CN108632044A - A kind of information interaction system based on Self-certified code - Google Patents
A kind of information interaction system based on Self-certified code Download PDFInfo
- Publication number
- CN108632044A CN108632044A CN201810394001.7A CN201810394001A CN108632044A CN 108632044 A CN108632044 A CN 108632044A CN 201810394001 A CN201810394001 A CN 201810394001A CN 108632044 A CN108632044 A CN 108632044A
- Authority
- CN
- China
- Prior art keywords
- signal
- message
- self
- certified code
- codec equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3242—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3297—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present invention discloses a kind of information interaction system based on Self-certified code, is related to digital communication technology field;Terminal is responded including signalling terminals, signal codec equipment, signal, side is sent in signal, message is sent in signal codec equipment by signalling terminals, signal codec equipment uses Self-certified code and is added to message information with timestamp and the nonce scheme being combined, and ensures message information integrality;Message to signal receives side after sending encapsulation, the message signals received are carried out timestamp verification by the signal codec equipment that signal receives side, nonce Verifications are carried out again, compare using the calculating of Self-certified code, qualified message is forwarded to signal according to forwarding principle and responds terminal, signal codec equipment realizes message signals certification identification, prevents Replay Attack, and the dedicated purpose of public network is realized under the premise of ensure that communication message safety.
Description
Technical field
The present invention discloses a kind of information interaction system based on Self-certified code, is related to digital communication technology field.
Background technology
Current numerous enterprises use VPN technologies solution more, reach public network to reduce the input in network deployment
Dedicated purpose, VPN technologies both ensure that communicating pair established the designated lane of a safety in public network, and in turn ensured data
Safe transmission, although encrypted transmission is presented in data, inevitably can be by some attacks, for example transmission data be tampered, and pass
Transmission of data is played out attack etc., and the present invention provides a kind of information interaction system based on Self-certified code, when establishing the channels VPN,
It is authenticated identification and filtering, the dedicated purpose of public network is realized under the premise of ensure that communication message safety.
VPN, that is, Virtual Private Network is to establish an interim, secure attachment by a common network, is one and wears
Cross the safe and stable tunnel of chaotic common network.In general, VPN is the extension to intranet, can be helped by it
It helps remote user, corporate branch office, business parnter and supplier to establish believable secure connection with the intranet of company, and protects
Demonstrate,prove the safe transmission of data.
Invention content
The present invention is directed to problem of the prior art, provides a kind of information interaction system based on Self-certified code, has general
Property strong, the features such as being easy to implement, have broad application prospects.
Concrete scheme proposed by the present invention is:
A kind of information interaction system based on Self-certified code:
Terminal is responded including signalling terminals, signal codec equipment, signal,
Side is sent in signal, message is sent in signal codec equipment by signalling terminals,
Signal codec equipment adds timestamp to message fixed field, according to message content and cipher key calculation Self-certified
Code obtains nonce parameters according to Self-certified code field and timestamp fields and is added to message progress message encapsulation,
Message to signal receives side after sending encapsulation, and the signal codec equipment that signal receives side believes the message received
Number timestamp verification is carried out, then carries out nonce Verifications, compare using the calculating of Self-certified code, by qualified message
It is forwarded to signal according to forwarding principle and responds terminal.
Side is sent in signal in the system, signal codec equipment utilizes Hash meter according to message content and key
Calculation obtains the Self-certified code Hmac of signal sending end.
Side is received in signal in the system, the message received is re-started Hash calculation by signal codec equipment
The Self-certified code Hmac of signal receiving end is obtained, is compared with the Self-certified code Hmac of signal sending end, if equal, basis
Forwarding principle is forwarded to signal response terminal, if differing, abandons the message or output to abnormal.
It refers to being forwarded to signal according to the IP address of network layer or the port numbers of transport layer that principle is forwarded in the system
Coding/decoding apparatus output port.
Side is sent in signal in the system, signal codec equipment is according to Self-certified code field and timestamp
Field Hash calculation obtains nonce parameters, and timestamp and nonce parameters are added to the field after message Self-certified code.
The message signals received are carried out timestamp by the signal codec equipment of signal reception side in the system
Verification, by the packet loss of overtime certain time, then carries out nonce Verifications, by occur again and signal receiving end
The consistent packet loss of nonce parameter sets.
A kind of information interacting method based on Self-certified code, using the system,
Side is sent in signal, message is sent in signal codec equipment by signalling terminals,
Signal codec equipment adds timestamp to message fixed field, according to message content and cipher key calculation Self-certified
Code obtains nonce parameters according to Self-certified code field and timestamp fields and is added to message progress message encapsulation,
Message to signal receives side after sending encapsulation, and the signal codec equipment that signal receives side believes the message received
Number timestamp verification is carried out, then carries out nonce Verifications, compare using the calculating of Self-certified code, by qualified message
It is forwarded to signal according to forwarding principle and responds terminal.
Side is sent in signal in the method, signal codec equipment utilizes Hash meter according to message content and key
Calculation obtains the Self-certified code Hmac of signal sending end,
Side is received in signal, the message received is re-started Hash calculation and obtains signal receiving end by signal codec equipment
Self-certified code Hmac is compared with the Self-certified code Hmac of signal sending end, if equal, letter is forwarded to according to forwarding principle
Number response terminal abandons the message or output to abnormal if differing.
Side is sent in signal in the method, signal codec equipment is according to Self-certified code field and timestamp
Field Hash calculation obtains nonce parameters, and timestamp and nonce parameters are added to the field after message Self-certified code.
The message signals received are carried out timestamp by the signal codec equipment of signal reception side in the method
Verification, by the packet loss of overtime certain time, then carries out nonce Verifications, by occur again and signal receiving end
The consistent packet loss of nonce parameter sets.
Usefulness of the present invention is:
The present invention provides a kind of information interaction system based on Self-certified code, including signalling terminals, signal codec equipment,
Signal responds terminal, sends side in signal, message is sent in signal codec equipment by signalling terminals, and signal is compiled
Decoding device uses Self-certified code and is added to message information with timestamp and the nonce scheme being combined, and ensures message letter
Cease integrality;
Message to signal receives side after sending encapsulation, and the signal codec equipment that signal receives side believes the message received
Number timestamp verification is carried out, then carries out nonce Verifications, compare using the calculating of Self-certified code, by qualified message
It is forwarded to signal according to forwarding principle and responds terminal, signal codec equipment realizes message signals certification identification, prevents from resetting and attack
It hits, the dedicated purpose of public network is realized under the premise of ensure that communication message safety.
Description of the drawings
Fig. 1 is present system topology schematic diagram;
Fig. 2 the method for the present invention flow diagrams.
Specific implementation mode
The present invention provides a kind of information interaction system based on Self-certified code:
Terminal is responded including signalling terminals, signal codec equipment, signal,
Side is sent in signal, message is sent in signal codec equipment by signalling terminals,
Signal codec equipment adds timestamp to message fixed field, according to message content and cipher key calculation Self-certified
Code obtains nonce parameters according to Self-certified code field and timestamp fields and is added to message progress message encapsulation,
Message to signal receives side after sending encapsulation, and the signal codec equipment that signal receives side believes the message received
Number timestamp verification is carried out, then carries out nonce Verifications, compare using the calculating of Self-certified code, by qualified message
It is forwarded to signal according to forwarding principle and responds terminal.
A kind of information interacting method based on Self-certified code corresponding with above system is provided simultaneously, is using described
System,
Side is sent in signal, message is sent in signal codec equipment by signalling terminals,
Signal codec equipment adds timestamp to message fixed field, according to message content and cipher key calculation Self-certified
Code obtains nonce parameters according to Self-certified code field and timestamp fields and is added to message progress message encapsulation,
Message to signal receives side after sending encapsulation, and the signal codec equipment that signal receives side believes the message received
Number timestamp verification is carried out, then carries out nonce Verifications, compare using the calculating of Self-certified code, by qualified message
It is forwarded to signal according to forwarding principle and responds terminal.
In conjunction with attached drawing and with implementation, the present invention will be further described.
Using system and method for the present invention, wherein present system includes signalling terminals, signal codec equipment, letter
Number response terminal, certain signalling terminals, signal codec equipment, signal response terminal between presence signal transmission line,
Signal transmission line refers to two-shipper and interacts the Internet transmission link continued to use, this specific implementation interactive information is assisted using Ethernet
View, and signalling terminals can also be used as signal response terminal;Signal response terminal can also be used as signalling terminals;
Side is sent in signal, message is sent in signal codec equipment by signalling terminals,
The Self-certified code Hmac1 of signal sending end, root are calculated according to message content and keyed hash for signal codec equipment
Nonce parameters are obtained according to Hash calculation, and timestamp and nonce parameters are added to the field after message Self-certified code simultaneously
Message encapsulation is carried out,
Message to signal receives side after sending encapsulation, and the signal codec equipment that signal receives side believes the message received
Number timestamp verification is carried out, signal codec equipment abandons 60 seconds message signals of time-out, and empties within every 60 seconds a nonce ginseng
Manifold is closed, then carries out nonce Verifications, and the message consistent with signal receiving end nonce parameter sets occurred again is lost
It abandons, compares using the calculating of Self-certified code, the message received is re-started Hash calculation and obtains signal by signal codec equipment
The Self-certified code Hmac2 of receiving terminal is compared with the Self-certified code Hmac1 of signal sending end, if Hmac1 is equal with Hmac2,
Then signal codec equipment output end mouth is forwarded to according to the port numbers of the IP address of Home Network network layers or transport layer be forwarded to letter again
Number response terminal abandons the message or output to abnormal if Hmac1 and Hmac2 are differed,
Qualified message is forwarded to signal according to forwarding principle and responds terminal.
Claims (10)
1. a kind of information interaction system based on Self-certified code, it is characterized in that
Terminal is responded including signalling terminals, signal codec equipment, signal,
Side is sent in signal, message is sent in signal codec equipment by signalling terminals,
Signal codec equipment adds timestamp to message fixed field, according to message content and cipher key calculation Self-certified
Code obtains nonce parameters according to Self-certified code field and timestamp fields and is added to message progress message encapsulation,
Message to signal receives side after sending encapsulation, and the signal codec equipment that signal receives side believes the message received
Number timestamp verification is carried out, then carries out nonce Verifications, compare using the calculating of Self-certified code, by qualified message
It is forwarded to signal according to forwarding principle and responds terminal.
2. system according to claim 1, it is characterized in that sending side in signal, signal codec equipment is according in message
Hold and key obtains the Self-certified code Hmac of signal sending end using Hash calculation.
3. system according to claim 2, it is characterized in that receiving side, the report that signal codec equipment will receive in signal
Text re-starts Hash calculation and obtains the Self-certified code Hmac of signal receiving end, is carried out with the Self-certified code Hmac of signal sending end
Compare, if equal, signal is forwarded to according to forwarding principle and responds terminal, if differing, abandons the message or output to exception
Port.
4. according to any systems of claim 1-3, it is characterized in that forwarding principle refer to according to the IP address of network layer or
The port numbers of transport layer are forwarded to signal codec equipment output end mouth.
5. system according to claim 4, it is characterized in that sending side in signal, signal codec equipment is according to Self-certified
Code field and timestamp field Hash calculations obtain nonce parameters, and timestamp and nonce parameters are added to message
Field after Self-certified code.
6. system according to claim 5, will be received it is characterized in that signal receives the signal codec equipment of side
Message signals carry out timestamp verification, by the packet loss of overtime certain time, then carry out nonce Verifications, will go out again
The existing packet loss consistent with signal receiving end nonce parameter sets.
7. a kind of information interacting method based on Self-certified code, it is characterized in that using claim 1-6 any one of them systems,
Side is sent in signal, message is sent in signal codec equipment by signalling terminals,
Signal codec equipment adds timestamp to message fixed field, according to message content and cipher key calculation Self-certified
Code obtains nonce parameters according to Self-certified code field and timestamp fields and is added to message progress message encapsulation,
Message to signal receives side after sending encapsulation, and the signal codec equipment that signal receives side believes the message received
Number timestamp verification is carried out, then carries out nonce Verifications, compare using the calculating of Self-certified code, by qualified message
It is forwarded to signal according to forwarding principle and responds terminal.
8. according to the method described in claim 7, it is characterized in that sending side in signal, signal codec equipment is according in message
Hold and key obtain the Self-certified code Hmac of signal sending end using Hash calculation,
Side is received in signal, the message received is re-started Hash calculation and obtains signal receiving end by signal codec equipment
Self-certified code Hmac is compared with the Self-certified code Hmac of signal sending end, if equal, letter is forwarded to according to forwarding principle
Number response terminal abandons the message or output to abnormal if differing.
9. according to the method described in claim 7, it is characterized in that sending side in signal, signal codec equipment is according to Self-certified
Code field and timestamp field Hash calculations obtain nonce parameters, and timestamp and nonce parameters are added to message
Field after Self-certified code.
10. according to any methods of claim 7-9, it is characterized in that the signal codec equipment that signal receives side will connect
The message signals received carry out timestamp verification, by the packet loss of overtime certain time, then carry out nonce Verifications, will
The packet loss consistent with signal receiving end nonce parameter sets occurred again.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810394001.7A CN108632044A (en) | 2018-04-27 | 2018-04-27 | A kind of information interaction system based on Self-certified code |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810394001.7A CN108632044A (en) | 2018-04-27 | 2018-04-27 | A kind of information interaction system based on Self-certified code |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN108632044A true CN108632044A (en) | 2018-10-09 |
Family
ID=63694837
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810394001.7A Pending CN108632044A (en) | 2018-04-27 | 2018-04-27 | A kind of information interaction system based on Self-certified code |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108632044A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110098939A (en) * | 2019-05-07 | 2019-08-06 | 浙江中控技术股份有限公司 | Message authentication method and device |
| CN110719259A (en) * | 2019-09-12 | 2020-01-21 | 视联动力信息技术股份有限公司 | Data processing method and video networking system |
| CN111147479A (en) * | 2019-12-25 | 2020-05-12 | 西安云维智联科技有限公司 | Data encryption transmission initialization, sending and receiving device and system of TRDP protocol |
| CN111654451A (en) * | 2020-05-13 | 2020-09-11 | 南京南瑞继保电气有限公司 | Message anti-replay method and electronic equipment |
| CN113055361A (en) * | 2021-02-26 | 2021-06-29 | 华为技术有限公司 | Secure communication method, device and system for DC interconnection |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2012040377A1 (en) * | 2010-09-21 | 2012-03-29 | Visa International Service Association | Device enrollment system and method |
| CN106559217A (en) * | 2015-09-29 | 2017-04-05 | 腾讯科技(深圳)有限公司 | A kind of dynamic encrypting method, terminal, server |
| CN106921644A (en) * | 2016-06-23 | 2017-07-04 | 阿里巴巴集团控股有限公司 | The verification method and device of client data file |
| CN107835193A (en) * | 2017-11-30 | 2018-03-23 | 郑州云海信息技术有限公司 | A kind of safety communication system and method based on signature mechanism |
-
2018
- 2018-04-27 CN CN201810394001.7A patent/CN108632044A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2012040377A1 (en) * | 2010-09-21 | 2012-03-29 | Visa International Service Association | Device enrollment system and method |
| CN106559217A (en) * | 2015-09-29 | 2017-04-05 | 腾讯科技(深圳)有限公司 | A kind of dynamic encrypting method, terminal, server |
| CN106921644A (en) * | 2016-06-23 | 2017-07-04 | 阿里巴巴集团控股有限公司 | The verification method and device of client data file |
| CN107835193A (en) * | 2017-11-30 | 2018-03-23 | 郑州云海信息技术有限公司 | A kind of safety communication system and method based on signature mechanism |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110098939A (en) * | 2019-05-07 | 2019-08-06 | 浙江中控技术股份有限公司 | Message authentication method and device |
| CN110098939B (en) * | 2019-05-07 | 2022-02-22 | 浙江中控技术股份有限公司 | Message authentication method and device |
| CN110719259A (en) * | 2019-09-12 | 2020-01-21 | 视联动力信息技术股份有限公司 | Data processing method and video networking system |
| CN111147479A (en) * | 2019-12-25 | 2020-05-12 | 西安云维智联科技有限公司 | Data encryption transmission initialization, sending and receiving device and system of TRDP protocol |
| CN111147479B (en) * | 2019-12-25 | 2022-03-11 | 西安云维智联科技有限公司 | Data encryption transmission system of TRDP protocol |
| CN111654451A (en) * | 2020-05-13 | 2020-09-11 | 南京南瑞继保电气有限公司 | Message anti-replay method and electronic equipment |
| CN113055361A (en) * | 2021-02-26 | 2021-06-29 | 华为技术有限公司 | Secure communication method, device and system for DC interconnection |
| WO2022179304A1 (en) * | 2021-02-26 | 2022-09-01 | 华为技术有限公司 | Secure communication method, apparatus, and system for dc interconnection |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108632044A (en) | A kind of information interaction system based on Self-certified code | |
| CN103748908B (en) | The lawful interception based on policybased routing in the communication system using End to End Encryption | |
| CN102014122B (en) | IP Camera service system of point-to-point protocol based on two-way safety authentication | |
| CN103475655B (en) | A kind of method realizing IPSecVPN main/slave link switching at runtime | |
| CN106936788B (en) | A kind of cryptographic key distribution method suitable for VOIP voice encryption | |
| CN107248994A (en) | A kind of method for sending information, processing method and processing device | |
| CN102045210B (en) | End-to-end session key consultation method and system for supporting lawful interception | |
| CN104811427B (en) | A kind of safe industrial control system communication means | |
| CN105307108A (en) | Internet of things information interactive communication method and system | |
| CN104486077A (en) | End-to-end secret key negotiation method for VoIP (Voice Over Internet Protocol) real-time data safety transmission | |
| CN106375261B (en) | Cross-network data transmission method and system | |
| CN108966174A (en) | A kind of communication encryption method of unmanned plane and earth station | |
| CN103259768A (en) | Method, system and device of message authentication | |
| CN104753937A (en) | SIP (System In Package)-based security certificate registering method | |
| CN107888613A (en) | A kind of management system framework based on cloud platform | |
| CN102984175A (en) | Front-end monitoring equipment without IP and agent device | |
| CN103220279A (en) | Safe data transmission method and system | |
| CN103685181A (en) | Key negotiation method based on SRTP | |
| CN111698245A (en) | VxLAN security gateway and two-layer security network construction method based on state cryptographic algorithm | |
| CN101841413A (en) | Creation method of end-to-end secure link and system | |
| CN103905448A (en) | Video camera equipment entity authentication method for urban security and protection | |
| CN113676391A (en) | Data transmission method, device, communication node and storage medium | |
| CN106571937A (en) | Router, mobile terminal and alarm information sending and reception method | |
| CN100428748C (en) | Dual-status-based multi-party communication method | |
| CN104320634A (en) | Method for rapidly transmitting electric transmission line remote intelligent line patrolling data |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20181009 |
|
| RJ01 | Rejection of invention patent application after publication |