Notice-type safe connection establishing system and method

Abstract

The invention relates to a notice-type safe connection establishing system and a notice-type safe connection establishing method. The system comprises terminal equipment and connection equipment, wherein the terminal equipment comprises initiator terminal equipment and receiver terminal equipment; and the connection equipment comprises core connection equipment, initiator connection equipment arranged in a link between the initiator terminal equipment and the core connection equipment, and receiver connection equipment arranged in a link between the receiver terminal equipment and the core connection equipment. The system and the method enable the local area network nodes to establish and update the secret keys between the local area network nodes flexibly, so as to establish the safe connection between the local area network nodes. In the invention, the secret transmission between local area network user terminals can be realized, and static secret keys are not required to be configured for the user terminal; and the core connection equipment SW-Center only needs to store the secrete keys with other connection equipment in a network rather than establish the secrete keys with theuser terminals.

Description

technical field [0001] The invention relates to the technical field of network communication, in particular to a system and method for establishing a notification type secure connection. Background technique [0002] The wired LAN is generally a broadcast network, and the data sent by one node can be received by other nodes. All nodes on the network share the channel, which brings great security risks to the network. As long as the attacker accesses the network to monitor, he can capture all the data packets on the network. [0003] The local area network LAN defined by the existing national standard GB / T 15629.3 (corresponding to IEEE 802.3 or ISO / IEC 8802-3) does not provide data security methods, which makes it easy for attackers to steal key information. In the field of international research, the IEEE 802.1AE standard developed by IEEE provides a data encryption protocol for protecting Ethernet, and adopts hop-by-hop encryption security measures to realize the safe tr...

AI Technical Summary

Problems solved by technology

This security measure brings a huge computational burden to the switching devices in the LAN, which is easy to cause attackers to attack the switching devices; and the delay of data packets from the sending node to the destination node will also increase, reducing network transmission. efficiency

[0004] The topology of wired LAN is relatively complex, and the number of nodes involved (here, terminals and switching devices are collectively referred to as nodes) is also relatively large, so the data communication in the network is relatively complicated.

If a static key pair is allocated between LAN nodes to establish an end-to-end secure connection, the allocation and update process is extremely complicated

Therefore, the static key pair method is not suitable for establishing an end-to-end secure LAN connection

Images