Control plane device and data plane device based on SDN (Software Defined Network) and authentication method and system based on SDN data plane device

A data plane and control plane technology, applied in the field of communication, can solve complex problems, achieve reliable channels, ensure safety, and simplify operations

Active Publication Date: 2018-06-08
BEIJING TELIXIN ELECTRONICS TECH
View PDF7 Cites 6 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

With the increase in the number of data plane devices connected to SDN network control plane devices, it is necessary to manually copy or download relevant certificates through human intervention to ensure the establishment of TLS when deploying devices (specifically, figure 1 shown in the flowchart), the complexity of this operation is particularly evident in the remote device environment

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Control plane device and data plane device based on SDN (Software Defined Network) and authentication method and system based on SDN data plane device
  • Control plane device and data plane device based on SDN (Software Defined Network) and authentication method and system based on SDN data plane device
  • Control plane device and data plane device based on SDN (Software Defined Network) and authentication method and system based on SDN data plane device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0028] Such as figure 2 Shown, a kind of authentication method based on SDN network data plane equipment, described authentication method comprises:

[0029] First, when the data plane device judges that there is no first permanent certificate, it reads and sends the pre-stored temporary certificate; the first permanent certificate is the permanent certificate of the data plane device;

[0030] Secondly, the control plane device receives and authenticates the temporary certificate, and after passing the authentication, actively sends to the data plane device or cooperates with the data plane device to obtain the first permanent certificate and the first root certificate, and the first permanent certificate and the first root certificate are stored in the RA / CA, and the first root certificate is used to authenticate the control plane device;

[0031] Finally, the data plane device and the control plane device perform mutual authentication based on the first permanent certific...

Embodiment 2

[0034] see image 3As shown, an authentication method based on an SDN network data plane device is mainly used to illustrate that the control plane device actively sends the first The permanent certificate and the first root certificate specifically include: the temporary certificate authentication process, the permanent certificate acquisition process, and the two-way authentication process; wherein, the two-way authentication process is consistent with the existing technology and will not be described in detail; the temporary certificate authentication process includes:

[0035] Step 1: start the data plane device;

[0036] Step 2: Determine whether there is a permanent certificate for the data plane device; if so, go through the normal permanent certificate-based authentication process;

[0037] The third step is to read the temporary certificate if it does not exist; the specific operation includes: burning a temporary certificate (or manufacturer certificate, unified by ...

Embodiment 3

[0046] see Figure 4 As shown, an authentication method based on an SDN network data plane device is mainly used to illustrate that the control plane device cooperates with the data plane device to obtain the first permanent certificate in the process of obtaining the permanent certificate of the data plane device after passing the temporary certificate authentication. The situation of the certificate and the first root certificate specifically includes: the temporary certificate authentication process, the permanent certificate acquisition process, and the two-way authentication process; among them, the two-way authentication process is consistent with the existing technology, and the temporary certificate authentication process is the same as image 3 The shown embodiments are the same and will not be repeated; the permanent certificate acquisition process includes:

[0047] First: the control plane device feeds back the address of RA / CA to the data plane device;

[0048] S...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a control plane device and data plane device based on an SDN (Software Defined Network) and an automatic authentication method and system based on the SDN data plane device. The automatic authentication method comprises the steps that when the data plane device judges that a first permanent certificate does not exist, the data plane device reads and sends a pre-stored temporary certificate, wherein the first permanent certificate is the permanent certificate of the data plane device; the control plane device receives and authenticates the temporary certificate, and actively sends the first permanent certificate and a first root certificate to the data plane device or cooperates with the data plane device to obtain the first permanent certificate and the first root certificate after the authentication is successful, wherein the first permanent certificate and the first root certificate are stored in an RA / CA, and the first root certificate is used for authenticating the control plane device; and the data plane device and the control plane device carries out bidirectional authentication based on the first permanent certificate and the first root certificate. Through application of the control plane device, the data plane device and the automatic authentication method and system, a secure and reliable channel can be established between the data plane deviceand the control plane device without manually inputting the permanent certificate into the data plane device.

Description

technical field [0001] The present invention relates to the field of communications, in particular to an SDN network-based control plane device, data plane device and an automatic authentication method and system thereof. Background technique [0002] SDN (Software Defined Network, Software Defined Network) technology separates network control plane devices and data plane devices, and control plane devices issue related configurations such as flow tables to data plane devices through commonly used southbound protocols (such as OpenFlow, etc.); at the same time, for To ensure communication security between the control plane device and the data plane device, a secure communication channel is usually established between the control plane device and the data plane device by applying the TLS (Transport Layer Security) protocol. [0003] The TLS protocol usually uses certificate authentication to ensure the credibility and reliability of communication. In this way, when deploying ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L9/32
CPCH04L9/3263
Inventor 柴新忠赖小兵
Owner BEIJING TELIXIN ELECTRONICS TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap