CN114095930B - Method for handling violations of satellite network users combined with access authentication and related equipment - Google Patents

Abstract

The invention provides a satellite network user violation processing method combined with access authentication and related equipment, wherein the method comprises the following steps: high-frequency access authentication of a large number of user terminals is completed through all the satellite communication base stations at the front end of the network, so that the single-point fault risk and the performance bottleneck easily generated by central authentication are relieved, and the authentication transmission delay is reduced; after the access authentication is passed, the user side performs data communication by combining the anonymous identity of the authentication, the guard base station performs violation detection and preliminary judgment by combining the cached anonymous identity and the first parameter of the token, and processes the user side with lower-level violation behaviors; for the user side with higher-level violation behaviors, the satellite network center calculates the true identity of the violation user side after further violation judgment, updates the relevant blacklist, and combines all satellite communication base stations to perform violation processing, so that the violation tracing and processing can be conveniently performed after the violation behaviors are found while considering the anonymity of the user access identity.

Description

Method for handling violations of satellite network users combined with access authentication and related equipment

technical field

The invention relates to the field of communication technologies, and in particular, to a method for handling violations of satellite network users combined with access authentication and related equipment.

Background technique

With the development and wide application of communication satellite communication networks, more and more unsafe factors have also emerged, and there are many cases of launching network attacks by posing as legitimate user identities. For this reason, before the user terminal formally accesses the satellite communication network to transmit a large amount of data, it is often necessary to perform two-way secure access authentication: on the one hand, the satellite network terminal needs to authenticate that the access is a legitimate user to protect the security of the system; On the other hand, the user terminal also needs to authenticate that the access is a legitimate satellite communication network, in order to prevent being deceived and attacked by the fake base station and compromising data security.

However, the existing single-point centralized access authentication method performed by the satellite network authentication center has the problems of single-point failure risk and performance bottleneck, and is prone to large network transmission delay. In addition, due to the consideration of lightweight authentication, some of the existing satellite network user access authentication schemes do not support identity anonymity protection. Once the user's identity is leaked or maliciously tracked, it will bring great potential communication security risks; Although some schemes provide different degrees of identity anonymity protection, they do not fully consider the corresponding illegal identity traceability and processing mechanisms. If the legitimate user side has illegal behavior after passing the authentication and anonymously accessing the network, it may cause incalculable damage to the system. Loss.

SUMMARY OF THE INVENTION

In view of this, the present invention provides a satellite network user violation processing method and related equipment combined with access authentication. Access authentication and violation processing are performed by cooperating with each satellite network front-end base station, so as to alleviate the centralized access authentication method. It is easy to generate single point failure risks and performance bottlenecks in the center of the satellite network, and solves the problem that it is difficult for legitimate users to limit communication in a timely and effective manner when illegal behavior occurs after anonymous access to the network.

In a first aspect, the present invention provides a method for handling violations of satellite network users combined with access authentication, which is applied to a satellite network center, including:

Receive the violation judgment request information, calculate the first parameter of the token in combination with the violation judgment request information, and determine whether there is a violation on the client side and the final judgment result of the violation level corresponding to the violation according to the relevant violation judgment method and standard;

When it is determined that the user end has a second-level violation, the token first parameter is added to the token second-level blacklist; when it is determined that the user end has a first-level violation, all The first parameter of the token is added to the first-level blacklist of tokens. In addition, according to the first parameter of the token, the real identity of the user terminal is calculated, and the real identity is added to the real-identity blacklist, and a token blacklist is generated. List update information, broadcast the token blacklist update information to each communication satellite and satellite base station through the gateway station.

Optionally, also include:

The satellite network center regularly configures the system public parameters, and generates system parameter update information according to the system public parameters;

Wherein, the system public parameters include at least: basic cryptography parameters for encryption and decryption, validity period of the basic cryptography parameters, token public verification parameters, validity period of the token public verification parameters, satellite The communication encryption parameters of the network center and the validity period of the communication encryption parameters of the satellite network center;

The system parameter update information is broadcast on the entire network through the gateway station, each communication satellite, and the satellite base station.

Optionally, also include:

The satellite network center receives the registration request information of the user terminal when applying for network access for the first time, and obtains the initial identification and initial verification information of the user terminal in the registration request information;

According to the initial verification information, verify whether the initial identity is true, and query whether the initial identity has been registered;

In the case that the initial identity identifier is true and has not been registered, configure the user terminal with a unique real identity in the satellite communication network, a token first parameter with an expiration date, and a token second parameter;

Generate registration response information according to the real identity, the first parameter of the token with the validity period, and the second parameter of the token, associate and store the initial identity with the real identity, and store the The registration response information is sent to the user terminal through the secure channel;

Wherein, the registration response information includes at least: the real identity, the first parameter of the token, the second parameter of the token, and the real identity can be calculated by combining the initial identity with a random number, so The token first parameter is calculated according to the real identity and preconfigured system public parameters, and the token second parameter can be calculated according to the token first parameter and preconfigured system public parameters;

Wherein, the system public parameters include at least: basic cryptography parameters for encryption and decryption, validity period of the basic cryptography parameters, token public verification parameters, validity period of the token public verification parameters, satellite The communication encryption parameters of the network center and the validity period of the communication encryption parameters of the satellite network center.

Optionally, also include:

The satellite network center receives the token update second request information, and verifies the token update second request information, wherein the token update second request information is the token update first request information from the user terminal by the satellite network base station. 1. The request information is calculated and generated after passing the verification, and is forwarded to the satellite network center through several hops of communication satellites and gateway stations;

In the case that the verification of the second token update request information is passed, the related token update request verification parameters are calculated; wherein, the related token update request verification parameters at least include: real identity, token first parameter and the remaining number of times the token can be renewed;

When neither the real identity nor the token first parameter is in the blacklist, the remaining number of updates of the token is greater than zero, and the real identity and the number of remaining updates of the token match the stored records Next, configure a new first token parameter and a new token second parameter for the user terminal;

decrementing the remaining renewable times of the token, and storing the decremented remaining renewable times of the token in association with the real identity;

Generate token update response information, and return the token update response information to the user terminal through the gateway station, several hop communication satellites, and satellite communication base stations;

Wherein, the token update response information includes at least: token update response verification parameters, the updated token first parameter in encrypted form, and the token second parameter, wherein the token update response verification parameter is determined by all The verification parameters of the token update request are calculated according to the above.

In a second aspect, the present invention provides a method for handling violations of satellite network users combined with access authentication, which is applied to communication satellites, including:

In the case of receiving the uplink information from the gateway station affiliated to the satellite network center or the previous hop communication satellite, perform a message source and integrity check on the uplink information;

In the case that the message source and integrity verification of the uplink information pass, according to the relevant routing algorithm, forward the uplink information that has passed the verification to the Satcom base station or the next-hop communication satellite;

In the case of receiving downlink information from the Satcom base station, verify the message source and integrity of the downlink information;

In the case of passing the source and integrity verification of the downlink information, attach the downlink information with its own node identifier, and calculate a new message authentication code, thereby generating processed downlink information;

According to the relevant routing algorithm, the processed downlink information is forwarded to the gateway station attached to the satellite network center or the next-hop communication satellite.

In a third aspect, the present invention provides a method for handling violations of satellite network users combined with access authentication, which is applied to Satcom base stations, including:

When the client that has passed the access authentication uses the anonymous identity for data communication, the satellite base station combines the anonymous identity and the first parameter of the token cached after the access authentication, according to the relevant violation detection methods and judgment standards, to Check whether there is any illegal behavior on the user terminal, and make a preliminary judgment on the violation level of the illegal behavior;

Wherein, the relevant violation detection method may be based on but not limited to the following principles: correlation analysis, cluster analysis, KL divergence, etc.;

Wherein, the violations may include but are not limited to: initiating the same data request multiple times in a short period of time, abnormal communication requests that do not conform to the user's communication behavior habits, DoS attacks, DDoS attacks, illegally stealing system permissions and data, etc.;

The violation level can be defined by the system in combination with the actual situation. In the present invention, only the third and fourth violation levels are used to represent lower violation levels, and the first and second violation levels are used to represent higher violation levels. level, and explain the corresponding violation treatment, and the rest can be deduced by analogy, and will not be repeated below;

It should be noted that, after the access authentication is passed, the anonymous identity will be cached in the Satcom base station and the user terminal respectively to allow the establishment of this communication connection between the two. During the data communication process, the user The terminal encapsulates the anonymous identity into the communication data frame header, and the satellite base station filters the user data that does not correctly contain the anonymous identity in the data frame header, and filters the user data that correctly contains the anonymous identity in the data frame header. Forward, and according to the relevant violation detection methods and judgment standards, conduct violation detection, preliminary judgment and processing on the user data containing the anonymous identity, and in the case of preliminary judgment that there is a first-level or second-level violation, query the cache The first parameter of the token corresponding to the anonymous identity is generated, and the violation judgment request information is generated. When the communication ends, the Satcom base station releases the communication connection and deletes the cached anonymous identity of the user;

In the case of determining that the user terminal has a third-level violation, sending third prompt information to the user terminal, terminating this communication connection with the user terminal, and deleting the anonymous identity in the cache;

In the case of determining that the user terminal has a fourth-level violation, sending fourth prompt information to the user terminal, and suspending the communication connection with the user terminal;

The third prompt information is used to indicate that the reason for the disconnection is that the user terminal has a third-level violation, and the third prompt information is used to indicate that the user terminal needs to reconnect to establish a communication connection again. entry certification;

The fourth prompt information is used to indicate that the reason for the disconnection is that the user terminal has a fourth-level violation, and the fourth prompt information is used to instruct the user terminal to resume the communication connection after a specified time;

When the Satcom base station preliminarily determines that the user terminal has a first-level or second-level violation, query the cache for the token first parameter corresponding to the anonymous identity, and generate violation judgment request information;

The violation judgment request information is forwarded to the satellite network center through several hops of communication satellites and gateway stations, wherein the violation judgment request information at least includes: the encrypted first parameter of the token;

receiving token blacklist update information, and performing source and integrity verification on the token blacklist update information;

Update the stored token blacklist and send a prompt message to the offending client in the token blacklist when the message source and integrity verification of the token blacklist update information pass;

Disconnect the communication connection with the violating client; and within the period of accountability for the violation, ban the access authentication authority and token update authority of the violating client;

Among them, for the violating users in the first-level blacklist of tokens, the Satcom base station sends first prompt information, and the first prompt information is used to indicate that the user has a first-level violation, and the connection of the user The login authentication authority and token update authority have been permanently banned;

For the violating users in the second-level blacklist of tokens, the Satcom base station sends second prompt information; wherein, the second prompt information is used to indicate that the user has a second-level violation, and the deadline for accountability for violations will be met. Afterwards, the client with the second-level violations restores the normal access authentication authority and token update authority.

Optionally, also include:

The Satcom base station regularly receives the system parameter update information, and performs a message source and integrity check on the system parameter update information;

In the case that the message source and integrity check of the system parameter update information are passed, broadcast the system parameter update information to the user terminal in the domain, and store the system public parameters of the system parameter update information;

Wherein, the system public parameters include at least: basic cryptography parameters for encryption and decryption, validity period of the basic cryptography parameters, token public verification parameters, validity period of the token public verification parameters, satellite The communication encryption parameters of the network center and the validity period of the communication encryption parameters of the satellite network center.

The Satcom base station regularly configures the public parameters in the domain, and generates the parameter update information in the domain according to the public parameters in the domain, and broadcasts the parameter update information in the domain to each client in the domain; wherein, the public parameters in the domain include at least: The communication encryption parameters of the Satcom base station and the validity period of the communication encryption parameters of the Satcom base station.

Optionally, also include:

Receive the access authentication request information from the client, and verify the message freshness of the access authentication request information;

In the case that the message freshness verification of the access authentication request information is passed, according to the public parameters of the system and the public parameters in the domain, the anonymous identity of the user is calculated this time, and the first parameter of the token and the second parameter of the token are verified. Whether the verification parameter of the parameter satisfies the specified relationship, wherein the access authentication request information contains at least the following fields: access authentication request timestamp, access authentication first encryption parameter, encrypted token first parameter and token first encryption parameter Two-parameter verification parameter, wherein the verification parameter of the token second parameter is calculated from the token second parameter;

In the case that the verification parameters of the first parameter of the token and the second parameter of the token satisfy the specified relationship, calculate the access authentication response parameter according to the access authentication request information, and generate an access authentication response parameter according to the authentication response parameter. input authentication response information and send it to the client;

Wherein, the access authentication response information includes at least the following fields: an access authentication response timestamp and an access authentication response parameter, and the access authentication response parameter is calculated from the decrypted original parameter of the access authentication request information;

Cache the anonymous identity of the user authenticated this time, and the first parameter of the token corresponding to the anonymous identity of the user;

It should be noted that after the Satcom base station completes the access authentication for the user terminal, it will then allow the establishment of a communication connection with the user terminal according to the cached anonymous identity of the user. During the data communication process, the Satcom base station Filter the user data that does not correctly contain the anonymous identity in the data frame header, forward the user data that correctly contains the anonymous identity in the data frame header, and according to the relevant violation detection methods and judgment standards, contain some data. The user data of the anonymous identity is subjected to violation detection, preliminary determination and processing, and in the case of preliminary determination that there is a first-level or second-level violation, query the cached first parameter of the token corresponding to the anonymous identity, and Generate violation judgment request information, and when the communication ends, the satellite base station releases the current communication connection and deletes the cached anonymous identity of the user.

Optionally, also include:

Receive the first token update request information from the client, and verify the message freshness of the token update first request information, wherein the token update first request information at least includes the following fields: Token update first request Timestamp, token update first encryption parameter, token update request verification parameter in encrypted form, and token update request verification parameter, the token update request verification parameter at least includes: real identity, token first A parameter and the remaining number of times the token can be updated;

In the case that the message freshness check of the first token update request information is passed, calculate the first token parameter according to the system public parameter and the public parameter in the domain, and verify the first token parameter and the command Whether the verification parameters of the second parameter of the card satisfy the specified relationship;

When the verification parameters of the first parameter of the token and the second parameter of the token satisfy the specified relationship, generate a second request for token update, and send it to the communication satellite in the domain, wherein the token update the first request information 2. The request information at least includes: the token update first encryption parameter, the token first parameter and the token update request verification parameter in encrypted form;

Receive the token update response information, and perform message source and integrity verification on the token update response information;

In the case that the source and integrity verification of the token update response information is passed, the token update response information is forwarded to the client.

In a fourth aspect, the present invention provides a method for handling violations of satellite network users combined with access authentication, which is applied to the user terminal, including:

Regularly receive system parameter update information, and perform message source and integrity verification on the system parameter update information;

Under the condition that the message source and integrity verification of the system parameter update information pass, storing the system public parameters in the system parameter update information;

The system public parameters are regularly configured by the satellite network center, and broadcast on the entire network through gateway stations, communication satellites, and satellite communication base stations, wherein the system public parameters at least include: basic cryptography parameters for encryption and decryption , the validity period of the basic cryptography parameters, the validity period of the token public verification parameters, the validity period of the token public verification parameters, the communication encryption parameters of the satellite network center and the validity period of the communication encryption parameters of the satellite network center;

Periodically receive the parameter update information in the domain, and perform a message source and integrity check on the parameter update information in the domain;

Under the condition that the message source and integrity check of the parameter update information in the domain pass, storing the public parameters in the domain in the parameter update information in the domain;

The public parameters in the domain are regularly configured by the Satcom base station and broadcast in the domain, wherein the public parameters in the domain at least include: the communication encryption parameters of the Satcom base station and the validity period of the communication encryption parameters of the Satcom base station.

Optionally, also include:

When the user terminal applies for network access for the first time, the registration request information is generated according to the initial identification and initial verification information of the user terminal;

Send the registration request information to the satellite network center through a secure channel;

Receive the registration response information of the satellite network center through the secure channel, and obtain the real identity, the first parameter of the token, and the second parameter of the token in the registration response information, wherein the real identity is unique in the whole network, so The first token parameter and the second token parameter have an expiration date, and the longest expiration date of the first token parameter and the second token parameter is determined by the expiration date of the current system public parameter;

The real identity, the first parameter of the token and the second parameter of the token are securely stored.

Optionally, also include:

When the user terminal needs to access the satellite communication network, the anonymous identity of the user terminal is calculated according to the first parameter of the token and the second parameter of the token stored in a secure manner, combined with the public parameters of the system and the public parameters in the domain, and the access is generated. authentication request information, and send the access authentication request information to a nearby satellite communication base station, wherein the access authentication request information at least includes the following fields: access authentication request timestamp, access authentication first encryption parameter, The verification parameters of the encrypted first parameter of the token and the second parameter of the token;

Receive the access authentication response information from the Satcom base station, and perform access authentication calculation and verification on the Satcom base station according to the access authentication response information, wherein the access authentication response information at least includes the following fields: an access authentication response timestamp and an access authentication response parameter, wherein the access authentication response parameter is calculated from the original parameter decrypted by the access authentication request information;

In the case that the access authentication verification is passed, the session key and the integrity protection key are calculated, and the session key, the integrity protection key and the authenticated anonymous identity are securely stored for use In a formal data communication process, the session key is used for symmetric encryption of the communication data, and the integrity protection key is used to calculate the message authentication code.

It should be noted that, in the data communication process after access authentication, the user end encapsulates the anonymous identity into a data frame, and uses the session key to encrypt the data to be transmitted, and uses the integrity protection The key calculates the message authentication code, and the communication data is transmitted in the satellite network through the satellite communication base station.

Optionally, also include:

When the client needs to update the token, the client calculates and generates the first token update request information by combining the first parameter of the token to be updated, the second parameter of the token, the public parameters of the system and the public parameters in the domain, and generates the token update first request information. sending the token update first request information to a nearby Satcom base station;

Wherein, the first token update request information includes at least the following fields: the first token update request timestamp, the token update first encryption parameter, the token update request verification parameter in encrypted form, the Verification parameters, wherein the token update request verification parameters at least include: real identity, the first parameter of the token, and the remaining number of times the token can be updated;

Receive token update response information, and perform message source and integrity verification on the token update response information;

In the case that the message source and integrity verification of the token update response information are passed, the token update response verification parameter, the updated first token parameter, and the updated token second parameter are calculated, wherein, The token update response verification parameter is calculated from the token update request verification parameter, wherein the token update request verification parameter at least includes: the real identity, the token first parameter, and the remaining number of times the token can be updated;

Verifying whether the token update response verification parameter is correct, and verifying whether the updated first parameter of the token and the updated second parameter of the token satisfy the specified relationship;

In the case of passing the verification, the updated first parameter of the token and the updated second parameter of the token are securely stored.

It should be noted that when the first parameter of the token and the second parameter of the token have been stored or used on the user side for a certain period of time, and there may be security risks such as leakage or theft, the validity period of the current system public parameters can be within the validity period of the current system public parameters, the client has a certain number of token update permissions, and each time a token update is performed, the token update permission is consumed once; the client can combine the security requirements. , within the range of the number of updates allowed by the system, choose the timing and number of token updates by yourself, so as to reduce the potential security risks caused by the long-term storage of the first parameter of the token and the second parameter of the token on the user side .

In a fifth aspect, the present invention provides a satellite network center, comprising:

The system parameter update module is used to regularly configure the system public parameters, and generate system parameter update information according to the system public parameters. Webcast, wherein the system public parameters at least include: basic cryptography parameters for encryption and decryption, the validity period of the basic cryptography parameters, the token public verification parameters, the validity of the token public verification parameters Term, the communication encryption parameters of the satellite network center and the validity period of the communication encryption parameters of the satellite network center;

The registration response module is used to receive and verify the registration request information. For the user terminal whose registration request information is true and has not been registered, configure the unique real identity of the user terminal in the satellite communication network. a parameter, the second parameter of the token, and the registration response information is generated according to the real identity, the first parameter of the token with the validity period, and the second parameter of the token, and the registration response information is sent through the secure channel return to the client;

The violation judgment module is used to receive the violation judgment request information, and based on the first parameter of the token calculated by the violation judgment request information, according to the relevant violation judgment methods and standards, to determine whether there is a violation of the user terminal and the corresponding violation of the violation. The final judgment result of the violation level;

A violation processing module, configured to add the token first parameter to the token second-level blacklist when it is determined that the user terminal has a second-level violation; In the case of the token, the first parameter of the token is added to the first-level blacklist of the token, in addition, the real identity of the user terminal is calculated according to the first parameter of the token, and the real identity is added to the real-identity blacklist , and generate token blacklist update information, and broadcast the token blacklist update information to each communication satellite and satellite base station through the gateway station;

The token update response module is used to receive and verify the second token update request information, and configure the updated first parameter of the token, the first Second parameter, and calculate and generate token update response information, and send the token update response information to the user terminal through the gateway station, several hop communication satellites, and satellite communication base stations.

In a sixth aspect, the present invention provides a communication satellite, comprising:

The uplink information processing module is used to check the source and integrity of the uplink information in the case of the received uplink information from the satellite network center affiliated gateway station or the previous hop communication satellite. When the source and integrity of the uplink information are verified, forward the verified uplink information to the satellite base station or the next-hop communication satellite according to the relevant routing algorithm;

The downlink information processing module is used to verify the message source and integrity of the downlink information in the case of the received downlink information from the satellite base station, discard the downlink information that fails to verify, and verify the downlink information. The passed downlink information is attached with its own node identifier, and a new message authentication code is calculated to generate processed downlink information, and according to the relevant routing algorithm, the processed downlink information is forwarded to the satellite network center affiliated Gateway station or next-hop communication satellite.

In a seventh aspect, the present invention provides a Satcom base station, comprising:

The parameter update module is used for regularly receiving and verifying the system parameter update information; in the case of passing the verification of the system parameter update information, the system public parameters in the system parameter update information are stored, and the system parameter update information is stored. The parameter update information is broadcast to the user terminal in the domain, wherein the system public parameters at least include: basic cryptography parameters used for encryption and decryption, the validity period of the basic cryptography parameters, token public verification parameters, the password The validity period of the card public verification parameters, the communication encryption parameters of the satellite network center, and the validity period of the communication encryption parameters of the satellite network center;

The parameter update module is further configured to periodically configure the public parameters in the domain, and generate parameter update information in the domain according to the public parameters in the domain, and broadcast the parameter update information in the domain to each client in the domain, wherein the The public parameters in the domain include at least: the communication encryption parameters of the Satcom base station and the validity period of the communication encryption parameters of the Satcom base station;

The access authentication response module is used to receive and verify the access authentication request information from the user terminal, and in the case that the access authentication request information is verified, calculate the anonymous identity of the user, and verify the first parameter of the token and the token. Whether the verification parameter of the second parameter of the token satisfies the specified relationship, in the case that the verification parameter of the first parameter of the token and the verification parameter of the second parameter of the token meet the specified relationship, generate access authentication response information, sending the access authentication response information to the client, caching the anonymous identity of the user authenticated this time, and the first parameter of the token;

The communication data transmission module is used to allow the establishment of a communication connection with the user terminal according to the cached anonymous identity of the user after performing access authentication with the user terminal, and during the data communication process, the data frame header does not contain the correct information. The user data of the anonymous identity is filtered, the user data that correctly contains the anonymous identity in the data frame header is forwarded to the communication satellite in the domain, and when the communication ends, the cached anonymous identity of the user is deleted;

The violation detection module is used to perform violation detection and preliminary judgment on the user terminal according to the relevant violation detection method and judgment standard in combination with the cached user anonymous identity and the first parameter of the token during the data communication process;

A violation preliminary processing module, configured to send the third prompt information to the user terminal when it is determined that the user terminal has a third-level violation behavior, and terminate this communication connection with the user terminal, and delete said anonymous identity from the cache;

The violation preliminary processing module is further configured to send the fourth prompt information to the user terminal and suspend this communication connection with the user terminal when it is determined that the user terminal has a fourth violation level behavior ;

The violation judgment request module is used to query the cache for the token first parameter corresponding to the anonymous identity of the user when it is preliminarily determined that the user terminal has a first-level or second-level violation, and generate the violation Judgment request information, and send the violation judgment request information to the satellite network center via several hops of communication satellites and gateway stations;

The violation judgment response processing module is used to receive and verify the token blacklist update information, update the stored token blacklist when the token blacklist update information is verified and pass the verification, and report to the violating client Send a prompt message, disconnect the network connection with the violating client, and ban the access authentication authority and token update authority of the violating client within the period of accountability for violation;

A token update first request processing module, configured to receive and verify the token update first request information from the client, and calculate the token update first request information when the token update first request information is verified. parameters, and verify whether the verification parameters of the first parameter of the token and the second parameter of the token satisfy the specified relationship, in the case of passing the verification, generate the second request information for the token update, and update the token 2. Request information to be sent to communication satellites in the domain;

The token update response processing module is configured to receive and verify the token update response information, and forward the token update response information to the user end when the verification is passed.

In an eighth aspect, the present invention provides a user terminal, comprising:

The parameter configuration module is used to periodically receive and verify the system parameter update information, and in the case of passing the verification, store the system public parameters in the system parameter update information, wherein the system public parameters at least include: The basic cryptography parameters for encryption and decryption, the validity period of the basic cryptography parameters, the token public verification parameters, the validity period of the token public verification parameters, the communication encryption parameters of the satellite network center and the satellite network The validity period of the central communication encryption parameters;

The parameter configuration module is also configured to periodically receive and verify the parameter update information in the domain, and in the case of passing the verification, store the public parameters in the domain in the parameter update information in the domain, wherein the public parameters in the domain are at least Including: the communication encryption parameters of the Satcom base station and the validity period of the communication encryption parameters of the Satcom base station;

A registration request module is used to generate registration request information according to the initial identity identifier and the initial verification information, and send the registration request information to the satellite network center through a secure channel;

The registration response processing module is used to receive the registration response information of the satellite network center through a secure channel, and obtain the unique real identity of the network in the registration response information, the first parameter of the token with the validity period, and the second parameter of the token , and securely store the real identity, the first parameter of the token, and the second parameter of the token;

The access authentication request module is used for the user terminal to calculate the anonymity according to the first parameter of the token and the second parameter of the token stored in a secure manner, in combination with the public parameters of the system and the public parameters in the domain, when the user terminal needs to access the satellite communication network. identity, generate the access authentication request information, and send the access authentication request information to the Satcom base station;

The access authentication response processing module is used to receive and verify the access authentication response information of the satellite communication base station, and in the case of passing the verification, for the abnormal access authentication response prompt information, respond to the access authentication response The prompt information is parsed, and for the normal access authentication response information, the parameters in the access authentication response information are verified, and if the parameter verification is passed, the session key and the integrity protection key are calculated, and Securely store session keys, integrity protection keys, and anonymous identities for this authentication;

The communication data transmission module is used to encapsulate the anonymous identity into a data frame during the data communication process after completing the access authentication with the satellite communication base station, and use the session key to encrypt the data to be transmitted, And use the integrity protection key to calculate the message authentication code, and carry out communication data transmission in the satellite network through the Satcom base station;

The token update request module is used to generate the token update first parameter according to the token first parameter and the token second parameter to be updated, combined with the system public parameters and the public parameters in the domain, when the token update needs to be performed. a request message, and send the token update first request message to the Satcom base station;

a token update response processing module, configured to receive and verify the token update response information, calculate and verify whether the token update response verification parameters are correct when the token update response information is verified successfully, and Verify whether the updated first parameter of the token and the updated second parameter of the token satisfy the specified relationship, and in the case of passing the verification, perform security on the updated first parameter of the token and the updated second parameter of the token storage.

In a ninth aspect, the present invention provides a terminal device, including a memory, a processor, and a transceiver;

the memory stores computer-executable instructions;

The processor executes the computer-executable instructions stored in the memory, so that the processor executes the above-mentioned method for handling violations of satellite network users in combination with access authentication;

The transceiver is used for receiving information sent by an external device and sending information to the external device.

In a tenth aspect, the present invention provides a computer-readable storage medium, where computer-executable instructions are stored in the computer-readable storage medium, and when the computer-executable instructions are executed by a processor, are used to implement the above-mentioned combined access How to deal with violations by certified satellite network users.

The method and related equipment for handling violations of satellite network users combined with access authentication provided by the present invention completes high-frequency access authentication for a large number of users through each satellite communication base station at the front end of the network, so as to alleviate the single point that is easily generated by centralized authentication. Failure risks and performance bottlenecks, reducing the authentication transmission delay; after the access authentication is passed, the user terminal combines the authenticated anonymous identity for data communication, and the Satcom base station combines the cached anonymous identity and the first parameter of the token to conduct violation detection and preliminary Judgment, and deal with the users with lower-level violations; for users with higher-level violations, the satellite network center will calculate the real identities of the violating users and update the relevant blacklist after further violation judgments. , and cooperate with each Satcom base station to handle violations, so that while taking into account the anonymity of user access identities, it is also convenient to trace and deal with violations after violations are discovered.

Description of drawings

The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the disclosure and together with the description serve to explain the principles of the disclosure.

Fig. 1 is the scene schematic diagram that the present invention realizes the satellite network user violation processing method combined with access authentication;

FIG. 2 is a schematic overall flow chart of the first embodiment of the method for handling violations of satellite network users combined with access authentication according to the present invention;

3 is a schematic diagram of the access authentication flow of the second embodiment of the satellite network user violation processing method combined with access authentication according to the present invention;

4 is a schematic diagram of a violation detection and processing flow diagram of a third embodiment of a method for processing violations of satellite network users in combination with access authentication according to the present invention;

FIG. 5 is a schematic diagram of a token update process according to the fourth embodiment of the method for processing violations of satellite network users in combination with access authentication according to the present invention;

Fig. 6 is the module schematic diagram of the satellite network center of the present invention;

Fig. 7 is the module schematic diagram of the communication satellite of the present invention;

8 is a schematic diagram of a module of a Satcom base station of the present invention;

Fig. 9 is the module schematic diagram of the user terminal of the present invention;

FIG. 10 is a schematic structural diagram of a terminal device of the present invention.

The above-mentioned drawings have shown clear embodiments of the present disclosure, and will be described in more detail hereinafter. These drawings and written descriptions are not intended to limit the scope of the disclosed concepts in any way, but rather to illustrate the disclosed concepts to those skilled in the art by referring to specific embodiments.

Detailed ways

Exemplary embodiments will be described in detail herein, examples of which are illustrated in the accompanying drawings. Where the following description refers to the drawings, the same numerals in different drawings refer to the same or similar elements unless otherwise indicated. The implementations described in the illustrative examples below are not intended to represent all implementations consistent with this disclosure. Rather, they are merely examples of apparatus and methods consistent with some aspects of the present disclosure as recited in the appended claims.

The invention provides a satellite network user violation processing method and related equipment combined with access authentication.

Referring to FIG. 1 , FIG. 1 is a schematic diagram of a scenario of a method for handling violations of satellite network users combined with access authentication according to the present invention.

Among them, the satellite communication base station 3000 communicates with the communication satellite 2000 through the satellite-ground link; the communication satellite 2000 communicates with the next-hop communication satellite 2000 through the inter-satellite link according to the relevant routing algorithm, or communicates with the satellite through the satellite-ground link. Communication between the network center 1000 and its affiliated gateway stations (not marked);

Between Satcom base station 3000, communication satellite 2000, and satellite network center 1000, mutual authentication, negotiation of session key and integrity protection key have been completed in advance, and a system security channel has been established;

The user terminal 4000 can access the satellite network for data communication after completing the two-way access authentication with the Satcom base station 3000; The client 4000 conducts violation detection, preliminary judgment and processing;

The Satcom base station 3000 conducts violation processing for the client 4000 with a lower violation level; for the client 4000 suspected of having a higher violation level, it queries the cached first parameter of the token corresponding to the user's anonymous identity, and generates a violation judgment request Then, through several hops of communication satellites 2000 and gateway stations (not marked), the violation judgment request information is forwarded to the satellite network center 1000; the satellite network center 1000 gives the final violation according to the relevant violation judgment methods and standards. According to the judgment result, the blacklist is updated accordingly, and the token blacklist update information is generated, and broadcast to each Satcom base station 3000 through the gateway station (not marked) and the communication satellite 2000; the Satcom base station 3000 is based on the token blacklist. information, and deal with the violation of the violation client 4000.

The technical solutions of the present invention and how the technical solutions of the present application solve the above-mentioned technical problems will be described in detail below with specific examples. The following specific embodiments may be combined with each other, and the same or similar concepts or processes may not be repeated in some embodiments. Embodiments of the present invention will be described below with reference to the accompanying drawings.

The present invention provides a method for handling violations of satellite network users combined with access authentication and its overall flow.

Referring to FIG. 2 , FIG. 2 is a first embodiment of a method for handling violations of satellite network users combined with access authentication according to the present invention. It includes the following steps:

Step S10, the satellite network center, as a trust root node, configures its own node identifier, public-private key pair, and digital certificate in the system initialization stage, and configures node identifiers and digital certificates for each communication satellite and satellite base station, and communicates with each communication satellite. , Satcom base station completes mutual authentication, and negotiation of session key and integrity protection key to establish a system security channel.

Specifically, you can refer to the relatively mature PKI public key encryption system and other related technologies, which will not be described in detail here.

In step S20, the satellite network center regularly updates the public parameters of the system, and broadcasts the whole network through the gateway station, communication satellite, and Satcom base station.

Wherein, the system public parameters include at least: basic cryptography parameters for encryption and decryption, validity period of the basic cryptography parameters, token public verification parameters, validity period of the token public verification parameters, satellite The communication encryption parameters of the network center and the validity period of the communication encryption parameters of the satellite network center;

The public parameters in the domain include at least: the communication encryption parameters of the Satcom base station and the validity period of the communication encryption parameters of the Satcom base station;

The satellite network center regularly updates the public parameters of the system, and generates system parameter update information; then, the system parameter update information is broadcast to the users of the entire network through the gateway station, communication satellite, and satellite base station;

Among them, after receiving the system parameter update information, each Satcom base station and user terminal will perform message source and integrity verification on it; and if the message source and integrity verification pass, the System public parameters are stored.

In this embodiment, the system parameter update information may refer to the following:

{ ID _NOCC ||TYPE||LT ₁ ||G||N||LT ₂ ||PK ₀ ||K||LT ₃ ||R _NOCC ||SIGN _NOCC }

Among them, {} indicates which parameters are included in the information (not repeated below); || indicates the parameter splicing operation (not repeated below); ID _NOCC is the node identifier of the satellite network center; TYPE is the message type code, specific , the TYPE field can be set to "000" here to represent the system parameter update information; G is the generator of the elliptic curve, N is the order of G; LT ₁ is the validity period of the satellite network center configuration for N and G; In addition, the satellite network center selects three different secure random numbers SK ₀ , k and r _NOCC from the cyclic addition group, and then calculates: authentication token verification public key PK ₀ =SK ₀ ·G, authentication token public parameters K=k·G, and the communication encryption parameter R _NOCC = r _NOCC ·G of the satellite network center; and configure the validity period LT ₂ for PK ₀ and K; configure the validity period LT ₃ for R _NOCC ; SIGN _NOCC is the satellite network center for this The digital signature of the message computation.

In addition, the satellite base station regularly configures the public parameters in the domain, generates parameter update information in the domain, and broadcasts it to the users in the domain;

In this embodiment, the parameter update information in the domain can be referred to as follows:

{ ID _STB ||type||LT ₄ ||R _STB ||SIGN _STB }

Among them, ID _STB is the node identifier of the Satcom base station; type is the message type code. Specifically, the type field can be set to "000" here to represent the parameter update information in the domain; the Satcom base station first selects one from the cyclic addition group. Secure random number r _STB , then, calculate the communication encryption parameter of Satcom base station R _STB = r _STB · G, where G is the generator of the elliptic curve; LT ₄ is the validity period configured by Satcom base station for R _STB ; SIGN _STB is the digital signature calculated by the Satcom base station for the message;

By regularly updating and broadcasting the public parameters of the system and the public parameters in the domain, the potential security risks caused by the long-term use of fixed parameters can be reduced.

