[go: up one dir, main page]

WO2020135039A1 - Procédé de transmission de données, et système de transmission de données et dispositif d'envoi et dispositif de réception associés - Google Patents

Procédé de transmission de données, et système de transmission de données et dispositif d'envoi et dispositif de réception associés Download PDF

Info

Publication number
WO2020135039A1
WO2020135039A1 PCT/CN2019/124498 CN2019124498W WO2020135039A1 WO 2020135039 A1 WO2020135039 A1 WO 2020135039A1 CN 2019124498 W CN2019124498 W CN 2019124498W WO 2020135039 A1 WO2020135039 A1 WO 2020135039A1
Authority
WO
WIPO (PCT)
Prior art keywords
encryption key
key
frames
data transmission
key information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2019/124498
Other languages
English (en)
Chinese (zh)
Inventor
王欣
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Publication of WO2020135039A1 publication Critical patent/WO2020135039A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/068Network architectures or network communication protocols for network security for supporting key management in a packet data network using time-dependent keys, e.g. periodically changing keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B10/00Transmission systems employing electromagnetic waves other than radio-waves, e.g. infrared, visible or ultraviolet light, or employing corpuscular radiation, e.g. quantum communication
    • H04B10/80Optical aspects relating to the use of optical transmission for specific applications, not provided for in groups H04B10/03 - H04B10/70, e.g. optical power feeding or optical transmission through water
    • H04B10/85Protection from unauthorised access, e.g. eavesdrop protection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying

Definitions

  • the present disclosure relates to the field of communications, and in particular to a data transmission method, a data transmission method, a sending device of a data transmission system, a receiving device of a data transmission system, a data transmission system, and a computer-readable storage medium.
  • any services accessed by the customer port of the OTN equipment can be encrypted at the physical layer, and the customer business is encrypted after passing through the encryption module
  • the form is transmitted on the operator's OTN network, and decrypted when the remote end leaves the OTN network to ensure the security of service transmission.
  • OTN encryption is divided into a local key generation method and an independent key device distribution key method.
  • OTN encryption is divided into in-band transmission and out-of-band transmission.
  • OTN encryption is divided into fixed key and timing key switching methods.
  • the efficiency of key switching affects the security of encryption to a certain extent.
  • the faster the key update the less likely the encrypted business is to be cracked.
  • the communication channel is managed through security . To transfer information, in the process of switching between the new and old keys, to ensure that no damage to the encrypted business, to achieve lossless key switching.
  • the key switch is mostly involved in the processing of software periodic polling tasks, and the key switch period is relatively long, usually in the order of seconds.
  • the present disclosure provides a transmission device that can shorten the key switching cycle from the second level to the millisecond level, greatly improving the security of service encryption Data transmission method, matching data transmission method for a receiving device, a data transmission system transmission device, a data transmission system reception device, a data transmission system, a computer readable storage medium .
  • the present disclosure provides a data transmission method, including: updating encryption key information according to an interrupt signal; transmitting updated encryption key information, and updating the key according to the updated encryption key information to obtain encryption Key; when the number of frames in the first multiframe of the transmitted data reaches the first preset number of frames, the data is encrypted by the encryption key and the data is transmitted.
  • the present disclosure provides a data transmission method, including: updating the decryption key information with the received encryption key information according to the interrupt signal, and obtaining the decryption key; at the first multiframe frame of the received data When the number reaches the first preset number of frames, the data is decrypted with the decryption key.
  • the present disclosure provides a transmission device for a data transmission system, including: a processor, a memory, and a computer program stored on the memory and executable on the processor, which is implemented when the processor executes the computer program: according to an interrupt signal , Update the encryption key information; transmit the updated encryption key information, and update the key according to the updated encryption key information to obtain the encryption key; the number of frames in the first multiframe of the transmitted data reaches the first preset frame
  • the data is encrypted by the encryption key and the data is transmitted.
  • the present disclosure provides a receiving device of a data transmission system, including: a processor, a memory, and a computer program stored on the memory and runable on the processor, which is implemented when the processor executes the computer program: according to an interrupt signal , Update the decryption key information with the received encryption key information transmitted by the sending device, and obtain the decryption key; when the number of first multiframe frames of the received data reaches the first preset number of frames, use the decryption key Decrypt the data.
  • the present disclosure provides a data transmission system, including: the sending device of the data transmission system according to any one of the above technical solutions; and the receiving of the data transmission system according to any one of the above technical solutions Device; wherein, the sending device of the data transmission system transmits the updated encryption key information to the receiving device of the data transmission system; the receiving device of the transmission system generates an interrupt signal according to the received updated encryption key information.
  • the present disclosure provides a computer-readable storage medium on which a computer program is stored, and when the computer program is executed by a processor, the data transmission method described in any one of the above technical solutions, or the above technology is implemented The encryption method for data transmission according to any one of the solutions.
  • FIG. 1 is a flowchart of a data transmission method according to an embodiment of the first aspect of the present disclosure
  • FIG. 2 is a flowchart of another data transmission method provided by an embodiment of the first aspect of the present disclosure
  • FIG. 3 is a flowchart of another data transmission method provided by an embodiment of the first aspect of the present disclosure.
  • FIG. 5 is a flowchart of a data transmission method according to an embodiment of the second aspect of the present disclosure.
  • FIG. 6 is a flowchart of another data transmission method provided by an embodiment of the second aspect of the present disclosure.
  • FIG. 7 is a flowchart of another data transmission method according to an embodiment of the second aspect of the present disclosure.
  • FIG. 8 is a schematic block diagram of a sending device of a data transmission system according to an embodiment of the third aspect of the present disclosure.
  • FIG. 9 is a schematic block diagram of a receiving device of a data transmission system according to an embodiment of the fourth aspect of the present disclosure.
  • FIG. 10 is a schematic block diagram of a data transmission system according to an embodiment of the fourth aspect of the present disclosure.
  • FIG. 11 is a schematic diagram of an encrypted transmission network of a data transmission system provided by an embodiment of the fifth aspect of the present disclosure.
  • FIG. 12 is a schematic diagram of a key application for an encryption device of a data transmission system provided by an embodiment of the fifth aspect of the present disclosure
  • FIG. 13 is an interaction diagram of a sending device and a receiving device in a data transmission system according to an embodiment of the fifth aspect of the present disclosure.
  • FIG. 1 is a flowchart of a data transmission method according to an embodiment of the first aspect of the present disclosure.
  • a data transmission method includes: S102: updating encryption key information according to an interrupt signal; S104: transmitting updated encryption key information, and according to the updated The encryption key information updates the key to obtain an encryption key; S106: When the number of first multiframe frames of the transmitted data reaches the first preset number of frames, the data is encrypted by the encryption key and the data is transmitted.
  • the logic device detects the occurrence of a preset event, generates an interrupt signal, and after the transmission device receives the interrupt signal, updates the encryption key information and updates it according to the encryption key information Encryption key, and store the updated encryption key, and transmit the updated encryption key information to the receiving device, so that the receiving device updates the decryption key information according to the updated encryption key information, and transmits encryption
  • the number of frames of the first multiframe of the data reaches the first preset number of frames
  • the data is encrypted with the updated encryption key
  • the updated encryption key information is transmitted to the receiving device through the reserved overhead.
  • the decryption key generated by the decryption key information decrypts the received encrypted data.
  • This method uses the interruption technology and the key switch based on the number of multi-frame frames of data transmission to achieve the key switch process in frames.
  • the speed of key switching can be increased to the millisecond level, which greatly increases the security of business encryption. Compared with the key switching method using software polling in related technologies, the speed of key switching is greatly improved .
  • the encryption key information is the encryption key serial number.
  • FIG. 2 is a flowchart of another data transmission method provided by an embodiment of the first aspect of the present disclosure
  • a data transmission method includes: S202: monitoring the number of first multiframe frames for transmitting data; S204: when the number of first multiframe frames reaches a second preset In the case of the number of frames, an interrupt signal is issued; wherein, the second preset number of frames is less than the first preset number of frames; S206: update the encryption key information according to the interrupt signal; S208: transmit the updated encryption key information, and Update the key according to the updated encryption key information to obtain an encryption key; S210: When the number of first multiframe frames of the transmitted data reaches the first preset number of frames, encrypt the data by the encryption key and transmit the data.
  • the logic device monitors the number of first multiframe frames transmitting the encrypted data, and after detecting that the number of first multiframe frames reaches the In the case of two preset frames, an interrupt signal is generated.
  • the sending device After receiving the interrupt signal, the sending device updates the encryption key information, updates the encryption key according to the encryption key information, and stores the updated encryption key, and, The updated encryption key information is transmitted to the receiving device, so that the receiving device updates the decryption key information according to the updated encryption key information, and the number of frames in the first multiframe of the transmitted encrypted data reaches the first preset number of frames Next, encrypt the data with the updated encryption key, and transmit the updated encryption key information to the receiving device through the reserved overhead. The receiving device decrypts the received encryption based on the decryption key generated by the updated decryption key information.
  • this method uses the interrupt technology and the number of multi-frame frames based on data transmission to switch the key, which can realize the key switching process in frame units, which can increase the speed of key switching to the millisecond level, which greatly increases
  • the key switching speed has been greatly improved compared to the key switching method using software polling in related technologies.
  • the encryption key information is the encryption key serial number; the second preset number of frames is less than the first preset number of frames.
  • the first preset number of frames is equal to the second preset number of frames plus N frames, where the value of N ranges from 2 to 10.
  • FIG. 3 is a flowchart of another data transmission method provided by an embodiment of the first aspect of the present disclosure.
  • a data transmission method provided by another embodiment of the first aspect of the present disclosure includes: S302: monitoring the number of first multiframe frames for transmitting data; S304: when the number of first multiframe frames reaches the second preset In the case of the number of frames, an interrupt signal is issued; wherein, the second preset number of frames is less than the first preset number of frames; S306: update the encryption key information according to the interrupt signal; S308: transmit the updated encryption key information, and Generate an encryption key according to the updated encryption key information and the preset key list; S310: When the number of first multiframe frames of the transmitted data reaches the first preset number of frames, encrypt the data with the encryption key and transmit data.
  • the logic device monitors the number of first multiframe frames transmitting the encrypted data, and after detecting that the number of first multiframe frames reaches the In the case of two preset frames, an interrupt signal is generated.
  • the sending device After receiving the interrupt signal, the sending device updates the encryption key information, generates an encryption key according to the encryption key information and the preset key list, and stores the newly generated encryption key Key, and transmit the updated encryption key information to the receiving device, so that the receiving device updates the decryption key information according to the updated encryption key information, and reaches the first number of frames in the first multiframe of the transmitted encrypted data In the case of a preset number of frames, data is encrypted with the updated encryption key, and the updated encryption key information is transmitted to the receiving device through the reserved overhead, and the receiving device generates the decryption key based on the updated decryption key information.
  • this method uses the interrupt technology and the key switch based on the number of multi-frame frames of the data transmission, which can realize the key switching process in units of frames, which can increase the speed of key switching to the millisecond level
  • the security of service encryption is greatly increased.
  • the key switching speed is greatly improved.
  • the encryption key information is the encryption key serial number; the second preset number of frames is less than the first preset number of frames.
  • the first preset number of frames is equal to the second preset number of frames plus N frames, where the value of N ranges from 2 to 10.
  • a data transmission method includes: S402: monitoring the number of first multiframe frames transmitting data; S404: reaching the second preset number of first multiframe frames In the case of the number of frames, an interrupt signal is issued; wherein, the second preset number of frames is less than the first preset number of frames; S406: add the encryption key serial number and the preset value according to the interrupt signal to obtain the updated Encryption key serial number; S408: transmit the updated encryption key serial number, and generate an encryption key based on the updated encryption key serial number and the preset key list; S410: transmit the first multiframe frame of the data When the number reaches the first preset number of frames, the data is encrypted by the encryption key, and the data is transmitted.
  • the logic device monitors the number of first multiframe frames transmitting the encrypted data, and after detecting that the number of first multiframe frames reaches the In the case of two preset frames, an interrupt signal is generated.
  • the sending device After receiving the interrupt signal, the sending device adds the encryption key serial number being applied by adding M to generate a new encryption key serial number, and according to the encryption key
  • the key serial number and the preset key list generate an encryption key, store the newly generated encryption key, and transmit the updated encryption key serial number to the receiving device, so that the receiving device uses the updated encryption key serial number , Update the decryption key serial number, and when the number of frames in the first multiframe of the encrypted data reaches the first preset number of frames, encrypt the data with the updated encryption key and the updated encryption key serial number It is transmitted to the receiving device through the reserved overhead, and the receiving device decrypts the received encrypted data based on the updated decryption key serial number.
  • This method uses the interrupt technology and the key based on the number of multiframe frames for data transmission.
  • the switch can realize the key switching process in units of frames, which can increase the speed of key switching to the millisecond level, thereby greatly increasing the security of business encryption, compared with the key that uses software polling in related technologies. In terms of the switching method, the key switching speed has been greatly improved.
  • M is a preset value, and M can take any value. Further, in an embodiment, the value of M ranges from 1 to 10.
  • the first preset number of frames is equal to the second preset number of frames plus N frames, where the value of N ranges from 2 to 10.
  • FIG. 5 is a flowchart of a data transmission method according to an embodiment of the second aspect of the present disclosure.
  • a data transmission method includes: S502: update the decryption key information with the received encryption key information according to the interrupt signal, and obtain the decryption key; S504 : When the number of first multi-frame frames of the received data reaches the first preset number of frames, decrypt the data with the decryption key.
  • the logic device detects the occurrence of a preset event and generates an interrupt signal. After receiving the interrupt signal, the receiving device The encryption key information transmitted by the sending device to update the decryption key information, and update the decryption key according to the decryption key information, when the number of first multiframe frames of the received encrypted data reaches the first preset number of frames, to The updated decryption key decrypts the data.
  • This method uses the interruption technology and the multi-frame frame number based on the data transmission to switch the de-keying.
  • the key switching process can be realized in units of frames, and the speed of key switching can be increased. Up to the millisecond level, which greatly increases the security of business encryption. Compared with the key switching method using software polling in related technologies, the key switching speed is greatly improved.
  • the encryption key information is the encryption key serial number
  • the decryption key information is the decryption key serial number
  • FIG. 6 is a flowchart of another data transmission method provided by an embodiment of the second aspect of the present disclosure.
  • a data transmission method provided by another embodiment of the second aspect of the present disclosure includes: S602: monitoring whether the decryption key information changes; S604: monitoring continuous reception when the decryption key information changes Whether the second multiframe frame number of the encryption key information reaches the third preset frame number; S606: When the second multiframe frame number reaches the third preset frame number, an interrupt signal is issued; S608: According to the interrupt signal , Update the decryption key information with the received encryption key information, and obtain the decryption key; S610: when the first multi-frame frame number of the received data reaches the first preset frame number, decrypt with the decryption key data.
  • the logic device monitors whether the encryption key information transmitted by the sending device has changed. In the case, monitor the number of second multiframe frames received after receiving the changed encryption key information, generate an interrupt signal when the number of second multiframe frames reaches the third preset number of frames, and the receiving device receives the interrupt signal, according to the received.
  • the changed encryption key information transmitted by the transmitted sending device update the decryption key information, and update the decryption key according to the updated decryption key information
  • the first multiframe frame number of the received encrypted data reaches the first preset
  • the data is decrypted with the updated decryption key.
  • This method uses the interrupt technology and the multi-frame frame number based on the data transmission to switch the dekeying.
  • the key switching process can be realized in units of frames.
  • the speed of key switching is increased to the millisecond level, which greatly increases the security of service encryption. Compared with the key switching method using software polling in related technologies, the speed of key switching is greatly improved.
  • the encryption key information is the encryption key serial number
  • the decryption key information is the decryption key serial number
  • the value range of the third preset number of frames is 2 to 10 frames.
  • FIG. 7 is a flowchart of another data transmission method according to an embodiment of the second aspect of the present disclosure.
  • a data transmission method includes: S702: monitoring whether the decryption key information changes; S704: monitoring continuous reception when the decryption key information changes Whether the second multiframe frame number of the encryption key information reaches the third preset frame number; S706: when the second multiframe frame number reaches the third preset frame number, an interrupt signal is issued; S708: according to the interrupt signal , Update the decryption key information with the received encryption key information; generate a decryption key based on the updated decryption key information and the preset key list; S710: the first multiframe frame number of the received data reaches the first In the case of a preset number of frames, the data is decrypted with the decryption key.
  • the logic device monitors whether the encryption key information transmitted by the sending device has changed. In the case, monitor the number of second multiframe frames received after receiving the changed encryption key information, generate an interrupt signal when the number of second multiframe frames reaches the third preset number of frames, and the receiving device receives the interrupt signal, according to the received
  • the updated encryption key information transmitted to the sending device is updated, the decryption key information is updated, and a new decryption key is generated according to the updated decryption key information and the preset key list, and the first copy of the encrypted data is received
  • the updated decryption key is used to decrypt the data.
  • This method uses the interrupt technology and the number of multi-frame frames based on data transmission to switch the key decryption.
  • the unit key switching process can increase the speed of key switching to milliseconds, which greatly increases the security of business encryption. Compared with the key switching method that uses software polling in related technologies, key switching The speed has been greatly improved.
  • the encryption key information is the encryption key serial number
  • the decryption key information is the decryption key serial number
  • the value range of the third preset number of frames is 2 to 10 frames.
  • an embodiment of the third aspect of the present disclosure provides a sending device 800 of a data transmission system, including: a processor 802, a memory 804, and a computer program stored on the memory and executable on the processor 802,
  • the processor 802 executes the computer program, the encryption key information is updated according to the interrupt signal; the updated encryption key information is transmitted, and the key is updated according to the updated encryption key information to obtain the encryption key;
  • the number of first multi-frame frames reaches the first preset number of frames, the data is encrypted by the encryption key, and the data is transmitted.
  • the logic device detects the occurrence of a preset event and generates an interrupt signal. After the sending apparatus receives the interrupt signal, Update the encryption key information, update the encryption key according to the encryption key information, and store the updated encryption key, and transmit the updated encryption key information to the receiving device, so that the receiving device can update the encrypted key according to the updated encryption key Key information, update the decryption key information, and encrypt the data with the updated encryption key when the number of the first multi-frame frames of the encrypted data reaches the first preset frame number, and transfer the updated encryption key information It is transmitted to the receiving device through the reserved overhead, and the receiving device decrypts the received encrypted data based on the decrypted key information generated by the updated decryption key information.
  • This method uses the interrupt technology and the number of multiframe frames based on the data transmission to perform the key Switching can realize the key switching process in units of frames, which can increase the speed of key switching to the millisecond level, thereby greatly increasing the security of service encryption, compared with the key switching using software polling in related technologies In terms of methods, the key switching speed has been greatly improved.
  • the method before updating the encryption key information according to the interrupt signal, the method further includes: monitoring the number of first multiframe frames of the transmitted data; when the number of first multiframe frames reaches the second preset number of frames , An interrupt signal is issued; wherein, the second preset number of frames is less than the first preset number of frames.
  • the key is updated according to the updated encryption key information to obtain the encryption key, specifically: the encryption key is generated according to the updated encryption key information and the preset key list.
  • the encryption key information is an encryption key serial number.
  • the step of updating the encryption key information specifically includes: adding the encryption key serial number to a preset value to obtain the updated encryption key serial number.
  • an embodiment of the fourth aspect of the present disclosure provides a receiving device 900 of a data transmission system: a processor 902, a memory 904, and a computer program stored on the memory 904 and executable on the processor 902, to process
  • the computer 902 executes the computer program, it realizes: in the process of receiving the encrypted data, according to the interrupt signal, with the received encryption key information transmitted by the sending device, the decryption key information is updated to obtain the decryption key;
  • the number of multi-frame frames reaches the first preset number of frames, the data is decrypted with the first decryption key.
  • a receiving apparatus 900 of a data transmission system provided by an embodiment of the fourth aspect of the present disclosure, during the process in which the receiving apparatus receives the encrypted data transmitted by the sending apparatus, the logic device detects the occurrence of a preset event, generates an interrupt signal, and the receiving apparatus receives After the interrupt signal, the decryption key information is updated according to the received encryption key information transmitted by the sending device, and the decryption key is updated according to the decryption key information.
  • the number of frames in the first multiframe of the received encrypted data reaches the first preset In the case of the number of frames, the data is decrypted with the updated decryption key.
  • This method uses the interrupt technology and the multi-frame frame number based on the data transmission to switch the dekeying.
  • the key switching process can be realized in units of frames.
  • the speed of key switching is increased to the millisecond level, which greatly increases the security of service encryption. Compared with the key switching method using software polling in related technologies, the speed of key switching is greatly improved
  • it further includes: monitoring whether the decryption key information has changed; based on the situation where the decryption key information has changed, monitoring whether the number of second multiframe frames transmitting the encryption key information continues to the third pre Set the frame number; based on the second multi-frame frame number for the third preset frame number, an interrupt signal is issued.
  • the decryption key information is updated according to the received encryption key information transmitted by the sending device, and the decryption key is obtained as follows: the decryption key information is updated according to the encryption key information transmitted by the sending device; The updated decryption key information and the preset key list generate a decryption key.
  • the encryption key information is an encryption key serial number.
  • an embodiment of the fifth aspect of the present disclosure provides a data transmission system 1000, including: a sending device 800 of the data transmission system as provided in any of the embodiments of the third aspect described above; and the fourth aspect described above
  • the receiving device 900 of the data transmission system of any of the embodiments wherein, the transmitting device 800 of the data transmission system transmits the updated encryption key information to the receiving device 900 of the data transmission system; the receiving device of the transmission system is based on The received updated encryption key information generates an interrupt signal.
  • the logic device detects the occurrence of a preset event, generates an interrupt signal, and after the receiving device receives the interrupt signal, updates the encrypted password Key information, and update the encryption key according to the encryption key information, and store the updated encryption key, and transmit the updated encryption key information to the receiving device, so that the receiving device according to the updated encryption key information, Update the decryption key information, and encrypt the data with the updated encryption key when the number of first multiframe frames of the encrypted data reaches the first preset number of frames, and pass the updated encryption key information through the reserved overhead Transmission to the receiving device, the receiving device decrypts the received encrypted data based on the decryption key generated by the updated decryption key information, and the receiving device receives the encrypted data transmitted by the transmitting device, the logic device detects a preset event Occurs, generates an interrupt signal, and after receiving the interrupt signal, the receiving device updates the decryption
  • the updated decryption key is used to decrypt the data.
  • This method can be implemented by interrupting the technology and switching the de-keying based on the number of multi-frame frames of data transmission.
  • the frame-based key switching process can increase the speed of key switching to milliseconds, which greatly increases the security of business encryption. Compared with the key switching method that uses software polling in related technologies, The key switching speed has been greatly improved.
  • the logic device monitors the number of first multiframe frames transmitting the encrypted data, and when it is detected that the number of first multiframe frames reaches the second preset number of frames, Generate an interrupt signal.
  • the sending device adds M to the encryption key serial number being applied to generate a new encryption key serial number, and according to the encryption key serial number and the preset key list Generate an encryption key, store the newly generated encryption key, and transmit the updated encryption key serial number to the receiving device, so that the receiving device updates the decryption key serial number according to the updated encryption key serial number, and
  • the data is encrypted with the updated encryption key, and the updated encryption key serial number is transmitted to the receiving device through the reserved overhead to receive
  • the device decrypts the received encrypted data based on the decryption key generated by the updated decryption key serial number.
  • the logic device monitors whether the encrypted key information transmitted by the sending device is Changes, when the encryption key information changes, monitor the number of second multiframe frames received after receiving the changed encryption key information, and generate when the number of second multiframe frames reaches the third preset number of frames Interrupt signal, the receiving device receives the interrupt signal, updates the decryption key information according to the received encrypted key information transmitted by the transmitting device, and generates a new decryption according to the updated decryption key information and the preset key list Key, when the number of frames in the first multiframe of the received encrypted data reaches the first preset number of frames, the data is decrypted with the updated decryption key.
  • This method uses interrupt technology and the number of frames in the multiframe based on data transmission.
  • Decryption key switching can realize the key switching process in units of frames, which can increase the speed of key switching to the millisecond level, thereby greatly increasing the security of business encryption, compared with the use of software polling in related technologies
  • M is a preset value.
  • This method uses the interrupt technology and the key switch based on the number of multi-frame frames of data transmission, which can realize the key switch process in frame units, which can increase the speed of key switch to the millisecond level, thereby greatly increasing the business
  • the security of encryption is greatly improved compared to the key switching method using software polling in related technologies.
  • the data transmission system provided by the present disclosure implements millisecond-level key switching, uses OTN reserved overhead to transfer encryption key information, and uses interrupt signals instead of polling tasks to process the loading of updated encryption keys and decryption keys.
  • the following table 1 shows a structure diagram of the reserved overhead.
  • the reserved overhead can be used for user-defined transmission of information.
  • 8 bytes are occupied, and the transmission is used for encryption.
  • Key switching information (encryption key information), where request_id (identity information) is used to ensure that the sending device (encrypting end) and receiving device (decrypting end) use the same id (identity) to apply for the key from the key device, and encrypt the secret
  • the key serial number is used to ensure that the sending device and the receiving device use the same serial number key
  • bob_apply_key is used to notify the receiving device to apply for the key
  • alice_apply_key is used to notify the sending device to reapply for the key.
  • the transfer and processing speed of key_sn determine the efficiency of key switching.
  • request_id is the key application id, used to ensure that the sending device and the receiving device use the same request_id to initiate an application to the key device.
  • 7 bytes are reserved bytes, 8 bytes are divided into 4 parts, of which bit 7 is used by the sending device to notify the receiving device to apply for the key, bit 6 is used by the receiving device to notify the receiving device to apply for the key again, bit 5 is The reserved bits, bit4 to bit0, are used to transmit the key sequence number key_sn.
  • the devices involved in the present disclosure are an optical transmission network sending device and its corresponding key device and gateway, an optical transmission network receiving and sending device and its corresponding key device and gateway are off, and the unencrypted client side any (Any)
  • the services are aggregated and encrypted by the optical transmission network transmission equipment of the transmission device and then transmitted on the optical network.
  • the optical transmission network reception and transmission equipment of the reception device decrypts and demaps the unencrypted client-side business.
  • the key device includes a logic device.
  • the key application process of the encryption device of the present disclosure is described.
  • the steps are as follows: In the first step, the optical transmission network sending device initiates a key application to its key device; in the second step, the optical transmission network sends The device notifies the receiving device of the optical transmission network to apply for a key; in the third step, the key device of the transmitting device of the optical transmission network notifies the key device of the receiving device of the optical transmission network that the key application of the transmitting device of the optical transmission network has been received; fourth Step 5, the optical transmission network receiving device initiates a key application to its key device; fifth step, the optical transmission network receiving device key device receives the key device notification of the optical transmission network sending device and the optical transmission network receiving device's After applying, verify the request_id.
  • the key device of the optical transmission network receiving device notifies the optical transmission network that the key device of the sending device can transmit to the optical
  • the network sending device delivers the key
  • the key device of the optical transmission network sending device delivers the same key to the optical transmission network sending device, where the key matches the key in the sixth step
  • the key device of the optical transmission network sending device sets alice_apply_key to Method 1 notifies the key equipment of the optical transmission network receiving equipment to initiate the key application, and also passes the request_id, which is the key application id.
  • the request_id which is the key application id.
  • the sending device and the receiving device use the same request_id for encryption When the key is applied, the key device will issue the key normally.
  • the sending device and the receiving device need to keep the same key used at both ends during the key update process. This disclosure guarantees the two by passing the key sequence number, key_sn The end uses the same key.
  • the present disclosure can realize reading and writing of OTN reservation overhead, and at the same time can obtain the first preset frame number (MFI) and the first multiframe frame number (MFI_CNT) corresponding to the key update period.
  • MFI preset frame number
  • MFI_CNT first multiframe frame number
  • the sending device transmits key_sn plus 1 to the receiving device through reserved overhead, and increases key_sn by 1
  • the corresponding encryption key is loaded into the backup key (the updated encryption key).
  • the FPGA programmable logic array, which belongs to the logic device) of the receiving device monitors the change of key_sn according to the frame.
  • the receiving device loads the decryption key corresponding to key_sn plus 1 to the backup key (the updated decryption key Key), after the first multiframe frame number reaches the first preset frame number (MFI), the sending device and the receiving device switch to the backup key in the next multiframe synchronously, the entire switching cycle is 3 multiframe cycles, that is, when When the line-side service is OTU4 (a type of optical conversion unit), the fastest speed of key switching can reach 1ms.
  • OTU4 a type of optical conversion unit
  • the interaction flow between the sending device and the receiving device in the data transmission system shown in FIG. 13 is as follows: S1302: the sending device monitors the first multiframe frame number; S1304: determines whether the first multiframe frame number reaches the first preset frame number minus 2; In the case that the first multiframe frame number has not reached the first preset frame number minus 2, execute S1302 to continue monitoring the first multiframe frame number, after the first multiframe frame number reaches the first preset frame number minus In the case of 2, execute S1306 and S1310; S1306: generate an interrupt signal to notify the optical transmission network sending device; S1308: configure the backup key to load; S1310: update the key serial number and write the reserved overhead; save the key through the reserved overhead
  • the serial number is transmitted to the receiving device; S1312: the receiving device monitors the key serial number; S1314: determines whether the key serial number has changed; if the key serial number has not changed, execute S1312 to continue monitoring the key serial number, When the key serial number has changed, execute
  • the application in the optical transmission network sending device of the sending device converts the key switching period configured by the network management into The first preset multiframe MFI is configured to the key device.
  • the key device monitors the overhead data in real time.
  • the overhead data includes the first preset multiframe MFI and the first multiframe frame number MFI_CNT.
  • the execution process of the data transmission system is as follows: the first step: the key device of the sending device obtains MFI and monitors MFI_CNT in real time; the second step: judges whether MFI_CNT reaches MFI-2, if it does not reach continue monitoring, if it reaches Skip to the third step; the third step: the MCU (processor) of the sending device receives the interrupt signal, and then adds 1 to key_sn to the optical transmission network receiving device of the receiving device through the reserved overhead; the fourth step: the sending device After detecting the interrupt signal, the application program of the optical transmission network sending device configures the corresponding key after adding key_sn to 1 to the backup key of its key device; Step 5: The receiving device monitors the key_sn in each frame OTN Change, if the key_sn changes (plus 1) after step 3, skip to step 6; Step 6: The key device of the receiving device confirms whether the change of key_sn can be maintained for 3 frames, if the monitoring cannot be continued, if Can jump to the
  • An embodiment of the sixth aspect of the present disclosure provides a computer-readable storage medium on which a computer program is stored, and when the computer program is executed by a processor, the data transmission method provided by any one of the above embodiments of the first aspect, or the above The data transmission method provided by any one of the embodiments of the second aspect.
  • the above technical solutions provided by the embodiments of the present disclosure have the following advantages: the data transmission method, the data transmission system sending device, the data transmission system receiving device, the data transmission system, and the computer-readable storage provided by the embodiment of the present disclosure Media, through interrupt technology, the sending device receives the interrupt signal, updates the key encryption information, transmits the updated key encryption information to the receiving device, so that the receiving device updates the decryption key according to the updated encryption key information, and the sending device According to the updated key encryption information, the encryption key is updated, and after the first multiframe frame number reaches the first preset frame number, the updated encryption key is used to encrypt the data, thereby realizing frame-based
  • the unit key switching process can increase the speed of key switching to the millisecond level, thereby greatly increasing the security of business encryption.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • Electromagnetism (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

La présente invention concerne un procédé de transmission de données, un dispositif d'envoi pour un système de transmission de données, un dispositif de réception pour un système de transmission de données, un système de transmission de données et un support d'informations lisible par ordinateur. Le procédé de transmission de données comprend : la mise à jour d'informations de clé de chiffrement selon un signal d'interruption ; la transmission des informations de clé de chiffrement mises à jour, et la mise à jour d'une clé selon les informations de clé de chiffrement mises à jour pour obtenir une clé de chiffrement ; et lorsque le nombre de premières trames multiples de données de transmission atteint un premier nombre prédéfini de trames, le chiffrement des données au moyen de la clé de chiffrement et la transmission des données.
PCT/CN2019/124498 2018-12-29 2019-12-11 Procédé de transmission de données, et système de transmission de données et dispositif d'envoi et dispositif de réception associés Ceased WO2020135039A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201811646881.9 2018-12-29
CN201811646881.9A CN111385276B (zh) 2018-12-29 2018-12-29 数据传输方法、数据传输系统及其发送装置与接收装置

Publications (1)

Publication Number Publication Date
WO2020135039A1 true WO2020135039A1 (fr) 2020-07-02

Family

ID=71127252

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/124498 Ceased WO2020135039A1 (fr) 2018-12-29 2019-12-11 Procédé de transmission de données, et système de transmission de données et dispositif d'envoi et dispositif de réception associés

Country Status (2)

Country Link
CN (1) CN111385276B (fr)
WO (1) WO2020135039A1 (fr)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112333699B (zh) * 2020-11-03 2022-11-08 山东正中信息技术股份有限公司 一种物联网通信协议加密方法、设备及存储介质
CN113612612A (zh) * 2021-09-30 2021-11-05 阿里云计算有限公司 一种数据加密传输方法、系统、设备及存储介质
CN116743380B (zh) * 2023-08-14 2023-10-31 中电信量子科技有限公司 基于量子密钥分发的otn加密通信方法及系统
CN119402173B (zh) * 2025-01-03 2025-05-09 国电南瑞科技股份有限公司 一种用于稳控高实时2m通信的加密方法及装置

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101841743A (zh) * 2009-03-19 2010-09-22 中兴通讯股份有限公司 密钥切换方法、光线路终端以及光网络单元
EP2293622A1 (fr) * 2008-06-27 2011-03-09 Ntt Docomo, Inc. Procédé de communication mobile et station mobile
CN106803783A (zh) * 2015-11-26 2017-06-06 深圳市中兴微电子技术有限公司 一种加密解密方法、加密解密装置及数据传输系统
WO2018126905A1 (fr) * 2017-01-06 2018-07-12 中兴通讯股份有限公司 Procédé de transmission de données pendant un processus de déplacement, et terminal et station de base
CN108427889A (zh) * 2018-01-10 2018-08-21 链家网(北京)科技有限公司 文件处理方法及装置

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105592455B (zh) * 2014-11-13 2020-09-29 南京中兴软件有限责任公司 一种密钥更新方法、装置和主传输节点tp
CN106301768B (zh) * 2015-05-18 2020-04-28 中兴通讯股份有限公司 一种基于光传输网otn的密钥更新的方法、装置和系统

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2293622A1 (fr) * 2008-06-27 2011-03-09 Ntt Docomo, Inc. Procédé de communication mobile et station mobile
CN101841743A (zh) * 2009-03-19 2010-09-22 中兴通讯股份有限公司 密钥切换方法、光线路终端以及光网络单元
CN106803783A (zh) * 2015-11-26 2017-06-06 深圳市中兴微电子技术有限公司 一种加密解密方法、加密解密装置及数据传输系统
WO2018126905A1 (fr) * 2017-01-06 2018-07-12 中兴通讯股份有限公司 Procédé de transmission de données pendant un processus de déplacement, et terminal et station de base
CN108427889A (zh) * 2018-01-10 2018-08-21 链家网(北京)科技有限公司 文件处理方法及装置

Also Published As

Publication number Publication date
CN111385276B (zh) 2022-11-01
CN111385276A (zh) 2020-07-07

Similar Documents

Publication Publication Date Title
EP3291481B1 (fr) Déchiffrer des données chiffrées sur un dispositif électronique
WO2020135039A1 (fr) Procédé de transmission de données, et système de transmission de données et dispositif d'envoi et dispositif de réception associés
KR100479260B1 (ko) 무선 데이터의 암호 및 복호 방법과 그 장치
CN103595793B (zh) 一种无需可信第三方支持的云端数据安全删除系统与方法
CN103746814B (zh) 一种加密、解密的方法及设备
KR101894232B1 (ko) 클라우드-보조 암호화를 위한 방법 및 장치
WO2022126980A1 (fr) Procédé et appareil de transmission de données, terminal et support de stockage
CA2753000C (fr) Derivation de cles concue pour des communications securisees
US10887085B2 (en) System and method for controlling usage of cryptographic keys
US20180351734A1 (en) Cloud storage method and system
CN107113164B (zh) 加密数据的重复删除的方法、装置和计算机可读介质
EP3291482B1 (fr) Chiffrement et déchiffrement de données sur un dispositif électronique
CN108616357A (zh) 一种适用于量子密钥分发系统的密钥管理和快速同步的方法
CN107590396A (zh) 数据处理方法及装置、存储介质、电子设备
US11606193B2 (en) Distributed session resumption
US12058257B2 (en) Data storage method, data read method, electronic device, and program product
WO2020007308A1 (fr) Procédé de traitement de messages, et serveur d'extrémité de réception
CN114386049A (zh) 加密方法、解密方法、装置及设备
CN113923655B (zh) 基于相邻节点的数据解密接收方法及装置
US20200272769A1 (en) Methods and apparatus for performing secure back-up and restore
CN115801316A (zh) 数据传输方法和装置、设备及存储介质
CN103152346A (zh) 海量用户的隐私保护方法、服务器和系统
CN106257858A (zh) 一种远端存储设备的数据加密方法、装置及系统
CN105515757A (zh) 基于可信执行环境的安全性信息交互设备
WO2025044527A1 (fr) Procédé et système de traitement de données, dispositif, et support de stockage

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19902943

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 08/11/2021)

122 Ep: pct application non-entry in european phase

Ref document number: 19902943

Country of ref document: EP

Kind code of ref document: A1