Secure transmission using an ordinarily insecure network communication protocol such as SNMP

摘要

An encryption service in a manager encrypts network management information with a secret key that can be recognized by an agent to which the message is directed. The encryption service invokes an SNMP message transmission service in the manager to form a secure SNMP message having an apparent Object ID (OID) that identifies a decryption service in the agent and having an apparent Value that includes the encryption result. The SNMP message transmission service invokes a communication protocol service in the manager to send the secure SNMP message to the agent. A communication protocol service in the agent receives the secure SNMP message, and passes the received message to an SNMP message reception service in the agent. The SNMP message reception service checks whether or not a Community Name visible in the secure SNMP message is appropriate for access to the agent, and if so, searches a Management Information Base (MIB) in the agent for a sub-agent corresponding to the apparent OID, and if such a sub-agent is found, dispatches the apparent Value of the apparent OID to the sub-agent. The sub-agent decrypts the encryption result in the apparent Value, and rejects the message if the sub-agent is unable to recognize a secret key authorized for access to the agent.