It should be noted that, in all the embodiments of the present disclosure, TYPE is used to refer to the message type code of the satellite network center, and type is used to refer to the message type code of the satellite communication base station or the communication satellite. No further description will be given subsequently.

In step S30, when the user terminal applies for network access for the first time, the registration request information is sent to the satellite network center through the secure channel. After the satellite network center receives and passes the verification, the user terminal is configured with a unique real identity in the network, and has a valid identity. The first parameter of the token and the second parameter of the token are returned to the user terminal with the registration response information, and the user terminal securely stores the real identity, the first parameter of the token, and the second parameter of the token.

Wherein, the registration request information may include, but is not limited to: an initial identity identifier with unique network-wide uniqueness, such as the factory serial number of the client, and initial verification information used to verify the authenticity of the initial identity identifier;

The real identity is unique in the whole network, the first parameter of the token and the second parameter of the token have a certain validity period, and the longest validity period is determined by the validity period of the current system public parameters.

In this embodiment, the real identity, the first parameter of the token, and the second parameter of the token are calculated as follows:

UID= Hash(ID _e ||info||RAND) [1]

α= f _sym (KEY _NOCC , UID||LT ₂ ||rand) [2]

θ= α·SK ₀ + k (mod N) [3]

Among them, UID, α, θ are the real identity, the first parameter of the token, and the second parameter of the token configured by the network center for the client respectively; Hash( ) represents the hash function; f _sym represents the symmetric encryption algorithm; || represents the pair The parameters are spliced (not repeated below), "·" represents the point multiplication operation on the elliptic curve (not repeated below), "+" represents the point addition operation on the elliptic curve (not repeated below); mod is the Remainder operation (not repeated below); ID _e is the initial identification; info is the initial verification information; RAND and rand represent different random numbers respectively; KEY _NOCC is the security registration key selected by the satellite network center; N, LT ₂ , SK ₀ , and k are parameters involved in step S20.

Step S40, when the user terminal needs to access the satellite network, according to the first parameter of the token, the second parameter of the token, combined with the public parameters of the system, the public parameters in the domain, and the relevant access authentication parameters, calculate the anonymous identity, and match it with the user. The nearby Satcom base station conducts two-way access authentication.

Wherein, the relevant access authentication parameters may include but are not limited to: timestamp, random number;

The system public parameters include at least: basic cryptography parameters for encryption and decryption, validity period of the basic cryptography parameters, token public verification parameters, validity period of the token public verification parameters, satellite network center The communication encryption parameters of the satellite network center and the validity period of the communication encryption parameters of the satellite network center;

The public parameters in the domain include at least: the communication encryption parameters of the Satcom base station and the validity period of the communication encryption parameters of the Satcom base station;

It should be noted that the access authentication process involved in step S40 will be further detailed in steps S41 to S44 in conjunction with the second embodiment of FIG. 3 .

Step S50, the user terminal accesses the satellite network through the Satcom base station, and transmits communication data in combination with the authenticated anonymous identity, the calculated session key, and the integrity protection key.

Specifically, the encapsulated communication data contains at least the following fields:

{ PID||EncData||MAC _U }

Among them, PID is the anonymous identity of the authentication of the client, and after the access authentication is passed, it is cached in the client and the Satcom base station respectively; EncData is the session key used by the client to symmetric the communication data Encrypted encrypted data; MAC _U is the message authentication code calculated by the user terminal using the integrity protection key, to be used for message integrity verification;

After this data communication ends, the satellite communication base station disconnects the communication connection with the user terminal, and deletes the cached anonymous identity of the user; when the user terminal needs to access the satellite communication network in the future, it needs to be performed again. Access authentication.

Step S60, according to the relevant violation detection methods and judgment standards, and in combination with the anonymous identity cached after the access authentication and the first parameter of the token, the satellite network base station performs violation detection, preliminary judgment and processing on the access client, and if necessary, cooperates with the satellite network. The center will make further violation judgment and processing.

It should be noted that, the violation detection and processing flow involved in step S60 will be further detailed in steps S61 to S66 in conjunction with the third embodiment of FIG. 4 .

Step S70, when the token update needs to be performed, the user terminal generates a token according to the first parameter of the token to be updated, the second parameter of the token, the public parameters of the combined system, the public parameters in the domain, and the verification parameters of the relevant token update request. The first request information for card update is generated after verification by the satellite base station, and the second request information for token update is generated, which is sent to the satellite network center through several hops of communication satellites and gateway stations. The user terminal configures the new first parameter and the token second parameter.

Wherein, the relevant token update request verification parameters at least include: real identity, the first parameter of the token, and the remaining number of times the token can be updated;

It should be noted that, the token update process involved in step S70 will be further detailed in steps S71 to S76 in conjunction with the fourth embodiment of FIG. 5 .

The present invention provides an access authentication process involved in a method for handling violations of satellite network users combined with access authentication.

Referring to FIG. 3 , FIG. 3 is a second embodiment of a method for handling violations of satellite network users combined with access authentication according to the present invention. It includes the following steps:

Step S41, when the user terminal needs to access the network, according to the securely stored first parameter of the token and the second parameter of the token, combined with the public parameters of the system and the public parameters in the domain, calculate the anonymous identity this time, and generate an access authentication request The information is sent to a nearby Satcom base station.

Specifically, in this embodiment, the access authentication request information may refer to the following format:

{ T ₁ || R _U ||X _α ||λ}

Wherein, T ₁ is the access authentication request timestamp; R _U is the first encryption parameter of the access authentication; X _α is the encrypted first parameter of the token; λ is the verification parameter of the second parameter of the token. The parameters involved are calculated as follows:

R _U =r _U ·G [4]

X _α = α⊕H(r _U · R _STB ) 【5】

PID= hash(α)⊕hash(r _U · R _STB ) 【6】

β= H(T ₁ ||R _U ||α||PID) 【7】

λ= θ+β·r _U (mod N) [8]

Among them, the meanings of the parameters and symbols involved in the formulas [4]~[8] are as follows: || represents the parameter splicing operation (not repeated below); ⊕ represents the bitwise XOR operation (not repeated below), hash( ), H( ) represent the hash function (not repeated below); mod represents the remainder operation (not repeated below); r _U is the access authentication secret random number generated by the client, and α is the first parameter of the token; PID is the anonymous identity of the user terminal for this access authentication; β is an intermediate parameter; θ is the second parameter of the token; G, N, R _STB are the parameters described in step S20.

Step S42, the satellite communication base station receives and verifies the access authentication request information, and combines the public parameters of the system with the public parameters in the domain, calculates the anonymous identity, and verifies the difference between the first parameter of the token and the second parameter of the token. Check whether the parameters satisfy the specified relationship.

In this embodiment, the Satcom base station first checks the freshness of the access authentication request information by whether | T ₂ -T ₁ | is less than Δt _STB ; where T ₂ is the access authentication request received by the Satcom base station The time stamp of the information; Δt _STB is the time interval set by the Satcom base station;

In the case that the freshness verification passes (| T ₂ -T ₁ | is less than Δt _STB passes the verification), the first parameter of the calculation token α= X _α ⊕H(R _U ·r _STB ); wherein, X _α and R _U are respectively the encrypted first parameter of the token and the first encrypted parameter of the access authentication described in step S41; r _STB is the parameter described in step S20;

Then, check whether α is in the token blacklist; if α is not in the token blacklist, calculate the user's anonymous identity PID= hash(α)⊕hash(R _U ·r _STB ), and the intermediate parameter β= H (T ₁ ||R _U ||α||PID); then, check the formula [9]: λ·G=α·PK ₀ +K+β·R _U is established; among them, G, PK ₀ , K , r _STB are the parameters described in step S20;

When formula [9] is established, it indicates that the verification parameters of the first token parameter and the second token parameter satisfy the specified relationship, and further indicates that the first token parameter and the second token parameter of the user end It is a legal and valid token parameter calculated in combination with the private key of the satellite network center, which allows the user terminal to access the satellite communication network.

Step S43, in the case that the verification parameters of the first parameter of the token and the second parameter of the token satisfy the specified relationship, the Satcom base station caches the user's anonymous identity and the first parameter of the token for this authentication, and generates an access token. The authentication response information is sent to the user terminal, and communication parameter transmission information is generated, and sent to the satellite network center through several hops of communication satellites and gateway stations.

Specifically, in this embodiment, the access authentication response information may refer to the following format: { T ₂ ||RES }; where T ₂ is the timestamp when the Satcom base station receives the access authentication request information ; RES = H( T ₂ ||β); β is the intermediate parameter calculated in step S42.

The relevant communication parameters at least include: PID|| _RU ; the communication parameter transmission information may refer to the following format: { ID _STB ||type||C _STB ||MAC _STB };

where C _STB = f _sym (EK _STB-SAT , PID||R _U ),

MAC _STB = f _int (IK _STB-SAT , ID _STB || type||C _STB );

Among them, the ID _STB is the node identifier of the Satcom base station; type is the message type code. Specifically, the type field can be set to "111" here to represent the communication parameter transmission information; C _STB is the encrypted data of the Satcom base station. Communication parameters _; MAC _STB is the message authentication code calculated by the _Satcom base station; f _sym is the symmetric encryption algorithm, and f _int is the integrity protection algorithm; The session key and the integrity protection key negotiated with the communication satellite;

After the communication satellite receives the communication parameter transmission information, it first checks the message authentication code MAC _STB therein, and then decrypts the _CSTB to obtain PID|| _RU ; and caches the PID therein to allow corresponding user data to be stored in the network Then, perform a similar calculation, and then forward the processed communication parameter transmission information: { ID _SAT ||type||C _SAT ||MAC _SAT } to the affiliated gateway station of the satellite network center according to the relevant routing algorithm. , or the next hop communication satellite;

Wherein, ID _SAT is the node identification of the communication satellite; type is the message type code, specifically, the type field can be set to "111" here to represent the communication parameter transmission information; C _SAT = f _sym (EK _SAT-NOCC , PID||R _U ) , MAC _SAT =f _int (IK _SAT-NOCC , ID _SAT ||type||C _SAT ); where C _SAT is the encrypted communication parameter of the communication satellite; MAC _SAT is calculated by the communication satellite message authentication code; f _sym is a symmetric encryption algorithm, f _int is an integrity protection algorithm; EK _SAT-NOCC and IK _SAT-NOCC are the session keys negotiated between the communication satellite and the satellite network center after the system security channel is established respectively. , integrity protection key;

After receiving the described communication parameter transmission information, the satellite network center first checks the message authentication code MAC _SAT wherein; then, decrypts C _SAT and obtains PID||R _U ; calculates KEYS=H(R _U ·r _NOCC ) again , wherein r _NOCC is the parameter described in step S20; take the high 16 bits of KEYS to be the session key EK, and take the low 16 bits of KEYS to be the integrity protection key IK; then, cache PID, EK, IK, for the data communication process.

Step S44, the user terminal authenticates the Satcom base station according to the access authentication response information, and in the case of passing the authentication, calculates the session key and the integrity protection key, and verifies the anonymous identity, session Keys, integrity-protected keys for secure storage.

Specifically, in this embodiment, the user terminal first checks the freshness of the access authentication response information by whether | T ₃ -T ₂ | is less than Δt _U ; where T ₃ is when the user terminal receives the access authentication Timestamp when responding to information, Δt _U is the time interval set by the client;

If the freshness check passes (| T ₃ -T ₂ | is less than Δt _U passes the check), then check whether the formula [10]: RES =H(T ₂ ||β) holds. Wherein, β is the intermediate parameter described in step S41;

In the case that the verification of formula [10] is passed, the user terminal calculates: KEYS=H(r _U · R _NOCC ), where R _NOCC is the parameter described in step S20; r _U is the access described in step S41 Authentication secret random number; then, taking the high 16 bits of KEYS is the session key EK, and taking the low 16 bits of KEYS is the integrity protection key IK; and securely store PID, EK, IK for data communication process .

Thus, two-way access authentication is completed between the user terminal and the Satcom base station.

In step S50, the user terminal accesses the satellite network through the satellite network, and transmits communication data in combination with the anonymous identity authenticated this time, and the calculated session key and integrity protection key.

After completing the access authentication process in steps S41 to S44, the user terminal can then access the satellite communication network for communication data transmission.

Specifically, the encapsulated communication data contains at least the following fields:

{ PID||EncData||MAC _U }

Among them, PID is the anonymous identity of the authentication of the client, and after the access authentication is passed, it is cached in the client and the Satcom base station respectively; EncData is the session key used by the client to symmetric the communication data Encrypted encrypted data; MAC _U is the message authentication code calculated by the user terminal using the integrity protection key, to be used for message integrity verification;

When this data communication ends, the satellite communication base station disconnects the communication connection with the user terminal, and deletes the cached anonymous identity of the user. When the user terminal needs to access the satellite communication network in the future, it needs to Perform access authentication again.

The present invention provides a violation detection and processing flow involved in a satellite network user violation processing method combined with access authentication.

Referring to FIG. 4 , FIG. 4 is a third embodiment of a method for handling violations of satellite network users combined with access authentication according to the present invention. It includes the following steps:

Step S61, according to the relevant violation detection methods and judgment criteria, and in combination with the user anonymous identity cached after the access authentication and the first parameter of the token, the Satcom base station performs violation detection and preliminary judgment on the access client.

Wherein, according to the cached user anonymous identity PID, the satellite base station can filter the user data that does not contain the authenticated PID field correctly in combination with the user communication data encapsulation content described in step S50; User data in the field, forwarded to communication satellites in the field;

In addition, the Satcom base station can use the PID field encapsulated in the user data as a feature field, combined with the cached first parameter of the corresponding token, and perform violation detection and preliminary judgment on the user terminal according to the relevant violation detection methods and judgment criteria;

Wherein, the violation detection method may be based on but not limited to the following principles: correlation analysis, cluster analysis, KL divergence, and so on.

Step S62 , when the Satcom base station detects that the user terminal has third-level and fourth-level violations, it sends a prompt message to the user terminal, and suspends or terminates the communication connection with the user terminal.

Wherein, when the Satcom base station determines that the user terminal has a third-level violation, it sends a third prompt message to the user terminal, terminates the communication connection with the user terminal, and deletes all the cached data. anonymity;

The third prompt information is used to indicate that the reason for the disconnection is that the user terminal has a third-level violation, and re-establishing a communication connection requires re-access authentication;

Wherein, when the Satcom base station determines that the user terminal has a fourth-level violation, it sends a fourth prompt message to the user terminal, and suspends the communication connection with the user terminal;

The fourth prompt information is used to indicate that the reason for the disconnection is that the user terminal has a fourth-level violation, and the communication connection can be restored after a specified time.

The violations may include, but are not limited to: initiating the same data request multiple times within a short period of time, abnormal communication requests that do not conform to user communication habits, DoS attacks, DDoS attacks, illegal theft of system permissions and data, etc.;

It should be noted that the violation level can be defined by the system in combination with the actual situation; in the present disclosure, only the third and fourth violation levels represent lower violation levels, and the first and second violation levels represent higher violation levels. If the violation level is high, the corresponding violation treatment will be explained, and the rest can be deduced by analogy.

Step S63, when the Satcom base station preliminarily determines that the user terminal has the possibility of the first-level and second-level violations, the first parameter of the token corresponding to the cache is inquired according to the anonymous identity of the user, and the violation judgment request information is generated. Sent to communication satellites in the domain.

Specifically, the violation judgment request information may refer to the following format:

{ ID _STB || type||C _STB ||MAC _STB }

Among them, ID _STB is the node identifier of the satellite communication base station; type is the message type code, specifically, the type field can be set to "001" here to represent the first-level violation judgment request information; or the type field can be set to "010" represents the second-level violation judgment request information; C _STB = f _sym (EK STB _{- SAT} ,α), where f _sym is the symmetric encryption algorithm; The session key negotiated between the communication satellite and the communication satellite; α is the first parameter of the corresponding token in the cache according to the anonymous identity of the user suspected of having the first and second level violations; C _STB It is the ciphertext obtained by symmetric encryption of the first parameter α of the token by the Satcom base station; MAC _STB = f _int (IK _STB-SAT , ID _STB ||type||C _STB ), where f _int is the integrity Protection algorithm, IK _STB-SAT is the integrity protection key negotiated between Satcom base station and communication satellite after the system security channel is established, and MAC _STB is the message authentication code calculated by Satcom base station, which is used to Violation determination request information for integrity check.

Step S64, the communication satellite receives the violation judgment request information, and after verifying and processing it, forwards it to the next hop communication satellite, and forwards the violation judgment request information to the satellite through several hop communication satellites and gateway stations. network centre.

Specifically, after receiving the violation determination request information, the communication satellite finds out the session key EK _STB-SAT , integrity protection negotiated with the Satcom base station according to the ID _STB of the Satcom base station node in it. Key IK _STB-SAT ; then check whether the message authentication code satisfies MAC _STB = f _int (IK _STB-SAT , ID _STB ||type|| C _STB ). Wherein, f _int is the integrity protection algorithm; ID _STB is the node identifier of the satellite communication base station; type is the message type code described in step S63; C _STB is the first parameter α of the token performed by the satellite communication station Ciphertext from symmetric encryption.

If the MAC _STB verification of the message authentication code fails (MAC _STB ≠ f _int (IK _STB-SAT , ID _STB ||type||C _STB )), then discard the violation judgment request information; if the If the MAC _STB verification of the message authentication code passes (MAC _STB =f _int (IK _STB-SAT , ID _STB ||type|| C _STB )), it indicates that the information source of the violation judgment request is reliable and complete, and the following steps are performed next deal with:

Use the session key EK _{STB -SAT} to decrypt the CSTB to obtain the first parameter α of the token; then, find out the session key EK _SAT-NOCC and the integrity protection key IK _SAT with the satellite network center _-NOCC ; and calculate the processed violation judgment request information, namely:

{ ID _SAT ||type||C _SAT ||MAC _SAT }

Wherein, ID _SAT is the node identification of the described communication satellite; type is the message type code described in step S63; C _SAT = f _sym (EK _SAT-NOCC ,α), MAC _SAT = _fint (IK _SAT-NOCC , ID _SAT || type||C _SAT ), wherein f _sym is a symmetric encryption algorithm, and f _int is an integrity protection algorithm; C _SAT is a ciphertext obtained by the communication satellite performing symmetric encryption on the first parameter α of the token; MAC _SAT is the message authentication code calculated by the communication satellite;

Then, the communication satellite forwards the processed violation judgment request information to the next-hop communication satellite according to the relevant routing algorithm; after several hops of communication satellites and gateway stations, forwards the violation judgment request information to the next hop communication satellite. Satellite Network Center.

Step S65, the satellite network center receives and verifies the violation judgment request information, and in the case of passing the verification, according to the relevant violation judgment methods and standards, make a final judgment on the violation behavior and the corresponding level; update the blacklist accordingly, and Generate token blacklist update information, and send the token blacklist update information to each Satcom base station via a gateway station and a communication satellite.

Wherein, after receiving the violation judgment request information, the satellite network center firstly performs message source and integrity verification; specifically, the satellite network center finds out the connection between the communication satellite and the communication satellite according to the ID _SAT of the communication satellite node therein. Negotiated session key EK _SAT-NOCC and integrity protection key IK _SAT-NOCC ; then check whether the message authentication code satisfies MAC _SAT = f _int (IK _SAT-NOCC , ID _SAT ||type||C _SAT ). Wherein, f _int is the integrity protection algorithm; ID _SAT is the node identifier of the communication satellite; type is the message type code; C _SAT is the ciphertext obtained by the communication satellite symmetric encryption of the first parameter α of the token.

If the satellite network center fails to verify the message authentication code MAC _SAT (MAC _SAT ≠ f _int (IK _SAT-NOCC , ID _SAT ||type||C _SAT )), then discard the violation judgment request information; If the satellite network center passes the verification of the message authentication code MAC _SAT (MAC _SAT = f _int (IK _SAT-NOCC , ID _SAT ||type||C _SAT )), it indicates that the information source of the violation determination request is reliable and If the information is complete, proceed as follows:

Obtain the type field in the violation judgment request information; use the session key EK _SAT-NOCC with the communication satellite to decrypt C _SAT to obtain the corresponding token first parameter α; then, the satellite network center according to the relevant Violation determination methods and standards, and final determination of violations and their corresponding grades;

Wherein, the relevant violation determination methods and standards may be based on but not limited to the following principles: correlation analysis, cluster analysis, KL divergence, etc.;

Specifically, the final violation judgment result can be divided into: the final judgment that there is no violation, the final judgment that there is a first-level violation, and the final judgment that there is a second-level violation;

Among them, the satellite network center does not need to process the violation judgment request information that is finally determined that there is no violation; for the final judgment that there is a second-level violation, the satellite network center will add the corresponding token first parameter α to the order The second-level blacklist of tokens; for the final determination that there is a first-level violation, the satellite network center will add the corresponding token first parameter α to the first-level blacklist of tokens, and use the security registration key described in step S30. , decrypt the first parameter α of the token, obtain the real identity UID of the user terminal, and add the UID to the real identity blacklist;

According to the newly added α in the first-level token blacklist and the second-level token blacklist, the satellite network center respectively generates the update information of the first-level token blacklist and the update information of the second-level token blacklist; and a communication satellite, which forwards the update information of the first-level blacklist of tokens and the update information of the second-level blacklist of tokens to each communication satellite.

Specifically, the token blacklist update information may refer to the following format: { ID _NOCC ||TYPE||α|PToTime||SIGN _NOCC }

Among them, ID _NOCC is the node identification of the satellite network center; TYPE is the message type code. Specifically, the TYPE field can be set to "001" here to represent the token first-level blacklist update information; the TYPE field can be set to "010" ” to represent the update information of the token second-level blacklist; α is the first parameter of the token corresponding to the violating client; ToTime is the deadline for accountability for violations; among them, for the ToTime field in the token-level blacklist, it can be It is set to a special identifier representing infinite length, specifically INF, so as to permanently ban the first-level illegal user terminal; SIGN _NOCC is the digital signature calculated by the satellite network center on the message.

Step S66, each Satcom base station receives and verifies the token blacklist update information; in the case of passing the verification, parses the content, updates the token blacklist accordingly, and sends a prompt message to the offending user, And disconnect the communication connection with the violating client, and limit the access authentication authority and token update authority of the violating client within the violation accountability period.

Specifically, after receiving the update information of the first-level blacklist of tokens and the update information of the second-level blacklist of tokens, each Satcom base station firstly verifies the digital signature SIGN _{NOCC therein ;} In the case of failure, the token blacklist update information is discarded; in the case that the digital signature SIGN _NOCC verification is passed, for the token first-level blacklist update information whose TYPE field is "001", Satcom The base station adds the token first parameter α and the violation accountability deadline ToTime to the stored token first-level blacklist; for the token second-level blacklist update information whose TYPE field is "010", the Satcom base station will The first parameter α of the token and the deadline for accountability for violation ToTime are added to the stored token second-level blacklist;

For the illegal users in the first-level blacklist of tokens, the satellite base station sends the first prompt information to them, and then disconnects their communication connection; wherein, the first prompt information is used to indicate that the user terminal has the first level Violations, its access authentication authority and token update authority have been permanently banned;

For the illegal users in the token secondary blacklist, the satellite base station sends the second prompt information to them, and then disconnects their communication connection; wherein, the second prompt information is used to indicate that the user terminal has the second level For violations, the normal access authentication authority and token update authority can be restored only after the violation accountability deadline ToTime.

So far, the violation detection and processing flow of this embodiment is completed.

The present invention provides a token update process involved in a method for handling violations of satellite network users combined with access authentication.

Referring to FIG. 5 , FIG. 5 is a fourth embodiment of a method for handling violations of satellite network users combined with access authentication according to the present invention. It includes the following steps:

Step S71, when the token update needs to be performed, the user terminal calculates and generates the token based on the first parameter of the token and the second parameter of the token to be updated, combined with the public parameters of the system, the public parameters in the domain, and the verification parameters of the relevant token update request. The token updates the first request information and sends it to the nearby Satcom base station.

Wherein, the relevant token update request verification parameters at least include: real identity, the first parameter of the token, and the remaining number of times the token can be updated;

Specifically, in this embodiment, the token update first request information may adopt the following format:

{ T _U || R _U ||X _U ||λ}

Among them, T _U is the token update first request timestamp; R _U is the token update first encryption parameter; X _U is the token update second encryption parameter, λ is the verification parameter of the token second parameter; The parameters are calculated as follows:

R _U = r _U · G [11]

REF _U = H(UID||NUM)⊕H(r _U ·R _NOCC ) 【12】

X _U = (α||REF _U )⊕H(r _U ·R _STB ) 【13】

β= H(T _U ||R _U ||α||REF _U ) [14]

λ= θ+β·r _U (mod N) [15]

Among them, the meanings of the symbols and parameters involved in the formulas [11]~[15] are as follows: H( ) represents the hash function; || represents the splicing operation on the parameters; ⊕ represents the bitwise XOR operation; N, G, R _NOCC and R _STB are the parameters described in step S20; r _U is the first random number of the token update generated by the user terminal; UID is the real identity; NUM is the remaining number of times the token can be updated; α is the first parameter of the token ; θ is the token second parameter.

Step S72, after receiving the first token update request information, the satellite base station verifies the freshness of the message, and verifies whether the verification parameters of the first parameter of the token and the second parameter of the token satisfy the specified relationship, and the verification is passed. In the case of , the calculation generates a token to update the second request information, and sends it to the communication satellite in the domain.

In this embodiment, after receiving the first token update request information, the Satcom base station first checks the freshness of the token update first request information by whether |T _STB - T _U | is less than Δt _STB ; Wherein, T _STB is the time stamp when the Satcom base station receives the token update first request information, and Δt _STB is the predetermined time interval of the Satcom base station;

In the case that the freshness verification passes (|T _STB -T _U | is less than Δt _STB to pass the verification), the Satcom base station calculates: α||REF _U = X _U ⊕H(R _U ·r _STB ), where r _STB is the parameter described in step S20; then, check whether α is in the token blacklist;

When α is not in the token blacklist, calculate the parameter β = H(T _U ||R _U ||α||REF _U ); then, check the formula [16]: λ·G=α·PK Whether ₀ +K+β·R _U is established; wherein, G, PK ₀ are the parameters described in step S20;

In the case where formula [16] is established (λ·G=α·PK ₀ +K+β·R _U ), it means that the user terminal has a legal and valid token first parameter configured by the private key of the satellite network center , the second parameter of the token; then, the Satcom base station calculates and generates the second token update request information, and sends the token update second request information to the communication satellites in the domain.

In this embodiment, the token update second request information may be in the following format:

{ ID _STB ||type||X _STB ||MAC _STB }

Among them, ID _STB is the node identification of the satellite communication base station; type is the message type code, specifically, the type field can be set to "101" to represent the token update second request information; X _STB =R _U ||α ||REF _U ; MAC _STB = f _int (IK _STB-SAT ,ID _STB ||type||X _STB ), where f _int is the integrity protection algorithm; IK _STB-SAT is the system security channel established, Satcom The integrity protection key negotiated between the base station and the communication satellite; the MAC _STB is the message authentication code calculated by the Satcom base station, which is used to perform integrity verification on the token update second request information.

Step S73: After the communication satellite receives the second token update request information, it performs verification and processing, and sends the processed second token update request information to the satellite network through several hops of communication satellites and gateway stations. center.

In this embodiment, after receiving the token update second request information, the communication satellite finds out the integrity protection key IK with the Satcom base station according to the ID _STB of the Satcom base station node identification. _STB-SAT ; then check whether the message authentication code satisfies MAC _STB = f _int (IK _STB-SAT , ID _STB ||type||X _STB ).

If the MAC _STB verification of the message authentication code fails, the token update second request information will be discarded; if the message authentication code verification is passed, it indicates that the source of the token update second request information is reliable And the information is complete; then, the communication satellite calculates the message authentication code MAC _SAT = f _int (IK _SAT-NOCC , ID _SAT ||type||X _STB ), where f _int is the integrity protection algorithm, and IK _SAT-NOCC is the system After the secure channel is established, the integrity protection key negotiated between the communication satellite and the satellite network center; ID _SAT is the node identifier of the communication satellite; type is the message type code described in step S72; X _STB is step S72 parameters described in;

Then, according to the relevant routing algorithm, the communication satellite updates the processed token to the second request information: {ID _SAT ||type||X _STB ||MAC _SAT }, after several hops of communication satellite forwarding, it is finally sent by the communication satellite. The off station is forwarded to the satellite network center.

Step S74, the satellite network center receives and verifies the second token update request information; in the case of passing the verification, calculates the relevant token update request verification parameters; in the token update request verification parameters and storage When the records match and are not in the blacklist, configure the new token first parameter and the token second parameter, store the new token update request verification parameter, generate the token update response information, and use the The token update response information is forwarded to the communication satellite via the gateway.

In this embodiment, after receiving the second token update request information, the satellite network center searches out the integrity protection key IK _SAT with the communication satellite according to the ID _SAT of the communication satellite node therein. _-NOCC ; then check whether the message authentication code satisfies MAC _SAT = f _int (IK _SAT-NOCC , ID _SAT ||type||X _STB ).

If the satellite network center fails to verify the message authentication code MAC _SAT , it will discard the second token update request information; if the satellite network center passes the MAC _SAT verification of the message authentication code, it indicates that the The information source of the second request for token update is reliable and complete; next, the satellite network center obtains the parameters in the X _STB , namely: R _U ||α||REF _U ;

Then, check whether the first token parameter α is in the first-level token blacklist and the second-level token blacklist; if α is not in the first-level token blacklist and the second-level token blacklist, use The security registration key KEY _NOCC described in step S30 is symmetrically decrypted in the token first parameter α, obtains the real identity UID, and checks whether the real identity UID is in the real identity blacklist;

If the real-identity UID is not in the real-identity blacklist, query the storage record for the remaining updateable times NUM of the token corresponding to the real-identity UID; then, check the formula [17]: H(UID||NUM )=REF _U ⊕H(R _U ·r _NOCC ) is established. Wherein, r _NOCC is the parameter described in step S20;

In the case that the formula [17] is established, the satellite network center decrements the remaining updateable times NUM of the token, and stores it in association with the real identity UID; then, configure the updated user terminal for the token first parameter α ^* , token second parameter θ ^* ;

Among them, α ^* = f _sym (KEY _NOCC ,UID||LT ₂ ||rand ^* ), θ ^* = α·SK ₀ + k(mod N); f _sym represents the symmetric encryption algorithm, UID is the real identity, rand ^* represents a new random number, KEY _NOCC is the parameter described in step S30, N, LT ₂ , SK ₀ , and k are the parameters described in step S20;

Then, the satellite network center calculates and generates the token update response information, and forwards the token update response information to the communication satellite through the gateway;

Specifically, the token update response information may refer to the following format:

{ ID _NOCC ||TYPE||X _NOCC ||SIGN _NOCC }

Among them, ID _NOCC is the node identification of the satellite network center; TYPE is the message type identification code; specifically, the TYPE field can be set to "101" here to represent the token update response information; X _NOCC is the token update response encryption parameter ; SIGN _NOCC is the digital signature calculated by the satellite network center on the message. The parameters involved are calculated as follows:

REF _NOCC = H(NUM ^* ||UID),

X _NOCC =(REF _NOCC ||α ^* ||θ ^* )⊕H(R _U ·r _NOCC )||H ₂ (R _U ·r _NOCC ) ||H ₃ (R _U ·r _NOCC ),

Wherein, H ( ) is a hash function; H ₂ ( ) represents performing two hash operations; H ₃ ( ) represents performing three hash operations; R _U is the parameter described in step S71; r _NOCC is in step S20 The parameters; NUM ^* , α ^* , θ ^* are respectively the remaining updateable times of the updated token, the first parameter of the token, and the second parameter of the token; UID is the real identity.

Step S75, the communication satellite performs a message source and integrity check on the token update response information, and sends the token update response information to the user terminal through several hops of communication satellites and satellite base stations.

Wherein, after receiving the token update response information, the communication satellite firstly verifies the digital signature SIGN _{NOCC therein} ; in the case that the verification of the digital signature SIGN _NOCC fails, the token update response information is discarded ; In the case that the digital signature SIGN _NOCC is checked and passed, then it is indicated that the token update response information comes from the satellite network center and the information is complete; Then, through a number of jumping communication satellites, satellite communication base stations, will check the passed command The card update response information is forwarded to the client.

Step S76, the user terminal receives and verifies the token update response information, and in the case of passing the verification, decrypts and verifies the token update response parameter, and verifies the updated token first parameter and the token Whether the second parameter satisfies the specified relationship, in the case of passing, the first parameter of the token and the second parameter of the token are securely stored.

In this embodiment, after receiving the token update response information, the user terminal first verifies the digital signature SIGN _{NOCC therein} ; in the case that the verification of the digital signature SIGN _NOCC fails, the user terminal verifies the digital signature SIGN NOCC. The token update response information is discarded; in the case that the digital signature SIGN _{NOCC is} verified, it indicates that the token update response information comes from the satellite network center and the information is complete; then, perform the following calculations:

(REF _NOCC ||α ^* ||θ ^* )= X _NOCC ⊕H(r _U ·R _NOCC )||H ₂ (r _U ·R _NOCC )||H ₃ (r _U ·R _NOCC ),

Check whether the formula [18]: REF _NOCC =H(NUM ^* ||UID) is established.

Check whether the formula [19]: θ ^* = α ^* ·PK ₀ + K is established.

Among them, H( ) is a hash function; H ₂ ( ) means to perform two hash operations; H ₃ ( ) means to perform three hash operations; UID is the real identity; α ^* and θ ^* are the updated tokens, respectively The first parameter, the second parameter of the token; NUM ^* is the current remaining updateable times of the token, which can be obtained by decrementing the NUM in step S71; r _U is the parameter described in step S71; PK ₀ , K, G, R _NOCC are the system public parameters described in step S20;

In the case that the formulas [18] and [19] are both established, the user terminal securely stores the updated first parameter of the token and the second parameter of the token.

So far, the token update process of this embodiment is completed.

In addition, the present invention also provides a satellite network center. Referring to FIG. 6 , the satellite network center 1000 includes:

The system parameter update module 1010 is used to regularly configure the system public parameters, and generate system parameter update information according to the system public parameters. Network-wide broadcast, wherein the system public parameters include at least: basic cryptography parameters used for encryption and decryption, the validity period of the basic cryptography parameters, token public verification parameters, and the value of the token public verification parameters. The validity period, the communication encryption parameters of the satellite network center, and the validity period of the communication encryption parameters of the satellite network center;

The registration response module 1020 is used to receive and verify the registration request information, for the user terminal whose registration request information is true and has not been registered, configure the unique real identity of the user terminal in the satellite communication network, and a token with an expiration date The first parameter, the second parameter of the token, and the registration response information is generated according to the real identity, the first parameter of the token with an expiration date, and the second parameter of the token, and the registration response information is secured the channel is returned to the client;

The violation judgment module 1030 is configured to receive the violation judgment request information, and determine whether there is a violation of the user terminal and the violation according to the relevant violation judgment method and standard according to the first parameter of the token calculated by the violation judgment request information. The final judgment result corresponding to the level of violation;

The violation processing module 1040 is configured to add the token first parameter to the token second-level blacklist when it is determined that the user terminal has a second-level violation; In the case of behavior, the first parameter of the token is added to the first-level blacklist of the token, in addition, the real identity of the user terminal is calculated according to the first parameter of the token, and the real identity is added to the real-identity blacklist list, and generate token blacklist update information, and broadcast the token blacklist update information to each communication satellite and satellite base station through the gateway station;

The token update response module 1050 is configured to receive and verify the second token update request information, and configure the updated first token parameter, the token update when the verification of the token update second request information is passed The second parameter is calculated, and the token update response information is generated, and the token update response information is sent to the user terminal through the gateway station, several hop communication satellites, and the satellite communication base station.

The present invention also provides a communication satellite. Referring to FIG. 7 , the communication satellite 2000 includes:

The uplink information processing module 2010 is configured to, in the case of the received uplink information from the satellite network center affiliated gateway station or the previous hop communication satellite, perform a message source and integrity check on the uplink information. If the source of the upstream information and the integrity check are passed, according to the relevant routing algorithm, the upstream information that has passed the check will be forwarded to the Satcom base station or the next-hop communication satellite;

The downlink information processing module 2020 is configured to, in the case of the received downlink information from the satellite communication base station, verify the source of the message and the integrity of the downlink information, discard the downlink information that fails the verification, and verify the downlink information. The downlink information that has passed the verification is attached with its own node identification, and a new message authentication code is calculated to generate processed downlink information, and according to the relevant routing algorithm, the processed downlink information is forwarded to the satellite network center. Affiliated gateways or next-hop communications satellites.

The present invention also provides a Satcom base station. Referring to FIG. 8 , the Satcom base station 3000 includes:

The parameter update module 3010 is used for regularly receiving and verifying the system parameter update information; in the case of passing the verification of the system parameter update information, the system public parameters in the system parameter update information are stored, and the The system parameter update information is broadcast to the user terminal in the domain, wherein the system public parameters at least include: basic cryptography parameters used for encryption and decryption, the validity period of the basic cryptography parameters, token public verification parameters, the The validity period of the token public verification parameters, the communication encryption parameters of the satellite network center, and the validity period of the communication encryption parameters of the satellite network center;

The parameter update module is further configured to periodically configure the public parameters in the domain, and generate parameter update information in the domain according to the public parameters in the domain, and broadcast the parameter update information in the domain to each client in the domain, wherein the The public parameters in the domain include at least: the communication encryption parameters of the Satcom base station and the validity period of the communication encryption parameters of the Satcom base station;

The access authentication response module 3020 is used to receive and verify the access authentication request information from the client, and in the case that the access authentication request information is verified, calculate the anonymous identity of the user, and verify the first parameter of the token and the Whether the verification parameter of the token second parameter satisfies the specified relationship, in the case that the token first parameter and the token second parameter verification parameter meet the specified relationship, generate access authentication response information, and send the The access authentication response information is sent to the client, and the anonymous identity of the authenticated user and the first parameter of the token are cached;

The communication data transmission module 3030 is used for, after performing access authentication with the client, according to the cached anonymous identity of the user, to allow the establishment of a communication connection with the client, and during the data communication process, the data frame header does not correctly contain Filtering the user data of the anonymous identity, forwarding the user data that correctly contains the anonymous identity in the data frame header to the communication satellite in the domain, and at the end of this communication, delete the cached anonymous identity of the user;

The violation detection module 3040 is configured to, in the process of data communication, perform violation detection and preliminary judgment on the user terminal according to the relevant violation detection methods and judgment criteria in combination with the cached user anonymous identity and the first parameter of the token;

The violation preliminary processing module 3050 is configured to send the third prompt information to the user terminal and terminate the communication connection with the user terminal when it is determined that the user terminal has a third-level violation behavior, and delete the anonymous identity in the cache;

The violation preliminary processing module is further configured to send the fourth prompt information to the user terminal and suspend this communication connection with the user terminal when it is determined that the user terminal has a fourth violation level behavior ;

The violation judgment request module 3060 is configured to query the cache for the token first parameter corresponding to the anonymous identity of the user, and generate the Violation judgment request information, and the violation judgment request information is sent to the satellite network center through several hops of communication satellites and gateway stations;

Violation judgment response processing module 3070, configured to receive and verify the token blacklist update information, update the stored token blacklist when the token blacklist update information is verified and pass the verification, and report to the violating user The client sends a prompt message, disconnects the network connection with the violating client, and bans the access authentication authority and token update authority of the violating client within the period of accountability for violation;

The token update first request processing module 3080 is configured to receive and verify the token update first request information from the client, and in the case that the token update first request information verification is passed, calculate the token update first request information. and verify whether the verification parameters of the first parameter of the token and the second parameter of the token satisfy the specified relationship, and in the case of passing the verification, generate the second request information for the token update, and update the token The second request information is sent to the communication satellite in the domain;

The token update response processing module 3090 is configured to receive and verify the token update response information, and if the verification is passed, forward the token update response information to the client.

The present invention also provides a user terminal. Referring to FIG. 9, the user terminal 4000 includes:

The parameter configuration module 4010 is configured to periodically receive and verify the system parameter update information, and in the case of passing the verification, store the system public parameters in the system parameter update information, wherein the system public parameters at least include: The basic cryptography parameters used for encryption and decryption, the validity period of the basic cryptography parameters, the token public verification parameters, the validity period of the token public verification parameters, the communication encryption parameters of the satellite network center, and the satellite The validity period of the communication encryption parameters of the network center;

The parameter configuration module is also configured to periodically receive and verify the parameter update information in the domain, and in the case of passing the verification, store the public parameters in the domain in the parameter update information in the domain, wherein the public parameters in the domain are at least Including: the communication encryption parameters of the Satcom base station and the validity period of the communication encryption parameters of the Satcom base station;

The registration request module 4020 is used to generate registration request information according to the initial identification and initial verification information, and send the registration request information to the satellite network center through a secure channel;

The registration response processing module 4030 is used to receive the registration response information of the satellite network center through a secure channel, and obtain the network unique real identity, the first parameter of the token with the validity period, the second token of the token in the registration response information parameters, and securely store the real identity, the first parameter of the token, and the second parameter of the token;

The access authentication request module 4040 is used for the user terminal to calculate the first parameter of the token and the second parameter of the token which are securely stored when the user terminal needs to access the satellite communication network, in combination with the public parameters of the system and the public parameters in the domain. Anonymous identity, generate the access authentication request information, and send the access authentication request information to the satellite communication base station;

The access authentication response processing module 4050 is configured to receive and verify the access authentication response information of the satellite communication base station. The response prompt information is parsed, and for the normal access authentication response information, the parameters in the access authentication response information are verified, and if the parameter verification is passed, the session key and the integrity protection key are calculated, And securely store session keys, integrity protection keys, and anonymous identities for this authentication;

The communication data transmission module 4060 is used to encapsulate the anonymous identity into a data frame during the data communication process after completing the access authentication with the satellite communication base station, and use the session key to encrypt the data to be transmitted , and use the integrity protection key to calculate the message authentication code, and carry out communication data transmission in the satellite network through the Satcom base station;

The token update request module 4070 is configured to generate the token update according to the first parameter of the token and the second parameter of the token to be updated, in combination with the public parameters of the system and the public parameters in the domain, when the token update is required first request information, and send the token update first request information to the satellite communication base station;

The token update response processing module 4080 is configured to receive and verify the token update response information, and calculate and verify whether the token update response verification parameters are correct under the condition that the token update response information is verified successfully, And verify whether the updated first parameter of the token and the updated second parameter of the token satisfy the specified relationship, and if the verification is passed, the updated first parameter of the token and the updated second parameter of the token are performed. Safe storage.

Referring to FIG. 10, FIG. 10 is a hardware structure diagram of a terminal device according to an exemplary embodiment.

The terminal device 100 may include: a processor 101 , such as a CPU, a memory 102 , and a transceiver 103 .

Those skilled in the art can understand that the structure shown in FIG. 10 does not constitute a limitation on the terminal device, and may include more or less components than the one shown, or combine some components, or arrange different components.

Memory 102 may be implemented by any type of volatile or non-volatile storage device or combination thereof, such as static random access memory (SRAM), electrically erasable programmable read only memory (EEPROM), erasable Programmable Read Only Memory (EPROM), Programmable Read Only Memory (PROM), Read Only Memory (ROM), Magnetic Memory, Flash Memory, Magnetic Disk or Optical Disk.

The processor 101 can call the computer program stored in the memory 102 to complete all or part of the steps of the above-mentioned method for handling violations of satellite network users combined with access authentication.

The transceiver 103 is used for receiving information sent by the external device and sending information to the external device.

A non-transitory computer-readable storage medium, when an instruction in the storage medium is executed by a processor of a terminal device, enables the terminal device to execute the above-mentioned method for handling violations of satellite network users combined with access authentication.

Other embodiments of the present disclosure will readily occur to those skilled in the art upon consideration of the specification and practice of the invention disclosed herein. The present invention is intended to cover any variations, uses or adaptations of the present disclosure that follow the general principles of the present disclosure and include common general knowledge or techniques in the technical field not disclosed by the present disclosure . The specification and examples are to be regarded as exemplary only, with the true scope and spirit of the disclosure being indicated by the following claims.

It is to be understood that the present disclosure is not limited to the precise structures described above and illustrated in the accompanying drawings, and that various modifications and changes may be made without departing from the scope thereof. The scope of the present disclosure is limited only by the appended claims.

Claims (12)

1. A satellite network user violation processing method combined with access authentication is applied to a satellite network center and is characterized by comprising the following steps:

receiving violation judgment request information, calculating a first token parameter according to the violation judgment request information, and determining whether a violation exists at a user side and a final judgment result of a violation level corresponding to the violation according to related violation judgment methods and standards;

adding the first token parameter into a second token blacklist under the condition that the user side is judged to have a second-level violation; and under the condition that the first-level violation behavior of the user side is judged, adding the first parameter of the token into a first-level blacklist of the token, calculating the real identity of the user side according to the first parameter of the token, adding the real identity into the blacklist of the real identity, generating updating information of the blacklist of the token, and broadcasting the updating information of the blacklist of the token to each communication satellite and a satellite communication base station through a gateway station.

2. The method for satellite network user violation handling in conjunction with access authentication of claim 1, further comprising:

the satellite network center configures system public parameters periodically and generates system parameter updating information according to the system public parameters;

wherein the system common parameters at least comprise: the encryption and decryption method comprises the following steps of encrypting and decrypting a cryptology basic parameter, an expiration date of the cryptology basic parameter, a token common verification parameter, an expiration date of the token common verification parameter, a satellite network center communication encryption parameter and an expiration date of the satellite network center communication encryption parameter;

and performing whole-network broadcasting on the system parameter updating information through the gateway station, each communication satellite and the satellite communication base station.

3. The method for satellite network user violation handling in conjunction with access authentication of claim 2, further comprising:

the method comprises the steps that a satellite network center receives registration request information of a user side when the user side applies for network access for the first time, and user side initial identity identification and initial verification information in the registration request information are obtained;

verifying whether the initial identity mark is authentic according to the initial verification information, and inquiring whether the initial identity mark is registered;

under the condition that the initial identity identification is authentic and is not registered, configuring a unique real identity, a token first parameter with a valid period and a token second parameter in a satellite communication network for the user side;

generating registration response information according to the real identity, the token first parameter with the validity period and the token second parameter, storing the initial identity identification and the real identity in an associated manner, and sending the registration response information to the user side through a secure channel;

wherein the registration response information at least includes: the real identity, the token first parameter and the token second parameter, wherein the real identity is calculated by combining the initial identity with a random number, the token first parameter is calculated according to the real identity and a pre-configured system public parameter, and the token second parameter is calculated according to the token first parameter and a pre-configured system public parameter;

wherein the system common parameters at least comprise: the encryption device comprises a cryptology basic parameter used for encryption and decryption, an effective period of the cryptology basic parameter, a token public check parameter, an effective period of the token public check parameter, a satellite network center communication encryption parameter and an effective period of the satellite network center communication encryption parameter.

4. The method for satellite network user violation handling in conjunction with access authentication of claim 3, further comprising:

the satellite network center receives the token updating second request information and verifies the token updating second request information, wherein the token updating second request information is generated by calculation after the verification of the token updating first request information from the user side is passed by the satellite base station, and is forwarded to the satellite network center through a plurality of hop communication satellites and gateway stations;

calculating related token updating request checking parameters under the condition that the token updating second request information passes checking, wherein the related token updating request checking parameters at least comprise: the real identity, a first parameter of the token and the remaining updatable times of the token;

configuring a new token first parameter and a new token second parameter for the user side under the condition that the real identity and the token first parameter are not listed in a blacklist, the remaining updatable times of the token are greater than zero, and the real identity and the remaining updatable times of the token are matched with a storage record;

decreasing the remaining updatable times of the token, and storing the decreased remaining updatable times of the token and the real identity in an associated manner;

generating token updating response information, and returning the token updating response information to the user side through a gateway station, a plurality of hop communication satellites and a satellite communication base station;

wherein the token update response information at least includes: the token updating response verification parameter is calculated by the related token updating request verification parameter.

5. A satellite network user violation processing method combined with access authentication is applied to a satellite communication base station and is characterized by comprising the following steps:

when a user side passing access authentication uses an anonymous identity to carry out data communication, a defending and communicating base station detects whether the user side has an illegal behavior according to the anonymous identity cached after the access authentication, a first parameter of a token, a related illegal detection method and a judgment standard, and preliminarily judges the illegal level of the illegal behavior;

under the condition that the user side is judged to have third-level violation behaviors, third prompt information is sent to the user side, the communication connection with the user side is terminated, and the anonymous identity in the cache is deleted;

under the condition that the fourth-level violation behavior of the user side is judged, sending fourth prompt information to the user side, and suspending communication connection with the user side;

the third prompt message is used for indicating that the reason for disconnection is that the user side has a third-level violation, and the third prompt message is used for indicating that the user side needs to re-perform access authentication when establishing communication connection again;

the fourth prompt message is used for indicating that the reason for disconnection is that the user side has a fourth-level violation, and the fourth prompt message is used for indicating that the user side recovers communication connection after a specified time;

under the condition that the defensive base station preliminarily judges that the user side has first-level or second-level violation behaviors, inquiring a first parameter of a token corresponding to the anonymous identity in a cache, and generating violation judgment request information;

forwarding the violation judgment request information to a satellite network center through a plurality of hop communication satellites and a gateway station, wherein the violation judgment request information at least comprises: the encrypted first token parameter is used for the satellite network center to calculate the real identity of the user side;

receiving token blacklist updating information, and performing message source and integrity verification on the token blacklist updating information;

under the condition that the message source and integrity of the token blacklist updating information pass verification, updating a stored token blacklist, and sending prompt information to an illegal user side in the token blacklist;

disconnecting communication connection with the illegal user side; in the violation pursuit period, the access authentication authority and the token updating authority of the violation user side are forbidden;

for an illegal user side in a token primary blacklist, a guard base station sends first prompt information, wherein the first prompt information is used for indicating that the user side has a first-level illegal behavior, and the access authentication authority and the token updating authority of the user side are permanently sealed;

for the illegal user side in the token secondary blacklist, the guard base station sends second prompt information; and the second prompt message is used for indicating that the user side has a second-level violation, and after the violation accountability deadline, the user side having the second-level violation restores the normal access authentication authority and the token updating authority.

6. The method for satellite network user violation handling in conjunction with access authentication of claim 5, further comprising:

the satellite communication base station regularly receives system parameter updating information and carries out message source and integrity verification on the system parameter updating information;

under the condition that the message source and the integrity of the system parameter updating information pass verification, broadcasting the system parameter updating information to a user side in a domain, and storing a system public parameter of the system parameter updating information;

wherein the system common parameters at least comprise: the encryption and decryption method comprises the following steps of encrypting and decrypting a cryptology basic parameter, an expiration date of the cryptology basic parameter, a token common verification parameter, an expiration date of the token common verification parameter, a satellite network center communication encryption parameter and an expiration date of the satellite network center communication encryption parameter;

the satellite communication base station regularly configures the public parameters in the domain, generates the update information of the parameters in the domain according to the public parameters in the domain, and broadcasts the update information of the parameters in the domain to each user terminal in the domain;

wherein the intra-domain common parameters at least comprise: the communication encryption parameters of the satellite communication base station and the valid period of the communication encryption parameters of the satellite communication base station.

7. The method for satellite network user violation handling in conjunction with access authentication of claim 6, further comprising:

receiving access authentication request information from a user side, and checking the message freshness of the access authentication request information;

under the condition that the message freshness check of the access authentication request information passes, calculating the anonymous identity of the user at this time according to the system public parameter and the intra-domain public parameter, and verifying whether the check parameter of the first parameter of the token and the second parameter of the token meets a specified relationship, wherein the access authentication request information at least comprises the following fields: the method comprises the steps of obtaining an access authentication request timestamp, an access authentication first encryption parameter, an encrypted token first parameter and a verification parameter of a token second parameter, wherein the verification parameter of the token second parameter is calculated by the token second parameter;

under the condition that the verification parameters of the first token parameter and the second token parameter meet the specified relationship, calculating an access authentication response parameter according to the access authentication request information, generating access authentication response information according to the authentication response parameter, and sending the access authentication response information to the user side;

wherein the access authentication response information at least comprises the following fields: the access authentication response timestamp and the access authentication response parameter are calculated by the original parameter after the access authentication request information is decrypted;

and caching the anonymous identity of the user authenticated at this time and a first parameter of the token corresponding to the anonymous identity of the user.

8. The method for satellite network user violation handling in conjunction with access authentication of claim 6, further comprising:

receiving token updating first request information from a user side, and checking message freshness of the token updating first request information, wherein the token updating first request information at least comprises the following fields: the method comprises the steps of updating a first request timestamp by a token, updating a first encryption parameter by the token, updating a request check parameter by the token in an encrypted form, and checking a second parameter by the token, wherein the token updating request check parameter at least comprises: the method comprises the steps of obtaining a true identity, a first token parameter and the remaining updatable times of a token, wherein a verification parameter of a second token parameter is obtained by calculating the second token parameter;

under the condition that message freshness check of the token updating first request information passes, calculating a first token parameter according to the system public parameter and the intra-domain public parameter, and verifying whether the first token parameter and a check parameter of a second token parameter meet a specified relationship;

generating second request information for updating the token and sending the second request information to a communication satellite in the domain under the condition that the first parameter of the token and the verification parameter of the second parameter of the token meet a specified relation, wherein the second request information for updating the token at least comprises the following information: the token updates a first encryption parameter, the token first parameter and a token updating request verification parameter in an encrypted form;

receiving token updating response information, and carrying out message source and integrity verification on the token updating response information;

and forwarding the token updating response information to the user side under the condition that the message source and the integrity of the token updating response information are verified.

9. A satellite hub, comprising:

the system parameter updating module is used for configuring system public parameters periodically, generating system parameter updating information according to the system public parameters, and performing whole-network broadcasting on the system parameter updating information through a gateway station, each communication satellite and a satellite base station, wherein the system public parameters at least comprise: the encryption and decryption method comprises the following steps of encrypting and decrypting a cryptology basic parameter, an expiration date of the cryptology basic parameter, a token common verification parameter, an expiration date of the token common verification parameter, a satellite network center communication encryption parameter and an expiration date of the satellite network center communication encryption parameter;

the registration response module is used for receiving and verifying registration request information, configuring a unique real identity of a user side in a satellite communication network, a token first parameter with a valid period and a token second parameter for the user side which is real and is not registered, generating registration response information according to the real identity, the token first parameter with the valid period and the token second parameter, and returning the registration response information to the user side through a secure channel;

the violation judgment module is used for receiving violation judgment request information, calculating a first token parameter according to the violation judgment request information, and determining whether a violation behavior exists at a user side and a final judgment result of a violation level corresponding to the violation behavior according to a related violation judgment method and standard;

the violation processing module is used for adding the first token parameter into a token second-level blacklist under the condition that the user side is judged to have second-level violation behaviors; under the condition that the first-level violation behavior of the user side is judged, adding the first token parameter into a first token blacklist, calculating the real identity of the user side according to the first token parameter, adding the real identity into the real identity blacklist, generating token blacklist updating information, and broadcasting the token blacklist updating information to each communication satellite and a satellite communication base station through a gateway station;

and the token updating response module is used for receiving and verifying the token updating second request information, configuring the updated token first parameter and the token second parameter under the condition that the token updating second request information passes verification, calculating to generate token updating response information, and sending the token updating response information to the user side through the gateway station, the plurality of hop communication satellites and the satellite communication base station.

10. A satellite communication base station, comprising:

the parameter updating module is used for regularly receiving and verifying system parameter updating information; under the condition that the system parameter updating information passes verification, storing system public parameters in the system parameter updating information, and broadcasting the system parameter updating information to a user side in a domain, wherein the system public parameters at least comprise: the encryption and decryption method comprises the following steps of encrypting and decrypting a cryptology basic parameter, an expiration date of the cryptology basic parameter, a token common verification parameter, an expiration date of the token common verification parameter, a satellite network center communication encryption parameter and an expiration date of the satellite network center communication encryption parameter;

the parameter updating module is further configured to periodically configure an intra-domain public parameter, generate intra-domain parameter updating information according to the intra-domain public parameter, and broadcast the intra-domain parameter updating information to each user terminal in the domain, where the intra-domain public parameter at least includes: the communication encryption parameters of the satellite communication base station and the valid period of the communication encryption parameters of the satellite communication base station;

the access authentication response module is used for receiving and verifying access authentication request information from a user side, calculating the anonymous identity of a user under the condition that the access authentication request information passes verification, verifying whether the verification parameters of a first parameter of a token and a second parameter of the token meet a specified relation, generating access authentication response information under the condition that the verification parameters of the first parameter of the token and the second parameter of the token meet the specified relation, sending the access authentication response information to the user side, and caching the anonymous identity of the user authenticated at this time and the first parameter of the token;

the communication data transmission module is used for allowing communication connection to be established with the user side according to the cached anonymous identity of the user after access authentication is carried out with the user side, filtering user data which do not correctly contain the anonymous identity in a data frame header in the data communication process, forwarding the user data which correctly contain the anonymous identity in the data frame header to a communication satellite in a domain, and deleting the cached anonymous identity of the user when the communication is finished;

the violation detection module is used for carrying out violation detection and preliminary judgment on the user side according to a related violation detection method and a judgment standard by combining the cached anonymous user identity and the first token parameter in the data communication process;

the violation preliminary processing module is used for sending third prompt information to the user side, terminating the communication connection with the user side and deleting the anonymous identity in the cache under the condition that the user side is judged to have third-level violation behaviors;

the violation primary processing module is further configured to send a fourth prompt message to the user side and suspend the communication connection with the user side when it is determined that the fourth violation level behavior exists at the user side;

the violation judgment request module is used for inquiring a first token parameter corresponding to the anonymous identity of the user in a cache under the condition of preliminarily judging that the user side has a first-level or second-level violation behavior, generating violation judgment request information, and sending the violation judgment request information to a satellite network center through a plurality of hop communication satellites and gateway stations, wherein the first token parameter is used for the satellite network center to calculate the true identity of the user side;

the violation judgment response processing module is used for receiving and verifying the token blacklist updating information, updating the stored token blacklist under the condition that the token blacklist updating information is verified to be passed, sending prompt information to the violation user side, disconnecting the network connection with the violation user side, and forbidding the access authentication authority and the token updating authority of the violation user side within the violation pursuit period;

the system comprises a token updating first request processing module, a communication satellite and a first parameter updating module, wherein the token updating first request processing module is used for receiving and verifying token updating first request information from a user side, calculating a token first parameter under the condition that the token updating first request information passes verification, verifying whether the verification parameter of the token first parameter and the verification parameter of a token second parameter meets a specified relation, generating token updating second request information under the condition that the verification passes, and sending the token updating second request information to the communication satellite in a domain;

and the token updating response processing module is used for receiving and verifying the token updating response information, and forwarding the token updating response information to the user side under the condition that the verification is passed.

11. A terminal device comprising a memory, a processor, a transceiver;

the memory is used for storing computer execution instructions;

the processor is configured to execute the memory-stored computer-executable instructions to cause the processor to perform the method for satellite network user violation handling in conjunction with access authentication of any of claims 1-8;

the transceiver is used for receiving information sent by the external equipment and sending information to the external equipment.

12. A computer-readable storage medium having stored thereon computer-executable instructions for implementing the method for satellite network user violation handling in conjunction with access authentication of any one of claims 1-8 when executed by a processor.

Images