MAC secure network communication method and network device

A technology of network equipment and communication methods, which is applied in secure communication devices, data exchange networks, digital transmission systems, etc., can solve the problems of terminal A and terminal B being unable to communicate, communication is blocked, difficult, etc., so as to save network resource waste and speed up The effect of MAC communication speed

Inactive Publication Date: 2008-03-19
HUAWEI TECH CO LTD
View PDF0 Cites 9 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This makes terminal A and terminal B only use unencrypted ordinary MAC frames to communicate. However, for UserA, it is very difficult to choose encrypted MAC encrypted frames or non-encrypted MAC frames, so it may only be terminal A, terminal The case where B cannot communicate
[0008] It can be seen from the above that in the prior art, if there is a network device that does not support MAC security in the communication network, the communication between the network device that supports MAC security and the network device that does not support MAC security is blocked

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • MAC secure network communication method and network device
  • MAC secure network communication method and network device
  • MAC secure network communication method and network device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0065] In this embodiment, according to the reliability of the link, it is decided whether to discard the MAC encrypted frame forwarded to the network device of the next link that does not support MAC security or the MAC security is not available, or continue to use non-encrypted frames for forwarding, Describe in detail.

[0066] Fig. 5 is the schematic flow chart of the method of this embodiment, as shown in the figure, this method comprises the following steps:

[0067] Step S501: The network device receives the MAC encrypted frame and decrypts it.

[0068] The network device receives the MAC encrypted frame sent to the network device by the previous link, and the network device transmits the MAC encrypted frame to the control port for decryption. The network device described in the present invention may be any network device in the communication network that supports MAC security and is available except the terminal, such as each network bridge in CBN, PBN, and PBBN.

[...

Embodiment 2

[0085] This embodiment is further aimed at the situation that the user carries the user's requirement for the MAC security confidentiality level in the MAC frame, whether to discard the MAC frame forwarded to the next link where the MAC security is unavailable at the network device decision, or continue to use non-encrypted frame forwarding When further combining the user's requirements on the MAC security confidentiality level, the confidentiality and communicability of the MAC communication are better coordinated and balanced, making the method of the present invention more practical.

[0086] First, how the user carries the information required by the user for the MAC security confidentiality level in the MAC encrypted frame is described.

[0087] According to IEEE 802.1ae, the composition of the MAC security label field of the MAC frame is shown in Table 1, wherein the MAC security label field contains an 8-bit Short Length (Short Length, called SL in IEEE802.1ae) field , ...

Embodiment 3

[0119] In this embodiment, when the network device receives a MAC non-encrypted frame, the processing of the MAC non-encrypted frame to realize network security communication is specifically described.

[0120] As shown in Figure 7, it is a schematic flow chart of the method of this embodiment. As shown in the figure, the present invention includes the following steps:

[0121] Step S701: The network device receives a MAC unencrypted frame.

[0122] The MAC unencrypted frame can be a MAC frame sent by a network device that supports MAC security and that MAC security is available; it can also be a MAC unencrypted frame sent by a network device that does not support MAC security or is unavailable MAC security, or MAC non-encrypted frames sent by network devices that are not available for MAC security, are more practical to implement MAC security communication on subsequent links.

[0123] Step S702: If the network device on the next link supports MAC security and MAC security i...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a MAC secure network communication method and communication equipment. The MAC secure network communication method includes that network equipment receive a MAC frame; if the MAC frame is of a MAC encrypted frame, decrypt the encrypted MAC frame, and if the network equipment in the next link where the encrypted MAC frame is to be forwarded does not support MAC security or MAC security can not be available, judge whether the link is reliable further, and if yes, forward to the link by using a MAC non-encrypted frame; otherwise, discard the MAC encrypted frame. The invention realizes to ensure the normal communication of network based on the security protection of the MAC frame.

Description

technical field [0001] The invention relates to the communication field, in particular to a MAC security network communication method and network equipment. Background technique [0002] The security technology of the network link layer is a major research topic of network communication. The IEEE 802.1.ae task group has conducted research on this topic and proposed to use MAC security (Media Access Control Security, referred to as MAC security) to protect the security of Layer 2 communication. Protect against Layer 2 attacks. Specifically, the MAC security method is that the MAC security entity (MAC Security Entity, referred to as SecY) uses a security association key (Secure Association Key, referred to as SAK) to encrypt the data to be sent, and after receiving the data, the receiving SecY , use the same key to decrypt to obtain the data, which ensures the confidentiality of the data. At the same time, the receiving SecY judges that the received data is consistent with t...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L9/00H04L12/56H04L29/06
Inventor 管红光
Owner HUAWEI TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap