WO2023273712A1

WO2023273712A1 - Encryption transmission method and device

Info

Publication number: WO2023273712A1
Application number: PCT/CN2022/094986
Authority: WO
Inventors: 冯超; 付扬; 龚兆明
Original assignee: 华为技术有限公司
Priority date: 2021-06-29
Filing date: 2022-05-25
Publication date: 2023-01-05
Also published as: CN115549895A

Abstract

The present application provides an encryption transmission method and device, which can solve the problem that in an OTN, part of service data carried in an ODUk frame cannot be individually encrypted. The method comprises: encrypting one by one multiple pieces of data in one encryption period according to encryption and decryption control information; and sending multiple optical service unit (OSU) frames, each OSU frame carrying one piece of encrypted data, and the multiple OSU frames carrying indication information of the encryption and decryption control information. Said encryption transmission method can be executed by a transmitting end. On the basis of the described method, it may be known that a transmitting end can encrypt multiple OSU frames in one encryption period and send the multiple OSU frames. When encrypting multiple OSU frames, the transmitting end can map the encrypted multiple OSU frames into an ODUk frame, so as to use the ODUk frame to carry the multiple encrypted OSU frames. In other words, the transmitting end can individually encrypt part of service data carried in the ODUk frame so as to improve data security.

Description

Encrypted transmission method and device

This application claims the priority of a Chinese patent application filed with the State Intellectual Property Office on June 29, 2021, with application number 202110732933.X and application name "encrypted transmission method and device", the entire contents of which are incorporated by reference in this application middle.

technical field

The present application relates to the communication field, in particular to an encrypted transmission method and device.

Background technique

In an optical transport network (OTN), an optical data unit k (optical data unit-k, ODUk) frame is used to carry service data of multiple different users. The sender can encrypt ODUk frames to improve data security.

At present, when encrypting an ODUk frame, the sender can encrypt all service data carried by the ODUk frame, but cannot separately encrypt some service data carried by the ODUk frame, and the data security is still poor.

Contents of the invention

The embodiments of the present application provide an encrypted transmission method and device, which can solve the problem that part of service data carried in an ODUk frame cannot be individually encrypted in an OTN.

In order to achieve the above object, the application adopts the following technical solutions:

In a first aspect, an encrypted transmission method is provided. The encrypted transmission method includes: encrypting a plurality of data in one encryption cycle one by one according to the encryption and decryption control information. Send multiple optical service unit OSU frames. Wherein, each OSU frame carries an encrypted data, and multiple OSU frames carry indication information of encryption and decryption control information.

It should be noted that the encrypted transmission method described in the first aspect can be executed by the sending end, which can be an OTN device, or a chip (system) or other components or components that can be set on the OTN device, or can be The apparatus including the OTN equipment is not limited in this application.

Based on the encrypted transmission method described in the first aspect, the sending end can encrypt multiple OSU frames within one encryption period and send multiple OSU frames. Wherein, when encrypting multiple OSU frames, the sending end may map the multiple encrypted OSU frames into the ODUk frame, so as to use the ODUk frame to carry the multiple encrypted OSU frames. In other words, the sender can separately encrypt part of the service data carried in the ODUk frame to improve data security.

In a possible design solution, the above-mentioned encrypting multiple data in one encryption cycle one by one according to the encryption and decryption control information may include: generating multiple encryption blocks according to the encryption and decryption control information. Wherein, the total number M of bits of multiple cipher blocks is greater than or equal to the total number N of bits of multiple data, and both M and N may be positive integers. A plurality of data is bit-wise encrypted using N bits in a plurality of cipher blocks. In other words, the sender can also generate as few cipher blocks as possible under the premise of ensuring that the total number of bits M of the generated cipher block is greater than or equal to the total number of bits N of multiple data, so as to improve encryption efficiency. In addition, the sender can use a cipher block with the same length as the multiple data to encrypt multiple data, thereby avoiding wasting cipher blocks, reducing the number of generated cipher blocks, reducing processing time, and further improving encryption efficiency.

Optionally, the above-mentioned bit-wise encryption of multiple data using N bits in multiple cipher blocks may include: using i-th bit in the N bits to encrypt i-th bit in the multiple data. Wherein, i can be a positive integer, i≤N. In this way, a manner of encrypting multiple data by using N bits in multiple cipher blocks can be provided, so as to realize separate encryption of multiple OSU frames carried by the ODUk frame, so as to further improve data security.

In a possible design solution, the encryption transmission method described in the first aspect may further include: sending switching instruction information to the receiving end. Wherein, the switching indication information is used to indicate the key of the next key period, and the key period may include multiple encryption periods. In other words, the key can be switched synchronously between the sending end and the receiving end through the switching indication information. In this way, after a period of time, such as one or more encryption cycles, the key can be switched synchronously between the sending end and the receiving end to prevent the same plaintext block from being always encrypted into the same ciphertext block, thereby improving data security .

Optionally, before sending the switching indication information to the receiving end, the encrypted transmission method according to the first aspect may further include: sending key switching request information to the receiving end. Wherein, the key switching request information is used to instruct the receiving end to feed back key switching confirmation information. Receive key switching confirmation information from the receiving end. Wherein, the key switching confirmation information is used to instruct the sender to send switching instruction information. In this way, before the sending end sends the switching indication information to the receiving end, the sending end and the receiving end can also use the key switching request information and the key switching confirmation information to confirm whether the communication between the two parties is normal, so as to prevent the sending end from communicating with the receiving end. The key is not switched synchronously, so as to ensure that the key can be switched synchronously between the sender and the receiver to further improve data security.

Optionally, after sending the switching indication information to the receiving end, the encrypted transmission method according to the first aspect may further include: receiving key switching completion information from the receiving end. Wherein, the key switching completion information is used to instruct the receiving end to complete the key switching. In this way, the sending end can judge whether the receiving end has completed key synchronous switching according to the key switching completion information, thereby ensuring that the key can be switched synchronously between the sending end and the receiving end, and improving data security.

In a possible design solution, multiple OSU frames carry authentication information, and the authentication information is determined by encryption and decryption control information and multiple encrypted data. In this way, the receiving end can judge whether the encrypted data has been tampered with during transmission according to the authentication information, so as to realize data integrity verification and further improve data security.

In a second aspect, an encrypted transmission method is provided. The encryption transmission method includes: receiving multiple OSU frames within one encryption period. Wherein, each OSU frame carries an encrypted data, and multiple OSU frames carry indication information, and the indication information is used to indicate encryption and decryption control information. According to the encryption and decryption control information, multiple encrypted data are decrypted one by one.

It should be noted that the encrypted transmission method described in the second aspect can be executed by the receiving end, which can be an OTN device, or a chip (system) or other components or components that can be set on the OTN device, or can be The apparatus including the OTN equipment is not limited in this application.

In a possible design solution, the above-mentioned decryption of multiple encrypted data one by one according to the encryption and decryption control information may include: generating multiple encryption blocks according to the encryption and decryption control information. Wherein, the total number M of bits of the multiple cipher blocks is greater than or equal to the total number N of bits of the multiple encrypted data, and both M and N may be positive integers. Using the N bits in the multiple cipher blocks, the multiple encrypted data are decrypted bit by bit.

Optionally, using the N bits in the plurality of cipher blocks to decrypt the encrypted data bit by bit may include: using the i-th bit in the N bits to decrypt the encrypted data in the i bit decryption. Wherein, i can be a positive integer, i≤N.

In a possible design solution, the encrypted transmission method described in the second aspect may further include: receiving switching instruction information from the sending end. Wherein, the switching indication information is used to indicate the key of the next key period, and the key period may include multiple encryption periods.

Optionally, before receiving the switch indication information from the sender, the encrypted transmission method according to the second aspect may further include: receiving key switch request information from the sender, and sending key switch confirmation information to the sender. Wherein, the key switching request information is used to instruct the receiving end to feed back key switching confirmation information, and the key switching confirmation information is used to instruct the sending end to send switching instruction information.

Optionally, after receiving the switch indication information from the sender, the encrypted transmission method according to the second aspect may further include: sending key switch completion information to the sender. Wherein, the key switching completion information is used to instruct the receiving end to complete the key switching.

In a possible design solution, multiple OSU frames carry authentication information. Wherein, the authentication information is determined by the encryption and decryption control information and a plurality of encrypted data.

In addition, for the technical effects of the encrypted transmission method described in the second aspect, reference may be made to the technical effects of the encrypted transmission method described in the first aspect, which will not be repeated here.

In a third aspect, an encrypted transmission device is provided. The encryption transmission device includes: a processing module and a transceiver module. Wherein, the processing module is used to encrypt multiple data in one encryption cycle one by one according to the encryption and decryption control information. The transceiver module is used to send multiple OSU frames. Wherein, each OSU frame carries an encrypted data, and multiple OSU frames carry indication information of encryption and decryption control information.

In a possible design solution, the processing module is further configured to generate multiple cipher blocks according to the encryption and decryption control information. Wherein, the total number M of bits of multiple cipher blocks is greater than or equal to the total number N of bits of multiple data, and both M and N may be positive integers. The processing module is further configured to use the N bits in the multiple cipher blocks to encrypt multiple pieces of data bitwise.

Optionally, the processing module is further configured to use the i-th bit in the N bits to encrypt the i-th bit in the plurality of data. Wherein, i can be a positive integer, i≤N.

In a possible design solution, the transceiver module is also configured to send switching indication information to the receiving end. Wherein, the switching indication information is used to indicate the key of the next key period, and the key period may include multiple encryption periods.

Optionally, the transceiver module is further configured to send key switching request information to the receiving end. Wherein, the key switching request information is used to instruct the receiving end to feed back key switching confirmation information. The transceiver module is also used to receive the key switching confirmation information from the receiving end. Wherein, the key switching confirmation information is used to instruct the encryption transmission device described in the third aspect to send switching instruction information.

Optionally, the transceiver module is further configured to receive key switching completion information from the receiving end. Wherein, the key switching completion information is used to instruct the receiving end to complete the key switching.

In a possible design solution, the above multiple OSU frames carry authentication information, and the authentication information is determined by encryption and decryption control information and multiple encrypted data.

Optionally, the transceiver module may include a receiving module and a sending module. Wherein, the sending module is used to realize the sending function of the encrypted transmission device, and the receiving module is used to realize the receiving function of the encrypted transmission device.

Optionally, the encrypted transmission device described in the third aspect may further include a storage module, where programs or instructions are stored in the storage module. When the processing module executes the program or the instruction, the encrypted transmission device can execute the encrypted transmission method described in the first aspect.

It should be noted that the encrypted transmission device described in the third aspect can be OTN equipment, or a chip (system) or other components or components that can be installed in OTN equipment, or a device that includes OTN equipment. This is not limited.

In addition, for the technical effect of the encrypted transmission device described in the third aspect, reference may be made to the technical effect of the encrypted transmission method described in the first aspect, which will not be repeated here.

In a fourth aspect, an encrypted transmission device is provided. The encryption transmission device includes: a processing module and a transceiver module. Wherein, the transceiver module is used to receive multiple OSU frames in one encryption period. Wherein, each OSU frame carries an encrypted data, and multiple OSU frames carry indication information, and the indication information is used to indicate encryption and decryption control information. The processing module is used to decrypt multiple encrypted data one by one according to the encryption and decryption control information.

In a possible design solution, the processing module is further configured to generate multiple cipher blocks according to the encryption and decryption control information. Wherein, the total number M of bits of the multiple cipher blocks is greater than or equal to the total number N of bits of the multiple encrypted data, and both M and N may be positive integers. The processing module is further configured to use the N bits in the multiple cipher blocks to decrypt multiple encrypted data bit by bit.

Optionally, the processing module is further configured to use the i-th bit in the N bits to decrypt the i-th bit in the plurality of encrypted data. Wherein, i can be a positive integer, i≤N.

In a possible design solution, the transceiver module is also configured to receive handover instruction information from the sending end. Wherein, the switching indication information is used to indicate the key of the next key period, and the key period may include multiple encryption periods.

Optionally, the transceiver module is also configured to receive key switching request information from the sender. Wherein, the key switching request information is used to instruct the encryption transmission device described in the fourth aspect to feed back key switching confirmation information. The transceiver module is also used to send key switching confirmation information to the sender. Wherein, the key switching confirmation information is used to instruct the sender to send switching instruction information.

Optionally, the transceiver module is further configured to send key switching completion information to the sender. Wherein, the key switching completion information is used to instruct the encryption transmission device described in the fourth aspect to complete the key switching.

In a possible design solution, multiple OSU frames carry authentication information, and the authentication information is determined by encryption and decryption control information and multiple encrypted data.

Optionally, the encrypted transmission device described in the fourth aspect may further include a storage module, where programs or instructions are stored in the storage module. When the processing module executes the program or the instruction, the encrypted transmission device can execute the encrypted transmission method described in the second aspect.

It should be noted that the encrypted transmission device described in the fourth aspect can be OTN equipment, or a chip (system) or other components or components that can be installed in OTN equipment, or a device that includes OTN equipment. This is not limited.

In addition, for the technical effect of the encrypted transmission device described in the fourth aspect, reference may be made to the technical effect of the encrypted transmission method described in the second aspect, which will not be repeated here.

In a fifth aspect, an encrypted transmission device is provided. The encrypted transmission device includes: a processor, the processor is coupled with a memory, and the memory is used to store a computer program; the processor is used to execute the computer program stored in the memory, so that the encrypted transmission device performs any one of the first aspect and the second aspect. An encrypted transmission method described in a possible implementation manner.

In a possible design, the encrypted transmission device described in the fifth aspect may further include a transceiver. The transceiver can be a transceiver circuit or an input/output interface. The transceiver can be used for the encrypted transmission device to communicate with other encrypted transmission devices.

In the present application, the encrypted transmission device described in the fifth aspect may be an OTN device, or a chip or a chip system disposed inside the OTN device.

For the technical effect of the encrypted transmission device described in the fifth aspect, reference may be made to the technical effect of the encrypted transmission method described in any possible implementation manner in the first aspect or the second aspect, which will not be repeated here.

In a sixth aspect, a processor is provided. Wherein, the processor is configured to execute the encrypted transmission method described in any possible implementation manner of the first aspect or the second aspect.

In a seventh aspect, an encrypted transmission system is provided. The encrypted transmission system includes a sending end and a receiving end. Wherein, the sending end is configured to execute the encrypted transmission method described in any possible implementation manner in the first aspect, and the receiving end is configured to execute the encrypted transmission method described in any possible implementation manner in the second aspect.

In an eighth aspect, a computer-readable storage medium is provided. The computer readable storage medium includes computer programs or instructions. When the computer program or instruction is run on the computer, the computer is made to execute the encrypted transmission method described in any possible implementation manner of the first aspect or the second aspect.

In a ninth aspect, a computer program product is provided, where the computer program product includes computer programs or instructions. When the computer program or instruction is run on the computer, the computer is made to execute the encrypted transmission method described in any possible implementation manner of the first aspect or the second aspect.

Description of drawings

FIG. 1 is a schematic diagram of a network architecture provided by an embodiment of the present application;

FIG. 2 is a schematic diagram of a hardware structure of an OTN device provided in an embodiment of the present application;

When Fig. 3 is that k≠Cn that the embodiment of the present application provides, the frame structure diagram of OTUk frame;

FIG. 4 is a schematic structural diagram of an OSU frame provided by an embodiment of the present application;

FIG. 5 is a schematic diagram of encrypting data in CTR mode using AES provided by the embodiment of the present application;

6 is a schematic diagram of decrypting data using the CTR mode of AES provided by the embodiment of the present application;

FIG. 7 is a schematic diagram of key extension and round key provided by the embodiment of the present application;

Fig. 8 is a schematic diagram of encrypting data in GCM mode using AES provided by the embodiment of the present application;

FIG. 9 is a schematic flow diagram of a sending end performing ciphertext authentication in a GCM mode provided by an embodiment of the present application;

FIG. 10 is a schematic flowchart of an encrypted transmission method provided in an embodiment of the present application;

Fig. 11 is a schematic diagram of the payload of 256 consecutive OSU frames encrypted by using multiple cipher blocks provided by the embodiment of the present application;

FIG. 12 is a schematic diagram 1 of synchronous key switching between the sending end and the receiving end provided by the embodiment of the present application;

FIG. 13 is a schematic diagram of a state machine for synchronously switching keys between the sending end and the receiving end provided in the embodiment of the present application;

FIG. 14 is a second schematic diagram of synchronous key switching between the sending end and the receiving end provided by the embodiment of the present application;

FIG. 15 is a schematic diagram 3 of synchronous key switching between the sending end and the receiving end provided by the embodiment of the present application;

FIG. 16 is a schematic diagram of interaction between a sending end and a receiving end provided by an embodiment of the present application;

FIG. 17 is a schematic flow diagram of a sending end encrypting data provided by an embodiment of the present application;

FIG. 18 is a first structural schematic diagram of an encrypted transmission device provided by an embodiment of the present application;

FIG. 19 is a second structural schematic diagram of an encrypted transmission device provided by an embodiment of the present application.

detailed description

The network architecture and service scenarios described in the embodiments of the present application are for more clearly illustrating the technical solutions of the embodiments of the present application, and do not constitute limitations on the technical solutions provided by the embodiments of the present application. Those skilled in the art know that with the evolution of the network architecture and the emergence of new service scenarios, the technical solutions provided in the embodiments of the present application are also applicable to similar technical problems.

The technical solutions provided by the embodiments of the present application are applicable to optical networks, such as OTN. An OTN is usually formed by connecting multiple OTN devices through optical fibers, and can be composed of different topology types such as line, ring, and mesh according to specific needs.

Fig. 1 shows a schematic diagram of a network architecture applicable to the embodiment of the present application. The OTN shown in Fig. 1 includes two OTN networks (respectively OTN network 1 and OTN network 2). Each OTN network includes a certain number of OTN devices (indicated by Nx in Figure 1, x is a positive integer), the link between the devices in the OTN network is an intra-domain link, and the link between the devices in the OTN network is Interdomain links. According to actual needs, an OTN device may have one or more functions. Generally speaking, OTN equipment is divided into optical layer equipment, electrical layer equipment, and optoelectronic hybrid equipment. An optical layer device refers to a device capable of processing optical layer signals, such as an optical amplifier (optical amplifier, OA). Electrical-layer devices refer to devices that can process electrical-layer signals, for example, devices that can process ODU signals. Optical hybrid equipment refers to equipment capable of processing optical layer signals and electrical layer signals. It should be noted that, according to specific integration requirements, one OTN device can integrate various functions. The technical solution provided by this application is applicable to OTN equipment of different forms and integration levels.

In this embodiment of the present application, the sending end refers to a device that sends service data, and the receiving end refers to a device that receives service data from the sending end. Both the sending end and the receiving end may be the OTN equipment described above. For example, assuming that N1 in FIG. 1 sends service data to N3, N1 is the sending end, and N3 is the receiving end. It should be noted that the sending end may also be called a source end, and the receiving end may also be called a sink end, which is not limited in this embodiment of the present application.

FIG. 2 shows a schematic diagram of a hardware structure of an OTN device applicable to the embodiment of the present application. Specifically, an OTN device includes a power supply, a fan, auxiliary boards, and may also include tributary boards, line boards, cross-connect boards, and system control and communication boards, where the circuit boards may also include optical layer processing boards . It should be noted that, according to specific requirements, the types and quantities of boards contained in each device may be different. For example, a network device serving as a core node may not have a tributary board. A network device serving as an edge node may have multiple tributary boards. Among them, the power supply is used to supply power to the OTN equipment, and may include main and backup power supplies. Fans are used to cool the device. Auxiliary boards are used to provide auxiliary functions such as external alarms or access to external clocks. Tributary boards, cross-connect boards, and line boards are mainly used to process electrical layer signals of the OTN (subsequently referred to as OTN frames). Among them, the tributary board is used to realize the receiving and sending of various service data, such as synchronous digital hierarchy (synchronous digital hierarchy, SDH) service, packet service, Ethernet service and fronthaul service, etc.

Furthermore, the tributary board can be divided into user-side optical modules and signal processors. Wherein, the user-side optical module may be an optical transceiver for receiving and/or sending user signals. The signal processor is used to implement mapping and demapping of user signals to OTN frames. The cross-connect board is used to implement the exchange of OTN frames and complete the exchange of one or more types of OTN frames. The line board mainly realizes the processing of the OTN frame on the line side. Specifically, the circuit board can be divided into a line-side optical module and a signal processor. Wherein, the line-side optical module may be a line-side optical transceiver for receiving and/or sending OTN frames. The signal processor is used to implement multiplexing and demultiplexing, or mapping and demapping processing of the OTN frames on the line side. System control and communication boards are used to implement system control and communication. Specifically, information may be collected from different single boards through the backplane, or control instructions may be sent to corresponding single boards.

Unless otherwise specified, there may be one or more specific components (such as branch boards), which are not limited in this application. It should be noted that the embodiment of the present application does not limit the types of boards included in the device, and the specific functional design and quantity of the boards.

In order to understand the present application more clearly, some terms and technologies used in the embodiments of the present application are briefly introduced below.

1. Business data

Service data refers to services that can be carried by the OTN, for example, Ethernet services, packet services, wireless backhaul services, and so on.

2. OTN

In OTN, the sender can map the user’s service data to the payload of the optical service unit (OSU) frame, and then add the OSU overhead (overhead, OH) to the payload of the OSU frame to obtain OSU frame. Then, the OSU frame is mapped into the payload of the optical payload unit k (OPUk) frame, and then OPUk overhead and optical data unit k (optical data unit-k, ODUk) overhead are added to the payload of the OPUk frame to obtain the ODUk frame. Next, add optical transport unit k (optical transport unit-k, OTUk) overhead etc. to the ODUk frame to obtain the OTUk frame. Finally, the sending end sends the OTUk frame to the receiving end. The foregoing payload may also be called a payload area, and the overhead may also be called an overhead area.

Wherein, K can be 0, 1, 2, 3, 4, Cn and flex. When k takes different values, the bit rate (that is, the transmission rate) of the OTUk frame is different. Specifically, k=0, 1, 2, 3, 4, Cn, and flex, respectively representing the bit rates of 1.25 gigabit (Gbit)/second (s), 2.5Gbit/s, 10Gbit/s, 40Gbit/s, and 100Gbit /s, n*100Gbit/s and n*1.25Gbit/s (n≥2). For example, the bit rate of the OTU2 frame is 10Gbit/s, and the bit rate of the OTU4 frame is 100Gbit/s. It should be noted that the bit rates mentioned above are approximate values. For example, a more accurate bit rate for OPU4 frames is 104.35597533Gbit/s. Other examples are not listed one by one.

Exemplarily, FIG. 3 shows a schematic diagram of a frame structure of an OTUk frame when k≠Cn. Please refer to Figure 3, an OTUk frame has 4 rows*4080 columns. The OSU frame payload and OSU overhead (ie, OSU OH) constitute an OSU frame, and the OSU frame is mapped into the OPUk frame payload. OPUk payload and OPUk overhead (ie OPUk OH) constitute the OPUk frame, OPUk frame and ODUk overhead (ie ODUk OH) constitute the ODUk frame, ODUk frame, OTUk overhead (ie OTUk OH), frame alignment signal (frame alignment signal, FAS) and forward error correction (forward error correction, FEC) check area constitute the OTUk frame. Specifically, columns 1 to 7 of the first row in the OTUk frame are FAS and a multiframe alignment signal (multiframe alignment signal, MFAS), columns 8 to 14 of the first row are OTUk OH, and columns 1 to 4 of the second to fourth rows are OTUk OH. Column 14 is ODUk OH, columns 15 to 16 of lines 1 to 4 are OPUk OH, columns 17 to 3824 of lines 1 to 4 are OPUk payloads, columns 3825 to 4080 of lines 1 to 4 are FEC check areas .

Further, FIG. 4 shows a schematic structural diagram of an OSU frame applicable to this embodiment of the present application. Referring to FIG. 4, the OSU frame includes an overhead and a payload, and the overhead includes a general overhead, a mapping overhead, and a cyclic redundancy check code (cyclic redundancy check, CRC). The length of the OSU frame overhead is 7 bytes, and the length of the OSU frame payload is 185 bytes.

Among them, the general overhead can be used to monitor and manage the service data, and the mapping overhead can represent the mapping rule adopted when the service data is mapped to the payload of the OSU frame.

N consecutive OSU frames are called an encryption period, and n is a positive integer. Wherein, the embodiment of the present application does not limit the value of n, for example, n=128, 256, 512 or 1024 and so on. In practical applications, n is usually 256.

It should be noted that the structure of the OSU frame in the embodiment of this application is not limited to that shown in Figure 4. The structure of the OSU frame can be adjusted according to actual needs, and this application does not limit it. In addition, the OSU frame can also be called an optical service unit frame.

Another OSU frame applicable to the embodiment of the application is also given in the embodiment of the application. In order to distinguish it from the OSU frame shown in Figure 4, another OSU frame provided in this embodiment is applicable to the embodiment of the application An OSU frame may be called an OSUv frame. The OSUv frame will be described below in conjunction with Table 1-Table 3.

OSUv frames can carry constant bit rate (constant bit rate, CBR) services and variable bit rate services (variable bit rate, VBR) services. According to the different services carried by the OSUv frame, the types of the OSUv frame are different. Specifically, the OSUv frame may include: an OSUv frame carrying a CBR service (referred to as a CBR_OSUv frame for short), and an OSUv frame carrying a VBR service (referred to as a VBR_OSUv frame for short). Wherein, the CBR_OSUv frame includes: a CBR frame and a CBR extension (extension) frame, and the CBR extension frame may be referred to as a CBR_EXT frame for short. The VBR_OSUv frame includes: a VBR frame and a VBR extended frame, and the VBR extended frame may be referred to as a VBR_EXT frame for short.

One encryption cycle usually includes 1024 OSUv frames. According to the different services carried by the OSUv frame, the types of the OSUv frame in one encryption cycle are different.

Specifically, when carrying a CBR service, an encryption period includes a CBR frame and a CBR_EXT frame, and the CBR frame and the CBR_EXT frame are generated at a ratio of 1:3. In other words, the 4 consecutive OSUv frames sent from the sender to the receiver include 1 CBR frame and 3 CBR_EXT frames in sequence. Therefore, if an encryption period includes 1024 OSUv frames, then the encryption period includes 256 CBR frames and 768 CBR_EXT frames.

Wherein, there is no channel overhead (path overhead, POH) in the overhead of the CBR_EXT frame. The overhead of one CBR frame includes: channel overhead and multiframe header. The channel overhead of the CBR frame includes: POH1 and POH2. The multiframe header of one CBR frame includes: 32 multiframe headers (abbreviated as M32_P1) and 256 multiframe headers (abbreviated as M256_P1).

The continuous 32 CBR frames may be called a 32CBR multiframe, and the continuous 256 CBR frames may be called a 256CBR multiframe. The POH1 of the 32CBR multiframe can form a POH1 overhead of a 32CBR multiframe, and the POH2 of a 256CBR multiframe can form a POH2 overhead of a 256CBR multiframe. The M32_P1 of the 32CBR multiframe can form a multiframe header overhead of a 32CBR multiframe, and the multiframe header overhead of the 32CBR multiframe can be used to indicate the 32CBR multiframe. The M256_P1 of the 256CBR multiframe can form a multiframe header overhead of a 256CBR multiframe, and the multiframe header overhead of the 256CBR multiframe can be used to indicate the 256CBR multiframe. In addition, the POH1 overhead of the 32CBR multiframe is synchronized with the multiframe header overhead of the 32CBR multiframe, and the POH2 overhead of the 256CBR multiframe is synchronized with the multiframe header overhead of the 256CBR multiframe. That is to say, the overhead of one 32CBR multiframe Including: one 32CBR multiframe POH1 overhead and one 32CBR multiframe header overhead, one 256CBR multiframe overhead includes: one 256CBR multiframe POH2 overhead and one 256CBR multiframe multiframe header overhead. In addition, the 32CBR multiframe is synchronized with the 256CBR multiframe. For example, if an encryption period includes 1024 OSUv frames, then the first to eighth 32CBR multiframes in the encryption period can form the first 256CBR of the encryption period. multiframe.

Exemplarily, Table 1 is an overhead table of a CBR frame. Referring to Table 1, in the overhead of a CBR frame, the sizes of POH1 and POH2 are 2 bits and 1 bit respectively, and the sizes of M32_P1 and M256_P1 are both 1 bit. The size of the POH1 overhead of the 32CBR multiframe is 2*32=64 bits, and the size of the header overhead of the multiframe of the 32CBR multiframe is 1*32=32 bits. The size of the POH2 overhead of the 256CBR multiframe is 1*256=256 bits, and the size of the header overhead of the 256CBR multiframe is 1*256=256 bits.

For ease of understanding, in this document, the POH1 overhead of the 32CBR multiframe may be referred to as the CBR_POH1 overhead, and the POH2 overhead of the 256CBR multiframe may be referred to as the CBR_POH2 overhead. If an encryption period includes 1024 OSUv frames, then the encryption period includes 8 M32_P1 and 1 M256_P1, that is to say, the encryption period includes 8 CBR_POH1 overheads and 1 CBR_POH2 overhead.

Table 1

When carrying VBR services, an encryption cycle includes VBR frames and VBR_EXT frames, and VBR frames and VBR_EXT frames are generated at a ratio of 1:1. In other words, the 4 consecutive OSUv frames sent from the sender to the receiver include 1 VBR frame and 1 VBR_EXT frame in sequence. Therefore, if an encryption period includes 1024 OSUv frames, then the encryption period includes 512 VBR frames and 512 VBR_EXT frames.

Wherein, the overhead of the VBR frame and the VBR_EXT frame both include: channel overhead and a multiframe header. The channel overhead of the VBR frame includes: POH1 and POH2. The multiframe header of the VBR frame includes: a 64-multiframe header (abbreviated as M64_P2) and a 256-multiframe header (abbreviated as M256_P2). The channel overhead of the VBR_EXT frame includes POH1, and the multiframe header of the VBR_EXT frame includes: 64 multiframe headers.

The 64 consecutive OSUv frames include 32 VBR frames and 32 VBR_EXT frames, that is to say, the 64 consecutive OSUv frames include POH1 including 32 VBR frames and POH1 including 32 VBR_EXT frames, a total of 64 POH1 . The 64 POH1s in the 64 consecutive OSUv frames may be referred to as one VBR_POH1 overhead.

