CN104994078A - Information sending method, information acquisition method, information sending device, information acquisition device, and information processing system in local area network - Google Patents

Information sending method, information acquisition method, information sending device, information acquisition device, and information processing system in local area network Download PDF

Info

Publication number
CN104994078A
CN104994078A CN201510315893.3A CN201510315893A CN104994078A CN 104994078 A CN104994078 A CN 104994078A CN 201510315893 A CN201510315893 A CN 201510315893A CN 104994078 A CN104994078 A CN 104994078A
Authority
CN
China
Prior art keywords
information
message
encryption
encrypted
authorization information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201510315893.3A
Other languages
Chinese (zh)
Other versions
CN104994078B (en
Inventor
罗育华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Hikvision Digital Technology Co Ltd
Original Assignee
Hangzhou Hikvision Digital Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Hikvision Digital Technology Co Ltd filed Critical Hangzhou Hikvision Digital Technology Co Ltd
Priority to CN201510315893.3A priority Critical patent/CN104994078B/en
Publication of CN104994078A publication Critical patent/CN104994078A/en
Application granted granted Critical
Publication of CN104994078B publication Critical patent/CN104994078B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Small-Scale Networks (AREA)

Abstract

The invention discloses an information sending method, an information acquisition method, an information sending device, an information acquisition device, and an information processing system in a local area network. The information sending method comprises the following steps: receiving a search request message from a client; encrypting key information corresponding to the search request message in response to the search request message, wherein the key information includes at least one of identity information, using state information and running state information; and returning a search response message to the client, wherein the search response message carries the encrypted key information. According to the technical scheme provided by the invention, the security of information transmission in a local area network and the flexibility of local area network equipment management are improved.

