Method and system for secret communication between nodes
First Claim
1. A method for secure communication between nodes in a wired local area network, comprising:
- 1) creating a shared key between nodes comprising between a terminal and a switching device, between every two switching devices and between two terminals directly connected to the same switching device;
2) seeking a switching route between the nodes to obtain information on the switching route between the nodes;
3) determining the type of data communication between the nodes according to the information on the switching route; and
4) performing secure communication between the nodes by using a different secure communication strategy according to a different type of data communication between the nodes;
wherein the information on the switching route from a transmission source node NSource to a destination node NDestination is defined as a four-tuple of identifiers comprising IDSource, IDSW-first, IDSW-last and IDDestination;
wherein;
IDSource;
represents the identifier of the transmission source node NSource;
IDSW-first;
represents the identifier of a first switching device SW-first through which the data packet from the transmission source node NSource to the destination node NDestination passes;
IDSW-last;
represents the identifier of a last switching device SW-last through which the data packet from the transmission source node NSource to the destination node NDestination passes;
IDDestination;
represents the identifier of the destination node NDestination which is a terminal or a switching device.
1 Assignment
0 Petitions
Accused Products
Abstract
The present invention discloses a method and system for secret communication between nodes in a wired Local Area Network (LAN). The method of secret communication between nodes in the wired LAN includes the following steps: 1) a sharing key is established; 2) the route probe is exchanged; 3) the data communication is classified; 4) the secret communication is processed among the nodes. According to the different communication situations among the nodes, the method of secret communication between nodes provided in the present invention can process the classification and select an appropriate secret communication strategy; compared with per-hop encryption, the calculation load of the exchange equipment is reduced, and the transmission delay of data packets is shortened; compared with the method that inter-station keys are established in pairs of nodes in order to protect the communication secret, the key number is reduced, and the key management is simplified.
4 Citations
15 Claims
-
1. A method for secure communication between nodes in a wired local area network, comprising:
-
1) creating a shared key between nodes comprising between a terminal and a switching device, between every two switching devices and between two terminals directly connected to the same switching device; 2) seeking a switching route between the nodes to obtain information on the switching route between the nodes; 3) determining the type of data communication between the nodes according to the information on the switching route; and 4) performing secure communication between the nodes by using a different secure communication strategy according to a different type of data communication between the nodes; wherein the information on the switching route from a transmission source node NSource to a destination node NDestination is defined as a four-tuple of identifiers comprising IDSource, IDSW-first, IDSW-last and IDDestination; wherein; IDSource;
represents the identifier of the transmission source node NSource;IDSW-first;
represents the identifier of a first switching device SW-first through which the data packet from the transmission source node NSource to the destination node NDestination passes;IDSW-last;
represents the identifier of a last switching device SW-last through which the data packet from the transmission source node NSource to the destination node NDestination passes;IDDestination;
represents the identifier of the destination node NDestination which is a terminal or a switching device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A system for secure communication between nodes in a wired local area network comprising a transmission source node NSource, a first switching device SW-first, a second switching device SW-last and a destination node NDestination, wherein a shared key is created between nodes comprising between a terminal and a switching device, between every two switching devices and between two terminals directly connected to the same switching device, and wherein:
-
the transmission source node NSource is configured to transmit a switching route seeking packet and an encrypted data packet to the destination node NDestination, to receive a switching route response packet transmitted from the destination node NDestination, to record information on a switching route from the transmission source node NSource to the destination node NDestination, to determine the type of data communication from the transmission source node NSource to the destination node NDestination, and to perform secure communication between the nodes by using a corresponding secure communication strategy according to the type of data communication; the first switching device SW-first is configured to forward the data packet from the transmission source node NSource to the destination node NDestination, to record the information on the switching route from the transmission source node NSource to the destination node NDestination, to determine the type of data communication from the transmission source node NSource to the destination node NDestination, and to perform secure communication between the nodes by using a corresponding secure communication strategy according to the type of data communication; the second switching device SW-last is configured to forward the data packet from the transmission source node NSource to the destination node NDestination, to record the information on the switching route from the transmission source node NSource to the destination node NDestination, to determine the type of data communication from the transmission source node NSource to the destination node NDestination, and to perform secure communication between the nodes by using a corresponding secure communication strategy according to the type of data communication, the destination node NDestination is configured to receive the switching route seeking packet and the encrypted data packet transmitted from the transmission source node NSource, to transmit the switching route response packet to the transmission source node NSource, to record the information on the switching route from the transmission source node NSource to the destination node NDestination, to determine the type of data communication from the transmission source node NSource to the destination node NDestination, and to perform secure communication between the nodes by using a corresponding secure communication strategy according to the type of data communication; wherein the information on the switching route from the transmission source node NSource to the destination node NDestination comprises IDSource, IDSW-first, IDSW-last and IDDestination; wherein; IDSource;
represents the identifier of the transmission source node NSource;IDSW-first;
represents the identifier of a first switching device SW-first through which the data packet from the transmission source node NSource to the destination node NDestination passes;IDSW-last;
represents the identifier of a last switching device SW-last through which the data packet from the transmission source node NSource to the destination node NDestination passes;IDDestination;
represents the identifier of the destination node NDestination which is a terminal or a switching device. - View Dependent Claims (15)
-
Specification