The 64 consecutive VBR frames may be called a 64VBR multiframe, and the consecutive 256 VBR frames may be called a 256VBR multiframe. The POH2 of a 256VBR multiframe can form a POH2 overhead of a 256VBR multiframe. The M64_P2 of the 64VBR multiframe can form a multiframe header overhead of a 64VBR multiframe, and the multiframe header overhead of the 64VBR multiframe can be used to indicate the 64VBR multiframe. The M256_P2 of the 256VBR multiframe can form a multiframe header overhead of a 256VBR multiframe, and the multiframe header overhead of the 256VBR multiframe can be used to indicate the 256VBR multiframe. Moreover, the POH2 overhead of the 256VBR multiframe is synchronized with the header overhead of the multiframe of the 256VBR multiframe. That is to say, the overhead of one 256VBR multiframe includes: one POH2 overhead of one 256VBR multiframe and one Frame header overhead. Among them, the 64VBR multiframe is not synchronized with the 256VBR multiframe. Specifically, if one encryption period includes 1024 OSUv frames (that is, one encryption period includes 16 64VBR multiframes), then since the 64VBR multiframe is not synchronized with the 256VBR multiframe Synchronously, 256VBR multiframe corresponds to 512 consecutive OSUv frames, therefore, there is at least one complete M256_P2 in this encryption cycle.

Exemplarily, Table 2 is an overhead table of a VBR frame. Referring to Table 2, in the overhead of a VBR frame, the sizes of POH1, POH2, M64_P2, and M256_P2 are all 1 bit. The size of the POH1 overhead of the 64VBR multiframe is 1*64=64 bits, and the size of the header overhead of the multiframe of the 64VBR multiframe is 1*64=64 bits. The size of the POH2 overhead of the 256VBR multiframe is 1*256=256 bits, and the size of the header overhead of the multiframe of the 256VBR multiframe is 1*256=256 bits.

Table 2

Consecutive 64 VBR_EXT frames may be referred to as 64VBR_EXT multiframes. The M64_P2 of the 64VBR_EXT multiframe can form a multiframe header overhead of a 64VBR_EXT multiframe, and the multiframe header overhead of the 64VBR_EXT multiframe can be used to indicate the 64VBR_EXT multiframe.

Exemplarily, Table 3 is the overhead table of the VBR_EXT frame. Referring to Table 3, in the overhead of the VBR_EXT frame, the sizes of POH1 and M64_P2 are both 1 bit. The size of the POH1 overhead of the 64VBR_EXT multiframe is 1*64=64 bits, and the size of the header overhead of the multiframe of the 64VBR_EXT multiframe is 1*64=64 bits.

For ease of understanding, herein, the above POH2 overhead of the 256VBR multiframe may be referred to as VBR_POH2 overhead for short. If an encryption period includes 1024 OSUv frames, then the encryption period includes 16 M64_P2 and at least 1 M256_P2, that is to say, the encryption period includes: 16 VBR_POH1 overheads, at least 1 complete VBR_POH2 overhead (with POH2 of 512 VBR frames, there is at least 1 VBR_POH2).

table 3

The length of the OSUv frame is 192 bytes, which is the same as the length of the above-mentioned OSU frame. The OSUv frame also includes a payload. The difference between the OSUv frame payload and the aforementioned OSU frame payload is that the length of the OSUv frame payload may not be fixed at 185 bytes.

Unless otherwise specified, in this document: the OSU frame is generally the OSU frame shown in FIG. 4 , and the OSUv frame is generally another OSU frame provided by the foregoing embodiment and applicable to the embodiment of the present application. OSU frames can carry user service data, such as E1 services. Among them, the E1 service refers to the dedicated line service with a rate of 2.048Mb/s, which is a general term for various services using the G.703 interface, such as voice, data, and image services. During specific implementation, the payload of an OSU frame may be the smallest unit (also called the smallest tributary unit) for carrying user service data. The rate of an OSU frame can be a variable rate or a fixed rate. Multiple OSU frames can be combined to carry user service data of a corresponding rate. Different service data are mapped to corresponding OSU frames according to their respective rates, and labels are added to the overhead of OSU frames to realize end-to-end operation administration and maintenance (OAM) functions. Wherein, multiple OSU frames carrying the same service data may be continuous or discontinuous.

An ODUk frame can carry multiple OSU frames, so that it can carry service data of multiple users. When the sender encrypts the ODUk frame, it actually encrypts the ODUk frame payload as a whole, and does not distinguish which of the service data carried in the ODUk frame payload needs to be encrypted and which does not need to be encrypted. Therefore, the sender cannot encrypt the ODUk frame payload. Part of the business data in all the business data carried by the frame is encrypted separately.

3. Encryption algorithm

Encryption algorithms can be divided into three categories: symmetric encryption algorithms, asymmetric encryption algorithms and hash (hash) encryption algorithms. Symmetric encryption algorithm refers to the use of the same key for encryption and decryption. Asymmetric encryption refers to encryption and decryption using different keys. Among them, the symmetric encryption algorithm includes: data encryption standard (data encryption standard, DES), triple data encryption algorithm (triple data encryption algorithm, TDEA) and advanced encryption standard (advanced encryption standard, AES), etc. Asymmetric encryption algorithms include: elliptic curve cryptography (ECC) encryption algorithm, Diffie-Hellman (DH) encryption algorithm, digital signature algorithm (digital signature algorithm, DSA), etc.

4. AES Advanced Encryption Standard (AES)

In AES, the sender can encrypt the plaintext according to the key and initialization vector (initialization vector, IV), obtain the ciphertext, and send the ciphertext to the receiver; the receiver can decrypt the received ciphertext according to the same key and initialization vector The ciphertext is obtained to obtain the corresponding plaintext, so as to realize the encrypted transmission of data.

According to the length of the key, the AES algorithm can be divided into AES-128, AES-192 and AES-256. Wherein, the length of the key used by AES-128 is 128 bits (bit), the length of the key used by AES-192 is 192 bits, and the length of the key used by AES-256 is 256 bits.

AES includes a variety of encryption modes, such as calculator (counter, CTR) mode, Galois/counter mode (galois/counter mode, GCM), electronic codebook (electronic codebook book, ECB) mode, cipher block chaining (cipher block chaining) , CBC) mode.

The following takes the CTR mode of AES-256 as an example to illustrate the process of encrypting data and decrypting data.

FIG. 5 is a schematic diagram of encrypting data using the CTR mode of AES-256. Referring to FIG. 5 , first, a 256-bit key (key), a 128-bit initial vector and an AES encryption function can be used to generate a 128-bit cipher block (cipher). Then, an XOR operation can be performed on the 128-bit cipher block and the 128-bit plaintext (plaintext) to obtain the corresponding 128-bit ciphertext (ciphertext).

FIG. 6 is a schematic diagram of decrypting data using the CTR mode of AES. Referring to Fig. 6, firstly, a 256-bit key, a 128-bit initialization vector and an AES encryption function can be used to generate a 128-bit cipher block (cipher). Then the XOR operation can be performed on the 128-bit cipher block and the 128-bit ciphertext to obtain the corresponding 128-bit plaintext.

Specifically, in the above-mentioned Figures 5 and 6, the process of generating a 128-bit cipher block using a 256-bit key, a 128-bit initial vector, and an AES encryption function includes key expansion (key expansion) and round key ( add round key) two steps. FIG. 7 is a schematic diagram of key extension and round key addition provided by the embodiment of the present application. Please refer to FIG. 7 , when performing key expansion, the 256-bit key can be expanded into multiple round keys by using the 256-bit key and the key expansion function. When adding round keys, a 128-bit cipher block can be generated by using a 128-bit initial vector, multiple round keys and round key functions. Wherein, in the CTR mode, the initial vector can be generated by a counter, and every time a cipher block is generated, the initial vector is updated once, for example, the value of the initial vector increases by 1. For the specific implementation of the key expansion function and the round key function, reference may be made to the relevant regulations in the CTR mode, which will not be repeated here.

The difference between the GCM mode of AES and the CTR mode is that the GCM mode can not only use the CTR mode to encrypt plaintext or decrypt ciphertext, but also perform ciphertext authentication. Specifically, the sender can not only encrypt the plaintext by using the CTR mode to obtain the ciphertext, but also can use the key, the initial vector, the ciphertext and the authentication identifier generation function to generate the first authentication identifier. Then, the sending end sends the ciphertext and the first authentication identifier to the receiving end. The receiving end may use the CTR mode to decrypt the received ciphertext into plaintext, and may use the key, the initial vector, the received ciphertext and the authentication identifier generation function to generate a second authentication identifier. Finally, the receiving end can compare whether the first authentication identifier is consistent with the second authentication identifier. If not, it indicates that the ciphertext may have been tampered with during transmission. In other words, the GCM mode can implement data encryption and data integrity verification to improve data security.

FIG. 8 is a schematic diagram of encrypting data in GCM mode using AES provided by an embodiment of the present application. Referring to FIG. 8 , the sending end can perform the authentication process of encrypting plaintext and ciphertext, and the receiving end can perform the process of decrypting ciphertext and ciphertext authentication. For the process of encrypting plaintext and decrypting ciphertext, reference may be made to the process of encrypting and decrypting data in the above CTR mode, which will not be repeated here. The following describes the ciphertext authentication process performed by the sender and the receiver.

Please refer to Figure 8. During the ciphertext authentication process, the sender can use additional authenticated data (additional authenticated data, AAD), key, ciphertext, and GHASH function to generate the first hash value; then, use the key, initial The vector and the GCTR function encrypt the first hash value to obtain the first authentication identifier; finally, the overhead of the OSU frame is used to carry the first authentication identifier, and the OSU frame carrying the first authentication identifier is sent to the receiving end. Wherein, the GHASH function is a hash function, and the GCTR function is an encryption function. The specific implementation manners of the GHASH function and the GCTR function can refer to relevant regulations in the GCM mode, and will not be repeated here.

Specifically, FIG. 9 is a schematic flow diagram of a sending end performing ciphertext authentication in the GCM mode provided by the embodiment of the present application. Please refer to FIG. 9 , A is predefined data, and the length of A is usually 128 bits. C is ciphertext, and the length of C can be an integer multiple of 128 bits. Len(A) is the length of A, and Len(C) is the length of C. The value of H can be determined by the key, and the value of J can be determined by the initial vector and the key. The form of the most significant bit function can be: MSB _t (T), MSB _t (T) can be used to reserve the highest t bit in T, for example, suppose t=3, T=01100, then MSB _t (011100)=011 . Wherein, t may be 128, so that a 128-bit authentication T may be generated. When the sender performs the ciphertext authentication process, the data composed of A, C, Len(A), Len(C) and H can be input into the GHASH function to obtain the first hash value; then, the first hash value, J Input the GCTR function for encryption to obtain an identity verification label; finally, use the identity verification label and the MSB function to generate the first authentication mark.

Correspondingly, please refer to FIG. 8 again. During the process of ciphertext authentication at the receiving end, the receiving end can use the AAD, key, received ciphertext, and GHASH function to generate a second hash value; then, use the key, initial vector, and The GCTR function encrypts the second hash value to obtain the second authentication ID; finally, compare whether the first authentication ID is consistent with the second authentication ID, if not, it means that the ciphertext received by the receiving end may be tampered with during transmission. Wherein, the specific implementation manner of performing the ciphertext authentication process by the receiving end may refer to the flow of ciphertext authentication performed by the sending end shown in FIG. 9 , which will not be repeated here.

It should be noted that the foregoing descriptions about the CTR mode and the GCM mode of the AES are examples, and do not constitute limitations on the CTR mode and the GCM mode of the AES described in this embodiment.

The encrypted transmission method provided by the embodiment of the present application will be described in detail below with reference to FIGS. 10-17 .

For ease of understanding, the encryption algorithm used in the encrypted transmission methods shown in FIGS. 10-17 uses the AES encryption algorithm as an example. It should be noted that the encryption algorithm used in the encrypted transmission method provided in the embodiment of the present application is not limited to the AES encryption algorithm, and the encryption algorithm that can also be used includes: DES encryption algorithm, TDEA encryption algorithm, AES encryption algorithm, ECC encryption algorithm, The DH encryption algorithm, the DSA encryption algorithm, and the hybrid encryption algorithm are not limited in this application.

Exemplarily, FIG. 10 is a schematic flowchart of an encrypted transmission method provided by an embodiment of the present application. This encrypted transmission method can be applied to the communication between any two OTN devices shown in FIG. 1 .

As shown in Figure 10, the encrypted transmission method includes the following steps:

S1001. The sending end encrypts a plurality of data in one encryption period one by one according to the encryption and decryption control information.

Wherein, the encryption and decryption control information may be determined by the encryption algorithm used by the sender. For example, when the sending end uses the AES encryption algorithm to encrypt data, the encryption and decryption control information may include an initialization vector and a key. For the description of the initial vector and the key, please refer to the relevant description of "AES Advanced Encryption Standard" in the introduction of the above technical terms, and will not repeat them here.

It should be noted that since the encryption algorithm used in the encrypted transmission method provided in this embodiment uses the AES encryption algorithm as an example, unless otherwise specified, the encryption and decryption control information in this embodiment of the application includes an initialization vector and a key.

N consecutive OSU frames are called an encryption period, and n is a positive integer. Optionally, the number of OSU frames included in each encryption period is the same, and the value of n is not limited in this embodiment of the present application, for example, n=128, 256, 512, or 1024.

Optionally, between the last OSU frame included in one encryption period and the first OSU frame included in the next encryption period of the encryption period are two adjacent OSU frames in the payload of the OPU frame. That is to say, multiple consecutive encryption periods occupy multiple consecutive bytes (or bits) in the payload of one or more OPU frames.

Optionally, the plurality of data in one encryption cycle may be user service data, or the payload of an OSU frame carrying service data, which is not limited in this application. In other words, the sender can map multiple data to the payloads of multiple OSU frames in one encryption period, and encrypt the payloads of multiple OSU frames one by one according to the encryption and decryption control information; Encrypt and decrypt control information, encrypt multiple data in one encryption cycle one by one, and map the encrypted multiple data to the payload of multiple OSU frames. It can be understood that each OSU frame carries one piece of encrypted data.

For example, assuming that an encryption cycle includes 256 consecutive OSU frames, in one encryption cycle, the sender can map the user's service data into the payload of 256 consecutive OSU frames, and then or, the sending end can divide the user's business data into 256 parts, and the size of each business data is the same as the size of the payload (185 bytes) of an OSU frame, and then, these 256 business data The data is encrypted one by one, and the encrypted service data is mapped to the payload of 256 consecutive OSU frames.

Optionally, in order to encrypt the overhead of the OSU frame, the data in one encryption period may be an OSU frame (including payload and overhead) carrying service data. In this way, not only the payload of the OSU frame can be encrypted, but also the overhead of the OSU frame can be encrypted, so as to further improve the security of data transmission.

In some possible embodiments, the above S1001, according to the encryption and decryption control information, encrypts a plurality of data in one encryption cycle one by one, which may include the following steps 1 and 2:

Step 1: Generate multiple cipher blocks according to the encryption and decryption control information.

Wherein, the total number M of bits of multiple cipher blocks is greater than or equal to the total number N of bits of multiple data, and both M and N are positive integers.

Take the sending end mapping the user's service data into the payload of 256 consecutive OSU frames, and then encrypting the payloads of these 256 OSU frames one by one as an example, because the length of the payload of 256 OSU frames is 185*256 bytes, the length of one cipher block is 128 bits (16 bytes), therefore, the sender can generate at least 185*256/16=2960 cipher blocks according to the initial vector and key generation. It should be noted that the specific process of generating a cipher block based on the initial vector and the key at the sending end can refer to the relevant description of "AES Advanced Encryption Standard" in the introduction of the above technical terms, and will not be repeated here.

Optionally, 0≤M-N<k2, where k2 is the length of a cipher block. In other words, the difference between the total number M of bits of multiple cipher blocks and the total number N of bits of multiple data is smaller than the length of one cipher block and greater than or equal to zero. For example, if the number of multiple cipher blocks is k1, the length of each cipher block is k2, the number of multiple data is k3, and the length of each data is k4, then the total number of bits of multiple cipher blocks is M=k1* k2, the total number of bits of multiple data is N=k3*k4. Therefore, the multiple cipher blocks generated by the sending end according to the encryption and decryption control information satisfy the following condition: 0≦k1*k2−k3*k4<k2. In this way, the sending end can generate as few cipher blocks as possible under the premise of ensuring that the total number M of bits of the generated cipher block is greater than or equal to the total number N of bits of multiple data, so as to further improve the encryption efficiency.

It can be understood that when the total number M of bits of multiple cipher blocks is equal to the total number N of bits of multiple data, the number of cipher blocks generated by the sender is the least, thereby further reducing processing time and improving encryption efficiency.

Step 2, using N bits in the multiple cipher blocks to encrypt multiple data bit by bit.

Wherein, the calculation method of bit-wise encryption may be determined by the encryption algorithm used by the sending end. For example, when the sending end uses the AES encryption algorithm to encrypt data, the calculation method of bitwise encryption is XOR operation, and the operation symbol of XOR operation is

Specifically, the sending end can obtain N bits used for encrypting data from M bits of multiple cipher blocks according to the first encryption rule, and use the N bits according to the second encryption rule to bitwise encryption.

The first encryption rule may be understood as a rule for obtaining N bits from M bits of multiple cipher blocks, for example, the first encryption rule may be a generation sequence of cipher blocks. Specifically, obtaining N bits used for encrypting data from M bits of multiple cipher blocks according to the first encryption rule may include the following implementation manners:

Mode 1, according to the generation sequence of the cipher blocks, the first N bits among the M bits of the multiple cipher blocks are determined as the N bits used for the encrypted data. For example, assuming that the _M bits of a plurality of _cipher blocks include _c ₁ , c ₂ , .

Mode 2, according to the generation sequence of the cipher blocks, the last N bits among the M bits of the multiple cipher blocks are determined as the N bits used for the encrypted data. For example, assuming that the M bits of a plurality of cipher blocks include c ₁ , c ₂ , ..., c _M in the order of generation of the cipher blocks, c _T to c _M can be determined as the N bits used for encrypting data, M- T+1=N.

The second encryption rule may be understood as a rule for bitwise encrypting a plurality of data using N bits, for example, the second encryption rule may be a generation sequence of cipher blocks. Specifically, according to the second encryption rule and using the N bits, bitwise encryption of multiple data may include the following implementation manners:

Mode 3, using the i-th bit among the N bits to encrypt the i-th bit among the plurality of data, where i is a positive integer, and i≤N. For example, assuming that the N bits in multiple cipher blocks include c ₁ , c ₂ , ..., c _N , and the multiple data include the following N bits p ₁ , p ₂ , ..., p _N , then the encrypted data includes the following N bits

Mode 4, using the Ni-th bit among the N bits to encrypt the i-th bit among the plurality of data, where i is a positive integer, and i≤N. For example, assuming that the N bits in multiple cipher blocks include c ₁ , c ₂ , ..., c _N , and the multiple data include the following N bits p ₁ , p ₂ , ..., p _N , then the encrypted data includes the following N bits

It should be noted that the first encryption rule and the second encryption rule can be configured by the user or determined through negotiation between the sending end and the receiving end, and this application does not limit the specific implementation of the first encryption rule and the second encryption rule. Of course, in order for the receiving end to correctly decrypt multiple data, the sending end and the receiving end need to use the same first encryption rule and second encryption rule.

It can be understood that the above modes 1 to 4 can provide a variety of ways to encrypt multiple data using N bits in multiple cipher blocks, so as to realize separate encryption of multiple OSU frames carried by ODUk frames and improve data security. .

In some possible embodiments, the sending end may use the i-th bit of the multiple cipher blocks in the generation order of the multiple cipher blocks to encrypt the i-th bit in the multiple data, where i is a positive integer and i≤N. For example, assume that multiple cipher blocks include the following M bits c ₁ , c ₂ , ..., c _M in order of generation, and multiple data include the following N bits p ₁ , p ₂ , ..., p _N , where M≥N , then the encrypted data includes the following N bits

Taking an encryption period including 256 consecutive OSU frames as an example, and the OSU bus is 12*128 bits (192 bytes) as an example, the sending end can encrypt one OSU frame each time. In one OSU frame, the payload (185 bytes) of the OSU frame needs to be encrypted, and the overhead (7 bytes) of the OSU frame may not be encrypted. When only the payload of the OSU frame is encrypted, since the length of one encrypted block is 16 bytes, 11.5625 encrypted blocks are required to encrypt the payload of one OSU frame. For example, to encrypt the payload of the first OSU frame, 12 encryption blocks need to be generated. After these 12 encryption blocks encrypt the payload of the first OSU frame, there are still 7 bytes that are not used to encrypt the first OSU The payload of the frame. In order to improve the utilization rate of the cipher block, the bytes in the 12 cipher blocks that are not used to encrypt the payload of the first OSU frame can be used to encrypt the payload of the next OSU frame, that is, the second OSU frame. By analogy, the cipher blocks used to encrypt the payload of the kth OSU frame include: the unused cipher blocks among the multiple cipher blocks used to encrypt the payload of the k-1th OSU frame, and the sending end An unused cipher block among multiple cipher blocks generated. Wherein, k is a positive integer, and k is less than or equal to the number of multiple OSU frames. In other words, when encrypting the payload of the k-1th OSU frame, if there are unused cipher blocks among the multiple cipher blocks used to encrypt the payload of the k-1th OSU frame, the The unused bits in the unused cipher block encrypt the payload of the kth OSU frame. In this way, it is possible to avoid wasting cipher blocks and reduce the number of generated cipher blocks, thereby reducing processing time and improving encryption efficiency.

The implementation manner in which the sending end encrypts the i-th bit of the plurality of data by using the i-th bit of the plurality of cipher blocks according to the generation sequence of the plurality of cipher blocks will be described in detail below in conjunction with the accompanying drawings.

Fig. 11 is a schematic diagram of encrypting the payload of 256 consecutive OSU frames by using multiple cipher blocks according to the embodiment of the present application. Please refer to FIG. 11 , the payloads of 256 consecutive OSU frames have been mapped to user service data. Assuming that the length of the payload of each OSU frame is 185 bytes, and the length of one cipher block is 16 bytes, then the sender can generate 2960 cipher blocks, and these 2960 cipher blocks include CB1, CB2, ... in the order of generation , CB2960. And, the sender can use the generated cipher block to encrypt the payloads of the 256 consecutive OSU frames. Specifically, taking the payload encryption of the k-th OSU frame among 256 consecutive OSU frames as an example, k is a positive integer, and k≤256. The sending end may determine a frame-crossing cipher block, where the frame-crossing cipher block is an incompletely used cipher block among the multiple cipher blocks used to encrypt the k-1th OSU frame. Then, the sending end may encrypt the payload of the k-th OSU frame by using the cross-frame cipher block and unused cipher blocks among the generated multiple cipher blocks. For example, when k=1, there is no cross-frame cipher block, so the sender can use 12 cipher blocks (including CB1 to CB12) to encrypt the payload of the first OSU frame, wherein all bits of CB1-CB11 are used To encrypt the payload of the first OSU frame, 9 bytes of CB12 are used to encrypt the payload of the first OSU frame, and the remaining 7 bytes of CB12 are not used to encrypt the payload of the first OSU frame. When k=2, the cross-frame cipher block is CB12, so that the sender can use the 7 bytes of CB12 that are not used to encrypt the payload of the first OSU frame and CB13 to CB24 to encrypt the net of the second OSU frame charge. By analogy, the specific description of the payload encryption of the k-th OSU frame will not be repeated here.

It can be understood that, based on the implementation shown in FIG. 11 , when the length of the payload of an OSU frame is not an integer multiple of the length of the encrypted block, the i-th bit of the multiple encrypted blocks is used above, and the i-th bit in the multiple data The implementation of bit encryption can realize that the incompletely used cipher blocks among the multiple cipher blocks used to encrypt the payload of an OSU frame can encrypt the payload of the next OSU frame, so that one cipher block can encrypt data across frames , thereby avoiding wasting cipher blocks, reducing the number of generated cipher blocks, thereby reducing processing time, and further improving encryption efficiency.

It should be noted that the above step 1 and step 2 can be executed in parallel, so as to improve encryption efficiency. For example, assuming that the length of a cipher block is 16 bytes, then in the process of performing the above step 1, the sender can use the cipher block to encrypt the unencrypted 16 bytes in the multiple data every time a cipher block is produced. bit encryption. Of course, the above step 1 may also be performed prior to step 2, which is not limited in this application.

Based on the description of the

above steps

1 and 2, it can be seen that the sending end can also generate as few cipher blocks as possible under the premise of ensuring that the total number of bits M of the generated cipher block is greater than or equal to the total number of bits N of multiple data, so as to improve the encryption efficiency . In addition, the sender can use a cipher block with the same length as the multiple data to encrypt multiple data, thereby avoiding wasting cipher blocks, reducing the number of generated cipher blocks, reducing processing time, and further improving encryption efficiency.

In the steps shown in the above S1001, the sending end can also encrypt multiple OSUv frames in one encryption cycle one by one according to the encryption and decryption control information. The frame is enough, so I won’t repeat it here.

In the embodiment of the present application, the encryption and decryption control information used by the sending end and the receiving end need to be consistent, so that the receiving end can correctly decrypt the ciphertext and obtain the plaintext corresponding to the ciphertext. Moreover, the encryption and decryption control information needs to be updated every time the plaintext is encrypted, so as to ensure that the encryption and decryption control information used for each encryption of the plaintext is not repeated.

In practical applications, the AES encryption algorithm is used for encryption and decryption. The encryption and decryption control information includes the initial vector and the key. For example, each time a cipher block is used to encrypt the plaintext, the initial vector needs to be updated, and every time after a period of time, the initial vector needs to be updated. Update the key once. Among them, the initial vector can be generated by a counter. Since the number generated by the counter has an upper limit, the key needs to be updated before the number generated by the counter reaches the upper limit, so as to ensure that the key and initial vector used for each encryption of plaintext are not repeated. In this way, the same plaintext block can be prevented from being encrypted into the same ciphertext block all the time, thereby improving data security.

In order to make the encryption and decryption control information used by the sending end and the receiving end consistent, each time the encryption and decryption control information is updated, the sending end needs to send indication information of the updated encryption and decryption control information to the receiving end. Wherein, the indication information of the encryption and decryption control information may be determined by the encryption algorithm used by the sender. Exemplarily, when the sending end uses the AES encryption algorithm for encryption, the indication information of the encryption and decryption control information is used to indicate the initial vector and the key. In other words, the indication information of the encryption and decryption control information may include the indication information of the key and the indication information of the initial vector, the indication information of the key may include the handover indication information and the key data stream, and the handover indication information is used to indicate the The switching position (that is, the time point of the next key period), and the key data flow at the sending end can be determined by the key (or called key value) and a certain security algorithm, and the security algorithm here is not limited. The receiving end can obtain the key value according to the key data flow, and use the key value as the key used in the next key cycle. Wherein, for the relevant description of the handover indication information, reference may be made to the description in step 3.

Optionally, each time when the encryption and decryption control information is updated, the sending end may use multiple OSU frames within one encryption cycle to send indication information of the updated encryption and decryption control information to the receiving end. After receiving the indication information of the encryption and decryption control information from the transmission end, the receiving end may determine the updated encryption and decryption control information according to the indication information. In other words, multiple OSU frames within one encryption period may carry indication information of encryption and decryption control information.

Wherein, the above-mentioned key data flow can be restored to a key through a corresponding security algorithm at the receiving end, which can prevent the key from being transmitted in the network in plain text and improve data security. Taking the encryption and decryption using the AES encryption algorithm as an example, the indication information of the encryption and decryption control information may include: some data of the initial vector (such as the inter-frame counter), the key data stream determined according to the key and a certain security algorithm, and the switching instruction information.

The above-mentioned key data flow, partial data of the initial vector, and switching instruction information can all be transmitted through the overhead of multiple OSU frames in one encryption cycle, where the overhead of multiple OSU frames in one encryption cycle can be called monitoring A management overhead domain, the monitoring management overhead domain may include a key security management channel (key exchange communication channel, KCC). Specifically, the above-mentioned key data flow may be transmitted through the key security management channel, and the above-mentioned partial data of the initial vector and handover instruction information may be transmitted through part of the overhead in the monitoring and management overhead domain. The key security management channel may also be called a key exchange communication channel. For the implementation of transmitting the key data stream, partial data of the initial vector, and switching instruction information through the overhead of multiple OSU frames in one encryption cycle, refer to the relevant descriptions in Table 4-Table 7 below, and will not repeat them here.

The implementation manner in which multiple OSU frames within one encryption cycle carry the indication information of the encryption and decryption control information will be described in detail below with reference to the structure example of the initialization vector.

Table 4 shows the structure of an initial vector provided by the embodiment of this application. Please refer to Table 4, the initial vector includes 128 bits, from the most significant bit (most significant bit, MSB) to the least significant bit (least significant bit, LSB) including: 32-bit configuration value (cfg_iv_fix), 32-bit inter-frame counter ( intra_mf_cnt), 32-bit inter-frame counter, 17 0-bits, and 15-bit intra-frame counter (inter_mf_cnt). Wherein, the configuration value may be a fixed value and may be configured by a user. The inter-frame counter can be generated by the sending end, and the value of the inter-frame counter increases by 1 every time an encryption period passes. The intra-frame counter starts counting from 1 in each encryption cycle, and the value of the intra-frame counter increases by 1 every time an encrypted block is generated. It should be noted that the initial vector in Table 4 includes 2 identical inter-frame counters.

Table 4

Table 5 shows the structure of another initial vector provided by the embodiment of this application. Please refer to Table 5, the initial vector includes 128 bits, including: 32-bit configuration value, 32 0-bits, 32-bit inter-frame counter, 17 0-bits and 15-bit intra-frame counter from the most significant bit to the least significant bit. For descriptions of configuration values, inter-frame counters, and intra-frame counters, reference may be made to relevant descriptions in Table 4 above, and details will not be repeated here. The difference between the initial vectors shown in Table 5 and the initial vectors shown in Table 4 is that the inter-frame counters do not repeat. It can be understood that Table 4 and Table 5 provide two structural examples of initial vectors, and this application does not limit the specific structure of initial vectors.

table 5

Among them, the sending end and the receiving end can be configured with the same configuration value, and the intra-frame counter starts counting from 1 within an encryption period, so that the sending end can only send the inter-frame counter to the receiving end, and the receiving end can determine according to the inter-frame counter Generate an initial vector within an encryption cycle. In other words, the indication information of the encryption and decryption control information may include: the 32-bit inter-frame counter of the initial vector shown in Table 4 or Table 5 above, the key data stream determined according to the key and a certain security algorithm (for example, using RSA encryption algorithm encrypted key), and switching instruction information. In practical applications, the indication information of the encryption and decryption control information may be carried in the overhead of multiple OSU frames in one encryption cycle.

