CN119484151B - Marine multilink fusion communication method and system - Google Patents
Marine multilink fusion communication method and system Download PDFInfo
- Publication number
- CN119484151B CN119484151B CN202510034462.3A CN202510034462A CN119484151B CN 119484151 B CN119484151 B CN 119484151B CN 202510034462 A CN202510034462 A CN 202510034462A CN 119484151 B CN119484151 B CN 119484151B
- Authority
- CN
- China
- Prior art keywords
- local area
- terminal device
- control device
- data
- ship
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000004891 communication Methods 0.000 title claims abstract description 49
- 238000000034 method Methods 0.000 title claims abstract description 47
- 230000004927 fusion Effects 0.000 title claims abstract description 24
- 230000006870 function Effects 0.000 description 10
- 238000012545 processing Methods 0.000 description 10
- 238000004590 computer program Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 5
- 230000003287 optical effect Effects 0.000 description 5
- 238000013461 design Methods 0.000 description 4
- 230000003068 static effect Effects 0.000 description 4
- 230000001360 synchronised effect Effects 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 3
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 230000000694 effects Effects 0.000 description 3
- 238000012544 monitoring process Methods 0.000 description 3
- 238000003491 array Methods 0.000 description 2
- 230000003190 augmentative effect Effects 0.000 description 2
- 230000001413 cellular effect Effects 0.000 description 2
- 235000019800 disodium phosphate Nutrition 0.000 description 2
- 230000007774 longterm Effects 0.000 description 2
- 239000004065 semiconductor Substances 0.000 description 2
- 206010063385 Intellectualisation Diseases 0.000 description 1
- 241000903583 Labops Species 0.000 description 1
- 210000004556 brain Anatomy 0.000 description 1
- 239000000470 constituent Substances 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000009795 derivation Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 238000004806 packaging method and process Methods 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 230000011664 signaling Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/102—Entity profiles
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Power Engineering (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application provides a marine multilink fusion communication method and system, which belong to the technical field of communication and are used for shunting accesses through access rights so as to effectively ensure the safety of access to ship network data. The method comprises the steps that under the condition that terminal equipment needs to access a marine network, control equipment obtains identity information of the terminal equipment, the control equipment determines a designated network which is authorized to be accessed by the terminal equipment in the marine network according to the identity information of the terminal equipment, and under the condition that the terminal equipment is multiple, data streams of each terminal equipment in the plurality of terminal equipment are used as one link, the links are shared, and the control equipment sends the data streams of the links to the designated network through fusion of the links.
Description
Technical Field
The application relates to the field of communication, in particular to a marine multilink fusion communication method and system.
Background
With the development of information technology, the electronic and informationized systems of ships are becoming more and more complex and important. These systems not only support basic communication and navigation functions, but also involve control and monitoring of the vessel. The ship network is generally composed of multiple layers, including a user network, a general application layer, a comprehensive management monitoring layer and a ship control network layer, wherein the layers are connected through security measures such as a firewall.
It can be seen that the ship network structure is complex, and the connection between the network layers is usually provided with a firewall to ensure the security of data transmission. Because the overall design and construction period of the ship are longer, the hardware upgrading frequency is lower, and the problems of insufficient maintenance and upgrading of software and hardware of the ship network are easy to occur. With the intellectualization of ships and the use of various communication means, such as wireless local area networks (802.11 p), wiFi, LTE/4G, 5G, VHF, HF, etc., the network security risk is also raised.
In summary, how to ensure the security of the access of the ship network data is a problem of current research.
Disclosure of Invention
The embodiment of the application provides a marine multilink fusion communication method and a marine multilink fusion communication system, which are used for shunting access through access rights so as to effectively ensure the safety of access to ship network data.
In order to achieve the above purpose, the application adopts the following technical scheme:
The marine multilink fusion communication method is applied to control equipment of a ship, and comprises the steps that the control equipment obtains identity information of the terminal equipment when the terminal equipment needs to access a marine network, the control equipment determines a designated network which is authorized to be accessed by the terminal equipment in the marine network according to the identity information of the terminal equipment, and when the terminal equipment is multiple, data streams of each of the terminal equipment are used as a link and are shared, and the control equipment transmits the data streams of the links to the designated network by fusing the links.
Optionally, the marine network comprises M marine local area networks, wherein the M marine local area networks are local area networks deployed on a ship, the control equipment determines a designated network which is authorized to be accessed by the terminal equipment in the marine network according to the identity information of the terminal equipment, the control equipment determines the marine local area network which is associated with the identity information of the terminal equipment from the M marine local area networks according to the identity information of the terminal equipment, the marine local area network which is associated with the identity information of the terminal equipment is the designated network which is authorized to be accessed by the terminal equipment, and M is an integer greater than 2.
Optionally, the control device acquires identity information of the terminal device, wherein the control device acquires the identity information of the terminal device from a data stream of the terminal device, the control device acquires one of an IP address of the terminal device, an MAC address of the terminal device or an authentication account number of the terminal device, the control device correspondingly determines a local area network associated with the identity information of the terminal device from M local area networks of the ship according to the identity information of the terminal device, the control device verifies the authentication account number of the terminal device, determines a local area network of the ship which is accessed by the authentication account number of the terminal device from the M local area networks of the ship according to the authentication account number of the terminal device, the control device determines whether the IP address of the terminal device belongs to an IP address section which is allowed to access by the local area network of the ship which is allowed to access by the authentication account number of the terminal device, or whether the MAC address of the terminal device belongs to an MAC address section which is allowed to access by the local area network which is allowed to access by the authentication account number of the terminal device, and determines that the local area network which is allowed to access by the terminal device, if the IP address of the terminal device belongs to the local area network which is allowed to access by the authentication of the terminal device, or the local area network which is allowed to access by the terminal device, and the network which is allowed to access by the network of the terminal device is determined that the network which is not allowed to access by the network of the terminal device.
Optionally, the control device sends the data streams of the links to the designated network by fusing the links, wherein the control device encrypts the data streams of the terminal devices by adopting a network packet encryption mode for any one of the terminal devices to obtain encrypted data streams, and the control device packages and fuses the data streams encrypted by the terminal devices respectively and sends the data streams to a gateway interface in the designated network, and the packaged and fused data streams are the data streams of the links.
The control equipment encrypts the data stream of the terminal equipment in a network packet encryption mode to obtain an encrypted data stream, wherein the control equipment determines a target ship local area network packet to which a designated network belongs in the N ship local area network packets, and encrypts the data stream of the terminal equipment by using a security key of the target ship local area network packet to obtain the encrypted data stream.
Optionally, any one of the M local area networks belongs to at least two local area network packets, and is only a master network member of one of the at least two local area network packets, the designated network is a master network member of the target local area network packet, the control device encrypts the data stream of the terminal device by using a security key of the target local area network packet to obtain an encrypted data stream, the control device encrypts the first data by using a key of the designated network to obtain the encrypted first data, the data stream of the terminal device comprises the first data and the second data, the control device randomly selects a key of at least one local area network from the target local area network to encrypt the encrypted first data and the second data, and the encrypted data stream is obtained.
Optionally, the length of the key of the appointed network is k1, the length of the data stream of the terminal equipment is k2, the k2 is the integer greater than k1, the control equipment encrypts the first data by using the key of the appointed network to obtain encrypted first data, and the control equipment determines the starting position of the y 1bit in the data stream of the terminal equipment as data according to k2mod 1 = y 1; if the freshness random number R1 is larger than the freshness random number R2, the control device determines that the y1+R2 bit in the data stream of the terminal device is the end position of the data, or if the freshness random number R2 is larger than the freshness random number R1, the control device determines that the y1+R1 bit in the data stream of the terminal device is the end position of the data, wherein the freshness random number R1 is a random positive integer which is randomly generated in advance by a gateway interface in a designated network and sent to the control device, the freshness random number R2 is an integer which is randomly selected by the control device in the range of y1+1 to k2, the control device determines the data from the start position of the data to the end position of the data in the data stream of the terminal device as first data, the data except the first data in the data stream of the terminal device is second data, the control device encrypts the first data by using a key of the designated network to obtain encrypted first data, the control device respectively encrypts the data stream of the plurality of the terminal devices, packages the data stream of the control device, and sends the data stream to the gateway interface in the designated network, the data stream of the control device comprises the random number R2 which indicates the length of the data stream of the terminal device and the data of the terminal device is encrypted by the random number R2, the method comprises the steps of obtaining a packed data stream of terminal equipment, repackaging the packed data streams of a plurality of terminal equipment by control equipment to obtain a packed and fused data stream, and sending the packed and fused data stream to a gateway interface in a designated network by the control equipment.
Optionally, the control device uses keys of at least two local area networks of the target ship to encrypt the encrypted first data and the second data to obtain an encrypted data stream, and comprises the control device randomly selects at least two local area networks of the target ship and uses the keys of the at least two local area networks of the ship to derive a new key, and the control device uses the new key to encrypt the encrypted first data and the second data to obtain the encrypted data stream.
Optionally, the method further comprises the step that if the terminal equipment needs to access an external network except the marine network, the control equipment sends the data flow of the terminal equipment to an interface of the external network, and the external network refers to a non-local area network which is not deployed on the ship.
In a second aspect, a marine multilink fusion communication system is provided, the system comprises a control device applied to a ship, the control device is configured to acquire identity information of terminal devices when the terminal devices need to access a marine network, the control device determines a designated network which the terminal devices have authority to access in the marine network according to the identity information of the terminal devices, and the control device uses a data stream of each of the terminal devices as a link and shares a plurality of links when the terminal devices are multiple, and transmits the data streams of the links to the designated network by fusing the links.
The system according to the second aspect is specifically configured to implement the method according to the first aspect, and the description of the method according to the first aspect is specifically referred to and is not repeated herein.
In a third aspect, embodiments of the present invention provide a readable storage medium having stored thereon a program or instructions which, when executed by a processor, implement the steps in the marine multilink fusion communication method described above.
In a fourth aspect, embodiments of the present invention provide an electronic device comprising a processor, wherein the processor is coupled to a memory and a transceiver, the processor performing the marine multilink fusion communication method of the first aspect by running or executing a software program stored in the memory and invoking data stored in the memory.
The method and the system have the following technical effects:
Under the condition that the terminal equipment needs to access the marine network, the control equipment can acquire the identity information of the terminal equipment so as to determine the appointed network which is authorized to be accessed by the terminal equipment in the marine network according to the identity information of the terminal equipment, and the terminal equipment is not allowed to be accessed by the network without the authority access, so that the access is shunted through the authority access so as to effectively ensure the safety of the access of the marine network data.
Drawings
Fig. 1 is a schematic diagram of a communication system according to an embodiment of the present application;
Fig. 2 is a schematic flow chart of a marine multilink fusion communication method according to an embodiment of the present application;
Fig. 3 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
The technical scheme of the application will be described below with reference to the accompanying drawings.
The technical solution of the embodiment of the present application may be applied to various communication systems, such as a wireless network (Wi-Fi) system, a vehicle-to-arbitrary object (vehicle to everything, V2X) communication system, an inter-device (device-todevie, D2D) communication system, a car networking communication system, a fourth generation (4th generation,4G) mobile communication system, such as a long term evolution (long term evolution, LTE) system, a worldwide interoperability for microwave access (worldwide interoperability for microwave access, wiMAX) communication system, a fifth generation (5th generation,5G) communication system, such as a new radio, NR) system, and a future communication system.
The present application will present various aspects, embodiments, or features about a system that may include a plurality of devices, components, modules, etc. It is to be understood and appreciated that the various systems may include additional devices, components, modules, etc. and/or may not include all of the devices, components, modules etc. discussed in connection with the figures. Furthermore, combinations of these schemes may also be used.
In addition, in the embodiments of the present application, words such as "exemplary," "for example," and the like are used to indicate an example, instance, or illustration. Any embodiment or design described herein as "exemplary" is not necessarily to be construed as preferred or advantageous over other embodiments or designs. Rather, the term use of an example is intended to present concepts in a concrete fashion.
In the embodiment of the present application, "information", "signal", "message", "channel", and "signaling (singaling)" may be sometimes used in combination, and it should be noted that the meaning of the expression is matched when the distinction is not emphasized. "corresponding (corresponding, relevant)" and "corresponding (corresponding)" may sometimes be used in combination, and it should be noted that the meanings that they are intended to express are matched when the distinction is not emphasized. Furthermore, references to "/" in this disclosure may be used to indicate an "or" relationship.
The network architecture and the service scenario described in the embodiments of the present application are for more clearly describing the technical solution of the embodiments of the present application, and do not constitute a limitation on the technical solution provided by the embodiments of the present application, and those skilled in the art can know that, with the evolution of the network architecture and the appearance of the new service scenario, the technical solution provided by the embodiments of the present application is applicable to similar technical problems.
To facilitate understanding of the embodiments of the present application, a communication system suitable for use in the embodiments of the present application will be described in detail with reference to the communication system shown in fig. 1.
Fig. 1 is a schematic architecture diagram of a communication system to which the marine multilink fusion communication method according to the embodiment of the present application is applicable. As shown in fig. 1, the communication system includes a control device and a network device.
The control device can be understood as intelligent brain equipment of the ship and is responsible for processing and distributing data. The control device may be a terminal-like device, such as a terminal device having transceiving and processing functions, or a chip system that may be provided in the terminal device. The terminal device can also be referred to as a user equipment (uesr equipment, UE), an access terminal device, a subscriber unit (subscriber unit), a subscriber station, a Mobile Station (MS), a mobile station, a remote terminal device, a mobile device, a user terminal device, a wireless communication device, a user agent, or a user equipment. The terminal device in the embodiment of the present application may be a mobile phone (mobile phone), a cellular phone (cellular phone), a smart phone (smart phone), a tablet computer (Pad), a wireless data card, a personal digital assistant (personal DIGITAL ASSISTANT, PDA), a wireless modem (modem), a handheld device (handset), a laptop computer (labop computer), a machine type communication (MACHINE TYPE communication, MTC) terminal device, a computer with a wireless transceiving function, a Virtual Reality (VR) terminal device, an augmented reality (augmented reality, AR) terminal device, a wireless terminal device in industrial control (industrial control), a wireless terminal device in unmanned (SELF DRIVING), a wireless terminal device in remote medical (remote medical), a wireless terminal device in smart grid (SMART GRID), a wireless terminal device in transportation security (transportation safety), a wireless terminal device in smart city (SMART CITY), a wireless terminal device in smart home (smart home), a roadside terminal device, a roadside unit (RSU), or the like. The terminal device of the present application may also be an in-vehicle module, an in-vehicle part, an in-vehicle chip, or an in-vehicle unit built in a vehicle as one or more parts or units. Or the end device may be a customer-premises equipment (CPE) end device.
The network device may be multiple, for example, a gateway interface, a routing node, etc. in each marine local area network are respectively set.
It will be appreciated that fig. 1 is a simplified schematic diagram that is illustrated for ease of understanding, and that other network devices, and/or other terminal devices, may also be included in the communication system, and that fig. 1 is not shown.
It is convenient to understand that the marine multilink fusion communication method provided by the embodiment of the present application in fig. 2 will be specifically described below.
Exemplary, fig. 2 is a schematic flow chart of a marine multilink fusion communication method according to an embodiment of the present application. The method can be applied to the communication between the network equipment and the terminal equipment in the communication system.
As shown in fig. 2, the flow of the marine multilink fusion communication method is as follows:
S201, under the condition that the terminal equipment needs to access the marine network, the control equipment acquires the identity information of the terminal equipment.
The terminal device may be a user terminal, such as a UE, on the vessel. For example, in case the terminal device needs to access the marine network, the terminal device may send a data stream of the terminal device, such as a data stream consisting of a plurality of data messages, to the control device. The control device can acquire the identity information of the terminal device from the data stream of the terminal device, wherein the identity information of the terminal device comprises one of an IP address of the terminal device, a MAC address of the terminal device or an authentication account number of the terminal device. The authentication account number of the terminal equipment is information obtained by signing the account number of the terminal equipment by using the signature of the terminal equipment.
S202, the control equipment determines a designated network which is authorized to be accessed by the terminal equipment in the marine network according to the identity information of the terminal equipment.
The marine network may include M marine local area networks, where M marine local area networks refer to local area networks deployed on a vessel, and M marine local area networks provide different local area network services for the vessel. For example, the ship local area network #1 is a network providing a monitoring security service, the ship local area network #2 is a network providing a ship control service, the ship local area network #3 is a network providing a ship application service, and the like.
The control device can determine the ship local area network associated with the identity information of the terminal device from M ship local area networks according to the identity information of the terminal device, wherein the ship local area network associated with the identity information of the terminal device is a designated network which the terminal device has permission to access, and M is an integer greater than 2.
Specifically, the control device may verify the authentication account of the terminal device, for example, verify the signature of the authentication account of the terminal device, so as to determine whether the signature is performed by the trusted terminal. Under the condition that the authentication account number of the terminal equipment passes (namely, the authentication signature passes), the control equipment determines a ship local area network which is authorized to be accessed by the authentication account number of the terminal equipment from M ship local area networks according to the authentication account number of the terminal equipment, namely, the ship local area network corresponding to the authentication account number.
The control device determines whether the IP address of the terminal device belongs to an IP address segment which is allowed to be accessed by the ship local area network which is accessed by the authentication account of the terminal device, or whether the MAC address of the terminal device belongs to an MAC address segment which is allowed to be accessed by the ship local area network which is determined to be accessed by the authentication account of the terminal device. If the IP address of the terminal equipment belongs to the IP address section which is allowed to be accessed by the vessel local area network which is authorized to be accessed by the authentication account of the terminal equipment or the MAC address of the terminal equipment belongs to the MAC address section which is allowed to be accessed by the vessel local area network which is determined to be accessed by the authentication account of the terminal equipment, determining that the vessel local area network which is authorized to be accessed by the authentication account of the terminal equipment is the vessel local area network which is related to the identity information of the terminal equipment, otherwise, rejecting the request of the terminal equipment for accessing the vessel network.
That is, the ship local area network that a certain terminal can access can be effectively determined by verifying the signature, so that whether the IP address or the MAC address currently accessed by the terminal belongs to the address segment of the ship local area network is determined, and the data security is ensured. If a terminal falsifies an IP address or a MAC address, access of the terminal is refused.
S203, in the case where there are a plurality of terminal devices, the data stream of each of the plurality of terminal devices serves as one link, and there are a plurality of links in common, and the control device transmits the data stream of the plurality of links to the designated network by fusing the plurality of links.
For any one of the plurality of terminal devices, the control device may encrypt the data stream of the terminal device by using a network packet encryption manner, to obtain an encrypted data stream.
Wherein the M local area networks are divided into N local area network groups, N is an integer greater than 1, and any two of the N local area network groups have different networks. For example, m=n, any of the M local area networks belongs to at least two local area network groups and is only a master network member of one of the at least two local area network groups. The key of the main network member can be used for primary encryption in data transmission, and the keys of other members are used for secondary encryption after primary encryption, so that the data security is further ensured under the high data security scene of the ship. In practical application, the N ship local area networks can be configured by staff according to practical requirements, and the embodiment of the application is not limited. For example, the M local area networks include local area network #1, local area network #2, local area network #3, local area network #4, and the N local area network groups include local area network #1 (main network member), local area network #2, and local area network #3. The ship local area network packet #2 includes a ship local area network #2 (main network member), a ship local area network #3, and a ship local area network #4. The ship local area network packet #3 includes a ship local area network #3 (main network member), a ship local area network #4, and a ship local area network #1. The ship local area network packet #4 includes a ship local area network #4 (main network member), a ship local area network #1, and a ship local area network #2. Or there may be other groupings, which are just one example.
On the basis of this, the control device may determine that the above-mentioned specified network belongs to the target local area network packet of the N local area network packets of the ship, specifically, the target local area network packet of the specified network as the main network member. The control device may encrypt the data stream of the terminal device using the security key of the target ship local area network packet, to obtain an encrypted data stream.
For example, the control device may encrypt the first data using a key specifying the network to obtain encrypted first data, and the data stream of the terminal device includes the first data and the second data.
Specifically, the length of the key of the designated network is k1, k1 is an integer greater than 1, the length of the data stream of the terminal device is k2, k2 is an integer greater than k1, and the control device may determine that the y1 st bit in the data stream of the terminal device is the start position of the data according to k2modk1=y1. If the freshness random number R1 is greater than the freshness random number R2, the control device determines that the y1+r2 bit in the data stream of the terminal device is an end position of the data, or if the freshness random number R2 is greater than the freshness random number R1, the control device determines that the y1+r1 bit in the data stream of the terminal device is an end position of the data. The freshness random number R1 is a random positive integer which is randomly generated in advance by a gateway interface in the appointed network and sent to the control equipment, wherein the gateway interface in each ship local area network periodically generates the latest freshness random number and sends the latest freshness random number to the control equipment. The control device may save the latest freshness random number and determine that the history-saved freshness random number is invalid and discard the history-saved freshness random number. The freshness random number R2 is an integer randomly selected by the control device in the range of y1+1 to k2, i.e. the control device can determine the freshness random number R2 from the data range following it according to the start position of the currently determined data.
It will be appreciated that since the data length may be different for each communication, the starting location of the data may be different for each determination, further improving data security. Additionally, the key of the designated network may be a symmetric encryption key, where the key is a key that is pre-configured and aligned by the designated network and the control device, and the same is true for other marine local area networks, which will be understood by reference, and will not be described herein.
The control device may determine, as the first data, data from a start position of the data to an end position of the data in the data stream of the terminal device, and data other than the first data in the data stream of the terminal device is the second data.
Then, the control device encrypts the encrypted first data and the second data using a key that randomly selects at least one of the ship local area networks from the target ship local area network, resulting in an encrypted data stream. For example, the control device randomly selects at least two local area networks from the target local area network, and uses the keys of the at least two local area networks to derive new keys. For example, the control device may use a key derivation algorithm in which the control device is preconfigured to align with a specified network, and derive a new key by using at least two keys of the marine local area network as input parameters. The control device encrypts the encrypted first data and the second data using the new key to obtain an encrypted data stream.
And finally, packaging and fusing the data streams encrypted by the control equipment and the terminal equipment respectively, and sending the data streams to a gateway interface in a designated network, wherein the packaged and fused data streams are the data streams of a plurality of links.
Specifically, for any one of the plurality of terminal devices, the control device packages (or compresses) the encrypted data stream of the terminal device, the freshness random number R2, and information indicating that the length of the data stream of the terminal device is k2, to obtain a packaged data stream of the terminal device. The control device sends the packed and fused data stream to a gateway interface in a designated network, so that the transmission efficiency can be improved, namely, the data of the plurality of terminal devices can be safely transmitted at one time.
The gateway interface may perform the inverse of the encryption described above. Specifically, the gateway interface is preconfigured with a key of each ship local area network in the target ship local area network packet, and the gateway interface may firstly unpack (or decompress) the data stream of the packet fusion to obtain respective packed data streams of the plurality of terminal devices, and then unpack (or decompress) the respective packed data streams of the plurality of terminal devices to obtain an encrypted data stream of each terminal device, a freshness random number R2, and information indicating that the length of the data stream of the terminal device is k 2. It will be appreciated that the freshness random number R2 and the length K2 of the data stream may be different for each terminal device, named R2 and K2. On this basis, for any one of the terminal devices, the gateway interface may try to derive the key combinations of the respective ship local area networks therein and decrypt the encrypted data stream using the derived new keys, and if decryption fails, continue to try other combinations and derive keys, and then repeat the process until decryption is successful. Since the gateway interface knows that the length of the data stream of the terminal device is k2 and also knows that the length of the key of the designated network is k1, the gateway interface can determine the start position of the data according to k2 modk1=y1, and determine the end position of the data according to the freshness random number R1 and the freshness random number R2, so as to extract the encrypted first data from the decrypted data, and decrypt the encrypted first data to obtain the first data and the second data. Finally, the gateway interface may send the data stream of the terminal device into the designated network using a security protocol internal to the network.
Optionally, if the terminal device needs to access an external network other than the marine network, the control device sends the data stream of the terminal device to an interface of the external network, where the external network refers to a non-local area network that is not deployed on the ship.
In summary, under the condition that the terminal device needs to access the marine network, the control device can acquire the identity information of the terminal device to determine the appointed network with the authority access of the terminal device in the marine network according to the identity information of the terminal device, and the terminal device is not allowed to access if the terminal device does not have the authority access network, so that the access is split through the access authority, and the data access safety of the marine network is effectively ensured.
The marine multilink fusion communication method provided by the embodiment of the application is described in detail above with reference to fig. 2. A marine multilink fusion communication system for performing the marine multilink fusion communication method provided by the embodiment of the present application, which includes a control device applied to a ship, is described in detail below. The control device is configured to acquire identity information of the terminal device when the terminal device needs to access the marine network, determine a designated network in the marine network to which the terminal device has permission to access according to the identity information of the terminal device, and send a data stream of the terminal device to the designated network. The control device is configured to execute the specific flow of the method described in fig. 2, and the specific description of the method may be referred to specifically, which is not repeated herein.
Fig. 3 is a schematic structural diagram of an electronic device according to an embodiment of the present application. The electronic device may be a terminal, or may be a chip (system) or other part or component that may be provided to the terminal, for example. As shown in fig. 3, the electronic device 400 may include a processor 401. Optionally, the electronic device 400 may also include memory 402 and/or a transceiver 403. Wherein the processor 401 is coupled to the memory 402 and the transceiver 403, e.g. may be connected by a communication bus.
The following describes the various constituent elements of the electronic device 400 in detail with reference to fig. 3:
The processor 401 is a control center of the electronic device 400, and may be one processor or a collective name of a plurality of processing elements. For example, processor 401 may be one or more central processing units (central processing unit, CPU), or may be an Application SPECIFIC INTEGRATED Circuit (ASIC), or one or more integrated circuits configured to implement embodiments of the present application, such as one or more microprocessors (DIGITAL SIGNAL processors, DSPs), or one or more field programmable gate arrays (field programmable GATE ARRAY, FPGAs).
Alternatively, the processor 401 may perform various functions of the electronic device 400, such as performing the marine multilink fusion communication method described above in fig. 2, by running or executing a software program stored in the memory 402 and invoking data stored in the memory 402.
In a particular implementation, processor 401 may include one or more CPUs, such as CPU0 and CPU1 shown in FIG. 3, as an embodiment.
In a particular implementation, electronic device 400 may also include multiple processors, as one embodiment. Each of these processors may be a single-core processor (single-CPU) or a multi-core processor (multi-CPU). A processor herein may refer to one or more devices, circuits, and/or processing cores for processing data (e.g., computer program instructions).
The memory 402 is configured to store a software program for executing the solution of the present application, and the processor 401 controls the execution of the software program, and the specific implementation may refer to the above method embodiment, which is not described herein again.
Alternatively, memory 402 may be, but is not limited to, read-only memory (ROM) or other type of static storage device that may store static information and instructions, random access memory (random access memory, RAM) or other type of dynamic storage device that may store information and instructions, electrically erasable programmable read-only memory (ELECTRICALLY ERASABLE PROGRAMMABLE READ-only memory, EEPROM), compact disc read-only memory (compact disc read-only memory) or other optical disk storage, optical disk storage (including compact disc, laser disc, optical disc, digital versatile disc, blu-ray disc, etc.), magnetic disk storage media or other magnetic storage devices, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer. The memory 402 may be integrated with the processor 401 or may exist separately and be coupled to the processor 401 through an interface circuit (not shown in fig. 3) of the electronic device 400, which is not specifically limited by the embodiment of the present application.
A transceiver 403 for communication with other electronic devices. For example, electronic device 400 is a terminal and transceiver 403 may be used to communicate with a network device or with another terminal device. As another example, electronic device 400 is a network device and transceiver 403 may be used to communicate with a terminal or with another network device.
Alternatively, the transceiver 403 may include a receiver and a transmitter (not separately shown in fig. 3). The receiver is used for realizing the receiving function, and the transmitter is used for realizing the transmitting function.
Alternatively, transceiver 403 may be integrated with processor 401 or may exist separately and be coupled to processor 401 by an interface circuit (not shown in fig. 3) of electronic device 400, as embodiments of the application are not specifically limited in this regard.
It will be appreciated that the configuration of the electronic device 400 shown in fig. 3 is not limiting of the electronic device, and that an actual electronic device may include more or fewer components than shown, or may combine certain components, or a different arrangement of components.
In addition, the technical effects of the electronic device 400 may refer to the technical effects of the method described in the above method embodiments, which are not described herein.
It should be appreciated that the processor in embodiments of the application may be a central processing unit (central processing unit, CPU), which may also be other general purpose processors, digital signal processors (DIGITAL SIGNAL processors, DSPs), application Specific Integrated Circuits (ASICs), off-the-shelf programmable gate arrays (field programmable GATE ARRAY, FPGAs) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
It should also be appreciated that the memory in embodiments of the present application may be either volatile memory or nonvolatile memory, or may include both volatile and nonvolatile memory. The nonvolatile memory may be a read-only memory (ROM), a Programmable ROM (PROM), an erasable programmable ROM (erasable PROM), an electrically erasable programmable EPROM (EEPROM), or a flash memory. The volatile memory may be random access memory (random access memory, RAM) which acts as external cache memory. By way of example, and not limitation, many forms of random access memory (random access memory, RAM) are available, such as static random access memory (STATIC RAM, SRAM), dynamic Random Access Memory (DRAM), synchronous Dynamic Random Access Memory (SDRAM), double data rate synchronous dynamic random access memory (double DATA RATE SDRAM, DDR SDRAM), enhanced synchronous dynamic random access memory (ENHANCED SDRAM, ESDRAM), synchronous link dynamic random access memory (SYNCHLINK DRAM, SLDRAM), and direct memory bus random access memory (direct rambus RAM, DR RAM).
Embodiments of the present invention provide a readable storage medium having stored thereon a program or instructions which, when executed by a processor, implement the steps in the marine multilink fusion communication method described above.
The above embodiments may be implemented in whole or in part by software, hardware (e.g., circuitry), firmware, or any other combination. When implemented in software, the above-described embodiments may be implemented in whole or in part in the form of a computer program product. The computer program product comprises one or more computer instructions or computer programs. When the computer instructions or computer program are loaded or executed on a computer, the processes or functions described in accordance with embodiments of the present application are produced in whole or in part. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable apparatus. The computer instructions may be stored in a computer-readable storage medium or transmitted from one computer-readable storage medium to another computer-readable storage medium, for example, the computer instructions may be transmitted from one website site, computer, server, or data center to another website site, computer, server, or data center by wired (e.g., infrared, wireless, microwave, etc.). The computer readable storage medium may be any available medium that can be accessed by a computer or a data storage device such as a server, data center, etc. that contains one or more sets of available media. The usable medium may be a magnetic medium (e.g., floppy disk, hard disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium. The semiconductor medium may be a solid state disk.
It should be understood that the term "and/or" is merely an association relationship describing the associated object, and means that three relationships may exist, for example, a and/or B, and may mean that a exists alone, while a and B exist alone, and B exists alone, wherein a and B may be singular or plural. In addition, the character "/" herein generally indicates that the associated object is an "or" relationship, but may also indicate an "and/or" relationship, and may be understood by referring to the context.
In the present application, "at least one" means one or more, and "a plurality" means two or more. "at least one of" or the like means any combination of these items, including any combination of single item(s) or plural items(s). For example, at least one (a, b, or c) of a, b, c, a-b, a-c, b-c, or a-b-c may be represented, wherein a, b, c may be single or plural.
It should be understood that, in various embodiments of the present application, the sequence numbers of the foregoing processes do not mean the order of execution, and the order of execution of the processes should be determined by the functions and internal logic thereof, and should not constitute any limitation on the implementation process of the embodiments of the present application.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
It will be clear to those skilled in the art that, for convenience and brevity of description, specific working procedures of the above-described systems, apparatuses and units may refer to corresponding procedures in the foregoing method embodiments, and are not repeated herein.
In the several embodiments provided by the present application, it should be understood that the disclosed systems, devices, and methods may be implemented in other manners. For example, the apparatus embodiments described above are merely illustrative, e.g., the division of the units is merely a logical function division, and there may be additional divisions when actually implemented, e.g., multiple units or components may be combined or integrated into another system, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other form.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in the embodiments of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer-readable storage medium. Based on this understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a server, a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present application. The storage medium includes a U disk, a removable hard disk, a read-only memory (ROM), a random access memory (random access memory, RAM), a magnetic disk, an optical disk, or other various media capable of storing program codes.
The foregoing is merely illustrative of the present application, and the present application is not limited thereto, and any person skilled in the art will readily recognize that variations or substitutions are within the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (8)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202510034462.3A CN119484151B (en) | 2025-01-09 | 2025-01-09 | Marine multilink fusion communication method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202510034462.3A CN119484151B (en) | 2025-01-09 | 2025-01-09 | Marine multilink fusion communication method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN119484151A CN119484151A (en) | 2025-02-18 |
| CN119484151B true CN119484151B (en) | 2025-04-11 |
Family
ID=94580873
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202510034462.3A Active CN119484151B (en) | 2025-01-09 | 2025-01-09 | Marine multilink fusion communication method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN119484151B (en) |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2009147652A2 (en) * | 2008-06-05 | 2009-12-10 | Vss Monitoring, Inc. | Ethernet switch-based network monitoring system and methods |
| CN117978877A (en) * | 2024-01-29 | 2024-05-03 | 北京密码云芯科技有限公司 | Communication request processing method and device, electronic equipment and storage medium |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101715209A (en) * | 2009-11-11 | 2010-05-26 | 中兴通讯股份有限公司 | Method and system for multilink transmission data |
| CN119109776A (en) * | 2024-09-27 | 2024-12-10 | 广州卫讯科技有限公司 | A park dynamic network configuration system and network control method using the same |
-
2025
- 2025-01-09 CN CN202510034462.3A patent/CN119484151B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2009147652A2 (en) * | 2008-06-05 | 2009-12-10 | Vss Monitoring, Inc. | Ethernet switch-based network monitoring system and methods |
| CN117978877A (en) * | 2024-01-29 | 2024-05-03 | 北京密码云芯科技有限公司 | Communication request processing method and device, electronic equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN119484151A (en) | 2025-02-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10790995B2 (en) | Oracle authentication using multiple memory PUFs | |
| CN110830989B (en) | A communication method and device | |
| AU2018340618B2 (en) | Parameter protection method and device, and system | |
| US20200228988A1 (en) | V2x communication device and method for inspecting forgery/falsification of key thereof | |
| CN112449323B (en) | Communication method, device and system | |
| US12348960B2 (en) | Wi-Fi security authentication method and communication apparatus | |
| CN113766495A (en) | Information protection method, system and communication device | |
| US20240244681A1 (en) | Communication method, apparatus, and system | |
| CN118590498B (en) | A method for providing P2P transmission capability to software in a non-embedded form | |
| WO2023072275A1 (en) | Communication method, apparatus and system | |
| CN118694614B (en) | Communication network security management method and system | |
| KR20230051592A (en) | Communication methods and related devices | |
| KR20230041746A (en) | Bluetooth node pairing method and related device | |
| Nyangaresi et al. | Secure algorithm for IoT devices authentication | |
| TWI685267B (en) | Method and equipment for access control | |
| WO2023178691A1 (en) | Security implementation method and apparatus, device and network element | |
| CN119484151B (en) | Marine multilink fusion communication method and system | |
| CN116528234B (en) | A safe and trustworthy verification method and device for virtual machines | |
| CN116561810B (en) | Storage management big data processing method and device based on hybrid cloud platform | |
| CN116980218A (en) | Building equipment life cycle control SaaS system and method | |
| CN119031363B (en) | Emergency management method and system based on data security | |
| CN106954210B (en) | Protection method and device for air interface identifier | |
| CN120416831A (en) | Communication method and device | |
| CN115801388B (en) | Message transmission method, device and storage medium | |
| CN120238860A (en) | Communication method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |