CN105162766A - Visit protocol system and visit protocol communication method based on peer-to-peer network distributed hash table - Google Patents
Visit protocol system and visit protocol communication method based on peer-to-peer network distributed hash table Download PDFInfo
- Publication number
- CN105162766A CN105162766A CN201510461312.7A CN201510461312A CN105162766A CN 105162766 A CN105162766 A CN 105162766A CN 201510461312 A CN201510461312 A CN 201510461312A CN 105162766 A CN105162766 A CN 105162766A
- Authority
- CN
- China
- Prior art keywords
- request
- module
- service module
- respond packet
- visit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 92
- 238000004891 communication Methods 0.000 title claims abstract description 63
- 238000012795 verification Methods 0.000 claims description 79
- 238000012958 reprocessing Methods 0.000 claims description 8
- 230000000977 initiatory effect Effects 0.000 claims description 7
- 230000005540 biological transmission Effects 0.000 claims description 5
- 238000013475 authorization Methods 0.000 claims description 4
- 238000012546 transfer Methods 0.000 claims description 3
- 238000012545 processing Methods 0.000 claims description 2
- 238000013461 design Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 4
- 230000003319 supportive effect Effects 0.000 description 4
- 230000003993 interaction Effects 0.000 description 3
- 238000004364 calculation method Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000010354 integration Effects 0.000 description 2
- 230000000694 effects Effects 0.000 description 1
- 230000001550 time effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0892—Network architectures or network communication protocols for network security for authentication of entities by using authentication-authorization-accounting [AAA] servers or protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/55—Push-based network services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/104—Peer-to-peer [P2P] networks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention provides a visit protocol system and a visit protocol communication method based on a peer-to-peer network distributed hash table. The system comprises a plurality of network nodes, each of which comprises a DHT module and a request module and/or a service module connected with the DHT module, wherein the request module is used to initiate a visit request, send a request packet containing at least one visit request to the service module, receive an authority authentication request packet sent by the service module, send an authority authentication response packet to the service module and receive a reply response packet sent by the service module, the service module is used to receive a request packet, send an authority authentication request packet to the request module, receive an authority authentication response packet and carries out authority authentication, process a visit request after authentication, construct a reply response packet and send the reply response packet to the request module, and the reply response packet contains a reply response corresponding to the visit request. The visit protocol system and the visit protocol communication method support extended protocols and permission authentication, and have the advantages of high flexibility, high stability, high security, wide application range, and the like.
Description
Technical field
The present invention relates to network communication technology field, particularly relate to a kind of visit protocol system based on peer-to-peer network distributed hashtable and communication means.
Background technology
Peer-to-peer network, each network node namely in network has identical function, and without master-slave, a network node both can be used as server, and setting shared resource, again can as work station for other network node institutes in peer-to-peer network.There is no special server in a peer-to-peer network, there is no special work station yet.
Distributed hashtable (DistributedHashTable is called for short DHT) is a kind of distributed storage method.When not needing server, each client is responsible for a route among a small circle, and is responsible for storing sub-fraction data, thus realizes addressing and the storage of whole DHT network.
RSA public key encryption algorithm is one of the most influential current public key encryption algorithm, this algorithm is true based on a foolproof number theory: be multiplied by two Big prime very easy, but it is extremely difficult to want to carry out factorization to its product, therefore can using open for product as encryption key.The usual Mr. of RSA Algorithm RSA key in a pair, one of them is privacy key, is preserved by user; Another is public-key cryptography, can external disclosure, even can register in the webserver.For improve encryption strength, RSA key be at least 500 long, general recommendation 1024.This just makes the amount of calculation of encryption very large.For reducing amount of calculation, when the information of transmission, the normal mode adopting conventional encryption methods to combine with public key encryption method, namely information adopts DES or the IDEA session key encryption improved, and then uses RSA key encryption session key and informative abstract.After the other side receives information, also can cross-check information summary by different secret key decryption.
Traditional distributed hashtable only provides simple data protocol, and does not provide other to serve.
Not intercommunication between traditional p2p network.According to the design concept of p2p network, user while enjoyment service for other users in network provide service.The overwhelming majority based on the design of p2p network to form the node effect of more times of network better, and node very little time effect can be far short of what is expected.Therefore cannot with under the prerequisite of other p2p application common points, if an application self cannot attract enough users, its function can be greatly affected.
And purview certification function needs the authority with public credibility, because peer-to-peer network interior joint is unstable, be usually difficult to realize purview certification function in the distributed hashtable of peer-to-peer network.
Summary of the invention
Provide hereinafter about brief overview of the present invention, to provide about the basic comprehension in some of the present invention.Should be appreciated that this general introduction is not summarize about exhaustive of the present invention.It is not that intention determines key of the present invention or pith, and nor is it intended to limit the scope of the present invention.Its object is only provide some concept in simplified form, in this, as the preorder in greater detail discussed after a while.
The invention provides a kind of the visit protocol system based on peer-to-peer network distributed hashtable and the communication means that realize distributed hashtable purview certification function, and the function realizing expansion is provided further.
The invention provides a kind of visit protocol system based on peer-to-peer network distributed hashtable, comprise some network nodes, described network node comprise DHT module, with the request module of described DHT model calling and/or service module.
Described request module is for initiating access request, the request bag comprising at least one access request is sent to described service module, receive the Authority Verification request bag that described service module sends, to described service module sending permission auth response bag, receive the reply respond packet that described service module sends.
Described service module is for receiving described request bag, described Authority Verification request bag is sent to described request module, receive described Authority Verification respond packet and verifying authorization, be verified access request described in reprocessing, structure is replied respond packet and is sent to described request module; Described reply respond packet comprises the reply response of corresponding described access request.
The present invention also provides a kind of visit protocol communication method based on peer-to-peer network distributed hashtable, comprising:
Request module sends the request bag comprising at least one access request to service module;
Described request module receives the Authority Verification request bag that described service module sends, to described service module sending permission auth response bag;
Described request module receive described service module to the Authority Verification of described Authority Verification respond packet by access request described in reprocessing construct and the reply respond packet sent; The reply response of corresponding described access request is comprised in described reply respond packet.
The present invention also provides the another kind of visit protocol communication method based on peer-to-peer network distributed hashtable, comprising:
Service module receives the request bag comprising at least one access request that request module sends;
Described service module is to described request module sending permission checking request bag;
Described service module receives the Authority Verification respond packet that described request module sends, and carries out Authority Verification;
After described Authority Verification passes through, access request described in described service module process, structure is replied respond packet and is sent to described request module; Described reply respond packet comprises the reply response of corresponding described access request.
RAS public private key pair and DHT addressing combine by the visit protocol communication method based on peer-to-peer network distributed hashtable that some embodiments of the present invention provide, thus the purview certification that may be used for distinguishing dissimilar node is added in DHT access, improve fail safe, and make the solution of some high securities become possibility;
Request module in some embodiments of the present invention and service module support expansion module respectively, achieve support Extended Protocol, improve the flexibility of agreement, and make this Technical Architecture may be used for supporting complicated DHT application, flexibility ratio is higher;
Some embodiments of the present invention by multiple different DHT application integration in same peer-to-peer network, can share its basic user, thus reduce the impact of number of users for the validity of the healthy and stable and various algorithm of peer network architecture, and stability is stronger;
Some embodiments of the present invention supporting platform formula framework, visit layer is formulated some application to Extended Protocol and can externally issue after the relevant SDK of exploitation, make third party developer can access network very simply;
Many embodiments of the present invention support that the application mode of access protocal instead of the application mode of a traditional supported data agreement, extend range of application;
Some embodiments of the present invention support many Request Packets, and in comparatively complicated DHT application, this characteristic can save much extra network overhead;
Some embodiments of the present invention are Service supportive end push protocol also, lacks Service supportive end and initiatively trigger the design pushed in traditional DHT application mode.
Accompanying drawing explanation
Below with reference to the accompanying drawings illustrate embodiments of the invention, above and other objects, features and advantages of the present invention can be understood more easily.Parts in accompanying drawing are just in order to illustrate principle of the present invention.In the accompanying drawings, same or similar technical characteristic or parts will adopt same or similar Reference numeral to represent.
Fig. 1 be according to the embodiment of the present invention based on the structural representation as request end or the network node as service end in the visit protocol system of peer-to-peer network distributed hashtable.
Fig. 2 be according to the embodiment of the present invention based in the visit protocol system of peer-to-peer network distributed hashtable simultaneously as the structural representation of the network node of request end and service end.
Fig. 3 is the exemplary process diagram of a kind of visit protocol communication method based on peer-to-peer network distributed hashtable according to the embodiment of the present invention.
The flow chart of step S11 in a kind of preferred embodiment that Fig. 4 is the protocol communication of visit shown in Fig. 3 method.
Fig. 5 is the preferred embodiment flow chart of the protocol communication of visit shown in Fig. 3 method.
Fig. 6 is the preferred embodiment flow chart of the protocol communication of visit shown in Fig. 5 method.
The flow chart of step S11 in the another kind of preferred embodiment that Fig. 7 is the protocol communication of visit shown in Fig. 3 method.
Fig. 8 is the flow chart of step S15 in the protocol communication of visit shown in Fig. 7 embodiment of the method.
The flow chart of step S15 in the preferred embodiment that Fig. 9 is the protocol communication of visit shown in Fig. 8 method.
Figure 10 is according to the another kind of the embodiment of the present invention exemplary process diagram based on the visit protocol communication method of peer-to-peer network distributed hashtable.
Figure 11 is the flow chart of a kind of preferred embodiment of the protocol communication of visit shown in Figure 10 method.
Figure 12 is the flow chart of step S23 in the protocol communication of visit shown in Figure 10 method.
Figure 13 is the flow chart of step S25 in the protocol communication of visit shown in Figure 10 method.
Figure 14 is the flow chart of step S27 in the protocol communication of visit shown in Figure 10 method.
Figure 15 is the flow chart of the step S27 of the preferred embodiment of the protocol communication of visit shown in Figure 14 method.
Figure 16 is the flow chart of the step S273 of the protocol communication of visit shown in Figure 14 method.
Figure 17 be according to the embodiment of the present invention once with the visit protocol interaction schematic flow sheet of public private key pair.
Description of reference numerals:
10DHT module
20 request module
30 service modules
40 upper-layer service logic modules
50 Extended Protocol request module
60 Extended Protocol service modules
Embodiment
With reference to the accompanying drawings embodiments of the invention are described.The element described in an accompanying drawing of the present invention or a kind of execution mode and feature can combine with the element shown in one or more other accompanying drawing or execution mode and feature.It should be noted that for purposes of clarity, accompanying drawing and eliminate expression and the description of unrelated to the invention, parts known to persons of ordinary skill in the art and process in illustrating.
Fig. 1 be according to the embodiment of the present invention based on the structural representation as request end or the network node as service end in the visit protocol system of peer-to-peer network distributed hashtable.
Fig. 2 be according to the embodiment of the present invention based in the visit protocol system of peer-to-peer network distributed hashtable simultaneously as the structural representation of the network node of request end and service end.
As depicted in figs. 1 and 2, in the present embodiment, the visit protocol system that the present invention is based on peer-to-peer network distributed hashtable comprises some network nodes, and described network node comprises DHT module 10, the request module 20 be connected with DHT module 10 and/or service module 30.
Request module 20 is for initiating access request, the request bag comprising at least one access request is sent to service module 30, receive the Authority Verification request bag that service module 30 sends, to service module 30 sending permission auth response bag, receive the reply respond packet that service module 30 sends.
Service module 30, for receiving described request bag, sends described Authority Verification request bag to request module 20, receives described Authority Verification respond packet and verifying authorization, be verified access request described in reprocessing, and structure is replied respond packet and is sent to request module 20.Described reply respond packet comprises the reply response of corresponding described access request.
Preferably, the public private key pair that service module 30 utilizes request module 20 to generate carries out purview certification to described request bag.Request module 20 generates the key assignments key_id of DHT module 10 corresponding to described request module 20 of each network node in described visit protocol system according to the PKI in described public private key pair.
Preferably, described key assignments key_id is the hashed value of described PKI.
Preferably, request module 20, also for declaring the authority of private key in described public private key pair in described request bag, pushes the PKI in described public private key pair after receiving PKI request to service module 30.
Service module 30 also has PKI for checking whether after receiving the statement of private key authority, as then do not pushed PKI request to request module 20.
Preferably, the Authority Verification information utilizing described public key encryption is included in described Authority Verification request bag;
Include the authority calculated after utilizing described private key to be decrypted described Authority Verification information in described Authority Verification respond packet and prove information.
Preferably, described Authority Verification information is the random train that service module 30 utilizes described public key encryption.
Described authority proves that information is after request module 20 utilizes described private key to be decrypted described Authority Verification information, the cryptographic Hash of the described random train calculated.
Preferably, request module 20 utilizes DHT algorithm, finds n network node, described request bag is sent to respectively the service module 30 of a described n network node by the key assignments key_id1 that specifies and braning factor n; Or,
Request module 20 utilizes DHT algorithm, finds corresponding network node, described request bag is sent to the service module 30 of found network node by the key assignments key_id1 specified.
Described reply respond packet, according to the described reply respond packet of the reverse transmission of the transmit path of described request bag, is sent to the request module 20 sending described request bag by service module 30.
Preferably, described network node also comprises and being connected with request module 20, for the treatment of the upper-layer service logic module 40 of described reply respond packet.
Preferably, the reply respond packet that the service module 30 that request module 20 receives a described n network node returns respectively, performs the process of response duplicate removal by the upper-layer service logic module 40 of correspondence or the Extended Protocol request module 50 of correspondence.
Preferably, described visit protocol system also comprises at least one Extended Protocol request module 50, and the Extended Protocol service module 60 corresponding with described Extended Protocol request module.
Extended Protocol request module 50 is connected with request module 20, and for initiating the access request of accessing same service module 30 with request module 20, the reply that the Extended Protocol service module 60 of process correspondence is beamed back responds.
Extended Protocol service module 60 is connected with service module 40, for the treatment of the access request that corresponding Extended Protocol request module 50 is initiated, and sends a reply response by described reply respond packet.
Particularly, as shown in Figure 1, the network node as request end comprises DHT module 10, request module 20, upper-layer service logic module 40 and some Extended Protocol request module 50;
Network node as service end comprises DHT module 10, service module 30 and distinguishes Extended Protocol service module 60 one to one with described some Extended Protocol request module 50;
As shown in Figure 2, simultaneously DHT module 10, request module 20, service module 30, upper-layer service logic module 40, some groups of corresponding Extended Protocol request module 50 and Extended Protocol service module 60 is comprised as request end and the network node of service end.
Preferably, described request handbag is containing the access request of multiple access same services module initiated by request module 20 or each Extended Protocol request module 50 respectively.
Preferably, Extended Protocol service module 60 is also for after the access request processing corresponding Extended Protocol request module 50 initiation, obtain information transmitting object message_launcher by the interface calling service module 30, and send propelling movement response by described message_launcher object.Particularly, this characteristic can have in the expansion module of for example scheduled service at some and used.
Preferably, described request includes the packet number package_id for identifying described request bag, and described access request contains the request numbering request_index for identifying described access request.Described reply respond packet specifies corresponding request bag by described packet number package_id, and described reply response specifies corresponding access request by described request numbering request_index.
Preferably, service module 30 also comprises following any one:
Respond packet is pushed for sending while sending a reply respond packet to request module 20;
Respond packet is pushed for sending to the request module 20 of other network node while sending a reply respond packet to request module 20;
For after sending a reply respond packet to request module 20, send to request module 20 and push respond packet.
Request module and the service module of above-mentioned section Example of the present invention support expansion module respectively, achieve support Extended Protocol, improve the flexibility of agreement, and make this Technical Architecture may be used for supporting complicated DHT application, flexibility ratio is higher;
Above-mentioned section Example of the present invention can by multiple different DHT application integration in same peer-to-peer network, share its basic user, thus reducing the impact of number of users for the validity of the healthy and stable and various algorithm of peer network architecture, stability is stronger;
Above-mentioned section Example supporting platform formula framework of the present invention, visit layer is formulated some application to Extended Protocol and can externally issue after the relevant SDK of exploitation, make third party developer can access network very simply.
Fig. 3 is the exemplary process diagram of a kind of visit protocol communication method based on peer-to-peer network distributed hashtable according to the embodiment of the present invention.
As shown in Figure 3, in the present embodiment, described peer-to-peer network comprises some network nodes, described network node comprise distributed hashtable DHT module, with the request module of described DHT model calling and/or service module, comprising request module, comprise as the visit protocol communication method of the network node side of request end:
S11: request module 20 sends the request bag comprising at least one access request to service module 30;
S13: request module 20 receives the Authority Verification request bag that service module 30 sends, to service module 30 sending permission auth response bag;
S15: request module 20 receive service module 30 to the Authority Verification of described Authority Verification respond packet by access request described in reprocessing construct and the reply respond packet sent.
The reply response of corresponding described access request is comprised in described reply respond packet.
Particularly, in step S15, request module 20 receives the reply respond packet that service module 30 sends, or request module 20 receives the reply respond packet of service module 30 transmission simultaneously and pushes respond packet.
The flow chart of step S11 in a kind of preferred embodiment that Fig. 4 is the protocol communication of visit shown in Fig. 3 method.
As shown in Figure 4, in the preferred embodiment of the protocol communication of visit shown in Fig. 3 method, step S11 comprises:
S111: request module 20 generates public private key pair;
S113: request module 20 sends to service module 30 and declared the authority of private key in described public private key pair, comprises the request bag of at least one access request.
Particularly, request module 20 generates the key assignments key_id of DHT module 10 corresponding to request module 20 of each described network node according to the PKI in described public private key pair.Described key assignments key_id is the hashed value of described PKI.
Preferably, request module 20 utilizes DHT algorithm, finds n network node, described request bag is sent to respectively the service module 30 of a described n network node by the key assignments key_id that specifies and braning factor n.
Or request module 20 utilizes DHT algorithm, find corresponding network node by the key assignments key_id specified, described request bag is sent to the service module 30 of found network node.
Fig. 5 is the preferred embodiment flow chart of the protocol communication of visit shown in Fig. 3 method.
As shown in Figure 5, in a preferred embodiment, also comprised before step S13:
S12: request module 20 receives the PKI request that service module 30 sends, and pushes the PKI in described public private key pair to service module 30.
Described PKI request is for asking described PKI.
Preferably, the Authority Verification information utilizing described public key encryption is included in described Authority Verification request bag; Include the authority calculated after utilizing described private key to be decrypted described Authority Verification information in described Authority Verification respond packet and prove information.
Preferably, described Authority Verification information is the random train utilizing described public key encryption; Described authority proves that information is the cryptographic Hash of described random train.
Request module 20 is deciphered described Authority Verification information with described private key and is obtained described random train, and calculates the cryptographic Hash of described random train, sends the Authority Verification respond packet comprising described cryptographic Hash to service module 30.
Fig. 6 is the preferred embodiment flow chart of the protocol communication of visit shown in Fig. 5 method.
As shown in Figure 6, in a preferred embodiment, also comprise after step S15:
S16: request module 20 receives the propelling movement respond packet that service module 30 sends.
The flow chart of step S11 in the another kind of preferred embodiment that Fig. 7 is the protocol communication of visit shown in Fig. 3 method.
As shown in Figure 7, in a preferred embodiment, step S11 comprises:
S115: request module sets up request bag;
S116: the interface function that described request module or Extended Protocol request module call described request bag adds access request in described request bag;
S117: described request module sends described request bag to service module.
Particularly, described request bag comprises following field:
Packet number package_id, access key value key_id, the PKI public_key (optional) corresponding with access key value key_id, request content data (optional), private key authority statement signer (optional).
Wherein, described private key authority statement signer is set to arbitrary value and initiates statement, and the cryptographic Hash being set to described deciphering string completes application.
Described request content data comprises following field: timestamp time_stamp, access request list requests.
Described access request comprises following field: label tag, request content data.
Wherein, described label tag is made up of Extended Protocol name title, separator and added field, such as " chl.xxxx ".
Fig. 8 is the flow chart of step S15 in the protocol communication of visit shown in Fig. 7 embodiment of the method.
As shown in Figure 8, in a preferred embodiment, step S15 comprises:
S151: request module 20 receive service module 30 process described access request construct and the reply respond packet sent;
S152: request module 20 or Extended Protocol request module 50 utilize the call back function of described request bag to transfer the reply response of corresponding described access request in described reply respond packet respectively, and process described reply response.
The flow chart of step S15 in the preferred embodiment that Fig. 9 is the protocol communication of visit shown in Fig. 8 method.
As shown in Figure 9, in a preferred embodiment, also comprise after step S152:
S153: described request bag is designated completion status by Extended Protocol request module 50, request module 20 no longer receives the reply respond packet of corresponding described request bag.
Figure 10 is according to the another kind of the embodiment of the present invention exemplary process diagram based on the visit protocol communication method of peer-to-peer network distributed hashtable.
As shown in Figure 10, in the present embodiment, described peer-to-peer network comprises some network nodes, described network node comprise distributed hashtable DHT module, with the request module of described DHT model calling and/or service module, comprising service module, comprise as the visit protocol communication method of the network node side of service end:
S21: service module 30 receives the request bag comprising at least one access request that request module 20 sends;
S23: service module 30 is to request module 20 sending permission checking request bag;
S25: service module 30 receives the Authority Verification respond packet that request module 20 sends, and carries out Authority Verification;
S27: after described Authority Verification passes through, service module 30 processes described access request, and structure is replied respond packet and is sent to request module 20.
Described reply respond packet comprises the reply response of corresponding described access request.
Particularly, in step s 27, service module 30 also can send to request module 20 while sending a reply respond packet to request module 20 and push respond packet, and/or, send to the request module 20 in other network node and push respond packet.
Preferably, the authority of private key in the public private key pair of request module 20 generation declared by the request bag that service module 30 receives.
Preferably, the DHT module 10 of each network node of described peer-to-peer network has the key assignments key_id of corresponding requests module 20, and described key assignments key_id is generated according to the PKI in described public private key pair by request module 20.
Figure 11 is the flow chart of a kind of preferred embodiment of the protocol communication of visit shown in Figure 10 method.
As shown in figure 11, in a preferred embodiment, also comprised before step S23:
S22: service module 30 sends PKI request to request module 20, receives the PKI in the described public private key pair of request module 20 propelling movement.Particularly, described PKI request is for asking described PKI.
Figure 12 is the flow chart of step S23 in the protocol communication of visit shown in Figure 10 method.
As shown in figure 12, in the present embodiment, step S23 comprises:
S231: the described PKI of service module 30 obtains described Authority Verification information to random train encryption;
S233: service module 30 sends the Authority Verification request bag comprising described Authority Verification information to request module 20.
Figure 13 is the flow chart of step S25 in the protocol communication of visit shown in Figure 10 method.
As shown in figure 13, in the present embodiment, step S25 comprises:
S251: service module 30 receives the Authority Verification respond packet comprising authority proof information that request module 20 sends; Wherein, described authority proves that information is the cryptographic Hash of the described random train calculated after deciphering described Authority Verification information by described private key;
With described authority, S253: service module 30 calculates the cryptographic Hash of described random train, proves that information carries out contrast verification.
Figure 14 is the flow chart of step S27 in the protocol communication of visit shown in Figure 10 method.
As shown in figure 14, in the present embodiment, step S27 comprises:
S271: after described Authority Verification passes through, service module 30 marks request module 20 authority;
S273: service module 30 processes described access request, structure is replied respond packet and is sent to request module 20.
Preferably, step S273 also comprises: send to request module 20 or other request module while service module 30 sends described reply respond packet to request module 20 and push respond packet.
Figure 15 is the flow chart of the step S27 of the preferred embodiment of the protocol communication of visit shown in Figure 14 method.
As shown in figure 15, in a preferred embodiment, also comprise after step S273:
S275: service module 30 sends and pushes respond packet to request module 20.
Figure 16 is the flow chart of the step S273 of the protocol communication of visit shown in Figure 14 method.
As shown in figure 16, in the present embodiment, step S273 comprises:
S2731: service module 30 is set up and replied respond packet;
S2733: service module 30 or Extended Protocol service module 60 process corresponding described access request respectively, and in described reply respond packet, add reply response;
S2735: service module 30 sends described reply respond packet to request module 20.
Particularly, described reply respond packet comprises following field:
Corresponding requests packet number request_package_id, response contents data.
Described response contents data comprises following field: reply Response List replys, pushes Response List pushs.
Described reply response comprises following field: corresponding access request numbering request_index, response contents data.
RAS public private key pair and DHT addressing combine by the visit protocol communication method based on peer-to-peer network distributed hashtable that above-mentioned section Example of the present invention provides, thus the purview certification that may be used for distinguishing dissimilar node is added in DHT access, improve fail safe, and make the solution of some high securities become possibility.
Figure 17 be according to the embodiment of the present invention once with the visit protocol interaction schematic flow sheet of public private key pair.
As shown in figure 17, once typical interaction flow can comprise:
The first request module as the first network node of request end generates public private key pair;
First request module sends to the first service module of the second network node as service end the request bag declaring private key authority;
First service module checks whether after receiving described request bag and has PKI, as then do not sent PKI request to the first request module;
First request module receives described PKI request, pushes PKI to first service module;
First service module checks after receiving PKI whether the first request module has private key authority, does not have, and pushes the Authority Verification request bag of the Authority Verification information comprised with described public key encryption to the first request module;
After first request module receives Authority Verification request bag, utilize private key decrypted rights authorization information, calculate authority and prove information, to first service module sending permission auth response bag;
Whether the response of first service module verification is correct;
After being verified, first service module marks first request module has private key authority;
First service module and each Extended Protocol service module process corresponding access request respectively, and first service module structure also sends a reply respond packet to the first request module;
First service module sends to the first request module and pushes respond packet while sending a reply respond packet; And/or first service module sends to the request module of other network node and pushes respond packet while sending a reply respond packet; And/or first service module is sending a reply the rear to the first request module transmission propelling movement respond packet of respond packet.
Above-mentioned section Example of the present invention supports that the application mode of access protocal instead of the application mode of a traditional supported data agreement, extends range of application;
Above-mentioned section Example of the present invention supports many Request Packets, and in comparatively complicated DHT application, this characteristic can save much extra network overhead;
Above-mentioned section Example of the present invention also Service supportive end push protocol, lacks Service supportive end and initiatively triggers the design pushed in traditional DHT application mode.
In sum, the present invention supports Extended Protocol and purview certification, has the advantages such as flexibility ratio is high, stability is strong, fail safe is high, applied range.
Last it is noted that above embodiment is only in order to illustrate technical scheme of the present invention, be not intended to limit; Although with reference to previous embodiment to invention has been detailed description, those of ordinary skill in the art is to be understood that: it still can be modified to the technical scheme described in foregoing embodiments, or carries out equivalent replacement to wherein portion of techniques feature; And these amendments or replacement, do not make the essence of appropriate technical solution depart from the spirit and scope of various embodiments of the present invention technical scheme.
Claims (34)
1., based on a visit protocol system for peer-to-peer network distributed hashtable, comprise some network nodes, it is characterized in that, described network node comprise distributed hashtable DHT module, with the request module of described DHT model calling and/or service module;
Described request module is for initiating access request, the request bag comprising at least one access request is sent to described service module, receive the Authority Verification request bag that described service module sends, to described service module sending permission auth response bag, receive the reply respond packet that described service module sends;
Described service module is for receiving described request bag, described Authority Verification request bag is sent to described request module, receive described Authority Verification respond packet and verifying authorization, be verified access request described in reprocessing, structure is replied respond packet and is sent to described request module; Described reply respond packet comprises the reply response of corresponding described access request.
2. visit protocol system according to claim 1, is characterized in that, the public private key pair that described service module utilizes described request module to generate carries out purview certification to described request bag; Described request module generates the key assignments of DHT module corresponding to described request module of each network node in described visit protocol system according to the PKI in described public private key pair.
3. visit protocol system according to claim 2, is characterized in that, described key assignments is the hashed value of described PKI.
4. visit protocol system according to claim 2, it is characterized in that, described request module, also for declaring the authority of private key in described public private key pair in described request bag, pushes the PKI in described public private key pair after receiving PKI request to described service module;
Described service module also has PKI for checking whether after receiving the statement of private key authority, as then do not pushed PKI request to described request module.
5. visit protocol system according to claim 4, is characterized in that, includes the Authority Verification information utilizing described public key encryption in described Authority Verification request bag;
Include the authority calculated after utilizing described private key to be decrypted described Authority Verification information in described Authority Verification respond packet and prove information.
6. visit protocol system according to claim 5, is characterized in that, described Authority Verification information is the random train that described service module utilizes described public key encryption;
Described authority proves that information is after described request module utilizes described private key to be decrypted described Authority Verification information, the cryptographic Hash of the described random train calculated.
7. visit protocol system according to claim 2, is characterized in that,
Described request module utilizes DHT algorithm, finds n network node, described request bag is sent to respectively the service module of a described n network node by the key assignments of specifying and braning factor n; Or described request module utilizes DHT algorithm, find corresponding network node by the key assignments of specifying, described request bag is sent to the service module of found network node;
Described reply respond packet, according to the described reply respond packet of the reverse transmission of the transmit path of described request bag, is sent to the request module sending described request bag by described service module.
8. visit protocol system according to claim 7, is characterized in that, described network node also comprises and described request model calling, for the treatment of the upper-layer service logic module of described reply respond packet;
The reply respond packet that the service module that described request module receives a described n network node returns respectively, performs the process of response duplicate removal by the described upper-layer service logic module of correspondence or the described Extended Protocol request module of correspondence.
9. visit protocol system according to claim 1, is characterized in that, also comprises at least one Extended Protocol request module, and the Extended Protocol service module corresponding with described Extended Protocol request module;
Described Extended Protocol request module and described request model calling, for initiating the access request with described request module accesses same services module, the reply that the Extended Protocol service module of process correspondence is beamed back responds;
Described Extended Protocol service module is connected with described service module, for the treatment of the access request that corresponding Extended Protocol request module is initiated, and sends it back complex response.
10. visit protocol system according to claim 9, is characterized in that, described request handbag is containing the access request of multiple access same services module initiated by described request module or described Extended Protocol request module respectively.
11. visit protocol systems according to claim 9, it is characterized in that, described Extended Protocol service module is also for after the access request of the described corresponding Extended Protocol request module initiation of process, obtain information transmitting object by the interface calling described service module, and send propelling movement response by described information transmitting object.
12. visit protocol systems according to claim 1, is characterized in that, described request includes the packet number for identifying described request bag, and described access request contains the request numbering for identifying described access request; Described reply respond packet specifies corresponding request bag by described packet number, and described reply response specifies corresponding access request by described request numbering.
13. visit protocol systems according to claim 1-12 any one, it is characterized in that, described service module also comprises following any one:
Respond packet is pushed for sending while sending a reply respond packet to described request module;
Respond packet is pushed for sending to other request module while sending a reply respond packet to described request module;
For after sending a reply respond packet to described request module, send to described request module and push respond packet.
14. 1 kinds of visit protocol communication methods based on peer-to-peer network distributed hashtable, described peer-to-peer network comprises some network nodes, described network node comprise distributed hashtable DHT module, with the request module of described DHT model calling and/or service module, it is characterized in that, described method comprises:
Request module sends the request bag comprising at least one access request to service module;
Described request module receives the Authority Verification request bag that described service module sends, to described service module sending permission auth response bag;
Described request module receive described service module to the Authority Verification of described Authority Verification respond packet by access request described in reprocessing construct and the reply respond packet sent; The reply response of corresponding described access request is comprised in described reply respond packet.
15. visit protocol communication methods according to claim 14, is characterized in that, described request module sends to service module the request handbag comprising at least one access request and draws together:
Request module generates public private key pair;
Described request module generates the key assignments of DHT module corresponding to described request module of each described network node according to the PKI in described public private key pair;
Described request module sends to service module and has declared the authority of private key in described public private key pair, comprises the request bag of at least one access request.
16. visit protocol communication methods according to claim 15, it is characterized in that, described key assignments is the hashed value of described PKI.
17. visit protocol communication methods according to claim 15 or 16, it is characterized in that, described request module utilizes DHT algorithm, finds n network node, described request bag is sent to respectively the service module of a described n network node by the key assignments of specifying and braning factor n;
Or described request module utilizes DHT algorithm, find corresponding network node by the key assignments of specifying, described request bag is sent to the service module of found network node.
18. visit protocol communication methods according to claim 14, is characterized in that, described request module receives the Authority Verification request bag that described service module sends, and also comprises before described service module sending permission auth response bag:
Described request module receives the PKI request for asking PKI that described service module sends, and pushes the PKI in described public private key pair to described service module.
19. visit protocol communication methods according to claim 15, is characterized in that, include the Authority Verification information utilizing described public key encryption in described Authority Verification request bag;
Include the authority calculated after utilizing described private key to be decrypted described Authority Verification information in described Authority Verification respond packet and prove information.
20. visit protocol communication methods according to claim 19, it is characterized in that, described Authority Verification information is the random train utilizing described public key encryption; Described authority proves that information is the cryptographic Hash of described random train;
Described request module is deciphered described Authority Verification information with described private key and is obtained described random train, and calculates the cryptographic Hash of described random train, sends the Authority Verification respond packet comprising described cryptographic Hash to described service module.
21. visit protocol communication methods according to claim 14, it is characterized in that, described request module receive described service module to the Authority Verification of described Authority Verification respond packet by access request described in reprocessing construct and also comprise after the reply respond packet sent:
Described request module receives the propelling movement respond packet that described service module sends.
22. visit protocol communication methods according to claim 14, is characterized in that, described request module sends to service module the request handbag comprising at least one access request and draws together:
Request module sets up request bag;
The interface that described request module or Extended Protocol request module call described request bag adds access request in described request bag;
Described request module sends described request bag to service module.
23. visit protocol communication methods according to claim 22, it is characterized in that, described request module receive described service module to the Authority Verification of described Authority Verification respond packet by access request described in reprocessing to construct and the reply respond packet sent comprises:
Described request module receive access request described in described service module process construct and the reply respond packet sent;
Described request module or Extended Protocol request module utilize the call back function of described request bag to transfer the reply response of corresponding described access request in described reply respond packet respectively, and process described reply response.
24. visit protocol communication methods according to claim 23, it is characterized in that, described request module or Extended Protocol request module utilize the call back function of described request bag to transfer the reply response of corresponding described access request in described reply respond packet respectively, and also comprise after processing described reply response:
Described request bag is designated completion status by described Extended Protocol request module, and described request module no longer receives the reply respond packet of corresponding described request bag.
25. 1 kinds of visit protocol communication methods based on peer-to-peer network distributed hashtable, described peer-to-peer network comprises some network nodes, described network node comprise distributed hashtable DHT module, with the request module of described DHT model calling and/or service module, it is characterized in that, described method comprises:
Service module receives the request bag comprising at least one access request that request module sends;
Described service module is to described request module sending permission checking request bag;
Described service module receives the Authority Verification respond packet that described request module sends, and carries out Authority Verification;
After described Authority Verification passes through, access request described in described service module process, structure is replied respond packet and is sent to described request module; Described reply respond packet comprises the reply response of corresponding described access request.
26. visit protocol communication methods according to claim 25, is characterized in that, the authority of private key in the public private key pair of described request CMOS macro cell declared by the request bag that described service module receives.
27. visit protocol communication methods according to claim 25, it is characterized in that, the DHT module of each network node of described peer-to-peer network has the key assignments of corresponding described request module, and described key assignments is generated according to the PKI in described public private key pair by described request module.
28. visit protocol communication methods according to claim 26, is characterized in that, described service module also comprised before described request module sending permission checking request bag:
Described service module sends PKI request to described request module, receives the PKI in the described public private key pair of described request module propelling movement.
29. visit protocol communication methods according to claim 26, is characterized in that, described service module is drawn together to described request module sending permission checking request handbag:
The PKI of described service module in described public private key pair obtains described Authority Verification information to random train encryption;
Described service module sends the Authority Verification request bag comprising described Authority Verification information to described request module.
30. visit protocol communication methods according to claim 29, is characterized in that, described service module receives the Authority Verification respond packet that described request module sends, and carries out Authority Verification and comprises:
Described service module receives the Authority Verification respond packet comprising authority proof information that described request module sends; Described authority proves that information is the cryptographic Hash of the described random train calculated after deciphering described Authority Verification information by described private key;
Described service module calculates the cryptographic Hash of described random train, proves that information carries out contrast verification with described authority.
31. visit protocol communication methods according to claim 30, is characterized in that, after described Authority Verification passes through, and access request described in described service module process, structure is replied respond packet and is sent to described request module and comprises:
After described Authority Verification passes through, described service module mark described request module authority;
Access request described in described service module process, structure is replied respond packet and is sent to described request module.
32. visit protocol communication methods according to claim 31, is characterized in that, access request described in described service module process, and structure is replied respond packet and is sent to described request module and also comprises:
Send to described request module or other request module while described service module sends described reply respond packet to described request module and push respond packet.
33. visit protocol communication methods according to claim 31, is characterized in that, access request described in described service module process, and structure is replied respond packet and also comprised after being sent to described request module:
Described service module sends and pushes respond packet to described request module.
34. visit protocol communication methods according to claim 31, is characterized in that, described " access request described in described service module process, structure is replied respond packet and is sent to described request module " comprising:
Described service module is set up and is replied respond packet;
Described service module or Extended Protocol service module process corresponding described access request respectively, and in described reply respond packet, add reply response;
Described service module sends described reply respond packet to described request module.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510461312.7A CN105162766B (en) | 2015-07-30 | 2015-07-30 | Visit protocol systems and communication means based on peer-to-peer network distributed hashtable |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510461312.7A CN105162766B (en) | 2015-07-30 | 2015-07-30 | Visit protocol systems and communication means based on peer-to-peer network distributed hashtable |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105162766A true CN105162766A (en) | 2015-12-16 |
| CN105162766B CN105162766B (en) | 2018-10-02 |
Family
ID=54803520
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510461312.7A Expired - Fee Related CN105162766B (en) | 2015-07-30 | 2015-07-30 | Visit protocol systems and communication means based on peer-to-peer network distributed hashtable |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105162766B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101291216A (en) * | 2007-04-16 | 2008-10-22 | 华为技术有限公司 | P2P network system and authentication method thereof |
| CN101374159A (en) * | 2008-10-08 | 2009-02-25 | 中国科学院计算技术研究所 | Credible control method and system for P2P network |
| US20090158394A1 (en) * | 2007-12-18 | 2009-06-18 | Electronics And Telecommunication Research Institute | Super peer based peer-to-peer network system and peer authentication method thereof |
-
2015
- 2015-07-30 CN CN201510461312.7A patent/CN105162766B/en not_active Expired - Fee Related
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101291216A (en) * | 2007-04-16 | 2008-10-22 | 华为技术有限公司 | P2P network system and authentication method thereof |
| US20090158394A1 (en) * | 2007-12-18 | 2009-06-18 | Electronics And Telecommunication Research Institute | Super peer based peer-to-peer network system and peer authentication method thereof |
| CN101374159A (en) * | 2008-10-08 | 2009-02-25 | 中国科学院计算技术研究所 | Credible control method and system for P2P network |
Non-Patent Citations (1)
| Title |
|---|
| M. SASITHARAGAI;A. RENUGA;A. PADMASHREE;T. RAJENDRAN: "Trust based communication in unstructured P2P networks using reputation management and self certification mechanism", 《2012 IEEE INTERNATIONAL CONFERENCE ON ENGINEERING EDUCATION: INNOVATIVE PRACTICES AND FUTURE TRENDS (AICERA)》 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105162766B (en) | 2018-10-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10250698B2 (en) | System and method for securing pre-association service discovery | |
| US10587531B2 (en) | Resources access method and apparatus | |
| Lacuesta et al. | A secure protocol for spontaneous wireless ad hoc networks creation | |
| CN104756458B (en) | For protecting the method and apparatus of the connection in communication network | |
| EP3664005A1 (en) | Credential generation and distribution method and system for a blockchain network | |
| CN113256290A (en) | Decentralized encrypted communication and transaction system | |
| Babu et al. | A distributed identity‐based authentication scheme for internet of things devices using permissioned blockchain system | |
| Li et al. | A Provably Secure and Lightweight Identity‐Based Two‐Party Authenticated Key Agreement Protocol for Vehicular Ad Hoc Networks | |
| KR20100134745A (en) | Method for distributed identification, a station in a network | |
| CN113014379B (en) | Three-party authentication and key agreement method, system and computer storage medium supporting cross-cloud domain data sharing | |
| Rana et al. | Efficient design of an authenticated key agreement protocol for dew-assisted IoT systems | |
| Enge et al. | An offline mobile access control system based on self-sovereign identity standards | |
| CN113259461B (en) | Cross-chain interaction method and block chain system | |
| Yadav et al. | Symmetric key-based authentication and key agreement scheme resistant against semi-trusted third party for fog and dew computing | |
| Babu et al. | Fog‐Sec: Secure end‐to‐end communication in fog‐enabled IoT network using permissioned blockchain system | |
| CN102209066B (en) | Network authentication method and equipment | |
| CN104618362B (en) | A kind of method and device of Resource Server and client interactive sessions message | |
| Şeker et al. | MARAS: Mutual authentication and role-based authorization scheme for lightweight Internet of Things applications | |
| Meharia et al. | A hybrid key management scheme for healthcare sensor networks | |
| CN114866267B (en) | Method and device for realizing secure multicast in block chain network | |
| Zhang et al. | A blockchain-based provably secure anonymous authentication for edge computing-enabled IoT | |
| Kashif et al. | EPIoT: Enhanced privacy preservation based blockchain mechanism for internet-of-things | |
| CN105162766A (en) | Visit protocol system and visit protocol communication method based on peer-to-peer network distributed hash table | |
| CN117581505A (en) | Method and system for multi-user quantum key distribution and management | |
| Jilna et al. | A key management technique based on elliptic curves for static wireless sensor networks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20181002 |