In order to implement data integrity verification and improve data security, optionally, multiple OSU frames may carry authentication information. Wherein, the authentication information may be determined by encryption and decryption control information and multiple encrypted data (ie, ciphertext). For example, when the sender uses the AES encryption algorithm to encrypt data, the sender can use the key, initial vector, ciphertext, and authentication identifier generation function to generate an authentication identifier and use the authentication identifier as authentication information. Specifically, for the method of generating the authentication identifier, reference may be made to the relevant description of "GCM mode of AES" in the introduction of the above technical terms, and details are not repeated here. In practical applications, the above authentication information may be carried in the overhead of multiple OSU frames within one encryption period. In this way, the receiving end can judge whether the encrypted data has been tampered with in the transmission process according to the authentication information, so as to realize the integrity verification of the data and improve the data security.

S1002. The sending end sends multiple OSU frames within one encryption cycle to the receiving end. The receiving end receives multiple OSU frames within one encryption period from the sending end.

Wherein, the process of sending OSU frames at the sending end and receiving OSU at the receiving end can refer to the relevant description about the OTN device sending and receiving data in FIG. 2 above, and will not be repeated here.

S1003. The receiving end decrypts the multiple encrypted data one by one according to the encryption and decryption control information.

Wherein, the algorithm used by the receiving end to decrypt the multiple encrypted data one by one is consistent with the algorithm used by the sending end. For example, when the sending end uses the AES encryption algorithm to encrypt data, the receiving end uses the same AES encryption algorithm to decrypt the encrypted data. For specific implementation manners of S1003, reference may be made to relevant descriptions in S1001 above, and details are not repeated here.

In order to make the encryption and decryption control information used by the sending end and the receiving end consistent, the sending end not only sends the indication information of the encryption and decryption control information to the receiving end, but also needs to switch keys synchronously between the sending end and the receiving end. In order to achieve the purpose of synchronously switching keys between the sending end and the receiving end, in some possible embodiments, the encrypted transmission method provided in the embodiment of the present application may also include the following steps:

Step 3, the sending end sends handover indication information to the receiving end. The receiving end receives the handover indication information sent from the sending end.

Wherein, the switching indication information is used to indicate the key of the next key period. A key period includes multiple encryption periods, and the multiple encryption periods use the same key. For example, the key period includes w encryption periods, where w is a positive integer. For example, w=128, 256, 512 or 1024, etc. It should be noted that the length of the above-mentioned key period is less than the length of one cycle count of the inter-frame counter. For example, assuming that the inter-frame counter starts counting from 0, its counting upper limit is 65535, that is, the number of bits of the inter-frame counter is 16 bits. Then, the length of the key period is less than 65535 encryption periods.

In some possible implementation manners, the switching instruction information may indicate the next key period. Exemplarily, FIG. 12 is a schematic diagram 1 of synchronous key switching between the sending end and the receiving end provided by the embodiment of the present application. Referring to Figure 12, the process of synchronously switching keys between the sending end and the receiving end may include:

S1201. Prepare a key. Specifically, the sending end may first generate a key for the next key period, and determine a key data stream of the key according to the key. Then, the sending end can send the key data stream to the receiving end through the key security management channel. After receiving the key data stream from the sender, the receiver can restore the key according to the key data stream. And, the receiving end writes the restored key into the backup key area, and waits for the key switching instruction.

Optionally, after the receiving end restores the key, it may send key switching information to the sending end through the key security management channel. In this way, the sending end can judge whether the receiving end has completed the restoration of the key according to the information about the ready to switch key, so as to ensure that the sending end sends switching instruction information after the receiving end restores the key, and ensures that both parties can switch the key synchronously.

S1204. The sending end sends switching instruction information to the receiving end, and the receiving end receives the switching instruction information from the sending end.

For example, assuming that both the sending end and the receiving end currently use key 0 for encryption and decryption, the sending end can send switching instruction information to the receiving end, and the switching instruction information is used to indicate that the key of the next key cycle is the key 1. And, the sender uses key 1 to encrypt the data in the next key cycle. After receiving the switching instruction information from the sending end, the receiving end uses key 1 to decrypt the data in the next key cycle.

Optionally, after the key is switched synchronously, the receiving end and the sending end can also clear the inter-frame counter to enter the encryption and decryption of the next key period.

Wherein, the handover instruction information may be carried in other part of the overhead except the key security management channel in the monitoring and management overhead field.

In the embodiment of this application, two keys can be maintained between the sending end and the receiving end, namely the primary key and the backup key. The primary key is the key currently used, and the backup key is used for the next key period. key. Assuming that the current key 0 is the primary key and key 1 is the backup key, in the first key cycle, both the sending end and the receiving end use key 0 for encryption and decryption. At this time, key 1 is the backup key, and the sending end updates key 1 and sends key 1 to the receiving end through KCC, and both the sending end and the receiving end update key 1 to the backup key area. In the second key period, through the above-mentioned switching instruction information, the sending end and the receiving end use the key 1 in the backup key area synchronously, that is to say, switch the used key from key 0 to key 1. At this point, key 0 is the backup key, and the sender updates key 0 and sends key 0 to the receiver through KCC, and both the sender and receiver update key 0 to the backup key area. In the third key period, through the above-mentioned switching instruction information, the sending end and the receiving end use the key 0 in the standby key area synchronously, that is to say, switch the used key from key 1 to Key 0, and so on, the key switching of the subsequent key cycle will not be repeated. In this way, the timing and synchronous update of the key can be realized. It can be seen from the above process that the backup key can be updated before the key switching is started, so as to ensure data security.

Based on the description of step 3, it can be seen that in this embodiment, the key can be switched synchronously between the sending end and the receiving end through the switching indication information. In this way, after a period of time, such as one or more encryption cycles, the key can be switched synchronously between the sending end and the receiving end to prevent the same plaintext block from always being encrypted into the same ciphertext block, thereby improving data security .

Optionally, in step 3, before the sending end sends switching indication information to the receiving end, the encryption transmission method provided in the embodiment of the present application may further include: the sending end sends key switching request information to the receiving end, and the receiving end receives the key switching request information from the sending end. end key switching request information. Wherein, the key switching request information is used to instruct the receiving end to feed back key switching confirmation information. The receiving end sends key switching confirmation information to the sending end, and the sending end receives the key switching confirmation information from the receiving end. Wherein, the key switching confirmation information is used to instruct the sending end to send switching indication information, indicating that the backup key of the receiving end has been updated.

Exemplarily, please refer to FIG. 12 again, S1201. After the key is prepared, the above-mentioned process of synchronously switching the key between the sending end and the receiving end may also include:

S1202. The sending end sends key switching request information to the receiving end, and the receiving end receives the key switching request information from the sending end.

S1203. The receiving end sends key switching confirmation information to the sending end, and the sending end receives the key switching confirmation information from the receiving end.

For example, the sending end may send key switching request information to the receiving end. After receiving the key switching request information, the receiving end may send key switching confirmation information to the sending end to notify the sending end that keys can be switched synchronously. In this way, before the sending end sends the switching indication information to the receiving end, the sending end and the receiving end can also use the key switching request information and the key switching confirmation information to confirm whether the communication between the two parties is normal, so as to prevent the sending end from communicating with the receiving end. The key is not switched synchronously, so as to ensure that the key can be switched synchronously between the sender and the receiver to further improve data security.

Optionally, the above-mentioned key switching completion information, key switching request information, and key switching confirmation information can be carried in the key security management channel, or in other part of the overhead in the monitoring and management overhead field except the key security management channel , which is not limited in this application.

Optionally, in step 3, after the sending end sends switching indication information to the receiving end, the encrypted transmission method provided in the embodiment of the present application may further include: the receiving end sends key switching completion information to the sending end. The sending end receives the key switching completion information from the receiving end. Wherein, the key switching completion information is used to instruct the receiving end to complete the key switching.

For example, please refer to FIG. 12 again. In S1204, the sending end sends switching instruction information to the receiving end, and after the receiving end receives the switching instruction information from the sending end, the above-mentioned process of synchronously switching keys between the sending end and the receiving end can also be include:

S1205. The receiving end sends key switching completion information to the sending end, and the sending end receives the key switching completion information from the receiving end.

For example, the sending end and the receiving end not only switch the key used from key 1 to key 2 synchronously, but the receiving end can also send key switching completion information to the sending end. In this way, the sending end can judge whether the receiving end has completed the synchronous key switching according to the key switching completion information, so as to ensure that the key can be switched synchronously between the sending end and the receiving end, so as to further improve data security.

It should be noted that in the above step 3, when the sending end sends the switching instruction information to the receiving end, it may send the switching instruction information in multiple consecutive encryption periods. When receiving the key switching completion information from the receiving end, the sending end stops sending switching instruction information. In this way, even if the first handover indication information is not correctly received by the receiving end due to accidental packet loss, the receiving end can still receive handover indication information after the first handover indication information, so as to ensure the reliability of the synchronous handover key.

During the process of exchanging key switching request information, key switching confirmation information, switching instruction information, and key switching completion information between the sender and the receiving end, the key switching request information, key switching confirmation information, and key switching completion information It can be realized through the KCC or the overhead other than the KCC in the monitoring and management overhead domain, which is not limited in this application.

The transmission between the sender and the receiver is a two-way service. Therefore, the receiver can also send information to the sender through overhead. The information here can include the above-mentioned key switching completion information and key switching confirmation information. At the same time, the above-mentioned KCC channel is also bidirectional, therefore, the KCC channel can also return some information for confirmation, such as the information about preparing to switch the key in the above-mentioned S1201.

Based on the above method embodiments, it can be seen that the overhead of multiple OSU frames in one encryption period can be used to carry one or more of the following information: indication information of encryption and decryption control information, authentication information, key switching completion information, key switching Request information and key switching confirmation information. Wherein, the indication information of the encryption and decryption control information may include the indication information of the initial vector and the indication information of the key, and the indication information of the key may include: switching indication information and a key data flow. The switching indication information, key switching completion information, key switching request information, and key switching confirmation information may be collectively referred to as key synchronization information. The instruction information, authentication information, key switching completion information, key switching request information, and key switching confirmation information of the encryption and decryption control information may be collectively referred to as monitoring and management information.

Specifically, the sender can write one or more pieces of information into the monitoring and management overhead field: indication information of encryption and decryption control information, authentication information, key switching completion information, key switching request information, and key switching confirmation information. Wherein, the monitoring management overhead field may include a partial overhead of each OSU frame in a plurality of OSU frames within one encryption period. Exemplarily, assuming that an encryption period includes 256 OSU frames, the monitoring and management overhead field may include part of the overhead of each OSU frame in the 256 OSU frames in an encryption period, for example, the reserved value in the overhead field of each OSU frame 1 bit in (reserve, RES) overhead. In other words, part of the overhead of each OSU frame in the 256 OSU frames in one encryption cycle is combined together as the monitoring and management overhead field.

Taking 1 bit of the RES of each OSU frame in 256 OSU frames in one encryption period combined together as an example of the monitoring and management overhead field, the length of the monitoring and management overhead field is 256 bits. In some possible embodiments, Table 6 is an information table carried in the monitoring management overhead field provided by the embodiment of the present application. Please refer to Table 6. The monitoring and management overhead field includes frame alignment signal (frame alignment signal, FAS), inter-frame counter (that is, the indication information of the initial vector), switching indication information (key_sw), key switching request information (key_sw_req), encryption Key switching confirmation information (key_sw_ack), key switching completion information (key_sw_ok), authentication information, key indication information and reserved overhead. Wherein, the frame alignment signal is used to determine the starting position of the monitoring and management overhead field within an encryption period, and the reserved overhead is used to carry information corresponding to the newly added management and maintenance function. The switching indication information is used to indicate the key to be used in the next key cycle, for example, the switching indication information changes from "0000 (hexadecimal number)" to "FFFF (hexadecimal number)", indicating the key to be used to switch. Specifically, for example, the current master key is key 0, the backup key is key 1, and the switching indication information in the nth encryption cycle is "0000 (hexadecimal number)", if the n+1th In the first encryption cycle, the switching indication information changes from "0000 (hexadecimal number)" to "FFFF (hexadecimal number)", then the sending end and the receiving end can be at the frame header of the n+2th encryption cycle Switch the key used from key 0 to key 1. At this time, the n+2th encryption cycle is the first encryption cycle of the next key cycle. For detailed descriptions of the inter-frame counter, key switching request information, key switching confirmation information, key switching completion information, authentication information, and key indication information, reference may be made to the foregoing method embodiments, and details are not repeated here.

Table 6

监控管理开销域Monitor Administrative Overhead Domains	携带的信息carry information
第224比特-第255比特Bit 224 - Bit 255	帧对齐信号frame alignment signal
第192比特-第223比特Bit 192 - Bit 223	帧间计数器inter frame counter
第176比特-第191比特Bit 176 - Bit 191	切换指示信息switch instructions
第168比特-第175比特Bit 168 - Bit 175	密钥切换请求信息Key switching request information
第160比特-第167比特Bit 160 - Bit 167	密钥切换确认信息Key switching confirmation message
第152比特-第159比特Bit 152 - Bit 159	密钥切换完成信息key switching completion message
第24比特-第151比特Bit 24 - Bit 151	认证信息Certification Information
第8比特-第23比特8th bit - 23rd bit	密钥安全管理通道(KCC)Key Security Management Channel (KCC)
第0比特-第7比特Bit 0-bit 7	保留开销retention overhead

It should be noted that in practical applications, the length and format of the handover indication information in Table 6 above may be modified. Specifically, the length of the handover indication information in Table 6 is 16 bits. Optionally, the length of the handover indication information may be less than 16 bits, such as 14 bits, 10 bits, etc., which is not limited in this application. Of course, the length and format of other information in Table 6 (including key switching request information, key switching confirmation information, key switching completion information, etc.) can be modified like the above switching instruction information. For specific modification methods, please refer to The above handover instruction information will not be described in detail here.

Wherein, for the key synchronization information in Table 6, the value of the key synchronization information may be determined in a majority decision manner. Taking the handover instruction information as an example, assuming that the length of the handover instruction information is 16 bits, when the sending end sends the handover instruction information with the value "FFFF (hexadecimal number)" to the receiving end, if the channel quality suddenly deteriorates, the receiving end The handover indication information received by the end is "FFF0 (hexadecimal number)", which is equivalent to the jump of some bits in the handover indication information. At this time, since there are 12 bits 1 and 0 bits 4, and bit 1 is the majority, the receiving end can still determine that the switching indication information is actually "FFFF (hexadecimal number)", and perform synchronization key switching according to the switching indication information. In this way, the reliability of information transmission can be ensured.

In some other possible embodiments, Table 7 is another information table carried in the monitoring management overhead field provided by the embodiment of the present application. Please refer to Table 7, the monitoring management overhead field includes frame alignment signal, authentication information, key indication information, switching indication information, encryption type indication information, inter-frame counter and reserved overhead. Wherein, the indication information of the key includes 16 bits, the upper 8 bits of the indication information of the key are located in the 95th to the 88th bits of the monitoring and management overhead domain, and the lower 8 bits of the indication information of the key are located in the 8th bit of the monitoring and management overhead domain. 87th bit - the 80th bit. The encryption type indication information is used to indicate the encryption algorithm used, for example, when the sending end uses the AES encryption algorithm, the encryption type indication information may be "000001". Wherein, the handover instruction information in Table 7 may also be called a key number (key index, KI). The key number includes 2 bits, for example, when the key number is "00", it indicates that the next encryption period (or multiframe period) uses the first key (key 0), when the key number is "01" , indicating that the next encryption period (or multiframe period) uses the second key (key 1). For detailed descriptions of the frame alignment signal, authentication information, inter-frame counter, and reserved overhead, reference may be made to the foregoing method embodiments, and details are not repeated here.

Table 7

监控管理开销域Monitor Administrative Overhead Domains	携带的信息carry information
第224比特-第255比特Bit 224 - Bit 255	帧对齐信号frame alignment signal
第96比特-第223比特Bit 96 - Bit 223	认证信息Certification Information
第80比特-第95比特80th bit - 95th bit	密钥安全管理通道(KCC)Key Security Management Channel (KCC)
第78比特-第79比特Bit 78-Bit 79	切换指示信息switch instructions
第72比特-第77比特Bit 72-Bit 77	加密类型指示信息Encryption type indication
第40比特-第71比特Bit 40 - Bit 71	帧间计数器inter frame counter
第0比特-第39比特Bit 0-bit 39	保留开销retention overhead

It can be understood that in the above method of carrying monitoring and management information by using the monitoring and management overhead field, the monitoring and management overhead field is equivalent to a transmission channel for transmitting monitoring and management information, and the sending end and the receiving end can use this transmission channel to realize the interaction of monitoring and management information For example, the transmission of the indication information of the encryption and decryption control information and the key synchronization information in the above method embodiment is realized. In Table 6, by monitoring the switching instruction information, key switching request information, key switching confirmation information, key switching completion information, etc. in the management overhead field, the sending end and the receiving end can realize the transmission of key switching related information synchronously, This transmission method can be called a hardware handshake. In addition, key switching request information, key switching confirmation information, and key switching completion information can be transmitted through the KCC channel and implemented by software control. This transmission method can be called a software handshake.

The difference between Table 7 and Table 6 is that there is no key switching request information, key switching confirmation information, and key switching completion information in Table 7, which can save the hardware handshake process. Specifically, when using Table 7 to switch keys synchronously, the receiver only needs to restore the key, and feed back a confirmation message to the sender through the KCC to inform the sender that the key can be switched synchronously. That is, the key can be switched synchronously, so that the handshake process can be simplified compared with the way of switching the key synchronously shown in Table 6.

The implementation of synchronously switching keys between the sending end and the receiving end in the above step 3 will be described below in conjunction with Table 6 and Table 7 respectively.

When the monitoring and management overhead field shown in Table 6 is used to carry key synchronization information, the implementation of synchronously switching keys between the sending end and the receiving end is as follows:

FIG. 13 is a schematic diagram of a state machine for synchronously switching keys between the sending end and the receiving end provided by the embodiment of the present application. Please refer to Figure 13, both the sending end and the receiving end enter the initial state by default, and then the configuration starts, and each enters the next state. Among them, the sending end enters the sending request state, and the receiving end enters the waiting request state. The sending end is in the sending request state, and can send key switching request information to the receiving end. The receiving end is in the waiting request state, and if it receives the key switch request information from the sending end, it will enter the sending confirmation state. The receiving end can send key switching confirmation information to the sending end in the sending confirmation state. The sending end is in the sending request state, and if it receives the key switching confirmation information from the receiving end, it will enter the sending switching instruction state. The sending end can send switching instruction information to the receiving end in the state of sending the switching instruction, and switch the currently used key to the key indicated by the switching instruction information in the next key period, for example, assuming that the sending end and the receiving end are currently using The key is the first key, and the second key needs to be used in the next key cycle, then the sending end sends the second key switching instruction information to the receiving end, and the sending end will switch the key used in the next key cycle as the second key. The receiving end is in the state of sending confirmation, and if it receives switching instruction information from the sending end, it can enter the state of completing key switching. The receiving end can send key switching completion information to the sending end when the key switching is completed, and switch the currently used key to the key indicated by the switching instruction information in the next key period, and return to the initial state. The sending end is in the state of sending the switching instruction, and if it receives the key switching completion information from the receiving end, it will enter the initial state.

Exemplarily, FIG. 14 is a second schematic diagram of synchronous key switching between the sending end and the receiving end provided in the embodiment of the present application. Please refer to FIG. 14 , assuming that the key currently used by the sender and the receiver is key 0, the next key period starts from the nth encryption period, and the key to be used in the next key period is key 1. The sending end may send key 1 switching instruction information to the receiving end in the (n+1) encryption cycle, and the sending end switches the key used to key 1 in the (n+2) encryption cycle. When the receiving end receives the switching instruction information of key 1 from the sending end in the n+1 encryption period, it can switch the used key to key 1 in the n+2 encryption cycle, and send the encryption key to the sending end key switching completion information, thereby completing the synchronous key switching between the sender and the receiver. Wherein, the switch instruction information may indicate to switch the currently used key to the indicated key in the next encryption cycle. The judgment method for the receiving end to receive the switching indication information may be: the switching indication information in the nth encryption cycle "0000 (hexadecimal number)", the switching indication information in the n+1th encryption cycle from " 0000 (hexadecimal number)" is changed to "FFFF (hexadecimal number)", then the receiving end determines that the switching instruction information is received, and switches the key at the frame header of the n+2th encryption cycle.

Wherein, if timeout occurs (such as exceeding the waiting time threshold), both the sending end and the receiving end will perform a state jump, jumping from the current state to the initial state. If the configuration is enabled, the sender will jump from the current state to the sending request state, and the receiving end will jump from the current state to the waiting request state. The above configuration startup can be understood as starting the synchronous key switching.

In the above-mentioned Fig. 13 and Fig. 14, when the switching instruction is sent and the sending end sends the switching instruction information to the receiving end, the switching instruction information may be sent in multiple consecutive encryption cycles. And, when receiving the key switching completion information from the receiving end, the sending end stops sending the switching instruction information.

When the monitoring and management overhead field shown in Table 7 is used to carry key synchronization information, the implementation of synchronously switching keys between the sending end and the receiving end is as follows:

FIG. 15 is a third schematic diagram of synchronous key switching between the sending end and the receiving end provided by the embodiment of the present application. Please refer to FIG. 15 , the multiframe period includes 4 encryption periods, that is to say, in one multiframe period, the sender can send OSU frames of 4 encryption periods to the receiver. KI is handover indication information. When KI=00, it indicates that key 0 is used in the next multiframe period; when KI=01, it indicates that key 1 is used in the next multiframe period. Assume that the key currently used by the sending end and the receiving end is key 0, the next key period starts from the n+2th multiframe period, and the key to be used in the next key period is key 1. The sending end may send KI=00 to the receiving end in the nth multiframe period, indicating that the key used in the n+1th multiframe period is key 0. Send KI=01 to the receiving end in the n+1 multiframe period, indicating that the key used in the n+2 multiframe period is key 1, and the key to be used in the n+2 multiframe period The key is switched to key 1. Correspondingly, the receiving end switches keys synchronously according to the value of KI, where the key used in the nth multiframe period and the n+1th multiframe period is key 0, and the key used in the n+2th multiframe period Switch the used key to key 1.

Wherein, the values of multiple KIs in one multiframe period are the same, and the receiving end may determine the values of multiple KIs in one multiframe period by means of majority decision. Assume that in the n-th multiframe period, the four KIs sent by the sender to the receiver are "01", "01", "01", and "01" respectively. If the channel quality suddenly deteriorates, the receiver at the nth The four KIs received in a multiframe period are "01", "01", "01", and "00", which is equivalent to a jump in some KIs in a multiframe period. At this time, due to the "01" There are 3 KIs, 1 KI of "00", and KI of "01" are the majority, and the receiving end can still determine that the 4 KIs in the multiframe period are "01", "01", "01", "01", and perform synchronization key switching according to these 4 KIs. In this way, the reliability of information transmission can be ensured.

It can be understood that the difference between Table 7 and Table 6 lies in that: Table 7 uses the handover indication information to implement synchronous handover keys, and the handover indication information in Table 7 only occupies a 2-bit monitoring and management overhead field. In Table 6, the reliability of the synchronous switching key can be ensured through the state machine shown in FIG. 13 . For details, refer to the relevant descriptions in FIG. 13 and FIG. 14 above. When using Table 7 to implement synchronous key switching, the sending end can send the same switching instruction information to the receiving end in multiple encryption cycles to ensure that the receiving end correctly receives the switching instruction information and ensure the reliability of the synchronous switching key. In the method of synchronous key switching shown in Table 7, after the receiving end completes the key recovery, the receiving end can feed back the key switching information through the KCC channel to inform the sending end that the key can be switched synchronously. The way of switching keys synchronously shown in Table 6 can simplify the handshake process.

In some possible embodiments, the above monitoring and management information may be transmitted through the overhead of multiple OSUv frames within one encryption period. Specifically, Table 8 is an information table of OSUv frame overhead carrying monitoring management information provided by the embodiment of the present application, and it is assumed that one encryption cycle includes 1024 OSUv frames. Referring to Table 8, VBR_POH1 and VBR_POH2 in VBR_OSUv frames (OSUv frames carrying VBR services) can respectively carry one or more of the following monitoring and management information: inter-frame counters, key synchronization information, counters for 64VBR multiframes, key security Management channel, authentication information. CBR_POH1 and CBR_POH2 in a CBR_OSUv frame (an OSUv frame carrying CBR services) can respectively carry one or more of the following monitoring and management information: inter-frame counter, key synchronization information, key security management channel, and authentication information. Wherein, "#X (X is an integer, and 0≤X≤15)" in Table 8 indicates the Xth frame in an encryption period, for example, VBR_POH1#0 indicates the 0th VBR_POH1 in an encryption period. Thus, VBR_POH1#0-#15[39:8] indicates that the 0th VBR_POH1 to the 15th VBR_POH1 in one encryption cycle all carry an inter-frame counter, and the 8th-39th bits of each VBR_POH1 are used for Carries the interframe counter. [1:0] in "CBR_POH1#0-#7[19:4][1:0]" indicates that the POH1 overhead size of the CBR frame is 2 bits, specifically, "CBR_POH1#0-#7[19:4 ][1:0]" can indicate that the 0th CBR_POH1 to the 7th CBR_POH1 in one encryption cycle all carry the inter-frame counter, and the 8th-38th bits of each CBR_POH1 are used to carry the inter-frame counter. By analogy, the meanings of other items in Table 8 will not be repeated here.

Table 8

Table 9 is an information table of another OSUv frame overhead carrying monitoring and management information provided by the embodiment of the present application, and it is assumed that one encryption period includes 1024 OSUv frames. Referring to Table 9, VBR_POH1 and VBR_POH2 in the VBR_OSUv frame (the OSUv frame carrying VBR services) can respectively carry one or more of the following monitoring and management information: inter-frame counter, switching instruction information, counter of 64VBR multiframe, key security management Channel, authentication information. CBR_POH1 and CBR_POH2 in the CBR_OSUv frame (the OSUv frame carrying the CBR service) can respectively carry one or more monitoring and management information as follows: inter-frame counter, handover instruction information, key security management channel, and authentication information. Wherein, "#X (X is an integer, and 0≤X≤15)" in Table 9 indicates the Xth frame in an encryption period, for example, VBR_POH1#0 indicates the 0th VBR_POH1 in an encryption period. Therefore, VBR_POH1#0-#15[7:6] indicates that the 0th VBR_POH1 to the 15th VBR_POH1 in one encryption cycle all carry switching instruction information, and the 6th-7th bits of each VBR_POH1 are used for Bearer handover indication information. By analogy, the meanings of other items in the table will not be repeated here.

Table 9

Since the VBR_OSUv frame in one encryption period is overhead with the multiframe header of the first 64VBR multiframe as the frame header to identify the encryption period, in order to distinguish other 64VBR multiframes in the encryption period, the 64VBR multiframe in VBR_POH1 is The frame counter is used to identify 64VBR multiframes in one encryption cycle. In other words, the above-mentioned 64VBR multiframe counter indicates which 64VBR multiframe is the current 64VBR multiframe in one encryption cycle. Since the CBR_OSUv frame in one encryption period uses the header overhead of the first 256CBR multiframe as the frame header to identify the encryption period, and one encryption period includes one 256CBR multiframe, therefore, the CBR_OSUv frame There is no counter for CBR multiframes. For the descriptions of the inter-frame counters, key synchronization information, handover instruction information, key security management channels, and authentication information in the above-mentioned Tables 8 and 9, reference may be made to the relevant descriptions in Tables 6 and 7 in the above-mentioned embodiments, and will not be repeated here. repeat.

When using the overhead of the OSUv frame shown in Table 8 to carry monitoring and management information to realize the specific implementation of synchronous key switching, reference can be made to the implementation of synchronous key switching shown in FIGS. 13-14 above. In specific implementation, the manner of carrying monitoring and management information in the above-mentioned embodiments shown in FIGS. 13-14 can be replaced with the manner of carrying monitoring and management information shown in Table 8, which will not be repeated here.

In Table 8 and Table 9 above, the VBR_OSUv frame transmits the inter-frame counter 16 times in one encryption period, and the CBR_OSUv frame transmits the inter-frame counter 8 times in one encryption period. Correspondingly, the OSU frames shown in Table 6 and Table 7 above only transmit the inter-frame counter once in one encryption cycle. Therefore, the OSUv frame overhead shown in Table 8 and Table 9 above carries monitoring and management information. Even if the first inter-frame counter is not received correctly by the receiving end due to accidental packet loss, the receiving end can still receive the first The inter-frame counter after the inter-frame counter ensures the reliability of encryption and decryption.

Among them, the VBR_OSUv frame passed the inter-frame counter 16 times in one encryption period, and the values of the 16 inter-frame counters were the same; the CBR_OSUv frame passed the inter-frame counter 8 times in one encryption period, and the values of the 8 inter-frame counters same. In this way, even if the first inter-frame counter is not correctly received by the receiving end due to accidental packet loss, the receiving end can still receive the inter-frame counters after the first inter-frame counter, which improves the reliability of encryption and decryption. In addition, it is possible to reduce the recovery time of the counter in abnormal situations.

In the above Table 9, in the overhead of the VBR_OSUv frame and the CBR_OSUv frame in one encryption period, the switching indication information may be called a key indication (key index, KI), and KI may include 2 bits, for example, when KI is "00" When KI is "01", it indicates that the next key cycle uses the first key, and when KI is "01", it indicates that the next key cycle uses the second key.

When using the overhead of the OSUv frame shown in Table 9 above to carry monitoring and management information to realize the specific implementation of synchronous key switching between the sending end and the receiving end, you can refer to the implementation of synchronous key switching shown in Figure 15 above. , which will not be described here. Of course, since KI is transmitted 16 times in a VBR_OSUv frame in one encryption period; and KI is transmitted 8 times in a CBR_OSUv frame in one encryption period, therefore, in specific implementation, the multiframe period may not be used, or That is to say, the sending end can send an OSUv frame of one encryption period to the receiving end in one transmission, and KI is transmitted 8 or 16 times in the OSUv frame of the encryption period.

Among them, KI is transmitted 16 times in VBR_OSUv frame in one encryption period, and the values of these 16 KIs are the same; in CBR_OSUv frame in one encryption period, KI is transmitted 8 times, and the values of these 8 KIs are the same. For KIs that have been repeatedly transmitted in one encryption cycle, the receiving end can determine the values of multiple KIs in this one encryption cycle by means of majority judgment. Determining multiple KI values in one multiframe period" related descriptions will not be repeated here.

In the method of synchronous key switching shown in Table 9, after the receiving end completes the key recovery, the receiving end may only need to feed back the key switching information through the KCC channel to inform the sending end that the key can be switched synchronously. Compared with the synchronous key switching method shown in Table 8, the handshake process can be simplified.

In some possible embodiments, the above monitoring and management information may be carried in an operation administration and maintenance (OAM) information element. In other words, the sending end can use the OAM information element to send monitoring and management information to the receiving end. The sending time and cycle of OAM cells can be adjusted according to actual needs, that is to say, the sending end can adjust the sending cycle of OAM to change the length of the encryption cycle of service data, which can improve the transmission speed of small-bandwidth services, and adjust The cycle of switching keys synchronously between the sending end and the receiving end makes the encryption of business data more flexible.

Next, this application provides an example of implementing the above encrypted transmission method, specifically as follows:

FIG. 16 is a schematic diagram of an interaction between a sending end and a receiving end provided by an embodiment of the present application. Please refer to Figure 16. The sender sends an OSU frame to the receiver. When the receiver receives the OSU frame from the sender, the sender can perform the following three steps: business data processing, encryption, and overhead processing. The receiver can perform the following three steps: steps: overhead processing, decryption, and business data processing.

At the sending end, the business data processing step can be to map the business data to the payload of multiple OSU frames in one encryption cycle, so as to use the OSU frame to carry the business data; payload encryption; the overhead processing step may be writing monitoring and management information in the overhead of the OSU frame carrying service data. Correspondingly, at the receiving end, the overhead processing step can be to read the monitoring and management information from the overhead of the OSU frame carrying service data; the decryption step can be to decrypt the payload of the OSU frame carrying service data; the service data processing step can be The decrypted service data is obtained from the payload of the decrypted OSU frame. Wherein, the monitoring management information may include: the indication information of the above-mentioned encryption and decryption control information, authentication information, key switching completion information, key switching request information, and key switching confirmation information. The switching indication information, key switching completion information, key switching request information, and key switching confirmation information may be collectively referred to as key synchronization information.

It should be noted that at the sending end, the above encryption step may be performed before or after the overhead processing step, which is not limited in this application. At the receiving end, the above decryption step may be performed before the overhead processing step or after the overhead processing step, which is not limited in this application.

The process of performing service data processing, encryption, and overhead processing steps at the sending end, and the process of performing overhead processing, decryption, and service data processing at the receiving end will be described in detail below with reference to the accompanying drawings.

FIG. 17 is a schematic flow diagram of a sending end encrypting data provided by an embodiment of the present application. Referring to FIG. 17, the OTN device can be a sending end or a receiving end. When the OTN device is the sending end, the process of the sending end performing service data processing, encryption, and overhead processing steps may include the following implementation methods:

The sending end maps service data to the payloads of multiple OSU frames in one encryption cycle, and maps the multiple OSU frames to processing channels through cell bus (also called OSU bus) and channel mapping. Then, the sending end performs an information processing step, and the information processing step may include: the sending end obtains the key and the initial vector used in the current encryption cycle. In addition, the sending end performs an overhead processing step, which may include: the sending end determines the key used in the current encryption cycle, the indication information of the initial vector, the key synchronization information, etc., and converts the encryption and decryption control information indication information and Key synchronization information and the like are written into the overhead of multiple OSU frames in the above processing channel. Afterwards, the sending end encrypts the payloads of the multiple OSU frames, and the sending end can encrypt the payloads of the multiple OSU frames by using a key, an initialization vector, and an AES encryption function to obtain multiple encrypted OSU frames. The sending end further executes an authentication identification processing step, and the authentication identification processing step may include: the sending end determines the first authentication identification by using the encrypted payloads of multiple OSU frames. The sending end also performs the step of writing the authentication identifier, and writes the first authentication identifier into the overhead of multiple OSU frames. Finally, the sending end sends the multiple OSU frames to the receiving end through the cell bus and the transceiver module.

Correspondingly, when the OTN device is the receiving end, the process of the receiving end performing overhead processing, decryption and service data processing may include the following implementation methods:

The receiving end uses the transceiver module to receive multiple OSU frames from the transmitting end, and maps the multiple OSU frames to the processing channel through the cell bus and channel mapping. Then, the receiving end performs an overhead processing step, which may include: the receiving end reads key indication information, initial vector indication information, and key synchronization information from the overhead of multiple OSU frames in the processing channel. In addition, the receiving end also performs an information processing step, and the information processing step may include: the receiving end determines the key and the initial vector used in the current encryption cycle according to the indication information of the key and the indication information of the initial vector. Afterwards, the receiving end executes the authentication identification processing step, and the authentication identification processing step may include: the receiving end determines the second authentication identification by using the payload of the undecrypted OSU frame. Finally, the receiving end decrypts the payloads of the multiple OSU frames, that is, uses the key, the initial vector, and the AES encryption function to decrypt the payloads of the multiple OSU frames, and obtains multiple decrypted OSU frames, and then obtains the decrypted business data. And, the receiving end executes the authentication identification reading step, reads the first authentication identification from the overhead of multiple OSU frames, and compares whether the first authentication identification and the second authentication identification are consistent, if they are not consistent, it means that the ciphertext is being transmitted may be tampered with.

It can be understood that the detailed implementation manners of the sending end performing service data processing, encryption, and overhead processing steps, and the receiving end performing overhead processing, decryption, and service data processing can refer to the above method embodiments, and details are not repeated here.

In some possible embodiments, the cell bus may be N×128 (N is a positive integer, and N≤12, for example, N may be 1, 2, 3, 4, 6, 12, etc.). When N=12, the OTN device can process one OSU frame at a time; when N<12, one OSU frame will be divided into multiple OSU subframes, and at this time, the overhead of the OSU frame is located in multiple OSU subframes of the first OSU subframe. The processing procedure of the OTN device for these multiple OSU subframes may be: perform an overhead processing step on the overhead in the first OSU subframe, perform an encryption or decryption step on the payload in the first OSU subframe, and perform an encryption or decryption step on the payload in the second OSU subframe. The first and second subsequent OSU subframes perform encryption or decryption steps.

Based on the encrypted transmission method shown in any one of Fig. 10-Fig. 17, the sending end can encrypt multiple OSU frames within one encryption cycle and send multiple OSU frames. Wherein, when encrypting multiple OSU frames, the sending end may map the multiple encrypted OSU frames into the ODUk frame, so as to use the ODUk frame to carry the multiple encrypted OSU frames. In other words, the sender can separately encrypt part of the service data carried in the ODUk frame to improve data security. In addition, since the OSU frame can carry small-grain services, encrypting the OSU frame is equivalent to encrypting the small-grain services, thereby providing data encryption services for users of the small-grain services. In addition, it can improve the encryption of different granular services in the OTN, so that any user service can be encrypted without intervening in user services, ensuring line speed and realizing end-to-end security management. Among them, the encrypted OSU frame can be transparently transmitted in the OTN network without affecting the monitoring and management of the OTN network.

The encrypted transmission method provided by the embodiment of the present application has been described in detail above with reference to FIGS. 10-17 . The encrypted transmission device for implementing the encrypted transmission method provided by the embodiment of the present application will be described in detail below with reference to FIGS. 10-17 .

Exemplarily, FIG. 18 is a first schematic structural diagram of an encryption transmission device provided by an embodiment of the present application. As shown in FIG. 18 , an encrypted transmission device 1800 includes: a processing module 1801 and a transceiver module 1802 . For ease of description, FIG. 18 only shows the main components of the encrypted transmission device.

In some embodiments, the encrypted transmission device 1800 is applicable to the network architecture described in FIG. 1 above, and performs the function of an OTN device (that is, a sender) that sends service data in the network architecture. For example, assuming that N1 sends service data to N3 in the network architecture shown in FIG. 1 , that is, N1 is the sending end and N3 is the receiving end, then the encrypted transmission device 1800 can perform the function of N1 in the network architecture.

Wherein, the processing module 1801 is configured to encrypt multiple data in one encryption cycle one by one according to the encryption and decryption control information. The transceiver module 1802 is configured to send multiple OSU frames. Wherein, each OSU frame carries an encrypted data, and multiple OSU frames carry indication information of encryption and decryption control information.

In a possible design solution, the processing module 1801 is further configured to generate multiple cipher blocks according to the encryption and decryption control information. Wherein, the total number M of bits of multiple cipher blocks is greater than or equal to the total number N of bits of multiple data, and both M and N may be positive integers. The processing module 1801 is further configured to use the N bits in the multiple cipher blocks to encrypt multiple pieces of data bitwise.

Optionally, the processing module 1801 is further configured to use the i-th bit in the N bits to encrypt the i-th bit in the plurality of data. Wherein, i can be a positive integer, i≤N.

In a possible design solution, the transceiver module 1802 is also configured to send switching indication information to the receiving end. Wherein, the switching indication information is used to indicate the key of the next key period, and the key period may include multiple encryption periods.

Optionally, the transceiver module 1802 is also configured to send key switching request information to the receiving end. Wherein, the key switching request information is used to instruct the receiving end to feed back key switching confirmation information. The transceiver module 1802 is also configured to receive key switching confirmation information from the receiving end. Wherein, the key switching confirmation information is used to instruct the encryption transmission device described in the third aspect to send switching instruction information.

Optionally, the transceiver module 1802 is also configured to receive key switching completion information from the receiving end. Wherein, the key switching completion information is used to instruct the receiving end to complete the key switching.

In some possible embodiments, the encrypted transmission device 1800 may be applicable to the network architecture described in FIG. 1 above, and perform the function of an OTN device (that is, a receiving end) receiving service data in the network architecture. For example, assuming that N1 sends service data to N3 in the network architecture shown in FIG. 1 , that is, N1 is the sending end and N3 is the receiving end, then the encrypted transmission device 1800 can perform the function of N3 in the network architecture.

Wherein, the transceiver module 1802 is configured to receive multiple OSU frames within one encryption cycle. Wherein, each OSU frame carries an encrypted data, and multiple OSU frames carry indication information, and the indication information is used to indicate encryption and decryption control information. The processing module 1801 is configured to decrypt multiple encrypted data one by one according to the encryption and decryption control information.

In a possible design solution, the processing module 1801 is further configured to generate multiple cipher blocks according to the encryption and decryption control information. Wherein, the total number M of bits of the multiple cipher blocks is greater than or equal to the total number N of bits of the multiple encrypted data, and both M and N may be positive integers. The processing module 1801 is further configured to use the N bits in the multiple cipher blocks to decrypt multiple encrypted data bit by bit.

Optionally, the processing module 1801 is further configured to use the i-th bit in the N bits to decrypt the i-th bit in the plurality of encrypted data. Wherein, i can be a positive integer, i≤N.

In a possible design solution, the transceiver module 1802 is also configured to receive switching instruction information from the sending end. Wherein, the switching indication information is used to indicate the key of the next key period, and the key period may include multiple encryption periods.

Optionally, the transceiver module 1802 is also configured to receive key switching request information from the sender. Wherein, the key switching request information is used to instruct the encryption transmission device described in the fourth aspect to feed back key switching confirmation information. The transceiver module 1802 is further configured to send key switching confirmation information to the sending end. Wherein, the key switching confirmation information is used to instruct the sender to send switching instruction information.

Optionally, the transceiver module 1802 is also configured to send key switching completion information to the sender. Wherein, the key switching completion information is used to instruct the encryption transmission device described in the fourth aspect to complete the key switching.

Optionally, the transceiver module 1802 may include a receiving module and a sending module (not shown in FIG. 18 ). Wherein, the sending module is used to implement the sending function of the encrypted transmission device 1800 , and the receiving module is used to realize the receiving function of the encrypted transmission device 1800 .

Optionally, the encrypted transmission device 1800 may further include a storage module (not shown in FIG. 18 ), where programs or instructions are stored in the storage module. When the processing module 1801 executes the program or instruction, the encrypted transmission device 1800 can perform the function of the receiving end.

Optionally, the encrypted transmission device 1800 may further include a storage module (not shown in FIG. 18 ), where programs or instructions are stored in the storage module. When the processing module 1801 executes the program or instruction, the encrypted transmission device 1800 can perform the function of the sending end.

It should be understood that the processing module 1801 involved in the encrypted transmission device 1800 may be implemented by a processor or a processor-related circuit component, and may be a processor or a processing unit; the transceiver module 1802 may be implemented by a transceiver or a transceiver-related circuit component, and may be transceiver or transceiver unit. In addition, the above-mentioned processing module 1801 may also be called a processing unit, and the transceiver module 1802 may also be called a transceiver unit.

It should be noted that the encrypted transmission device 1800 may be an OTN device in the OTN, or a chip (system) or other components or components installed in the above-mentioned OTN device, or a device including the OTN device, which is not covered by this application. limited.

In addition, for the technical effect of the encrypted transmission device 1800, reference may be made to the technical effect of the encrypted transmission method described in the foregoing method embodiments, which will not be repeated here.

Exemplarily, FIG. 19 is a second structural schematic diagram of an encryption transmission device provided in an embodiment of the present application. The encrypted transmission device may be the above-mentioned sending end or receiving end, or may be a chip (system) or other components or components arranged at the sending end or receiving end. As shown in FIG. 19 , an encrypted transmission device 1900 may include a processor 1901 . Optionally, the encrypted transmission device 1900 may further include a memory 1902 and/or a transceiver 1903 . Wherein, the processor 1901 is coupled with the memory 1902 and the transceiver 1903, such as may be connected through a communication bus.

The components of the encrypted transmission device 1900 will be specifically introduced below in conjunction with FIG. 19 :

Wherein, the processor 1901 is the control center of the encrypted transmission device 1900, and may be one processor, or a general term for multiple processing elements. For example, the processor 1901 is one or more central processing units (central processing unit, CPU), may also be a specific integrated circuit (application specific integrated circuit, ASIC), or is configured to implement one or more An integrated circuit, for example: one or more microprocessors (digital signal processor, DSP), or, one or more field programmable gate arrays (field programmable gate array, FPGA).

Optionally, the processor 1901 may execute various functions of the encrypted transmission device 1900 by running or executing software programs stored in the memory 1902 and calling data stored in the memory 1902 .

In a specific implementation, as an embodiment, the processor 1901 may include one or more CPUs, such as CPU0 and CPU1 shown in FIG. 19 .

In a specific implementation, as an example, the encrypted transmission apparatus 1900 may also include multiple processors, for example, the processor 1901 and the processor 1904 shown in FIG. 19 . Each of these processors can be a single-core processor (single-CPU) or a multi-core processor (multi-CPU). A processor herein may refer to one or more devices, circuits, and/or processing cores for processing data (eg, computer program instructions).

Wherein, the memory 1902 is used to store the software program for executing the solution of the present application, and the execution is controlled by the processor 1901 . The specific implementation may refer to the above-mentioned method embodiment, which will not be repeated here.

Optionally, the memory 1902 may be a read-only memory (read-only memory, ROM) or other types of static storage devices that can store static information and instructions, or a random access memory (random access memory, RAM) that can store information and Other types of dynamic storage devices for instructions can also be electrically erasable programmable read-only memory (EEPROM), compact disc read-only memory (CD-ROM) or other optical discs storage, optical disc storage (including compact discs, laser discs, optical discs, digital versatile discs, Blu-ray discs, etc.), magnetic disk storage media, or other magnetic storage devices, or capable of carrying or storing desired program code in the form of instructions or data structures and any other medium that can be accessed by a computer, but is not limited to. The memory 1902 can be integrated with the processor 1901 or exist independently, and is coupled with the processor 1901 through an interface circuit (not shown in FIG. 19 ) of the encrypted transmission device 1900 , which is not specifically limited in this embodiment of the present application.

The transceiver 1903 is used for communication with other encrypted transmission devices. For example, the encrypted transmission device 1900 is a client, and the transceiver 1903 can be used to communicate with the server.

Optionally, the transceiver 1903 may include a receiver and a transmitter (not separately shown in FIG. 19 ). Wherein, the receiver is used to realize the receiving function, and the transmitter is used to realize the sending function.

Optionally, the transceiver 1903 may be integrated with the processor 1901, or may exist independently, and be coupled with the processor 1901 through an interface circuit (not shown in FIG. 19 ) of the encryption transmission device 1900. This embodiment of the present application Not specifically limited.

It should be noted that the structure of the encrypted transmission device 1900 shown in FIG. components, or different component arrangements.

In addition, for the technical effect of the encrypted transmission device 1900, reference may be made to the technical effect of the encrypted transmission method described in the foregoing method embodiments, which will not be repeated here.

This embodiment also provides an encrypted transmission system. The encrypted transmission system includes a sending end and a receiving end. Wherein, the sending end may be used to execute S1001 and S1002 in the above encrypted transmission method embodiment, and the receiving end may be used to execute S1002 and S1003 in the above encrypted transmission method embodiment.

In the description of the present application, unless otherwise specified, "at least one" means one or more, and "plurality" means two or more than two. In addition, in order to clearly describe the technical solutions of the embodiments of the present application, in the embodiments of the present application, words such as "first" and "second" are used to distinguish the same or similar items with basically the same function and effect. Those skilled in the art can understand that words such as "first" and "second" do not limit the number and execution order, and words such as "first" and "second" do not necessarily limit the difference.

In addition, in the embodiments of the present application, words such as "exemplarily" and "for example" are used as examples, illustrations or descriptions. Any embodiment or design described herein as "example" is not to be construed as preferred or advantageous over other embodiments or designs. Rather, the use of the word example is intended to present concepts in a concrete manner.

In the embodiment of the present application, sometimes a subscript such as W ₁ may be a clerical error into a non-subscript form such as W1. When the difference is not emphasized, the meanings they intend to express are consistent.

It should be understood that the processor in the embodiment of the present application may be a central processing unit (central processing unit, CPU), and the processor may also be other general-purpose processors, digital signal processors (digital signal processor, DSP), dedicated integrated Circuit (application specific integrated circuit, ASIC), off-the-shelf programmable gate array (field programmable gate array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc. A general-purpose processor may be a microprocessor, or the processor may be any conventional processor, or the like.

It should also be understood that the memory in the embodiments of the present application may be a volatile memory or a nonvolatile memory, or may include both volatile and nonvolatile memories. Among them, the non-volatile memory can be read-only memory (read-only memory, ROM), programmable read-only memory (programmable ROM, PROM), erasable programmable read-only memory (erasable PROM, EPROM), electronically programmable Erases programmable read-only memory (electrically EPROM, EEPROM) or flash memory. Volatile memory can be random access memory (RAM), which acts as external cache memory. By way of illustration and not limitation, many forms of random access memory (RAM) are available, such as static random access memory (static RAM, SRAM), dynamic random access memory (DRAM), synchronous dynamic random access memory Access memory (synchronous DRAM, SDRAM), double data rate synchronous dynamic random access memory (double data rate SDRAM, DDR SDRAM), enhanced synchronous dynamic random access memory (enhanced SDRAM, ESDRAM), synchronous connection dynamic random access memory Access memory (synchlink DRAM, SLDRAM) and direct memory bus random access memory (direct rambus RAM, DR RAM).

The above-mentioned embodiments may be implemented in whole or in part by software, hardware (such as circuits), firmware, or other arbitrary combinations. When implemented using software, the above-described embodiments may be implemented in whole or in part in the form of computer program products. The computer program product comprises one or more computer instructions or computer programs. When the computer instruction or computer program is loaded or executed on the computer, the processes or functions according to the embodiments of the present application will be generated in whole or in part. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable devices. The computer instructions may be stored in or transmitted from one computer-readable storage medium to another computer-readable storage medium, for example, the computer instructions may be transmitted from a website, computer, server or data center Transmission to another website site, computer, server or data center by wired (such as infrared, wireless, microwave, etc.). The computer-readable storage medium may be any available medium that can be accessed by a computer, or a data storage device such as a server or a data center that includes one or more sets of available media. The available media may be magnetic media (eg, floppy disk, hard disk, magnetic tape), optical media (eg, DVD), or semiconductor media. The semiconductor medium may be a solid state drive.

It should be understood that the term "and/or" in this article is only an association relationship describing associated objects, which means that there may be three relationships, for example, A and/or B may mean: A exists alone, and A and B exist at the same time , there are three cases of B alone, where A and B can be singular or plural. In addition, the character "/" in this article generally indicates that the related objects are an "or" relationship, but it may also indicate an "and/or" relationship, which can be understood by referring to the context.

In this application, "at least one" means one or more, and "multiple" means two or more. "At least one of the following" or similar expressions refer to any combination of these items, including any combination of single or plural items. For example, at least one item (piece) of a, b, or c can represent: a, b, c, a-b, a-c, b-c, or a-b-c, where a, b, c can be single or multiple .

It should be understood that, in various embodiments of the present application, the sequence numbers of the above-mentioned processes do not mean the order of execution, and the execution order of the processes should be determined by their functions and internal logic, and should not be used in the embodiments of the present application. The implementation process constitutes any limitation.

Those skilled in the art can appreciate that the units and algorithm steps of the examples described in conjunction with the embodiments disclosed herein can be implemented by electronic hardware, or a combination of computer software and electronic hardware. Whether these functions are executed by hardware or software depends on the specific application and design constraints of the technical solution. Skilled artisans may use different methods to implement the described functions for each specific application, but such implementation should not be regarded as exceeding the scope of the present application.

Those skilled in the art can clearly understand that for the convenience and brevity of description, the specific working process of the system, device and unit described above can refer to the corresponding process in the foregoing method embodiment, and will not be repeated here.

In the several embodiments provided in this application, it should be understood that the disclosed systems, devices and methods may be implemented in other ways. For example, the device embodiments described above are only illustrative. For example, the division of the units is only a logical function division. In actual implementation, there may be other division methods. For example, multiple units or components can be combined or May be integrated into another system, or some features may be ignored, or not implemented. In another point, the mutual coupling or direct coupling or communication connection shown or discussed may be through some interfaces, and the indirect coupling or communication connection of devices or units may be in electrical, mechanical or other forms.

The units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, they may be located in one place, or may be distributed to multiple network units. Part or all of the units can be selected according to actual needs to achieve the purpose of the solution of this embodiment.

In addition, each functional unit in each embodiment of the present application may be integrated into one processing unit, each unit may exist separately physically, or two or more units may be integrated into one unit.

If the functions described above are realized in the form of software function units and sold or used as independent products, they can be stored in a computer-readable storage medium. Based on this understanding, the technical solution of the present application is essentially or the part that contributes to the prior art or the part of the technical solution can be embodied in the form of a software product, and the computer software product is stored in a storage medium, including Several instructions are used to make a computer device (which may be a personal computer, a server, or a network device, etc.) execute all or part of the steps of the methods described in the various embodiments of the present application. The aforementioned storage medium includes: U disk, mobile hard disk, read-only memory (read-only memory, ROM), random access memory (random access memory, RAM), magnetic disk or optical disc and other media that can store program codes. .

The above is only a specific implementation of the application, but the scope of protection of the application is not limited thereto. Anyone familiar with the technical field can easily think of changes or substitutions within the technical scope disclosed in the application. Should be covered within the protection scope of this application. Therefore, the protection scope of the present application should be determined by the protection scope of the claims.

Claims

An encrypted transmission method, characterized in that, comprising:

Encrypt multiple data in one encryption period one by one according to the encryption and decryption control information;

Send multiple optical service unit OSU frames, each OSU frame carries an encrypted data, and the multiple OSU frames carry indication information of the encryption and decryption control information.
The method according to claim 1, wherein said encrypting a plurality of data in one encryption cycle one by one according to the encryption and decryption control information comprises:

Generate multiple cipher blocks according to the encryption and decryption control information; the total number M of bits of the multiple cipher blocks is greater than or equal to the total number N of bits of the multiple data, and M and N are both positive integers;

Bitwise encrypting the plurality of data by using N bits in the plurality of cipher blocks.
The method according to claim 2, wherein said using N bits in said plurality of cipher blocks to encrypt said plurality of data bit by bit comprises:

Encrypting the i-th bit in the plurality of data by using the i-th bit in the N bits, i is a positive integer, i≤N.
The method according to any one of claims 1-3, further comprising:

Send switching indication information to the receiving end, where the switching indication information is used to indicate the key of the next key period, and the key period includes multiple encryption periods.
The method according to claim 4, wherein, before sending the switching instruction information to the receiving end, the method further comprises:

Sending key switching request information to the receiving end, where the key switching request information is used to instruct the receiving end to feed back key switching confirmation information;

receiving the key switching confirmation information from the receiving end, where the key switching confirmation information is used to instruct the sending end to send the switching instruction information.
The method according to claim 4 or 5, characterized in that, after sending the handover indication information to the receiving end, the method further comprises:

receiving key switching completion information from the receiving end, where the key switching completion information is used to instruct the receiving end to complete key switching.
The method according to claim 6, wherein the plurality of OSU frames carry authentication information, and the authentication information is determined by encryption and decryption control information and a plurality of encrypted data.
An encrypted transmission method, characterized in that, comprising:

receiving a plurality of OSU frames within an encryption period, each OSU frame carries an encrypted data, and the plurality of OSU frames carry indication information, and the indication information is used to indicate encryption and decryption control information;

According to the encryption and decryption control information, multiple encrypted data are decrypted one by one.
The method according to claim 8, wherein said decrypting a plurality of encrypted data one by one according to said encryption and decryption control information comprises:

Generate multiple cipher blocks according to the encryption and decryption control information; the total number M of bits of the multiple cipher blocks is greater than or equal to the total number N of bits of the multiple encrypted data, and M and N are both positive integers;

Using the N bits in the plurality of cipher blocks to decrypt the plurality of encrypted data bit by bit.
The method according to claim 9, wherein said use of N bits in said plurality of cipher blocks to decrypt said plurality of encrypted data bitwise comprises:

Using the i-th bit of the N bits to decrypt the i-th bit in the plurality of encrypted data, i is a positive integer, i≤N.
The method according to any one of claims 8-10, further comprising:

Receive switching indication information from the sending end, where the switching indication information is used to indicate the key of the next key period, and the key period includes multiple encryption periods.
The method according to claim 11, wherein, before receiving the handover indication information from the sending end, the method further comprises:

receiving key switching request information from the sending end, where the key switching request information is used to instruct the receiving end to feed back key switching confirmation information;

sending the key switching confirmation information to the sending end, where the key switching confirmation information is used to instruct the sending end to send the switching instruction information.
The method according to claim 11 or 12, wherein after receiving the handover indication information from the sending end, the method further comprises:

Send key switching completion information to the sending end, where the key switching completion information is used to instruct the receiving end to complete the key switching.
The method according to any one of claims 8-13, wherein the plurality of OSU frames carry authentication information; wherein the authentication information is determined by encryption and decryption control information and a plurality of encrypted data.
An encrypted transmission device, characterized in that it includes: a processing module and a transceiver module; wherein,

The processing module is used to encrypt multiple data in one encryption cycle one by one according to the encryption and decryption control information;

The transceiver module is configured to send multiple OSU frames, each OSU frame carries an encrypted data, and the multiple OSU frames carry indication information of the encryption and decryption control information.
The device according to claim 15, wherein the processing module is further configured to generate multiple cipher blocks according to the encryption and decryption control information; the total number M of bits of the multiple cipher blocks is greater than or equal to the multiple The total number of bits of data N, M, and N are all positive integers;

The processing module is further configured to use the N bits in the plurality of cipher blocks to encrypt the plurality of data bit by bit.
The device according to claim 16, wherein the processing module is further configured to use the i-th bit of the N bits to encrypt the i-th bit in the plurality of data, where i is a positive integer , i≤N.
The device according to any one of claims 15-17, wherein the transceiver module is further configured to send switching instruction information to the receiving end, and the switching instruction information is used to indicate the encryption key of the next key period. key, the key period includes a plurality of encryption periods.
The device according to claim 18, wherein the transceiver module is further configured to send key switching request information to the receiving end, and the key switching request information is used to instruct the receiving end to feed back the key Toggle confirmation information;

The transceiving module is further configured to receive the key switching confirmation information from the receiving end, and the key switching confirmation information is used to instruct the device to send the switching instruction information.
The device according to claim 18 or 19, wherein the transceiver module is further configured to receive key switching completion information from the receiving end, and the key switching completion information is used to indicate that the receiving end has completed Key switching.
An encrypted transmission device, characterized in that it includes: a processing module and a transceiver module; wherein,

The transceiver module is configured to receive a plurality of OSU frames within an encryption period, each OSU frame carries an encrypted data, and the plurality of OSU frames carry indication information, and the indication information is used to indicate encryption and decryption control information;

The processing module is configured to decrypt a plurality of encrypted data one by one according to the encryption and decryption control information.
The device according to claim 21, wherein the processing module is further configured to generate multiple cipher blocks according to the encryption and decryption control information; the total number M of bits of the multiple cipher blocks is greater than or equal to the multiple The total number of bits of encrypted data N, M, and N are all positive integers;

The processing module is further configured to use the N bits in the plurality of cipher blocks to decrypt the plurality of encrypted data bit by bit.
The device according to claim 22, wherein the processing module is further configured to use the i-th bit in the N bits to decrypt the i-th bit in the plurality of encrypted data, i It is a positive integer, i≤N.
The device according to any one of claims 21-23, wherein the transceiving module is further configured to receive switching indication information from the sending end, the switching indication information is used to indicate the encryption key of the next key period. key, the key period includes a plurality of encryption periods.
The device according to claim 24, wherein the transceiver module is further configured to receive key switching request information from the sending end, and the key switching request information is used to instruct the device to feed back key switching confirmation information;

The transceiver module is further configured to send the key switching confirmation information to the sending end, and the key switching confirmation information is used to instruct the sending end to send the switching instruction information.
The device according to claim 24 or 25, wherein the transceiver module is further configured to send key switching completion information to the sending end, and the key switching completion information is used to instruct the device to complete encryption. key switch.
An encrypted transmission device, characterized in that it includes: a processor coupled to a memory;

The processor is configured to execute the computer program stored in the memory, so that the encrypted transmission device executes the encrypted transmission method according to any one of claims 1-14.
A computer-readable storage medium, characterized in that the computer-readable storage medium includes a computer program or instruction, and when the computer program or instruction is run on a computer, the computer executes the computer program described in claims 1-14. The encryption transmission method described in any one.
A computer program product, characterized in that the computer program product comprises: a computer program or an instruction, when the computer program or instruction is run on a computer, the computer executes any one of claims 1-14 The encrypted transmission method described above.