[go: up one dir, main page]

WO2020135039A1 - Data transmission method, and data transmission system and sending device and receiving device therefor - Google Patents

Data transmission method, and data transmission system and sending device and receiving device therefor Download PDF

Info

Publication number
WO2020135039A1
WO2020135039A1 PCT/CN2019/124498 CN2019124498W WO2020135039A1 WO 2020135039 A1 WO2020135039 A1 WO 2020135039A1 CN 2019124498 W CN2019124498 W CN 2019124498W WO 2020135039 A1 WO2020135039 A1 WO 2020135039A1
Authority
WO
WIPO (PCT)
Prior art keywords
encryption key
key
frames
data transmission
key information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2019/124498
Other languages
French (fr)
Chinese (zh)
Inventor
王欣
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Publication of WO2020135039A1 publication Critical patent/WO2020135039A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/068Network architectures or network communication protocols for network security for supporting key management in a packet data network using time-dependent keys, e.g. periodically changing keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B10/00Transmission systems employing electromagnetic waves other than radio-waves, e.g. infrared, visible or ultraviolet light, or employing corpuscular radiation, e.g. quantum communication
    • H04B10/80Optical aspects relating to the use of optical transmission for specific applications, not provided for in groups H04B10/03 - H04B10/70, e.g. optical power feeding or optical transmission through water
    • H04B10/85Protection from unauthorised access, e.g. eavesdrop protection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying

Definitions

  • the present disclosure relates to the field of communications, and in particular to a data transmission method, a data transmission method, a sending device of a data transmission system, a receiving device of a data transmission system, a data transmission system, and a computer-readable storage medium.
  • any services accessed by the customer port of the OTN equipment can be encrypted at the physical layer, and the customer business is encrypted after passing through the encryption module
  • the form is transmitted on the operator's OTN network, and decrypted when the remote end leaves the OTN network to ensure the security of service transmission.
  • OTN encryption is divided into a local key generation method and an independent key device distribution key method.
  • OTN encryption is divided into in-band transmission and out-of-band transmission.
  • OTN encryption is divided into fixed key and timing key switching methods.
  • the efficiency of key switching affects the security of encryption to a certain extent.
  • the faster the key update the less likely the encrypted business is to be cracked.
  • the communication channel is managed through security . To transfer information, in the process of switching between the new and old keys, to ensure that no damage to the encrypted business, to achieve lossless key switching.
  • the key switch is mostly involved in the processing of software periodic polling tasks, and the key switch period is relatively long, usually in the order of seconds.
  • the present disclosure provides a transmission device that can shorten the key switching cycle from the second level to the millisecond level, greatly improving the security of service encryption Data transmission method, matching data transmission method for a receiving device, a data transmission system transmission device, a data transmission system reception device, a data transmission system, a computer readable storage medium .
  • the present disclosure provides a data transmission method, including: updating encryption key information according to an interrupt signal; transmitting updated encryption key information, and updating the key according to the updated encryption key information to obtain encryption Key; when the number of frames in the first multiframe of the transmitted data reaches the first preset number of frames, the data is encrypted by the encryption key and the data is transmitted.
  • the present disclosure provides a data transmission method, including: updating the decryption key information with the received encryption key information according to the interrupt signal, and obtaining the decryption key; at the first multiframe frame of the received data When the number reaches the first preset number of frames, the data is decrypted with the decryption key.
  • the present disclosure provides a transmission device for a data transmission system, including: a processor, a memory, and a computer program stored on the memory and executable on the processor, which is implemented when the processor executes the computer program: according to an interrupt signal , Update the encryption key information; transmit the updated encryption key information, and update the key according to the updated encryption key information to obtain the encryption key; the number of frames in the first multiframe of the transmitted data reaches the first preset frame
  • the data is encrypted by the encryption key and the data is transmitted.
  • the present disclosure provides a receiving device of a data transmission system, including: a processor, a memory, and a computer program stored on the memory and runable on the processor, which is implemented when the processor executes the computer program: according to an interrupt signal , Update the decryption key information with the received encryption key information transmitted by the sending device, and obtain the decryption key; when the number of first multiframe frames of the received data reaches the first preset number of frames, use the decryption key Decrypt the data.
  • the present disclosure provides a data transmission system, including: the sending device of the data transmission system according to any one of the above technical solutions; and the receiving of the data transmission system according to any one of the above technical solutions Device; wherein, the sending device of the data transmission system transmits the updated encryption key information to the receiving device of the data transmission system; the receiving device of the transmission system generates an interrupt signal according to the received updated encryption key information.
  • the present disclosure provides a computer-readable storage medium on which a computer program is stored, and when the computer program is executed by a processor, the data transmission method described in any one of the above technical solutions, or the above technology is implemented The encryption method for data transmission according to any one of the solutions.
  • FIG. 1 is a flowchart of a data transmission method according to an embodiment of the first aspect of the present disclosure
  • FIG. 2 is a flowchart of another data transmission method provided by an embodiment of the first aspect of the present disclosure
  • FIG. 3 is a flowchart of another data transmission method provided by an embodiment of the first aspect of the present disclosure.
  • FIG. 5 is a flowchart of a data transmission method according to an embodiment of the second aspect of the present disclosure.
  • FIG. 6 is a flowchart of another data transmission method provided by an embodiment of the second aspect of the present disclosure.
  • FIG. 7 is a flowchart of another data transmission method according to an embodiment of the second aspect of the present disclosure.
  • FIG. 8 is a schematic block diagram of a sending device of a data transmission system according to an embodiment of the third aspect of the present disclosure.
  • FIG. 9 is a schematic block diagram of a receiving device of a data transmission system according to an embodiment of the fourth aspect of the present disclosure.
  • FIG. 10 is a schematic block diagram of a data transmission system according to an embodiment of the fourth aspect of the present disclosure.
  • FIG. 11 is a schematic diagram of an encrypted transmission network of a data transmission system provided by an embodiment of the fifth aspect of the present disclosure.
  • FIG. 12 is a schematic diagram of a key application for an encryption device of a data transmission system provided by an embodiment of the fifth aspect of the present disclosure
  • FIG. 13 is an interaction diagram of a sending device and a receiving device in a data transmission system according to an embodiment of the fifth aspect of the present disclosure.
  • FIG. 1 is a flowchart of a data transmission method according to an embodiment of the first aspect of the present disclosure.
  • a data transmission method includes: S102: updating encryption key information according to an interrupt signal; S104: transmitting updated encryption key information, and according to the updated The encryption key information updates the key to obtain an encryption key; S106: When the number of first multiframe frames of the transmitted data reaches the first preset number of frames, the data is encrypted by the encryption key and the data is transmitted.
  • the logic device detects the occurrence of a preset event, generates an interrupt signal, and after the transmission device receives the interrupt signal, updates the encryption key information and updates it according to the encryption key information Encryption key, and store the updated encryption key, and transmit the updated encryption key information to the receiving device, so that the receiving device updates the decryption key information according to the updated encryption key information, and transmits encryption
  • the number of frames of the first multiframe of the data reaches the first preset number of frames
  • the data is encrypted with the updated encryption key
  • the updated encryption key information is transmitted to the receiving device through the reserved overhead.
  • the decryption key generated by the decryption key information decrypts the received encrypted data.
  • This method uses the interruption technology and the key switch based on the number of multi-frame frames of data transmission to achieve the key switch process in frames.
  • the speed of key switching can be increased to the millisecond level, which greatly increases the security of business encryption. Compared with the key switching method using software polling in related technologies, the speed of key switching is greatly improved .
  • the encryption key information is the encryption key serial number.
  • FIG. 2 is a flowchart of another data transmission method provided by an embodiment of the first aspect of the present disclosure
  • a data transmission method includes: S202: monitoring the number of first multiframe frames for transmitting data; S204: when the number of first multiframe frames reaches a second preset In the case of the number of frames, an interrupt signal is issued; wherein, the second preset number of frames is less than the first preset number of frames; S206: update the encryption key information according to the interrupt signal; S208: transmit the updated encryption key information, and Update the key according to the updated encryption key information to obtain an encryption key; S210: When the number of first multiframe frames of the transmitted data reaches the first preset number of frames, encrypt the data by the encryption key and transmit the data.
  • the logic device monitors the number of first multiframe frames transmitting the encrypted data, and after detecting that the number of first multiframe frames reaches the In the case of two preset frames, an interrupt signal is generated.
  • the sending device After receiving the interrupt signal, the sending device updates the encryption key information, updates the encryption key according to the encryption key information, and stores the updated encryption key, and, The updated encryption key information is transmitted to the receiving device, so that the receiving device updates the decryption key information according to the updated encryption key information, and the number of frames in the first multiframe of the transmitted encrypted data reaches the first preset number of frames Next, encrypt the data with the updated encryption key, and transmit the updated encryption key information to the receiving device through the reserved overhead. The receiving device decrypts the received encryption based on the decryption key generated by the updated decryption key information.
  • this method uses the interrupt technology and the number of multi-frame frames based on data transmission to switch the key, which can realize the key switching process in frame units, which can increase the speed of key switching to the millisecond level, which greatly increases
  • the key switching speed has been greatly improved compared to the key switching method using software polling in related technologies.
  • the encryption key information is the encryption key serial number; the second preset number of frames is less than the first preset number of frames.
  • the first preset number of frames is equal to the second preset number of frames plus N frames, where the value of N ranges from 2 to 10.
  • FIG. 3 is a flowchart of another data transmission method provided by an embodiment of the first aspect of the present disclosure.
  • a data transmission method provided by another embodiment of the first aspect of the present disclosure includes: S302: monitoring the number of first multiframe frames for transmitting data; S304: when the number of first multiframe frames reaches the second preset In the case of the number of frames, an interrupt signal is issued; wherein, the second preset number of frames is less than the first preset number of frames; S306: update the encryption key information according to the interrupt signal; S308: transmit the updated encryption key information, and Generate an encryption key according to the updated encryption key information and the preset key list; S310: When the number of first multiframe frames of the transmitted data reaches the first preset number of frames, encrypt the data with the encryption key and transmit data.
  • the logic device monitors the number of first multiframe frames transmitting the encrypted data, and after detecting that the number of first multiframe frames reaches the In the case of two preset frames, an interrupt signal is generated.
  • the sending device After receiving the interrupt signal, the sending device updates the encryption key information, generates an encryption key according to the encryption key information and the preset key list, and stores the newly generated encryption key Key, and transmit the updated encryption key information to the receiving device, so that the receiving device updates the decryption key information according to the updated encryption key information, and reaches the first number of frames in the first multiframe of the transmitted encrypted data In the case of a preset number of frames, data is encrypted with the updated encryption key, and the updated encryption key information is transmitted to the receiving device through the reserved overhead, and the receiving device generates the decryption key based on the updated decryption key information.
  • this method uses the interrupt technology and the key switch based on the number of multi-frame frames of the data transmission, which can realize the key switching process in units of frames, which can increase the speed of key switching to the millisecond level
  • the security of service encryption is greatly increased.
  • the key switching speed is greatly improved.
  • the encryption key information is the encryption key serial number; the second preset number of frames is less than the first preset number of frames.
  • the first preset number of frames is equal to the second preset number of frames plus N frames, where the value of N ranges from 2 to 10.
  • a data transmission method includes: S402: monitoring the number of first multiframe frames transmitting data; S404: reaching the second preset number of first multiframe frames In the case of the number of frames, an interrupt signal is issued; wherein, the second preset number of frames is less than the first preset number of frames; S406: add the encryption key serial number and the preset value according to the interrupt signal to obtain the updated Encryption key serial number; S408: transmit the updated encryption key serial number, and generate an encryption key based on the updated encryption key serial number and the preset key list; S410: transmit the first multiframe frame of the data When the number reaches the first preset number of frames, the data is encrypted by the encryption key, and the data is transmitted.
  • the logic device monitors the number of first multiframe frames transmitting the encrypted data, and after detecting that the number of first multiframe frames reaches the In the case of two preset frames, an interrupt signal is generated.
  • the sending device After receiving the interrupt signal, the sending device adds the encryption key serial number being applied by adding M to generate a new encryption key serial number, and according to the encryption key
  • the key serial number and the preset key list generate an encryption key, store the newly generated encryption key, and transmit the updated encryption key serial number to the receiving device, so that the receiving device uses the updated encryption key serial number , Update the decryption key serial number, and when the number of frames in the first multiframe of the encrypted data reaches the first preset number of frames, encrypt the data with the updated encryption key and the updated encryption key serial number It is transmitted to the receiving device through the reserved overhead, and the receiving device decrypts the received encrypted data based on the updated decryption key serial number.
  • This method uses the interrupt technology and the key based on the number of multiframe frames for data transmission.
  • the switch can realize the key switching process in units of frames, which can increase the speed of key switching to the millisecond level, thereby greatly increasing the security of business encryption, compared with the key that uses software polling in related technologies. In terms of the switching method, the key switching speed has been greatly improved.
  • M is a preset value, and M can take any value. Further, in an embodiment, the value of M ranges from 1 to 10.
  • the first preset number of frames is equal to the second preset number of frames plus N frames, where the value of N ranges from 2 to 10.
  • FIG. 5 is a flowchart of a data transmission method according to an embodiment of the second aspect of the present disclosure.
  • a data transmission method includes: S502: update the decryption key information with the received encryption key information according to the interrupt signal, and obtain the decryption key; S504 : When the number of first multi-frame frames of the received data reaches the first preset number of frames, decrypt the data with the decryption key.
  • the logic device detects the occurrence of a preset event and generates an interrupt signal. After receiving the interrupt signal, the receiving device The encryption key information transmitted by the sending device to update the decryption key information, and update the decryption key according to the decryption key information, when the number of first multiframe frames of the received encrypted data reaches the first preset number of frames, to The updated decryption key decrypts the data.
  • This method uses the interruption technology and the multi-frame frame number based on the data transmission to switch the de-keying.
  • the key switching process can be realized in units of frames, and the speed of key switching can be increased. Up to the millisecond level, which greatly increases the security of business encryption. Compared with the key switching method using software polling in related technologies, the key switching speed is greatly improved.
  • the encryption key information is the encryption key serial number
  • the decryption key information is the decryption key serial number
  • FIG. 6 is a flowchart of another data transmission method provided by an embodiment of the second aspect of the present disclosure.
  • a data transmission method provided by another embodiment of the second aspect of the present disclosure includes: S602: monitoring whether the decryption key information changes; S604: monitoring continuous reception when the decryption key information changes Whether the second multiframe frame number of the encryption key information reaches the third preset frame number; S606: When the second multiframe frame number reaches the third preset frame number, an interrupt signal is issued; S608: According to the interrupt signal , Update the decryption key information with the received encryption key information, and obtain the decryption key; S610: when the first multi-frame frame number of the received data reaches the first preset frame number, decrypt with the decryption key data.
  • the logic device monitors whether the encryption key information transmitted by the sending device has changed. In the case, monitor the number of second multiframe frames received after receiving the changed encryption key information, generate an interrupt signal when the number of second multiframe frames reaches the third preset number of frames, and the receiving device receives the interrupt signal, according to the received.
  • the changed encryption key information transmitted by the transmitted sending device update the decryption key information, and update the decryption key according to the updated decryption key information
  • the first multiframe frame number of the received encrypted data reaches the first preset
  • the data is decrypted with the updated decryption key.
  • This method uses the interrupt technology and the multi-frame frame number based on the data transmission to switch the dekeying.
  • the key switching process can be realized in units of frames.
  • the speed of key switching is increased to the millisecond level, which greatly increases the security of service encryption. Compared with the key switching method using software polling in related technologies, the speed of key switching is greatly improved.
  • the encryption key information is the encryption key serial number
  • the decryption key information is the decryption key serial number
  • the value range of the third preset number of frames is 2 to 10 frames.
  • FIG. 7 is a flowchart of another data transmission method according to an embodiment of the second aspect of the present disclosure.
  • a data transmission method includes: S702: monitoring whether the decryption key information changes; S704: monitoring continuous reception when the decryption key information changes Whether the second multiframe frame number of the encryption key information reaches the third preset frame number; S706: when the second multiframe frame number reaches the third preset frame number, an interrupt signal is issued; S708: according to the interrupt signal , Update the decryption key information with the received encryption key information; generate a decryption key based on the updated decryption key information and the preset key list; S710: the first multiframe frame number of the received data reaches the first In the case of a preset number of frames, the data is decrypted with the decryption key.
  • the logic device monitors whether the encryption key information transmitted by the sending device has changed. In the case, monitor the number of second multiframe frames received after receiving the changed encryption key information, generate an interrupt signal when the number of second multiframe frames reaches the third preset number of frames, and the receiving device receives the interrupt signal, according to the received
  • the updated encryption key information transmitted to the sending device is updated, the decryption key information is updated, and a new decryption key is generated according to the updated decryption key information and the preset key list, and the first copy of the encrypted data is received
  • the updated decryption key is used to decrypt the data.
  • This method uses the interrupt technology and the number of multi-frame frames based on data transmission to switch the key decryption.
  • the unit key switching process can increase the speed of key switching to milliseconds, which greatly increases the security of business encryption. Compared with the key switching method that uses software polling in related technologies, key switching The speed has been greatly improved.
  • the encryption key information is the encryption key serial number
  • the decryption key information is the decryption key serial number
  • the value range of the third preset number of frames is 2 to 10 frames.
  • an embodiment of the third aspect of the present disclosure provides a sending device 800 of a data transmission system, including: a processor 802, a memory 804, and a computer program stored on the memory and executable on the processor 802,
  • the processor 802 executes the computer program, the encryption key information is updated according to the interrupt signal; the updated encryption key information is transmitted, and the key is updated according to the updated encryption key information to obtain the encryption key;
  • the number of first multi-frame frames reaches the first preset number of frames, the data is encrypted by the encryption key, and the data is transmitted.
  • the logic device detects the occurrence of a preset event and generates an interrupt signal. After the sending apparatus receives the interrupt signal, Update the encryption key information, update the encryption key according to the encryption key information, and store the updated encryption key, and transmit the updated encryption key information to the receiving device, so that the receiving device can update the encrypted key according to the updated encryption key Key information, update the decryption key information, and encrypt the data with the updated encryption key when the number of the first multi-frame frames of the encrypted data reaches the first preset frame number, and transfer the updated encryption key information It is transmitted to the receiving device through the reserved overhead, and the receiving device decrypts the received encrypted data based on the decrypted key information generated by the updated decryption key information.
  • This method uses the interrupt technology and the number of multiframe frames based on the data transmission to perform the key Switching can realize the key switching process in units of frames, which can increase the speed of key switching to the millisecond level, thereby greatly increasing the security of service encryption, compared with the key switching using software polling in related technologies In terms of methods, the key switching speed has been greatly improved.
  • the method before updating the encryption key information according to the interrupt signal, the method further includes: monitoring the number of first multiframe frames of the transmitted data; when the number of first multiframe frames reaches the second preset number of frames , An interrupt signal is issued; wherein, the second preset number of frames is less than the first preset number of frames.
  • the key is updated according to the updated encryption key information to obtain the encryption key, specifically: the encryption key is generated according to the updated encryption key information and the preset key list.
  • the encryption key information is an encryption key serial number.
  • the step of updating the encryption key information specifically includes: adding the encryption key serial number to a preset value to obtain the updated encryption key serial number.
  • an embodiment of the fourth aspect of the present disclosure provides a receiving device 900 of a data transmission system: a processor 902, a memory 904, and a computer program stored on the memory 904 and executable on the processor 902, to process
  • the computer 902 executes the computer program, it realizes: in the process of receiving the encrypted data, according to the interrupt signal, with the received encryption key information transmitted by the sending device, the decryption key information is updated to obtain the decryption key;
  • the number of multi-frame frames reaches the first preset number of frames, the data is decrypted with the first decryption key.
  • a receiving apparatus 900 of a data transmission system provided by an embodiment of the fourth aspect of the present disclosure, during the process in which the receiving apparatus receives the encrypted data transmitted by the sending apparatus, the logic device detects the occurrence of a preset event, generates an interrupt signal, and the receiving apparatus receives After the interrupt signal, the decryption key information is updated according to the received encryption key information transmitted by the sending device, and the decryption key is updated according to the decryption key information.
  • the number of frames in the first multiframe of the received encrypted data reaches the first preset In the case of the number of frames, the data is decrypted with the updated decryption key.
  • This method uses the interrupt technology and the multi-frame frame number based on the data transmission to switch the dekeying.
  • the key switching process can be realized in units of frames.
  • the speed of key switching is increased to the millisecond level, which greatly increases the security of service encryption. Compared with the key switching method using software polling in related technologies, the speed of key switching is greatly improved
  • it further includes: monitoring whether the decryption key information has changed; based on the situation where the decryption key information has changed, monitoring whether the number of second multiframe frames transmitting the encryption key information continues to the third pre Set the frame number; based on the second multi-frame frame number for the third preset frame number, an interrupt signal is issued.
  • the decryption key information is updated according to the received encryption key information transmitted by the sending device, and the decryption key is obtained as follows: the decryption key information is updated according to the encryption key information transmitted by the sending device; The updated decryption key information and the preset key list generate a decryption key.
  • the encryption key information is an encryption key serial number.
  • an embodiment of the fifth aspect of the present disclosure provides a data transmission system 1000, including: a sending device 800 of the data transmission system as provided in any of the embodiments of the third aspect described above; and the fourth aspect described above
  • the receiving device 900 of the data transmission system of any of the embodiments wherein, the transmitting device 800 of the data transmission system transmits the updated encryption key information to the receiving device 900 of the data transmission system; the receiving device of the transmission system is based on The received updated encryption key information generates an interrupt signal.
  • the logic device detects the occurrence of a preset event, generates an interrupt signal, and after the receiving device receives the interrupt signal, updates the encrypted password Key information, and update the encryption key according to the encryption key information, and store the updated encryption key, and transmit the updated encryption key information to the receiving device, so that the receiving device according to the updated encryption key information, Update the decryption key information, and encrypt the data with the updated encryption key when the number of first multiframe frames of the encrypted data reaches the first preset number of frames, and pass the updated encryption key information through the reserved overhead Transmission to the receiving device, the receiving device decrypts the received encrypted data based on the decryption key generated by the updated decryption key information, and the receiving device receives the encrypted data transmitted by the transmitting device, the logic device detects a preset event Occurs, generates an interrupt signal, and after receiving the interrupt signal, the receiving device updates the decryption
  • the updated decryption key is used to decrypt the data.
  • This method can be implemented by interrupting the technology and switching the de-keying based on the number of multi-frame frames of data transmission.
  • the frame-based key switching process can increase the speed of key switching to milliseconds, which greatly increases the security of business encryption. Compared with the key switching method that uses software polling in related technologies, The key switching speed has been greatly improved.
  • the logic device monitors the number of first multiframe frames transmitting the encrypted data, and when it is detected that the number of first multiframe frames reaches the second preset number of frames, Generate an interrupt signal.
  • the sending device adds M to the encryption key serial number being applied to generate a new encryption key serial number, and according to the encryption key serial number and the preset key list Generate an encryption key, store the newly generated encryption key, and transmit the updated encryption key serial number to the receiving device, so that the receiving device updates the decryption key serial number according to the updated encryption key serial number, and
  • the data is encrypted with the updated encryption key, and the updated encryption key serial number is transmitted to the receiving device through the reserved overhead to receive
  • the device decrypts the received encrypted data based on the decryption key generated by the updated decryption key serial number.
  • the logic device monitors whether the encrypted key information transmitted by the sending device is Changes, when the encryption key information changes, monitor the number of second multiframe frames received after receiving the changed encryption key information, and generate when the number of second multiframe frames reaches the third preset number of frames Interrupt signal, the receiving device receives the interrupt signal, updates the decryption key information according to the received encrypted key information transmitted by the transmitting device, and generates a new decryption according to the updated decryption key information and the preset key list Key, when the number of frames in the first multiframe of the received encrypted data reaches the first preset number of frames, the data is decrypted with the updated decryption key.
  • This method uses interrupt technology and the number of frames in the multiframe based on data transmission.
  • Decryption key switching can realize the key switching process in units of frames, which can increase the speed of key switching to the millisecond level, thereby greatly increasing the security of business encryption, compared with the use of software polling in related technologies
  • M is a preset value.
  • This method uses the interrupt technology and the key switch based on the number of multi-frame frames of data transmission, which can realize the key switch process in frame units, which can increase the speed of key switch to the millisecond level, thereby greatly increasing the business
  • the security of encryption is greatly improved compared to the key switching method using software polling in related technologies.
  • the data transmission system provided by the present disclosure implements millisecond-level key switching, uses OTN reserved overhead to transfer encryption key information, and uses interrupt signals instead of polling tasks to process the loading of updated encryption keys and decryption keys.
  • the following table 1 shows a structure diagram of the reserved overhead.
  • the reserved overhead can be used for user-defined transmission of information.
  • 8 bytes are occupied, and the transmission is used for encryption.
  • Key switching information (encryption key information), where request_id (identity information) is used to ensure that the sending device (encrypting end) and receiving device (decrypting end) use the same id (identity) to apply for the key from the key device, and encrypt the secret
  • the key serial number is used to ensure that the sending device and the receiving device use the same serial number key
  • bob_apply_key is used to notify the receiving device to apply for the key
  • alice_apply_key is used to notify the sending device to reapply for the key.
  • the transfer and processing speed of key_sn determine the efficiency of key switching.
  • request_id is the key application id, used to ensure that the sending device and the receiving device use the same request_id to initiate an application to the key device.
  • 7 bytes are reserved bytes, 8 bytes are divided into 4 parts, of which bit 7 is used by the sending device to notify the receiving device to apply for the key, bit 6 is used by the receiving device to notify the receiving device to apply for the key again, bit 5 is The reserved bits, bit4 to bit0, are used to transmit the key sequence number key_sn.
  • the devices involved in the present disclosure are an optical transmission network sending device and its corresponding key device and gateway, an optical transmission network receiving and sending device and its corresponding key device and gateway are off, and the unencrypted client side any (Any)
  • the services are aggregated and encrypted by the optical transmission network transmission equipment of the transmission device and then transmitted on the optical network.
  • the optical transmission network reception and transmission equipment of the reception device decrypts and demaps the unencrypted client-side business.
  • the key device includes a logic device.
  • the key application process of the encryption device of the present disclosure is described.
  • the steps are as follows: In the first step, the optical transmission network sending device initiates a key application to its key device; in the second step, the optical transmission network sends The device notifies the receiving device of the optical transmission network to apply for a key; in the third step, the key device of the transmitting device of the optical transmission network notifies the key device of the receiving device of the optical transmission network that the key application of the transmitting device of the optical transmission network has been received; fourth Step 5, the optical transmission network receiving device initiates a key application to its key device; fifth step, the optical transmission network receiving device key device receives the key device notification of the optical transmission network sending device and the optical transmission network receiving device's After applying, verify the request_id.
  • the key device of the optical transmission network receiving device notifies the optical transmission network that the key device of the sending device can transmit to the optical
  • the network sending device delivers the key
  • the key device of the optical transmission network sending device delivers the same key to the optical transmission network sending device, where the key matches the key in the sixth step
  • the key device of the optical transmission network sending device sets alice_apply_key to Method 1 notifies the key equipment of the optical transmission network receiving equipment to initiate the key application, and also passes the request_id, which is the key application id.
  • the request_id which is the key application id.
  • the sending device and the receiving device use the same request_id for encryption When the key is applied, the key device will issue the key normally.
  • the sending device and the receiving device need to keep the same key used at both ends during the key update process. This disclosure guarantees the two by passing the key sequence number, key_sn The end uses the same key.
  • the present disclosure can realize reading and writing of OTN reservation overhead, and at the same time can obtain the first preset frame number (MFI) and the first multiframe frame number (MFI_CNT) corresponding to the key update period.
  • MFI preset frame number
  • MFI_CNT first multiframe frame number
  • the sending device transmits key_sn plus 1 to the receiving device through reserved overhead, and increases key_sn by 1
  • the corresponding encryption key is loaded into the backup key (the updated encryption key).
  • the FPGA programmable logic array, which belongs to the logic device) of the receiving device monitors the change of key_sn according to the frame.
  • the receiving device loads the decryption key corresponding to key_sn plus 1 to the backup key (the updated decryption key Key), after the first multiframe frame number reaches the first preset frame number (MFI), the sending device and the receiving device switch to the backup key in the next multiframe synchronously, the entire switching cycle is 3 multiframe cycles, that is, when When the line-side service is OTU4 (a type of optical conversion unit), the fastest speed of key switching can reach 1ms.
  • OTU4 a type of optical conversion unit
  • the interaction flow between the sending device and the receiving device in the data transmission system shown in FIG. 13 is as follows: S1302: the sending device monitors the first multiframe frame number; S1304: determines whether the first multiframe frame number reaches the first preset frame number minus 2; In the case that the first multiframe frame number has not reached the first preset frame number minus 2, execute S1302 to continue monitoring the first multiframe frame number, after the first multiframe frame number reaches the first preset frame number minus In the case of 2, execute S1306 and S1310; S1306: generate an interrupt signal to notify the optical transmission network sending device; S1308: configure the backup key to load; S1310: update the key serial number and write the reserved overhead; save the key through the reserved overhead
  • the serial number is transmitted to the receiving device; S1312: the receiving device monitors the key serial number; S1314: determines whether the key serial number has changed; if the key serial number has not changed, execute S1312 to continue monitoring the key serial number, When the key serial number has changed, execute
  • the application in the optical transmission network sending device of the sending device converts the key switching period configured by the network management into The first preset multiframe MFI is configured to the key device.
  • the key device monitors the overhead data in real time.
  • the overhead data includes the first preset multiframe MFI and the first multiframe frame number MFI_CNT.
  • the execution process of the data transmission system is as follows: the first step: the key device of the sending device obtains MFI and monitors MFI_CNT in real time; the second step: judges whether MFI_CNT reaches MFI-2, if it does not reach continue monitoring, if it reaches Skip to the third step; the third step: the MCU (processor) of the sending device receives the interrupt signal, and then adds 1 to key_sn to the optical transmission network receiving device of the receiving device through the reserved overhead; the fourth step: the sending device After detecting the interrupt signal, the application program of the optical transmission network sending device configures the corresponding key after adding key_sn to 1 to the backup key of its key device; Step 5: The receiving device monitors the key_sn in each frame OTN Change, if the key_sn changes (plus 1) after step 3, skip to step 6; Step 6: The key device of the receiving device confirms whether the change of key_sn can be maintained for 3 frames, if the monitoring cannot be continued, if Can jump to the
  • An embodiment of the sixth aspect of the present disclosure provides a computer-readable storage medium on which a computer program is stored, and when the computer program is executed by a processor, the data transmission method provided by any one of the above embodiments of the first aspect, or the above The data transmission method provided by any one of the embodiments of the second aspect.
  • the above technical solutions provided by the embodiments of the present disclosure have the following advantages: the data transmission method, the data transmission system sending device, the data transmission system receiving device, the data transmission system, and the computer-readable storage provided by the embodiment of the present disclosure Media, through interrupt technology, the sending device receives the interrupt signal, updates the key encryption information, transmits the updated key encryption information to the receiving device, so that the receiving device updates the decryption key according to the updated encryption key information, and the sending device According to the updated key encryption information, the encryption key is updated, and after the first multiframe frame number reaches the first preset frame number, the updated encryption key is used to encrypt the data, thereby realizing frame-based
  • the unit key switching process can increase the speed of key switching to the millisecond level, thereby greatly increasing the security of business encryption.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Electromagnetism (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The present disclosure relates to a data transmission method, a sending device for a data transmission system, a receiving device for a data transmission system, a data transmission system, and a computer-readable storage medium. The data transmission method comprises: updating encryption key information according to an interrupt signal; transmitting the updated encryption key information, and updating a key according to the updated encryption key information to obtain an encryption key; and where the number of first multiple frames of transmission data reaches a first pre-set number of frames, encrypting the data by means of the encryption key, and transmitting the data.

Description

数据传输方法、数据传输系统及其发送装置与接收装置Data transmission method, data transmission system and its sending device and receiving device

本公开要求享有2018年12月29日提交的名称为“数据传输方法、数据传输系统及其发送装置与接收装置”的中国专利申请CN201811646881.9的优先权,其全部内容通过引用并入本文中。This disclosure requires the priority of Chinese patent application CN201811646881.9, entitled "Data transmission method, data transmission system and its transmitting device and receiving device", filed on December 29, 2018, the entire contents of which are incorporated herein by reference .

技术领域Technical field

本公开涉及通信领域,尤其涉及一种数据传输方法、一种数据传输方法、一种数据传输系统的发送装置、一种数据传输系统的接收装置、一种数据传输系统、一种计算机可读存储介质。The present disclosure relates to the field of communications, and in particular to a data transmission method, a data transmission method, a sending device of a data transmission system, a receiving device of a data transmission system, a data transmission system, and a computer-readable storage medium.

背景技术Background technique

随着互联网的发展,为了加强敏感业务在OTN(Optical Transport Network,即光传送网)传输网络中传输的安全性,同时适应OTN设备日趋下沉、直接承载任何(any)业务的发展趋势,在OTN传送设备中叠加加密功能成为OTN安全传输方案的必然选择,通过在OTN设备中叠加加密模块,可对OTN设备客户端口接入的any业务在物理层进行加密,客户业务经过加密模块后以加密形式在运营商的OTN网络上传输,在远端离开OTN网络时进行解密,确保业务传输的安全性。With the development of the Internet, in order to strengthen the security of the transmission of sensitive services in the OTN (Optical Transport Network) transmission network, and at the same time adapt to the growing trend of OTN equipment sinking and directly carrying any business, in The overlay encryption function in the OTN transmission equipment has become an inevitable choice for OTN secure transmission solutions. By overlaying the encryption module in the OTN equipment, any services accessed by the customer port of the OTN equipment can be encrypted at the physical layer, and the customer business is encrypted after passing through the encryption module The form is transmitted on the operator's OTN network, and decrypted when the remote end leaves the OTN network to ensure the security of service transmission.

根据密钥的来源,OTN加密分为本地生成密钥的方式和独立密钥设备分发密钥的方式。根据密钥传送方式,OTN加密分为带内传送和带外传送。根据密钥切换方式,OTN加密分为固定密钥和定时切换密钥方式。According to the source of the key, OTN encryption is divided into a local key generation method and an independent key device distribution key method. According to the key transmission method, OTN encryption is divided into in-band transmission and out-of-band transmission. According to the key switching method, OTN encryption is divided into fixed key and timing key switching methods.

对于定时切换密钥方式,密钥切换的效率在一定程度上影响着加密的安全性,密钥更新越快,加密的业务越不容易被破解,在密钥更新过程中,通过安全管理通信通道,传递信息,在新旧密钥切换过程中,确保不对加密业务造成损伤,实现密钥无损切换。For the key switching method at regular intervals, the efficiency of key switching affects the security of encryption to a certain extent. The faster the key update, the less likely the encrypted business is to be cracked. During the key update process, the communication channel is managed through security , To transfer information, in the process of switching between the new and old keys, to ensure that no damage to the encrypted business, to achieve lossless key switching.

目前,密钥切换多是软件定时轮询任务参与处理,密钥切换周期较长,通常为秒级。At present, the key switch is mostly involved in the processing of software periodic polling tasks, and the key switch period is relatively long, usually in the order of seconds.

发明内容Summary of the invention

为了解决上述技术问题或者至少部分地解决上述技术问题,本公开提供了一种能够缩短密钥切换周期,使其从秒级缩短到毫秒级,极大地提高业务加密的安全性的用于发送装置的数据传输方法、与之相匹配的用于接收装置的数据传输方法、一种数据传输系统的发送装置、一种数据传输系统的接收装置、一种数据传输系统、一种计算机可读存储介质。In order to solve the above technical problems, or at least partially solve the above technical problems, the present disclosure provides a transmission device that can shorten the key switching cycle from the second level to the millisecond level, greatly improving the security of service encryption Data transmission method, matching data transmission method for a receiving device, a data transmission system transmission device, a data transmission system reception device, a data transmission system, a computer readable storage medium .

第一方面,本公开提供了一种数据传输方法,包括:根据中断信号,更新加密密钥信息;传输更新后的加密密钥信息,并根据更新后的加密密钥信息更新密钥,得到加密密钥;在传输数据的第一复帧帧数达到第一预设帧数情况下,通过加密密钥加密数据,并传输数据。In the first aspect, the present disclosure provides a data transmission method, including: updating encryption key information according to an interrupt signal; transmitting updated encryption key information, and updating the key according to the updated encryption key information to obtain encryption Key; when the number of frames in the first multiframe of the transmitted data reaches the first preset number of frames, the data is encrypted by the encryption key and the data is transmitted.

第二方面,本公开提供了一种数据传输方法,包括:根据中断信号,以接收到的加密密钥信息,更新解密密钥信息,并得到解密密钥;在接收数据的第一复帧帧数达到第一预设帧数的情况下,以解密密钥解密所述数据。In a second aspect, the present disclosure provides a data transmission method, including: updating the decryption key information with the received encryption key information according to the interrupt signal, and obtaining the decryption key; at the first multiframe frame of the received data When the number reaches the first preset number of frames, the data is decrypted with the decryption key.

第三方面,本公开提供了一种数据传输系统的发送装置,包括:处理器、存储器以及存储在存储器上并可在处理器上运行的计算机程序,处理器执行计算机程序时实现:根据中断信号,更新加密密钥信息;传输更新后的加密密钥信息,并根据更新后的加密密钥信息更新密钥,得到加密密钥;在传输数据的第一复帧帧数达到第一预设帧数情况下,通过加密密钥加密数据,并传输数据。In a third aspect, the present disclosure provides a transmission device for a data transmission system, including: a processor, a memory, and a computer program stored on the memory and executable on the processor, which is implemented when the processor executes the computer program: according to an interrupt signal , Update the encryption key information; transmit the updated encryption key information, and update the key according to the updated encryption key information to obtain the encryption key; the number of frames in the first multiframe of the transmitted data reaches the first preset frame In several cases, the data is encrypted by the encryption key and the data is transmitted.

第四方面,本公开提供了一种数据传输系统的接收装置,包括:处理器、存储器以及存储在存储器上并可在处理器上运行的计算机程序,处理器执行计算机程序时实现:根据中断信号,以接收到的发送装置传输的加密密钥信息,更新解密密钥信息,并得到解密密钥;在接收数据的第一复帧帧数达到第一预设帧数情况下,以解密密钥解密所述数据。According to a fourth aspect, the present disclosure provides a receiving device of a data transmission system, including: a processor, a memory, and a computer program stored on the memory and runable on the processor, which is implemented when the processor executes the computer program: according to an interrupt signal , Update the decryption key information with the received encryption key information transmitted by the sending device, and obtain the decryption key; when the number of first multiframe frames of the received data reaches the first preset number of frames, use the decryption key Decrypt the data.

第五方面,本公开提供了一种数据传输系统,包括:如上述技术方案中任一项所述的数据传输系统的发送装置;以及如上述技术方案中任一项所述数据传输系统的接收装置;其中,数据传输系统的发送装置将更新后的加密密钥信息传输至数据传输系统的接收装置;传输系统的接收装置根据接收到的更新后的加密密钥信息,生成中断信号。According to a fifth aspect, the present disclosure provides a data transmission system, including: the sending device of the data transmission system according to any one of the above technical solutions; and the receiving of the data transmission system according to any one of the above technical solutions Device; wherein, the sending device of the data transmission system transmits the updated encryption key information to the receiving device of the data transmission system; the receiving device of the transmission system generates an interrupt signal according to the received updated encryption key information.

第六方面,本公开提供了一种计算机可读存储介质,其上存储有计算机程序,计算机程序被处理器执行时实现如上述技术方案中任一项所述的数据传输方法,或如上述技术方案中任一项所述的数据传输的加密方法。In a sixth aspect, the present disclosure provides a computer-readable storage medium on which a computer program is stored, and when the computer program is executed by a processor, the data transmission method described in any one of the above technical solutions, or the above technology is implemented The encryption method for data transmission according to any one of the solutions.

附图说明BRIEF DESCRIPTION

此处的附图被并入说明书中并构成本说明书的一部分,示出了符合本公开的实施例,并与说明书一起用于解释本公开的原理。The drawings herein are incorporated into and constitute a part of this specification, show embodiments consistent with this disclosure, and are used together with the specification to explain the principles of this disclosure.

为了更清楚地说明本公开实施例或一些情况中的技术方案,下面将对实施例或一些情况描述中所需要使用的附图作简单地介绍,显而易见地,对于本领域普通技术人员而言,在不付出创造性劳动性的前提下,还可以根据这些附图获得其他的附图。In order to more clearly explain the technical solutions in the embodiments or some cases of the present disclosure, the following will briefly introduce the drawings used in the description of the embodiments or some cases. Obviously, for those of ordinary skill in the art, On the premise of not paying creative labor, other drawings can also be obtained from these drawings.

图1为本公开第一方面实施例提供的一种数据传输方法的流程图;1 is a flowchart of a data transmission method according to an embodiment of the first aspect of the present disclosure;

图2为本公开第一方面实施例提供的另一种数据传输方法的流程图;2 is a flowchart of another data transmission method provided by an embodiment of the first aspect of the present disclosure;

图3为本公开第一方面实施例提供的另一种数据传输方法的流程图;3 is a flowchart of another data transmission method provided by an embodiment of the first aspect of the present disclosure;

图4为本公开第一方面实施例提供的另一种数据传输方法的流程图;4 is a flowchart of another data transmission method provided by an embodiment of the first aspect of the present disclosure;

图5为本公开第二方面实施例提供的一种数据传输方法的流程图;5 is a flowchart of a data transmission method according to an embodiment of the second aspect of the present disclosure;

图6为本公开第二方面实施例提供的另一种数据传输方法的流程图;6 is a flowchart of another data transmission method provided by an embodiment of the second aspect of the present disclosure;

图7为本公开第二方面实施例提供的另一种数据传输方法的流程图;7 is a flowchart of another data transmission method according to an embodiment of the second aspect of the present disclosure;

图8为本公开第三方面实施例提供的一种数据传输系统的发送装置的示意框图;8 is a schematic block diagram of a sending device of a data transmission system according to an embodiment of the third aspect of the present disclosure;

图9为本公开第四方面实施例提供的一种数据传输系统的接收装置的示意框图;9 is a schematic block diagram of a receiving device of a data transmission system according to an embodiment of the fourth aspect of the present disclosure;

图10为本公开第四方面实施例提供的一种数据传输系统的示意框图;10 is a schematic block diagram of a data transmission system according to an embodiment of the fourth aspect of the present disclosure;

图11为本公开第五方面实施例提供的一种数据传输系统的加密传输网络的示意图;11 is a schematic diagram of an encrypted transmission network of a data transmission system provided by an embodiment of the fifth aspect of the present disclosure;

图12为本公开第五方面实施例提供的一种数据传输系统的加密设备的密钥申请的示意图;12 is a schematic diagram of a key application for an encryption device of a data transmission system provided by an embodiment of the fifth aspect of the present disclosure;

图13为本公开第五方面实施例提供的一种数据传输系统中发送装置与接收装置的交互图。13 is an interaction diagram of a sending device and a receiving device in a data transmission system according to an embodiment of the fifth aspect of the present disclosure.

具体实施方式detailed description

为使本公开实施例的目的、技术方案和优点更加清楚,下面将结合本公开实施例中的附图,对本公开实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本公开的一部分实施例,而不是全部的实施例。基于本公开中的实施例,本领域普通技术人员在没有做出创造性劳动的前提下所获得的所有其他 实施例,都属于本公开保护的范围。To make the objectives, technical solutions, and advantages of the embodiments of the present disclosure clearer, the technical solutions in the embodiments of the present disclosure will be described clearly and completely in conjunction with the drawings in the embodiments of the present disclosure. Obviously, the described embodiments It is a part of the embodiments of the present disclosure, but not all the embodiments. Based on the embodiments in the present disclosure, all other embodiments obtained by a person of ordinary skill in the art without creative efforts shall fall within the protection scope of the present disclosure.

图1为本公开第一方面实施例提供的一种数据传输方法的流程图。FIG. 1 is a flowchart of a data transmission method according to an embodiment of the first aspect of the present disclosure.

如图1所示,本公开一个第一方面实施例提供的数据传输方法,包括:S102:根据中断信号,更新加密密钥信息;S104:传输更新后的加密密钥信息,并根据更新后的加密密钥信息更新密钥,得到加密密钥;S106:在传输数据的第一复帧帧数达到第一预设帧数情况下,通过加密密钥加密数据,并传输数据。As shown in FIG. 1, a data transmission method provided by an embodiment of the first aspect of the present disclosure includes: S102: updating encryption key information according to an interrupt signal; S104: transmitting updated encryption key information, and according to the updated The encryption key information updates the key to obtain an encryption key; S106: When the number of first multiframe frames of the transmitted data reaches the first preset number of frames, the data is encrypted by the encryption key and the data is transmitted.

本公开的一个第一方面实施例提供的数据传输方法,逻辑器件监测到预设事件的发生,生成中断信号,发送装置接收到中断信号后,更新加密密钥信息,并根据加密密钥信息更新加密密钥,并存储更新后的加密密钥,以及,将更新后的加密密钥信息传输至接收装置,以便接收装置根据更新后的加密密钥信息,更新解密密钥信息,并在传输加密数据的第一复帧帧数达到第一预设帧数情况下,以更新后的加密密钥加密数据,并将更新后的加密密钥信息通过保留开销传输至接收装置,接收装置根据更新后的解密密钥信息生成的解密密钥,解密接收到的加密数据,该方法通过中断技术,以及基于数据传输的复帧帧数进行密钥的切换,可实现以帧为单位密钥切换过程,可将密钥切换的速度提升至毫秒级,进而极大地增加了业务加密的安全性,相较于相关技术中采用软件轮询的密钥切换方式而言,密钥切换速度得到极大的提升。In a data transmission method provided by an embodiment of the first aspect of the present disclosure, the logic device detects the occurrence of a preset event, generates an interrupt signal, and after the transmission device receives the interrupt signal, updates the encryption key information and updates it according to the encryption key information Encryption key, and store the updated encryption key, and transmit the updated encryption key information to the receiving device, so that the receiving device updates the decryption key information according to the updated encryption key information, and transmits encryption When the number of frames of the first multiframe of the data reaches the first preset number of frames, the data is encrypted with the updated encryption key, and the updated encryption key information is transmitted to the receiving device through the reserved overhead. The decryption key generated by the decryption key information decrypts the received encrypted data. This method uses the interruption technology and the key switch based on the number of multi-frame frames of data transmission to achieve the key switch process in frames. The speed of key switching can be increased to the millisecond level, which greatly increases the security of business encryption. Compared with the key switching method using software polling in related technologies, the speed of key switching is greatly improved .

其中,加密密钥信息为加密密钥序列号。The encryption key information is the encryption key serial number.

图2为本公开第一方面实施例提供的另一种数据传输方法的流程图;2 is a flowchart of another data transmission method provided by an embodiment of the first aspect of the present disclosure;

如图2所示,本公开另一个第一方面实施例提供的数据传输方法,包括:S202:监测传输数据的第一复帧帧数;S204:在第一复帧帧数到达第二预设帧数的情况下,发出中断信号;其中,第二预设帧数小于第一预设帧数;S206:根据中断信号,更新加密密钥信息;S208:传输更新后的加密密钥信息,并根据更新后的加密密钥信息更新密钥,得到加密密钥;S210:在传输数据的第一复帧帧数达到第一预设帧数情况下,通过加密密钥加密数据,并传输数据。As shown in FIG. 2, a data transmission method provided by another embodiment of the first aspect of the present disclosure includes: S202: monitoring the number of first multiframe frames for transmitting data; S204: when the number of first multiframe frames reaches a second preset In the case of the number of frames, an interrupt signal is issued; wherein, the second preset number of frames is less than the first preset number of frames; S206: update the encryption key information according to the interrupt signal; S208: transmit the updated encryption key information, and Update the key according to the updated encryption key information to obtain an encryption key; S210: When the number of first multiframe frames of the transmitted data reaches the first preset number of frames, encrypt the data by the encryption key and transmit the data.

本公开另一个第一方面实施例提供的数据传输方法,在发送装置传输加密数据的过程中,逻辑器件监测传输加密数据的第一复帧帧数,在监测到第一复帧帧数到达第二预设帧数的情况下,生成中断信号,发送装置接收到中断信号后,更新加密密钥信息,并根据加密密钥信息更新加密密钥,并存储更新后的加密密钥,以及,将更新后的加密密钥信息传输至接收装置,以便接收装置根据更新后的加密密钥信息,更新解密密钥信息,并在传输加密数据的第一复帧帧数达到第一预 设帧数情况下,以更新后的加密密钥加密数据,并将更新后的加密密钥信息通过保留开销传输至接收装置,接收装置根据更新后的解密密钥信息生成的解密密钥,解密接收到的加密数据,该方法通过中断技术,以及基于数据传输的复帧帧数进行密钥的切换,可实现以帧为单位密钥切换过程,可将密钥切换的速度提升至毫秒级,进而极大地增加了业务加密的安全性,相较于相关技术中采用软件轮询的密钥切换方式而言,密钥切换速度得到极大的提升。According to a data transmission method provided by another embodiment of the first aspect of the present disclosure, during the transmission of encrypted data by the sending device, the logic device monitors the number of first multiframe frames transmitting the encrypted data, and after detecting that the number of first multiframe frames reaches the In the case of two preset frames, an interrupt signal is generated. After receiving the interrupt signal, the sending device updates the encryption key information, updates the encryption key according to the encryption key information, and stores the updated encryption key, and, The updated encryption key information is transmitted to the receiving device, so that the receiving device updates the decryption key information according to the updated encryption key information, and the number of frames in the first multiframe of the transmitted encrypted data reaches the first preset number of frames Next, encrypt the data with the updated encryption key, and transmit the updated encryption key information to the receiving device through the reserved overhead. The receiving device decrypts the received encryption based on the decryption key generated by the updated decryption key information. Data, this method uses the interrupt technology and the number of multi-frame frames based on data transmission to switch the key, which can realize the key switching process in frame units, which can increase the speed of key switching to the millisecond level, which greatly increases To improve the security of service encryption, the key switching speed has been greatly improved compared to the key switching method using software polling in related technologies.

其中,加密密钥信息为加密密钥序列号;第二预设帧数小于第一预设帧数。The encryption key information is the encryption key serial number; the second preset number of frames is less than the first preset number of frames.

在一个实施例中,第一预设帧数等于第二预设帧数加N帧,其中,N的取值范围为2至10。In one embodiment, the first preset number of frames is equal to the second preset number of frames plus N frames, where the value of N ranges from 2 to 10.

图3为本公开第一方面实施例提供的另一种数据传输方法的流程图;3 is a flowchart of another data transmission method provided by an embodiment of the first aspect of the present disclosure;

如图3所示,本公开另一个第一方面实施例提供的数据传输方法,包括:S302:监测传输数据的第一复帧帧数;S304:在第一复帧帧数到达第二预设帧数的情况下,发出中断信号;其中,第二预设帧数小于第一预设帧数;S306:根据中断信号,更新加密密钥信息;S308:传输更新后的加密密钥信息,并根据更新后的加密密钥信息与预设密钥列表生成加密密钥;S310:在传输数据的第一复帧帧数达到第一预设帧数情况下,通过加密密钥加密数据,并传输数据。As shown in FIG. 3, a data transmission method provided by another embodiment of the first aspect of the present disclosure includes: S302: monitoring the number of first multiframe frames for transmitting data; S304: when the number of first multiframe frames reaches the second preset In the case of the number of frames, an interrupt signal is issued; wherein, the second preset number of frames is less than the first preset number of frames; S306: update the encryption key information according to the interrupt signal; S308: transmit the updated encryption key information, and Generate an encryption key according to the updated encryption key information and the preset key list; S310: When the number of first multiframe frames of the transmitted data reaches the first preset number of frames, encrypt the data with the encryption key and transmit data.

本公开另一个第一方面实施例提供的数据传输方法,在发送装置传输加密数据的过程中,逻辑器件监测传输加密数据的第一复帧帧数,在监测到第一复帧帧数到达第二预设帧数的情况下,生成中断信号,发送装置接收到中断信号后,更新加密密钥信息,并根据加密密钥信息与预设密钥列表生成加密密钥,存储新生成的加密密钥,以及,将更新后的加密密钥信息传输至接收装置,以便接收装置根据更新后的加密密钥信息,更新解密密钥信息,并在传输加密数据的第一复帧帧数达到第一预设帧数情况下,以更新后的加密密钥加密数据,并将更新后的加密密钥信息通过保留开销传输至接收装置,接收装置根据更新后的解密密钥信息生成的解密密钥,解密接收到的加密数据,该方法通过中断技术,以及基于数据传输的复帧帧数进行密钥的切换,可实现以帧为单位密钥切换过程,可将密钥切换的速度提升至毫秒级,进而极大地增加了业务加密的安全性,相较于相关技术中采用软件轮询的密钥切换方式而言,密钥切换速度得到极大的提升。According to a data transmission method provided by another embodiment of the first aspect of the present disclosure, during the transmission of encrypted data by the sending device, the logic device monitors the number of first multiframe frames transmitting the encrypted data, and after detecting that the number of first multiframe frames reaches the In the case of two preset frames, an interrupt signal is generated. After receiving the interrupt signal, the sending device updates the encryption key information, generates an encryption key according to the encryption key information and the preset key list, and stores the newly generated encryption key Key, and transmit the updated encryption key information to the receiving device, so that the receiving device updates the decryption key information according to the updated encryption key information, and reaches the first number of frames in the first multiframe of the transmitted encrypted data In the case of a preset number of frames, data is encrypted with the updated encryption key, and the updated encryption key information is transmitted to the receiving device through the reserved overhead, and the receiving device generates the decryption key based on the updated decryption key information. To decrypt the received encrypted data, this method uses the interrupt technology and the key switch based on the number of multi-frame frames of the data transmission, which can realize the key switching process in units of frames, which can increase the speed of key switching to the millisecond level In addition, the security of service encryption is greatly increased. Compared with the key switching method using software polling in related technologies, the key switching speed is greatly improved.

其中,加密密钥信息为加密密钥序列号;第二预设帧数小于第一预设帧数。The encryption key information is the encryption key serial number; the second preset number of frames is less than the first preset number of frames.

在一个实施例中,第一预设帧数等于第二预设帧数加N帧,其中,N的取值范围为2至10。In one embodiment, the first preset number of frames is equal to the second preset number of frames plus N frames, where the value of N ranges from 2 to 10.

图4为本公开第一方面实施例提供的另一种数据传输方法的流程图;4 is a flowchart of another data transmission method provided by an embodiment of the first aspect of the present disclosure;

如图4所示,本公开另一个第一方面实施例提供的数据传输方法,包括:S402:监测传输数据的第一复帧帧数;S404:在第一复帧帧数到达第二预设帧数的情况下,发出中断信号;其中,第二预设帧数小于第一预设帧数;S406:根据中断信号,将加密密钥序列号与预设值进行加法运算以得到更新后的加密密钥序列号;S408:传输更新后的加密密钥序列号,并根据更新后的加密密钥序列号与预设密钥列表生成加密密钥;S410:在传输数据的第一复帧帧数达到第一预设帧数情况下,通过加密密钥加密数据,并传输数据。As shown in FIG. 4, a data transmission method provided by another embodiment of the first aspect of the present disclosure includes: S402: monitoring the number of first multiframe frames transmitting data; S404: reaching the second preset number of first multiframe frames In the case of the number of frames, an interrupt signal is issued; wherein, the second preset number of frames is less than the first preset number of frames; S406: add the encryption key serial number and the preset value according to the interrupt signal to obtain the updated Encryption key serial number; S408: transmit the updated encryption key serial number, and generate an encryption key based on the updated encryption key serial number and the preset key list; S410: transmit the first multiframe frame of the data When the number reaches the first preset number of frames, the data is encrypted by the encryption key, and the data is transmitted.

本公开另一个第一方面实施例提供的数据传输方法,在发送装置传输加密数据的过程中,逻辑器件监测传输加密数据的第一复帧帧数,在监测到第一复帧帧数到达第二预设帧数的情况下,生成中断信号,发送装置接收到中断信号后,将正在应用的加密密钥序列号进行加M的加法运算,生成新的加密密钥序列号,并根据加密密钥序列号与预设密钥列表生成加密密钥,存储新生成的加密密钥,以及,将更新后的加密密钥序列号传输至接收装置,以便接收装置根据更新后的加密密钥序列号,更新解密密钥序列号,并在传输加密数据的第一复帧帧数达到第一预设帧数情况下,以更新后的加密密钥加密数据,并将更新后的加密密钥序列号通过保留开销传输至接收装置,接收装置根据更新后的解密密钥序列号生成的解密密钥,解密接收到的加密数据,该方法通过中断技术,以及基于数据传输的复帧帧数进行密钥的切换,可实现以帧为单位密钥切换过程,可将密钥切换的速度提升至毫秒级,进而极大地增加了业务加密的安全性,相较于相关技术中采用软件轮询的密钥切换方式而言,密钥切换速度得到极大的提升。According to a data transmission method provided by another embodiment of the first aspect of the present disclosure, during the transmission of encrypted data by the sending device, the logic device monitors the number of first multiframe frames transmitting the encrypted data, and after detecting that the number of first multiframe frames reaches the In the case of two preset frames, an interrupt signal is generated. After receiving the interrupt signal, the sending device adds the encryption key serial number being applied by adding M to generate a new encryption key serial number, and according to the encryption key The key serial number and the preset key list generate an encryption key, store the newly generated encryption key, and transmit the updated encryption key serial number to the receiving device, so that the receiving device uses the updated encryption key serial number , Update the decryption key serial number, and when the number of frames in the first multiframe of the encrypted data reaches the first preset number of frames, encrypt the data with the updated encryption key and the updated encryption key serial number It is transmitted to the receiving device through the reserved overhead, and the receiving device decrypts the received encrypted data based on the updated decryption key serial number. This method uses the interrupt technology and the key based on the number of multiframe frames for data transmission. The switch can realize the key switching process in units of frames, which can increase the speed of key switching to the millisecond level, thereby greatly increasing the security of business encryption, compared with the key that uses software polling in related technologies. In terms of the switching method, the key switching speed has been greatly improved.

其中,M为预设数值,M可取任意数值,进一步在一个实施例中,M的取值范围为1至10。Wherein, M is a preset value, and M can take any value. Further, in an embodiment, the value of M ranges from 1 to 10.

在一个实施例中,第一预设帧数等于第二预设帧数加N帧,其中,N的取值范围为2至10。In one embodiment, the first preset number of frames is equal to the second preset number of frames plus N frames, where the value of N ranges from 2 to 10.

图5为本公开第二方面实施例提供的一种数据传输方法的流程图;5 is a flowchart of a data transmission method according to an embodiment of the second aspect of the present disclosure;

如图5所示,本公开一个第二方面实施例提供的数据传输方法,包括:S502:根据中断信号,以接收到的加密密钥信息,更新解密密钥信息,并得到解密密钥;S504:在接收数据的第一复帧帧数达到第一预设帧数的情况下,以解密密钥解密数据。As shown in FIG. 5, a data transmission method provided by an embodiment of the second aspect of the present disclosure includes: S502: update the decryption key information with the received encryption key information according to the interrupt signal, and obtain the decryption key; S504 : When the number of first multi-frame frames of the received data reaches the first preset number of frames, decrypt the data with the decryption key.

本公开一个第二方面实施例提供的数据传输方法,在接收发送装置传输的加 密数据的过程中,逻辑器件监测到预设事件的发生,生成中断信号,接收装置接收到中断信号后,根据接收到的发送装置传输的加密密钥信息,更新解密密钥信息,并根据解密密钥信息更新解密密钥,在接收加密数据的第一复帧帧数达到第一预设帧数情况下,以更新后的解密密钥解密数据,该方法通过中断技术,以及基于数据传输的复帧帧数进行解密钥的切换,可实现以帧为单位密钥切换过程,可将密钥切换的速度提升至毫秒级,进而极大地增加了业务加密的安全性,相较于相关技术中采用软件轮询的密钥切换方式而言,密钥切换速度得到极大的提升。In a data transmission method provided by an embodiment of the second aspect of the present disclosure, during the process of receiving encrypted data transmitted by the sending device, the logic device detects the occurrence of a preset event and generates an interrupt signal. After receiving the interrupt signal, the receiving device The encryption key information transmitted by the sending device to update the decryption key information, and update the decryption key according to the decryption key information, when the number of first multiframe frames of the received encrypted data reaches the first preset number of frames, to The updated decryption key decrypts the data. This method uses the interruption technology and the multi-frame frame number based on the data transmission to switch the de-keying. The key switching process can be realized in units of frames, and the speed of key switching can be increased. Up to the millisecond level, which greatly increases the security of business encryption. Compared with the key switching method using software polling in related technologies, the key switching speed is greatly improved.

其中,加密密钥信息为加密密钥序列号,解密密钥信息为解密密钥序列号。Among them, the encryption key information is the encryption key serial number, and the decryption key information is the decryption key serial number.

图6为本公开第二方面实施例提供的另一种数据传输方法的流程图;6 is a flowchart of another data transmission method provided by an embodiment of the second aspect of the present disclosure;

如图6所示,本公开另一个第二方面实施例提供的数据传输方法,包括:S602:监测解密密钥信息是否发生变化;S604:在解密密钥信息发生变化的情况下,监测连续接收加密密钥信息的第二复帧帧数是否达到第三预设帧数;S606:在第二复帧帧数达到第三预设帧数的情况下,则发出中断信号;S608:根据中断信号,以接收到的加密密钥信息,更新解密密钥信息,并得到解密密钥;S610:在接收数据的第一复帧帧数达到第一预设帧数的情况下,以解密密钥解密数据。As shown in FIG. 6, a data transmission method provided by another embodiment of the second aspect of the present disclosure includes: S602: monitoring whether the decryption key information changes; S604: monitoring continuous reception when the decryption key information changes Whether the second multiframe frame number of the encryption key information reaches the third preset frame number; S606: When the second multiframe frame number reaches the third preset frame number, an interrupt signal is issued; S608: According to the interrupt signal , Update the decryption key information with the received encryption key information, and obtain the decryption key; S610: when the first multi-frame frame number of the received data reaches the first preset frame number, decrypt with the decryption key data.

本公开另一个第二方面实施例提供的数据传输方法,在接收发送装置传输的加密数据的过程中,逻辑器件监测发送装置传输的加密密钥信息是否发生变化,在加密密钥信息发生变化的情况下,监测接收变化后的加密密钥信息的第二复帧帧数,在第二复帧帧数达到第三预设帧数的情况下,生成中断信号,接收装置接收中断信号,根据接收到的发送装置传输的变化后的加密密钥信息,更新解密密钥信息,并根据更新后的解密密钥信息更新解密密钥,在接收加密数据的第一复帧帧数达到第一预设帧数情况下,以更新后的解密密钥解密数据,该方法通过中断技术,以及基于数据传输的复帧帧数进行解密钥的切换,可实现以帧为单位密钥切换过程,可将密钥切换的速度提升至毫秒级,进而极大地增加了业务加密的安全性,相较于相关技术中采用软件轮询的密钥切换方式而言,密钥切换速度得到极大的提升。In a data transmission method provided by another embodiment of the second aspect of the present disclosure, during the process of receiving the encrypted data transmitted by the sending device, the logic device monitors whether the encryption key information transmitted by the sending device has changed. In the case, monitor the number of second multiframe frames received after receiving the changed encryption key information, generate an interrupt signal when the number of second multiframe frames reaches the third preset number of frames, and the receiving device receives the interrupt signal, according to the received The changed encryption key information transmitted by the transmitted sending device, update the decryption key information, and update the decryption key according to the updated decryption key information, the first multiframe frame number of the received encrypted data reaches the first preset In the case of the number of frames, the data is decrypted with the updated decryption key. This method uses the interrupt technology and the multi-frame frame number based on the data transmission to switch the dekeying. The key switching process can be realized in units of frames. The speed of key switching is increased to the millisecond level, which greatly increases the security of service encryption. Compared with the key switching method using software polling in related technologies, the speed of key switching is greatly improved.

其中,加密密钥信息为加密密钥序列号,解密密钥信息为解密密钥序列号。Among them, the encryption key information is the encryption key serial number, and the decryption key information is the decryption key serial number.

在一个实施例中,第三预设帧数的取值范围为2帧至10帧。In one embodiment, the value range of the third preset number of frames is 2 to 10 frames.

图7为本公开第二方面实施例提供的另一种数据传输方法的流程图;7 is a flowchart of another data transmission method according to an embodiment of the second aspect of the present disclosure;

如图7所示,本公开另一个第二方面实施例提供的数据传输方法,包括:S702:监测解密密钥信息是否发生变化;S704:在解密密钥信息发生变化的情况下,监 测连续接收加密密钥信息的第二复帧帧数是否达到第三预设帧数;S706:在第二复帧帧数达到第三预设帧数的情况下,则发出中断信号;S708:根据中断信号,以接收到的加密密钥信息,更新解密密钥信息;根据更新后的解密密钥信息与预设密钥列表生成解密密钥;S710:在接收数据的第一复帧帧数达到第一预设帧数的情况下,以解密密钥解密数据。As shown in FIG. 7, a data transmission method provided by another embodiment of the second aspect of the present disclosure includes: S702: monitoring whether the decryption key information changes; S704: monitoring continuous reception when the decryption key information changes Whether the second multiframe frame number of the encryption key information reaches the third preset frame number; S706: when the second multiframe frame number reaches the third preset frame number, an interrupt signal is issued; S708: according to the interrupt signal , Update the decryption key information with the received encryption key information; generate a decryption key based on the updated decryption key information and the preset key list; S710: the first multiframe frame number of the received data reaches the first In the case of a preset number of frames, the data is decrypted with the decryption key.

本公开另一个第二方面实施例提供的数据传输方法,在接收发送装置传输的加密数据的过程中,逻辑器件监测发送装置传输的加密密钥信息是否发生变化,在加密密钥信息发生变化的情况下,监测接收变化后的加密密钥信息的第二复帧帧数,在第二复帧帧数达到第三预设帧数的情况下,生成中断信号,接收装置接收中断信号,根据接收到的发送装置传输的变化后的加密密钥信息,更新解密密钥信息,并根据更新后的解密密钥信息与预设密钥列表生成新的解密密钥,在接收加密数据的第一复帧帧数达到第一预设帧数情况下,以更新后的解密密钥解密数据,该方法通过中断技术,以及基于数据传输的复帧帧数进行解密钥的切换,可实现以帧为单位密钥切换过程,可将密钥切换的速度提升至毫秒级,进而极大地增加了业务加密的安全性,相较于相关技术中采用软件轮询的密钥切换方式而言,密钥切换速度得到极大的提升。In a data transmission method provided by another embodiment of the second aspect of the present disclosure, during the process of receiving the encrypted data transmitted by the sending device, the logic device monitors whether the encryption key information transmitted by the sending device has changed. In the case, monitor the number of second multiframe frames received after receiving the changed encryption key information, generate an interrupt signal when the number of second multiframe frames reaches the third preset number of frames, and the receiving device receives the interrupt signal, according to the received The updated encryption key information transmitted to the sending device is updated, the decryption key information is updated, and a new decryption key is generated according to the updated decryption key information and the preset key list, and the first copy of the encrypted data is received When the number of frames reaches the first preset number of frames, the updated decryption key is used to decrypt the data. This method uses the interrupt technology and the number of multi-frame frames based on data transmission to switch the key decryption. The unit key switching process can increase the speed of key switching to milliseconds, which greatly increases the security of business encryption. Compared with the key switching method that uses software polling in related technologies, key switching The speed has been greatly improved.

其中,加密密钥信息为加密密钥序列号,解密密钥信息为解密密钥序列号。Among them, the encryption key information is the encryption key serial number, and the decryption key information is the decryption key serial number.

在一个实施例中,第三预设帧数的取值范围为2帧至10帧。In one embodiment, the value range of the third preset number of frames is 2 to 10 frames.

如图8所示,本公开第三方面实施例提供了一种数据传输系统的发送装置800,包括:处理器802、存储器804以及存储在存储器上并可在处理器802上运行的计算机程序,处理器802执行计算机程序时实现:根据中断信号,更新加密密钥信息;传输更新后的加密密钥信息,并根据更新后的加密密钥信息更新密钥,得到加密密钥;在传输数据的第一复帧帧数达到第一预设帧数情况下,通过加密密钥加密数据,并传输数据。As shown in FIG. 8, an embodiment of the third aspect of the present disclosure provides a sending device 800 of a data transmission system, including: a processor 802, a memory 804, and a computer program stored on the memory and executable on the processor 802, When the processor 802 executes the computer program, the encryption key information is updated according to the interrupt signal; the updated encryption key information is transmitted, and the key is updated according to the updated encryption key information to obtain the encryption key; When the number of first multi-frame frames reaches the first preset number of frames, the data is encrypted by the encryption key, and the data is transmitted.

本公开一个第一方面实施例提供的数据传输系统的发送装置800,在发送装置传输加密数据的过程中,逻辑器件监测到预设事件的发生,生成中断信号,发送装置接收到中断信号后,更新加密密钥信息,并根据加密密钥信息更新加密密钥,并存储更新后的加密密钥,以及,将更新后的加密密钥信息传输至接收装置,以便接收装置根据更新后的加密密钥信息,更新解密密钥信息,并在传输加密数据的第一复帧帧数达到第一预设帧数情况下,以更新后的加密密钥加密数据,并将更新后的加密密钥信息通过保留开销传输至接收装置,接收装置根据更新后的解 密密钥信息生成的解密密钥,解密接收到的加密数据,该方法通过中断技术,以及基于数据传输的复帧帧数进行密钥的切换,可实现以帧为单位密钥切换过程,可将密钥切换的速度提升至毫秒级,进而极大地增加了业务加密的安全性,相较于相关技术中采用软件轮询的密钥切换方式而言,密钥切换速度得到极大的提升。In a sending apparatus 800 of a data transmission system provided by an embodiment of the first aspect of the present disclosure, during the transmission of encrypted data by the sending apparatus, the logic device detects the occurrence of a preset event and generates an interrupt signal. After the sending apparatus receives the interrupt signal, Update the encryption key information, update the encryption key according to the encryption key information, and store the updated encryption key, and transmit the updated encryption key information to the receiving device, so that the receiving device can update the encrypted key according to the updated encryption key Key information, update the decryption key information, and encrypt the data with the updated encryption key when the number of the first multi-frame frames of the encrypted data reaches the first preset frame number, and transfer the updated encryption key information It is transmitted to the receiving device through the reserved overhead, and the receiving device decrypts the received encrypted data based on the decrypted key information generated by the updated decryption key information. This method uses the interrupt technology and the number of multiframe frames based on the data transmission to perform the key Switching can realize the key switching process in units of frames, which can increase the speed of key switching to the millisecond level, thereby greatly increasing the security of service encryption, compared with the key switching using software polling in related technologies In terms of methods, the key switching speed has been greatly improved.

在本公开的一个实施例中,根据中断信号,更新加密密钥信息之前还包括:监测传输数据的第一复帧帧数;在第一复帧帧数到达第二预设帧数的情况下,发出中断信号;其中,第二预设帧数小于第一预设帧数。In an embodiment of the present disclosure, before updating the encryption key information according to the interrupt signal, the method further includes: monitoring the number of first multiframe frames of the transmitted data; when the number of first multiframe frames reaches the second preset number of frames , An interrupt signal is issued; wherein, the second preset number of frames is less than the first preset number of frames.

在本公开的一个实施例中,根据更新后的加密密钥信息更新密钥,得到加密密钥,具体为:根据更新后的加密密钥信息与预设密钥列表生成加密密钥。In an embodiment of the present disclosure, the key is updated according to the updated encryption key information to obtain the encryption key, specifically: the encryption key is generated according to the updated encryption key information and the preset key list.

在本公开的一个实施例中,加密钥信息为加密密钥序列号。In one embodiment of the present disclosure, the encryption key information is an encryption key serial number.

在本公开的一个实施例中,更新加密密钥信息的步骤,具体为:将加密密钥序列号与预设值进行加法运算以得到更新后的加密密钥序列号。In an embodiment of the present disclosure, the step of updating the encryption key information specifically includes: adding the encryption key serial number to a preset value to obtain the updated encryption key serial number.

如图9所示,本公开第四方面实施例提供了一种数据传输系统的接收装置900:处理器902、存储器904以及存储在存储器904上并可在处理器902上运行的计算机程序,处理器902执行计算机程序时实现:在接收加密数据的过程中,根据中断信号,以接收到的发送装置传输的加密密钥信息,更新解密密钥信息,得到解密密钥;在接收数据的第一复帧帧数达到第一预设帧数情况下,以第一解密密钥解密数据。As shown in FIG. 9, an embodiment of the fourth aspect of the present disclosure provides a receiving device 900 of a data transmission system: a processor 902, a memory 904, and a computer program stored on the memory 904 and executable on the processor 902, to process When the computer 902 executes the computer program, it realizes: in the process of receiving the encrypted data, according to the interrupt signal, with the received encryption key information transmitted by the sending device, the decryption key information is updated to obtain the decryption key; When the number of multi-frame frames reaches the first preset number of frames, the data is decrypted with the first decryption key.

本公开一个第四方面实施例提供的数据传输系统的接收装置900,在接收装置接收发送装置传输的加密数据的过程中,逻辑器件监测到预设事件的发生,生成中断信号,接收装置接收到中断信号后,根据接收到的发送装置传输的加密密钥信息,更新解密密钥信息,并根据解密密钥信息更新解密密钥,在接收加密数据的第一复帧帧数达到第一预设帧数情况下,以更新后的解密密钥解密数据,该方法通过中断技术,以及基于数据传输的复帧帧数进行解密钥的切换,可实现以帧为单位密钥切换过程,可将密钥切换的速度提升至毫秒级,进而极大地增加了业务加密的安全性,相较于相关技术中采用软件轮询的密钥切换方式而言,密钥切换速度得到极大的提升。In a receiving apparatus 900 of a data transmission system provided by an embodiment of the fourth aspect of the present disclosure, during the process in which the receiving apparatus receives the encrypted data transmitted by the sending apparatus, the logic device detects the occurrence of a preset event, generates an interrupt signal, and the receiving apparatus receives After the interrupt signal, the decryption key information is updated according to the received encryption key information transmitted by the sending device, and the decryption key is updated according to the decryption key information. The number of frames in the first multiframe of the received encrypted data reaches the first preset In the case of the number of frames, the data is decrypted with the updated decryption key. This method uses the interrupt technology and the multi-frame frame number based on the data transmission to switch the dekeying. The key switching process can be realized in units of frames. The speed of key switching is increased to the millisecond level, which greatly increases the security of service encryption. Compared with the key switching method using software polling in related technologies, the speed of key switching is greatly improved.

在本公开的一个实施例中,还包括:监测解密密钥信息是否发生变化;基于解密密钥信息发生变化的情况下,监测传输加密密钥信息的第二复帧帧数是否持续第三预设帧数;基于第二复帧帧数持续第三预设帧数,则发出中断信号。In an embodiment of the present disclosure, it further includes: monitoring whether the decryption key information has changed; based on the situation where the decryption key information has changed, monitoring whether the number of second multiframe frames transmitting the encryption key information continues to the third pre Set the frame number; based on the second multi-frame frame number for the third preset frame number, an interrupt signal is issued.

在本公开的一个实施例中,根据接收到的发送装置传输的加密密钥信息,更 新解密密钥信息,得到解密密钥为:根据发送装置传输的加密密钥信息更新解密密钥信息;根据更新后的解密密钥信息与预设密钥列表生成解密密钥。In an embodiment of the present disclosure, the decryption key information is updated according to the received encryption key information transmitted by the sending device, and the decryption key is obtained as follows: the decryption key information is updated according to the encryption key information transmitted by the sending device; The updated decryption key information and the preset key list generate a decryption key.

在本公开的一个实施例中,加密密钥信息为加密密钥序列号。In one embodiment of the present disclosure, the encryption key information is an encryption key serial number.

如图10所示,本公开第五方面实施例提供了一种数据传输系统1000,包括:如上述第三方面实施例中任一者提供的数据传输系统的发送装置800;以及上述第四方面实施例中任一者的数据传输系统的接收装置900;其中,数据传输系统的发送装置800将更新后的加密密钥信息传输至所述数据传输系统的接收装置900;传输系统的接收装置根据接收到的更新后的加密密钥信息,生成中断信号。As shown in FIG. 10, an embodiment of the fifth aspect of the present disclosure provides a data transmission system 1000, including: a sending device 800 of the data transmission system as provided in any of the embodiments of the third aspect described above; and the fourth aspect described above The receiving device 900 of the data transmission system of any of the embodiments; wherein, the transmitting device 800 of the data transmission system transmits the updated encryption key information to the receiving device 900 of the data transmission system; the receiving device of the transmission system is based on The received updated encryption key information generates an interrupt signal.

本公开一个第五方面实施例提供的数据传输系统1000,在发送装置传输加密数据的过程中,逻辑器件监测到预设事件的发生,生成中断信号,发送装置接收到中断信号后,更新加密密钥信息,并根据加密密钥信息更新加密密钥,并存储更新后的加密密钥,以及,将更新后的加密密钥信息传输至接收装置,以便接收装置根据更新后的加密密钥信息,更新解密密钥信息,并在传输加密数据的第一复帧帧数达到第一预设帧数情况下,以更新后的加密密钥加密数据,并将更新后的加密密钥信息通过保留开销传输至接收装置,接收装置根据更新后的解密密钥信息生成的解密密钥,解密接收到的加密数据,而接收装置在接收发送装置传输的加密数据的过程中,逻辑器件监测到预设事件的发生,生成中断信号,接收装置接收到中断信号后,根据接收到的发送装置传输的加密密钥信息,更新解密密钥信息,并根据解密密钥信息更新解密密钥,在接收加密数据的第一复帧帧数达到第一预设帧数情况下,以更新后的解密密钥解密数据,该方法通过中断技术,以及基于数据传输的复帧帧数进行解密钥的切换,可实现以帧为单位密钥切换过程,可将密钥切换的速度提升至毫秒级,进而极大地增加了业务加密的安全性,相较于相关技术中采用软件轮询的密钥切换方式而言,密钥切换速度得到极大的提升。In a data transmission system 1000 provided by an embodiment of the fifth aspect of the present disclosure, during the transmission of encrypted data by the sending device, the logic device detects the occurrence of a preset event, generates an interrupt signal, and after the receiving device receives the interrupt signal, updates the encrypted password Key information, and update the encryption key according to the encryption key information, and store the updated encryption key, and transmit the updated encryption key information to the receiving device, so that the receiving device according to the updated encryption key information, Update the decryption key information, and encrypt the data with the updated encryption key when the number of first multiframe frames of the encrypted data reaches the first preset number of frames, and pass the updated encryption key information through the reserved overhead Transmission to the receiving device, the receiving device decrypts the received encrypted data based on the decryption key generated by the updated decryption key information, and the receiving device receives the encrypted data transmitted by the transmitting device, the logic device detects a preset event Occurs, generates an interrupt signal, and after receiving the interrupt signal, the receiving device updates the decryption key information according to the received encryption key information transmitted by the transmitting device, and updates the decryption key according to the decryption key information. When the number of first multi-frame frames reaches the first preset number of frames, the updated decryption key is used to decrypt the data. This method can be implemented by interrupting the technology and switching the de-keying based on the number of multi-frame frames of data transmission. The frame-based key switching process can increase the speed of key switching to milliseconds, which greatly increases the security of business encryption. Compared with the key switching method that uses software polling in related technologies, The key switching speed has been greatly improved.

在一个实施例中,在发送装置传输加密数据的过程中,逻辑器件监测传输加密数据的第一复帧帧数,在监测到第一复帧帧数到达第二预设帧数的情况下,生成中断信号,发送装置接收到中断信号后,将正在应用的加密密钥序列号进行加M的加法运算,生成新的加密密钥序列号,并根据加密密钥序列号与预设密钥列表生成加密密钥,存储新生成的加密密钥,以及,将更新后的加密密钥序列号传输至接收装置,以便接收装置根据更新后的加密密钥序列号,更新解密密钥序列号,并在传输加密数据的第一复帧帧数达到第一预设帧数情况下,以更新后的加 密密钥加密数据,并将更新后的加密密钥序列号通过保留开销传输至接收装置,接收装置根据更新后的解密密钥序列号生成的解密密钥,解密接收到的加密数据,而接收装置在接收发送装置传输的加密数据的过程中,逻辑器件监测发送装置传输的加密密钥信息是否发生变化,在加密密钥信息发生变化的情况下,监测接收变化后的加密密钥信息的第二复帧帧数,在第二复帧帧数达到第三预设帧数的情况下,生成中断信号,接收装置接收中断信号,根据接收到的发送装置传输的变化后的加密密钥信息,更新解密密钥信息,并根据更新后的解密密钥信息与预设密钥列表生成新的解密密钥,在接收加密数据的第一复帧帧数达到第一预设帧数情况下,以更新后的解密密钥解密数据,该方法通过中断技术,以及基于数据传输的复帧帧数进行解密钥的切换,可实现以帧为单位密钥切换过程,可将密钥切换的速度提升至毫秒级,进而极大地增加了业务加密的安全性,相较于相关技术中采用软件轮询的密钥切换方式而言,密钥切换速度得到极大的提升。其中,M为预设数值。In one embodiment, during the transmission of encrypted data by the sending device, the logic device monitors the number of first multiframe frames transmitting the encrypted data, and when it is detected that the number of first multiframe frames reaches the second preset number of frames, Generate an interrupt signal. After receiving the interrupt signal, the sending device adds M to the encryption key serial number being applied to generate a new encryption key serial number, and according to the encryption key serial number and the preset key list Generate an encryption key, store the newly generated encryption key, and transmit the updated encryption key serial number to the receiving device, so that the receiving device updates the decryption key serial number according to the updated encryption key serial number, and When the number of the first multi-frame frames of the encrypted data reaches the first preset number of frames, the data is encrypted with the updated encryption key, and the updated encryption key serial number is transmitted to the receiving device through the reserved overhead to receive The device decrypts the received encrypted data based on the decryption key generated by the updated decryption key serial number. While the receiving device receives the encrypted data transmitted by the sending device, the logic device monitors whether the encrypted key information transmitted by the sending device is Changes, when the encryption key information changes, monitor the number of second multiframe frames received after receiving the changed encryption key information, and generate when the number of second multiframe frames reaches the third preset number of frames Interrupt signal, the receiving device receives the interrupt signal, updates the decryption key information according to the received encrypted key information transmitted by the transmitting device, and generates a new decryption according to the updated decryption key information and the preset key list Key, when the number of frames in the first multiframe of the received encrypted data reaches the first preset number of frames, the data is decrypted with the updated decryption key. This method uses interrupt technology and the number of frames in the multiframe based on data transmission. Decryption key switching can realize the key switching process in units of frames, which can increase the speed of key switching to the millisecond level, thereby greatly increasing the security of business encryption, compared with the use of software polling in related technologies In terms of the key switching method, the key switching speed has been greatly improved. Among them, M is a preset value.

该方法通过中断技术,以及基于数据传输的复帧帧数进行密钥的切换,可实现以帧为单位密钥切换过程,可将密钥切换的速度提升至毫秒级,进而极大地增加了业务加密的安全性,相较于相关技术中采用软件轮询的密钥切换方式而言,密钥切换速度得到极大的提升。This method uses the interrupt technology and the key switch based on the number of multi-frame frames of data transmission, which can realize the key switch process in frame units, which can increase the speed of key switch to the millisecond level, thereby greatly increasing the business The security of encryption is greatly improved compared to the key switching method using software polling in related technologies.

本公开提供的数据传输系统,实现了毫秒级的密钥切换,使用OTN保留开销传递加密密钥信息,使用中断信号而非轮询任务处理更新加密密钥及解密密钥的载入。The data transmission system provided by the present disclosure implements millisecond-level key switching, uses OTN reserved overhead to transfer encryption key information, and uses interrupt signals instead of polling tasks to process the loading of updated encryption keys and decryption keys.

在一个实施例中,下表1示出了保留开销结构图,如下表1所示,保留开销可供用户自定义传递信息,本公开一个实施例中占用其中8个字节,传递用于密钥切换的信息(加密密钥信息),其中request_id(身份信息)用于保证发送装置(加密端)和接收装置(解密端)使用同样的id(身份)向密钥设备申请密钥,加密密钥序列号用于保证发送装置和接收装置使用同一序列号的密钥,bob_apply_key用于通知接收装置申请密钥,alice_apply_key用于通知发送装置重新申请密钥。这其中key_sn(加密密钥序列号)的传递及处理速度决定了密钥切换时的效率。In one embodiment, the following table 1 shows a structure diagram of the reserved overhead. As shown in the following table 1, the reserved overhead can be used for user-defined transmission of information. In one embodiment of the present disclosure, 8 bytes are occupied, and the transmission is used for encryption. Key switching information (encryption key information), where request_id (identity information) is used to ensure that the sending device (encrypting end) and receiving device (decrypting end) use the same id (identity) to apply for the key from the key device, and encrypt the secret The key serial number is used to ensure that the sending device and the receiving device use the same serial number key, bob_apply_key is used to notify the receiving device to apply for the key, and alice_apply_key is used to notify the sending device to reapply for the key. Among them, the transfer and processing speed of key_sn (encryption key serial number) determine the efficiency of key switching.

表1Table 1

Figure PCTCN2019124498-appb-000001
Figure PCTCN2019124498-appb-000001

Figure PCTCN2019124498-appb-000002
Figure PCTCN2019124498-appb-000002

上表1中,其中1至6字节用于传输request_id,request_id为密钥申请id,用于保证发送装置和接收装置使用同样的request_id向密钥设备发起申请。7字节为保留字节,8字节分为4部分内容,其中bit(比特)7用于发送装置通知接收装置申请密钥,bit 6用于接收装置通知接收装置重新申请密钥,bit5为保留bit,bit4至bit0用于传输密钥序列号key_sn。In Table 1 above, 1 to 6 bytes are used to transmit request_id, request_id is the key application id, used to ensure that the sending device and the receiving device use the same request_id to initiate an application to the key device. 7 bytes are reserved bytes, 8 bytes are divided into 4 parts, of which bit 7 is used by the sending device to notify the receiving device to apply for the key, bit 6 is used by the receiving device to notify the receiving device to apply for the key again, bit 5 is The reserved bits, bit4 to bit0, are used to transmit the key sequence number key_sn.

如图11所示,本公开涉及的设备为光传输网络发送设备及其对应的密钥设备与网关,光传输网络接收送设备及其对应的密钥设备与网关关,未加密的客户侧any(任何)业务经过发送装置的光传输网络发送设备进行汇聚并加密后在光网络进行传输,通过接收装置的光传输网络接收送设备进行解密和解映射恢复出未加密的客户侧业务。其中,密钥设备中包括逻辑器件。As shown in FIG. 11, the devices involved in the present disclosure are an optical transmission network sending device and its corresponding key device and gateway, an optical transmission network receiving and sending device and its corresponding key device and gateway are off, and the unencrypted client side any (Any) The services are aggregated and encrypted by the optical transmission network transmission equipment of the transmission device and then transmitted on the optical network. The optical transmission network reception and transmission equipment of the reception device decrypts and demaps the unencrypted client-side business. Among them, the key device includes a logic device.

如图12所示,描述了本公开应用的加密设备的密钥申请流程,步骤如下:第一步,光传输网络发送设备向其密钥设备发起密钥申请;第二步,光传输网络发送设备通知光传输网络接收设备申请密钥;第三步,光传输网络发送设备的密钥设备通知光传输网络接收设备的密钥设备,已经收到光传输网络发送设备的密钥申请;第四步,光传输网络接收设备向其密钥设备发起密钥申请;第五步,光传输网络接收设备密钥设备在同时收到光传输网络发送设备的密钥设备通知以及光传输网络接收设备的申请后,校验request_id,如校验通过,向光传输网络接收设备下发密钥;第六步,光传输网络接收设备的密钥设备通知光传输网络发送设备的密钥设备可以向光传输网络发送设备下发密钥;第七步,光传输网络发送设备的密钥设备向光传输网络发送设备下发相同密钥,其中,其密钥与第六步骤之中的密钥匹配;第八步,为异常处理,当光传输网络接收设备的密钥设备出现复位情况时,需通知光传输网络发送设备的密钥设备重新发起密钥申请流程。As shown in FIG. 12, the key application process of the encryption device of the present disclosure is described. The steps are as follows: In the first step, the optical transmission network sending device initiates a key application to its key device; in the second step, the optical transmission network sends The device notifies the receiving device of the optical transmission network to apply for a key; in the third step, the key device of the transmitting device of the optical transmission network notifies the key device of the receiving device of the optical transmission network that the key application of the transmitting device of the optical transmission network has been received; fourth Step 5, the optical transmission network receiving device initiates a key application to its key device; fifth step, the optical transmission network receiving device key device receives the key device notification of the optical transmission network sending device and the optical transmission network receiving device's After applying, verify the request_id. If the verification is passed, issue the key to the optical transmission network receiving device. In the sixth step, the key device of the optical transmission network receiving device notifies the optical transmission network that the key device of the sending device can transmit to the optical The network sending device delivers the key; in the seventh step, the key device of the optical transmission network sending device delivers the same key to the optical transmission network sending device, where the key matches the key in the sixth step; Eight steps, for exception handling, when the key device of the optical transmission network receiving device is reset, the key device of the optical transmission network sending device needs to be notified to re-initiate the key application process.

并且,通过该保留开销完成数据传输系统的发送装置与接收装置之间的加密相关功能的信息传递,图12所示密钥申请流程中,光传输网络发送设备的密钥设备通过将alice_apply_key置为1的方式通知光传输网络接收设备的密钥设备发起密钥申请,同时传递的还包括request_id,即密钥申请id,对于密钥设备来说,只有发送装置和接收装置使用同样的request_id进行密钥申请时,密钥设备才会正常 下发密钥。在定期更新加密密钥、解密密钥的加密模式下,发送装置和接收装置在密钥更新过程中需要保持两端使用的都是相同的密钥,本公开通过传递密钥序号即key_sn保证两端使用相同的密钥。In addition, through the reserved overhead, the information transmission of encryption-related functions between the sending device and the receiving device of the data transmission system is completed. In the key application process shown in FIG. 12, the key device of the optical transmission network sending device sets alice_apply_key to Method 1 notifies the key equipment of the optical transmission network receiving equipment to initiate the key application, and also passes the request_id, which is the key application id. For the key equipment, only the sending device and the receiving device use the same request_id for encryption When the key is applied, the key device will issue the key normally. In the encryption mode of regularly updating the encryption key and the decryption key, the sending device and the receiving device need to keep the same key used at both ends during the key update process. This disclosure guarantees the two by passing the key sequence number, key_sn The end uses the same key.

本公开可以实现对OTN保留开销的读取和写入,同时可以获取密钥更新周期对应的第一预设帧数(MFI)以及第一复帧帧数(MFI_CNT)。The present disclosure can realize reading and writing of OTN reservation overhead, and at the same time can obtain the first preset frame number (MFI) and the first multiframe frame number (MFI_CNT) corresponding to the key update period.

如图13所示,当发送装置的第一复帧帧数(MFI_CNT)达到第二预设帧数(MFI)时,发送装置将key_sn加1通过保留开销传输到接收装置,同时将key_sn加1对应的加密密钥加载到备用密钥(更新后的加密密钥),接收装置的FPGA(可编程逻辑阵列,属于逻辑器件)按帧监测key_sn的变化,当监测到key_sn加1且数值稳定超过3帧(在本公开其他实施例中,可以是任意帧数,例如:4帧、6帧等)时,接收装置将key_sn加1对应的解密密钥加载到备用密钥(更新后的解密密钥),等第一复帧帧数达到第一预设帧数(MFI)后,发送装置和接收装置同步在下一个复帧切换到备用密钥,整个切换周期为3个复帧周期,即当线路侧业务为OTU4(光转化单元的一种)时,密钥切换的最快速度可达1ms。As shown in FIG. 13, when the first multi-frame frame number (MFI_CNT) of the sending device reaches the second preset frame number (MFI), the sending device transmits key_sn plus 1 to the receiving device through reserved overhead, and increases key_sn by 1 The corresponding encryption key is loaded into the backup key (the updated encryption key). The FPGA (programmable logic array, which belongs to the logic device) of the receiving device monitors the change of key_sn according to the frame. When the key_sn is increased by 1 and the value is stable, it exceeds When 3 frames (in other embodiments of the present disclosure, may be any number of frames, for example: 4 frames, 6 frames, etc.), the receiving device loads the decryption key corresponding to key_sn plus 1 to the backup key (the updated decryption key Key), after the first multiframe frame number reaches the first preset frame number (MFI), the sending device and the receiving device switch to the backup key in the next multiframe synchronously, the entire switching cycle is 3 multiframe cycles, that is, when When the line-side service is OTU4 (a type of optical conversion unit), the fastest speed of key switching can reach 1ms.

如图13示出的数据传输系统中发送装置与接收装置的交互流程为:S1302:发送装置监测第一复帧帧数;S1304:判断第一复帧帧数是否到达第一预设帧数减2;在第一复帧帧数未达到第一预设帧数减2的情况下,执行S1302,继续监测第一复帧帧数,在第一复帧帧数达到第一预设帧数减2的情况下,执行S1306与S1310;S1306:产生中断信号通知光传输网络发送设备;S1308:配置备用密钥加载;S1310:更新密钥序列号,并写入保留开销;通过保留开销将密钥序列号传输至接收装置;S1312:接收装置监测密钥序列号;S1314:判断密钥序列号是否发生变化;在密钥序列号未发生变化的情况下,执行S1312,继续监测密钥序列号,在密钥序列号发生变化的情况下,执行S1316;S1316:判断密钥序列号是否连续三帧维持变化;在密钥序列号未连续三帧维持变化的情况下,执行S1312,继续监测密钥序列号,在密钥序列号连续三帧维持变化的情况下,执行S1318;S1318:产生中断信号通知光传输网络接收设备;S1320:配置备用密钥加载。The interaction flow between the sending device and the receiving device in the data transmission system shown in FIG. 13 is as follows: S1302: the sending device monitors the first multiframe frame number; S1304: determines whether the first multiframe frame number reaches the first preset frame number minus 2; In the case that the first multiframe frame number has not reached the first preset frame number minus 2, execute S1302 to continue monitoring the first multiframe frame number, after the first multiframe frame number reaches the first preset frame number minus In the case of 2, execute S1306 and S1310; S1306: generate an interrupt signal to notify the optical transmission network sending device; S1308: configure the backup key to load; S1310: update the key serial number and write the reserved overhead; save the key through the reserved overhead The serial number is transmitted to the receiving device; S1312: the receiving device monitors the key serial number; S1314: determines whether the key serial number has changed; if the key serial number has not changed, execute S1312 to continue monitoring the key serial number, When the key serial number has changed, execute S1316; S1316: determine whether the key serial number has continued to change for three consecutive frames; if the key serial number has not changed for three consecutive frames, execute S1312 to continue monitoring the key Serial number, if the key serial number keeps changing for three consecutive frames, execute S1318; S1318: generate an interrupt signal to notify the optical transmission network receiving device; S1320: configure backup key loading.

在一个实施例中,本公开实施过程,以两端OTN设备正常申请并接收到多组密钥为基础,发送装置的光传输网络发送设备中的应用程序将网管配置的密钥切换周期转换为第一预设复帧MFI配置到密钥设备,密钥设备实时监测开销数据,开销数据中包含第一预设复帧MFI及第一复帧帧数MFI_CNT,密钥正常切换的条件是MFI_CNT=MFI,同时在切换之前将备用密钥加载到设备。In one embodiment, in the implementation process of the present disclosure, based on the normal application of the OTN devices at both ends and the receipt of multiple sets of keys, the application in the optical transmission network sending device of the sending device converts the key switching period configured by the network management into The first preset multiframe MFI is configured to the key device. The key device monitors the overhead data in real time. The overhead data includes the first preset multiframe MFI and the first multiframe frame number MFI_CNT. The condition for the key to switch normally is MFI_CNT= MFI, at the same time load the backup key to the device before switching.

本公开提供的数据传输系统的执行过程为:第一步:发送装置的密钥设备获取到MFI并实时监测MFI_CNT;第二步:判断MFI_CNT是否达到MFI-2,如果没达到继续监测,如果达到跳至第三步;第三步:发送装置的MCU(处理器)接收到中断信号,同时将key_sn加1后通过保留开销传递给接收装置的光传输网络接收设备;第四步:发送装置的光传输网络发送设备的应用程序在监测到中断信号后,将key_sn加1后对应的密钥配置到其密钥设备的备用密钥中;第五步:接收装置监测每一帧OTN中key_sn的变化,在第三步后如果监测到key_sn发生变化(加1),跳至第六步;第六步:接收装置的密钥设备确认key_sn的变化是否能够维持3帧,如果不能继续监测,如果能跳至第七步;第七步:接收装置的MCU(处理器)接收到中断信号;第八步:接收装置的光传输网络接收设备的应用程序在监测到中断信号后,将key_sn加1后对应的密钥配置到其密钥设备的备用密钥中;第九步:当发送装置与接收装置同时监测到MFI_CNT=MFI时,发送装置与接收装置在下一个复帧同时切换至备用密钥,从而保证两端的无损切换。The execution process of the data transmission system provided by the present disclosure is as follows: the first step: the key device of the sending device obtains MFI and monitors MFI_CNT in real time; the second step: judges whether MFI_CNT reaches MFI-2, if it does not reach continue monitoring, if it reaches Skip to the third step; the third step: the MCU (processor) of the sending device receives the interrupt signal, and then adds 1 to key_sn to the optical transmission network receiving device of the receiving device through the reserved overhead; the fourth step: the sending device After detecting the interrupt signal, the application program of the optical transmission network sending device configures the corresponding key after adding key_sn to 1 to the backup key of its key device; Step 5: The receiving device monitors the key_sn in each frame OTN Change, if the key_sn changes (plus 1) after step 3, skip to step 6; Step 6: The key device of the receiving device confirms whether the change of key_sn can be maintained for 3 frames, if the monitoring cannot be continued, if Can jump to the seventh step; the seventh step: the MCU (processor) of the receiving device receives the interrupt signal; the eighth step: the application program of the optical transmission network receiving device of the receiving device increases the key_sn by 1 after detecting the interrupt signal After the corresponding key is configured into the backup key of its key device; Step 9: When the sending device and the receiving device simultaneously detect MFI_CNT=MFI, the sending device and the receiving device simultaneously switch to the backup key in the next multiframe To ensure lossless switching at both ends.

本公开第六方面实施例提供了一种计算机可读存储介质,其上存储有计算机程序,计算机程序被处理器执行时实现上述第一方面实施例中任一者提供的数据传输方法,或上述第二方面实施例中任一者提供的数据传输方法。An embodiment of the sixth aspect of the present disclosure provides a computer-readable storage medium on which a computer program is stored, and when the computer program is executed by a processor, the data transmission method provided by any one of the above embodiments of the first aspect, or the above The data transmission method provided by any one of the embodiments of the second aspect.

需要说明的是,在本文中,诸如“第一”和“第二”等之类的关系术语仅仅用来将一个实体或者操作与另一个实体或操作区分开来,而不一定要求或者暗示这些实体或操作之间存在任何这种实际的关系或者顺序。而且,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、物品或者设备不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、物品或者设备所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括所述要素的过程、方法、物品或者设备中还存在另外的相同要素。It should be noted that in this article, relational terms such as "first" and "second" are only used to distinguish one entity or operation from another entity or operation, and do not necessarily require or imply these There is any such actual relationship or order between entities or operations. Moreover, the terms "include", "include" or any other variant thereof are intended to cover non-exclusive inclusion, so that a process, method, article or device that includes a series of elements includes not only those elements, but also those not explicitly listed Or other elements that are inherent to this process, method, article, or equipment. Without more restrictions, the element defined by the sentence "include one..." does not exclude that there are other identical elements in the process, method, article or equipment that includes the element.

该方法实现了以帧为单位密钥切换过程,可将密钥切换的速度提升至毫秒级,进而极大地增加了业务加密的安全性。本公开实施例提供的上述技术方案与一些情况相比具有如下优点:本公开实施例提供的数据传输方法、数据传输系统的发送装置、数据传输系统的接收装置、数据传输系统、计算机可读存储介质,通过中断技术,发送装置接收中断信号,更新密钥加密信息,将更新后的密钥加密信息传输至接收装置,以便接收装置根据更新后的加密密钥信息更新解密密钥,并且发送装置根据更新后的密钥加密信息,更新加密密钥,并在第一复帧帧数到达 第一预设帧数后,以更新后的加密密钥,加密所述数据,从而实现了以帧为单位密钥切换过程,可将密钥切换的速度提升至毫秒级,进而极大地增加了业务加密的安全性。This method realizes the key switching process in units of frames, which can increase the speed of key switching to the millisecond level, thereby greatly increasing the security of service encryption. Compared with some cases, the above technical solutions provided by the embodiments of the present disclosure have the following advantages: the data transmission method, the data transmission system sending device, the data transmission system receiving device, the data transmission system, and the computer-readable storage provided by the embodiment of the present disclosure Media, through interrupt technology, the sending device receives the interrupt signal, updates the key encryption information, transmits the updated key encryption information to the receiving device, so that the receiving device updates the decryption key according to the updated encryption key information, and the sending device According to the updated key encryption information, the encryption key is updated, and after the first multiframe frame number reaches the first preset frame number, the updated encryption key is used to encrypt the data, thereby realizing frame-based The unit key switching process can increase the speed of key switching to the millisecond level, thereby greatly increasing the security of business encryption.

以上所述仅是本公开的实施方式,使本领域技术人员能够理解或实现本公开。对这些实施例的多种修改对本领域的技术人员来说将是显而易见的,本文中所定义的一般原理可以在不脱离本公开的精神或范围的情况下,在其它实施例中实现。因此,本公开将不会被限制于本文所示的这些实施例,而是要符合与本文所申请的原理和新颖特点相一致的最宽的范围。The above are only the embodiments of the present disclosure, so that those skilled in the art can understand or implement the present disclosure. Various modifications to these embodiments will be apparent to those skilled in the art, and the general principles defined herein may be implemented in other embodiments without departing from the spirit or scope of the present disclosure. Therefore, the present disclosure will not be limited to the embodiments shown herein, but shall conform to the widest scope consistent with the principles and novel features applied herein.

Claims (10)

一种数据传输方法,其中,包括:A data transmission method, including: 根据中断信号,更新加密密钥信息;According to the interrupt signal, update the encryption key information; 传输更新后的加密密钥信息,并根据更新后的所述加密密钥信息更新密钥,得到加密密钥;Transmitting the updated encryption key information, and updating the key according to the updated encryption key information to obtain an encryption key; 在传输数据的第一复帧帧数达到第一预设帧数情况下,通过所述加密密钥加密所述数据,并传输所述数据。When the number of first multiframe frames of the transmitted data reaches the first preset number of frames, the data is encrypted by the encryption key, and the data is transmitted. 根据权利要求1所述的数据传输方法,其中,在所述根据中断信号,更新加密密钥信息之前还包括:The data transmission method according to claim 1, wherein before the updating of the encryption key information according to the interrupt signal further comprises: 监测传输所述数据的所述第一复帧帧数;Monitoring the number of the first multiframe frames transmitting the data; 在所述第一复帧帧数到达第二预设帧数的情况下,发出所述中断信号;When the number of first multiframe frames reaches the second preset number of frames, the interrupt signal is issued; 其中,所述第二预设帧数小于所述第一预设帧数。Wherein, the second preset number of frames is smaller than the first preset number of frames. 根据权利要求1或2所述的数据传输方法,其中,所述加密密钥信息为加密密钥序列号。The data transmission method according to claim 1 or 2, wherein the encryption key information is an encryption key serial number. 根据权利要求3所述的数据传输方法,其中,所述更新加密密钥信息的步骤,具体为:The data transmission method according to claim 3, wherein the step of updating the encryption key information is specifically: 将所述加密密钥序列号与预设值进行加法运算以得到更新后的所述加密密钥序列号。Adding the encryption key serial number to a preset value to obtain the updated encryption key serial number. 一种数据传输方法,其中,包括:A data transmission method, including: 根据中断信号,以接收到的加密密钥信息,更新解密密钥信息,并得到解密密钥;According to the interrupt signal, update the decryption key information with the received encryption key information, and obtain the decryption key; 在接收所述数据的第一复帧帧数达到第一预设帧数的情况下,以所述解密密钥解密所述数据。When the number of first multiframe frames receiving the data reaches the first preset number of frames, the data is decrypted with the decryption key. 根据权利要求5所述的数据传输方法,其中,还包括:The data transmission method according to claim 5, further comprising: 监测所述解密密钥信息是否发生变化;Monitoring whether the decryption key information changes; 在所述解密密钥信息发生变化的情况下,监测连续接收所述加密密钥信息的第二复帧帧数是否达到第三预设帧数;In the case where the decryption key information changes, monitor whether the number of second multiframe frames that continuously receive the encryption key information reaches the third preset frame number; 在所述第二复帧帧数达到第三预设帧数的情况下,则发出所述中断信号。When the number of second multiframe frames reaches the third preset number of frames, the interrupt signal is issued. 一种数据传输系统的发送装置,其中,包括:A transmission device of a data transmission system, including: 处理器、存储器以及存储在所述存储器上并可在所述处理器上运行的计算机程序,所述处理器执行所述计算机程序时实现:A processor, a memory, and a computer program stored on the memory and executable on the processor. When the processor executes the computer program, it is implemented as follows: 根据中断信号,更新加密密钥信息;According to the interrupt signal, update the encryption key information; 传输更新后的加密密钥信息,并根据更新后的所述加密密钥信息更新密钥,得到加密密钥;Transmitting the updated encryption key information, and updating the key according to the updated encryption key information to obtain an encryption key; 在传输数据的第一复帧帧数达到第一预设帧数情况下,通过所述加密密钥加密所述数据,并传输所述数据。When the number of first multiframe frames of the transmitted data reaches the first preset number of frames, the data is encrypted by the encryption key, and the data is transmitted. 一种数据传输系统的接收装置,其中,包括:A receiving device of a data transmission system, including: 处理器、存储器以及存储在所述存储器上并可在所述处理器上运行的计算机程序,所述处理器执行所述计算机程序时实现:A processor, a memory, and a computer program stored on the memory and executable on the processor. When the processor executes the computer program, it is implemented as follows: 根据中断信号,以接收到的发送装置传输的加密密钥信息,更新解密密钥信息,并得到解密密钥;According to the interruption signal, update the decryption key information with the received encryption key information transmitted by the sending device, and obtain the decryption key; 在接收所述数据的第一复帧帧数达到第一预设帧数情况下,以所述解密密钥解密所述数据。When the number of first multiframe frames receiving the data reaches the first preset number of frames, the data is decrypted with the decryption key. 一种数据传输系统,其中,包括:A data transmission system, including: 如权利要求7所述的数据传输系统的发送装置;以及The transmission device of the data transmission system according to claim 7; and 如权利要求8所述的数据传输系统的接收装置;The receiving device of the data transmission system according to claim 8; 其中,所述数据传输系统的发送装置将更新后的加密密钥信息传输至所述数据传输系统的接收装置;Wherein, the sending device of the data transmission system transmits the updated encryption key information to the receiving device of the data transmission system; 所述传输系统的接收装置根据接收到的更新后的所述加密密钥信息,生成中断信号。The receiving device of the transmission system generates an interrupt signal based on the received updated encryption key information. 一种计算机可读存储介质,其上存储有计算机程序,其中,所述计算机程序被处理器执行时实现如权利要求1至4中任一项所述的数据传输方法,或5或6所述的数据传输方法。A computer-readable storage medium on which a computer program is stored, wherein the computer program is executed by a processor to implement the data transmission method according to any one of claims 1 to 4, or 5 or 6. Data transmission method.
PCT/CN2019/124498 2018-12-29 2019-12-11 Data transmission method, and data transmission system and sending device and receiving device therefor Ceased WO2020135039A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201811646881.9A CN111385276B (en) 2018-12-29 2018-12-29 Data transmission method, data transmission system, and transmitting device and receiving device thereof
CN201811646881.9 2018-12-29

Publications (1)

Publication Number Publication Date
WO2020135039A1 true WO2020135039A1 (en) 2020-07-02

Family

ID=71127252

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/124498 Ceased WO2020135039A1 (en) 2018-12-29 2019-12-11 Data transmission method, and data transmission system and sending device and receiving device therefor

Country Status (2)

Country Link
CN (1) CN111385276B (en)
WO (1) WO2020135039A1 (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112333699B (en) * 2020-11-03 2022-11-08 山东正中信息技术股份有限公司 Internet of things communication protocol encryption method, equipment and storage medium
CN113612612A (en) * 2021-09-30 2021-11-05 阿里云计算有限公司 Data encryption transmission method, system, equipment and storage medium
CN116743380B (en) * 2023-08-14 2023-10-31 中电信量子科技有限公司 OTN encryption communication method and system based on quantum key distribution
CN119402173B (en) * 2025-01-03 2025-05-09 国电南瑞科技股份有限公司 Encryption method and device for stable control high real-time 2M communication

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101841743A (en) * 2009-03-19 2010-09-22 中兴通讯股份有限公司 Key switching method, optical line terminal and optical network unit
EP2293622A1 (en) * 2008-06-27 2011-03-09 Ntt Docomo, Inc. Mobile communication method and mobile station
CN106803783A (en) * 2015-11-26 2017-06-06 深圳市中兴微电子技术有限公司 A kind of encrypting and decrypting method, encrypting and decrypting device and data transmission system
WO2018126905A1 (en) * 2017-01-06 2018-07-12 中兴通讯股份有限公司 Data transmission method during process of movement, and terminal and base station
CN108427889A (en) * 2018-01-10 2018-08-21 链家网(北京)科技有限公司 Document handling method and device

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105592455B (en) * 2014-11-13 2020-09-29 南京中兴软件有限责任公司 Key updating method, device and main transmission node TP
CN106301768B (en) * 2015-05-18 2020-04-28 中兴通讯股份有限公司 A method, device and system for key update based on optical transport network OTN

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2293622A1 (en) * 2008-06-27 2011-03-09 Ntt Docomo, Inc. Mobile communication method and mobile station
CN101841743A (en) * 2009-03-19 2010-09-22 中兴通讯股份有限公司 Key switching method, optical line terminal and optical network unit
CN106803783A (en) * 2015-11-26 2017-06-06 深圳市中兴微电子技术有限公司 A kind of encrypting and decrypting method, encrypting and decrypting device and data transmission system
WO2018126905A1 (en) * 2017-01-06 2018-07-12 中兴通讯股份有限公司 Data transmission method during process of movement, and terminal and base station
CN108427889A (en) * 2018-01-10 2018-08-21 链家网(北京)科技有限公司 Document handling method and device

Also Published As

Publication number Publication date
CN111385276A (en) 2020-07-07
CN111385276B (en) 2022-11-01

Similar Documents

Publication Publication Date Title
EP3291481B1 (en) Decrypting encrypted data on an electronic device
WO2020135039A1 (en) Data transmission method, and data transmission system and sending device and receiving device therefor
KR100479260B1 (en) Method for cryptographing wireless data and apparatus thereof
CN103595793B (en) Cloud data safe deleting system and method without support of trusted third party
CN103746814B (en) A kind of encrypting and decrypting methods and equipment
WO2022126980A1 (en) Data transmission method and apparatus, terminal, and storage medium
US10887085B2 (en) System and method for controlling usage of cryptographic keys
US20180351734A1 (en) Cloud storage method and system
US20130138961A1 (en) Communication terminal, communication system, communication method and communication program
CN107113164B (en) Method, apparatus and computer readable medium for deduplication of encrypted data
US10348502B2 (en) Encrypting and decrypting data on an electronic device
CA2753000A1 (en) Key derivation for secure communications
CN108616357A (en) A method of being suitable for key management and the Fast synchronization of quantum key distribution system
CN107590396A (en) Data processing method and device, storage medium, electronic device
US11606193B2 (en) Distributed session resumption
US12058257B2 (en) Data storage method, data read method, electronic device, and program product
WO2020007308A1 (en) Message processing method and receiving-end server
CN114386049A (en) Encryption method, decryption method, device and device
CN113923655B (en) Data decryption receiving method and device based on adjacent nodes
US20200272769A1 (en) Methods and apparatus for performing secure back-up and restore
CN115801316A (en) Data transmission method and device, equipment and storage medium
CN103152346A (en) Privacy protection method, server and system of massive users
CN106257858A (en) The data ciphering method of a kind of remote storage device, Apparatus and system
CN105515757A (en) Security information interaction equipment based on trusted execution environment
WO2025044527A1 (en) Data processing method and system, device, and storage medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19902943

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 08/11/2021)

122 Ep: pct application non-entry in european phase

Ref document number: 19902943

Country of ref document: EP

Kind code of ref document: A1