CN101442401A - Method and apparatus for sending and receiving data, and data transmission system - Google Patents
Method and apparatus for sending and receiving data, and data transmission system Download PDFInfo
- Publication number
- CN101442401A CN101442401A CNA2007101883488A CN200710188348A CN101442401A CN 101442401 A CN101442401 A CN 101442401A CN A2007101883488 A CNA2007101883488 A CN A2007101883488A CN 200710188348 A CN200710188348 A CN 200710188348A CN 101442401 A CN101442401 A CN 101442401A
- Authority
- CN
- China
- Prior art keywords
- sent
- data frame
- frame number
- storage
- frame
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Information Transfer Between Computers (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a method for receiving data. The method comprises: receiving a data frame which carries the number of data frames currently transmitted by a transmitting terminal and cryptographically carries the number of data frames transmitted when the transmitting terminal finishes last communication; decrypting the received data frame to acquire the number of the data frames transmitted when the transmitting finishes the last communication; when the number of the data frames acquired by decrypting and the number of data frames which are stored in a first storage domain and are transmitted when the transmitting terminal finishes the last communication meet a predetermined condition, reserving receiving the received data frame; and if the reserved received data frame is the last data frame of communication in this time, updating the number of data frames which are stored in a first storage domain and are transmitted by the transmitting terminal based on the number of the data frames currently transmitted by the transmitting terminal carried in the reserved received data frame. Correspondingly, the invention also discloses a method for transmitting data and a data transmission system. With the proposal of the invention, attack data can be effectively identified so as to ensure normal operation of communication.
Description
Technical field
The present invention relates to communication technical field, relate in particular to a kind of data sending, receiving method and device and data transmission system.
Background technology
In Replay Attack, the Frame of assailant by capturing before resetting causes taking of system resource, bandwidth, perhaps causes the confusion of receiving equipment communication process.The purpose of Replay Attack protection (ReplayProtection) is to guarantee that the assailant can not realize attacking by the Frame that captures before successfully sending.
For many communication systems, Replay Attack all is a kind of effectively attack means, and therefore, the security mechanism of communication system has all adopted various technological means that the protection of Replay Attack is provided mostly.
At present a lot of communication systems have all adopted the Replay Attack protection mechanism under a kind of counter mode, as shown in Figure 1, transmitting apparatus A comprises a counter CA among the figure, the Frame that is used for it is sent is counted, before Frame of the every transmission of transmitting apparatus A, the value of this counter CA adds 1, and comprises the value of this counter CA in the Frame that it sent; Receiving equipment B comprises a counter CA ', and the value of this counter CA ' is upgraded by the value of CA in the Frame that receives.
The flow process that counter mode is realized the Replay Attack protection down in the prior art is referring to shown in Figure 2, and detailed process is as follows:
Step 201: the value of counter CA adds 1 among the transmitting apparatus A;
Step 202: transmitting apparatus A sends a Frame to receiving equipment B, includes the value of counter CA among the transmitting apparatus A in this Frame;
Step 203: after receiving equipment B receives this Frame, extract the value of the counter CA that comprises in this frame;
Step 204: the value of the counter CA that the extracts value with the counter CA ' of receiving equipment B self preservation is compared;
Step 205: if the value of the counter CA ' that the value of the counter CA that extracts is preserved greater than receiving equipment B self thinks that then this Frame is not a playback frame and receive this frame, and with the value renewal CA ' of CA;
Step 206:, think that then this Frame is a playback frame, and abandon this frame if the value of the counter CA that extracts is not more than the value of the counter CA ' of receiving equipment B self preservation.
Need to prove that said process is to use counter mode to realize the general type of Replay Attack protection, the increasing computing certainly and can be chosen in before Frame sends of counter CA wherein also can be chosen in after Frame sends; Utilize the magnitude relationship of the value of the value of the counter CA that extracts and the counter CA ' that receiving equipment B self preserves to judge whether received frame is the condition of playback frame, can select the value of the value of CA greater than CA ', also can select the value of the value of CA more than or equal to CA '.Different playback protection mechanisms allows to adopt different processing methods.
In above-mentioned Replay Attack protection process,, just think that received frame is not a playback frame and receive this frame as long as the value of the counter CA that extracts is greater than the value of CA '.And the attack frame that the assailant sends differs and establishes a capital the frame that captures before being; it also can be the frame that the assailant forges; as long as comprise a very big CA value in this attack frame; utilize existing this attack protection mode so; receiving equipment will be because of the value of the CA value of extracting from attack frame greater than the counter CA ' that himself preserves; and receive this attack frame, and upgrade CA ' with the value of CA.The normal frame that sends of this transmitting apparatus legal after just causing, the value of CA is considered to attack frame less than the value of the counter CA ' that himself preserves in the recipient can be owing to the frame that extracts, and abandon this frame, make proper communication not carry out and cause the attack of denial of service.
Summary of the invention
The technical problem that the embodiment of the invention will solve is to provide a kind of data sending, receiving method, attacks data with effective identification, thereby guarantees normally carrying out of communication.
Accordingly, the invention allows for a kind of data transmission, receiving system, and data transmission system.
The embodiment of the invention has proposed a kind of data transmission method for uplink, comprise step: the current data frame number that has sent of the first storage territory storage is carried in the Frame to be sent, and the data frame number that last time of the second storage territory storage has sent during sign off encrypted is carried in this Frame to be sent; Send described Frame to be sent; Upgrade the current data frame number that has sent of the first storage territory storage; If last Frame that described Frame to be sent is this communication then based on the current data frame number that has sent of the first storage territory storage, upgrades the data frame number that has sent of the second storage territory storage.
The embodiment of the invention has proposed a kind of data transmission method for uplink, comprises step: the current data frame number that has sent that comprises Frame to be sent that upgrades the first storage territory storage; The current data frame number that has sent of the described first storage territory storage is carried in the Frame to be sent, and the data frame number that last time of the second storage territory storage has sent during sign off encrypted is carried in this Frame to be sent; Send described Frame to be sent; If last Frame that described Frame to be sent is this communication then based on the current data frame number that has sent of the first storage territory storage, upgrades the data frame number that has sent of the second storage territory storage.
The embodiment of the invention has proposed a kind of data receive method, comprises step: receiving data frames carries the current data frame number that has sent of transmitting terminal, and encrypts the data frame number that has sent when carrying transmitting terminal sign off last time in the described Frame; Decipher the Frame of described reception, the data frame number that has sent when obtaining transmitting terminal sign off last time; The data frame number that has sent during transmitting terminal sign off last time of the data frame number that obtains in deciphering and the first storage territory storage when satisfying predetermined conditions, keeps the Frame that receives described reception; When being last Frame of this communication as if the Frame that keeps reception, then the current data frame number that has sent of transmitting terminal that carries in the Frame based on described reservation reception upgrades the data frame number that first transmitting terminal of storing the territory storage has sent.
The embodiment of the invention has proposed a kind of data receive method, comprises step: receiving data frames carries the current data frame number that has sent of transmitting terminal in the described Frame; Extract the data frame number that the current transmitting terminal that carries in the Frame of described reception has sent, the Frame of described reception is the later Frame of first Frame of this communication; In the difference of the data frame number that extracts, when being not more than predefined first threshold, keep the Frame of the described reception of reception with the current data frame number that has sent of transmitting terminal of the first storage territory storage; Based on keeping the current data frame number that has sent of transmitting terminal that carries in the Frame that receives, upgrade the current data frame number that has sent of transmitting terminal of the first storage territory storage.
The embodiment of the invention has proposed a kind of data sending device, comprise: load bearing unit, be used for the current data frame number that has sent of the first storage territory storage is carried to Frame to be sent, and the data frame number that last time of the second storage territory storage has sent during sign off encrypted be carried in this Frame to be sent; Transmitting element is used to send described Frame to be sent; First updating block is used to upgrade the current data frame number that has sent that store in the first storage territory; Second updating block is used for when described Frame to be sent is last Frame of this communication, based on the current data frame number that has sent of the first storage territory storage, upgrades the data frame number that has sent that store in the second storage territory.
The embodiment of the invention has proposed a kind of data sending device, comprising: first updating block is used to upgrade the current data frame number that has sent that comprises Frame to be sent that store in the first storage territory; Load bearing unit is used for the current data frame number that has sent of the described first storage territory storage is carried to Frame to be sent, and the data frame number that last time of the second storage territory storage has sent during sign off encrypted is carried in this Frame to be sent; Transmitting element is used to send described Frame to be sent; Second updating block is used for when described Frame to be sent is last Frame of this communication, based on the current data frame number that has sent of the first storage territory storage, upgrades the data frame number that has sent that store in the second storage territory.
The embodiment of the invention has proposed a kind of data sink, comprise: receiving element, be used for receiving data frames, carry the current data frame number that has sent of transmitting terminal in the described Frame, and encrypt the data frame number that has sent when carrying transmitting terminal sign off last time; Decrypting device is used to decipher the Frame of described reception, the data frame number that has sent when obtaining transmitting terminal sign off last time; Judging unit is used to judge the data frame number that has sent when deciphering the data frame number and first that obtains stores transmitting terminal sign off last time of territory storage, and whether this two number satisfies predetermined conditions; Keep receiving element, be used in judged result keeping the Frame of the described reception of reception when satisfying predetermined conditions; Updating block, be used for when the Frame that keeps reception is last Frame of this communication, the current data frame number that has sent of transmitting terminal that carries in the Frame based on described reservation reception upgrades the data frame number that first transmitting terminal of storing the territory storage has sent.
The embodiment of the invention has proposed a kind of data sink, comprising: receiving element, be used for receiving data frames, and carry the current data frame number that has sent of transmitting terminal in the described Frame; Extraction unit is used for extracting the current data frame number that has sent that the Frame of described reception carries, and the Frame of described reception is the later Frame of first Frame of this communication; Judging unit is used to judge the difference of the current data frame number that has sent of transmitting terminal of the data frame number of extraction and the first storage territory storage whether to be not more than predefined first threshold; Keep receiving element, be used for when judging described difference and be not more than predefined first threshold, keeping the Frame that receives described reception; First updating block is used for the current data frame number that has sent of transmitting terminal that carries based on the Frame that keep to receive, upgrades the current data frame number that has sent of transmitting terminal of the first storage territory storage.
The embodiment of the invention has proposed a kind of data transmission system, comprise transmitting apparatus and receiving equipment, described transmitting apparatus comprises: load bearing unit, be used for the current data frame number that has sent of the first storage territory storage is carried to Frame to be sent, and the data frame number that last time of the second storage territory storage has sent during sign off encrypted be carried in this Frame to be sent; Transmitting element is used to send described Frame to be sent; First updating block is used to upgrade the current data frame number that has sent that store in the first storage territory; Second updating block is used for when described Frame to be sent is last Frame of this communication, based on the current data frame number that has sent of the first storage territory storage, upgrades the data frame number that has sent that store in the second storage territory; Described receiving equipment comprises: receiving element, be used for receiving data frames, and carry the current data frame number that has sent of transmitting terminal in the described Frame, and encrypt the data frame number that has sent when carrying transmitting terminal sign off last time; Decrypting device is used to decipher the Frame of described reception, the data frame number that has sent when obtaining transmitting terminal sign off last time; Judging unit is used to judge the data frame number that has sent when deciphering the data frame number and first that obtains stores transmitting terminal sign off last time of territory storage, and whether this two number satisfies predetermined conditions; Keep receiving element, be used in judged result keeping the Frame of the described reception of reception when satisfying predetermined conditions; Updating block, be used for when the Frame that keeps reception is last Frame of this communication, the current data frame number that has sent of transmitting terminal that carries in the Frame based on described reservation reception upgrades the data frame number that first transmitting terminal of storing the territory storage has sent.
The embodiment of the invention has proposed a kind of data transmission system, comprises transmitting apparatus and receiving equipment, and described transmitting apparatus comprises: first updating block is used to upgrade the current data frame number that has sent that comprises Frame to be sent that store in the first storage territory; Load bearing unit is used for the current data frame number that has sent of the described first storage territory storage is carried to Frame to be sent, and the data frame number that last time of the second storage territory storage has sent during sign off encrypted is carried in this Frame to be sent; Transmitting element is used to send described Frame to be sent; Second updating block is used for when described Frame to be sent is last Frame of this communication, based on the current data frame number that has sent of the first storage territory storage, upgrades the data frame number that has sent that store in the second storage territory; Described receiving equipment comprises: receiving element, be used for receiving data frames, and carry the current data frame number that has sent of transmitting terminal in the described Frame, and encrypt the data frame number that has sent when carrying transmitting terminal sign off last time; Decrypting device is used to decipher the Frame of described reception, the data frame number that has sent when obtaining transmitting terminal sign off last time; Judging unit is used to judge the data frame number that has sent when deciphering the data frame number and first that obtains stores transmitting terminal sign off last time of territory storage, and whether this two number satisfies predetermined conditions; Keep receiving element, be used in judged result keeping the Frame of the described reception of reception when satisfying predetermined conditions; Updating block, be used for when the Frame that keeps reception is last Frame of this communication, the current data frame number that has sent of transmitting terminal that carries in the Frame based on described reservation reception upgrades the data frame number that first transmitting terminal of storing the territory storage has sent.
The embodiment of the invention has proposed a kind of data transmission system, comprise transmitting apparatus and receiving equipment, described transmitting apparatus comprises: load bearing unit, be used for the current data frame number that has sent of the first storage territory storage is carried to Frame to be sent, and the data frame number that last time of the second storage territory storage has sent during sign off encrypted be carried in this Frame to be sent; Transmitting element is used to send described Frame to be sent; First updating block is used to upgrade the current data frame number that has sent that store in the first storage territory; Second updating block is used for when described Frame to be sent is last Frame of this communication, based on the current data frame number that has sent of the first storage territory storage, upgrades the data frame number that has sent that store in the second storage territory; Described receiving equipment comprises: receiving element, be used for receiving data frames, and carry the current data frame number that has sent of transmitting terminal in the described Frame; Extraction unit is used for extracting the current data frame number that has sent that the Frame of described reception carries, and the Frame of described reception is the later Frame of first Frame of this communication; Judging unit is used to judge the difference of the current data frame number that has sent of transmitting terminal of the data frame number of extraction and the first storage territory storage whether to be not more than predefined first threshold; Keep receiving element, be used for when judging described difference and be not more than predefined first threshold, keeping the Frame that receives described reception; First updating block is used for the current data frame number that has sent of transmitting terminal that carries based on the Frame that keep to receive, upgrades the current data frame number that has sent of transmitting terminal of the first storage territory storage.
The embodiment of the invention has proposed a kind of data transmission system, comprises transmitting apparatus and receiving equipment, and described transmitting apparatus comprises: first updating block is used to upgrade the current data frame number that has sent that comprises Frame to be sent that store in the first storage territory; Load bearing unit is used for the current data frame number that has sent of the described first storage territory storage is carried to Frame to be sent, and the data frame number that last time of the second storage territory storage has sent during sign off encrypted is carried in this Frame to be sent; Transmitting element is used to send described Frame to be sent; Second updating block is used for when described Frame to be sent is last Frame of this communication, based on the current data frame number that has sent of the first storage territory storage, upgrades the data frame number that has sent that store in the second storage territory; Described receiving equipment comprises: receiving element, be used for receiving data frames, and carry the current data frame number that has sent of transmitting terminal in the described Frame; Extraction unit is used for extracting the current data frame number that has sent that the Frame of described reception carries, and the Frame of described reception is the later Frame of first Frame of this communication; Judging unit is used to judge the difference of the current data frame number that has sent of transmitting terminal of the data frame number of extraction and the first storage territory storage whether to be not more than predefined first threshold; Keep receiving element, be used for when judging described difference and be not more than predefined first threshold, keeping the Frame that receives described reception; First updating block is used for the current data frame number that has sent of transmitting terminal that carries based on the Frame that keep to receive, upgrades the current data frame number that has sent of transmitting terminal of the first storage territory storage.
Data receiving-transmitting method and device thereof that the embodiment of the invention proposes, in the Frame that sends with the form of ciphertext embed be used to write down last time during sign off transmitting apparatus send the value of Frame number, at receiving terminal the Frame that receives is deciphered, obtain the value of described embedding, this value and receiving terminal self being used to of preserving write down the value that last time, transmitting apparatus sent the Frame number during sign off to be compared, at comparative result is two values when satisfying predetermined conditions, thinks that this frame is non-attack frame and keeps and receive this frame.By said method, to not belonging to other Frames of playback frame, attack frame can be further judged whether, thereby the attack data can be effectively discerned into non-play-back type, guarantee normally carrying out of communication.
Data receiving-transmitting method and device thereof that the embodiment of the invention proposes, in the Frame that sends, embed the value that is used for the Frame counting of transmitting apparatus transmission, and being used for of being comprised in the adjacent two data frame that sends of regulation transmitting apparatus Frame counting that transmitting apparatus is sent value, the difference between these two values can not surpass pre-set threshold; The value that receiving terminal is counted the Frame that is used for that transmitting apparatus is sent that comprises in the Frame that receives, ask difference with the value that a last Frame that is used for that transmitting apparatus is sent that keeps to comprise in the Frame that receives of storing in the receiving equipment is counted, if the difference of trying to achieve does not exceed the threshold value of defined, think that then the frame of this reception is non-attack frame and keeps this frame of reception; By said method, to not belonging to other Frames of playback frame, attack frame can be further judged whether, thereby the attack data can be effectively discerned into non-play-back type, guarantee normally carrying out of communication.
Description of drawings
Fig. 1 is a communication process schematic diagram of realizing the Replay Attack protection in the prior art;
Fig. 2 is the flow chart of data transmit-receive process in the prior art;
Fig. 3 is the communication process schematic diagram of the realization attack protection of embodiment of the invention proposition;
Fig. 4 a is the flow chart of a kind of data transmit-receive process of embodiment of the invention proposition;
Fig. 4 b is the flow chart of the another kind of data transmit-receive process of embodiment of the invention proposition;
Fig. 4 c is the flow chart of the third data transmit-receive process of embodiment of the invention proposition;
Fig. 4 d is the flow chart of the 4th kind of data transmit-receive process of embodiment of the invention proposition;
Fig. 5 a is a kind of data sending device structural representation that the embodiment of the invention proposes;
Fig. 5 b is the another kind of data sending device structural representation that the embodiment of the invention proposes;
Fig. 6 a is first kind of data sink structural representation that the embodiment of the invention proposes;
Fig. 6 b is the concrete structure schematic diagram that keeps receiving element in first kind of data sink proposing of the embodiment of the invention;
Fig. 6 c is the concrete structure schematic diagram of updating block in first kind of data sink proposing of the embodiment of the invention;
Fig. 7 a is second kind of data sink structural representation that the embodiment of the invention proposes;
Fig. 7 b is the concrete structure schematic diagram that keeps receiving element in second kind of data sink proposing of the embodiment of the invention;
Fig. 8 a is first kind of data transmission system structural representation that the embodiment of the invention proposes;
Fig. 8 b is the concrete structure schematic diagram that keeps receiving element in first kind of data transmission system proposing of the embodiment of the invention;
Second kind of data transmission system structural representation that Fig. 9 proposes for the embodiment of the invention;
Figure 10 a is the third data transmission system structural representation that the embodiment of the invention proposes;
Figure 10 b is the concrete structure schematic diagram that keeps receiving element in the third data transmission system of proposing of the embodiment of the invention;
The 4th kind of data transmission system structural representation that Figure 11 proposes for the embodiment of the invention.
Embodiment
The implementation of the data transmit-receive scheme that the embodiment of the invention proposes is: in the Frame that sends, encrypt embed be used to write down last time during sign off transmitting apparatus send the value of Frame number, the value of the Frame number that transmitting apparatus sent when being used to of comprising in the Frame that sends in the communication process write down that last time, communication process finished, the mode that the value of the Frame number that transmitting apparatus sends when writing down with being used to of storing in the receiving equipment that last time, communication process finished is carried out verification; And in the Frame that sends, embed the value that is used for Frame counting that transmitting apparatus is sent, and being used for of being comprised in the adjacent two data frame that sends of regulation transmitting apparatus Frame counting that transmitting apparatus is sent value, the difference between these two values can not surpass pre-set threshold; Choose Frame in second Frame that in communication process, sends and the later Frame, judge the Frame count value that being used for of comprising in this Frame of choosing sends transmitting apparatus, the Frame count value that transmitting apparatus is sent with being used for of comprising in the last Frame that has kept reception of storing in the receiving equipment, whether the difference of these two values surpasses pre-set threshold, the mode of carrying out verification.
Aforementionedly mention, in the Replay Attack protection under counter mode, the increasing computing certainly and can be chosen in before Frame sends of counter CA in the transmitting apparatus also can be chosen in after Frame sends; Utilize the magnitude relationship of the value of the value of the counter CA that extracts and the counter CA ' that receiving equipment B self preserves to judge whether received frame is the condition of playback frame, can select the value of the value of CA greater than CA ', also can select the value of the value of CA more than or equal to CA '.Different playback protection mechanisms allows to adopt different processing methods.The embodiment of the invention was carried out before Frame sends with the computing that increases certainly of counter CA; And the magnitude relationship judgment mode of the value of the value of CA and CA ' whether adopt the value judge CA be the example introduction greater than the value of CA ', processing method those skilled in the art of other situations can obtain by analogy.
Below in conjunction with Figure of description the specific embodiment of the present invention is described.
Fig. 3 has provided the communication process schematic diagram of the realization attack protection of embodiment of the invention proposition, among the figure, transmitting apparatus A comprises two counter CA and LCA, the Frame that counter CA is used for it is sent is counted, before Frame of the every transmission of transmitting apparatus, the value of this counter CA adds 1, and comprises the value of this counter CA in the Frame that it sent; Counter LCA is in order to the value of preservation transmitting apparatus A and receiving equipment B sign off last time hour counter CA, and the value of counter LCA form with ciphertext in the Frame that transmitting apparatus A sends transmits.
Receiving equipment B also comprises two counter CA ' and LCA ', and the value of counter CA ' is upgraded by the value of CA in the Frame that receives.The value of counter LCA ' is upgraded (value of counter LCA ' the CA value of carrying in also can last Frame by communication process is upgraded certainly, below the value of counter LCA ' be updated to example explanation with the value by counter CA ' when the sign off at every turn) by the value of counter CA ' when the sign off of each transmitting apparatus A and receiving equipment B.
The flow process of first kind of data transmit-receive that the embodiment of the invention proposes is referring to shown in Fig. 4 a, and detailed process is as follows:
Step 401: the value of counter CA adds 1 among the transmitting apparatus A;
Step 402: transmitting apparatus A sends a Frame to receiving equipment B, includes the value of counter CA among the transmitting apparatus A and the value of counter LCA in this Frame, and wherein the value of LCA form with ciphertext in this Frame transmits;
Step 403: after receiving equipment B receives this Frame, extract the value of the counter CA that comprises in this frame;
Step 404: the value of the counter CA that the extracts value with the counter CA ' of receiving equipment B self preservation is compared;
Step 405:, think that then this Frame is a playback frame, and abandon this frame if the value of the counter CA that extracts is not more than the value of the counter CA ' of receiving equipment B self preservation;
Step 406: if the value of the counter CA that extracts judges then greater than the value of the counter CA ' of receiving equipment B self preservation whether this Frame is first Frame of this communication, if, execution in step 408, otherwise, execution in step 407;
Step 407: the difference (being CA-CA ') of the value of the counter CA that judge to extract and the counter CA ' of receiving equipment B self preservation, whether once allow the maximum of saltus step greater than the CA value, if, execution in step 410, otherwise execution in step 411;
Step 408: decipher this Frame, the value of the counter LCA that is wherein comprised enters step 409;
Step 409: the value of the counter LCA ' that the value of the counter LCA that deciphering is obtained and receiving equipment B self preserve compares, if comparable, then execution in step 411, otherwise execution in step 410;
Step 410: think that this frame is an attack frame, and abandon this frame;
Step 411: think that this frame is legal frame rather than the attack frame that newly sends, receive this frame also upgrades the counter CA ' of receiving equipment B self preservation with the value of extracting the counter CA that obtains value, enter step 412;
Step 412: judge whether this communication process finishes between transmitting apparatus A and the receiving equipment B,, continue to carry out otherwise return step 401 if then execution in step 413;
Step 413: in transmitting apparatus A, use the value of the value refresh counter LCA of counter CA, in receiving equipment B, use the value of the value refresh counter LCA ' of counter CA '.
Illustrate: the comparativity (condition that need satisfy when promptly these two values are comparable) that can define the value of the value of LCA and LCA ', in the time of must equating with the value of LCA ' such as the value that defines LCA, perhaps define both difference must be in certain acceptable scope the time, the value of LCA and the value of LCA ' are only comparable, otherwise two values are not comparable.
First kind of identifying schemes of attacking data that the invention described above embodiment proposes be, when receiving first Frame in a communication process, judges at first whether this Frame is playback frame, if not, continues the relatively comparativity of LCA and LCA '; (can certainly choosing wherein, the partial data frame carries out follow-up identification processing when receiving second Frame and follow-up each Frame, not necessarily all to carry out follow-up processing) to second Frame and follow-up each Frame, earlier judge whether this Frame is playback frame, if not playback frame, then continue difference CA-CA ' relatively whether greater than the saltus step scope of CA value;
Certainly, judge whether to exchange with the step of the comparativity that compares LCA and LCA ' for the step of playback frame;
The flow process of second kind of data transmit-receive that the embodiment of the invention proposes is seen shown in Fig. 4 b when a communication process receives each Frame, judge whether this Frame is playback frame earlier, if not, is continued to compare the comparativity of LCA and LCA '; (the partial data frame that can certainly choose in all Frames that receive judges whether to be playback frame, and/or the judgment processing of comparativity).
Equally, judge whether to exchange with the step of the comparativity that compares LCA and LCA ' for the step of playback frame;
Certainly, also can when a communication process receives first Frame, judge whether this Frame is playback frame earlier, if not, continue to compare the comparativity of LCA and LCA '; When receiving second Frame and follow-up each Frame, earlier judge whether this Frame is playback frame, if not, continue difference CA-CA ' relatively whether greater than the saltus step scope of CA value, if not, the comparativity of LCA and LCA ' is compared in continuation; Idiographic flow is seen shown in Fig. 4 c, is the third data receiving-transmitting method of embodiment of the invention proposition;
Equally, the partial data frame that also can choose in second Frame and follow-up each Frame carries out follow-up identification processing; Judge whether to exchange with the step of the comparativity that compares LCA and LCA ' for the step of playback frame;
The flow process of the 4th kind of data transmit-receive that the embodiment of the invention proposes is seen shown in Fig. 4 d when a communication process receives first Frame, judge whether this Frame is playback frame earlier, if not, is continued to compare the comparativity of LCA and LCA '; When receiving second Frame and follow-up each Frame, judge whether this Frame is playback frame earlier, if not, continue to compare the comparativity of LCA and LCA '; If not comparable, continue difference CA-CA ' relatively whether greater than the saltus step scope of CA value;
Equally, the partial data frame that also can choose in second Frame and follow-up each Frame carries out follow-up identification processing; Judge whether to exchange with the step of the comparativity that compares LCA and LCA ' for the step of playback frame;
About the process description of Fig. 4 b to Fig. 4 d, the process description that those skilled in the art can the above-mentioned Fig. 4 a of analogy obtains, and no longer describes in detail herein.
Need to prove, during the above-mentioned data transmit-receive flow process of practical application, owing to whether be that the judgement of playback frame is with the value of CA and CA ' magnitude relationship relatively; And the comparison difference CA-CA ' that the embodiment of the invention is introduced has in fact carried out the relatively big or small judgement of value of CA and CA ' whether greater than the step of the saltus step scope of CA value.So have overlappingly,, can whether be not the judgement of playback frame carrying out comparison difference CA-CA ' that the embodiment of the invention introduces whether during greater than the step of the saltus step scope of CA value with the step that whether is playback frame.
Also it is noted that after the sign off between transmitting apparatus A and receiving equipment B, just the value of refresh counter LCA and the value of counter LCA '.And requirement, in two Frames that communication process sends in succession, the saltus step of counter CA value is in the acceptable scope of a definition.
Embodiment according to technical solution of the present invention, the present invention provides a kind of data sending device of implementing this technical scheme here, shown in Fig. 5 a, this device comprises: load bearing unit A51, be used for the current data frame number that has sent of the first storage territory storage is carried to Frame to be sent, and the data frame number that last time of the second storage territory storage has sent during sign off encrypted be carried in this Frame to be sent; Transmitting element A52 is used to send described Frame to be sent; The first updating block A53 is used to upgrade the current data frame number that has sent that store in the first storage territory; The second updating block A54 is used for when described Frame to be sent is last Frame of this communication, based on the current data frame number that has sent of the first storage territory storage, upgrades the data frame number that has sent that store in the second storage territory.
Embodiment according to technical solution of the present invention, the present invention provides the another kind of data sending device of implementing this technical scheme here, shown in Fig. 5 b, this device comprises: the first updating block B51 is used to upgrade the current data frame number that has sent that comprises Frame to be sent that store in the first storage territory; Load bearing unit B52, be used for the current data frame number that has sent of the described first storage territory storage is carried to Frame to be sent, and the data frame number that last time of the second storage territory storage has sent during sign off encrypted be carried in this Frame to be sent; Transmitting element B53 is used to send described Frame to be sent; The second updating block B54 is used for when described Frame to be sent is last Frame of this communication, based on the current data frame number that has sent of the first storage territory storage, upgrades the data frame number that has sent that store in the second storage territory.
Embodiment according to technical solution of the present invention, the present invention provides first kind of data sink implementing this technical scheme here, shown in Fig. 6 a, this device comprises: receiving element A61, be used for receiving data frames, carry the current data frame number that has sent of transmitting terminal in the described Frame, and encrypt the data frame number that has sent when carrying transmitting terminal sign off last time; Decrypting device A62 is used to decipher the Frame that described receiving element A61 receives, the data frame number that has sent when obtaining transmitting terminal sign off last time; Judging unit A63 is used to judge that decrypting device A62 deciphers the data frame number that has sent when the data frame number and first that obtains is stored transmitting terminal sign off last time of territory storage, and whether this two number satisfies predetermined conditions; Keep receiving element A64, be used in judging unit A63 judged result keeping the Frame of the described reception of reception when satisfying predetermined conditions; Updating block A65, be used for when the Frame that keeps receiving element A64 reservation reception is last Frame of this communication, the current data frame number that has sent of transmitting terminal that carries in the Frame based on described reservation reception upgrades the data frame number that first transmitting terminal of storing the territory storage has sent.
This data sink also comprises: extraction unit A66, be used for Frame in described receiving element A61 reception, and extract the current data frame number that has sent of transmitting terminal; Determining unit A67 is used for determining whether the data frame number that extraction unit A66 extracts is greater than or not less than the current data frame number that has sent of transmitting terminal that store in the second storage territory;
Described reservation receiving element A64 specifically comprises (seeing shown in Fig. 6 b): receive subelement A641, be used to receive the judged result of described judging unit A63 and definite result of described determining unit A67;
Carry out subelement A642, be used for receiving the judged result of judging unit A63 for satisfying predetermined conditions at reception subelement A641, and determining unit A67 is when determining that the data frame number of described extraction is greater than or not less than the data frame number of the second storage territory storage, carries out to keep the Frame that receives described reception.
Wherein updating block A65 specifically comprises (seeing shown in Fig. 6 c): first upgrades subelement A651, be used for keeping the current data frame number that has sent of transmitting terminal that the Frame that receives carries, upgrade the current data frame number that has sent of transmitting terminal of the second storage territory storage based on keeping receiving element A64; Second upgrades subelement A652, is used for the current data frame number that has sent based on the second storage territory storage, upgrades the data frame number that first transmitting terminal of storing the territory storage has sent.
Embodiment according to technical solution of the present invention, the present invention provides second kind of data sink implementing this technical scheme here, and shown in Fig. 7 a, this device comprises: receiving element A71, be used for receiving data frames, carry the current data frame number that has sent of transmitting terminal in the described Frame; Extraction unit A72 is used for extracting the current data frame number that has sent that Frame that described receiving element A71 receives carries, and the Frame of described reception is the later Frame of first Frame of this communication; Judging unit A73 is used to judge the difference of the current data frame number that has sent of transmitting terminal that store in the data frame number that extraction unit A72 extracts and the first storage territory whether to be not more than predefined first threshold; Keep receiving element A74, be used for when judging unit A73 judges described difference and is not more than predefined first threshold, keeping the Frame that receives described reception; The first updating block A75 is used for keeping the current data frame number that has sent of transmitting terminal that the Frame that receives carries based on keeping receiving element A74, upgrades the current data frame number that has sent of transmitting terminal of the first storage territory storage.
Also encrypt the data frame number that has sent when carrying transmitting terminal sign off last time in the described Frame, this data sink also comprises: decrypting device A76 is used for decrypting the data frame number that last time, transmitting terminal sent during sign off that Frame that described receiving element A71 receives is encrypted carrying; Determining unit A77, the data frame number that has sent during transmitting terminal sign off last time that is used for determining storing in the data frame number that decrypting device A76 decrypts and the second storage territory, whether this two number satisfies predetermined conditions;
Described reservation receiving element A74 specifically comprises (seeing shown in Fig. 7 b): receive subelement A741, be used to receive the judged result of described judging unit A73 and definite result of described determining unit A77;
Carry out subelement A742, be used for receiving judging unit A73 and judging described difference and be not more than predefined first threshold receiving subelement A741, and determining unit A77 determines the result when satisfying predetermined conditions, carries out to keep the Frame that receives described reception;
Described data sink also comprises: the second updating block A78, be used for when the Frame that keeps receiving element A74 reservation reception is last Frame of this communication, according to the current data frame number that has sent of transmitting terminal of the first storage territory storage, upgrade the data frame number that second transmitting terminal of storing the territory storage has sent.
Accordingly, embodiment according to technical solution of the present invention, the present invention provides first kind of data transmission system implementing this technical scheme here, shown in Fig. 8 a, this system comprises transmitting apparatus 81 and receiving equipment 82, wherein transmitting apparatus 81 comprises: load bearing unit 811, be used for the current data frame number that has sent of the first storage territory storage is carried to Frame to be sent, and the data frame number that last time of the second storage territory storage has sent during sign off encrypted be carried in this Frame to be sent; Transmitting element 812 is used to send described Frame to be sent; First updating block 813 is used to upgrade the current data frame number that has sent that store in the first storage territory; Second updating block 814 is used for when described Frame to be sent is last Frame of this communication, based on the current data frame number that has sent of the first storage territory storage, upgrades the data frame number that has sent that store in the second storage territory; Receiving equipment 82 comprises: receiving element 821, be used for receiving data frames, and carry the current data frame number that has sent of transmitting terminal in the described Frame, and encrypt the data frame number that has sent when carrying transmitting terminal sign off last time; Decrypting device 822 is used to decipher the Frame that described receiving element 821 receives, the data frame number that has sent when obtaining transmitting terminal sign off last time; Judging unit 823, the data frame number that has sent when being used to judge the transmitting terminal sign off of storing in the data frame number that decrypting device 822 deciphering obtain and first storage territory last time, whether this two number satisfies predetermined conditions; Keep receiving element 824, be used in judging unit 823 judged results keeping the Frame of the described reception of reception when satisfying predetermined conditions; Updating block 825, be used for when the Frame that keeps receiving element 824 reservation receptions is last Frame of this communication, the current data frame number that has sent of transmitting terminal that carries in the Frame based on described reservation reception upgrades the data frame number that first transmitting terminal of storing the territory storage has sent.
Described receiving equipment 82 also comprises: extraction unit 826, be used for Frame in described receiving element 821 receptions, and extract the current data frame number that has sent of transmitting terminal; Determining unit 827 is used for determining whether the data frame number that extraction unit 826 extracts is greater than or not less than the current data frame number that has sent of transmitting terminal that store in the second storage territory;
Described reservation receiving element 824 specifically comprises (seeing shown in Fig. 8 b): receive subelement 8241, be used to receive the judged result of described judging unit 823 and definite result of described determining unit 827;
Carry out subelement 8242, be used for receiving the judged result of judging unit 823 for satisfying predetermined conditions at reception subelement 8241, and determining unit 827 is when determining that the data frame number of described extractions is greater than or not less than the data frame number of the second storage territory storage, carries out to keep the Frame that receives described reception.
Embodiment according to technical solution of the present invention, the present invention provides second kind of data transmission system implementing this technical scheme here, as shown in Figure 9, this system comprises transmitting apparatus 91 and receiving equipment 92, wherein transmitting apparatus 91 comprises: first updating block 911 is used to upgrade the current data frame number that has sent that comprises Frame to be sent that store in the first storage territory; Load bearing unit 912, be used for the current data frame number that has sent of the described first storage territory storage is carried to Frame to be sent, and the data frame number that last time of the second storage territory storage has sent during sign off encrypted be carried in this Frame to be sent; Transmitting element 913 is used to send described Frame to be sent; Second updating block 914 is used for when described Frame to be sent is last Frame of this communication, based on the current data frame number that has sent of the first storage territory storage, upgrades the data frame number that has sent that store in the second storage territory; The structure of receiving equipment is consistent in first kind of data transmission system that receiving equipment 92 and the embodiment of the invention propose, and does not repeat them here.
Embodiment according to technical solution of the present invention, the present invention provides the third data transmission system of implementing this technical scheme here, shown in Figure 10 a, this system comprises transmitting apparatus 101 and receiving equipment 102, wherein the structure of transmitting apparatus is consistent in first kind of data transmission system proposing of transmitting apparatus 101 and the embodiment of the invention, does not repeat them here; Receiving equipment 102 comprises: receiving element 1021, be used for receiving data frames, and carry the current data frame number that has sent of transmitting terminal in the described Frame; Extraction unit 1022 is used for extracting the current data frame number that has sent that Frame that described receiving element 1021 receives carries, and the Frame of described reception is the later Frame of first Frame of this communication; Judging unit 1023 is used to judge the difference of the current data frame number that has sent of transmitting terminal that store in the data frame number that extraction unit 1022 extracts and the first storage territory whether to be not more than predefined first threshold; Keep receiving element 1024, be used for when judging unit 1023 is judged described difference and is not more than predefined first threshold, keeping the Frame that receives described reception; First updating block 1025 is used for keeping the current data frame number that has sent of transmitting terminal that the Frame that receives carries based on keeping receiving element 1024, upgrades the current data frame number that has sent of transmitting terminal of the first storage territory storage.
Also encrypt the data frame number that has sent when carrying transmitting terminal sign off last time in the described Frame, described receiving equipment 102 also comprises: decrypting device 1026 is used for decrypting the data frame number that last time, transmitting terminal sent during sign off that Frame that described receiving element 1021 receives is encrypted carrying; Determining unit 1027, the data frame number that has sent during transmitting terminal sign off last time that is used for determining storing in the data frame number that decrypting device 1026 decrypts and the second storage territory, whether this two number satisfies predetermined conditions;
Described reservation receiving element 1024 specifically comprises (seeing shown in Figure 10 b): receive subelement 10241, be used to receive the judged result of described judging unit 1023 and definite result of described determining unit 1027; Carry out subelement 10242, be used for receiving judging unit 1023 and judging described difference and be not more than predefined first threshold receiving subelement 10241, and determining unit 1027 determines that results when satisfying predetermined conditions, carry out the Frame that keeps the described reception of reception;
Described receiving equipment 102 also comprises: second updating block 1028, be used for when the Frame that keeps receiving element 1024 reservation receptions is last Frame of this communication, according to the current data frame number that has sent of transmitting terminal of the first storage territory storage, upgrade the data frame number that second transmitting terminal of storing the territory storage has sent.
Embodiment according to technical solution of the present invention, the present invention provides the 4th kind of data transmission system implementing this technical scheme here, as shown in figure 11, this system comprises transmitting apparatus 111 and receiving equipment 112, wherein the structure of transmitting apparatus is consistent in second kind of data transmission system proposing of transmitting apparatus 111 and the embodiment of the invention, does not repeat them here; The structure of receiving equipment is consistent in the third data transmission system that receiving equipment 112 and the embodiment of the invention propose, and does not repeat them here.
The data receiving-transmitting method that the embodiment of the invention proposes has improved the Replay Attack protection mechanism under the counter mode in the prior art, comprise the value of communication process end last time hour counter in the communication frame, and the value of this counter sends by the ciphertext form.In two Frames that regulation sends in succession to the communication process of one-time continuous, the saltus step of Counter Value will be rejected if the Counter Value saltus step that is comprised in the frame that the assailant sends surpasses prescribed limit in the scope of a definition.Strengthened the assailant and comprised the Frame of big Counter Value, and realized difficulty of attacking by transmission.
The data receiving-transmitting method that the embodiment of the invention proposes; by in transmitting apparatus and receiving equipment, increasing a counter respectively; and by the verification of this Counter Value playback attack protection mechanism is improved, having solved the assailant that exists in the prior art scheme can be by sending the problem that a frame that comprises very big Counter Value causes Denial of Service attack.
The data receiving-transmitting method that the embodiment of the invention proposes is applicable to the security mechanism that adopts counter mode to realize the Replay Attack protection, and based on the communication system of described security mechanism.
Obviously, those skilled in the art can carry out various changes and modification to the present invention and not break away from the spirit and scope of the present invention.Like this, if of the present invention these are revised and modification belongs within the scope of claim of the present invention and equivalent technologies thereof, then the present invention also is intended to comprise these changes and modification interior.
Claims (24)
1, a kind of data transmission method for uplink is characterized in that, comprises step:
The current data frame number that has sent of the first storage territory storage is carried in the Frame to be sent, and the data frame number that last time of the second storage territory storage has sent during sign off encrypted is carried in this Frame to be sent;
Send described Frame to be sent;
Upgrade the current data frame number that has sent of the first storage territory storage;
If last Frame that described Frame to be sent is this communication then based on the current data frame number that has sent of the first storage territory storage, upgrades the data frame number that has sent of the second storage territory storage.
2, a kind of data transmission method for uplink is characterized in that, comprises step:
Upgrade the current data frame number that has sent that comprises Frame to be sent of the first storage territory storage;
The current data frame number that has sent of the described first storage territory storage is carried in the Frame to be sent, and the data frame number that last time of the second storage territory storage has sent during sign off encrypted is carried in this Frame to be sent;
Send described Frame to be sent;
If last Frame that described Frame to be sent is this communication then based on the current data frame number that has sent of the first storage territory storage, upgrades the data frame number that has sent of the second storage territory storage.
3, a kind of data receive method is characterized in that, comprises step:
Receiving data frames carries the current data frame number that has sent of transmitting terminal in the described Frame, and encrypts the data frame number that has sent when carrying transmitting terminal sign off last time;
Decipher the Frame of described reception, the data frame number that has sent when obtaining transmitting terminal sign off last time;
The data frame number that has sent during transmitting terminal sign off last time of the data frame number that obtains in deciphering and the first storage territory storage when satisfying predetermined conditions, keeps the Frame that receives described reception;
When being last Frame of this communication as if the Frame that keeps reception, then the current data frame number that has sent of transmitting terminal that carries in the Frame based on described reservation reception upgrades the data frame number that first transmitting terminal of storing the territory storage has sent.
4, method as claimed in claim 3 is characterized in that, described based on keeping the current data frame number that has sent of transmitting terminal that carries in the Frame that receives, the process of the data frame number that the transmitting terminal of the renewal first storage territory storage has sent specifically comprises:
Based on keeping the current data frame number that has sent of transmitting terminal that carries in the Frame that receives, upgrade the current data frame number that has sent of transmitting terminal of the second storage territory storage;
Based on the current data frame number that has sent of transmitting terminal of the second storage territory storage, upgrade the data frame number that first transmitting terminal of storing the territory storage has sent.
5, as claim 3 or 4 described methods, it is characterized in that, before keeping the Frame that receives described reception, also comprise step:
In the Frame of described reception, extract the current data frame number that has sent of transmitting terminal;
Determine whether the data frame number that extracts is greater than or not less than the current data frame number that has sent of transmitting terminal of the second storage territory storage.
6, as claim 3 or 4 described methods, it is characterized in that, the data frame number that described predetermined conditions has sent when being meant transmitting terminal sign off last time of the data frame number that described deciphering obtains and the first storage territory storage, this two number equates or the difference of this two number is not more than pre-set threshold.
7, a kind of data receive method is characterized in that, comprises step:
Receiving data frames carries the current data frame number that has sent of transmitting terminal in the described Frame;
Extract the data frame number that the current transmitting terminal that carries in the Frame of described reception has sent, the Frame of described reception is the later Frame of first Frame of this communication;
In the difference of the data frame number that extracts, when being not more than predefined first threshold, keep the Frame of the described reception of reception with the current data frame number that has sent of transmitting terminal of the first storage territory storage;
Based on keeping the current data frame number that has sent of transmitting terminal that carries in the Frame that receives, upgrade the current data frame number that has sent of transmitting terminal of the first storage territory storage.
8, method as claimed in claim 7 is characterized in that, also encrypts the data frame number that has sent when carrying transmitting terminal sign off last time in the described Frame,
Described method also comprised step before keeping the Frame that receives described reception:
Decrypt the data frame number that last time, transmitting terminal sent during sign off of encrypting carrying in the Frame of described reception;
Determine the data frame number that the data frame number and second that decrypts has sent when storing transmitting terminal sign off last time of territory storage, whether this two number satisfies predetermined conditions;
Described method also comprises step after keeping the Frame that receives described reception:
When if the Frame that reservation receives is last Frame of this communication,, upgrade the data frame number that second transmitting terminal of storing the territory storage has sent then according to the current data frame number that has sent of transmitting terminal of the first storage territory storage.
9, method as claimed in claim 8, it is characterized in that, described predetermined conditions is meant the data frame number that the transmitting terminal of the data frame number that decrypts and the second storage territory storage has sent, and this two number equates or the difference of this two number is not more than predefined second threshold value.
10, a kind of data sending device is characterized in that, comprising:
Load bearing unit is used for the current data frame number that has sent of the first storage territory storage is carried to Frame to be sent, and the data frame number that last time of the second storage territory storage has sent during sign off encrypted is carried in this Frame to be sent;
Transmitting element is used to send described Frame to be sent;
First updating block is used to upgrade the current data frame number that has sent that store in the first storage territory;
Second updating block is used for when described Frame to be sent is last Frame of this communication, based on the current data frame number that has sent of the first storage territory storage, upgrades the data frame number that has sent that store in the second storage territory.
11, a kind of data sending device is characterized in that, comprising:
First updating block is used to upgrade the current data frame number that has sent that comprises Frame to be sent that store in the first storage territory;
Load bearing unit is used for the current data frame number that has sent of the described first storage territory storage is carried to Frame to be sent, and the data frame number that last time of the second storage territory storage has sent during sign off encrypted is carried in this Frame to be sent;
Transmitting element is used to send described Frame to be sent;
Second updating block is used for when described Frame to be sent is last Frame of this communication, based on the current data frame number that has sent of the first storage territory storage, upgrades the data frame number that has sent that store in the second storage territory.
12, a kind of data sink is characterized in that, comprising:
Receiving element is used for receiving data frames, carries the current data frame number that has sent of transmitting terminal in the described Frame, and encrypts the data frame number that has sent when carrying transmitting terminal sign off last time;
Decrypting device is used to decipher the Frame of described reception, the data frame number that has sent when obtaining transmitting terminal sign off last time;
Judging unit is used to judge the data frame number that has sent when deciphering the data frame number and first that obtains stores transmitting terminal sign off last time of territory storage, and whether this two number satisfies predetermined conditions;
Keep receiving element, be used in judged result keeping the Frame of the described reception of reception when satisfying predetermined conditions;
Updating block, be used for when the Frame that keeps reception is last Frame of this communication, the current data frame number that has sent of transmitting terminal that carries in the Frame based on described reservation reception upgrades the data frame number that first transmitting terminal of storing the territory storage has sent.
13, device as claimed in claim 12 is characterized in that, described updating block specifically comprises:
First upgrades subelement, is used for upgrading the current data frame number that has sent of transmitting terminal of the second storage territory storage based on keeping the current data frame number that has sent of transmitting terminal that the Frame that receives carries;
Second upgrades subelement, is used for the current data frame number that has sent based on the second storage territory storage, upgrades the data frame number that first transmitting terminal of storing the territory storage has sent.
14, as claim 12 or 13 described devices, it is characterized in that, also comprise:
Extraction unit is used for the Frame in described reception, extracts the current data frame number that has sent of transmitting terminal;
Determining unit is used for determining whether the data frame number that extracts is greater than or not less than the current data frame number that has sent of transmitting terminal of the second storage territory storage;
Described reservation receiving element specifically comprises:
Receive subelement, be used to receive the judged result of described judging unit and definite result of described determining unit;
Carry out subelement, be used for receiving the judged result of judging unit for satisfying predetermined conditions at the reception subelement, and determining unit is when determining that the data frame number of described extraction is greater than or not less than the data frame number of the second storage territory storage, carries out to keep the Frame that receives described reception.
15, a kind of receiving system is characterized in that, comprising:
Receiving element is used for receiving data frames, carries the current data frame number that has sent of transmitting terminal in the described Frame;
Extraction unit is used for extracting the current data frame number that has sent that the Frame of described reception carries, and the Frame of described reception is the later Frame of first Frame of this communication;
Judging unit is used to judge the difference of the current data frame number that has sent of transmitting terminal of the data frame number of extraction and the first storage territory storage whether to be not more than predefined first threshold;
Keep receiving element, be used for when judging described difference and be not more than predefined first threshold, keeping the Frame that receives described reception;
First updating block is used for the current data frame number that has sent of transmitting terminal that carries based on the Frame that keep to receive, upgrades the current data frame number that has sent of transmitting terminal of the first storage territory storage.
16, device as claimed in claim 15 is characterized in that, also encrypts the data frame number that has sent when carrying transmitting terminal sign off last time in the described Frame, and described device also comprises:
Decrypting device, the Frame that is used for decrypting described reception are encrypted the data frame number that last time, transmitting terminal sent during sign off of carrying;
Determining unit, the data frame number that has sent when being used to determine transmitting terminal sign off last time of the data frame number that decrypts and the second storage territory storage, whether this two number satisfies predetermined conditions;
Described reservation receiving element specifically comprises:
Receive subelement, be used to receive the judged result of described judging unit and definite result of described determining unit;
Carry out subelement, be used for receiving judgment unit judges and going out described difference and be not more than predefined first threshold receiving subelement, and determining unit determines the result when satisfying predetermined conditions, carry out and keep the Frame that receives described reception;
Described device also comprises:
Second updating block, when the Frame that is used for receiving in reservation is last Frame of this communication, according to the current data frame number that has sent of transmitting terminal of the first storage territory storage, the data frame number that the transmitting terminal that store in the renewal second storage territory has sent.
17, a kind of data transmission system comprises transmitting apparatus and receiving equipment, it is characterized in that, described transmitting apparatus comprises:
Load bearing unit is used for the current data frame number that has sent of the first storage territory storage is carried to Frame to be sent, and the data frame number that last time of the second storage territory storage has sent during sign off encrypted is carried in this Frame to be sent;
Transmitting element is used to send described Frame to be sent;
First updating block is used to upgrade the current data frame number that has sent that store in the first storage territory;
Second updating block is used for when described Frame to be sent is last Frame of this communication, based on the current data frame number that has sent of the first storage territory storage, upgrades the data frame number that has sent that store in the second storage territory;
Described receiving equipment comprises:
Receiving element is used for receiving data frames, carries the current data frame number that has sent of transmitting terminal in the described Frame, and encrypts the data frame number that has sent when carrying transmitting terminal sign off last time;
Decrypting device is used to decipher the Frame of described reception, the data frame number that has sent when obtaining transmitting terminal sign off last time;
Judging unit is used to judge the data frame number that has sent when deciphering the data frame number and first that obtains stores transmitting terminal sign off last time of territory storage, and whether this two number satisfies predetermined conditions;
Keep receiving element, be used in judged result keeping the Frame of the described reception of reception when satisfying predetermined conditions;
Updating block, be used for when the Frame that keeps reception is last Frame of this communication, the current data frame number that has sent of transmitting terminal that carries in the Frame based on described reservation reception upgrades the data frame number that first transmitting terminal of storing the territory storage has sent.
18, system as claimed in claim 17 is characterized in that, described receiving equipment also comprises:
Extraction unit is used for the Frame in described reception, extracts the current data frame number that has sent of transmitting terminal;
Determining unit is used for determining whether the data frame number that extracts is greater than or not less than the current data frame number that has sent of transmitting terminal of the second storage territory storage;
Described reservation receiving element specifically comprises:
Receive subelement, be used to receive the judged result of described judging unit and definite result of described determining unit;
Carry out subelement, be used for receiving the judged result of judging unit for satisfying predetermined conditions at the reception subelement, and determining unit is when determining that the data frame number of described extraction is greater than or not less than the data frame number of the second storage territory storage, carries out to keep the Frame that receives described reception.
19, a kind of data transmission system comprises transmitting apparatus and receiving equipment, it is characterized in that, described transmitting apparatus comprises:
First updating block is used to upgrade the current data frame number that has sent that comprises Frame to be sent that store in the first storage territory;
Load bearing unit is used for the current data frame number that has sent of the described first storage territory storage is carried to Frame to be sent, and the data frame number that last time of the second storage territory storage has sent during sign off encrypted is carried in this Frame to be sent;
Transmitting element is used to send described Frame to be sent;
Second updating block is used for when described Frame to be sent is last Frame of this communication, based on the current data frame number that has sent of the first storage territory storage, upgrades the data frame number that has sent that store in the second storage territory;
Described receiving equipment comprises:
Receiving element is used for receiving data frames, carries the current data frame number that has sent of transmitting terminal in the described Frame, and encrypts the data frame number that has sent when carrying transmitting terminal sign off last time;
Decrypting device is used to decipher the Frame of described reception, the data frame number that has sent when obtaining transmitting terminal sign off last time;
Judging unit is used to judge the data frame number that has sent when deciphering the data frame number and first that obtains stores transmitting terminal sign off last time of territory storage, and whether this two number satisfies predetermined conditions;
Keep receiving element, be used in judged result keeping the Frame of the described reception of reception when satisfying predetermined conditions;
Updating block, be used for when the Frame that keeps reception is last Frame of this communication, the current data frame number that has sent of transmitting terminal that carries in the Frame based on described reservation reception upgrades the data frame number that first transmitting terminal of storing the territory storage has sent.
20, system as claimed in claim 19 is characterized in that, described receiving equipment also comprises:
Extraction unit is used for the Frame in described reception, extracts the current data frame number that has sent of transmitting terminal;
Determining unit is used for determining whether the data frame number that extracts is greater than or not less than the current data frame number that has sent of transmitting terminal of the second storage territory storage;
Described reservation receiving element specifically comprises:
Receive subelement, be used to receive the judged result of described judging unit and definite result of described determining unit;
Carry out subelement, be used for receiving the judged result of judging unit for satisfying predetermined conditions at the reception subelement, and determining unit is when determining that the data frame number of described extraction is greater than or not less than the data frame number of the second storage territory storage, carries out to keep the Frame that receives described reception.
21, a kind of data transmission system comprises transmitting apparatus and receiving equipment, it is characterized in that, described transmitting apparatus comprises:
Load bearing unit is used for the current data frame number that has sent of the first storage territory storage is carried to Frame to be sent, and the data frame number that last time of the second storage territory storage has sent during sign off encrypted is carried in this Frame to be sent;
Transmitting element is used to send described Frame to be sent;
First updating block is used to upgrade the current data frame number that has sent that store in the first storage territory;
Second updating block is used for when described Frame to be sent is last Frame of this communication, based on the current data frame number that has sent of the first storage territory storage, upgrades the data frame number that has sent that store in the second storage territory;
Described receiving equipment comprises:
Receiving element is used for receiving data frames, carries the current data frame number that has sent of transmitting terminal in the described Frame;
Extraction unit is used for extracting the current data frame number that has sent that the Frame of described reception carries, and the Frame of described reception is the later Frame of first Frame of this communication;
Judging unit is used to judge the difference of the current data frame number that has sent of transmitting terminal of the data frame number of extraction and the first storage territory storage whether to be not more than predefined first threshold;
Keep receiving element, be used for when judging described difference and be not more than predefined first threshold, keeping the Frame that receives described reception;
First updating block is used for the current data frame number that has sent of transmitting terminal that carries based on the Frame that keep to receive, upgrades the current data frame number that has sent of transmitting terminal of the first storage territory storage.
22, system as claimed in claim 21 is characterized in that, also encrypts the data frame number that has sent when carrying transmitting terminal sign off last time in the described Frame, and described receiving equipment also comprises:
Decrypting device, the Frame that is used for decrypting described reception are encrypted the data frame number that last time, transmitting terminal sent during sign off of carrying;
Determining unit, the data frame number that has sent when being used to determine transmitting terminal sign off last time of the data frame number that decrypts and the second storage territory storage, whether this two number satisfies predetermined conditions;
Described reservation receiving element specifically comprises:
Receive subelement, be used to receive the judged result of described judging unit and definite result of described determining unit;
Carry out subelement, be used for receiving judgment unit judges and going out described difference and be not more than predefined first threshold receiving subelement, and determining unit determines the result when satisfying predetermined conditions, carry out and keep the Frame that receives described reception;
Described receiving equipment also comprises:
Second updating block, when the Frame that is used for receiving in reservation is last Frame of this communication, according to the current data frame number that has sent of transmitting terminal of the first storage territory storage, the data frame number that the transmitting terminal that store in the renewal second storage territory has sent.
23, a kind of data transmission system comprises transmitting apparatus and receiving equipment, it is characterized in that, described transmitting apparatus comprises:
First updating block is used to upgrade the current data frame number that has sent that comprises Frame to be sent that store in the first storage territory;
Load bearing unit is used for the current data frame number that has sent of the described first storage territory storage is carried to Frame to be sent, and the data frame number that last time of the second storage territory storage has sent during sign off encrypted is carried in this Frame to be sent;
Transmitting element is used to send described Frame to be sent;
Second updating block is used for when described Frame to be sent is last Frame of this communication, based on the current data frame number that has sent of the first storage territory storage, upgrades the data frame number that has sent that store in the second storage territory;
Described receiving equipment comprises:
Receiving element is used for receiving data frames, carries the current data frame number that has sent of transmitting terminal in the described Frame;
Extraction unit is used for extracting the current data frame number that has sent that the Frame of described reception carries, and the Frame of described reception is the later Frame of first Frame of this communication;
Judging unit is used to judge the difference of the current data frame number that has sent of transmitting terminal of the data frame number of extraction and the first storage territory storage whether to be not more than predefined first threshold;
Keep receiving element, be used for when judging described difference and be not more than predefined first threshold, keeping the Frame that receives described reception;
First updating block is used for the current data frame number that has sent of transmitting terminal that carries based on the Frame that keep to receive, upgrades the current data frame number that has sent of transmitting terminal of the first storage territory storage.
24, system as claimed in claim 23 is characterized in that, also encrypts the data frame number that has sent when carrying transmitting terminal sign off last time in the described Frame, and described receiving equipment also comprises:
Decrypting device, the Frame that is used for decrypting described reception are encrypted the data frame number that last time, transmitting terminal sent during sign off of carrying;
Determining unit, the data frame number that has sent when being used to determine transmitting terminal sign off last time of the data frame number that decrypts and the second storage territory storage, whether this two number satisfies predetermined conditions;
Described reservation receiving element specifically comprises:
Receive subelement, be used to receive the judged result of described judging unit and the result of determination of described determining unit;
Carry out subelement, be used for receiving judgment unit judges and going out described difference and be not more than predefined first threshold receiving subelement, and determining unit determines the result when satisfying predetermined conditions, carry out and keep the Frame that receives described reception;
Described receiving equipment also comprises:
Second updating block, when the Frame that is used for receiving in reservation is last Frame of this communication, according to the current data frame number that has sent of transmitting terminal of the first storage territory storage, the data frame number that the transmitting terminal that store in the renewal second storage territory has sent.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2007101883488A CN101442401B (en) | 2007-11-19 | 2007-11-19 | Method and apparatus for sending and receiving data, and data transmission system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2007101883488A CN101442401B (en) | 2007-11-19 | 2007-11-19 | Method and apparatus for sending and receiving data, and data transmission system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101442401A true CN101442401A (en) | 2009-05-27 |
| CN101442401B CN101442401B (en) | 2012-01-04 |
Family
ID=40726662
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2007101883488A Expired - Fee Related CN101442401B (en) | 2007-11-19 | 2007-11-19 | Method and apparatus for sending and receiving data, and data transmission system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101442401B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102694652A (en) * | 2012-01-13 | 2012-09-26 | 武传坤 | Method for realizing lightweight authenticated encryption by using symmetric cryptographic algorithm |
| CN103581900A (en) * | 2012-08-01 | 2014-02-12 | 中国移动通信集团公司 | Communication safety control method and device, first mobile terminal and mobile health device |
| CN109445328A (en) * | 2018-10-22 | 2019-03-08 | 北京广利核系统工程有限公司 | Nuclear power plant instrument control system prevents Replay Attack method and apparatus |
| CN109600364A (en) * | 2018-12-04 | 2019-04-09 | 东软集团股份有限公司 | A kind of method, apparatus that realizing information authentication and storage equipment, program product |
| CN113326056A (en) * | 2021-06-28 | 2021-08-31 | 上海致景信息科技有限公司 | Data processing method, data processing device, storage medium and processor |
-
2007
- 2007-11-19 CN CN2007101883488A patent/CN101442401B/en not_active Expired - Fee Related
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102694652A (en) * | 2012-01-13 | 2012-09-26 | 武传坤 | Method for realizing lightweight authenticated encryption by using symmetric cryptographic algorithm |
| CN102694652B (en) * | 2012-01-13 | 2016-09-21 | 武传坤 | A kind of method using symmetric cryptographic algorithm to realize light-weight authentication encryption |
| CN103581900A (en) * | 2012-08-01 | 2014-02-12 | 中国移动通信集团公司 | Communication safety control method and device, first mobile terminal and mobile health device |
| CN103581900B (en) * | 2012-08-01 | 2016-12-21 | 中国移动通信集团公司 | Communication safety control method, device, the first mobile terminal and mobile healthy equipment |
| CN109445328A (en) * | 2018-10-22 | 2019-03-08 | 北京广利核系统工程有限公司 | Nuclear power plant instrument control system prevents Replay Attack method and apparatus |
| CN109445328B (en) * | 2018-10-22 | 2021-07-16 | 北京广利核系统工程有限公司 | Method and device for preventing replay attack of instrument control system of nuclear power station |
| CN109600364A (en) * | 2018-12-04 | 2019-04-09 | 东软集团股份有限公司 | A kind of method, apparatus that realizing information authentication and storage equipment, program product |
| CN109600364B (en) * | 2018-12-04 | 2021-06-08 | 东软集团股份有限公司 | Method, device and computer readable storage medium for realizing message verification |
| CN113326056A (en) * | 2021-06-28 | 2021-08-31 | 上海致景信息科技有限公司 | Data processing method, data processing device, storage medium and processor |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101442401B (en) | 2012-01-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10070311B2 (en) | Method and apparatus for transmitting vehicle accident information based on interaction between devices and method and vehicle accident information collection apparatus | |
| EP3460503B1 (en) | Secure wireless ranging | |
| CN101442401B (en) | Method and apparatus for sending and receiving data, and data transmission system | |
| EP3151462A1 (en) | Transmission device, reception device, transmission method, and reception method | |
| CN103441983A (en) | Information protection method and device based on link layer discovery protocol | |
| US20150212206A1 (en) | Automatic dependent surveillance data protection method for air traffic management, and system for the same | |
| CN107465649A (en) | Control method of electronic device, terminal and control system | |
| JP2016092716A (en) | Key management communication device and key distribution method | |
| CN110602055A (en) | Long connection authentication method, device, server and storage medium | |
| US10491570B2 (en) | Method for transmitting data, method for receiving data, corresponding devices and programs | |
| CN105812338B (en) | Data access control method and network management equipment | |
| CN104601578A (en) | Recognition method and device for attack message and core device | |
| CN101198014A (en) | Method for preventing smart card sharing CA | |
| EP2099241A1 (en) | Method for improving the security in gsm networks | |
| CN110830421A (en) | Data transmission method and device | |
| CN108737086A (en) | System and method for reducing network safety event using intelligent password management | |
| CN106201925B (en) | A kind of decryption method of western number hard disk | |
| CN113411397A (en) | Data secure transmission method and system based on Internet of things | |
| CN107969004A (en) | Networked system, networking method | |
| CN105224834A (en) | The system and method for access control based roles in mobile network | |
| CN106647318A (en) | Method and system for user authority automatic adjusting based on environment state in smart home | |
| CN107948331B (en) | Big data information processing method and system and information collection equipment | |
| CN105471870B (en) | A kind of key security update and the system and method used | |
| CN113285956B (en) | Controller area network bus encryption method, device, equipment and medium | |
| EP3070629B1 (en) | Method and device to protect a decrypted media content before transmission to a consumption device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20120104 Termination date: 20151119 |
|
| EXPY | Termination of patent right or utility model |