Description

Information transmission in local area network (LAN), acquisition methods and device, information processing system
Technical field
The present invention relates to field of video monitoring, in particular to the information transmission in a kind of local area network (LAN), acquisition methods and device, information processing system.
Background technology
At present, in correlation technique in field of video monitoring, following operating process is usually adopted to find lan device.This flow process can comprise following treatment step usually:
The agreement that step one, client can be supported according to lan device self in the specific network segment sends multicast message in local area network (LAN);
Step 2, be in lan device in this specific network segment after receiving above-mentioned multicast message, multicast can be utilized to client feedback response message, wherein, the key message such as flow information of the identification information (such as: medium education (MAC) address) of each lan device, the utilization rate of central processing unit (CPU), hard disk utilization rate, memory usage, network interface can be carried in this response message;
Step 3, client are after receiving the response message that the lan device that is positioned at the specific network segment returns, and that can feed back according to each lan device carries out statistics with each self-corresponding key message and show.
But in above-mentioned whole operating process, particularly in above-mentioned steps two, the response message that each lan device returns is not normally through encryption.And due to the complexity of multicast environment, the information without encryption is easy to be stolen, even can be subjected to attack.
Moreover, the above-mentioned multiple operating procedure proposed in correlation technique only can realize the function of the lan device found in the specific network segment, but but cannot modify to the parameter attribute of part or all of lan device wherein, and the communication protocol self can to support for each lan device disunity, thus cannot realize compatible.
Summary of the invention
Embodiments provide the information transmission in a kind of local area network (LAN), acquisition methods and device, information processing system, cause the fail safe of information transmission problem that is poor, that easily cause lan device security information to reveal at least to solve in correlation technique not to be encrypted the information transferring to client from lan device.
According to an aspect of the present invention, the method for sending information in a kind of local area network (LAN) is provided.
Comprise according to the method for sending information in the local area network (LAN) of the embodiment of the present invention: receive the search request message coming from client; Response search request message, is encrypted the key message corresponding with self, wherein, key message comprise following one of at least: identification information, using state information, running state information; Return search response message to client, wherein, in search response message, carry the key message through encryption.
Preferably, be encrypted comprise key message: Extraction parts information from key message, and adopt the first cipher mode to be encrypted partial information, generating messages is made a summary; The second cipher mode is adopted to be encrypted key message as initial key eap-message digest; Adopt pre-arranged code mode, by the key message after the second cipher mode encryption, be encoded into character string forms, and be encapsulated in search response message.
Preferably, after returning search response message to client, also comprise: receive the amendment command request coming from client, wherein, in amendment command request, carry amendment indication information and the authorization information through encryption; Authorization information through encryption is resolved; Determine whether to modify according to the corresponding informance of amendment indication information to local current setting according to analysis result.
Preferably, carry out parsing to the authorization information through encryption to comprise: adopt the decoding process preset the authorization information through encryption transmitted according to character string forms to be decoded into the encrypted result of byte code form; Adopt the first manner of decryption to be decrypted process to encrypted result, generating messages is made a summary; The second manner of decryption is adopted to decrypt authorization information from eap-message digest.
Preferably, according to analysis result determine whether according to the amendment corresponding informance of indication information to local current setting modify comprise one of following: when resolving unsuccessfully, the corresponding informance of the local current setting of continuation maintenance is constant; In successfully resolved and when determining that the authorization information parsed is reused, continue to keep the corresponding informance of local current setting constant; Determine that the authorization information parsed is when using first in successfully resolved, to modify according to the corresponding informance of amendment indication information to local current setting.
According to a further aspect in the invention, the information getting method in a kind of local area network (LAN) is provided.
Comprise according to the information getting method in the local area network (LAN) of the embodiment of the present invention: send search request message to lan device; Receive the search response message corresponding with search request message that lan device returns, wherein, carry the key message through encryption in search response message, key message comprise following one of at least: identification information, using state information, running state information.
Preferably, after the search response message that reception lan device returns, also comprise: judge the key message whether carried in search response message through encryption; If so, then first adopt default decoding process that the authorization information through encryption transmitted according to character string forms is decoded into the encrypted result of byte code form; Adopt the first manner of decryption to be decrypted process to encrypted result again, generating messages is made a summary; Then the second manner of decryption is adopted from eap-message digest, to decrypt key message and show key message; If not, then the Noncoded Information carried in search response message is shown.
Preferably, after the search response message that reception lan device returns, also comprise: support encryption mode according to key message determination lan device; Treat the authorization information being sent to lan device to be encrypted; Send amendment command request to lan device, wherein, in amendment command request, carry amendment indication information and the authorization information through encryption.
Preferably, treat the authorization information being sent to lan device and be encrypted and comprise: adopt the first cipher mode to be encrypted authorization information, generating messages is made a summary; Jointly the second cipher mode is adopted to be encrypted authorization information as initial key eap-message digest and random number; Adopt pre-arranged code mode, by the authorization information after the second cipher mode encryption, be encoded into character string forms.
According to another aspect of the invention, the information transmitting apparatus in a kind of local area network (LAN) is provided.
Comprise according to the information transmitting apparatus in the local area network (LAN) of the embodiment of the present invention: the first receiver module, for receiving the search request message coming from client; Processing module, for responding search request message, is encrypted the key message corresponding with self, wherein, key message comprise following one of at least: identification information, using state information, running state information; Feedback module, for returning search response message to client, wherein, carries the key message through encryption in search response message.
Preferably, processing module comprises: the first ciphering unit, for Extraction parts information from key message, and adopts the first cipher mode to be encrypted partial information, and generating messages is made a summary; Second ciphering unit, for adopting the second cipher mode to be encrypted key message as initial key eap-message digest; Coding unit, for adopting pre-arranged code mode, by the key message after the second cipher mode encryption, being encoded into character string forms, and being encapsulated in search response message.
Preferably, said apparatus also comprises: the second receiver module, for receiving the amendment command request coming from client, wherein, carries amendment indication information and the authorization information through encryption in amendment command request; Parsing module, for resolving the authorization information through encryption; Executive Module, modifies according to the corresponding informance of amendment indication information to local current setting for determining whether according to analysis result.
Preferably, parsing module comprises: decoding unit, for adopting default decoding process, the authorization information through encryption transmitted according to character string forms is decoded into the encrypted result of byte code form; First decryption unit, for adopting the first manner of decryption to be decrypted process to encrypted result, generating messages is made a summary; Second decryption unit, decrypts authorization information for adopting the second manner of decryption from eap-message digest.
Preferably, Executive Module, for when resolving unsuccessfully, continues to keep the corresponding informance of local current setting constant; Or, in successfully resolved and when determining that the authorization information parsed is reused, continue to keep the corresponding informance of local current setting constant; Or, determine that the authorization information parsed is when using first in successfully resolved, to modify according to the corresponding informance of amendment indication information to local current setting.
In accordance with a further aspect of the present invention, the information acquisition device in a kind of local area network (LAN) is provided.
Comprise according to the information acquisition device in the local area network (LAN) of the embodiment of the present invention: the first sending module, for sending search request message to lan device; Acquisition module, for receiving the search response message corresponding with search request message that lan device returns, wherein, in search response message, carry the key message through encryption, key message comprise following one of at least: identification information, using state information, running state information.
Preferably, said apparatus also comprises: judge module, for judging the key message whether carried in search response message through encryption; First processing module, for when judge module exports as being, then first adopts default decoding process that the authorization information through encryption transmitted according to character string forms is decoded into the encrypted result of byte code form; Adopt the first manner of decryption to be decrypted process to encrypted result again, generating messages is made a summary; Then the second manner of decryption is adopted from eap-message digest, to decrypt key message and show key message; Second processing module, for exporting as time no at judge module, then shows the Noncoded Information carried in search response message.
Preferably, said apparatus also comprises: determination module, for supporting encryption mode according to key message determination lan device; Encrypting module, is encrypted for treating the authorization information being sent to lan device; Second sending module, for sending amendment command request to lan device, wherein, carries amendment indication information and the authorization information through encryption in amendment command request.
Preferably, encrypting module comprises: the first ciphering unit, and for adopting the first cipher mode to be encrypted authorization information, generating messages is made a summary; Second ciphering unit, for jointly adopting the second cipher mode to be encrypted authorization information as initial key eap-message digest and random number; Coding unit, for adopting pre-arranged code mode, by the authorization information after the second cipher mode encryption, is encoded into character string forms.
In accordance with a further aspect of the present invention, the information processing system in a kind of local area network (LAN) is provided.
Comprise according to the information processing system in the local area network (LAN) of the embodiment of the present invention: the information acquisition device in the information transmitting apparatus in above-mentioned local area network (LAN) and above-mentioned local area network (LAN).
By the embodiment of the present invention, adopt the search request message receiving and come from client; Response search request message, is encrypted the key message corresponding with self, wherein, key message comprise following one of at least: identification information, using state information, running state information; Search response message is returned to client, wherein, the key message through encryption is carried in search response message, solve in correlation technique not to be encrypted the information transferring to client from lan device and cause the fail safe of information transmission problem that is poor, that easily cause lan device security information to reveal, and then improve the flexibility that the fail safe of local area network (LAN) internal information transmission and local area network equipment carries out managing.
Accompanying drawing explanation
Accompanying drawing described herein is used to provide a further understanding of the present invention, and form a application's part, schematic description and description of the present invention, for explaining the present invention, does not form inappropriate limitation of the present invention.In the accompanying drawings:
Fig. 1 is the flow chart according to the method for sending information in the local area network (LAN) of the embodiment of the present invention;
Fig. 2 is that lan device finds the structural representation of system according to the preferred embodiment of the invention;
Fig. 3 is the flow chart according to the information getting method in the local area network (LAN) of the embodiment of the present invention;
Fig. 4 is the flow chart of lan device discovery procedure according to the preferred embodiment of the invention;
Fig. 5 is the flow chart that client local area network equipment returns according to the preferred embodiment of the invention response message carries out processing;
Fig. 6 is the flow chart of the information amendment of lan device according to the preferred embodiment of the invention;
Fig. 7 is the structured flowchart according to the information transmitting apparatus in the local area network (LAN) of the embodiment of the present invention;
Fig. 8 is the structured flowchart of the information transmitting apparatus according to the preferred embodiment of the invention in local area network (LAN);
Fig. 9 is the structured flowchart according to the information acquisition device in the local area network (LAN) of the embodiment of the present invention;
Figure 10 is the structured flowchart of the information acquisition device according to the preferred embodiment of the invention in local area network (LAN);
Figure 11 is the structured flowchart according to the information processing system in the local area network (LAN) of the embodiment of the present invention.
Embodiment
Hereinafter also describe the present invention in detail with reference to accompanying drawing in conjunction with the embodiments.It should be noted that, when not conflicting, the embodiment in the application and the feature in embodiment can combine mutually.
In the following description, except as otherwise noted, the symbol otherwise with reference to the action performed by one or more computer and operation represents each embodiment describing the application.Wherein, computer comprises the various products such as personal computer, server, mobile terminal, employs the equipment that central processing unit (CPU), single-chip microcomputer, digital signal processor (DSP) etc. have a process chip and all can be called computer.Thus, be appreciated that processing unit that this kind of action performed sometimes referred to as computer and operation comprise computer is to the manipulation of the signal of telecommunication representing data with structured form.It is safeguarded in this manipulation transforms data or the position in the accumulator system of computer, and this reshuffles or changes the operation of computer in the mode that those skilled in the art understands.The data structure of service data is the physical location of the memory of the particular community that the form with data defines.But although describe the present invention in above-mentioned context, it does not also mean that restrictive, as understood by those skilled in the art, hereinafter described action and each side of operation also can realize with hardware.
Turn to accompanying drawing, wherein identical reference number refers to identical element, and the principle of the application is shown in a suitable computing environment and realizes.Below describe the embodiment based on described the application, and should not think about the alternative embodiment clearly do not described herein and limit the application.
Following examples can be applied in computer, such as: be applied in personal computer (PC).Also can be applied in the mobile terminal that have employed at present in intelligent operating system, and be not limited to this.Operating system for computer or mobile terminal does not have particular/special requirement, as long as can detect contact, determine whether this contact is consistent with pre-defined rule, and realizes corresponding function according to the attribute of this contact.
Fig. 1 is the flow chart according to the method for sending information in the local area network (LAN) of the embodiment of the present invention.As shown in Figure 1, the method can comprise following treatment step:
Step S102: receive the search request message coming from client;
