CN105591752A - Method and apparatus for reducing DTLS decryption time delay - Google Patents
Method and apparatus for reducing DTLS decryption time delay Download PDFInfo
- Publication number
- CN105591752A CN105591752A CN201511022107.7A CN201511022107A CN105591752A CN 105591752 A CN105591752 A CN 105591752A CN 201511022107 A CN201511022107 A CN 201511022107A CN 105591752 A CN105591752 A CN 105591752A
- Authority
- CN
- China
- Prior art keywords
- dtls
- hmac
- ciphertext
- deciphering
- time delay
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 44
- 238000005498 polishing Methods 0.000 claims description 33
- 230000008569 process Effects 0.000 claims description 29
- 230000009467 reduction Effects 0.000 claims description 13
- 238000012545 processing Methods 0.000 abstract description 12
- 230000000295 complement effect Effects 0.000 abstract 2
- 241001269238 Data Species 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 4
- 238000012795 verification Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 2
- 239000000203 mixture Substances 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000012938 design process Methods 0.000 description 1
- 239000012634 fragment Substances 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000011112 process operation Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3242—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a method and an apparatus for reducing DTLS decryption time delay. The method includes: decryption operation of a DTLS encryption ciphertext is performed, and complementary fields of a plaintext after decryption is obtained; authentication operation of the DTLS encryption ciphertext is performed during decryption operation, and a plurality of HMAC values are obtained via calculation; a local HMAC value is selected form the plurality of HMAC values according to the decrypted complementary fields; and the local HMAC value is compared with an HMAC field carried in the message, and if the HMAC value is equal to the HMAC field, the decryption is successful. According to the method and the apparatus, on one hand, the processing time of DTLS decryption is reduced, and the processing bandwidth of the CAPWAP ciphertext by the chip is increased; on the other hand, the chip storage area is reduced, and the chip cost is reduced.
Description
Technical field
The present invention relates to a kind of DTLS decryption technology, while especially relating to a kind of DTLS of reduction decipheringThe method of prolonging and device.
Background technology
According to the tunnel protocol rfc5415's between WAP (AP) and wireless controller (AC)Describe, in order to prevent that the data between AP and AC are ravesdropping, CAPWAP (ControlAndPrOvisioningofWirelessAccessPoints, the control of WAP and configuration) employing DTLS (DatagramTransportLayerSecurity, data packet transmission layer security protocol) is to its numberCarry out encryption and decryption processing according to bag, communication is used for guaranteeing network security. Rfc5415 has specified DTLS simultaneouslyBe used for the enciphering and deciphering algorithm TLS_RSA_WITH_AES_ that must support while encrypting CAPWAP message128_CBC_SHA, the meaning of this algorithm is: adopt that RSA is asymmetric adds the DTLS protocol handshake stageDecipherment algorithm, data transfer phase adopts the AES128 enciphering and deciphering algorithm of CBC pattern, adopts simultaneouslyEnsure the integrality of data with SHA checking algorithm.
As shown in Figure 1, it has simply been described and how by DTLS, CAPWAP message to be encrypted:First between UDP stem expressly of CAPWAP and CAPWAP stem, insert the CA of 4 bytesThe DTLS stem of PWAPDTLS stem and 13 bytes; Then by DTLS stem, CAPWAPStem is carried out SHA computing together with CAPWAP valid data, obtains the HMAC value of 20 bytes,This HMAC value need to be added to after CAPWAP valid data; Next C needs being encryptedAPWAP stem, CAPWAP valid data, HMAC value are encrypted, and calculate according to AESMethod, first needs the integral multiple to 16 bytes by the content polishing of encrypting, namely " mending in Fig. 1Neat field ", if need to mend 8 bytes, " polishing field " is made up of the 0x07 of 8 bytes; CThe aes algorithm of BC pattern needs the random IV field that generates 16 bytes in the time encrypting, thisField need to be inserted between DTLS stem and CAPWAP stem.
The process of deciphering is contrary with ciphering process, as shown in Figure 2, and for existing typical DTLS separatesThe handling process of close module: the ciphertext after IV field in input data is carried out to AES decrypt operation;After whole data deciphering completes, just can obtain " polishing field " expressly, according to last byte" polishing field " can obtain the length of whole " polishing field "; Polishing field is removed,Rear 20 byte datas are exactly HMAC value; Next need to upgrade " the length word in DTLS stemSection "; By CAPWAP stem, CAPWAP significant figure after the DTLS stem after upgrading, decipheringAccording to carrying out HMAC computing; In the HMAC value finally previous step being calculated and message, carryHMAC field compares, if equated, shows that receiving terminal correctly deciphers, and certification is passed through, noShow Decryption failures.
The process of existing deciphering and certification is serial operation, need to wait whole ciphertext to carry out aes algorithm solutionAfter close, just can obtain polishing field, thereby upgrade DTLS stem, then just can carry out SHA algorithmVerification process, the shortcoming that this operation brings is to produce larger deciphering time delay, affects chip pairThe processing bandwidth of DTLS ciphertext; And because deciphering just can be carried out verification process after finishing, thatJust need in decryption engine, increase internal memory, whole message is preserved, otherwise the number authenticatingAccording to losing, will consume so certain internal memory, and CAPWAP message is longer, this needsInternal memory that will be reserved is just larger, and the cost of chip is just larger. Or the process of existing DTLS encryption and decryptionCompleted by CPU completely, chip-scale do not support, this mode can increase the load of CPU, Er QieqiProcessing speed can be limited to the disposal ability of CPU, cannot meet switch hundred G linear speed disposal abilities.
Summary of the invention
The object of the invention is to overcome the defect of prior art, when a kind of DTLS of reduction deciphering is providedThe method of prolonging and device, by DTLS deciphering and verification process are carried out to parallel work-flow, effectively to fallThe time consumption of low DTLS deciphering reduces chip-stored space simultaneously.
For achieving the above object, the present invention proposes following technical scheme: when a kind of DTLS of reduction deciphersThe method of prolonging, comprising:
DTLS is encrypted to ciphertext and be decrypted computing, obtain the rear polishing field expressly of deciphering;
In decrypt operation, described DTLS is encrypted to ciphertext and carry out authentication algorithm, calculate manyIndividual HMAC value;
From multiple described HMAC values, select this locality according to the described polishing field after decipheringHMAC value;
The HMAC field of carrying in described local HMAC value and message is compared, if equate,Successful decryption.
Preferably, DTLS being encrypted to the process that ciphertext is decrypted computing comprises: DTLS is encryptedCAPWAP stem, CAPWAP valid data and HMAC field in ciphertext after IV field are enteredRow decrypt operation, obtains the rear polishing field expressly of deciphering.
Preferably, DTLS being encrypted to the process that ciphertext carries out authentication algorithm comprises: according to polishing fieldThe multiple byte lengths that exist upgrade respectively DTLS and encrypt the DTLS stem in ciphertext, then will obtainEach DTLS stem and DTLS to encrypt CAPWAP stem, CAPWAP in ciphertext effectiveData are all carried out authentication algorithm one time, thereby obtain multiple HMAC values.
Preferably, the length of described polishing field is any one length in 1~16 byte.
Preferably, the time that the decrypt operation of DTLS encryption ciphertext and authentication algorithm consume is identical.
The present invention also proposes another technical scheme: a kind of device of the DTLS of reduction deciphering time delay, bagDraw together: decrypt operation module, multiple authentication algorithm module, multiselect one selector and deciphering authentication module,
Described decrypt operation module is decrypted computing for DTLS is encrypted to ciphertext, obtains after decipheringPolishing field expressly;
Described authentication algorithm module is for when decrypt operation module is decrypted computing, to describedDTLS encrypts ciphertext and carries out authentication algorithm, calculates HMAC value;
Described multiselect one selector is recognized from multiple for the polishing field going out according to decrypt operation module decryptsIn the HMAC value that card computing module calculates, select local HMAC value;
The HMAC of described decrypted authentication module for described local HMAC value and message are carriedField compares, if equate successful decryption.
Preferably, described decrypt operation module is decrypted the field of computing and is: DTLS encrypts ciphertextCAPWAP stem, CAPWAP valid data and HMAC field after middle IV field.
Preferably, each described authentication algorithm module is upgraded according to the length of correspondence polishing fieldDTLS encrypts the DTLS stem in ciphertext, and the DTLS stem obtaining and DTLS are added denseCAPWAP stem in literary composition, CAPWAP valid data carry out authentication algorithm one time, thereby obtainCorresponding HMAC value.
Preferably, described authentication algorithm module is 1~16.
Preferably, described decrypt operation module is identical with the byte number of authentication algorithm module, and both enterThe operation time of row is identical.
The invention has the beneficial effects as follows:
1, the present invention, by the concurrent process operation of DTLS deciphering and certification, deciphers thereby reduce DTLSProcessing time, increase exchanger chip and process the ability of CAPWAP ciphertext.
2, the DTLS deciphering module in chip of the present invention does not need to store whole message, thereby has reducedStorage area, has reduced chip cost.
Brief description of the drawings
Fig. 1 is the message format schematic diagram that DTLS is encrypted CAPWAP message;
Fig. 2 is the schematic flow sheet of existing DTLS decrypting process;
Fig. 3 is the schematic flow sheet that the present invention reduces the method for DTLS deciphering time delay;
Fig. 4 is the principle schematic that the present invention reduces the device of DTLS deciphering time delay.
Detailed description of the invention
Below in conjunction with accompanying drawing of the present invention, the technical scheme of the embodiment of the present invention is carried out clear, completeWhole description.
Disclosed a kind of method and device that reduces DTLS deciphering time delay, props up in chip-scaleHold under the prerequisite of DTLS decipherment algorithm, the serial flow process of first deciphering reauthentication is optimized, makeThe process of deciphering and certification can parallel work-flow, thereby reduces the processing time of DTLS deciphering, increasesExchanger chip is processed the ability of CAPWAP ciphertext. Under this mechanism, DTLS deciphers mould simultaneouslyPiece does not need to store whole message, thereby has reduced storage area, has reduced chip cost.
By analysis, in CAPWAP ciphertext, the length field in DTLS stem comprises 16 bytesIV field, CAPWAP stem, CAPWAP valid data, HMAC and the length of 20 bytesSpend indefinite polishing field. And length field in the DTLS stem that verification process participates in calculating, onlyComprise CAPWAP stem, these two parts of CAPWAP valid data. And polishing field itself byEncrypt, only had completely after deciphering, how many bytes of just having known polishing. Therefore existing DTLS messageVerification process is all after decrypting process, is serial operation.
The present invention, after having studied AES128 algorithm, utilizes polishing field only may exist and mends 1~16These 16 kinds of situations of byte, therefore, in the time that deciphering module is processed DTLS stem, may exist16 kinds of situations are all calculated, thereby realize, DTLS deciphers and verification process carries out simultaneously.
Particularly, as shown in Figure 3, disclosed a kind of side that reduces DTLS deciphering time delayMethod, comprises the following steps:
Step 1, encrypts ciphertext to DTLS and is decrypted computing.
Concrete can be with reference to the DTLS decrypt operation process shown in Fig. 2:
First (be, first CAPWAP stem, CAPWAP by inputting the ciphertext after IV field in dataValid data and 20 byte HMAC fields) carry out AES decrypt operation, obtain the rear CAPWAP of decipheringLast byte expressly, i.e. the length of whole polishing field;
Secondly, the polishing field of DTLS ciphertext is removed, last 20 byte datas are exactly HMACValue, i.e. the required HMAC value of access authentication process.
Step 2 is encrypted ciphertext to DTLS and is carried out authentication algorithm in decrypt operation.
Shown in Fig. 4, (the present invention changes into 16 parts by the logic example that realizes of SHA identifying algorithmOnly may exist and mend 1~16 byte according to polishing field), divide according to the byte length of polishing field 1~16Do not upgrade the length field in DTLS stem, every a processing logic calculates separately backward again, soFinally can obtain 16 kinds of possible HMAC values, 16 kinds of situations that polishing field length existed are equalCarry out SHA authentication algorithm. After having deciphered, according to being decrypted into polishing word expressly in step 1Section, selects correct HMAC, the HMAC that local computing obtains from 16 HMAC value the insidesValue. Can realize like this synchronization of decrypt operation process and authentication algorithm process.
The process of the SHA authentication algorithm of every a exampleization can be with reference to shown in Fig. 2: according to polishing fieldByte length upgrades DTLS and encrypts the DTLS stem in ciphertext, then by the each DTLS head obtainingCAPWAP stem, CAPWAP valid data that portion and DTLS encrypt in ciphertext all carry out onceAuthentication algorithm, thus multiple HMAC values obtained. The present invention is here for the AES of DTLS ciphertextDecrypt operation algorithm and SHA identifying algorithm are not described, specifically can be referring to the phase in rfc5415 agreementClose regulation.
Step 3, compares the HMAC field of carrying in local HMAC value and message, ifEquate successful decryption.
Be the HMAC value that local computing goes out, need with the HMAC field comparison of carrying in message, asFruit equates, authentication success shows that receiving terminal correctly deciphers, and just can carry out ensuing message processingLogic, otherwise show this message Decryption failures, need to abandon.
The present invention has also disclosed the device of a kind of DTLS of reduction deciphering time delay, comprise decrypt operation module,Multiple authentication algorithm modules, multiselect one selector and deciphering authentication module, decrypt operation module is correspondingN decrypt operation unit shown in Fig. 4, it is encrypted ciphertext for DTLS and is decrypted computing,Concrete operation process can, with reference to foregoing description, not repeat here. Authentication algorithm module is corresponding diagram 4Shown in N-1 authentication algorithm unit, concrete operation process is equally with reference to foregoing description. MultiselectOne selector (16 in figure selects 1 selector) is decrypted into polishing field expressly for basis, fromCorrect HMAC, the HMAC value that local computing obtains are selected in 16 HMAC value the insides. SeparateClose authentication module compares for the HMAC field that local HMAC value and message are carried,If equate, successful decryption, just can carry out ensuing message processing logic, otherwise show this reportLiterary composition Decryption failures, need to abandon.
Preferably, the present invention considers that aes algorithm is taking 16 bytes as a data processing unit,SHA algorithm is taking 64 bytes as a processing unit, so unified taking 64 bytes as one while decipheringProcessing unit. In order to maximize the parallel work-flow of AES and SHA algorithm, using RTL (RegisterTransferLevel is Verilog hardware description language coding stage in chip design process) realizeWhen AES and SHA algorithm, optimize the step in algorithm separately, make 64 byte datas carry out AESThe time of deciphering and 64 byte datas are carried out the time consistency of SHA algorithm. Like this, for chip,Each is processed in sequential, in the time that N processing unit is decrypted operation, processes single for N-1Unit is carrying out authentication algorithm, realizes both Complete Synchronizations.
Based on improvement of the present invention, reduce the chip processing time on the one hand, increase CAPWAPThe processing bandwidth of ciphertext; Need to not preserve whole CAPWAP message at deciphering module on the other hand, onlyNeed to preserve and work as the deciphering of pretreatment unit and the result of certification, to then process the next list of processingUnit. Once last message authentication failure, deciphering module sends the signal of authentification failure, beforeAll abandon through the message fragment of going out from deciphering module, this advantage is along with the increase meeting of message lengthMore obvious.
Technology contents of the present invention and technical characterictic disclose as above, but are familiar with the technology people of this areaMember still may do based on teaching of the present invention and announcement allly do not deviate from the replacement of spirit of the present invention and repairDecorations, therefore, protection domain of the present invention should be not limited to the content that embodiment discloses, and should comprise variousDo not deviate from replacement of the present invention and modification, and contained by present patent application claim.
Claims (10)
1. a method that reduces DTLS deciphering time delay, is characterized in that, comprising:
DTLS is encrypted to ciphertext and be decrypted computing, obtain the rear polishing field expressly of deciphering;
In decrypt operation, described DTLS is encrypted to ciphertext and carry out authentication algorithm, calculate manyIndividual HMAC value;
From multiple described HMAC values, select local HMAC according to the described polishing field after decipheringValue;
The HMAC field of carrying in described local HMAC value and message is compared, if equate,Successful decryption.
2. the method for reduction DTLS deciphering time delay according to claim 1, is characterized in that, rightDTLS encrypts the process that ciphertext is decrypted computing and comprises: DTLS is encrypted in ciphertext after IV fieldCAPWAP stem, CAPWAP valid data and HMAC field be decrypted computing, obtainThe polishing field of plaintext after deciphering.
3. the method for reduction DTLS deciphering time delay according to claim 1, is characterized in that, rightThe process that DTLS encryption ciphertext is carried out authentication algorithm comprises: the multiple byte longs that exist according to polishing fieldDegree upgrades respectively DTLS and encrypts the DTLS stem in ciphertext, then by the each DTLS stem obtainingCAPWAP stem, the CAPWAP valid data encrypted in ciphertext with DTLS all once authenticateComputing, thus multiple HMAC values obtained.
4. the method for reduction DTLS deciphering time delay according to claim 3, is characterized in that instituteThe length of stating polishing field is any one length in 1~16 byte.
5. the method for reduction DTLS deciphering time delay according to claim 1, is characterized in that DTLSThe time that the decrypt operation of encryption ciphertext and authentication algorithm consume is identical.
6. a device that reduces DTLS deciphering time delay, is characterized in that, comprising: decrypt operation module,Multiple authentication algorithm modules, multiselect one selector and deciphering authentication module,
Described decrypt operation module is decrypted computing for DTLS is encrypted to ciphertext, obtains after decipheringPolishing field expressly;
Described authentication algorithm module is for when decrypt operation module is decrypted computing, to describedDTLS encrypts ciphertext and carries out authentication algorithm, calculates HMAC value;
Described multiselect one selector is recognized from multiple for the polishing field going out according to decrypt operation module decryptsIn the HMAC value that card computing module calculates, select local HMAC value;
The HMAC of described decrypted authentication module for described local HMAC value and message are carriedField compares, if equate successful decryption.
7. the device of reduction DTLS deciphering time delay according to claim 6, is characterized in that instituteStating the field that decrypt operation module is decrypted computing is: DTLS encrypts in ciphertext after IV fieldCAPWAP stem, CAPWAP valid data and HMAC field.
8. the device of reduction DTLS deciphering time delay according to claim 6, is characterized in that, everyIndividual described authentication algorithm module is upgraded DTLS according to the length of correspondence polishing field and is encrypted ciphertextIn DTLS stem, and the DTLS stem obtaining and DTLS are encrypted to the CAPWAP in ciphertextStem, CAPWAP valid data carry out authentication algorithm one time, thereby obtain corresponding HMAC value.
9. the device of reduction DTLS deciphering time delay according to claim 8, is characterized in that instituteStating authentication algorithm module is 1~16.
10. the device of reduction DTLS deciphering time delay according to claim 6, is characterized in that,Described decrypt operation module is identical with the byte number of authentication algorithm module, and both operation times of carrying outIdentical.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201511022107.7A CN105591752B (en) | 2015-12-31 | 2015-12-31 | A kind of method and device reducing DTLS decryption time delay |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201511022107.7A CN105591752B (en) | 2015-12-31 | 2015-12-31 | A kind of method and device reducing DTLS decryption time delay |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105591752A true CN105591752A (en) | 2016-05-18 |
| CN105591752B CN105591752B (en) | 2019-01-08 |
Family
ID=55931028
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201511022107.7A Active CN105591752B (en) | 2015-12-31 | 2015-12-31 | A kind of method and device reducing DTLS decryption time delay |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105591752B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114050920A (en) * | 2021-10-29 | 2022-02-15 | 山东多次方半导体有限公司 | Transparent network encryption system implementation method based on FPGA |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080304485A1 (en) * | 2007-06-06 | 2008-12-11 | Santanu Sinha | Centrally controlled routing with tagged packet forwarding in a wireless mesh network |
| CN103036648A (en) * | 2012-12-13 | 2013-04-10 | 福建星网锐捷网络有限公司 | Control and provisioning of wireless access point (CAPWAP) message processing method and processing device |
| CN104735037A (en) * | 2013-12-24 | 2015-06-24 | 中国移动通信集团公司 | Network authentication method, device and system |
| CN105162791A (en) * | 2015-09-23 | 2015-12-16 | 盛科网络(苏州)有限公司 | CAPWAP-based shared key using method and device |
-
2015
- 2015-12-31 CN CN201511022107.7A patent/CN105591752B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080304485A1 (en) * | 2007-06-06 | 2008-12-11 | Santanu Sinha | Centrally controlled routing with tagged packet forwarding in a wireless mesh network |
| CN103036648A (en) * | 2012-12-13 | 2013-04-10 | 福建星网锐捷网络有限公司 | Control and provisioning of wireless access point (CAPWAP) message processing method and processing device |
| CN104735037A (en) * | 2013-12-24 | 2015-06-24 | 中国移动通信集团公司 | Network authentication method, device and system |
| CN105162791A (en) * | 2015-09-23 | 2015-12-16 | 盛科网络(苏州)有限公司 | CAPWAP-based shared key using method and device |
Non-Patent Citations (2)
| Title |
|---|
| K. HARTKE: "A DTLS Profile for the Internet of Things", 《INTERNET-DRAFT A DTLS PROFILE FOR THE INTERNET OF THINGS》 * |
| 李洋: "安全组播通信技术的研究与实现", 《中国博士学位论文全文数据库》 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114050920A (en) * | 2021-10-29 | 2022-02-15 | 山东多次方半导体有限公司 | Transparent network encryption system implementation method based on FPGA |
| CN114050920B (en) * | 2021-10-29 | 2024-07-16 | 山东多次方半导体有限公司 | Transparent network encryption system implementation method based on FPGA |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105591752B (en) | 2019-01-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7688974B2 (en) | Rijndael block cipher apparatus and encryption/decryption method thereof | |
| US9294266B2 (en) | Method and apparatus to encrypt plaintext data | |
| KR101047265B1 (en) | AES encryption / decryption circuit | |
| US8594321B2 (en) | Apparatus and method for operating a symmetric cipher engine in cipher-block chaining mode | |
| JP2018529271A (en) | Key generation method and apparatus using double encryption | |
| CN101594227A (en) | Data encryption and decryption method, device and communication system | |
| CN103166943A (en) | Method and system for encryption transmission electronic control unit (ECU) objective file | |
| Doan et al. | CAN crypto FPGA chip to secure data transmitted through CAN FD bus using AES-128 and SHA-1 algorithms with a symmetric key | |
| US20140301546A1 (en) | Precomputing internal aes states in counter mode to protect keys used in aes computations | |
| CN109391936A (en) | A kind of method of OTA upgrade package encryption downloading | |
| KR20160020866A (en) | Method and system for providing service encryption in closed type network | |
| KR102050882B1 (en) | Method, server and computer-readable recording media for video security using zero-watermarking based on stream cipher | |
| CN112738037B (en) | Data encryption communication method | |
| CN104735094B (en) | Data safe transmission system and method based on information separation | |
| CN107896148A (en) | A kind of method and system of encryption and decryption data | |
| CN103634113B (en) | Encryption and decryption method and device with user/equipment identity authentication | |
| US8774402B2 (en) | Encryption/decryption apparatus and method using AES rijndael algorithm | |
| CN105591752A (en) | Method and apparatus for reducing DTLS decryption time delay | |
| CN117857078B (en) | Variable-length hybrid dynamic transmission encryption and decryption method and device | |
| JP6167721B2 (en) | ENCRYPTION DEVICE, DECRYPTION DEVICE, ENCRYPTION METHOD, DECRYPTION METHOD, AND PROGRAM | |
| KR101725127B1 (en) | ARIA encoding/decoding apparatus and method | |
| CN103490900B (en) | Encryption and authentication method and equipment | |
| CN108763982B (en) | DES encryption and decryption device suitable for RFID reader | |
| CN115834044A (en) | A data encryption and decryption system, data encryption method, and data decryption method | |
| Sandirigama et al. | Security weaknesses of WEP protocol IEEE 802.11 b and enhancing the security with dynamic keys |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address |
Address after: 215101 unit 13 / 16, 4th floor, building B, No. 5, Xinghan street, Suzhou Industrial Park, Jiangsu Province Patentee after: Suzhou Shengke Communication Co.,Ltd. Address before: 215021 unit 13 / 16, floor 4, building B, No. 5, Xinghan street, industrial park, Suzhou, Jiangsu Province Patentee before: CENTEC NETWORKS (SU ZHOU) Co.,Ltd. |
|
| CP03 | Change of name, title or address |