[go: up one dir, main page]

CN105471832A - Processing method and device of IP packet in satellite communication - Google Patents

Processing method and device of IP packet in satellite communication Download PDF

Info

Publication number
CN105471832A
CN105471832A CN201410571249.8A CN201410571249A CN105471832A CN 105471832 A CN105471832 A CN 105471832A CN 201410571249 A CN201410571249 A CN 201410571249A CN 105471832 A CN105471832 A CN 105471832A
Authority
CN
China
Prior art keywords
key
data
source data
encryption
transmission security
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201410571249.8A
Other languages
Chinese (zh)
Inventor
尚丽娜
尹俊
李新华
王新荣
李宝明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Space Star Technology Co Ltd
Original Assignee
Space Star Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Space Star Technology Co Ltd filed Critical Space Star Technology Co Ltd
Priority to CN201410571249.8A priority Critical patent/CN105471832A/en
Publication of CN105471832A publication Critical patent/CN105471832A/en
Pending legal-status Critical Current

Links

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)
  • Radio Relay Systems (AREA)

Abstract

本发明公开了一种卫星通信中IP报文的处理方法及装置,其中,该方法包括:接收主站发送的来自第一小站的信源数据,其中,信源数据包括:数据部分和TCP/UDP包头部分,TCP/UDP包头部分为透传方式的数据;对信源数据中携带的经过第一传输密钥加密后的密钥进行解密,其中,第一传输密钥为第一小站对应的传输密钥,该密钥为对数据部分承载的数据解密的密钥;利用第二传输密钥对解密得到的密钥进行加密,得到经第二传输密钥加密后的密钥,其中,第二传输密钥为第二小站对应的传输密钥,第二小站为信源数据的接收方;将第一传输密钥加密后的密钥替换为第二传输密钥加密后的密钥,向主站发送替换处理后的信源数据。通过本发明,实现了星状网的IP报文加密处理。

The invention discloses a method and device for processing IP messages in satellite communication, wherein the method includes: receiving source data from the first small station sent by the master station, wherein the source data includes: a data part and a TCP /UDP packet header, TCP/UDP packet header is data in transparent transmission mode; decrypt the key encrypted by the first transmission key carried in the source data, where the first transmission key is the first small station The corresponding transmission key, which is the key for decrypting the data carried by the data part; use the second transmission key to encrypt the decrypted key to obtain the key encrypted by the second transmission key, wherein , the second transmission key is the transmission key corresponding to the second small station, and the second small station is the receiver of the source data; the encrypted key of the first transmission key is replaced by the encrypted key of the second transmission key key, and send the replaced and processed source data to the master station. Through the invention, the IP message encryption processing of the star network is realized.

Description

卫星通信中IP报文的处理方法及装置Method and device for processing IP message in satellite communication

技术领域technical field

本发明涉及通信领域,具体而言,涉及一种卫星通信中IP报文的处理方法及装置。The invention relates to the communication field, in particular to a method and device for processing IP messages in satellite communication.

背景技术Background technique

传输控制协议(TransmissionControlProtocol,简称为TCP)被应用于卫星通信中,由于卫星通信与计算机网络通信存在一定差异,将TCP应用于卫星通信环境时,出现了新的问题,例如,卫星信道的高传输延时、较大的误码率以及带宽不对等。Transmission Control Protocol (Transmission Control Protocol, referred to as TCP) is used in satellite communications. Due to certain differences between satellite communications and computer network communications, new problems arise when TCP is applied to satellite communications environments. For example, the high transmission rate of satellite channels Delay, large bit error rate, and unequal bandwidth.

目前,针对卫星通信中IP报文的如何进行加密处理的问题,目前尚未提出有效的解决方案。Currently, there is no effective solution to the problem of how to encrypt IP packets in satellite communications.

发明内容Contents of the invention

针对卫星通信中IP报文的加密的问题,本发明提供了一种卫星通信中IP报文的处理方法及装置,以至少解决上述问题。Aiming at the problem of encryption of IP message in satellite communication, the present invention provides a method and device for processing IP message in satellite communication, so as to at least solve the above problem.

根据本发明的一个方面,提供了卫星通信中IP报文的处理方法,包括:According to one aspect of the present invention, the processing method of IP message in satellite communication is provided, comprising:

接收主站发送的来自第一小站的信源数据,其中,所述信源数据包括:数据部分和TCP/UDP包头部分,其中,所述TCP/UDP包头部分为透传方式的数据;Receiving source data from the first small station sent by the master station, wherein the source data includes: a data part and a TCP/UDP packet header, wherein the TCP/UDP packet header is data in a transparent transmission mode;

对所述信源数据中携带的经过第一传输密钥加密后的密钥进行解密,其中,所述第一传输密钥为所述第一小站对应的传输密钥,所述密钥为对所述数据部分承载的数据进行解密的密钥;Decrypt the key encrypted by the first transmission key carried in the source data, where the first transmission key is the transmission key corresponding to the first small station, and the key is a key for decrypting the data carried by the data portion;

利用第二传输密钥对解密得到的密钥进行加密,得到经过第二传输密钥加密后的密钥,其中,所述第二传输密钥为第二小站对应的传输密钥,所述第二小站为所述信源数据的接收方;Use the second transmission key to encrypt the decrypted key to obtain a key encrypted by the second transmission key, wherein the second transmission key is the transmission key corresponding to the second small station, and the The second small station is the receiver of the source data;

将第一传输密钥加密后的密钥替换为第二传输密钥加密后的密钥,向所述主站发送替换处理后的信源数据。The key encrypted by the first transmission key is replaced by the key encrypted by the second transmission key, and the replaced information source data is sent to the main station.

可选地,所述信源数据携带有用于指示是否对所述数据部分承载的数据进行了加密的指示信息,其中,当进行了所述加密时,所述指示信息指示为密传模式;当未进行所述加密时,所述指示信息指示为透传模式;Optionally, the source data carries indication information for indicating whether the data carried by the data part is encrypted, wherein, when the encryption is performed, the indication information indicates an encrypted transmission mode; when When the encryption is not performed, the indication information indicates a transparent transmission mode;

对所述信源数据中携带的经过第一传输密钥加密后的密钥进行解密之前,还包括:根据所述指示信息判断是否进行解密处理;Before decrypting the key carried in the source data encrypted by the first transmission key, it also includes: judging whether to perform decryption processing according to the instruction information;

对所述信源数据中携带的经过第一传输密钥加密后的密钥进行解密,包括:当所述指示信息指示为密传模式时,对所述信源数据中携带的经过第一传输密钥加密后的密钥进行解密。Decrypting the key encrypted by the first transmission key carried in the source data includes: when the indication information indicates the secret transmission mode, decrypting the encrypted key carried in the source data after the first transmission The encrypted key is used to decrypt the key.

可选地,所述方法还包括:当所述指示信息指示为透传模式时,不进行解密处理,直接向主站发送所述信源数据。Optionally, the method further includes: when the indication information indicates the transparent transmission mode, directly sending the source data to the main station without performing decryption processing.

根据本发明的另一个方面,提供了一种卫星通信中IP报文的处理装置,包括:According to another aspect of the present invention, a processing device for IP messages in satellite communications is provided, including:

接收模块,用于接收主站发送的来自第一小站的信源数据,其中,所述信源数据包括:数据部分和TCP/UDP包头部分,其中,所述TCP/UDP包头部分为透传方式的数据;The receiving module is configured to receive the source data from the first small station sent by the master station, wherein the source data includes: a data part and a TCP/UDP packet header, wherein the TCP/UDP packet header is transparently transmitted way data;

解密模块,用于对所述信源数据中携带的经过第一传输密钥加密后的密钥进行解密,其中,所述第一传输密钥为所述第一小站对应的传输密钥,所述密钥为对所述数据部分承载的数据进行解密的密钥;A decryption module, configured to decrypt the key encrypted by the first transmission key carried in the source data, where the first transmission key is the transmission key corresponding to the first small station, The key is a key for decrypting the data carried by the data part;

加密模块,用于利用第二传输密钥对解密得到的密钥进行加密,得到经过第二传输密钥加密后的密钥,其中,所述第二传输密钥为第二小站对应的传输密钥,所述第二小站为所述信源数据的接收方;An encryption module, configured to use the second transmission key to encrypt the decrypted key to obtain a key encrypted by the second transmission key, wherein the second transmission key is the transmission key corresponding to the second small station a key, the second small station is the receiver of the source data;

发送模块,用于将第一传输密钥加密后的密钥替换为第二传输密钥加密后的密钥,向所述主站发送替换处理后的信源数据。A sending module, configured to replace the key encrypted by the first transmission key with the key encrypted by the second transmission key, and send the replaced information source data to the main station.

可选地,所述信源数据携带有用于指示是否对所述数据部分承载的数据进行了第一加密的指示信息,其中,当进行了所述第一加密时,所述指示信息指示为密传模式;当未进行所述第一加密时,所述指示信息指示为透传模式;Optionally, the source data carries indication information for indicating whether the first encryption is performed on the data carried by the data part, wherein, when the first encryption is performed, the indication information indicates that the encryption is encrypted. A transmission mode; when the first encryption is not performed, the indication information indicates a transparent transmission mode;

所述装置还包括:判断模块,与所述接收模块相连接,用于根据所述指示信息判断是否进行解密处理;The device further includes: a judging module, connected to the receiving module, for judging whether to perform decryption processing according to the indication information;

所述解密模块,与所述判断模块相连接,用于在所述指示信息指示为密传模式时,对所述信源数据中携带的经过第一传输密钥加密后的密钥进行解密。The decryption module is connected to the judging module, and is configured to decrypt the key encrypted by the first transmission key carried in the source data when the indication information indicates the encryption mode.

可选地,所述发送模块,用于当所述指示信息指示为透传模式时,直接向主站发送所述信源数据。Optionally, the sending module is configured to directly send the source data to the master station when the indication information indicates a transparent transmission mode.

通过本发明,实现了星状网下的IP报文加密处理,在保证卫星通信安全性的同时还能够保证IP报文的处理速度,进而同时满足加密和QoS要求。The invention realizes the encryption processing of the IP message under the star network, guarantees the processing speed of the IP message while ensuring the safety of the satellite communication, and satisfies the requirements of encryption and QoS at the same time.

附图说明Description of drawings

此处所说明的附图用来提供对本发明的进一步理解,构成本申请的一部分,本发明的示意性实施例及其说明用于解释本发明,并不构成对本发明的不当限定。在附图中:The accompanying drawings described here are used to provide a further understanding of the present invention and constitute a part of the application. The schematic embodiments of the present invention and their descriptions are used to explain the present invention and do not constitute improper limitations to the present invention. In the attached picture:

图1是根据本发明实施例的卫星通信中IP报文的处理方法的流程图;Fig. 1 is the flow chart of the processing method of IP message in the satellite communication according to the embodiment of the present invention;

图2是根据本发明实施例的卫星通信中IP报文的加密方法的流程图;Fig. 2 is the flowchart of the encryption method of IP message in the satellite communication according to the embodiment of the present invention;

图3是根据本发明实施例的卫星通信中IP报文的解密方法的流程图;Fig. 3 is the flow chart of the decryption method of IP message in the satellite communication according to the embodiment of the present invention;

图4是根据本发明实施例的卫星通信中IP报文的处理装置的结构框图;Fig. 4 is a structural block diagram of a device for processing IP messages in satellite communications according to an embodiment of the present invention;

图5是根据本发明实施例的卫星通信中IP报文的加密装置的结构框图;Fig. 5 is the structural block diagram of the encryption device of IP message in the satellite communication according to the embodiment of the present invention;

图6是根据本发明实施例的卫星通信中IP报文的解密装置的结构框图;Fig. 6 is the structural block diagram of the decryption device of IP message in the satellite communication according to the embodiment of the present invention;

图7是小站上传数据文件到主站的密传数据的流程图。Fig. 7 is a flow chart of secret transmission data uploaded by the small station to the master station.

具体实施方式detailed description

下文中将参考附图并结合实施例来详细说明本发明。需要说明的是,在不冲突的情况下,本申请中的实施例及实施例中的特征可以相互组合。Hereinafter, the present invention will be described in detail with reference to the drawings and examples. It should be noted that, in the case of no conflict, the embodiments in the present application and the features in the embodiments can be combined with each other.

IP协议应用到卫星通信中时,卫星通信对数据加密有一定要求,以达到安全通信的要求。为此,本发明实施例提供了一种卫星通信中IP报文的加密技术,包括加密和解密两个部分。由于卫星通信有较高的时延要求,为了提高TCP/UDP报文处理速度,本发明实施例中,对TCP/UDP报文的数据部分进行密传,对TCP/IP包头部分进行透传。When the IP protocol is applied to satellite communications, satellite communications have certain requirements for data encryption to meet the requirements of secure communications. Therefore, an embodiment of the present invention provides an encryption technology for an IP message in satellite communication, including two parts of encryption and decryption. Since the satellite communication has a relatively high delay requirement, in order to improve the processing speed of the TCP/UDP message, in the embodiment of the present invention, the data part of the TCP/UDP message is encrypted, and the TCP/IP packet header part is transparently transmitted.

图1是根据本发明实施例的卫星通信中IP报文的处理方法的流程图,如图1所示,该方法包括步骤101至步骤104。FIG. 1 is a flowchart of a method for processing IP packets in satellite communication according to an embodiment of the present invention. As shown in FIG. 1 , the method includes steps 101 to 104.

步骤101,接收主站发送的来自第一小站的信源数据,其中,该信源数据包括:数据部分和TCP/UDP包头部分,其中,该TCP/UDP包头部分为透传方式的数据;Step 101, receiving source data from the first small station sent by the master station, wherein the source data includes: a data part and a TCP/UDP packet header, wherein the TCP/UDP packet header is data in a transparent transmission mode;

步骤102,对上述信源数据中携带的经过第一传输密钥加密后的密钥进行解密,其中,该第一传输密钥为第一小站对应的传输密钥,所述密钥为对所述数据部分承载的数据进行解密的密钥;Step 102, decrypt the key encrypted by the first transmission key carried in the above-mentioned information source data, wherein the first transmission key is the transmission key corresponding to the first small station, and the key is the A key for decrypting the data carried by the data part;

步骤103,利用第二传输密钥对解密得到的密钥进行加密,得到经过第二传输密钥加密后的密钥,其中,所述第二传输密钥为第二小站对应的传输密钥,所述第二小站为所述信源数据的接收方;Step 103, use the second transmission key to encrypt the decrypted key to obtain the key encrypted by the second transmission key, wherein the second transmission key is the transmission key corresponding to the second small station , the second small station is the receiver of the source data;

步骤104,将第一传输密钥加密后的密钥替换为第二传输密钥加密后的密钥,向所述主站发送替换处理后的信源数据。Step 104, replacing the key encrypted by the first transmission key with the key encrypted by the second transmission key, and sending the replaced information source data to the main station.

在本发明实施例的一个可选实施方式中,信源数据携带有用于指示是否对所述数据部分承载的数据进行了加密的指示信息,其中,当进行了所述加密时,所述指示信息指示为密传模式;当未进行所述加密时,所述指示信息指示为透传模式。In an optional implementation manner of the embodiment of the present invention, the information source data carries indication information for indicating whether to encrypt the data carried by the data part, wherein, when the encryption is performed, the indication information Indicates the secret transmission mode; when the encryption is not performed, the indication information indicates the transparent transmission mode.

在上述步骤102对所述信源数据中携带的经过第一传输密钥加密后的密钥进行解密之前,还可以根据上述指示信息判断是否进行解密处理。Before decrypting the key encrypted by the first transmission key carried in the source data in the above step 102, it may also be determined whether to perform decryption processing according to the above instruction information.

上述步骤102为,当所述指示信息指示为密传模式时,对所述信源数据中携带的经过第一传输密钥加密后的密钥进行解密。The above step 102 is, when the indication information indicates the secret transmission mode, decrypt the key encrypted by the first transmission key carried in the information source data.

可选地,当所述指示信息指示为透传模式时,不进行解密处理,直接向主站发送所述信源数据。Optionally, when the indication information indicates the transparent transmission mode, no decryption process is performed, and the information source data is directly sent to the master station.

在本发明实施例中,第一小站和第二小站为位于同一主站下的小站,在向主站发送数据之前,小站或小站对应的加密机可以进行加密处理,在接收到主站发送的数据后,小站或小站对应的加密机可以进行解密处理。In the embodiment of the present invention, the first small station and the second small station are small stations located under the same main station. Before sending data to the main station, the small station or the encryption machine corresponding to the small station can perform encryption processing. After the data sent by the master station, the small station or the encryption machine corresponding to the small station can perform decryption processing.

下面对本发明实施例中可选的加密和解密方法进行描述。The optional encryption and decryption methods in the embodiment of the present invention are described below.

图2是根据本发明实施例的卫星通信中IP报文的加密方法的流程图,如图2所示,该方法包括步骤201至步骤203。FIG. 2 is a flowchart of a method for encrypting an IP packet in satellite communication according to an embodiment of the present invention. As shown in FIG. 2 , the method includes steps 201 to 203.

步骤201,接收信源数据,其中,信源数据包括:数据部分和TCP/UDP包头部分。Step 201, receiving source data, wherein the source data includes: a data part and a TCP/UDP header part.

步骤202,对数据部分承载的数据进行加密处理,得到密文数据部分。Step 202, encrypting the data carried by the data part to obtain the ciphertext data part.

步骤203,发送包括TCP/UDP包头部分和密文数据部分的IP报文,其中,TCP/UDP包头部分未进行加密处理。Step 203, sending an IP packet including a TCP/UDP packet header and a ciphertext data portion, wherein the TCP/UDP packet header is not encrypted.

通过本发明实施例,对TCP/UDP报文的数据部分承载的速度进行加密,对TCP/UDP包头部分采用透传方式传输,在保证卫星通信安全性的同时还能够保证IP报文的处理速度,进而同时满足加密和QoS要求。Through the embodiment of the present invention, the speed carried by the data part of the TCP/UDP message is encrypted, and the header part of the TCP/UDP packet is transmitted in a transparent transmission mode, which can ensure the processing speed of the IP message while ensuring the security of the satellite communication , thus meeting both encryption and QoS requirements.

TCP/UDP报文的数据部分可以是数据也可以是信令。对数据的加密可以提高数据的安全性。但是对信令的加密将降低TCP/UDP报文的处理速度,从而提高了报文处理时延。The data part of the TCP/UDP message may be data or signaling. Data encryption can improve data security. However, the encryption of the signaling will reduce the processing speed of the TCP/UDP message, thereby increasing the message processing delay.

为此,在本发明实施例的一个可选实施方式中,在上述步骤202之前,还可以判断数据部分承载的数据是否为IP层的信令数据。上述步骤202可以包括:当数据部分承载的数据不是IP层的信令数据时,对数据部分承载的数据进行加密处理;当数据部分承载的数据是IP层的信令数据时,不对数据部分承载的数据进行加密处理。也就是说,相对于对数据部分承载的非信令数据的加密传输,在该可选实施方式中,对信令数据采取透传的方式。For this reason, in an optional implementation manner of the embodiment of the present invention, before the above step 202, it may also be judged whether the data carried by the data part is signaling data of the IP layer. The above step 202 may include: when the data carried by the data part is not signaling data of the IP layer, encrypting the data carried by the data part; when the data carried by the data part is signaling data of the IP layer, not carrying the data part The data is encrypted. That is to say, compared with the encrypted transmission of the non-signaling data carried by the data part, in this optional implementation manner, the signaling data is transparently transmitted.

通过上述可选实施方式,实现了对数据进行加密,对信令进行透传,从而保证数据的加密性,同时保证信令数据的处理时延。Through the above optional implementation manner, data is encrypted and signaling is transparently transmitted, thereby ensuring data encryption and processing delay of signaling data.

在本发明实施例中,为了便于数据接收方进行解密,还可以在IP报文中添加用于指示是否对数据部分承载的数据进行了加密处理的指示信息,其中,当进行了加密处理时,指示信息指示为密传模式;当未进行加密处理时,指示信息指示为透传模式。In the embodiment of the present invention, in order to facilitate the decryption by the data receiver, indication information for indicating whether the data carried by the data part has been encrypted can also be added to the IP message, wherein, when the encryption is performed, The indication information indicates the secret transmission mode; when no encryption processing is performed, the indication information indicates the transparent transmission mode.

在本发明实施例的一个可选实施方式中,还可以在IP报文中添加经传输密钥加密后的密钥,其中,密钥为数据部分所承载的数据解密的密钥。In an optional implementation manner of the embodiment of the present invention, a key encrypted by the transmission key may also be added to the IP message, where the key is a key for decrypting data carried by the data part.

下面对本发明实施例的卫星通信中IP报文的解密方法进行描述。The following describes the decryption method of the IP message in the satellite communication according to the embodiment of the present invention.

图3是根据本发明实施例的卫星通信中IP报文的解密方法的流程图,如图3所示,该方法包括步骤301至步骤302。FIG. 3 is a flowchart of a method for decrypting an IP message in satellite communication according to an embodiment of the present invention. As shown in FIG. 3 , the method includes steps 301 to 302.

步骤301,接收信源数据,其中,信源数据包括数据部分和TCP/UDP包头部分,其中,TCP/UDP包头部分为透传方式的数据。Step 301, receiving source data, wherein the source data includes a data part and a TCP/UDP packet header, wherein the TCP/UDP packet header is data in a transparent transmission mode.

步骤302,对数据部分承载的数据进行解密处理。Step 302, decrypting the data carried by the data part.

与上述加密方法对应,在本发明实施例的一个可选实施方式中,信源数据还可以携带用于指示是否对数据部分承载的数据进行了加密处理的指示信息,其中,当进行了所述加密处理时,指示信息指示为密传模式;当未进行所述加密处理时,指示信息指示为透传模式。Corresponding to the above encryption method, in an optional implementation manner of the embodiment of the present invention, the source data may also carry indication information for indicating whether to encrypt the data carried by the data part, wherein, when the During the encryption process, the indication information indicates the secret transmission mode; when the encryption process is not performed, the indication information indicates the transparent transmission mode.

在上述步骤302之前,还可以根据指示信息判断是否对数据部分承载的数据进行解密处理;上述步骤302可以包括:当指示信息指示为密传模式时,对数据部分承载的数据进行解密处理;当指示信息指示为透传模式时,不对数据部分承载的数据进行解密处理。Before the above step 302, it is also possible to judge according to the indication information whether to decrypt the data carried by the data part; the above step 302 may include: when the indication information indicates that the data is in secret transmission mode, decrypt the data carried by the data part; When the indication information indicates the transparent transmission mode, the data carried in the data part will not be decrypted.

可选地,信源数据还携带有对数据部分承载的数据进行解密的密钥,上述步骤202可以根据该密钥对数据部分承载的数据进行解密处理。在本发明实施例中,密钥为经过了加密处理,在解密之前可以先对加密的密钥进行解密处理。Optionally, the source data also carries a key for decrypting the data carried by the data part, and the above step 202 may decrypt the data carried by the data part according to the key. In the embodiment of the present invention, the key has been encrypted, and the encrypted key may be decrypted before decryption.

图4是根据本发明实施例的卫星通信中IP报文的处理装置的结构框图,如图4所示,包括:Fig. 4 is the structure block diagram of the processing device of IP message in the satellite communication according to the embodiment of the present invention, as shown in Fig. 4, comprises:

接收模块410,用于接收主站发送的来自第一小站的信源数据,其中,所述信源数据包括:数据部分和TCP/UDP包头部分,其中,所述TCP/UDP包头部分为透传方式的数据;The receiving module 410 is configured to receive the source data sent by the master station from the first small station, wherein the source data includes: a data part and a TCP/UDP packet header, wherein the TCP/UDP packet header is a transparent data in transmission mode;

解密模块420,用于对所述信源数据中携带的经过第一传输密钥加密后的密钥进行解密,其中,所述第一传输密钥为所述第一小站对应的传输密钥,所述密钥为对所述数据部分承载的数据进行解密的密钥;Decryption module 420, configured to decrypt the key encrypted by the first transmission key carried in the source data, where the first transmission key is the transmission key corresponding to the first small station , the key is a key for decrypting the data carried by the data part;

加密模块430,用于利用第二传输密钥对解密得到的密钥进行加密,得到经过第二传输密钥加密后的密钥,其中,所述第二传输密钥为第二小站对应的传输密钥,所述第二小站为所述信源数据的接收方;The encryption module 430 is configured to use the second transmission key to encrypt the decrypted key to obtain a key encrypted by the second transmission key, wherein the second transmission key is the key corresponding to the second small station transmitting a key, the second small station is the receiver of the source data;

发送模块440,用于将第一传输密钥加密后的密钥替换为第二传输密钥加密后的密钥,向所述主站发送替换处理后的信源数据。The sending module 440 is configured to replace the key encrypted by the first transmission key with the key encrypted by the second transmission key, and send the replaced information source data to the main station.

可选地,所述信源数据携带有用于指示是否对所述数据部分承载的数据进行了第一加密的指示信息,其中,当进行了所述第一加密时,所述指示信息指示为密传模式;当未进行所述第一加密时,所述指示信息指示为透传模式;Optionally, the source data carries indication information for indicating whether the first encryption is performed on the data carried by the data part, wherein, when the first encryption is performed, the indication information indicates that the encryption is encrypted. A transmission mode; when the first encryption is not performed, the indication information indicates a transparent transmission mode;

所述装置还包括:判断模块450,与所述接收模块410相连接,用于根据所述指示信息判断是否进行解密处理;The device also includes: a judging module 450, connected to the receiving module 410, for judging whether to perform decryption processing according to the instruction information;

所述解密模块420,与所述判断模块相连接,用于在所述指示信息指示为密传模式时,对所述信源数据中携带的经过第一传输密钥加密后的密钥进行解密。The decryption module 420 is connected to the judging module, and is used to decrypt the key encrypted by the first transmission key carried in the source data when the indication information indicates the encryption mode .

可选地,所述发送模块440,用于当所述指示信息指示为透传模式时,直接向主站发送所述信源数据。Optionally, the sending module 440 is configured to directly send the source data to the master station when the indication information indicates a transparent transmission mode.

图5是根据本发明实施例的卫星通信中IP报文的加密装置的结构框图,如图5所示,该装置包括:接收模块510,用于接收信源数据,其中,信源数据包括:数据部分和TCP/UDP包头部分;加密模块520,用于对数据部分承载的数据进行加密处理,得到密文数据部分;发送模块530,用于发送包括TCP或UDP包头部分和密文数据部分的IP报文,其中,TCP/UDP包头部分未进行加密处理。Fig. 5 is the structural block diagram of the encryption device of IP message in the satellite communication according to the embodiment of the present invention, as shown in Fig. 5, this device comprises: receiving module 510, is used for receiving information source data, wherein, information source data comprises: The data part and the TCP/UDP packet header part; the encryption module 520 is used to encrypt the data carried by the data part to obtain the ciphertext data part; the sending module 530 is used to send the ciphertext data part including the TCP or UDP packet header part and the ciphertext data part In the IP packet, the TCP/UDP packet header is not encrypted.

在本发明实施例的一个可选实施方式中,上述装置还可以包括:判断模块540,与接收模块510相连接,用于判断数据部分承载的数据是否为IP层的信令数据;加密模块520,与判断模块540相连接,用于在判断模块540的判断结果为否时,对数据部分承载的数据进行加密处理;在判断结果为是时,不对数据部分承载的数据进行加密处理。In an optional implementation manner of the embodiment of the present invention, the above-mentioned device may also include: a judging module 540, connected to the receiving module 510, for judging whether the data carried by the data part is signaling data of the IP layer; an encryption module 520 , is connected with the judging module 540, and is used for encrypting the data carried by the data part when the judging result of the judging module 540 is No; when the judging result is Yes, not encrypting the data carried by the data part.

可选地,上述装置还可以包括:第一添加模块550,用于在IP报文中添加用于指示是否对数据部分承载的数据进行了加密处理的指示信息,其中,当进行了加密处理时,指示信息指示为密传模式;当未进行加密处理时,指示信息指示为透传模式。Optionally, the above-mentioned apparatus may further include: a first adding module 550, configured to add indication information for indicating whether encryption processing is performed on the data carried by the data part in the IP packet, wherein, when the encryption processing is performed , the indication information indicates the secret transmission mode; when no encryption processing is performed, the indication information indicates the transparent transmission mode.

可选地,上述装置还包括:第二添加模块560,用于在IP报文中添加经联合密钥加密后的密钥,其中,密钥为数据部分所承载的数据解密的密钥。Optionally, the above device further includes: a second adding module 560, configured to add the key encrypted by the joint key to the IP message, where the key is a key for decrypting data carried by the data part.

图6是根据本发明实施例的卫星通信中IP报文的解密装置的结构框图,如图6所示,该装置可以包括:接收模块610,用于接收信源数据,其中,信源数据包括数据部分和TCP/UDP包头部分,其中,TCP/UDP包头部分为透传方式的数据;解密模块620,用于对数据部分承载的数据进行解密处理。Fig. 6 is a structural block diagram of an apparatus for decrypting IP messages in satellite communications according to an embodiment of the present invention. As shown in Fig. 6, the apparatus may include: a receiving module 610 for receiving information source data, wherein the information source data includes The data part and the TCP/UDP packet header, wherein the TCP/UDP packet header is data in a transparent transmission mode; the decryption module 620 is used to decrypt the data carried by the data part.

与上述方法对应,信源数据可以携带用于指示是否对数据部分承载的数据进行了加密处理的指示信息,其中,当进行了加密处理时,指示信息指示为密传模式;当未进行加密处理时,指示信息指示为透传模式。Corresponding to the above method, the information source data may carry indication information for indicating whether encryption processing has been performed on the data carried by the data part, wherein, when encryption processing is performed, the indication information indicates the secret transmission mode; when encryption processing is not performed , the indication information indicates the transparent transmission mode.

在本发明实施例的一个可选实施方式中,上述装置还可以包括:判断模块630,与接收模块610相连接,用于根据上述指示信息判断是否对数据部分承载的数据进行解密处理;解密模块620,与判断模块630相连接,用于在指示信息指示为密传模式时,对数据部分承载的数据进行解密处理;当指示信息指示为透传模式时,不对数据部分承载的数据进行解密处理。In an optional implementation manner of the embodiment of the present invention, the above-mentioned device may further include: a judging module 630, connected to the receiving module 610, for judging whether to decrypt the data carried by the data part according to the above-mentioned instruction information; 620, connected to the judging module 630, used for decrypting the data carried by the data part when the indication information indicates the secret transmission mode; when the indication information indicates the transparent transmission mode, not performing decryption processing on the data carried by the data part .

可选地,信源数据还携带有对数据部分承载的数据进行解密处理的密钥;解密模块620,用于根据该密钥对数据部分承载的数据进行解密处理。Optionally, the source data also carries a key for decrypting the data carried by the data part; the decryption module 620 is configured to decrypt the data carried by the data part according to the key.

下面对本发明实施例的可选实施方式进行描述。Optional implementation manners of the embodiments of the present invention are described below.

在该可选实施例汇总,基于卫星通信系统的星状网和网状网拓扑结构分别设计IP数据通信流程和数据格式,其中采用的密码算法是国际标准的AES算法。In summary of this optional embodiment, the IP data communication process and data format are respectively designed based on the star network and mesh network topology of the satellite communication system, and the encryption algorithm adopted is the international standard AES algorithm.

一、密传和透传模式下的IP加密数据格式设计1. Design of IP encrypted data format in secret transmission and transparent transmission mode

密传:信源数据进入密码机后,对TCP数据包和UDP数据包的数据部分进行加密处理,包头不进行加密处理,以密文形式传输到信宿,需要进行相应解密处理的工作模式。Secret transmission: After the source data enters the cipher machine, the data part of the TCP data packet and UDP data packet is encrypted, the header is not encrypted, and it is transmitted to the destination in the form of cipher text, and the corresponding decryption processing is required.

透传:信源数据进入密码机后,对TCP数据包和UDP数据包的数据内容和包头都不进行加密处理,以透明的形式传输到信宿,不需要进行解密处理的工作模式。Transparent transmission: After the source data enters the cipher machine, the data content and header of the TCP data packet and UDP data packet are not encrypted, and are transmitted to the destination in a transparent form without decryption processing.

使用配置文件的方式对密码机使用透传模式还是密传模式进行手工选择。如密码机被配置使用密传模式,信源数据经过信源加解密机处理后的数据结构如下:Use the configuration file to manually select whether the cipher machine uses the transparent transmission mode or the secret transmission mode. If the cipher machine is configured to use secret transmission mode, the data structure of the source data after being processed by the source encryption and decryption machine is as follows:

表1Table 1

其中,数据格式中8bits标志位标明该数据是密传模式,SK是加密数据的密钥,256bits是经传输密钥加密后的SK,联合密钥是通信双方根据ECDH计算出的,Ciphertext是加密的密文部分。Among them, the 8bits flag in the data format indicates that the data is in secret transmission mode, SK is the key for encrypting data, 256bits is the SK encrypted by the transmission key, the joint key is calculated by both parties according to ECDH, and Ciphertext is encrypted The ciphertext part of .

如果密码机被配置使用透传模式,信源数据经过信源加解密机处理后的数据结构如下:If the cipher machine is configured to use transparent transmission mode, the data structure of the source data after being processed by the source encryption and decryption machine is as follows:

表2Table 2

信宿密码机接到网关传来的数据后,判读数据格式中8Bits标志位,从而决定对传来数据进行解密处理或者透传的后处理。信宿密码机对密传数据或透传数据处理后的数据结构,与进入信源密码机前的数据结构与内容完全一致,是标准的IP数据包的格式:After the sink cipher machine receives the data from the gateway, it interprets the 8Bits flag in the data format, so as to decide to decrypt the incoming data or perform post-processing of transparent transmission. The data structure of the secret transmission data or transparent transmission data processed by the sink cipher machine is exactly the same as the data structure and content before entering the source cipher machine, which is the standard IP data packet format:

表3table 3

IP headerIP header TCP headerTCP header Plaintextplaintext

二、星状网密钥协商与加密数据流程设计2. Star network key negotiation and encrypted data process design

密钥协商过程key agreement process

1,星状网小站A的星状网加解密机开机;1. Start the star network encryption and decryption machine of the star network station A;

2,计算小站A的Diffie-Hellman参数;2. Calculate the Diffie-Hellman parameters of small station A;

3,星状网小站A的加解密机将其Diffie-Hellman参数及星状网身份信息发送给VSATHUB;3. The encryption and decryption machine of star network station A sends its Diffie-Hellman parameters and star network identity information to VSATHUB;

4,VSATHUB从DVB数据中获取星状网小站A的Diffie-Hellman参数及其星状网身份信息;4. VSATHUB obtains the Diffie-Hellman parameters of the star network station A and its star network identity information from the DVB data;

5,VSATHUB将星状网小站A的Diffie-Hellman参数及其星状网身份信息转发给KMC;5. VSATHUB forwards the Diffie-Hellman parameters of star station A and its star network identity information to KMC;

6,KMC接收到星状网小站A的Diffie-Hellman参数及其星状网身份信息,并依据其计算KMC与星状网小站A的传输密钥;6. KMC receives the Diffie-Hellman parameter of star network station A and its star network identity information, and calculates the transmission key between KMC and star network station A based on it;

7,KMC将自身的Diffie-Hellman参数发送给VSATHUB;7. KMC sends its own Diffie-Hellman parameters to VSATHUB;

8,VSATHUB使用DVB将KMC的Diffie-Hellman参数进行打包;8. VSATHUB uses DVB to package the Diffie-Hellman parameters of KMC;

9,VSATHUB将KMC的Diffie-Hellman参数发送给星状网小站A;9. VSATHUB sends the Diffie-Hellman parameters of KMC to star network station A;

10,星状网小站A计算其与KMC的传输密钥,完成星状网密钥协商过程。10. The star network substation A calculates its transmission key with the KMC, and completes the star network key negotiation process.

加密数据流程Encrypted data flow

以小站A的PC上传数据文件到主站FTP服务器数据为例,介绍星状网情况下的加密数据流程设计,下图中密钥管理中心(KMC)仅示出了加密流程涉及到的密码设备和密钥管理设备。Taking the PC of small station A to upload data files to the FTP server data of the main station as an example, the encrypted data process design in the case of a star network is introduced. The key management center (KMC) in the figure below only shows the passwords involved in the encrypted process devices and key management devices.

图7是小站上传数据文件到主站的密传数据的流程图,如图7所示,包括以下过程:Figure 7 is a flow chart of the secret transmission data uploaded by the small station to the master station, as shown in Figure 7, including the following process:

1,小站A应用PC输出的标准TCP格式数据(如表4所示)。1. The small station A uses the standard TCP format data output by the PC (as shown in Table 4).

表4Table 4

IP headerIP header TCP headerTCP header Plaintextplaintext

上述报文中,IPheader的源地址为PC,目标地址为FTP服务器。In the above message, the source address of the IP header is the PC, and the destination address is the FTP server.

2,小站A密码机进行加密,加密后的数据如表5所示。2. The small station A cipher machine performs encryption, and the encrypted data is shown in Table 5.

表5table 5

上述报文中,IPheader的源地址为PC,目标地址为FTP服务器。In the above message, the source address of the IP header is the PC, and the destination address is the FTP server.

3,小站Amoderm进行处理,处理后的数据如表6所示。3. The small station Amoderm performs processing, and the processed data is shown in Table 6.

表6Table 6

上述报文中,IPheader的源地址为PC,目标地址为FTP服务器。In the above message, the source address of the IP header is the PC, and the destination address is the FTP server.

4,主站DPS处理后,数据被强制转发至边界路由器,数据格式如表7所示。4. After being processed by the DPS of the master station, the data is forwarded to the border router forcibly, and the data format is shown in Table 7.

表7Table 7

上述报文中,IPheader的源地址为PC,目标地址为FTP服务器。In the above message, the source address of the IP header is the PC, and the destination address is the FTP server.

5,在边界路由器和密钥管理设备之间定义一个GRE隧道,数据会被处理为以下格式转发:5. Define a GRE tunnel between the border router and the key management device, and the data will be processed and forwarded in the following format:

表8Table 8

上述报文中,最左侧的IPheader的源地址为边界路由器地址,目标地址为密钥管理设备的地址。In the above message, the source address of the leftmost IP header is the address of the border router, and the destination address is the address of the key management device.

6,密钥管理设备收到该数据后,通过判读8bits标志位,判断为密传数据,将数据包拆成3个部分:IP头、加密头以及数据负载部分,从IP头中解出该IP包的源地址(小站A的PC机)和目的地址(FTPSever)后,从数据库中找出其对应的传输密钥,将加密头和小站A与中心计算出的联合密钥发送至解密设备解密模块,数据格式如下:6. After the key management device receives the data, it judges that it is encrypted data by interpreting the 8bits flag, and splits the data packet into three parts: IP header, encryption header and data load part, and deciphers the data from the IP header. After the source address (PC of small station A) and destination address (FTPSever) of the IP packet, find out its corresponding transmission key from the database, and send the encryption header and the joint key calculated by small station A and the center to Decryption device decryption module, the data format is as follows:

表9Table 9

上述报文中,最左侧IPheader的源地址为密钥管理设备的地址,目标地址为解密设备的地址。In the above message, the source address of the leftmost IP header is the address of the key management device, and the destination address is the address of the decryption device.

7,解密设备解密模块利用A-中心的联合密钥解出当前加密头中的会话密钥,再将明文的会话密钥发送回密钥管理设备,数据格式如下:7. Decryption device The decryption module uses the joint key of the A-center to decrypt the session key in the current encrypted header, and then sends the plaintext session key back to the key management device. The data format is as follows:

表10Table 10

上述报文中,最左侧IPheader的源地址为解密设备的地址,目标地址为密钥管理设备的地址。In the above message, the source address of the leftmost IP header is the address of the decryption device, and the destination address is the address of the key management device.

8,密钥管理设备将明文的会话密钥以及目的FTP服务器的传输密钥发送至加密设备加密模块,发送至加密模块的数据格式如下:8. The key management device sends the plaintext session key and the transmission key of the destination FTP server to the encryption module of the encryption device. The format of the data sent to the encryption module is as follows:

表11Table 11

上述报文中,最左侧IPheader的源地址为密钥管理设备的地址,目标地址为加密设备的地址。In the above message, the source address of the leftmost IP header is the address of the key management device, and the destination address is the address of the encryption device.

9,加密模块用FTPSever与中心的联合密钥对会话密钥进行加密,发送回密钥管理设备,发送回密钥管理设备的报文格式如下:9. The encryption module encrypts the session key with the joint key of FTPSever and the center, and sends it back to the key management device. The format of the message sent back to the key management device is as follows:

表12Table 12

上述报文中,最左侧IPheader的源地址为加密设备的地址,目标地址为密钥管理设备的地址。In the above message, the source address of the leftmost IP header is the address of the encryption device, and the destination address is the address of the key management device.

10,密钥管理设备将整合新的加密头的密文数据,打上新的IP包头,源地址是密钥管理中心(KMC)密钥管理设备,目的地址是边界路由器,发送出去的数据格式:10. The key management device will integrate the ciphertext data of the new encryption header, and add a new IP header. The source address is the key management center (KMC) key management device, and the destination address is the border router. The format of the sent data is:

表13Table 13

上述报文中,最左侧IPheader的源地址为密钥管理设备的地址,目标地址为边界路由器的地址。In the above message, the source address of the leftmost IP header is the address of the key management device, and the destination address is the address of the border router.

11,边界路由器会将数据送出的数据格式如下:11. The border router will send the data in the following format:

表14Table 14

12,主站密码机收到密文数据后,将数据解密发送至FTPServer,数据格式:12. After receiving the ciphertext data, the cipher machine at the master station decrypts the data and sends it to the FTPServer. The data format is:

表15Table 15

IP headerIP header TCP headerTCP header Plaintextplaintext

从以上的描述中,可以看出,本发明实现了如下技术效果:From the above description, it can be seen that the present invention achieves the following technical effects:

第一,设计了星状网和网状网拓扑下的密钥协商和数据加密流程,可应用于VSAT卫星通信系统;First, the key negotiation and data encryption process under star network and mesh network topology are designed, which can be applied to VSAT satellite communication system;

第二,该密码方案对IP数据包的负载数据部分加密,对IP和TCP头透传处理,包头的Qos优先级字节可直接透传,不影响Qos技术;Second, the encryption scheme encrypts the payload data of the IP data packet, transparently transmits the IP and TCP headers, and directly transmits the Qos priority byte of the packet header without affecting the Qos technology;

第三,IP加密数据格式规定了数据的密传和透传模式,对不需加密的业务数据可采用透传模式;Third, the IP encrypted data format stipulates the secret transmission and transparent transmission modes of data, and the transparent transmission mode can be used for business data that does not need to be encrypted;

第四,IP密码机对IP层的信令数据,如三次握手,TCP加速的ACK信息不进行任何处理,直接传输,不影响TCP加速,对这些数据的透明处理,可保证密码机对业务数据的加解密处理速度。Fourth, the IP cipher machine does not perform any processing on the signaling data of the IP layer, such as the three-way handshake, and the ACK information accelerated by TCP, and transmits it directly without affecting TCP acceleration. encryption and decryption processing speed.

显然,本领域的技术人员应该明白,上述的本发明的各模块或各步骤可以用通用的计算装置来实现,它们可以集中在单个的计算装置上,或者分布在多个计算装置所组成的网络上,可选地,它们可以用计算装置可执行的程序代码来实现,从而,可以将它们存储在存储装置中由计算装置来执行,并且在某些情况下,可以以不同于此处的顺序执行所示出或描述的步骤,或者将它们分别制作成各个集成电路模块,或者将它们中的多个模块或步骤制作成单个集成电路模块来实现。这样,本发明不限制于任何特定的硬件和软件结合。Obviously, those skilled in the art should understand that each module or each step of the above-mentioned present invention can be realized by a general-purpose computing device, and they can be concentrated on a single computing device, or distributed in a network formed by multiple computing devices Alternatively, they may be implemented in program code executable by a computing device so that they may be stored in a storage device to be executed by a computing device, and in some cases, in an order different from that shown here The steps shown or described are carried out, or they are separately fabricated into individual integrated circuit modules, or multiple modules or steps among them are fabricated into a single integrated circuit module for implementation. As such, the present invention is not limited to any specific combination of hardware and software.

以上所述仅为本发明的优选实施例而已,并不用于限制本发明,对于本领域的技术人员来说,本发明可以有各种更改和变化。凡在本发明的精神和原则之内,所作的任何修改、等同替换、改进等,均应包含在本发明的保护范围之内。The above descriptions are only preferred embodiments of the present invention, and are not intended to limit the present invention. For those skilled in the art, the present invention may have various modifications and changes. Any modifications, equivalent replacements, improvements, etc. made within the spirit and principles of the present invention shall be included within the protection scope of the present invention.

Claims (6)

1. the processing method of IP message in satellite communication, is characterized in that, comprising:
Receive the information source data from the first small station that main website sends, wherein, described information source data comprise: data division and TCP/UDP header part, and wherein, described TCP/UDP header part is the data of transparent transmission mode;
Be decrypted the key after the first transmission security key encryption carried in described information source data, wherein, described first transmission security key is transmission security key corresponding to described first small station, and described key is the key to the decrypt data that described data division carries;
Utilizing the second transmission security key to be encrypted deciphering the key that obtains, obtaining the key after the second transmission security key encryption, wherein, described second transmission security key is transmission security key corresponding to the second small station, and described second small station is the recipient of described information source data;
Key after first transmission security key encryption is replaced with the key after the second transmission security key encryption, sends the information source data after replacing process to described main website.
2. method according to claim 1, it is characterized in that, described information source data carry the indication information being used to indicate the data that whether carry described data division and encrypting, wherein, when having carried out described encryption, described indication information has been designated as close arq mode; When not carrying out described encryption, described indication information is designated as transparent transmission mode;
Before the key after the first transmission security key encryption carried in described information source data is decrypted, also comprise: judge whether to be decrypted process according to described indication information;
The key after the first transmission security key encryption carried in described information source data is decrypted, comprises: when described indication information is designated as close arq mode, the key after the first transmission security key encryption carried in described information source data is decrypted.
3. method according to claim 2, is characterized in that, described method also comprises: when described indication information is designated as transparent transmission mode, be not decrypted process, sends described information source data directly to main website.
4. the processing unit of IP message in satellite communication, is characterized in that, comprising:
Receiver module, for receiving the information source data from the first small station that main website sends, wherein, described information source data comprise: data division and TCP/UDP header part, and wherein, described TCP/UDP header part is the data of transparent transmission mode;
Deciphering module, for being decrypted the key after the first transmission security key encryption carried in described information source data, wherein, described first transmission security key is transmission security key corresponding to described first small station, and described key is the key to the decrypt data that described data division carries;
Encrypting module, for utilizing the second transmission security key to be encrypted deciphering the key obtained, obtain the key after the second transmission security key encryption, wherein, described second transmission security key is transmission security key corresponding to the second small station, and described second small station is the recipient of described information source data;
Sending module, for the key after the first transmission security key encryption is replaced with the key after the second transmission security key encryption, sends the information source data after replacing process to described main website.
5. device according to claim 4, it is characterized in that, described information source data carry to be used to indicate whether carried out the first indication information encrypted to the data that described data division carries, wherein, when having carried out described first encryption, described indication information has been designated as close arq mode; When not carrying out described first encryption, described indication information is designated as transparent transmission mode;
Described device also comprises: judge module, is connected with described receiver module, for judging whether to be decrypted process according to described indication information;
Described deciphering module, is connected with described judge module, for when described indication information is designated as close arq mode, is decrypted the key after the first transmission security key encryption carried in described information source data.
6. device according to claim 5, is characterized in that, described sending module, for when described indication information is designated as transparent transmission mode, sends described information source data directly to main website.
CN201410571249.8A 2014-10-22 2014-10-22 Processing method and device of IP packet in satellite communication Pending CN105471832A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410571249.8A CN105471832A (en) 2014-10-22 2014-10-22 Processing method and device of IP packet in satellite communication

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410571249.8A CN105471832A (en) 2014-10-22 2014-10-22 Processing method and device of IP packet in satellite communication

Publications (1)

Publication Number Publication Date
CN105471832A true CN105471832A (en) 2016-04-06

Family

ID=55609104

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410571249.8A Pending CN105471832A (en) 2014-10-22 2014-10-22 Processing method and device of IP packet in satellite communication

Country Status (1)

Country Link
CN (1) CN105471832A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106789057A (en) * 2016-11-28 2017-05-31 航天恒星科技有限公司 Cryptographic key negotiation method and system under satellite communication protocols
CN112187795A (en) * 2020-09-28 2021-01-05 青岛鼎信通讯股份有限公司 High-speed medium-voltage carrier encryption transparent transmission device

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1759560A (en) * 2003-03-14 2006-04-12 皇家飞利浦电子股份有限公司 Protected return path from DRM encryption decoder
CN1989728A (en) * 2004-07-29 2007-06-27 皇家飞利浦电子股份有限公司 System, device and method for providing encrypted content and decrypting said content by network
CN101729550A (en) * 2009-11-09 2010-06-09 西北大学 Digital content safeguard system based on transparent encryption and decryption method thereof
US7817631B1 (en) * 2008-07-09 2010-10-19 Google Inc. Network transfer protocol
GB2487692A (en) * 2009-11-19 2012-08-01 Icera Llc Wireless terminal for transmitting packets of different types

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1759560A (en) * 2003-03-14 2006-04-12 皇家飞利浦电子股份有限公司 Protected return path from DRM encryption decoder
CN1989728A (en) * 2004-07-29 2007-06-27 皇家飞利浦电子股份有限公司 System, device and method for providing encrypted content and decrypting said content by network
US7817631B1 (en) * 2008-07-09 2010-10-19 Google Inc. Network transfer protocol
CN101729550A (en) * 2009-11-09 2010-06-09 西北大学 Digital content safeguard system based on transparent encryption and decryption method thereof
GB2487692A (en) * 2009-11-19 2012-08-01 Icera Llc Wireless terminal for transmitting packets of different types

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
崔鹏: "加解密技术在风云三号气象卫星数据传输中的应用研究", 《中国优秀硕士学位论文全文数据库信息科技辑(2005)》 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106789057A (en) * 2016-11-28 2017-05-31 航天恒星科技有限公司 Cryptographic key negotiation method and system under satellite communication protocols
CN112187795A (en) * 2020-09-28 2021-01-05 青岛鼎信通讯股份有限公司 High-speed medium-voltage carrier encryption transparent transmission device

Similar Documents

Publication Publication Date Title
US11095624B2 (en) End-to-end encryption for personal communication nodes
KR102312670B1 (en) Method of performing device to device communication between user equipments
US8788805B2 (en) Application-level service access to encrypted data streams
US9100370B2 (en) Strong SSL proxy authentication with forced SSL renegotiation against a target server
CN105337954A (en) Method and device for encryption and decryption of IP message in satellite communication
CN102036230B (en) Method for implementing local route service, base station and system
EP3213488A1 (en) End-to-end service layer authentication
CN106797335B (en) Data transmission method, data transmission device, electronic equipment and computer program product
CN104283701A (en) Method, system and device for distributing configuration information
EP2919498B1 (en) Method, device and system for packet processing through a relay
WO2020052414A1 (en) Data protection method, device and system
CN110249584B (en) Method for providing end-to-end security in mission-critical data communication systems
US10313877B2 (en) Method and system for facilitating participation of an intermediary network device in a security gateway communication between at least one base station and a core network portion in a cellular communication network
KR20180130203A (en) APPARATUS FOR AUTHENTICATING IoT DEVICE AND METHOD FOR USING THE SAME
WO2017075134A1 (en) Key management for privacy-ensured conferencing
CN105471827A (en) Message transmission method and device
CN106161386B (en) Method and device for realizing IPsec (Internet protocol Security) shunt
US9319222B2 (en) Two factor authentication of ICR transport and payload for interchassis redundancy
WO2016134631A1 (en) Processing method for openflow message, and network element
US11006346B2 (en) X2 service transmission method and network device
CN110650476B (en) Management frame encryption and decryption
CN105471832A (en) Processing method and device of IP packet in satellite communication
US11095619B2 (en) Information exchange for secure communication
CN108900584B (en) Data transmission method and system for content distribution network
CN113810173A (en) Method for checking application information, message processing method and device

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20160406

WD01 Invention patent application deemed withdrawn after publication