->Parameters.Read.MdlAddress是否为空;B3, obtain the buffer of the data to be decrypted and processed through iopb in the callback information, and obtain the buffer in two ways to determine whether iopb->Parameters.Read.MdlAddress is empty;

B4,获取报文的数据长度,通过Data->IoStatus.Information判断数据长度是否为0,如果读取到的数据长度为0则不进行任何处理,将请求返回给I/O管理器;B4, get the data length of the message, judge whether the data length is 0 through Data->IoStatus.Information, if the read data length is 0, do not perform any processing, and return the request to the I/O manager;

B5,获取报文的解密标识,对解密标识进行解析,根据标识中的标志位来确定该报文是否需要解密;B5, obtaining the decryption identifier of the message, analyzing the decryption identifier, and determining whether the message needs to be decrypted according to the flag in the identifier;

B6,从解密标识的EncryptKey参数中获取密文形式的加解密密钥,并使用私钥进行非对称解密,得到明文形式的密钥;B6. Obtain the encryption and decryption key in ciphertext form from the EncryptKey parameter of the decryption identifier, and use the private key to perform asymmetric decryption to obtain the key in plaintext form;

B7,调用ExAllocatePoolWithTag函数在内核空间申请一块长度为iopb->Parameters.Read.Length的数据缓冲区;B7, call the ExAllocatePoolWithTag function to apply for a data buffer with a length of iopb->Parameters.Read.Length in the kernel space;

B8,通过File_EncryptBuffer函数,使用AES解密算法与密钥将原缓冲区中的数据解密,放入新缓冲区中;B8, through the File_EncryptBuffer function, use the AES decryption algorithm and key to decrypt the data in the original buffer and put it into the new buffer;

B9,将内核缓冲区中的报文明文数据拷贝到监控层空间的缓冲区;B9, copy the message text data in the kernel buffer to the buffer of the monitoring layer space;

B10,将存放明文形式密钥的内存空间释放,并将保存报文明文数据的缓冲区释放,完成PostRead回调例程,返回请求,解密过程结束。B10, release the memory space for storing the key in plain text form, and release the buffer for storing plain text data of the message, complete the PostRead callback routine, return the request, and the decryption process ends.

进一步地,所述进行密钥协商的准备步骤为:Further, the preparation steps for key agreement are as follows:

C1,公钥生成:C1, public key generation:

确定安全参数l,选择循环群G,其中G的阶为大素数q,生成元为P,其中q>2l,接收端选取私钥s∈Zq *,计算Ppub=sP,选择哈希函数H1;{0,1}LU×G2→Zq *,H2;{0,1}LU×{0,1}LU×G2→Zq *,H3;{0,1}LU×{0,1}LU×G5→{0,1}K,其中LU为身份标识的位数,将MAC地址设为用户A,用户设备设为用户B;Determine the security parameter l, select the cyclic group G, where the order of G is a large prime number q, and the generator is P, where q>2 l , the receiver selects the private key s∈Z q * , calculates P pub =sP, and selects the hash Function H 1 ; {0, 1} LU × G 2 → Z q * , H 2 ; {0, 1} LU × {0, 1} LU × G 2 → Z q * , H 3 ; {0, 1} LU ×{0, 1} LU ×G 5 →{0, 1} K , where LU is the number of digits of the identity, set the MAC address as user A, and the user device as user B;

C2,节点注册:C2, node registration:

1,秘密值生成:用户A选取XA∈Zq *,计算XA=xAP:1. Secret value generation: User A selects X A ∈ Z q * , and calculates X A = x A P:

2,部分私钥生成;A用安全信道将XA、IDA发送给接收端,接收端选取随机数rA∈Zq *,计算RA=rAP,生成用户部分私钥DA=sH1(IDA,RA,XA)+rA,系统将DA,RA发送给用户A,其中安全信道发送DA,RA由公共信道发送:2. Partial private key generation; A sends X A and ID A to the receiving end through a secure channel, and the receiving end selects a random number r A ∈ Z q *, calculates R A =r A P, and generates the user's partial private key D A = sH 1 (ID A , RA , X A )+r A , the system sends DA, RA to user A , where DA is sent by the secure channel, and RA is sent by the public channel:

3,部分私钥合法性验证:通过DAPn=RA+H1(IDA,RA,XA)Ppub3. Verify the validity of part of the private key: pass D A P n = R A + H 1 (ID A , R A , X A ) P pub ;

C3,节点注册完成后节点A的完整公由<XA,RA>构成,完整私钥由<xA,DA>构呈成。C3. After the node registration is completed, the complete public key of node A is composed of <X A , R A >, and the complete private key is composed of <x A , D A >.

进一步地,所述进行密钥协商的具体方式为:Further, the specific way of performing key agreement is as follows:

D1,用户A选择随机临时私钥a∈Zq *,计算TA=aP,签名gA=a+H2(IDA,IDB,XB,TA),发送gA、IDA、RA、TA、XA至用户B;D1. User A chooses a random temporary private key a∈Z q * , calculates T A =aP, signs g A =a+H 2 (ID A , ID B , X B , T A ), sends g A , ID A , R A , T A , X A to user B;

D2,验证gAPn=TA+H2(IDA,IDB,XB,TA)(RA+H1(IDA,RA,XA)Ppub)等式是否成立;D2, verify whether the equation of g A P n = T A + H 2 (ID A , ID B , X B , T A ) (R A +H 1 (ID A , R A , X A ) P pub ) is established;

D3,若步骤D2中等式成立则密钥协商通过。D3. If the equation in step D2 holds, the key negotiation is passed.

进一步地,所述通过隧道的生成方式为:Further, the generation method of the tunnel is as follows:

E1,计算通过隧道接收功率,具体计算公式如下:E1, calculate the received power through the tunnel, the specific calculation formula is as follows:

,

其中Pr和Pi分别表示通过隧道接收和发送功率,Gi为信号增益,Gr为信号在半径上的损耗,l为过客通道侧壁与信号之间的距离;Among them, P r and Pi represent the received and transmitted power through the tunnel, Gi is the signal gain, Gr is the loss of the signal on the radius, and l is the distance between the side wall of the passageway and the signal;

E2,计算相邻两个过客通道的距离lr,具体计算公式如下:E2, calculate the distance l r between two adjacent passageways, the specific calculation formula is as follows:

;

E3,计算相交通过隧道的交点与信号圆心的二分之一圆心角θ,具体计算公式如下:E3. Calculate the half-central angle θ between the intersection point of the intersection passing through the tunnel and the center of the signal circle. The specific calculation formula is as follows:

;

E4,计算一侧的扇形面积,具体计算公式如下:E4, calculate the fan-shaped area on one side, the specific calculation formula is as follows:

;

E5,计算相邻通过隧道在同一平面上的重叠面积,具体计算公式如下:E5. Calculate the overlapping area of adjacent passing tunnels on the same plane. The specific calculation formula is as follows:

.

与现有技术相比,本发明提供的一种安全云OLT设备的管理方法,通过OLT设备发送加密发现报文,客户端接收到OLT设备的发现报文后,解密发现报文,可以保证接入客户端的设备都是得到允许的设备,避免接入的设备为未得到允许的设备造成系统损坏,通过检查设备的MAC地址是否被用户绑定可以避免由于发送的为空设备造成资源的浪费,通过生成的通过隧道可供用户访问OLT设备,同时通过设置相邻通过隧道的重叠面积的检查功能,可以保证相邻通过隧道的信号通过率,避免造成信号干扰。Compared with the prior art, the present invention provides a management method for a secure cloud OLT device, which sends an encrypted discovery message through the OLT device, and after the client receives the discovery message of the OLT device, it decrypts the discovery message, which can ensure the connection The devices that enter the client are all allowed devices, to avoid system damage caused by unapproved devices. By checking whether the MAC address of the device is bound by the user, it is possible to avoid the waste of resources caused by sending empty devices. The generated passing tunnel can be used for users to access the OLT equipment, and at the same time, by setting the inspection function of the overlapping area of adjacent passing tunnels, the signal passing rate of adjacent passing tunnels can be guaranteed to avoid signal interference.

附图说明Description of drawings

为了更清楚地说明本申请实施例或现有技术中的技术方案,下面将对实施例中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明中记载的一些实施例,对于本领域普通技术人员来讲,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the technical solutions in the embodiments of the present application or the prior art, the following will briefly introduce the accompanying drawings that are required in the embodiments. Obviously, the accompanying drawings in the following description are only described in the present invention For some embodiments of the present invention, those skilled in the art can also obtain other drawings according to these drawings.

图1为本发明实施例提供的整体流程结构示意图。FIG. 1 is a schematic diagram of the overall process structure provided by the embodiment of the present invention.

具体实施方式Detailed ways

为了使本领域的技术人员更好地理解本发明的技术方案,下面将结合附图对本发明作进一步的详细介绍。In order to enable those skilled in the art to better understand the technical solutions of the present invention, the present invention will be further described in detail below in conjunction with the accompanying drawings.

请参阅图1,一种安全云OLT设备的管理方法,安全云OLT设备的具体管理方法为:Please refer to Figure 1, a management method for a secure cloud OLT device, the specific management method for a secure cloud OLT device is:

S1,OLT设备发送加密发现报文;S1, the OLT device sends an encrypted discovery message;

S2,客户端接收到OLT设备的发现报文后,解密发现报文;S2, the client decrypts the discovery message after receiving the discovery message from the OLT device;

S3,检查设备的MAC地址是否被用户绑定,若检查结果为MAC地址未被用户绑定,则将S1中发送的报文丢弃;S3, checking whether the MAC address of the device is bound by the user, if the result of the check is that the MAC address is not bound by the user, discarding the message sent in S1;

S4,若步骤S3检查结果为MAC地址被用户设备绑定,则进行密钥协商;S4, if the check result of step S3 is that the MAC address is bound by the user equipment, perform key negotiation;

S5,若步骤S4中密钥协商通过,则动态生成通过隧道,通过生成的通过隧道可供用户访问OLT设备。S5, if the key negotiation in step S4 is passed, dynamically generate a pass-through tunnel, and the generated pass-through tunnel can be used for the user to access the OLT device.

这样设置安全云OLT设备的具体管理方法为通过OLT设备发送加密发现报文,客户端接收到OLT设备的发现报文后,解密发现报文,这样设置可以保证接入客户端的设备都是得到允许的设备,避免接入的设备为未得到允许的设备造成系统损坏,检查设备的MAC地址是否被用户绑定,若检查结果为MAC地址未被用户绑定,则将发送的报文丢弃,若检查结果为MAC地址被用户设备绑定,这样设置可以保证OLT设备全为被用户绑定的设备,避免由于发送的为空设备造成资源的浪费,则进行密钥协商,若中密钥协商通过,则动态生成通过隧道,通过生成的通过隧道可供用户访问OLT设备,同时通过设置相邻通过隧道的重叠面积的检查功能,可以保证相邻通过隧道的信号通过率,避免造成信号干扰。The specific management method of setting up the security cloud OLT device in this way is to send an encrypted discovery message through the OLT device. After receiving the discovery message from the OLT device, the client decrypts the discovery message. This setting can ensure that all devices connected to the client are allowed. To prevent the access device from causing system damage due to an unauthorized device, check whether the MAC address of the device is bound by the user. If the result of the check is that the MAC address is not bound by the user, the sent message will be discarded. The result of the check is that the MAC address is bound by the user device. This setting can ensure that all OLT devices are bound by the user, and avoid resource waste caused by sending empty devices. Then, the key negotiation will be performed. If the key negotiation passes , the tunnel is dynamically generated, and the generated tunnel can be used for users to access the OLT device. At the same time, by setting the inspection function of the overlapping area of adjacent tunnels, the signal passing rate of adjacent tunnels can be guaranteed to avoid signal interference.

OLT设备加密报文的具体方式为:The specific method for the OLT device to encrypt packets is as follows:

A1,客户端执行待加密报文扫描后,会将原报文和新建报文的报文路径传递给报文过滤驱动,报文过滤驱动调用一个自定义的函数StaticFileEncrypt进行处理;A1, after the client scans the message to be encrypted, it will pass the message path of the original message and the new message to the message filter driver, and the message filter driver will call a custom function StaticFileEncrypt for processing;

A2,调用IoCreatFile函数打开原报文,获取报文句柄,调用rdbuf函数获取报文的字节流;A2, call the IoCreatFile function to open the original message, obtain the message handle, and call the rdbuf function to obtain the byte stream of the message;

A3,客户端调用密钥生成功能生成报文加密的对称加密密钥,并用公钥完成非对称加密后传递给报文过滤驱动,报文过滤驱动将这个密钥和其他信息组合,构造加密标识并写入字节流的头部;A3. The client invokes the key generation function to generate a symmetric encryption key for message encryption, and uses the public key to complete asymmetric encryption and then passes it to the message filter driver. The message filter driver combines this key with other information to construct an encryption identifier And write the head of the byte stream;

A4,将字节流重定向到新报文中,即向新报文中写入原报文内容,在此过程中触发IO管理器的IRP_MJ_WRITE消息,报文过滤驱动拦截后进入PreWrite回调例程,首先对IRP做预处理,将不符合加密条件的IRP过滤掉;A4. Redirect the byte stream to a new message, that is, write the original message content into the new message. During this process, the IRP_MJ_WRITE message of the IO manager is triggered. After the message filter driver intercepts it, it enters the PreWrite callback routine , first preprocess the IRP, and filter out the IRP that does not meet the encryption conditions;

A5,通过回调信息中的iopb获取即将要被加密处理的数据所在的缓冲区;A5, obtain the buffer where the data to be encrypted is located through the iopb in the callback information;

A6,从加密标识的EncryptKey参数中获取密文形式的加解密密钥,使用私钥进行非对称解密,得到明文形式的密钥;A6. Obtain the encryption and decryption key in ciphertext form from the EncryptKey parameter of the encryption identifier, and use the private key to perform asymmetric decryption to obtain the key in plaintext form;

A7,调用ExAllocatePoolWithTag函数在内核空间申请一块长度为iopb->Parameters.Write.Length的数据缓冲区;A7, call the ExAllocatePoolWithTag function to apply for a data buffer with a length of iopb->Parameters.Write.Length in the kernel space;

A8,调用RtlCopyMemory函数将步骤A2中获取到的缓冲区中的数据拷贝到新申请的缓冲区中;A8, calling the RtlCopyMemory function to copy the data in the buffer obtained in step A2 to the newly applied buffer;

A9,通过File_EncryptBuffer函数,使用AES加密算法与密钥将缓冲区中的数据加密。A9, through the File_EncryptBuffer function, use the AES encryption algorithm and key to encrypt the data in the buffer.

这样设置set like this

云端解密报文的具体方法为:The specific method of cloud decryption message is as follows:

B1,进入PreWrite回调例程,首先对IRP做预处理,将不符合解密条件的IRP过滤掉;B1, enter the PreWrite callback routine, first preprocess the IRP, and filter out the IRP that does not meet the decryption conditions;

B2,符合解密条件的IRP将被发往报文系统驱动,待报文系统驱动将报文密文数据读出并向IO管理器返回请求时,报文过滤驱动截获该请求,进入PostRead回调例程;B2. The IRP that meets the decryption conditions will be sent to the message system driver. When the message system driver reads the ciphertext data of the message and returns the request to the IO manager, the message filter driver intercepts the request and enters the PostRead callback example Procedure;

B3,通过回调信息中的iopb获取即将要被解密处理的数据所在缓冲区,可以通过两种途径获取到缓冲区,判断iopb->Parameters.Read.MdlAddress是否为空;B3, obtain the buffer of the data to be decrypted and processed through iopb in the callback information, and obtain the buffer in two ways to determine whether iopb->Parameters.Read.MdlAddress is empty;

B4,获取报文的数据长度,通过Data->IoStatus.Information判断数据长度是否为0,如果读取到的数据长度为0则不进行任何处理,将请求返回给I/O管理器;B4, get the data length of the message, judge whether the data length is 0 through Data->IoStatus.Information, if the read data length is 0, do not perform any processing, and return the request to the I/O manager;

B5,获取报文的解密标识,对解密标识进行解析,根据标识中的标志位来确定该报文是否需要解密;B5, obtaining the decryption identifier of the message, analyzing the decryption identifier, and determining whether the message needs to be decrypted according to the flag in the identifier;

B6,从解密标识的EncryptKey参数中获取密文形式的加解密密钥,并使用私钥进行非对称解密,得到明文形式的密钥;B6. Obtain the encryption and decryption key in ciphertext form from the EncryptKey parameter of the decryption identifier, and use the private key to perform asymmetric decryption to obtain the key in plaintext form;

B7,调用ExAllocatePoolWithTag函数在内核空间申请一块长度为iopb->Parameters.Read.Length的数据缓冲区;B7, call the ExAllocatePoolWithTag function to apply for a data buffer with a length of iopb->Parameters.Read.Length in the kernel space;

B8,通过File_EncryptBuffer函数,使用AES解密算法与密钥将原缓冲区中的数据解密,放入新缓冲区中;B8, through the File_EncryptBuffer function, use the AES decryption algorithm and key to decrypt the data in the original buffer and put it into the new buffer;

B9,将内核缓冲区中的报文明文数据拷贝到监控层空间的缓冲区;B9, copy the message text data in the kernel buffer to the buffer of the monitoring layer space;

B10,将存放明文形式密钥的内存空间释放,并将保存报文明文数据的缓冲区释放,完成PostRead回调例程,返回请求,解密过程结束。B10, release the memory space for storing the key in plain text form, and release the buffer for storing plain text data of the message, complete the PostRead callback routine, return the request, and the decryption process ends.

这样设置set like this

进行密钥协商的准备步骤为:The preparatory steps for key agreement are:

C1,公钥生成:C1, public key generation:

确定安全参数l,选择循环群G,其中G的阶为大素数q,生成元为P,其中q>2l,接收端选取私钥s∈Zq *,计算Ppub=sP,选择哈希函数H1;{0,1}LU×G2→Zq *,H2;{0,1}LU×{0,1}LU×G2→Zq *,H3;{0,1}LU×{0,1}LU×G5→{0,1}K,其中LU为身份标识的位数,将MAC地址设为用户A,用户设备设为用户B;Determine the security parameter l, select the cyclic group G, where the order of G is a large prime number q, and the generator is P, where q>2 l , the receiver selects the private key s∈Z q * , calculates P pub =sP, and selects the hash Function H 1 ; {0, 1} LU × G 2 → Z q * , H 2 ; {0, 1} LU × {0, 1} LU × G 2 → Z q * , H 3 ; {0, 1} LU ×{0, 1} LU ×G 5 →{0, 1} K , where LU is the number of digits of the identity, set the MAC address as user A, and the user device as user B;

C2,节点注册:C2, node registration:

1,秘密值生成:用户A选取XA∈Zq *,计算XA=xAP:1. Secret value generation: User A selects X A ∈ Z q * , and calculates X A = x A P:

2,部分私钥生成;A用安全信道将XA、IDA发送给接收端,接收端选取随机数rA∈Zq *,计算RA=rAP,生成用户部分私钥DA=sH1(IDA,RA,XA)+rA,系统将DA,RA发送给用户A,其中安全信道发送DA,RA由公共信道发送:2. Partial private key generation; A sends X A and ID A to the receiving end through a secure channel, and the receiving end selects a random number r A ∈ Z q *, calculates R A =r A P, and generates the user's partial private key D A = sH 1 (ID A , RA , X A )+r A , the system sends DA, RA to user A , where DA is sent by the secure channel, and RA is sent by the public channel:

3,部分私钥合法性验证:通过DAPn=RA+H1(IDA,RA,XA)Ppub3. Verify the validity of part of the private key: pass D A P n = R A + H 1 (ID A , R A , X A ) P pub ;

C3,节点注册完成后节点A的完整公由<XA,RA>构成,完整私钥由<xA,DA>构呈成。C3. After the node registration is completed, the complete public key of node A is composed of <X A , R A >, and the complete private key is composed of <x A , D A >.

进行密钥协商的具体方式为:The specific method for key negotiation is as follows:

D1,用户A选择随机临时私钥a∈Zq *,计算TA=aP,签名gA=a+H2(IDA,IDB,XB,TA),发送gA、IDA、RA、TA、XA至用户B;D1. User A chooses a random temporary private key a∈Z q * , calculates T A =aP, signs g A =a+H 2 (ID A , ID B , X B , T A ), sends g A , ID A , R A , T A , X A to user B;

D2,验证gAPn=TA+H2(IDA,IDB,XB,TA)(RA+H1(IDA,RA,XA)Ppub)等式是否成立;D2, verify whether the equation of g A P n = T A + H 2 (ID A , ID B , X B , T A ) (R A +H 1 (ID A , R A , X A ) P pub ) is established;

D3,若步骤D2中等式成立则密钥协商通过。D3. If the equation in step D2 holds, the key negotiation is passed.

通过隧道的生成方式为:The generation method through the tunnel is:

E1,计算通过隧道接收功率,具体计算公式如下:E1, calculate the received power through the tunnel, the specific calculation formula is as follows:

,

其中Pr和Pi分别表示通过隧道接收和发送功率,Gi为信号增益,Gr为信号在半径上的损耗,l为过客通道侧壁与信号之间的距离;Among them, P r and Pi represent the received and transmitted power through the tunnel, Gi is the signal gain, Gr is the loss of the signal on the radius, and l is the distance between the side wall of the passageway and the signal;

E2,计算相邻两个过客通道的距离lr,具体计算公式如下:E2, calculate the distance l r between two adjacent passageways, the specific calculation formula is as follows:

;

E3,计算相交通过隧道的交点与信号圆心的二分之一圆心角θ,具体计算公式如下:E3. Calculate the half-central angle θ between the intersection point of the intersection passing through the tunnel and the center of the signal circle. The specific calculation formula is as follows:

;

E4,计算一侧的扇形面积,具体计算公式如下:E4, calculate the fan-shaped area on one side, the specific calculation formula is as follows:

;

E5,计算相邻通过隧道在同一平面上的重叠面积,具体计算公式如下:E5. Calculate the overlapping area of adjacent passing tunnels on the same plane. The specific calculation formula is as follows:

,

在通过隧道的生成过程中只需要保证S为最小值即可保证相邻通过隧道的相互干扰最小。In the process of tunnel generation, it is only necessary to ensure that S is the minimum value to ensure the minimum mutual interference between adjacent tunnels.

工作原理:使用时,通过OLT设备发送加密发现报文,客户端接收到OLT设备的发现报文后,解密发现报文,这样设置可以保证接入客户端的设备都是得到允许的设备,避免接入的设备为未得到允许的设备造成系统损坏,检查设备的MAC地址是否被用户绑定,若检查结果为MAC地址未被用户绑定,则将发送的报文丢弃,若检查结果为MAC地址被用户设备绑定,这样设置可以保证OLT设备全为被用户绑定的设备,避免由于发送的为空设备造成资源的浪费,则进行密钥协商,若中密钥协商通过,则动态生成通过隧道,通过生成的通过隧道可供用户访问OLT设备,同时通过设置相邻通过隧道的重叠面积的检查功能,可以保证相邻通过隧道的信号通过率,避免造成信号干扰。Working principle: When in use, an encrypted discovery message is sent through the OLT device, and the client decrypts the discovery message after receiving the discovery message from the OLT device. If the incoming device is an unauthorized device and causes system damage, check whether the MAC address of the device is bound by the user. If the result of the check is that the MAC address is not bound by the user, the sent message will be discarded. Binding by user equipment, this setting can ensure that all OLT devices are bound by the user, avoiding the waste of resources caused by sending empty devices, then carry out key negotiation, if the middle key negotiation passes, then dynamically generate pass Tunnel, through the generated passing tunnel, users can access the OLT equipment. At the same time, by setting the inspection function of the overlapping area of adjacent passing tunnels, the signal passing rate of adjacent passing tunnels can be guaranteed to avoid signal interference.

以上只通过说明的方式描述了本发明的某些示范性实施例,毋庸置疑,对于本领域的普通技术人员,在不偏离本发明的精神和范围的情况下,可以用各种不同的方式对所描述的实施例进行修正。因此,上述附图和描述在本质上是说明性的,不应理解为对本发明权利要求保护范围的限制。Certain exemplary embodiments of the present invention have been described above only by way of illustration, and it goes without saying that those skilled in the art can use various methods without departing from the spirit and scope of the present invention. The described embodiments are modified. Therefore, the above drawings and descriptions are illustrative in nature and should not be construed as limiting the protection scope of the claims of the present invention.

Claims (6)

1. The management method of the security cloud OLT equipment is characterized by comprising the following steps of:
s1, an OLT device sends an encryption discovery message;
s2, after receiving the discovery message of the OLT equipment, the client decrypts the discovery message;
s3, checking whether the MAC address of the equipment is bound by the user, and discarding the message sent in S1 if the checking result is that the MAC address is not bound by the user;
s4, if the checking result in the step S3 is that the MAC address is bound by the user equipment, key negotiation is carried out;
and S5, if the key negotiation is passed in the step S4, dynamically generating a pass-through tunnel, and enabling the user to access the OLT equipment through the generated pass-through tunnel.
2. The method for managing the secure cloud OLT apparatus according to claim 1, wherein the specific manner of encrypting the message by the OLT apparatus is:
a1, after the client performs the scanning of the message to be encrypted, the message paths of the original message and the newly-built message are transmitted to a message filtering driver, and the message filtering driver calls a self-defined function for processing;
a2, opening an original message, obtaining a message Wen Goubing, and obtaining a byte stream of the message;
a3, the client calls a key generation function to generate a symmetric encryption key for encrypting the message, and the symmetric encryption key is transmitted to a message filtering driver after the asymmetric encryption is completed by using a public key, and the message filtering driver combines the key with other information to construct an encryption identifier and writes the encryption identifier into the head of the byte stream;
a4, redirecting the byte stream into a new message, namely writing the content of the original message into the new message, triggering the IRP_MJ_WRITE message of the IO manager in the process, entering a PreWrite callback routine after message filtering and driving interception, preprocessing the IRP, and filtering out the IRP which does not accord with the encryption condition;
a5, obtaining a buffer area where the data to be encrypted are located through the iopb in the callback information;
a6, obtaining an encryption and decryption key in a ciphertext form from the encrypteKey parameter of the encryption identifier, and performing asymmetric decryption by using a private key to obtain a key in a plaintext form;
a7, applying a data buffer area with the length of iopb- > parameters.
A8, copying the data in the buffer area obtained in the step A2 into a newly applied buffer area;
and A9, encrypting the data in the buffer area by using an AES encryption algorithm and a secret key.
3. The method for managing the secure cloud OLT apparatus according to claim 1, wherein the specific method for decrypting the message in the cloud is as follows:
b1, entering a PreWrite callback routine, firstly preprocessing IRPs, and filtering out the IRPs which do not meet decryption conditions;
b2, the IRP meeting the decryption conditions is sent to a message system driver, and when the message system driver reads out the message ciphertext data and returns a request to the IO manager, the message filtering driver intercepts the request and enters a PostRead callback routine;
b3, obtaining a buffer area where the data to be decrypted is located through the iopb in the callback information, obtaining the buffer area through two ways, and judging whether the iopb- > parameters. Read. Mdldldaddress is empty or not;
b4, acquiring the Data length of the message, judging whether the Data length is 0 through Data- > IoStatus information, if the read Data length is 0, not performing any processing, and returning the request to the I/O manager;
b5, obtaining a decryption identifier of the message, analyzing the decryption identifier, and determining whether the message needs decryption or not according to the flag bit in the identifier;
b6, obtaining an encryption and decryption key in a ciphertext form from the encryption key parameter of the decryption identifier, and performing asymmetric decryption by using a private key to obtain a key in a plaintext form;
b7, applying a data buffer area with the length of iopb- > parameters.
B8, decrypting the data in the original buffer area by using an AES decryption algorithm and a secret key, and putting the data into a new buffer area;
b9, copying the message data in the kernel buffer area to a buffer area of the monitoring layer space;
and B10, releasing the memory space for storing the plaintext form key, releasing the buffer for storing the plaintext data of the message, completing the PostRead callback routine, returning to the request, and ending the decryption process.
4. The method for managing a secure cloud OLT apparatus according to claim 1, wherein the preparing step of performing key negotiation is:
c1, public key generation:
determining a safety parameter l, selecting a cyclic group G, wherein the order of G is a large prime number q, and the generating element is P, wherein q>2 l The receiving end selects the private key s epsilon Z q * Calculate P pub =sp, select hash function H 1 ;{0,1} LU ×G 2 →Z q * ,H 2 ;{0,1} LU ×{0,1} LU ×G 2 →Z q * ,H 3 ;{0,1} LU ×{0,1} LU ×G 5 →{0,1} K Wherein L is U Setting the MAC address as a user A and the user equipment as a user B for the number of digits of the identity;
and C2, node registration:
1, secret value generation: user A selects X A ∈Z q * Calculate X A =x A P:
2, generating partial private keys; a uses secure channel to transfer X A 、ID A Transmitting to the receiving end, which selects the random number r A ∈Z q *, Calculating R A =r A P, generating a user part private key D A =sH 1 (ID A ,R A ,X A )+r A The system will D A ,R A To user A, wherein the secure channel transmits D A ,R A Transmitted by a common channel:
3, verifying the validity of the partial private key: through D A P n =R A +H 1 (ID A ,R A ,X A )P pub
C3, complete public of node A after node registration is completed<X A ,R A >The complete private key is composed of<x A ,D A >Is formed by the following components.
5. The method for managing the secure cloud OLT apparatus according to claim 4, wherein the specific manner of performing the key negotiation is:
d1, user A selects a random temporary private key a E Z q * Calculate T A =ap, signature g A =a+H 2 (ID A ,ID B ,X B ,T A ) Send g A 、ID A 、R A 、T A 、X A To user B;
d2, verify g A P n =T A +H 2 (ID A ,ID B ,X B ,T A )(R A +H 1 (ID A ,R A ,X A )P pub ) Whether or not the equation is true;
d3, if the formula is established in the step D2, the key negotiation is passed.
6. The method for managing the secure cloud OLT apparatus according to claim 1, wherein the tunnel-passing generation mode is:
e1, calculating the receiving power of the tunnel, wherein the specific calculation formula is as follows:
wherein P is r And P i Respectively representing the receiving power and the transmitting power through the tunnel, wherein Gi is the signal gain, gr is the loss of the signal on the radius, and l is the distance between the side wall of the passenger channel and the signal;
e2, calculating the distance l between two adjacent passenger channels r The specific calculation formula is as follows:
and E3, calculating a half central angle theta of the intersection point of the intersecting passing tunnel and the center of the signal circle, wherein the specific calculation formula is as follows:
and E4, calculating the fan-shaped area of one side, wherein the specific calculation formula is as follows:
and E5, calculating the overlapping area of adjacent passing tunnels on the same plane, wherein the specific calculation formula is as follows:
CN202310878462.2A 2023-07-18 2023-07-18 A management method for secure cloud OLT equipment Pending CN116684768A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310878462.2A CN116684768A (en) 2023-07-18 2023-07-18 A management method for secure cloud OLT equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310878462.2A CN116684768A (en) 2023-07-18 2023-07-18 A management method for secure cloud OLT equipment

Publications (1)

Publication Number Publication Date
CN116684768A true CN116684768A (en) 2023-09-01

Family

ID=87783945

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310878462.2A Pending CN116684768A (en) 2023-07-18 2023-07-18 A management method for secure cloud OLT equipment

Country Status (1)

Country Link
CN (1) CN116684768A (en)

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104158653A (en) * 2014-08-14 2014-11-19 华北电力大学句容研究中心 Method of secure communication based on commercial cipher algorithm
CN105337766A (en) * 2015-10-12 2016-02-17 安徽皖通邮电股份有限公司 Network element automatic discovery method and system based on DHCP
CN106357403A (en) * 2016-11-23 2017-01-25 神州融安科技(北京)有限公司 Device and method for encryption protection of link communication and safety message processing system
CN106685956A (en) * 2016-12-27 2017-05-17 上海斐讯数据通信技术有限公司 Method and system for router VPN network connection
CN107911384A (en) * 2014-05-29 2018-04-13 深圳市正冠科技有限公司 A kind of cell management system and method based on digital certificate
CN108988936A (en) * 2018-08-24 2018-12-11 苏州星网瑞达卫星通信科技有限公司 A kind of satellite dynamic communication network-building method redirected based on satellite network management and stream
CN112929387A (en) * 2021-03-09 2021-06-08 北京电信规划设计院有限公司 Broadband network multiple authentication and encryption method applied to intelligent community
CN113839776A (en) * 2021-11-29 2021-12-24 军事科学院系统工程研究院网络信息研究所 Method and system for safety interconnection protocol between network management and router
CN113840185A (en) * 2020-06-23 2021-12-24 中兴通讯股份有限公司 Multicast message processing method, OLT device, ONU device and storage medium
CN115001936A (en) * 2022-07-18 2022-09-02 确信信息股份有限公司 Operation and maintenance management system and method based on management agent and computer equipment
CN115297469A (en) * 2022-06-28 2022-11-04 青岛海尔科技有限公司 Communication verification method and system

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107911384A (en) * 2014-05-29 2018-04-13 深圳市正冠科技有限公司 A kind of cell management system and method based on digital certificate
CN104158653A (en) * 2014-08-14 2014-11-19 华北电力大学句容研究中心 Method of secure communication based on commercial cipher algorithm
CN105337766A (en) * 2015-10-12 2016-02-17 安徽皖通邮电股份有限公司 Network element automatic discovery method and system based on DHCP
CN106357403A (en) * 2016-11-23 2017-01-25 神州融安科技(北京)有限公司 Device and method for encryption protection of link communication and safety message processing system
CN106685956A (en) * 2016-12-27 2017-05-17 上海斐讯数据通信技术有限公司 Method and system for router VPN network connection
CN108988936A (en) * 2018-08-24 2018-12-11 苏州星网瑞达卫星通信科技有限公司 A kind of satellite dynamic communication network-building method redirected based on satellite network management and stream
CN113840185A (en) * 2020-06-23 2021-12-24 中兴通讯股份有限公司 Multicast message processing method, OLT device, ONU device and storage medium
CN112929387A (en) * 2021-03-09 2021-06-08 北京电信规划设计院有限公司 Broadband network multiple authentication and encryption method applied to intelligent community
CN113839776A (en) * 2021-11-29 2021-12-24 军事科学院系统工程研究院网络信息研究所 Method and system for safety interconnection protocol between network management and router
CN115297469A (en) * 2022-06-28 2022-11-04 青岛海尔科技有限公司 Communication verification method and system
CN115001936A (en) * 2022-07-18 2022-09-02 确信信息股份有限公司 Operation and maintenance management system and method based on management agent and computer equipment

Similar Documents

Publication Publication Date Title
CN109088870B (en) Method for safely accessing acquisition terminal of power generation unit of new energy plant station to platform
US8559640B2 (en) Method of integrating quantum key distribution with internet key exchange protocol
JP5366108B2 (en) Passive optical network security enhancement based on optical network terminator management control interface
US6215878B1 (en) Group key distribution
CN104219217B (en) Security association negotiation method, device and system
CN113904809B (en) Communication method, device, electronic equipment and storage medium
WO2013104987A1 (en) Method for authenticating identity of onu in gpon network
CN116633530A (en) Quantum key transmission method, device and system
WO2023151427A1 (en) Quantum key transmission method, device and system
CN109586908A (en) A kind of safe packet transmission method and its system
CN115567207A (en) Method and system for realizing multicast data encryption and decryption by quantum key distribution
Cho et al. Secure open fronthaul interface for 5G networks
CN114614984B (en) Time-sensitive network secure communication method based on cryptographic algorithm
CN112020038A (en) Domestic encryption terminal suitable for rail transit mobile application
CN115567192A (en) Method and system for realizing transparent encryption and decryption of multicast data by quantum key distribution
CN116132025A (en) Key negotiation method, device and communication system based on preset key group
CN118249994A (en) Multi-channel authenticated encryption communication method and system based on IPv6 and QKD
Garcia et al. Enhanced Network Security Protocols for The Quantum Era: Combining Classical and Post-Quantum Cryptography, and Quantum Key Distribution
CN116232570B (en) Method for protecting data flow security and data management system
CN115765979B (en) Communication method and communication device
CN118714556A (en) 5G quantum secure differential protection communication system and communication method
CN114928503B (en) Method for realizing secure channel and data transmission method
CN116684768A (en) A management method for secure cloud OLT equipment
CN114513781B (en) Identity authentication method and data encryption and decryption method for air traffic control intelligent station
CN117319046A (en) Secure communication method, system, equipment and medium for defending DDoS attack

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination