CN111614692B - Inbound message processing method and device based on power gateway - Google Patents
Inbound message processing method and device based on power gateway Download PDFInfo
- Publication number
- CN111614692B CN111614692B CN202010467052.5A CN202010467052A CN111614692B CN 111614692 B CN111614692 B CN 111614692B CN 202010467052 A CN202010467052 A CN 202010467052A CN 111614692 B CN111614692 B CN 111614692B
- Authority
- CN
- China
- Prior art keywords
- protocol
- encrypted data
- message
- data
- algorithm
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000003672 processing method Methods 0.000 title claims abstract description 17
- 238000012545 processing Methods 0.000 claims abstract description 36
- 238000012795 verification Methods 0.000 claims abstract description 30
- 238000004891 communication Methods 0.000 claims abstract description 11
- 238000004590 computer program Methods 0.000 claims description 16
- 238000001914 filtration Methods 0.000 claims description 15
- 230000005540 biological transmission Effects 0.000 abstract description 17
- 238000000034 method Methods 0.000 description 11
- 238000010586 diagram Methods 0.000 description 5
- 230000008569 process Effects 0.000 description 4
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 101150088939 BRSK1 gene Proteins 0.000 description 2
- 102100028623 Serine/threonine-protein kinase BRSK1 Human genes 0.000 description 2
- 238000013475 authorization Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/068—Network architectures or network communication protocols for network security for supporting key management in a packet data network using time-dependent keys, e.g. periodically changing keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
- H04L63/205—Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/22—Parsing or analysis of headers
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses an inbound message processing method based on an electric power gateway, which comprises the following steps: receiving an encrypted data message transmitted by a transmitting end and searching an SA protocol associated with the encrypted data message according to a local strategy; the SA protocol comprises an encryption algorithm and an algorithm key; decapsulating the encrypted data message to obtain encrypted data and an authentication message; calculating the original data message through a verification algorithm to obtain verification data; when the verification data is determined to be consistent with the authentication message, carrying out decryption processing on the encrypted data through an algorithm key in the SA protocol to obtain original data; after the original data are obtained, a counter is called, a preset constant value is added to the value of the counter, and when the value of the counter reaches a preset maximum value, a new SA protocol is generated through protocol communication with a receiving end; the technical scheme of the invention can improve the safety in the data transmission process and avoid the leakage of confidential information.
Description
Technical Field
The present invention relates to the field of gateway inbound message processing, and in particular, to an inbound message processing method and apparatus based on an electrical gateway.
Background
The security gateway is widely applied in the power distribution industry, the security, confidentiality and integrity of cross-network information transmission are ensured by deploying the security gateway at a network boundary, and the effective authentication, authorization and data transmission security of the identity between a client and a server are realized; therefore, the access method of the security gateway is an important link in the gateway technology.
The traditional security gateway uses an application mode of common transmission, and in the process of processing inbound messages, the traditional message processing scheme is to obtain original IP data by carrying out conventional decryption conversion on received encrypted data messages.
Therefore, an inbound message processing strategy based on an electric gateway is urgently needed in the market at present, which can improve the security in the data transmission process and avoid the leakage of confidential information.
Disclosure of Invention
The invention provides an inbound message processing method and device based on an electric gateway, which can improve the security in the data transmission process and avoid the leakage of confidential information.
In order to solve the above technical problem, an embodiment of the present invention provides an inbound message processing method based on an electrical gateway, including:
receiving an encrypted data message transmitted by a transmitting end, and searching an SA protocol associated with the encrypted data message according to a local strategy; the SA protocol comprises an encryption algorithm and an algorithm key;
decapsulating the encrypted data message to obtain encrypted data and an authentication message;
calculating the original data message through a verification algorithm to obtain verification data;
when the verification data is determined to be consistent with the authentication message, carrying out decryption processing on the encrypted data through an algorithm key in the SA protocol to obtain original data;
and after the original data are obtained, calling a counter, adding a preset constant value to the value of the counter, and generating a new SA protocol through protocol communication with a receiving end when the value of the counter reaches a preset maximum value.
As a preferred scheme, the step of searching for the SA protocol associated with the encrypted data packet according to the local policy specifically includes:
judging whether an SA protocol associated with the encrypted data message exists in the local strategy or not, and directly configuring and using the SA protocol when the SA protocol associated with the encrypted data message exists in the local strategy; and filtering the encrypted data message when determining that the SA protocol associated with the encrypted data message does not exist in the local policy.
As a preferred scheme, the verification algorithm is an integrity verification algorithm.
As a preferred scheme, the inbound message processing method based on the power gateway further includes: and filtering the encrypted data message when the verification data is determined to be inconsistent with the authentication message.
Another embodiment of the present invention provides an inbound message processing apparatus based on an electrical gateway, including:
the data receiving module is used for receiving the encrypted data message transmitted by the transmitting end and searching an SA protocol associated with the encrypted data message according to a local strategy; the SA protocol comprises an encryption algorithm and an algorithm key;
the data decapsulation module is used for decapsulating the encrypted data message to obtain encrypted data and an authentication message;
the data checking module is used for calculating the original data message through a checking algorithm to obtain checking data;
the data decryption module is used for decrypting the encrypted data through an algorithm key in the SA protocol to obtain original data when the verification data is determined to be consistent with the authentication message;
and the counting judgment module is used for calling a counter after the original data is obtained, adding a preset constant value to the value of the counter, and generating a new SA protocol through protocol communication with a receiving end when the value of the counter reaches a preset maximum value.
Preferably, the data receiving module includes: a protocol judging unit, configured to judge whether an SA protocol associated with the encrypted data packet exists in the local policy, and directly configure and use the SA protocol when it is determined that the SA protocol associated with the encrypted data packet exists in the local policy; and filtering the encrypted data message when determining that the SA protocol associated with the encrypted data message does not exist in the local policy.
As a preferred scheme, the verification algorithm is an integrity verification algorithm.
Preferably, the inbound message processing apparatus based on the power gateway further includes: and the data filtering module is used for filtering the encrypted data message when the verification data is determined to be inconsistent with the authentication message.
Another embodiment of the present invention provides a power gateway based inbound message processing apparatus, including a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor implements the steps of the power gateway based inbound message processing method as described above when executing the computer program.
Compared with the prior art, the embodiment of the invention has the following beneficial effects:
according to the technical scheme, the encryption algorithm and the algorithm key which are in advance communicated with the sending end protocol are obtained through the SA protocol, the received encrypted data message is decrypted, the encrypted transmission data can be accurately decrypted, the safety of the data in the transmission process is guaranteed, the processing times are counted by combining a counter, when a certain value is reached, the SA protocol is replaced in time, the danger that the encryption strategy is cracked due to the fact that the encryption strategy is not replaced for a long time can be avoided, the safety of the data in the transmission process is improved, and the leakage of confidential information is avoided.
Drawings
FIG. 1: the invention provides a flow diagram of an embodiment of an inbound message processing method based on an electric gateway;
FIG. 2: a schematic structural diagram of an embodiment of an inbound message processing apparatus based on an electrical gateway according to embodiment 2 of the present invention;
FIG. 3: a schematic structural diagram of an inbound message processing apparatus based on an electrical gateway provided in embodiment 3 of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Example 1
Referring to fig. 1, a flow chart of an embodiment of an inbound message processing method based on a power gateway provided by the present invention is shown, the method includes steps 101 to 105, and each step includes the following steps:
In this embodiment, the step of searching for the SA protocol associated with the encrypted data packet according to the local policy specifically includes: judging whether an SA protocol associated with the encrypted data message exists in the local strategy or not, and directly configuring and using the SA protocol when the SA protocol associated with the encrypted data message exists in the local strategy; and filtering the encrypted data message when determining that the SA protocol associated with the encrypted data message does not exist in the local policy.
And 102, carrying out decapsulation processing on the encrypted data message to obtain encrypted data and an authentication message.
And 103, calculating the original data message through a verification algorithm to obtain verification data. In this embodiment, the verification algorithm is an integrity verification algorithm.
And 104, when the verification data is determined to be consistent with the authentication message, decrypting the encrypted data through an algorithm key in the SA protocol to obtain original data.
In another embodiment, the inbound message processing method based on the power gateway further includes: and filtering the encrypted data message when the verification data is determined to be inconsistent with the authentication message.
And 105, after the original data are obtained, calling a counter, adding a preset constant value to the value of the counter, and generating a new SA protocol through protocol communication with a receiving end when the value of the counter reaches a preset maximum value.
Specifically, firstly, in order to keep the authentication algorithm and the encryption algorithm of the two communication parties consistent and establish the relationship with each other, a security association is adopted to establish the relationship in the use process, SA is an agreement established by negotiation between the two IPSec entities, and the contents include which IPSec protocol (ESP), a running mode (tunnel mode), a verification algorithm, an encryption key, a key lifetime, an anti-replay window, a counter and the like are adopted, so that what to protect, how to protect and who to protect are determined. The SA can be said to form the basis of the transmission. The transmission scheme finally constructs a database SADB of SA, which is used for maintaining the SA records of IPSec protocol for guaranteeing the safety of data packets. Before IPSec protects IP packets, a security association must be established, either manually or dynamically. The SA is unidirectional, with the ingress SA responsible for processing received packets and the egress SA responsible for processing packets to be transmitted. Therefore, each communication party must have two SAs, an ingress SA and an egress SA, which constitute an SA bundle. The Internet key exchange is used to dynamically establish a security association, and key agreement negotiates the SA on behalf of IPSec and populates the SADB.
Before sending an ESP message, checking the existence of a local policy SA, establishing the SA when key negotiation is completed, initializing a serial number counter for sending to 0, encapsulating the whole original IP data message into an ESP load field when sending data, filling according to the message length, and finally encrypting by using a specified key, an encryption algorithm and an IV. After a message is sent, the counter is increased by 1, and when the counter reaches the maximum value, a new SA is generated. In addition, the sender will calculate the ICV on the ESP message excluding the authentication data field, and add the calculated value to the authentication data field as the SM3 integrity check value. And when the length of the IP data message exceeds the MTU of the ESP output interface, the data message is fragmented.
When the message is inbound, checking whether the data needs to be recombined, if so, recombining the IP data message to obtain an ESP encapsulated data packet, searching the SA according to a destination IP address, the SPI and the like, and discarding the message when the search fails. As with the sending end, when the SA is established, the receiving end sequence number counter is initialized to 0, for each received message, the receiving end has a corresponding acknowledgement sequence number, and within the life cycle of the SA, no duplicate receiving sequence number exists, otherwise the message is discarded. And after receiving the message, the receiver calculates the ICV of the message by adopting an integrity check algorithm, if the ICV is consistent with the ICV during outbound, the message is successfully received, then the receiver decrypts the message by using a specified secret key, an encryption algorithm and an IV, and finally reconstructs the decrypted message to the original IP data message.
The method provided by the embodiment obtains the encryption algorithm and the algorithm key which are in advance communicated with the sending end protocol through the SA protocol, decrypts the received encrypted data message, can accurately decrypt the encrypted transmission data, ensures the safety of the data in the transmission process, combines the counter to count the processing times, timely changes the SA protocol when reaching a certain value, can avoid the crisis that the encryption strategy is cracked without being changed for a long time, improves the safety in the data transmission process, and avoids the leakage of confidential information.
Example 2
Fig. 2 is a schematic structural diagram of an embodiment of an inbound message processing apparatus based on a power gateway, the apparatus including: the device comprises a data receiving module, a data decapsulating module, a data checking module, a data decrypting module and a counting judging module; the modules are as follows:
the data receiving module is used for receiving the encrypted data message transmitted by the transmitting end and searching an SA protocol associated with the encrypted data message according to a local strategy; the SA protocol includes an encryption algorithm and an algorithm key.
In this embodiment, the data receiving module includes: a protocol judging unit, configured to judge whether an SA protocol associated with the encrypted data packet exists in the local policy, and directly configure and use the SA protocol when it is determined that the SA protocol associated with the encrypted data packet exists in the local policy; and filtering the encrypted data message when determining that the SA protocol associated with the encrypted data message does not exist in the local policy.
And the data decapsulation module is used for decapsulating the encrypted data message to obtain encrypted data and an authentication message.
And the data checking module is used for calculating the original data message through a checking algorithm to obtain checking data.
In this embodiment, the verification algorithm is an integrity verification algorithm.
And the data decryption module is used for decrypting the encrypted data through the algorithm key in the SA protocol to obtain the original data when the verification data is determined to be consistent with the authentication message.
In another embodiment, the inbound message processing device based on the power gateway further includes: and the data filtering module is used for filtering the encrypted data message when the verification data is determined to be inconsistent with the authentication message.
And the counting judgment module is used for calling a counter after the original data is obtained, adding a preset constant value to the value of the counter, and generating a new SA protocol through protocol communication with a receiving end when the value of the counter reaches a preset maximum value.
The device provided by the embodiment acquires the encryption algorithm and the algorithm key which are in advance communicated with the sending end protocol through the SA protocol, decrypts the received encrypted data message, can accurately decrypt the encrypted transmission data, ensures the safety of the data in the transmission process, and combines the counting and processing times of the counter, when a certain value is reached, the SA protocol is replaced in time, the crisis that the encryption strategy is cracked without being replaced for a long time can be avoided, the safety in the data transmission process is improved, and the leakage of confidential information is avoided.
Example 3
Fig. 3 is a schematic structural diagram of an inbound message processing apparatus based on a power gateway according to embodiment 3 of the present invention. The device includes: a processor, a memory, and a computer program stored in the memory and executable on the processor, such as a program for an inbound message processing method. The processor, when executing the computer program, implements the steps of the above-described inbound message processing method based on the power gateway, such as steps 101 to 105 shown in fig. 1.
Illustratively, the computer program may be partitioned into one or more modules that are stored in the memory and executed by the processor to accomplish the present application. The one or more modules may be a series of computer program instruction segments capable of performing certain functions, which are used to describe the execution of the computer program in the inbound message processing device based on the power gateway.
The power gateway based inbound message processing device may include, but is not limited to, a processor, a memory, and a computer program stored in the memory. Those skilled in the art will appreciate that fig. 3 is merely an example of a power gateway based inbound message processing apparatus and does not constitute a limitation of a power gateway based inbound message processing apparatus, and may include more or fewer components than those shown, or some components in combination, or different components, e.g., the power gateway based inbound message processing apparatus may also include an input-output device, a network access device, a bus, etc.
The Processor may be a Central Processing Unit (CPU), other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic device, discrete hardware component, etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The memory may be an internal storage unit of the power gateway based inbound message processing device, such as a hard disk or a memory of the power gateway based inbound message processing device. The memory may also be an external storage device, such as a plug-in hard drive provided on the inbound message processing device based on the power gateway, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and so forth. Further, the memory may also include both an internal memory unit and an external memory device of the power gateway based inbound message processing apparatus. The memory is used to store the computer program and other programs and data needed for the power gateway based inbound message processing method. The memory may also be used to temporarily store data that has been output or is to be output.
It will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-mentioned division of the functional units and modules is illustrated, and in practical applications, the above-mentioned function distribution may be performed by different functional units and modules according to needs, that is, the internal structure of the apparatus is divided into different functional units or modules to perform all or part of the above-mentioned functions. Each functional unit and module in the embodiments may be integrated in one processing unit, or each unit may exist alone physically, or two or more units are integrated in one unit, and the integrated unit may be implemented in a form of hardware, or in a form of software functional unit. In addition, specific names of the functional units and modules are only for convenience of distinguishing from each other, and are not used for limiting the protection scope of the present application. The specific working processes of the units and modules in the system may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the above embodiments, the descriptions of the respective embodiments have respective emphasis, and reference may be made to the related descriptions of other embodiments for parts that are not described or illustrated in a certain embodiment.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
In the embodiments provided in the present invention, it should be understood that the disclosed apparatus/terminal device and method may be implemented in other ways. For example, the above-described embodiments of the apparatus/terminal device are merely illustrative, and for example, the division of the modules or units is only one logical division, and there may be other divisions when actually implemented, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment. In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated modules/units, if implemented in the form of software functional units and sold or used as separate products, may be stored in a computer readable storage medium. Based on such understanding, all or part of the flow of the method according to the embodiments of the present invention may also be implemented by a computer program, which may be stored in a computer-readable storage medium, and when the computer program is executed by a processor, the steps of the method embodiments may be implemented. Wherein the computer program comprises computer program code, which may be in the form of source code, object code, an executable file or some intermediate form, etc. The computer-readable medium may include: any entity or device capable of carrying the computer program code, recording medium, usb disk, removable hard disk, magnetic disk, optical disk, computer Memory, Read-only Memory (ROM), Random Access Memory (RAM), electrical carrier wave signals, telecommunications signals, software distribution medium, and the like. It should be noted that the computer readable medium may contain content that is subject to appropriate increase or decrease as required by legislation and patent practice in jurisdictions, for example, in some jurisdictions, computer readable media does not include electrical carrier signals and telecommunications signals as is required by legislation and patent practice.
The above-mentioned embodiments are provided to further explain the objects, technical solutions and advantages of the present invention in detail, and it should be understood that the above-mentioned embodiments are only examples of the present invention and are not intended to limit the scope of the present invention. It should be understood that any modifications, equivalents, improvements and the like, which come within the spirit and principle of the invention, may occur to those skilled in the art and are intended to be included within the scope of the invention.
Claims (3)
1. An inbound message processing method based on a power gateway, comprising:
receiving an encrypted data message transmitted by a transmitting end, and searching an SA protocol associated with the encrypted data message according to a local strategy; the SA protocol comprises an encryption algorithm and an algorithm key;
decapsulating the encrypted data message to obtain encrypted data and an authentication message;
calculating the original data message through a verification algorithm to obtain verification data; the checking algorithm is an integrity checking algorithm;
when the verification data is determined to be consistent with the authentication message, carrying out decryption processing on the encrypted data through an algorithm key in the SA protocol to obtain original data;
after the original data are obtained, a counter is called, a preset constant value is added to the value of the counter, and when the value of the counter reaches a preset maximum value, a new SA protocol is generated through protocol communication with a receiving end;
the step of searching for the SA protocol associated with the encrypted data packet according to the local policy specifically includes:
judging whether an SA protocol associated with the encrypted data message exists in the local strategy or not, and directly configuring and using the SA protocol when the SA protocol associated with the encrypted data message exists in the local strategy; filtering the encrypted data packet when it is determined that the SA protocol associated with the encrypted data packet does not exist in the local policy;
the inbound message processing method based on the power gateway further comprises the following steps: and filtering the encrypted data message when the verification data is determined to be inconsistent with the authentication message.
2. An inbound message processing apparatus based on a power gateway, comprising:
the data receiving module is used for receiving the encrypted data message transmitted by the transmitting end and searching an SA protocol associated with the encrypted data message according to a local strategy; the SA protocol comprises an encryption algorithm and an algorithm key;
the data decapsulation module is used for decapsulating the encrypted data message to obtain encrypted data and an authentication message;
the data checking module is used for calculating the original data message through a checking algorithm to obtain checking data; the checking algorithm is an integrity checking algorithm;
the data decryption module is used for decrypting the encrypted data through an algorithm key in the SA protocol to obtain original data when the verification data is determined to be consistent with the authentication message;
the counting judgment module is used for calling a counter after the original data are obtained, increasing a preset constant value to the value of the counter, and generating a new SA protocol through protocol communication with a receiving end when the value of the counter reaches a preset maximum value;
the data receiving module includes: a protocol judging unit, configured to judge whether an SA protocol associated with the encrypted data packet exists in the local policy, and directly configure and use the SA protocol when it is determined that the SA protocol associated with the encrypted data packet exists in the local policy; filtering the encrypted data packet when it is determined that the SA protocol associated with the encrypted data packet does not exist in the local policy;
the inbound message processing apparatus based on a power gateway further comprises: and the data filtering module is used for filtering the encrypted data message when the verification data is determined to be inconsistent with the authentication message.
3. A power gateway based inbound message processing apparatus comprising a memory, a processor and a computer program stored in the memory and executable on the processor, wherein the processor when executing the computer program implements the steps of the power gateway based inbound message processing method according to any of claims 1 to 2.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010467052.5A CN111614692B (en) | 2020-05-28 | 2020-05-28 | Inbound message processing method and device based on power gateway |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010467052.5A CN111614692B (en) | 2020-05-28 | 2020-05-28 | Inbound message processing method and device based on power gateway |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111614692A CN111614692A (en) | 2020-09-01 |
| CN111614692B true CN111614692B (en) | 2021-06-08 |
Family
ID=72203371
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010467052.5A Active CN111614692B (en) | 2020-05-28 | 2020-05-28 | Inbound message processing method and device based on power gateway |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111614692B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112235261B (en) * | 2020-09-26 | 2023-04-07 | 建信金融科技有限责任公司 | Message encryption and decryption method and device, electronic equipment and readable storage medium |
| CN113127911B (en) * | 2021-05-06 | 2022-05-20 | 国网河北省电力有限公司信息通信分公司 | Power data encryption method, device and terminal |
| CN114244577A (en) * | 2021-11-24 | 2022-03-25 | 贵州电网有限责任公司 | Message processing method based on ESP |
| CN118041703B (en) * | 2024-04-12 | 2024-06-14 | 长江三峡集团实业发展(北京)有限公司 | Industrial protocol encryption transmission method, device, equipment and medium |
Family Cites Families (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101577725B (en) * | 2009-06-26 | 2012-09-26 | 杭州华三通信技术有限公司 | Message synchronization method of anti-replay mechanism, device and system thereof |
| US8630416B2 (en) * | 2009-12-21 | 2014-01-14 | Intel Corporation | Wireless device and method for rekeying with reduced packet loss for high-throughput wireless communications |
| CN101764693B (en) * | 2009-12-24 | 2013-01-30 | 福建星网锐捷网络有限公司 | Authentication method, system, client and network equipment |
| CN104219217B (en) * | 2013-06-05 | 2020-03-10 | 中国移动通信集团公司 | Security association negotiation method, device and system |
| CN103795541B (en) * | 2013-12-13 | 2017-03-22 | 国网上海市电力公司 | Secure communication method of electricity information acquisition system of 230M wireless private network channel |
| CN105635141B (en) * | 2015-12-29 | 2018-12-21 | 沈文策 | A kind of information transferring method and device |
| CN106357690B (en) * | 2016-11-08 | 2019-12-10 | 浙江中控技术股份有限公司 | data transmission method, data sending device and data receiving device |
| CN107682284B (en) * | 2017-08-02 | 2021-06-01 | 华为技术有限公司 | Method and network device for sending message |
| CN108900295A (en) * | 2018-07-02 | 2018-11-27 | 国网电力信息通信有限公司 | Data sending, receiving method, apparatus and system based on quantum key encryption |
| CN109194656A (en) * | 2018-09-10 | 2019-01-11 | 国家电网有限公司 | A kind of method of distribution wireless terminal secure accessing |
| CN110190956A (en) * | 2019-05-28 | 2019-08-30 | 杭州迪普科技股份有限公司 | Data transmission method, device, electronic equipment and machine readable storage medium |
-
2020
- 2020-05-28 CN CN202010467052.5A patent/CN111614692B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN111614692A (en) | 2020-09-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111614691B (en) | Outbound message processing method and device based on power gateway | |
| CN111614692B (en) | Inbound message processing method and device based on power gateway | |
| CN111245862A (en) | System for safely receiving and sending terminal data of Internet of things | |
| US12316619B2 (en) | Methods and systems for internet key exchange re-authentication optimization | |
| CN109714292B (en) | Method and device for transmitting messages | |
| CN112422560A (en) | Secure communication method and system for lightweight substation based on secure socket layer | |
| CN107040446B (en) | VPN tunnel protocol realizing method | |
| CN111756627A (en) | Cloud platform security access gateway of electric power monitored control system | |
| Kaufman et al. | Rfc 7296: Internet key exchange protocol version 2 (ikev2) | |
| US20250133068A1 (en) | Encrypted communication method and apparatus, device, and storage medium | |
| CN113572766A (en) | Power data transmission method and system | |
| WO2023151479A1 (en) | Data processing method, and device | |
| TW201537937A (en) | Unified identity authentication platform and authentication method thereof | |
| EP3944554A1 (en) | Rollover of encryption keys in a packet-compatible network | |
| CN115766172B (en) | Message forwarding method, device, equipment and medium based on DPU and national cipher | |
| Jucker | Securing the constrained application protocol | |
| KR20230039722A (en) | Pre-shared key PSK update method and device | |
| CN113746861A (en) | Data transmission encryption and decryption method and encryption and decryption system based on state encryption technology | |
| CN114173312A (en) | Method for realizing wireless network VPN cipher machine without any physical connection | |
| CN115834026A (en) | A Safe Encryption Method Based on Industrial Protocol | |
| CN113098830B (en) | Communication methods and related products | |
| CN111416791B (en) | Data transmission method, equipment and system | |
| CN114584973A (en) | MACsec channel establishment method, network equipment and system | |
| CN118074968A (en) | IPSec VPN establishment method and device | |
| CN105391691A (en) | Communication control method, device and system based on cloud computing |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |