CN101471772A - Communication method, device and system - Google Patents
Communication method, device and system Download PDFInfo
- Publication number
- CN101471772A CN101471772A CNA2007103017748A CN200710301774A CN101471772A CN 101471772 A CN101471772 A CN 101471772A CN A2007103017748 A CNA2007103017748 A CN A2007103017748A CN 200710301774 A CN200710301774 A CN 200710301774A CN 101471772 A CN101471772 A CN 101471772A
- Authority
- CN
- China
- Prior art keywords
- node
- data message
- identity parameter
- destination node
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The embodiment of the invention discloses a communication method, which comprises the steps as follows: data information is received, wherein, the data information is the information that is encrypted by utilizing a public key of a destination node; whether an identity parameter of the destination node carried by the data information is identical with the identity parameter of a present node; and the data information is decrypted by utilizing a private key of the present node if the identity parameter of the destination node is identical with the identity parameter of the present node. By the embodiment of the invention, the sent data information is encrypted by utilizing the public key of the destination node, and the received data information is decrypted by utilizing the private key of the destination node after the destination node receives the encrypted data information, thereby ensuring the anonymity of both communication sides on a transferring node, and protecting the transmission security of the data information.
Description
Technical field
The present invention relates to network communications technology field, especially relate to a kind of communication means, device and system.
Background technology
P2P SIP (Peer to Peer Session Initiation Protocol, the peering session initializtion protocol) is a cover and SIP (Session Initiation Protocol, conversation initialized protocol) relevant agreement, this agreement uses the P2P technology to resolve the target of SIP request, the sip message transmission is provided, and other SIP is provided relevant service.As shown in Figure 1, be the flow chart that node A in P2P SIP system communicates by letter with node C, wherein the data of A transmission are as follows:
P2PSIP calls out (invite):
INVITE?sip:alice@p2psip.org?SIP/2.0
To:<sip:alice@p2psip.org>
From:<sip:bob@p2psip.org>
Contact:<sip:bob@10.0.0.10>
DHT-PeerID:<sip:10@10.0.0.10;user=peer>;algorithm=sha1;overlay=chat;expires=800
Supported:dht
From the header field of this calling, transit node can find out obviously whom conversation by whose initiation (from header field) communicated by letter (to header field) with, and promptly intermediate node can be known communicating pair, and peer E knows whom A often makes, and peer R knows whose phone C often receives.Yet in the P2P system, it is incredible that transit node is likely, therefore need be to the data encryption of transmission, to guarantee the anonymity of communicating pair.
Present transfer of data encryption technology mainly is that the data flow in the transmission is encrypted, and commonly used have link encryption, node encrytion and three kinds of modes of End to End Encryption.
Link encryption be meant the transmission data only the data link layer before physical layer encrypt; do not consider the information source and the stay of two nights; it is used to protect the data between communication node; the recipient is each the node machine on the transfer path; information is all wanted decrypted and is encrypted in every node machine; carry out successively, until arriving the destination.
With the similar node encrytion mode of link encryption, be to adopt an encryption apparatus that links to each other with the node machine at the node place, ciphertext is decrypted and encrypted again in this device, and plaintext does not pass through the node machine, has avoided the pregnable shortcoming at link encryption node place.
End to End Encryption is the cipher mode that passes through and provide for data.Data are encrypted at transmitting terminal, and in the receiving terminal deciphering, the intermediate node place does not occur with form expressly.End to End Encryption is finished in application layer.In End to End Encryption, except that the header of message, other data all with the form of ciphertext through whole transmission courses, just just have at transmitting terminal and receiving terminal add, decryption device, and any node message is all non-decrypting in the centre, therefore, does not need encryption device, compare with link encryption, can reduce the quantity of encryption device.Information is made up of header and message, the information of message for transmitting, and header is a routing information, owing to will relate to Route Selection in the Network Transmission, when link encryption, message and header must be encrypted, and what use among the P2PSIP is this kind cipher mode.
In realizing process of the present invention, the inventor finds that there are the following problems at least in the prior art: existing End to End Encryption mode, though each intermediate node on the passage is not deciphered message, but for message is sent to the destination, must check routing information, therefore, can only be to message encryption, and can not encrypt header.So just realized by some communications analysis easily, thereby obtain some sensitive information.
Summary of the invention
The embodiment of the invention provides a kind of communication means, device and system, with realization header is encrypted, and guarantees the anonymity of communicating pair to transit node, guarantees communication security.
For achieving the above object, the embodiment of the invention provides a kind of communication means on the one hand, comprising: receiving data information, described data message are the information of utilizing behind the public key encryption of destination node; Whether the identity parameter of judging the destination node that described data message is entrained is identical with the identity parameter of this node; If identical, then utilize the private key of this node that described data message is decrypted.
On the other hand, the embodiment of the invention also provides a kind of network node, comprising: receiver module, be used for receiving data information, and described data message is the information of utilizing behind the public key encryption of destination node; Judge module, whether the identity parameter of the destination node that is used to judge that described data message is entrained is identical with the identity parameter of this node; Deciphering module, be used for identity parameter at identity parameter that described judge module is judged the destination node that described data message carries and this node identical after, utilize the private key of described destination node that described data message is decrypted.
On the one hand, the embodiment of the invention also provides a kind of point to point network communication system, comprising: first node is used to utilize the public key encryption data message of destination node, and sends described data encrypted information again; Section Point is used to receive the data message that described first node sends, and judges whether the identity parameter of the destination node that described data message is entrained is identical with the identity parameter of described Section Point; If identical, then utilize the private key of described Section Point that described data message is decrypted; If the identity parameter of the destination node that described data message is entrained is different with the identity parameter of described Section Point, then search and the immediate identity parameter of the identity parameter of described destination node, described data message is sent to the node of described immediate identity parameter correspondence.
Compared with prior art; the embodiment of the invention has the following advantages: pass through the embodiment of the invention; utilize the PKI of destination node that the data message that sends is encrypted; after destination node is received ciphered data information; the private key that utilizes this destination node is with the data message deciphering of receiving; thereby guaranteed the anonymity of communicating pair, protected data information transmission safety transit node.
Description of drawings
Fig. 1 is the prior art flow chart that customer end A is communicated by letter with client C in P2P SIP system;
Fig. 2 is the flow chart of embodiment of the invention communication means;
Fig. 3 is the structural representation of node A to the data message of node C transmission;
Fig. 4 is the structure chart of embodiment of the invention network node.
Embodiment
The embodiment of the invention provides a kind of communication means, utilize the PKI of destination node that the data message of transmission is encrypted, transit node is not owing to know the private key of destination node, so can not decipher this data message, have only destination node to utilize the private key of this destination node to be decrypted to this data message, thereby realized the anonymity transmission of communicating pair, guaranteed communication security transit node.The embodiment of the invention is that example describes with the communication in the P2P network.
As shown in Figure 2, the flow chart for embodiment of the invention communication means specifically may further comprise the steps:
Step S201, receiving data information, this data message are the information of utilizing behind the public key encryption of destination node.Source node is when sending data message, utilize the PKI of destination node to encrypt to sent data message, and transmission data encrypted information, this data message carries the identity parameter of destination node, and the identity parameter of this destination node can be the value that obtains by the combination Hash to the title of node or this IP addresses of nodes or MAC Address or IP address and port.Certainly the method for obtaining the identity parameter of this node is not limited in above method, takes other method to obtain the realization that the identity parameter does not influence the embodiment of the invention.
Step S202, whether the identity parameter of the destination node that judgment data information is carried is identical with the identity parameter of this node.After node receives ciphered data information, judge whether the identity parameter of the destination node that this data message carries is identical with the identity parameter of this node, if identical, execution in step S203 then; If the identity parameter of the destination node that this data message carries is different with the identity parameter of this node, execution in step S204 then.
Step S203 utilizes the private key of destination node that data message is decrypted.After the identity parameter of the identity parameter of judging the destination node that this data message carries and this node is identical, this node determines that this node is a destination node, this destination node utilizes the private key of this destination node that this data message is decrypted then, thereby knows the particular content of the data message of originator and transmission.
Step S204, table of query and routing is found out and the immediate identity parameter of the identity parameter of destination node, data message is sent to the node of immediate identity parameter correspondence.If the identity parameter of the destination node that this data message carries is different with the identity parameter of this node, then this node determines that this node is not a destination node, be transit node, at this moment, the routing table of this querying node oneself, find out and the immediate identity parameter of the identity parameter of destination node, data message is sent to the node of immediate identity parameter correspondence.The node of this immediate identity parameter correspondence continues execution in step S201~step S204, searches down so layer by layer, up to this data message is sent to destination node.Certainly, this node outside also can table of query and routing information bank or network in the database of other node, to find out and the immediate identity parameter of the identity parameter of destination node.
The embodiment of the invention one is an example with the communication process of Fig. 1, and the detailed process of node A being used the embodiment of the invention when node C posts a letter is illustrated.
As shown in Figure 3, be the structural representation of node A to the data message of node C transmission, wherein, the ID that supposes node C is 124a5cefd, then the from territory of the data message that sends to node E of node A is for anonymous, the to territory is 124a5cefd, and the back is a string ciphertext, utilizes the PKI of node C to encrypt.
After node E receives this data message, the ID value of finding oneself is not 124a5cefd, so it oneself is not destination node that node E judges, node E can be to routing table lookup and the immediate ID of 124a5cefd of this node E then, and data message sent to this near the node of ID representative, in like manner, node P and node R also are like this, and the record of node C is arranged in the routing table that finds node R.Therefore node E, node P and node R can't decipher this a string ciphertext owing to can't know the private key of node C, just do not know also whom this data message sent by; Simultaneously node R is except knowing that ID is that the node of 124a5cefd is the node C, and other node does not know all whom destination node is.At last, data message arrives node C, and node C finds that the ID of oneself is exactly 124a5cefd, and node C can know that originator is node A from the from header field of data message with the ciphertext in the private key data decryption information of oneself then.
Certainly, node E, node P and node R outside also can table of query and routing information bank or network in the database of other node, to find out and the immediate identity parameter of the identity parameter of node C.
Above-mentioned method for communicating, source node utilizes the public key encryption data message of destination node, after transit node is received ciphered data information, owing to do not know the private key of destination node, so ciphered data information can't be decrypted, destination node utilizes the private key of this destination node to decipher this data message after receiving ciphered data information, thereby realized the anonymity of communicating pair, guaranteed communication security transit node.
As shown in Figure 4, the structure chart for embodiment of the invention network node comprises: receiver module 1, be used for receiving data information, and this data message is the information of utilizing behind the public key encryption of destination node;
Judge module 2 is used to judge whether the identity parameter of the destination node that data message that receiver module 1 receives is entrained is identical with the identity parameter of this node;
Deciphering module 3, be used for identity parameter at identity parameter that judge module 2 is judged the destination node that these data messages carry and this node identical after, utilize the private key of destination node that described data message is decrypted.
This network node also comprises: enquiry module 4, be used for identity parameter at identity parameter that judge module 2 is judged the destination node that these data messages carry and this node different after, search and the immediate identity parameter of the identity parameter of destination node, data message is sent to the node of immediate identity parameter correspondence.
This network node also comprises: encrypt sending module 5, be used to utilize the PKI of destination node that data message is encrypted, send ciphered data information.
The embodiment of the invention also provides a kind of point to point network communication system, comprising: first node is used to utilize the public key encryption data message of destination node, and sends data encrypted information;
Section Point is used to receive the data message that first node sends, and whether the identity parameter of the destination node that judgment data information is entrained is identical with the identity parameter of Section Point, if identical, then utilizes the private key of Section Point that data message is decrypted; If the identity parameter of the destination node that data message is entrained is different with the identity parameter of Section Point, then search and the immediate identity parameter of the identity parameter of destination node, data message is sent to the node of immediate identity parameter correspondence.
Through the above description of the embodiments, those skilled in the art can be well understood to the present invention and can realize by the mode that software adds essential general hardware platform, can certainly pass through hardware, but the former is better execution mode under a lot of situation.Based on such understanding, the part that technical scheme of the present invention contributes to prior art in essence in other words can embody with the form of software product, this computer software product is stored in the storage medium, comprise that some instructions are with so that a computer equipment (can be a personal computer, server, the perhaps network equipment etc.) carry out the described method of each embodiment of the present invention.
The above only is embodiments of the present invention; should be pointed out that for those skilled in the art, under the prerequisite that does not break away from the principle of the invention; can also make some improvements and modifications, these improvements and modifications also should be considered as protection scope of the present invention.
Claims (10)
1, a kind of communication means is characterized in that, comprising:
Receiving data information, described data message are the information of utilizing behind the public key encryption of destination node;
Whether the identity parameter of judging the destination node that described data message is entrained is identical with the identity parameter of this node;
If identical, then utilize the private key of described node that described data message is decrypted.
2, communication means according to claim 1 is characterized in that, also comprises:
If the identity parameter of the destination node that described data message carries is different with the identity parameter of described node, then search and the immediate identity parameter of the identity parameter of described destination node, described data message is sent to the node of described immediate identity parameter correspondence.
3, communication means according to claim 1 is characterized in that, before described receiving data information, also comprises:
Source node utilizes the PKI of destination node that described data message is encrypted, and sends described data encrypted information.
4, communication means according to claim 1; it is characterized in that described identity parameter is by to the Internet Protocol IP address or the media access control MAC address of the title of node or described node or Hash is carried out in the combination of described IP address and port obtain.
5, a kind of network node is characterized in that, comprising:
Receiver module is used for receiving data information, and described data message is the information of utilizing behind the public key encryption of destination node;
Judge module is used to judge whether the identity parameter of the destination node that data message that described receiver module receives is entrained is identical with the identity parameter of this node;
Deciphering module, be used for identity parameter at identity parameter that described judge module is judged the destination node that described data message carries and this node identical after, utilize the private key of described node that described data message is decrypted.
6, as network node as described in the claim 5, it is characterized in that, also comprise:
Enquiry module, be used for identity parameter at identity parameter that described judge module is judged the destination node that described data message carries and described node different after, search and the immediate identity parameter of the identity parameter of described destination node, described data message is sent to the node of described immediate identity parameter correspondence.
7, as network node as described in the claim 5, it is characterized in that, also comprise:
Encrypt sending module, be used to utilize the PKI of destination node that described data message is encrypted, send described encryption back data message.
8, a kind of point to point network communication system is characterized in that, comprising:
First node is used to utilize the public key encryption data message of destination node, sends described data encrypted information;
Section Point is used to receive the data message that described first node sends, and judges according to the information that described data message carries, and according to judged result described data message is decrypted or transmits.
9, as point to point network communication system as described in the claim 8, it is characterized in that described first node comprises:
Encrypt sending module, be used to utilize the PKI of destination node that data message is encrypted, send described data message.
10, as point to point network communication system as described in the claim 8, it is characterized in that described Section Point comprises:
Receiver module is used to receive the data message that described first node sends, and described data message is the information of utilizing behind the public key encryption of destination node;
Judge module is used to judge whether the identity parameter of the destination node that data message that described receiver module receives is entrained is identical with the identity parameter of described Section Point;
Deciphering module, when the identity parameter that is used for judging the destination node that described data message is entrained at described judge module is identical with the identity parameter of described Section Point, utilize the private key of described destination node that the data message that described receiver module receives is decrypted;
Enquiry module, the identity parameter that is used for judging the identity parameter of the destination node that described data message is entrained and described Section Point at described judge module is not simultaneously, search and the immediate identity parameter of the identity parameter of described destination node, described data message is sent to the node of described immediate identity parameter correspondence.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2007103017748A CN101471772A (en) | 2007-12-27 | 2007-12-27 | Communication method, device and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2007103017748A CN101471772A (en) | 2007-12-27 | 2007-12-27 | Communication method, device and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101471772A true CN101471772A (en) | 2009-07-01 |
Family
ID=40828914
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA2007103017748A Pending CN101471772A (en) | 2007-12-27 | 2007-12-27 | Communication method, device and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101471772A (en) |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101895879A (en) * | 2010-07-09 | 2010-11-24 | 杭州师范大学 | Secure communication method for wireless sensing network |
| CN103379103A (en) * | 2012-04-24 | 2013-10-30 | 长春易申软件有限公司 | Linear encryption and decryption hardware implementation method |
| CN104378756A (en) * | 2014-11-27 | 2015-02-25 | 成都远为天胜科技有限公司 | Transit type wireless communication method |
| CN106506523A (en) * | 2016-11-29 | 2017-03-15 | 济南恒大视讯科技有限公司 | A kind of processing system and method for ensureing electronic vote data safety |
| CN107340733A (en) * | 2016-04-30 | 2017-11-10 | 克洛纳测量技术有限公司 | Electrical equipment with functional device |
| CN108683747A (en) * | 2018-06-11 | 2018-10-19 | 华为技术有限公司 | Resource acquisition, distribution, method for down loading, device, equipment and storage medium |
| CN109792451A (en) * | 2018-08-22 | 2019-05-21 | 袁振南 | Communication channel encryption, decryption and method for building up and device, memory and terminal |
| CN110557359A (en) * | 2018-06-01 | 2019-12-10 | 厦门本能管家科技有限公司 | Block chain based message communication method and device |
| CN111343187A (en) * | 2020-03-04 | 2020-06-26 | 开采夫(杭州)科技有限公司 | Block chain data encryption method using space-time information as function model |
| CN112800472A (en) * | 2021-03-08 | 2021-05-14 | 国家工业信息安全发展研究中心 | Industrial internet identification data protection system based on micro-service architecture |
| CN115941600A (en) * | 2023-03-14 | 2023-04-07 | 鹏城实验室 | Message distribution method, system and computer readable storage medium |
-
2007
- 2007-12-27 CN CNA2007103017748A patent/CN101471772A/en active Pending
Cited By (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101895879B (en) * | 2010-07-09 | 2013-01-09 | 杭州师范大学 | Secure communication method for wireless sensing network |
| CN101895879A (en) * | 2010-07-09 | 2010-11-24 | 杭州师范大学 | Secure communication method for wireless sensing network |
| CN103379103A (en) * | 2012-04-24 | 2013-10-30 | 长春易申软件有限公司 | Linear encryption and decryption hardware implementation method |
| CN104378756A (en) * | 2014-11-27 | 2015-02-25 | 成都远为天胜科技有限公司 | Transit type wireless communication method |
| CN107340733A (en) * | 2016-04-30 | 2017-11-10 | 克洛纳测量技术有限公司 | Electrical equipment with functional device |
| CN106506523A (en) * | 2016-11-29 | 2017-03-15 | 济南恒大视讯科技有限公司 | A kind of processing system and method for ensureing electronic vote data safety |
| CN110557359A (en) * | 2018-06-01 | 2019-12-10 | 厦门本能管家科技有限公司 | Block chain based message communication method and device |
| CN108683747A (en) * | 2018-06-11 | 2018-10-19 | 华为技术有限公司 | Resource acquisition, distribution, method for down loading, device, equipment and storage medium |
| US11240213B2 (en) | 2018-06-11 | 2022-02-01 | Huawei Technologies Co., Ltd. | Resource obtaining, distribution, and download method and apparatus, device, and storage medium |
| CN109792451A (en) * | 2018-08-22 | 2019-05-21 | 袁振南 | Communication channel encryption, decryption and method for building up and device, memory and terminal |
| CN109792451B (en) * | 2018-08-22 | 2022-11-18 | 袁振南 | Communication channel encryption, decryption and establishment method and device, memory and terminal |
| CN111343187A (en) * | 2020-03-04 | 2020-06-26 | 开采夫(杭州)科技有限公司 | Block chain data encryption method using space-time information as function model |
| CN111343187B (en) * | 2020-03-04 | 2022-04-05 | 开采夫(杭州)科技有限公司 | Block chain data encryption method using space-time information as function model |
| CN112800472A (en) * | 2021-03-08 | 2021-05-14 | 国家工业信息安全发展研究中心 | Industrial internet identification data protection system based on micro-service architecture |
| CN115941600A (en) * | 2023-03-14 | 2023-04-07 | 鹏城实验室 | Message distribution method, system and computer readable storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101471772A (en) | Communication method, device and system | |
| US9106628B2 (en) | Efficient key management system and method | |
| US9749318B2 (en) | Key management in a communication network | |
| CN101420413B (en) | Session cipher negotiating method, authentication server and network appliance | |
| CA2636780C (en) | Method and device for anonymous encrypted mobile data and speech communication | |
| Sisalem et al. | SIP security | |
| JP5173022B2 (en) | How to aggregate information values in a network | |
| Seedorf | Security challenges for peer-to-peer SIP | |
| US20210203700A1 (en) | Methods and apparatus to preserve original attestation/signature information for diverted calls | |
| Wing et al. | Requirements and analysis of media security management protocols | |
| Karopoulos et al. | Complete SIP message obfuscation: PrivaSIP over Tor | |
| Seedorf | Lawful interception in P2P-based VoIP systems | |
| Floroiu et al. | A comparative analysis of the security aspects of the multimedia key exchange protocols | |
| Tsai et al. | A scalable anonymous server overlay network | |
| Sabra et al. | Using group anonymity to hide the identity of VoIP mobile users communicating over hybrid networks while preserving quality of service | |
| Abdullahi | Examining the network & security infrastructure of skype mobile application | |
| Lohiya et al. | End to End Encryption Architecture for Voice over Internet Protocol | |
| Li et al. | An Efficient and Anti-abuse Network-layer Anonymity Protocol under SDN | |
| Manandhar et al. | Preserving the Anonymity in MobilityFirst networks | |
| Shekokar | A secured approach to protect SIP signaling message | |
| Choi et al. | Demonstration of spam and security mechanism in SIP-based VoIP services | |
| Chandirasekaran et al. | A Trustable Key Exchange Protocol for Mobile Oriented VoIP Devices via ECDH and Synchronous Key Update Mechanism | |
| Yang et al. | Design of User Access Authentication and Authorization System for VoIP Service | |
| Traynor et al. | Vulnerabilities in Voice over IP | |
| Tschofenig et al. | Network Working Group D. Wing, Ed. Request for Comments: 5479 Cisco Category: Informational S. Fries Siemens AG |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Open date: 20090701 |