Step S104: response search request message, is encrypted the key message corresponding with self, wherein, key message comprise following one of at least: identification information, using state information, running state information;
Step S106: return search response message to client, wherein, carries the key message through encryption in search response message.
In correlation technique not to the information transferring to client from lan device be encrypted cause the fail safe of information transmission poor, easily cause lan device security information to reveal.Adopt method as shown in Figure 1, by lan device after the search request message sent client responds, first the key message corresponding with self is encrypted, and then be encapsulated in search response message, and be not directly carried in search response message without encryption.
Identification information in above-mentioned key message can include but not limited to following one of at least: product ID, Product Validation code, medium education (MAC) address, Internet protocol (IP) address;
Using state information in above-mentioned key message can include but not limited to following one of at least: the utilization rate of CPU, hard disk utilization rate, memory usage;
Running state information in above-mentioned key message can include but not limited to following one of at least: whether normally work or data traffic that is abnormal, the network port occurs.
In a preferred embodiment, Fig. 2 is that lan device finds the structural representation of system according to the preferred embodiment of the invention.As shown in Figure 2, lan device that the embodiment of the present invention provides finds that system can include but not limited to: client and one or more lan device, and multiple lan device can the network equipment of identical type also can be both the dissimilar network equipment.Client and one or more lan device can they be connected in Same Physical local area network (LAN), under the physical LAN herein mentioned refers to that above-mentioned client and above-mentioned one or more lan device are all connected to same switch.
In the preferred embodiment, above-mentioned lan device can comprise following polytype equipment:
(1) digital hard disc video recorder (Digital Video Recorder, referred to as DVR) be a set of computer system of carrying out image stores processor, its have image and/or voice recorded a video for a long time, record, the function of telemonitoring and control;
(2) network video server (Digital Video Server, referred to as DVS), be also called digital video code, it is the specialized network transmission equipment of a kind of compression, process audio, video data, video compression or decompressing function are mainly provided, effectively can complete collection or the recovery of view data;
(3) web camera (IP Camera, referred to as IPC), it can pass through digital network transmission audio frequency and/or video source, so be different from traditional analog video camera;
(4) network ball machine (IP Dome, referred to as IPD), is the web camera with cradle head control;
(5) network hard disk video recorder (Network Video Recorder, referred to as NVR), it by the digital video bit stream of network reception IPC device transmission, and can store digital video bit stream and manages.
Preferably, in step S104, key message is encrypted and can comprises following operation:
Step S1: Extraction parts information from key message, and adopt the first cipher mode to be encrypted partial information, generating messages is made a summary;
Step S2: adopt the second cipher mode to be encrypted key message as initial key eap-message digest;
Step S3: adopt pre-arranged code mode, by the key message after the second cipher mode encryption, be encoded into character string forms, and be encapsulated in search response message.
Each lan device can comprise following much information usually: production firm, date of manufacture, production address, production model, MAC Address, IP address, produce sequence number, Product Validation code etc., wherein, for production firm, date of manufacture, production address, this kind of information of production model can be divided into the information without the need to directly can be passed to client in local area network (LAN) through encryption, but, for MAC Address, IP address, produce sequence number, this category information of Product Validation code then needs to consider to transmit in local area network (LAN) the need of through encryption.
In a preferred embodiment, client can first adopt the identifying code of the first cipher mode (such as: md5 encryption algorithm) local area network equipment or sequence number to carry out md5 encryption process; And then adopt the second cipher mode using encrypting the eap-message digest obtained as key, such as: Advanced Encryption Standard (Advanced Encryption Standard, referred to as AES, it is follow-on cryptographic algorithm standard, its feature is: speed is fast, level of security is high, and is symmetrical cryptographic algorithm) carry out symmetric cryptography process; Finally convert the syllabified code obtained by encryption to character string by pre-arranged code mode (such as: base64 encodes) again, be sent in local area network (LAN) with multicast form.
Preferably, in step S106, after client returns search response message, can also comprise the following steps:
Step S4: receive the amendment command request coming from client, wherein, carries amendment indication information and the authorization information through encryption in amendment command request;
Step S5: the authorization information through encryption is resolved;
Step S6: determine whether to modify according to the corresponding informance of amendment indication information to local current setting according to analysis result.
In a preferred embodiment, client may need the one or more information of local area network equipment (such as: the network port of IP address, reception/transmission data) to modify, so client needs to send amendment command request message to certain lan device searched, wherein, amendment indication information and the authorization information of this lan device is carried in this information amendment order.And the lan device receiving amendment command request message needs to resolve authorization information, if authorization information is in advance through the encryption of client, so lan device also needs to be decrypted authorization information, and then determines whether to carry out parameter modification according to amendment indication information according to the authorization information finally obtained.
Preferably, in step s 5, parsing is carried out to the authorization information through encryption and can comprise following operation:
Step S51: adopt the decoding process preset the authorization information through encryption transmitted according to character string forms to be decoded into the encrypted result of byte code form;
Step S52: adopt the first manner of decryption to be decrypted process to encrypted result, generating messages is made a summary;
Step S53: adopt the second manner of decryption to decrypt authorization information from eap-message digest.
In a preferred embodiment, lan device needs first to adopt default decoding process (such as: base64 decodes) that character string is reduced into syllabified code, secondly adopt the first manner of decryption (such as: AES decipherment algorithm) to decrypt eap-message digest from encrypted content, and then adopt the second manner of decryption (such as: MD5 decipherment algorithm) to decrypt authorization information from eap-message digest.
Preferably, in step s 6, determine whether to modify according to the corresponding informance of amendment indication information to local current setting can comprise with one of under type according to analysis result:
Mode one, when resolving unsuccessfully, continue to keep the corresponding informance of local current setting constant;
Mode two, in successfully resolved and when determining that the authorization information parsed is reused, continue to keep the corresponding informance of local current setting constant;
Mode three, determine that the authorization information parsed is when using first in successfully resolved, to modify according to the corresponding informance of amendment indication information to local current setting.
In a preferred embodiment, in the process that lan device is resolved authorization information, resolve unsuccessfully if authorization information occurs that mistake causes, then directly return the information that amendment is failed; If authorization information successfully resolved, then also need to continue to judge whether this authorization information is reused, if for use first, then can carry out the amendment of corresponding information, the result of amendment can adopt the mode of multicast to feed back to client; If for reusing, then refuse to modify to corresponding information, and return the failed information of amendment.
Fig. 3 is the flow chart according to the information getting method in the local area network (LAN) of the embodiment of the present invention.As shown in Figure 3, the method can comprise following treatment step:
Step S302: send search request message to lan device;
Step S304: receive the search response message corresponding with search request message that lan device returns, wherein, carry the key message through encryption in search response message, key message comprise following one of at least: identification information, using state information, running state information.
Preferably, in step S304, after the search response message that reception lan device returns, following operation can also be comprised:
Step S7: judge the key message whether carried in search response message through encryption;
Step S8: if then first adopt default decoding process that the authorization information through encryption transmitted according to character string forms is decoded into the encrypted result of byte code form; Adopt the first manner of decryption to be decrypted process to encrypted result again, generating messages is made a summary; Then the second manner of decryption is adopted from eap-message digest, to decrypt key message and show key message;
Step S9: if not, then show the Noncoded Information carried in search response message.
In a preferred embodiment, client is after receiving the response message that lan device returns, first the key message confirming whether to exist in the response message received through encryption is needed, for this reason, need to resolve response message, wherein, to the information without the need to encryption of carrying in response message (such as: the production firm of lan device, the production address of lan device, the type of lan device, the model etc. of lan device) directly show, then the key message relevant with lan device can be parsed by the decrypting process reverse to the encryption process that lan device adopts for the key message through encryption, and then shown.
Preferably, in step S304, after the search response message that reception lan device returns, can also comprise the following steps:
Step S10: support encryption mode according to key message determination lan device;
Step S11: treat the authorization information being sent to lan device and be encrypted;
Step S12: send amendment command request to lan device, wherein, carries amendment indication information and the authorization information through encryption in amendment command request.
In a preferred embodiment, because lan device there are differences on the production time, some lan device produced in early days cannot support encryption, so for client, need self key message of being fed back by lan device thus determine whether it can be encrypted the data that will be sent to this lan device, causes operation irregularity to prevent mess code.Under specific circumstances, if client wishes that the partial information (such as: IP address) of local area network equipment is modified, so client needs to send amendment command request message to this lan device searched, wherein, amendment indication information and the authorization information of this lan device is carried in this information amendment order.
Preferably, in step s 11, treat the authorization information being sent to lan device to be encrypted and can to comprise following operation:
Step S1102: adopt the first cipher mode to be encrypted authorization information, generating messages is made a summary;
Step S1104: jointly adopt the second cipher mode to be encrypted authorization information as initial key eap-message digest and random number;
Step S1106: adopt pre-arranged code mode, by the authorization information after the second cipher mode encryption, be encoded into character string forms.
In a preferred embodiment, client needs to be encrypted authorization information, and first it need to carry out the encryption of md5 summary to authorization information, and generating messages is made a summary; Secondly, the random number that the basis of eap-message digest adds preset length byte again carries out AES encryption as double secret key original text jointly, English branch can be used to be separated between the encryption of md5 summary and random number; Then, then by encrypted content undertaken being encapsulated into after base64 process changes into character string in amendment command request message and send.
Below in conjunction with the preferred implementation shown in Fig. 4 to Fig. 6, above-mentioned preferred implementation process is further described.
Fig. 4 is the flow chart of lan device discovery procedure according to the preferred embodiment of the invention.As shown in Figure 4, this flow process can be applied to the local area network (LAN) that builds in above-mentioned Fig. 2 and find system, thus makes client can be connected to multiple lan devices under same switch with it by Timeliness coverage.This lan device finds that flow process can comprise following treatment step:
Step S402: client can by the mode of multicast under be connected to same exchange with it, one or more lan devices of being positioned at same physical LAN send searching request;
It should be noted that, owing to not carrying the key message of concerning security matters in above-mentioned searching request, therefore, not needing the information to carrying in searching request to be encrypted.
Step S404: if the one or more lan devices being positioned at same local area network (LAN) normally can receive at preset time range the searching request that client sends, just can make response in time; Now, owing to needing the key message carrying lan device in response message, so, need the key message to carrying in response message to be encrypted;
Step S406: client is after receiving the response message that lan device returns, the information (such as: the production firm of lan device, the production address of lan device, the type of lan device, the model etc. of lan device) without the need to encryption of carrying in response message is directly shown, then can parse the key message relevant with lan device by the decrypting process reverse to encryption process for the key message through encryption.
Fig. 5 is the flow chart that client local area network equipment returns according to the preferred embodiment of the invention response message carries out processing.As shown in Figure 5, this flow process can comprise following treatment step:
Step S502: client, after receiving the response message that lan device returns, is resolved the information of carrying in response message and classifies; Judge whether to there is the above-mentioned key message needing encryption, if there is the information without the need to encryption, then continue to perform step S504; If there is the key message needing encryption, then continue to perform step S508;
Step S504-step S506: can directly show for the information without the need to encryption; Flow process terminates;
Step S508: the key message (such as: software version and dsp version) that lan device returns uses fixed key to carry out AES encryption;
Step S510: client obtains key message by adopting fixed key and AES manner of decryption, and then is shown.
It should be noted that, the technical scheme that above preferred embodiment of the present invention provides can realize protocol self-adapting, namely for the lan device whether supporting encryption, the ability information that can be returned by searching request stage lan device is judged, if the model of lan device is newer, be enough to support above-mentioned encryption, then can process according to above-mentioned safety encipher mode; If the model of lan device is comparatively outmoded, above-mentioned encryption cannot be supported, then not adopt the mode of encryption to carry out, thus, information displaying will be caused to occur mess code because of the above-mentioned encryption of employing.
Fig. 6 is the flow chart of the information amendment of lan device according to the preferred embodiment of the invention.As shown in Figure 6, this flow process can be applied to the local area network (LAN) that builds in above-mentioned Fig. 2 equally and find system, thus makes client can be connected to multiple lan devices under same switch with it by Timeliness coverage.The information modification process of this lan device can comprise following treatment step:
Step S602: under specific circumstances, if client wishes that the partial information (such as: IP address) of local area network equipment is modified, so client needs to send amendment command request message to certain lan device searched, wherein, amendment indication information and the identifying code of this lan device is carried in this information amendment order;
In the preferred embodiment, client needs to be encrypted identifying code, and its ciphering process is as follows successively:
(1) encryption of md5 summary is carried out to identifying code;
(2) after above-mentioned (1) performs encryption processing, then the random number adding preset length byte carries out AES encryption as double secret key original text jointly, English branch can be used to be separated between the encryption of md5 summary and random number;
(3) encrypted content is carried out base64 process and change into character string.
Step S604: lan device is after the amendment command request message receiving client transmission, first carry out reverse process according to the same rule adopted in above-mentioned (1)-(3) and parse identifying code, if mistake appears in identifying code, then directly return the information that amendment is failed; If identifying code successfully resolved, then can carry out the amendment of corresponding information, the result of amendment can adopt the mode of multicast to feed back to client;
Step S606: the amendment result that client local area network equipment returns is resolved, and revise result feedback the most at last to user.
It should be noted that, the object adding random number in above-mentioned steps S604 is to prevent repeated authentication, blocks brute force attack with this.Lan device can use list in local maintenance random number, in decrypting process used random number will be stored in this list.If find in Already in this list of the up-to-date random number received in next decrypting process, then lan device is by refusal amendment self information.Moreover, in above-mentioned steps S604, add random number can also improve coefficient of safety, and for the authentication error occurring more than predetermined quantity (such as: 5 times), refusal client is modified to its information by lan device.
Fig. 7 is the structured flowchart according to the information transmitting apparatus in the local area network (LAN) of the embodiment of the present invention.As shown in Figure 7, the information transmitting apparatus in this local area network (LAN) can comprise: the first receiver module 100, for receiving the search request message coming from client; Processing module 102, for responding search request message, is encrypted the key message corresponding with self, wherein, key message comprise following one of at least: identification information, using state information, running state information; Feedback module 104, for returning search response message to client, wherein, carries the key message through encryption in search response message.
Adopt device as shown in Figure 7, solve in correlation technique not to be encrypted the information transferring to client from lan device and cause the fail safe of information transmission problem that is poor, that easily cause lan device security information to reveal, and then improve the flexibility that the fail safe of local area network (LAN) internal information transmission and local area network equipment carries out managing.
Preferably, processing module 102 can comprise: the first ciphering unit (not shown), for Extraction parts information from key message, and adopts the first cipher mode to be encrypted partial information, and generating messages is made a summary; Second ciphering unit (not shown), for adopting the second cipher mode to be encrypted key message as initial key eap-message digest; Coding unit (not shown), for adopting pre-arranged code mode, by the key message after the second cipher mode encryption, being encoded into character string forms, and being encapsulated in search response message.
Preferably, as shown in Figure 8, said apparatus can also comprise: the second receiver module 106, for receiving the amendment command request coming from client, wherein, carries amendment indication information and the authorization information through encryption in amendment command request; Parsing module 108, for resolving the authorization information through encryption; Executive Module 110, modifies according to the corresponding informance of amendment indication information to local current setting for determining whether according to analysis result.
Preferably, parsing module 108 can comprise: decoding unit (not shown), for adopting default decoding process, the authorization information through encryption transmitted according to character string forms is decoded into the encrypted result of byte code form; First decryption unit (not shown), for adopting the first manner of decryption to be decrypted process to encrypted result, generating messages is made a summary; Second decryption unit (not shown), decrypts authorization information for adopting the second manner of decryption from eap-message digest.
Preferably, Executive Module 110, for when resolving unsuccessfully, continues to keep the corresponding informance of local current setting constant; Or, in successfully resolved and when determining that the authorization information parsed is reused, continue to keep the corresponding informance of local current setting constant; Or, determine that the authorization information parsed is when using first in successfully resolved, to modify according to the corresponding informance of amendment indication information to local current setting.
Fig. 9 is the structured flowchart according to the information acquisition device in the local area network (LAN) of the embodiment of the present invention.As shown in Figure 9, the information acquisition device in this local area network (LAN) can comprise: the first sending module 200, for sending search request message to lan device; Acquisition module 202, for receiving the search response message corresponding with search request message that lan device returns, wherein, carry the key message through encryption in search response message, key message comprise following one of at least: identification information, using state information, running state information.
Preferably, as shown in Figure 10, said apparatus can also comprise: judge module 204, for judging the key message whether carried in search response message through encryption; First processing module 206, for when judge module exports as being, then first adopts default decoding process that the authorization information through encryption transmitted according to character string forms is decoded into the encrypted result of byte code form; Adopt the first manner of decryption to be decrypted process to encrypted result again, generating messages is made a summary; Then the second manner of decryption is adopted from eap-message digest, to decrypt key message and show key message; Second processing module 208, for exporting as time no at judge module, then shows the Noncoded Information carried in search response message.
Preferably, as shown in Figure 10, said apparatus can also comprise: determination module 210, for supporting encryption mode according to key message determination lan device; Encrypting module 212, is encrypted for treating the authorization information being sent to lan device; Second sending module 214, for sending amendment command request to lan device, wherein, carries amendment indication information and the authorization information through encryption in amendment command request.
Preferably, encrypting module 212 can comprise: the first ciphering unit (not shown), and for adopting the first cipher mode to be encrypted authorization information, generating messages is made a summary; Second ciphering unit (not shown), for jointly adopting the second cipher mode to be encrypted authorization information as initial key eap-message digest and random number; Coding unit (not shown), for adopting pre-arranged code mode, by the authorization information after the second cipher mode encryption, is encoded into character string forms.
Figure 11 is the structured flowchart according to the information processing system in the local area network (LAN) of the embodiment of the present invention.As shown in figure 11, the information processing system in this local area network (LAN) can comprise: the information acquisition device in the information transmitting apparatus in above-mentioned local area network (LAN) and above-mentioned local area network (LAN).
From above description, can find out, above embodiments enable following technique effect (it should be noted that these effects are effects that some preferred embodiment can reach): adopt the technical scheme that the embodiment of the present invention provides, in the process that lan device feeds back in the inquiry request sent client, can be encrypted key message in the response message, and then be increased in the fail safe carrying out information interaction between the different entities in local area network (LAN).Meanwhile, whether client can support encryption according to the clear and definite lan device of key message of lan device feedback, carries out protocol self-adapting, determines the manner of decryption that self will take.In addition, client can also send information amendment order to indicate lan device to modify to self information by cipher mode to lan device, thus improves the flexibility of equipment control in user's local area network.
Obviously, those skilled in the art should be understood that, above-mentioned of the present invention each module or each step can realize with general calculation element, they can concentrate on single calculation element, or be distributed on network that multiple calculation element forms, alternatively, they can realize with the executable program code of calculation element, thus, they can be stored and be performed by calculation element in the storage device, and in some cases, step shown or described by can performing with the order be different from herein, or they are made into each integrated circuit modules respectively, or the multiple module in them or step are made into single integrated circuit module to realize.Like this, the present invention is not restricted to any specific hardware and software combination.
The foregoing is only the preferred embodiments of the present invention, be not limited to the present invention, for a person skilled in the art, the present invention can have various modifications and variations.Within the spirit and principles in the present invention all, any amendment done, equivalent replacement, improvement etc., all should be included within protection scope of the present invention.

Claims (19)

1. the method for sending information in local area network (LAN), is characterized in that, comprising:
Receive the search request message coming from client;
Respond described search request message, the key message corresponding with self be encrypted, wherein, described key message comprise following one of at least: identification information, using state information, running state information;
Return search response message to described client, wherein, in described search response message, carry the key message through encryption.
2. method according to claim 1, is characterized in that, is encrypted comprises described key message:
Extraction parts information from described key message, and adopt the first cipher mode to be encrypted described partial information, generating messages is made a summary;
The second cipher mode is adopted to be encrypted described key message as initial key described eap-message digest;
Adopt pre-arranged code mode, by the key message after described second cipher mode encryption, be encoded into character string forms, and be encapsulated in described search response message.
3. method according to claim 1, is characterized in that, after returning described search response message to described client, also comprises:
Receive the amendment command request coming from described client, wherein, in described amendment command request, carry amendment indication information and the authorization information through encryption;
The described authorization information through encryption is resolved;
Determine whether to modify according to the corresponding informance of described amendment indication information to local current setting according to analysis result.
4. method according to claim 3, is characterized in that, carries out parsing comprise the described authorization information through encryption:
The decoding process preset is adopted the described authorization information through encryption transmitted according to character string forms to be decoded into the encrypted result of byte code form;
Adopt the first manner of decryption to be decrypted process to described encrypted result, generating messages is made a summary;
The second manner of decryption is adopted to decrypt authorization information from described eap-message digest.
5. method according to claim 3, is characterized in that, according to described analysis result determine whether according to the corresponding informance of described amendment indication information to local current setting modify comprise one of following:
When resolving unsuccessfully, continue to keep the corresponding informance of local current setting constant;
In successfully resolved and when determining that the authorization information parsed is reused, continue to keep the corresponding informance of local current setting constant;
Determine that the authorization information parsed is when using first in successfully resolved, modify according to the corresponding informance of described amendment indication information to local current setting.
6. the information getting method in local area network (LAN), is characterized in that, comprising:
Search request message is sent to lan device;
Receive the search response message corresponding with described search request message that described lan device returns, wherein, carry the key message through encryption in described search response message, described key message comprise following one of at least: identification information, using state information, running state information.
7. method according to claim 6, is characterized in that, after the described search response message that the described lan device of reception returns, also comprises:
Judge whether carry the described key message through encryption in described search response message;
If so, then first adopt default decoding process that the described authorization information through encryption transmitted according to character string forms is decoded into the encrypted result of byte code form; Adopt the first manner of decryption to be decrypted process to described encrypted result again, generating messages is made a summary; Then the second manner of decryption is adopted from described eap-message digest, to decrypt described key message and show described key message;
If not, then the Noncoded Information carried in described search response message is shown.
8. method according to claim 6, is characterized in that, after the described search response message that the described lan device of reception returns, also comprises:
Determine that described lan device supports encryption mode according to described key message;
Treat the authorization information being sent to described lan device to be encrypted;
Send amendment command request to described lan device, wherein, in described amendment command request, carry amendment indication information and the authorization information through encryption.
9. method according to claim 8, is characterized in that, treats the described authorization information being sent to described lan device and is encrypted and comprises:
Adopt the first cipher mode to be encrypted described authorization information, generating messages is made a summary;
Jointly the second cipher mode is adopted to be encrypted described authorization information as initial key described eap-message digest and random number;
Adopt pre-arranged code mode, by the authorization information after described second cipher mode encryption, be encoded into character string forms.
10. the information transmitting apparatus in local area network (LAN), is characterized in that, comprising:
First receiver module, for receiving the search request message coming from client;
Processing module, for responding described search request message, is encrypted the key message corresponding with self, wherein, described key message comprise following one of at least: identification information, using state information, running state information;
Feedback module, for returning search response message to described client, wherein, carries the key message through encryption in described search response message.
11. devices according to claim 10, is characterized in that, described processing module comprises:
First ciphering unit, for Extraction parts information from described key message, and adopts the first cipher mode to be encrypted described partial information, and generating messages is made a summary;
Second ciphering unit, for adopting the second cipher mode to be encrypted described key message as initial key described eap-message digest;
Coding unit, for adopting pre-arranged code mode, by the key message after described second cipher mode encryption, being encoded into character string forms, and being encapsulated in described search response message.
12. devices according to claim 10, is characterized in that, described device also comprises:
Second receiver module, for receiving the amendment command request coming from described client, wherein, carries amendment indication information and the authorization information through encryption in described amendment command request;
Parsing module, for resolving the described authorization information through encryption;
Executive Module, modifies according to the corresponding informance of described amendment indication information to local current setting for determining whether according to analysis result.
13. devices according to claim 12, is characterized in that, described parsing module comprises:
Decoding unit, is decoded into the encrypted result of byte code form for adopting default decoding process by the described authorization information through encryption transmitted according to character string forms;
First decryption unit, for adopting the first manner of decryption to be decrypted process to described encrypted result, generating messages is made a summary;
Second decryption unit, decrypts authorization information for adopting the second manner of decryption from described eap-message digest.
14. devices according to claim 12, is characterized in that, described Executive Module, for when resolving unsuccessfully, continue to keep the corresponding informance of local current setting constant; Or, in successfully resolved and when determining that the authorization information parsed is reused, continue to keep the corresponding informance of local current setting constant; Or, determine that the authorization information parsed is when using first in successfully resolved, modify according to the corresponding informance of described amendment indication information to local current setting.
Information acquisition device in 15. 1 kinds of local area network (LAN)s, is characterized in that, comprising:
First sending module, for sending search request message to lan device;
Acquisition module, for receiving the search response message corresponding with described search request message that described lan device returns, wherein, carry the key message through encryption in described search response message, described key message comprise following one of at least: identification information, using state information, running state information.
16. devices according to claim 15, is characterized in that, described device also comprises:
Judge module, for judging whether carry the described key message through encryption in described search response message;
First processing module, for when described judge module exports as being, then first adopts default decoding process that the described authorization information through encryption transmitted according to character string forms is decoded into the encrypted result of byte code form; Adopt the first manner of decryption to be decrypted process to described encrypted result again, generating messages is made a summary; Then the second manner of decryption is adopted from described eap-message digest, to decrypt described key message and show described key message;
Second processing module, for exporting as time no at described judge module, then shows the Noncoded Information carried in described search response message.
17. devices according to claim 15, is characterized in that, described device also comprises:
Determination module, for determining that according to described key message described lan device supports encryption mode;
Encrypting module, is encrypted for treating the authorization information being sent to described lan device;
Second sending module, for sending amendment command request to described lan device, wherein, carries amendment indication information and the authorization information through encryption in described amendment command request.
18. devices according to claim 17, is characterized in that, described encrypting module comprises:
First ciphering unit, for adopting the first cipher mode to be encrypted described authorization information, generating messages is made a summary;
Second ciphering unit, for jointly adopting the second cipher mode to be encrypted described authorization information as initial key described eap-message digest and random number;
Coding unit, for adopting pre-arranged code mode, by the authorization information after described second cipher mode encryption, is encoded into character string forms.
Information processing system in 19. 1 kinds of local area network (LAN)s, is characterized in that, comprising: the information acquisition device in the information transmitting apparatus in local area network (LAN) according to any one of claim 10 to 14 and the local area network (LAN) according to any one of claim 15 to 18.
CN201510315893.3A 2015-06-10 2015-06-10 Information transmission, acquisition methods and device, information processing system in local area network Active CN104994078B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510315893.3A CN104994078B (en) 2015-06-10 2015-06-10 Information transmission, acquisition methods and device, information processing system in local area network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510315893.3A CN104994078B (en) 2015-06-10 2015-06-10 Information transmission, acquisition methods and device, information processing system in local area network

Publications (2)

Publication Number Publication Date
CN104994078A true CN104994078A (en) 2015-10-21
CN104994078B CN104994078B (en) 2019-07-19

Family

ID=54305830

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510315893.3A Active CN104994078B (en) 2015-06-10 2015-06-10 Information transmission, acquisition methods and device, information processing system in local area network

Country Status (1)

Country Link
CN (1) CN104994078B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106953880A (en) * 2017-05-17 2017-07-14 北京汇通金财信息科技有限公司 Data processing method and system, sub server and main server
CN110830983A (en) * 2018-08-13 2020-02-21 华为技术有限公司 Management method and device for local area network communication

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101110831A (en) * 2007-08-24 2008-01-23 中兴通讯股份有限公司 Digital cryptographic key protection method
CN101447009A (en) * 2008-12-29 2009-06-03 北京飞天诚信科技有限公司 Method, device and system for installing software
CN101621406A (en) * 2009-07-28 2010-01-06 中兴通讯股份有限公司 Method for configuring domestic gateways in batch, configuring equipment and domestic gateways
CN102123140A (en) * 2011-01-14 2011-07-13 深圳市普联技术有限公司 Network equipment control method, network equipment control system and network equipment
CN102413123A (en) * 2011-10-10 2012-04-11 中国联合网络通信集团有限公司 Remote control method and system
US20130250968A1 (en) * 2010-11-24 2013-09-26 Huawei Technologies Co.,Ltd. Method and network entity for obtaining ip address of user
CN104243153A (en) * 2013-06-07 2014-12-24 华为终端有限公司 Method for spotting equipment user, and user equipment
CN104363266A (en) * 2014-10-23 2015-02-18 北京远特科技有限公司 Remote vehicle control method, TSP (telematics service provider) backstage system and vehicular terminal

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101110831A (en) * 2007-08-24 2008-01-23 中兴通讯股份有限公司 Digital cryptographic key protection method
CN101447009A (en) * 2008-12-29 2009-06-03 北京飞天诚信科技有限公司 Method, device and system for installing software
CN101621406A (en) * 2009-07-28 2010-01-06 中兴通讯股份有限公司 Method for configuring domestic gateways in batch, configuring equipment and domestic gateways
US20130250968A1 (en) * 2010-11-24 2013-09-26 Huawei Technologies Co.,Ltd. Method and network entity for obtaining ip address of user
CN102123140A (en) * 2011-01-14 2011-07-13 深圳市普联技术有限公司 Network equipment control method, network equipment control system and network equipment
CN102413123A (en) * 2011-10-10 2012-04-11 中国联合网络通信集团有限公司 Remote control method and system
CN104243153A (en) * 2013-06-07 2014-12-24 华为终端有限公司 Method for spotting equipment user, and user equipment
CN104363266A (en) * 2014-10-23 2015-02-18 北京远特科技有限公司 Remote vehicle control method, TSP (telematics service provider) backstage system and vehicular terminal

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106953880A (en) * 2017-05-17 2017-07-14 北京汇通金财信息科技有限公司 Data processing method and system, sub server and main server
CN106953880B (en) * 2017-05-17 2020-05-01 北京汇通金财信息科技有限公司 Data processing method and system, sub server and main server
CN110830983A (en) * 2018-08-13 2020-02-21 华为技术有限公司 Management method and device for local area network communication
CN110830983B (en) * 2018-08-13 2021-07-20 华为技术有限公司 Management method and device for local area network communication
US11917718B2 (en) 2018-08-13 2024-02-27 Huawei Technologies Co., Ltd. Local area network communication management method and apparatus

Also Published As

Publication number Publication date
CN104994078B (en) 2019-07-19

Similar Documents

Publication Publication Date Title
US10972908B2 (en) Wireless network connection method, apparatus, and system
CN108989848B (en) Video resource file acquisition method and management system
CN112150147A (en) Data security storage system based on block chain
CN107786331B (en) Data processing method, device, system and computer readable storage medium
CN1871819A (en) Wireless communication terminal and connection information setting method
WO2019134303A1 (en) Live stream room popularity processing method and apparatus, server and storage medium
CN106973310A (en) The player method of Streaming Media, EPG server and CDN server in a kind of IPTV system
CN111082929A (en) Method for realizing encrypted instant communication
EP2560319A1 (en) Method, apparatus and system for data encryption transmission in m2m
KR20220049197A (en) Apparatus, method and computer program for managing quantum cryptography key
CN112187757A (en) Multilink privacy data circulation system and method
CN112040279B (en) Audio and video playing method and storage medium for self-defined DRM (digital rights management)
CN104994078A (en) Information sending method, information acquisition method, information sending device, information acquisition device, and information processing system in local area network
CN114386049A (en) Encryption method, decryption method, device and equipment
CN101588237A (en) Method, device and system for encrypting terminal communication based on active network technology
CN106972928B (en) Bastion machine private key management method, device and system
CN114915503A (en) Data stream splitting processing encryption method based on security chip and security chip device
CN111212044B (en) Data transmission method, device and storage medium
CN100574282C (en) Point-to-point information transferring method, system and gateway unit
CN112769783A (en) Data transmission method, cloud server, receiving end and sending end
CN113595962A (en) Safety control method and device and safety control equipment
KR20080030266A (en) Service method for encryption of short message and apparatus thereof
US20200351088A1 (en) System and method for managing certification for webpage service system
CN109274765B (en) Data transmission method, equipment and system
CN110875820A (en) Management method and system for multimedia content protection key and key agent device

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant