CN104702450A - Validity detection method, validity detection device and validity detection system - Google Patents
Validity detection method, validity detection device and validity detection system Download PDFInfo
- Publication number
- CN104702450A CN104702450A CN201310648521.3A CN201310648521A CN104702450A CN 104702450 A CN104702450 A CN 104702450A CN 201310648521 A CN201310648521 A CN 201310648521A CN 104702450 A CN104702450 A CN 104702450A
- Authority
- CN
- China
- Prior art keywords
- data
- secret value
- key
- preset
- sending terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Abstract
The invention discloses a validity detection method, a validity detection device and a validity detection system, and belongs to the field of communication. The method comprises the steps of receiving unencrypted data and a first encryption value sent by a data sending end, wherein the first encryption value is generated by the data sending end by encrypting the unencrypted data with a first preset key; encrypting the unencrypted data with a second preset key to generate a second encryption value; detecting whether the first encryption value and the second encryption value are the same; and determining that the data sending end is a valid data source if the detection result shows that the first encryption value and the second encryption value are the same. According to a method in which the IP addresses of both parties are verified, the security cannot be guaranteed as the IP address can be easily forged, and the validity of a data source can be verified only after the other party is notified if the IP address of one end is changed, which results in the increase of the running cost. By adopting the method of the invention, the problem is solved. The complexity of verification is reduced, the running cost is reduced, and the accuracy of validity detection of data sources is improved.
Description
Technical field
The present invention relates to the communications field, particularly a kind of legitimacy detection method, Apparatus and system.
Background technology
Along with developing rapidly of the communication technology, the data volume of transmission strengthens day by day, and the legitimacy problem of Data Source also becomes increasingly conspicuous.For the legitimacy in protected data source, need to give legitimate verification to the data in transmission.Legitimate verification is the confidentiality of protected data, makes assailant can not understand the original implication of data intercepted and captured on the transmit path, cannot utilize these data.
In order to improve the legitimacy of Data Source, there is multiple methods and measures.Usually carried out the legitimacy in protected data source by this mode of IP address of verification msg transmitting terminal and data receiver both sides, only have the correct user of IP address validation to be only validated user.
Realizing in process of the present invention, inventor finds that prior art at least exists following problem: by the method for verification msg transmitting terminal and data receiver both sides IP address, because IP address is easily forged, fail safe cannot be protected, if the IP address of data sending terminal or data receiver there occurs change, then must notify the other side, just can carry out the legitimate verification of Data Source, cause the raising of operating cost.
Summary of the invention
In order to solve the method by verification msg transmitting terminal and data receiver both sides IP address, because IP address is easily forged, fail safe cannot be protected, if the IP address of data sending terminal or data receiver there occurs change, then the other side must be notified, just can carry out the legitimate verification of Data Source, cause the problem of the raising of operating cost, embodiments provide a kind of legitimacy detection method, Apparatus and system.Described technical scheme is as follows:
First aspect, provides a kind of legitimacy detection method, and for data receiver, described method comprises:
Receive clear data and first secret value of data sending terminal transmission, described first secret value is that described data sending terminal uses the first preset-key to be encrypted generation to described clear data;
The second preset-key is used to be encrypted generation second secret value to described clear data;
Detect described first secret value whether identical with described second secret value;
If it is identical with described second secret value that testing result is described first secret value, then determine that described data sending terminal is legal Data Source.
Second aspect, provides a kind of legitimacy detection method, and for data sending terminal, described method comprises:
The first preset-key is used to be encrypted generation first secret value to clear data;
Described clear data and described first secret value are sent to data receiver, so that described data receiver uses the second preset-key to be encrypted generation second secret value to described clear data; Detect described first secret value whether identical with described second secret value; If it is identical with described second secret value that testing result is described first secret value, then determine that described data sending terminal is legal Data Source.
The third aspect, provides a kind of legitimacy checkout gear, and for data receiver, described device comprises:
First receiver module, for receiving clear data and first secret value of data sending terminal transmission, described first secret value is that described data sending terminal uses the first preset-key to be encrypted generation to described clear data;
First encrypting module, is encrypted generation second secret value for using the second preset-key to described clear data;
Whether first detection module is identical with described second secret value for detecting described first secret value;
First determination module, if be that described first secret value is identical with described second secret value for testing result, then determines that described data sending terminal is legal Data Source.
Fourth aspect, provides a kind of legitimacy checkout gear, and for data sending terminal, described device comprises:
3rd encrypting module, is encrypted generation first secret value for using the first preset-key to clear data;
Second sending module, for described clear data and described first secret value are sent to data receiver, so that described data receiver uses the second preset-key to be encrypted generation second secret value to described clear data; Detect described first secret value whether identical with described second secret value; If it is identical with described second secret value that testing result is described first secret value, then determine that described data sending terminal is legal Data Source.
5th aspect, provide a kind of legitimacy detection system, described legitimacy detection system comprises at least one data receiver and at least one data sending terminal, and at least one data receiver described is connected by wired or wireless network with at least one data sending terminal described;
Described data receiver comprises the legitimacy checkout gear as the third aspect provides;
Described data sending terminal comprises the legitimacy checkout gear as fourth aspect provides.
The beneficial effect that the technical scheme that the embodiment of the present invention provides is brought is:
By receiving clear data and first secret value of data sending terminal transmission, the first secret value is that data sending terminal uses the first preset-key to be encrypted generation to clear data; The second preset-key is used to be encrypted generation second secret value to clear data; Detect the first secret value whether identical with the second secret value; If it is identical with the second secret value that testing result is the first secret value, then determine that data sending terminal is legal Data Source; Solve the method by verification msg transmitting terminal and data receiver both sides IP address, because IP address is easily forged, fail safe cannot be protected, if the IP address of data sending terminal or data receiver there occurs change, then the other side must be notified, just can carry out the legitimate verification of Data Source, cause the problem of the raising of operating cost; Reach and reduce checking complexity, reduce operating cost, the effect of the accuracy that the legitimacy improving Data Source detects.
Accompanying drawing explanation
In order to be illustrated more clearly in the technical scheme in the embodiment of the present invention, below the accompanying drawing used required in describing embodiment is briefly described, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.
Fig. 1 is the structural representation of a kind of implementation environment involved by legitimacy detection method that the embodiment of the present invention provides;
Fig. 2 is the method flow diagram of the legitimacy detection method that one embodiment of the invention provides;
Fig. 3 is the method flow diagram of the legitimacy detection method that another embodiment of the present invention provides;
Fig. 4 A is the method flow diagram of the legitimacy detection method that another embodiment of the present invention provides;
Fig. 4 B is the schematic diagram of the specific embodiment that another embodiment of the present invention provides;
Fig. 5 is the structural representation of the legitimacy checkout gear that one embodiment of the invention provides;
Fig. 6 is the structural representation of the legitimacy checkout gear that another embodiment of the present invention provides;
Fig. 7 is the structural representation of the legitimacy detection system that one embodiment of the invention provides.
Embodiment
For making the object, technical solutions and advantages of the present invention clearly, below in conjunction with accompanying drawing, embodiment of the present invention is described further in detail.
Please refer to Fig. 1, it illustrates the structural representation of a kind of implementation environment involved by legitimacy detection method that each embodiment of the present invention provides.This implementation environment comprises at least one data sending terminal 120 and data receiver 140.
Data sending terminal 120 and data receiver 140 can be smart mobile phone, panel computer, E-book reader, pocket computer on knee, desktop computer and server etc.
Data sending terminal 120 can be connected by wired or wireless network with data receiver 140.
Please refer to Fig. 2, it illustrates the method flow diagram of the legitimacy detection method that one embodiment of the invention provides.The present embodiment illustrates in being mainly applied to as shown in Figure 1 data receiver with this legitimacy detection method.This legitimacy detection method, comprising:
Step 202, receive clear data and first secret value of data sending terminal transmission, the first secret value is that data sending terminal uses the first preset-key to be encrypted generation to clear data;
Step 204, uses the second preset-key to be encrypted generation second secret value to clear data;
Step 206, detects the first secret value whether identical with the second secret value;
Step 208, if to be the first secret value identical with the second secret value for testing result, then determines that data sending terminal is legal Data Source.
In sum, the legitimacy detection method that the present embodiment provides, by receiving clear data and first secret value of data sending terminal transmission, the first secret value is that data sending terminal uses the first preset-key to be encrypted generation to clear data; The second preset-key is used to be encrypted generation second secret value to clear data; Detect the first secret value whether identical with the second secret value; If it is identical with the second secret value that testing result is the first secret value, then determine that data sending terminal is legal Data Source; Solve the method by verification msg transmitting terminal and data receiver both sides IP address, because IP address is easily forged, fail safe cannot be protected, if the IP address of data sending terminal and data receiver there occurs change, then the other side must be notified, just can carry out the legitimate verification of Data Source, cause the problem of the raising of operating cost; Reach and reduce checking complexity, reduce operating cost, the effect of the accuracy that the legitimacy improving Data Source detects.
Please refer to Fig. 3, it illustrates the method flow diagram of the legitimacy detection method that another embodiment of the present invention provides.The present embodiment illustrates in being mainly applied to as shown in Figure 1 data sending terminal with this legitimacy detection method.This legitimacy detection method, comprising:
Step 302, uses the first preset-key to be encrypted generation first secret value to clear data;
Step 304, sends to data receiver by clear data and the first secret value, so that data receiver uses the second preset-key to be encrypted generation second secret value to clear data; Detect the first secret value whether identical with the second secret value; If it is identical with the second secret value that testing result is the first secret value, then determine that data sending terminal is legal Data Source.
In sum, the legitimacy detection method that the present embodiment provides, is encrypted generation first secret value by using the first preset-key to clear data; Clear data and the first secret value are sent to data receiver, so that data receiver uses the second preset-key to be encrypted generation second secret value to clear data; Detect the first secret value whether identical with the second secret value; If it is identical with the second secret value that testing result is the first secret value, then determine that data sending terminal is legal Data Source; Solve the method by verification msg transmitting terminal and data receiver both sides IP address, because IP address is easily forged, fail safe cannot be protected, if the IP address of data sending terminal and data receiver there occurs change, then the other side must be notified, just can carry out the legitimate verification of Data Source, cause the problem of the raising of operating cost; Reach and reduce checking complexity, reduce operating cost, the effect of the accuracy that the legitimacy improving Data Source detects.
Please refer to Fig. 4, it illustrates the method flow diagram of the legitimacy detection method that another embodiment of the present invention provides.The present embodiment illustrates in being mainly applied to as shown in Figure 1 implementation environment with this legitimacy detection method.This legitimacy detection method, comprising:
Step 401, data receiver sends cipher key acquisition request to book server;
Book server receives the cipher key acquisition request that data receiver sends, and arranges the first preset-key to data receiver.
Step 402, data sending terminal receives the first preset-key that book server is arranged;
First preset-key arranges after book server receives the cipher key acquisition request of data receiver transmission.
Step 403, data sending terminal, when successfully arranging the first preset-key, feeds back to book server and successfully arranges response;
Data sending terminal, when successfully arranging the first preset-key, feeds back to book server and successfully arranges response; Data sending terminal unsuccessful first preset-key is set time, to book server feeding back unsuccessful, response is set, trigger book server reset the first preset-key.
After book server receives and successfully arranges response, to the second preset-key that data receiver feedback is corresponding with the first preset-key.Generally, the first preset-key is identical with the second preset-key.
Step 404, data receiver receives the second preset-key of book server feedback;
Second preset-key, after book server receives cipher key acquisition request, arranges the first preset-key to data sending terminal, and feed back after the success receiving data sending terminal transmission arranges response.
It should be added that, if data sending terminal and data receiver are all be legal Data Source, so the first preset-key and the second preset-key should be the same.If data sending terminal and data receiver one of them or two is not legal Data Source, so data sending terminal or data receiver cannot obtain the first preset-key or the second preset-key.
Step 405, data sending terminal generates the first random value;
Owing to needing the textual data sent to be identical sometimes, in order to avoid generating identical secret value.Data sending terminal can generate the first random value.First random value is random generation, for ensureing the uniqueness of clear data in all clear datas.
Step 406, textual data and the first random value are generated as clear data by data sending terminal;
Data sending terminal is directly connected needing the textual data sent with the first random value, or generates clear data after being connected by unique identifier.Due to the existence of the first random value, clear data can have uniqueness in all clear datas.Also namely, even if use the first identical preset-key to be encrypted the clear data that identical textual data generates, because each random the first random value produced is different, so clear data also can be different, and therefore generated secret value is also different.
Step 407, data sending terminal generates the second random value;
As preferred embodiment, to realize two-way legitimate verification, data sending terminal can also generate the second random value.Second random value is also random generation.
Step 408, data sending terminal uses the first preset-key to be encrypted generation first secret value to clear data;
Specifically, data sending terminal uses the first preset-key to be encrypted generation first secret value to clear data by the cipher mode preset.
The cipher mode of this step is as follows: the first secret value=encryption method (the first preset-key, clear data).Wherein, clear data comprises textual data and the first random value.
Step 409, clear data and the first secret value are sent to data receiver by data sending terminal;
Specifically, clear data and the first secret value can be sent to data receiver by data sending terminal.To realize two-way legitimate verification, data sending terminal also can will comprise the Packet Generation of clear data, the first secret value and the second random value to data receiver.
Step 410, data receiver receives clear data and first secret value of data sending terminal transmission;
First secret value is that data sending terminal uses the first preset-key to be encrypted generation to clear data.
If what in step 409, data sending terminal sent is the packet comprising clear data, the first secret value and the second random value, what so data receiver received is clear data, the first secret value and the second random value.
Step 411, data receiver uses the second preset-key to be encrypted generation second secret value to clear data;
Data receiver uses the second preset-key to be encrypted generation second secret value to clear data.Specifically, following sub-step is comprised:
1, data receiver resolution data bag obtains textual data wherein and the first random value;
2, the textual data in clear data and the first random value use the second preset-key to be encrypted generation second secret value by data receiver.
First random value is for ensureing the uniqueness of clear data in all clear datas.
Data receiver generates the mode of the second secret value and data sending terminal, and to generate the mode of the first secret value similar, just repeats no more at this.
Step 412, whether data receiver detects the first secret value identical with the second secret value;
Step 413, if to be the first secret value identical with the second secret value for testing result, then data receiver determination data sending terminal is legal Data Source.
Specifically, if to be the first secret value identical with the second secret value for testing result, then data receiver determination data sending terminal is legal Data Source, and this data receiver can the data that send of usage data transmitting terminal;
If it is not identical with the second secret value that testing result is the first secret value, then data receiver determination data sending terminal is illegal Data Source, then data receiver cannot usage data transmitting terminal send data.
Whether above-mentioned steps demonstrates data sending terminal is legal Data Source, and in order to the legitimacy that further verification msg is originated, can also carry out two-way legitimate verification, the step of two-way legitimate verification is as follows:
Step 414, data receiver uses the second preset-key to be encrypted generation the 3rd secret value to the second random value;
When determining that data sending terminal is legal Data Source, data receiver uses the second preset-key to be encrypted generation the 3rd secret value to the second random value by the cipher mode preset.
The cipher mode of this step is as follows: three secret value=encryption method (the second preset-key, the second random value); This cipher mode is the same with the cipher mode generating the second secret value.
Step 415, the 3rd secret value is sent to data sending terminal by data receiver;
Step 416, data sending terminal receives the 3rd secret value that data receiver sends;
3rd secret value is that data receiver uses the second preset-key to obtain the second random value encryption.
Step 417, data sending terminal uses the first preset-key to obtain the 4th secret value to the second random value encryption;
The mode that the mode of data sending terminal generation the 4th secret value and data receiver generate the 3rd secret value is similar, just repeats no more at this.
Step 418, whether data sending terminal detects the 3rd secret value identical with the 4th secret value;
4th secret value is that use first preset-key obtains the second random value encryption.
Step 419, if to be the 3rd secret value identical with the 4th secret value for testing result, then data sending terminal determination data receiver is legal Data Source.
When data sending terminal determination data receiver is legal Data Source, then can continue to send data to this data receiver.
If it is not identical with the 4th secret value that testing result is the 3rd secret value, then data sending terminal can determine that data receiver is illegal Data Source, can stop sending data to this data receiver.
It should be added that, not the execution sequence of considered critical above-mentioned steps, have different execution sequences in various embodiments, be determined on a case-by-case basis.Such as, the sequence of steps that data sending terminal generates the first random value and the second random value can be put upside down mutually or carries out simultaneously.Again such as, the second random value and the first secret value can be sent to data receiver by data sending terminal simultaneously, also the second random value can be sent to data receiver separately; Corresponding, data receiver receives the second random value that data sending terminal sends.As long as the second random value was sent to data receiver by data sending terminal before data receiver generates the 3rd secret value, the execution sequence therefore for this step does not do considered critical.
In sum, the legitimacy detection method that the present embodiment provides, by receiving clear data and first secret value of data sending terminal transmission, the first secret value is that data sending terminal uses the first preset-key to be encrypted generation to clear data; The second preset-key is used to be encrypted generation second secret value to clear data; Detect the first secret value whether identical with the second secret value; If it is identical with the second secret value that testing result is the first secret value, then determine that data sending terminal is legal Data Source; Solve the method by verification msg transmitting terminal and data receiver both sides IP address, because IP address is easily forged, fail safe cannot be protected, if the IP address of data sending terminal or data receiver there occurs change, then the other side must be notified, just can carry out the legitimate verification of Data Source, cause the problem of the raising of operating cost; Reach and reduce checking complexity, reduce operating cost, the effect of the accuracy that the legitimacy improving Data Source detects.
It should be added that, the present embodiment uses the second preset-key to be encrypted generation the 3rd secret value to the second random value by data receiver, and the 3rd secret value is sent to data sending terminal; Data sending terminal receives the 3rd secret value that data receiver sends; Data sending terminal uses the first preset-key to obtain the 4th secret value to the second random value encryption, and whether detect the 3rd secret value identical with the 4th secret value; Determine whether data receiver is legal Data Source; Whether reach can two-way detection data sending terminal and data receiver be all legal Data Source, can determine that whether Data Source is legal more accurately, if not legal Data Source, then can stop sending data, improve the effect of the fail safe of transfer of data.
In a specific embodiment, as Fig. 4 B, in a transfer of data scene, tentation data transmitting terminal is message subscribing platform 402, data receiver is third-party application 404, book server is access examination & verification platform 406, and the textual data needing transmission is microblog data, can be detected the legitimacy of Data Source by legitimacy detection method as shown in Figure 4 A.Also namely:
Third-party application 404 sends cipher key acquisition request to access examination & verification platform 406, access examination & verification platform 406 generates key according to this request, message subscribing platform 402 receives the first preset-key that access examination & verification platform 406 is arranged, and after successfully arranging the first preset-key, feed back to access examination & verification platform 406 and successfully response is set; Access examination & verification platform 406 feeds back second preset-key corresponding with the first preset-key to third-party application 404 after receiving and successfully arranging response, and third-party application 404 receives the second preset-key that access examination & verification platform 406 feeds back.
Message subscribing platform 402 uses the first preset-key to be encrypted generation first secret value to clear data, clear data comprises microblog data and the first random value, first random value is random generation, for ensureing the uniqueness of clear data in all clear datas, in other words, even if random the first random value produced can ensure that using the first identical preset-key to be encrypted identical microblog data also can not produce the first identical secret value.The concrete mode of encryption is as follows:
First secret value=encryption method (the first preset-key, clear data); Wherein, clear data comprises microblog data and the first random value.
Message subscribing platform 402 comprises the Packet Generation of this first secret value to third-party application 404 by one, this packet comprises the first secret value, microblog data, the first random value and the second random value.
Third-party application 404 receives this packet, and resolves this packet and therefrom obtain the first secret value, microblog data, the first random value and the second random value; Utilize and generate the same cipher mode of the first secret value with message subscribing platform 402, use the second preset-key to be encrypted generation second secret value to the clear data comprising microblog data and the first random value.
Whether third-party application 404 detects the second secret value generated identical with the first secret value received;
If it is identical with the second secret value that testing result is the first secret value, then third-party application 404 determines that data sending terminal is legal Data Source, then third-party application 404 can read this microblog data;
In order to verify the legitimacy that this quantity is originated further, third-party application 404 and message subscribing platform 402 also can carry out bi-directional verification, specific as follows:
Third-party application 404 uses the second preset-key to be encrypted generation the 3rd secret value to the second random value;
Concrete cipher mode is as follows: three secret value=encryption method (the second preset-key, the second random value);
Because the second random value is the same with the first random value, be also random generation, therefore, it is possible to ensure the uniqueness of the second random value.
The feedback packet comprising the 3rd secret value is sent to message subscribing platform 402 by third-party application 404, also comprises the second random value in feedback packet.
Message subscribing platform 402 uses the first preset-key to be encrypted generation the 4th secret value to the second random value, the 4th secret value generating mode and the 3rd secret value generating mode similar, just repeat no more at this.
Whether message subscribing platform 402 detects the 4th secret value generated identical with the 3rd secret value received;
If it is identical with the 4th secret value that testing result is the 3rd secret value, then message subscribing platform 402 determines that data receiver is legal Data Source, then message subscribing platform 402 can continue to send data to third-party application 404;
If it is not identical with the 4th secret value that testing result is the 3rd secret value, then message subscribing platform 402 determines that data receiver is not legal Data Source, then message subscribing platform 402 can stop sending data to third-party application 404.
Be below device embodiment of the present invention, for the details of wherein not detailed description, can with reference to the embodiment of the method for above-mentioned correspondence.
Please refer to Fig. 5, it illustrates the structural representation of the legitimacy checkout gear that one embodiment of the invention provides.This legitimacy checkout gear can realize becoming all or part of of data receiver by software, hardware or both combinations.This legitimacy checkout gear can comprise: the first receiver module 520, first encrypting module 540, first detection module 560 and the first determination module 580;
First receiver module 520, for receiving clear data and first secret value of data sending terminal transmission, the first secret value is that data sending terminal uses the first preset-key to be encrypted generation to clear data;
First encrypting module 540, is encrypted generation second secret value for using the second preset-key to clear data;
Whether first detection module 560 is identical for detecting the second secret value that the first secret value that the first receiver module 520 receives and the first encrypting module 540 obtain;
First determination module 580, if the testing result detected for first detection module 560 is that the first secret value is identical with the second secret value, then determines that data sending terminal is legal Data Source.
In sum, the legitimacy checkout gear that the present embodiment provides, by receiving clear data and first secret value of data sending terminal transmission, the first secret value is that data sending terminal uses the first preset-key to be encrypted generation to clear data; The second preset-key is used to be encrypted generation second secret value to clear data; Detect the first secret value whether identical with the second secret value; If it is identical with the second secret value that testing result is the first secret value, then determine that data sending terminal is legal Data Source; Solve the method by verification msg transmitting terminal and data receiver both sides IP address, because IP address is easily forged, fail safe cannot be protected, if the IP address of data sending terminal or data receiver there occurs change, then the other side must be notified, just can carry out the legitimate verification of Data Source, cause the problem of the raising of operating cost; Reach and reduce checking complexity, reduce operating cost, the effect of the accuracy that the legitimacy improving Data Source detects.
Please refer to Fig. 6, it illustrates the structural representation of the legitimacy checkout gear that another embodiment of the present invention provides.This legitimacy checkout gear can realize becoming all or part of of data sending terminal by software, hardware or both combinations.This legitimacy checkout gear can comprise: the 3rd encrypting module 620 and the second sending module 640;
3rd encrypting module 620, is encrypted generation first secret value for using the first preset-key to clear data;
Second sending module 640, sends to data receiver for the first secret value clear data and the 3rd encrypting module 620 obtained.
So that data receiver uses the second preset-key to be encrypted generation second secret value to clear data; Detect the first secret value whether identical with the second secret value; If it is identical with the second secret value that testing result is the first secret value, then determine that data sending terminal is legal Data Source.
In sum, the legitimacy checkout gear that the present embodiment provides, is encrypted generation first secret value by using the first preset-key to clear data; Clear data and the first secret value are sent to data receiver, so that data receiver uses the second preset-key to be encrypted generation second secret value to clear data; Detect the first secret value whether identical with the second secret value; If it is identical with the second secret value that testing result is the first secret value, then determine that data sending terminal is legal Data Source; Solve the method by verification msg transmitting terminal and data receiver both sides IP address, because IP address is easily forged, fail safe cannot be protected, if the IP address of data sending terminal or data receiver there occurs change, then the other side must be notified, just can carry out the legitimate verification of Data Source, cause the problem of the raising of operating cost; Reach and reduce checking complexity, reduce operating cost, the effect of the accuracy that the legitimacy improving Data Source detects.
Please refer to Fig. 7, it illustrates the structural representation of the legitimacy detection system that another embodiment of the present invention provides.This legitimacy detection system comprises data receiver 72 and data sending terminal 74.
Described data receiver 72 comprises: the first receiver module 702, first encrypting module 704, first detection module 706 and the first determination module 708;
First receiver module 702, for receiving clear data and first secret value of data sending terminal transmission, the first secret value is that data sending terminal uses the first preset-key to be encrypted generation to clear data;
First encrypting module 704, is encrypted generation second secret value for using the second preset-key to clear data;
Whether first detection module 706 is identical for detecting the second secret value that the first secret value that the first receiver module 702 receives and the first encrypting module 704 obtain;
First determination module 708, if the testing result detected for first detection module 706 is that the first secret value is identical with the second secret value, then determines that data sending terminal is legal Data Source.
Preferably, the first encrypting module 704, for using the second preset-key to be encrypted generation second secret value the textual data in clear data and the first random value, the first random value is for ensureing the uniqueness of clear data in all clear datas.
Preferably, this data receiver 72, also comprises:
Random value receiver module 703, for receiving the second random value that data sending terminal sends;
Second encrypting module 705, is encrypted generation the 3rd secret value for using the second preset-key to the second random value that random value receiver module 703 receives;
First sending module 707, the 3rd secret value for being generated by the second encrypting module 705 sends to data sending terminal, so that whether data sending terminal detects the 3rd secret value identical with the 4th secret value, the 4th secret value is that data sending terminal uses the first preset-key to obtain the second random value encryption; If it is identical with the 4th secret value that testing result is the 3rd secret value, then determine that data receiver is legal Data Source.
Preferably, this data receiver 72, also comprises:
Key request module 709, for sending cipher key acquisition request to book server;
Feedback receive module 710, for receiving the second preset-key of book server feedback, the second preset-key, after book server receives cipher key acquisition request, arranges the first preset-key to data sending terminal; And feed back after the success receiving data sending terminal transmission arranges response.
Described data sending terminal 74 comprises: the 3rd encrypting module 720 and the second sending module 722;
3rd encrypting module 720, is encrypted generation first secret value for using the first preset-key to clear data;
Second sending module 722, sends to data receiver for the first secret value clear data and the 3rd encrypting module 720 generated, so that data receiver uses the second preset-key to be encrypted generation second secret value to clear data; Detect the first secret value whether identical with the second secret value; If it is identical with the second secret value that testing result is the first secret value, then determine that data sending terminal is legal Data Source.
Preferably, this data sending terminal 74, also comprises:
First generation module 721, for generating the first random value, the first random value is for ensureing the uniqueness of clear data in all clear datas;
Data generation module 723, is generated as clear data for the first random value textual data and the first generation module 721 generated.
Preferably, this data sending terminal 74, also comprises:
Second generation module 724, for generating the second random value;
Random value sending module 725, sends to data receiver for the second random value generated by the second generation module 724;
Second receiver module 726, for receiving the 3rd secret value that data receiver sends, the 3rd secret value is that data receiver uses the second preset-key to obtain the second random value encryption;
Second detection module 727, whether identical with the 4th secret value for detecting the 3rd secret value that the second receiver module 726 receives, the 4th secret value is that use first preset-key obtains the second random value encryption;
Second determination module 728, if the testing result detected for the second detection module 727 is that the 3rd secret value is identical with the 4th secret value, then determines that data receiver is legal Data Source.
Preferably, this data sending terminal 74, also comprises:
Key reception module 729, for receiving the first preset-key that book server is arranged, the first preset-key arranges after book server receives the cipher key acquisition request of data receiver transmission;
Responsive feedback module 730, for when successfully arranging the first preset-key, feeding back to book server and successfully arranging response, so that after book server receives and successfully arrange response, to the second preset-key that data receiver feedback is corresponding with the first preset-key.
In sum, the legitimacy detection system that the present embodiment provides, by receiving clear data and first secret value of data sending terminal transmission, the first secret value is that data sending terminal uses the first preset-key to be encrypted generation to clear data; The second preset-key is used to be encrypted generation second secret value to clear data; Detect the first secret value whether identical with the second secret value; If it is identical with the second secret value that testing result is the first secret value, then determine that data sending terminal is legal Data Source; Solve the method by verification msg transmitting terminal and data receiver both sides IP address, because IP address is easily forged, fail safe cannot be protected, if the IP address of data sending terminal or data receiver there occurs change, then the other side must be notified, just can carry out the legitimate verification of Data Source, cause the problem of the raising of operating cost; Reach and reduce checking complexity, reduce operating cost, the effect of the accuracy that the legitimacy improving Data Source detects.
It should be added that, the present embodiment uses the second preset-key to be encrypted generation the 3rd secret value to the second random value by data receiver, and the 3rd secret value is sent to data sending terminal; Data sending terminal receives the 3rd secret value that data receiver sends; Data sending terminal uses the first preset-key to obtain the 4th secret value to the second random value encryption, and whether detect the 3rd secret value identical with the 4th secret value; Determine whether data receiver is legal Data Source; Whether reach can two-way detection data sending terminal and data receiver be all legal Data Source, can determine that whether Data Source is legal more accurately, if not legal Data Source, then can stop sending data, improve the effect of the fail safe of transfer of data.
The invention described above embodiment sequence number, just to describing, does not represent the quality of embodiment.
One of ordinary skill in the art will appreciate that all or part of step realizing above-described embodiment can have been come by hardware, the hardware that also can carry out instruction relevant by program completes, described program can be stored in a kind of computer-readable recording medium, the above-mentioned storage medium mentioned can be read-only memory, disk or CD etc.
The foregoing is only preferred embodiment of the present invention, not in order to limit the present invention, within the spirit and principles in the present invention all, any amendment done, equivalent replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (17)
1. a legitimacy detection method, is characterized in that, for data receiver, described method comprises:
Receive clear data and first secret value of data sending terminal transmission, described first secret value is that described data sending terminal uses the first preset-key to be encrypted generation to described clear data;
The second preset-key is used to be encrypted generation second secret value to described clear data;
Detect described first secret value whether identical with described second secret value;
If it is identical with described second secret value that testing result is described first secret value, then determine that described data sending terminal is legal Data Source.
2. method according to claim 1, is characterized in that, described use second preset-key is encrypted generation second secret value to described clear data, comprising:
Use described second preset-key to be encrypted generation second secret value the textual data in described clear data and the first random value, described first random value is for ensureing the uniqueness of described clear data in all clear datas.
3. method according to claim 1, is characterized in that, described method, also comprises:
Receive the second random value that described data sending terminal sends;
Described second preset-key is used to be encrypted generation the 3rd secret value to described second random value;
Described 3rd secret value is sent to described data sending terminal, so that whether described data sending terminal detects described 3rd secret value identical with the 4th secret value, described 4th secret value is that described data sending terminal uses described first preset-key to obtain described second random value encryption; If it is identical with described 4th secret value that testing result is described 3rd secret value, then determine that described data receiver is legal Data Source.
4., according to the arbitrary described method of claims 1 to 3, it is characterized in that, described use second preset-key also comprises before being encrypted generation second secret value to described clear data:
Cipher key acquisition request is sent to book server;
Receive described second preset-key of described book server feedback, described second preset-key is after described book server receives described cipher key acquisition request, arranges described first preset-key to described data sending terminal; And feed back after the success receiving the transmission of described data sending terminal arranges response.
5. a legitimacy detection method, is characterized in that, for data sending terminal, described method comprises:
The first preset-key is used to be encrypted generation first secret value to clear data;
Described clear data and described first secret value are sent to data receiver, so that described data receiver uses the second preset-key to be encrypted generation second secret value to described clear data; Detect described first secret value whether identical with described second secret value; If it is identical with described second secret value that testing result is described first secret value, then determine that described data sending terminal is legal Data Source.
6. method according to claim 5, is characterized in that, described use first preset-key also comprises before being encrypted generation first secret value to clear data:
Generate the first random value, described first random value is for ensureing the uniqueness of described clear data in all clear datas;
Textual data and described first random value are generated as described clear data.
7. method according to claim 5, is characterized in that, described method, also comprises:
Generate the second random value;
Described second random value is sent to described data receiver;
Receive the 3rd secret value that described data receiver sends, described 3rd secret value is that described data receiver uses described second preset-key to obtain described second random value encryption;
Detect described 3rd secret value whether identical with the 4th secret value, described 4th secret value uses described first preset-key to obtain described second random value encryption;
If it is identical with described 4th secret value that testing result is described 3rd secret value, then determine that described data receiver is legal Data Source.
8., according to the arbitrary described method of claim 5 to 7, it is characterized in that, described use first preset-key also comprises before being encrypted generation first secret value to clear data:
Receive described first preset-key that book server is arranged, described first preset-key arranges after described book server receives the cipher key acquisition request of described data receiver transmission;
When successfully arranging described first preset-key, feed back to described book server and successfully response is set, so that described book server receive described successfully response is set after, to described second preset-key that described data receiver feedback is corresponding with described first preset-key.
9. a legitimacy checkout gear, is characterized in that, for data receiver, described device comprises:
First receiver module, for receiving clear data and first secret value of data sending terminal transmission, described first secret value is that described data sending terminal uses the first preset-key to be encrypted generation to described clear data;
First encrypting module, is encrypted generation second secret value for using the second preset-key to described clear data;
Whether first detection module is identical with described second secret value for detecting described first secret value;
First determination module, if be that described first secret value is identical with described second secret value for testing result, then determines that described data sending terminal is legal Data Source.
10. device according to claim 9, is characterized in that, described first encrypting module,
For using described second preset-key to be encrypted generation second secret value the textual data in described clear data and the first random value, described first random value is for ensureing the uniqueness of described clear data in all clear datas.
11. devices according to claim 9, is characterized in that, described device, also comprises:
Random value receiver module, for receiving the second random value that described data sending terminal sends;
Second encrypting module, is encrypted generation the 3rd secret value for using described second preset-key to described second random value;
First sending module, for described 3rd secret value is sent to described data sending terminal, so that whether described data sending terminal detects described 3rd secret value identical with the 4th secret value, described 4th secret value is that described data sending terminal uses described first preset-key to obtain described second random value encryption; If it is identical with described 4th secret value that testing result is described 3rd secret value, then determine that described data receiver is legal Data Source.
12. according to the arbitrary described device of claim 9 to 11, and it is characterized in that, described device, also comprises:
Key request module, for sending cipher key acquisition request to book server;
Feedback receive module, for receiving described second preset-key of described book server feedback, described second preset-key is after described book server receives described cipher key acquisition request, arranges described first preset-key to described data sending terminal; And feed back after the success receiving the transmission of described data sending terminal arranges response.
13. 1 kinds of legitimacy checkout gears, is characterized in that, for data sending terminal, described device comprises:
3rd encrypting module, is encrypted generation first secret value for using the first preset-key to clear data;
Second sending module, for described clear data and described first secret value are sent to data receiver, so that described data receiver uses the second preset-key to be encrypted generation second secret value to described clear data; Detect described first secret value whether identical with described second secret value; If it is identical with described second secret value that testing result is described first secret value, then determine that described data sending terminal is legal Data Source.
14. devices according to claim 13, is characterized in that, described device, also comprises:
First generation module, for generating the first random value, described first random value is for ensureing the uniqueness of described clear data in all clear datas;
Data generation module, for being generated as described clear data by textual data and described first random value.
15. devices according to claim 13, is characterized in that, described device, also comprises:
Second generation module, for generating the second random value;
Random value sending module, for sending to described data receiver by described second random value;
Second receiver module, for receiving the 3rd secret value that described data receiver sends, described 3rd secret value is that described data receiver uses described second preset-key to obtain described second random value encryption;
Second detection module, whether identical with the 4th secret value for detecting described 3rd secret value, described 4th secret value uses described first preset-key to obtain described second random value encryption;
Second determination module, if be that described 3rd secret value is identical with described 4th secret value for testing result, then determines that described data receiver is legal Data Source.
16. according to claim 13 to 15 arbitrary described devices, and it is characterized in that, described device, also comprises:
Key reception module, for receiving described first preset-key that book server is arranged, described first preset-key arranges after described book server receives the cipher key acquisition request of described data receiver transmission;
Responsive feedback module, for when successfully arranging described first preset-key, feed back to described book server and successfully response is set, so that described book server receive described successfully response is set after, to described second preset-key that described data receiver feedback is corresponding with described first preset-key.
17. 1 kinds of legitimacy detection systems, it is characterized in that, described legitimacy detection system comprises at least one data receiver and at least one data sending terminal, and at least one data receiver described is connected by wired or wireless network with at least one data sending terminal described;
Described data receiver comprise as arbitrary in claim 9 to 12 as described in legitimacy checkout gear;
Described data sending terminal comprise as arbitrary in claim 13 to 16 as described in legitimacy checkout gear.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310648521.3A CN104702450A (en) | 2013-12-04 | 2013-12-04 | Validity detection method, validity detection device and validity detection system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310648521.3A CN104702450A (en) | 2013-12-04 | 2013-12-04 | Validity detection method, validity detection device and validity detection system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104702450A true CN104702450A (en) | 2015-06-10 |
Family
ID=53349242
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310648521.3A Pending CN104702450A (en) | 2013-12-04 | 2013-12-04 | Validity detection method, validity detection device and validity detection system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104702450A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108282451A (en) * | 2017-01-20 | 2018-07-13 | 广州市动景计算机科技有限公司 | Hijacking data judgment method, device and user terminal |
| CN108282452A (en) * | 2017-01-20 | 2018-07-13 | 广州市动景计算机科技有限公司 | Data processing method, device, server and user terminal |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101005359A (en) * | 2006-01-18 | 2007-07-25 | 华为技术有限公司 | Method and device for realizing safety communication between terminal devices |
| WO2007121587A1 (en) * | 2006-04-25 | 2007-11-01 | Stephen Laurence Boren | Dynamic distributed key system and method for identity management, authentication servers, data security and preventing man-in-the-middle attacks |
| CN101282211A (en) * | 2008-05-09 | 2008-10-08 | 西安西电捷通无线网络通信有限公司 | Method for distributing key |
| CN101286840A (en) * | 2008-05-29 | 2008-10-15 | 西安西电捷通无线网络通信有限公司 | Key distributing method and system using public key cryptographic technique |
| CN102638468A (en) * | 2012-04-12 | 2012-08-15 | 华为技术有限公司 | Method, sending end, receiving end and system for protecting information transmission safety |
-
2013
- 2013-12-04 CN CN201310648521.3A patent/CN104702450A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101005359A (en) * | 2006-01-18 | 2007-07-25 | 华为技术有限公司 | Method and device for realizing safety communication between terminal devices |
| WO2007121587A1 (en) * | 2006-04-25 | 2007-11-01 | Stephen Laurence Boren | Dynamic distributed key system and method for identity management, authentication servers, data security and preventing man-in-the-middle attacks |
| CN101282211A (en) * | 2008-05-09 | 2008-10-08 | 西安西电捷通无线网络通信有限公司 | Method for distributing key |
| CN101286840A (en) * | 2008-05-29 | 2008-10-15 | 西安西电捷通无线网络通信有限公司 | Key distributing method and system using public key cryptographic technique |
| CN102638468A (en) * | 2012-04-12 | 2012-08-15 | 华为技术有限公司 | Method, sending end, receiving end and system for protecting information transmission safety |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108282451A (en) * | 2017-01-20 | 2018-07-13 | 广州市动景计算机科技有限公司 | Hijacking data judgment method, device and user terminal |
| CN108282452A (en) * | 2017-01-20 | 2018-07-13 | 广州市动景计算机科技有限公司 | Data processing method, device, server and user terminal |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104184713B (en) | Terminal identification method, machine identifier register method and corresponding system, equipment | |
| KR20180029695A (en) | System and method for transmitting data using block-chain | |
| CN104869175A (en) | Cross-platform account resource sharing implementation method, device and system | |
| CN102811228A (en) | Network business login method, equipment and system | |
| CN107454558B (en) | Method for achieving Bluetooth automatic connection of master device and slave device through shared information | |
| CN102142961A (en) | Method, device and system for authenticating gateway, node and server | |
| CN105262748A (en) | Wide area network user terminal identity authentication method and system | |
| CN105554760A (en) | Wireless access point authentication method, device and system | |
| CN103888938A (en) | PKI private key protection method of dynamically generated key based on parameters | |
| CN104735065A (en) | Data processing method, electronic device and server | |
| US10880079B2 (en) | Private key generation method and system, and device | |
| CN102868702B (en) | System login device and system login method | |
| CN105447715A (en) | Method and apparatus for anti-theft electronic coupon sweeping by cooperating with third party | |
| CN104917807A (en) | Resource transfer method, apparatus and system | |
| US9374350B2 (en) | Authenticating method of communicating connection, gateway apparatus using authenticating method, and communication system using authenticating method | |
| CN106685644B (en) | Communication encryption method and device, gateway, server, intelligent terminal and system | |
| CN104954126A (en) | Sensitive operation verification method, device and system | |
| CN108024243A (en) | A kind of eSIM is caught in Network Communication method and its system | |
| CN103678993B (en) | A kind of method and apparatus that terminal is controlled | |
| CN103795807A (en) | Task data processing method, device and system based on P2P network | |
| CN104935435A (en) | Login methods, terminal and application server | |
| CN104219626B (en) | A kind of identity authentication method and device | |
| CN104243452B (en) | A kind of cloud computing access control method and system | |
| CN105450400A (en) | Identity verification method, client, server side, and system | |
| CN105187369A (en) | Data access method and data access device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20150610 |