CN105704101A

CN105704101A - Method and equipment used for pushing message

Info

Publication number: CN105704101A
Application number: CN201410698561.3A
Authority: CN
Inventors: 许用梁; 何健飞; 刘树成
Original assignee: Huawei Technologies Co Ltd
Current assignee: Huawei Technologies Co Ltd
Priority date: 2014-11-27
Filing date: 2014-11-27
Publication date: 2016-06-22
Anticipated expiration: 2034-11-27
Also published as: CN105704101B

Abstract

The invention discloses a method and an equipment used for pushing a message, belongs to the communication technology field and assists in improving safety and reducing equipment load. The method comprises steps that a first field is acquired by a server, the first field is the data generated according to a DH protocol, a first randomized number and a DH parameter, the first randomized number is the data generated according to a private key of the user equipment and the identification of the server, and the DH parameter is a parameter which is commonly shared by the user equipment and the server; a first private key is acquired by the server according to the DH protocol, a second randomized number, the first field and the DH parameter, and the second randomized number is a randomized number generated by the server; the first private key is utilized by the server to encrypt a first message to acquire the encrypted first message, and the first message is a message pushed by the server to the user equipment; a second field and the encrypted first message are sent by the server to the user equipment, and the second field is the data generated according to the DH protocol, the second randomized number and the DH parameter.

Description

A kind of method and apparatus for PUSH message

Technical field

The present invention relates to communication technical field, particularly relate to a kind of method and apparatus for PUSH message。

Background technology

In Internet service of today, server, such as the server of application service provider (ApplicationServiceProvider, ASP), Push Service can be provided for subscriber equipment。For this Push Service, subscriber equipment has only to carry out disposable registration or mandate, described ASP server just can in multiple times, on one's own initiative to subscriber equipment PUSH message。But, most ASP server directly to subscriber equipment PUSH message, but can not require over third-party platform (Third-PartyPlatform, TPP) server and forward the message pushed to subscriber equipment。Common TPP includes: note or mail service provider, Fructus Mali pumilae sending out notice service (ApplePushNotificationService, APNs) and wechat public platform etc.。

So that TPP server cannot obtain the message that ASP server pushes to subscriber equipment, described ASP server is before described subscriber equipment PUSH message, described ASP server and described subscriber equipment can adopt the graceful (Diffie-Hellman of with the diffie-hellman, DH) agreement carries out key agreement, it is thus achieved that symmetric key。Described ASP server can adopt described symmetric key, and described PUSH message is encrypted, and correspondingly, described subscriber equipment can adopt described symmetric key, and described PUSH message is decrypted。Such as: described subscriber equipment can receive multiple ASP server, such as an ASP server and the 2nd ASP server, the message of propelling movement。Described subscriber equipment is consulted to determine the first symmetric key with a described ASP server, preserves described first symmetric key corresponding with a described ASP server。Described subscriber equipment also consults to determine the second symmetric key with described 2nd ASP server, preserves described second symmetric key determined with described 2nd ASP server。So, described subscriber equipment needs to expend more memory space to preserve symmetric key, reduces safety；Described subscriber equipment also needs to the configuration pin administrative mechanism to described symmetric key, in order to after the message receiving a certain ASP server push, it is possible to quickly finds out the symmetric key corresponding with a certain ASP server, adds the burden of subscriber equipment。

Summary of the invention

Embodiments of the invention provide a kind of method and apparatus for PUSH message, are favorably improved safety and reduce the burden of equipment。

For reaching above-mentioned purpose, embodiments of the invention adopt the following technical scheme that

First aspect, it is provided that a kind of method for PUSH message, including:

Server obtains the first field, described first field is the data generated according to DH agreement, the first random number and DH parameter, described first random number is the data that the mark of the private cipher key according to subscriber equipment and described server generates, the parameter that described DH parameter is described subscriber equipment and described server is shared；

Described server is according to described DH agreement, the second random number, described first field and described DH parameter, it is thus achieved that the first key, and described second random number is the random number that described server generates；

Described server adopts described first key to encrypt the first message, it is thus achieved that the first message after encryption, described first message is the message that described server pushes to described subscriber equipment；

Described server sends the first message after the second field and described encryption to described subscriber equipment, and described second field is the data generated according to described DH agreement, described second random number and described DH parameter。

In conjunction with first aspect, in the first possible implementation of first aspect, described server obtains the first field and includes:

Described server receives the request message that described subscriber equipment sends, and described request message is used for asking described server to provide Push Service, and described request message includes described first field；

Described server obtains described first field from described request message。

In conjunction with the first possible implementation of first aspect or first aspect, in the implementation that the second of first aspect is possible, also include:

Described server is according to described DH agreement, the 3rd random number, described first field and described DH parameter, it is thus achieved that the second key, and described 3rd random number is the random number that described server generates；

Described server adopts described second key to encrypt the second message, it is thus achieved that the second message after encryption, described second message is the message that described server pushes to described subscriber equipment；

Described server sends the second message after the 3rd field and described encryption to described subscriber equipment, and described 3rd field is the data generated according to described DH agreement, described 3rd random number and described DH parameter。

In conjunction with the implementation that the first possible implementation of first aspect or the second of first aspect are possible, in the third possible implementation of first aspect, described request message also includes the mark of described subscriber equipment, also includes:

Described server stores the corresponding relation between described first field and the mark of described subscriber equipment。

Second aspect, it is provided that a kind of method for PUSH message, including:

The first message after second field of subscriber equipment reception server transmission and encryption, described second field is the data generated according to DH agreement, the second random number and DH parameter, described second random number is the random number that described server generates, and described DH parameter is the parameter that described subscriber equipment and described server are shared；

Described subscriber equipment obtains the first random number, and described first random number is the data of the mark generation of the private cipher key according to described subscriber equipment and described server；

Described subscriber equipment is according to described DH agreement, described first random number, described second field and described DH parameter, it is thus achieved that the first key；

Described subscriber equipment adopts the first message after encrypting described in described first double secret key to be decrypted, it is thus achieved that the first message, described first message is the message that described server pushes to described subscriber equipment。

In conjunction with second aspect, in the first possible implementation of second aspect, before the first message after the second field of described subscriber equipment reception server transmission and encryption, also include:

Described subscriber equipment obtains the first field, and described first field is the data generated according to described DH agreement, described first random number and described DH parameter；

Described subscriber equipment sends described first field to described server。

In conjunction with the first possible implementation of second aspect, in the implementation that the second of second aspect is possible, described subscriber equipment sends described first field to described server, including:

Described subscriber equipment obtains request message, and described request message is for providing Push Service to described server request, and described request message includes described first field；

Described subscriber equipment sends described request message to described server。

In conjunction with the implementation that the second of second aspect, the first possible implementation of second aspect or second aspect is possible, in the third possible implementation of second aspect, also include:

The second message after 3rd field of described subscriber equipment reception described server transmission and encryption, described 3rd field is the data generated according to described DH agreement, the 3rd random number and described DH parameter, and described 3rd random number is the random number that described server generates；

Described subscriber equipment is according to described DH agreement, described first random number, described 3rd field and described DH parameter, it is thus achieved that the second key；

Described subscriber equipment adopts the second message after encrypting described in described second double secret key to be decrypted, it is thus achieved that described second message, described second message is the message that described server pushes to described subscriber equipment。

The third aspect, it is provided that a kind of server, including:

First obtains unit, for obtaining the first field, described first field is the data generated according to DH agreement, the first random number and DH parameter, described first random number is the data that the mark of the private cipher key according to subscriber equipment and described server generates, the parameter that described DH parameter is described subscriber equipment and described server is shared；

Second obtains unit, and for according to described DH agreement, the second random number, described first field and described DH parameter, it is thus achieved that the first key, described second random number is the random number that described server generates；

Ciphering unit, for adopting the described second described first key obtaining unit acquisition to encrypt the first message, it is thus achieved that the first message after encryption, described first message is the message that described server pushes to described subscriber equipment；

Transmitting element, is used for the first message send the second field and described encryption to described subscriber equipment after, and described second field is the data generated according to described DH agreement, described second random number and described DH parameter。

In conjunction with the third aspect, in the first possible implementation of the third aspect, also include:

Receiving unit, for receiving the request message that described subscriber equipment sends, described request message is used for asking described server to provide Push Service, and described request message includes described first field；

Described first obtains unit is additionally operable to obtain described first field from the described request message that described reception unit receives。

In conjunction with the first possible implementation of the third aspect or the third aspect, in the implementation that the second of the third aspect is possible,

Described second obtains unit is additionally operable to according to described DH agreement, the 3rd random number, described first field and described DH parameter, it is thus achieved that the second key, described 3rd random number is the random number that described server generates；

Described ciphering unit is additionally operable to adopt the described second described second key obtaining unit acquisition to encrypt the second message, it is thus achieved that the second message after encryption, described second message is the message that described server pushes to described subscriber equipment；

Described transmitting element is additionally operable to the second message send the 3rd field and described encryption to described subscriber equipment after, and described 3rd field is the data generated according to described DH agreement, described 3rd random number and described DH parameter。

In conjunction with the implementation that the first possible implementation of the third aspect or the second of the third aspect are possible, in the third possible implementation of the third aspect, described request message also includes the mark of described subscriber equipment, also includes:

Memory element, for storing the corresponding relation between described first field and the mark of described subscriber equipment。

Fourth aspect, it is provided that a kind of subscriber equipment, including:

Receive unit, for receive server send the second field and encryption after the first message, described second field is the data generated according to DH agreement, the second random number and DH parameter, described second random number is the random number that described server generates, and described DH parameter is the parameter that described subscriber equipment and described server are shared；

First obtains unit, is used for obtaining the first random number, and described first random number is the data of the mark generation of the private cipher key according to described subscriber equipment and described server；

Second obtains unit, for according to described DH agreement, described first random number, described second field and described DH parameter, it is thus achieved that the first key；

Decryption unit, is decrypted for the first message after adopting described second to obtain encryption described in described first double secret key that unit obtains, it is thus achieved that the first message, described first message is the message that described server pushes to described subscriber equipment。

In conjunction with fourth aspect, in the first possible implementation of fourth aspect, also include:

3rd obtains unit, and before the first message after the second field sent at described reception unit reception server and encryption, it is thus achieved that the first field, described first field is the data generated according to described DH agreement, described first random number and described DH parameter；

Transmitting element, obtains, for sending the described 3rd to described server, described first field that unit obtains。

In conjunction with the first possible implementation of fourth aspect, in the implementation that the second of fourth aspect is possible,

Described 3rd obtains unit is additionally operable to obtain request message, and described request message is for providing Push Service to described server request, and described request message includes described first field；

Described transmitting element obtains, for sending the described 3rd to described server, the described request message that unit obtains。

In conjunction with the implementation that the second of fourth aspect, the first possible implementation of fourth aspect or fourth aspect is possible, in the third possible implementation of fourth aspect,

Described reception unit is additionally operable to the second message after receiving the 3rd field of described server transmission and encryption, described 3rd field is the data generated according to described DH agreement, the 3rd random number and described DH parameter, and described 3rd random number is the random number that described server generates；

Described second obtains unit is additionally operable to according to described DH agreement, described first random number, described 3rd field and described DH parameter, it is thus achieved that the second key；

The second message that described decryption unit is additionally operable to after adopting described second to obtain encryption described in described second double secret key that unit obtains is decrypted, it is thus achieved that described second message, described second message is the message that described server pushes to described subscriber equipment。

The method and apparatus for PUSH message that the embodiment of the present invention provides, when described server needs to described subscriber equipment PUSH message (i.e. the first message), described first key can be adopted to encrypt described first message, it is thus achieved that the first message after encryption。The first message after described second field himself generated and described encryption is sent to described subscriber equipment by described server again。After described subscriber equipment receives described second field that described server sends, described subscriber equipment can according to described DH agreement, described first random number, described second field and described DH parameter, it is thus achieved that described the first key in order to encrypt described first message。Described subscriber equipment may utilize the first message after encryption described in described first secret key decryption, it is thus achieved that described first message。So, after described subscriber equipment receives the message after the encryption that described server sends, can pass through to calculate the key needed for the message obtained after deciphering described encryption, without preserving the key for different server, save memory space, and without configuration for managing the mechanism of key, contribute to reducing the burden of subscriber equipment。Between described subscriber equipment and described server, transmission is described first field and described second field, and not described first key, is favorably improved safety。

Accompanying drawing explanation

In order to be illustrated more clearly that the embodiment of the present invention or technical scheme of the prior art, the accompanying drawing used required in embodiment or description of the prior art will be briefly described below, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, under the premise not paying creative work, it is also possible to obtain other accompanying drawing according to these accompanying drawings。

Fig. 1 is a kind of method flow diagram for PUSH message in the embodiment of the present invention 1；

Fig. 2 is a kind of method flow diagram for PUSH message of 2 in the embodiment of the present invention；

Fig. 3 is a kind of method flow diagram for PUSH message of 3 in the embodiment of the present invention；

Fig. 4 is the schematic diagram of a kind of server in the embodiment of the present invention 4；

Fig. 5 is the schematic diagram of the another kind of server in the embodiment of the present invention 4；

Fig. 6 is the schematic diagram of the another kind of server in the embodiment of the present invention 4；

Fig. 7 is the schematic diagram of a kind of subscriber equipment in the embodiment of the present invention 5；

Fig. 8 is the schematic diagram of the another kind of subscriber equipment in the embodiment of the present invention 5；

Fig. 9 is the schematic diagram of a kind of server in the embodiment of the present invention 6；

Figure 10 is the schematic diagram of the another kind of server in the embodiment of the present invention 6；

Figure 11 is the schematic diagram of a kind of subscriber equipment in the embodiment of the present invention 7；

Figure 12 is the schematic diagram of the another kind of subscriber equipment of 7 in the embodiment of the present invention。

Detailed description of the invention

Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described, it is clear that described embodiment is only a part of embodiment of the present invention, rather than whole embodiments。Based on the embodiment in the present invention, the every other embodiment that those of ordinary skill in the art obtain under not making creative work premise, broadly fall into the scope of protection of the invention。

To facilitate understanding of the present embodiment of the invention, the several terms that can introduce first are introduced during the embodiment of the present invention describes at this:

ASP is the supplier providing the various services such as configuration, lease and management application software for enterprise or individual。ASP server in the embodiment of the present invention can provide Push Service for subscriber equipment, to subscriber equipment PUSH message。

TPP server can provide application programming interface (ApplicationProgrammingInterface, API) for ASP server, and the message of ASP server push is forwarded to subscriber equipment。

In embodiments of the present invention, server can receive the first field from subscriber equipment。Described server is according to DH agreement, the second random number, described first field and DH parameter, it is thus achieved that the first key。Wherein, described second random number is the data of described server stochastic generation。Described DH parameter is the parameter that described server is total with described subscriber equipment。When described server is to described subscriber equipment PUSH message (i.e. the first message), described server adopts described first key to encrypt described first message, it is thus achieved that the first message after encryption。Described server sends the first message after the second field and described encryption to described subscriber equipment。Described second field is the data generated according to described DH agreement, described second random number and described DH parameter。Described subscriber equipment, can according to DH agreement, the first random number, described second field and described DH parameter, it is thus achieved that described first key after receiving described second field that described server sends。Wherein, described first random number is the data of the mark generation of the private cipher key according to described subscriber equipment and described server。Described first key that described subscriber equipment obtains can be used to the first message after described encryption is decrypted, it is thus achieved that described first message。

The following embodiment of the present invention, with described server for ASP server, is example by TPP server interaction between described server and subscriber equipment, illustrates。Described server also for other server that can provide Push Service for subscriber equipment, no longer can illustrate at this one by one。Described server interacts also by server or the forwarding unit of other platform with described subscriber equipment, no longer illustrates one by one at this。

Embodiment 1

The embodiment of the present invention 1 is the angle from ASP server, and a kind of method for PUSH message that the embodiment of the present invention is provided illustrates。As it is shown in figure 1, the method for PUSH message that the embodiment of the present invention provides includes:

S101, ASP server obtains the first field。

For example, described ASP server can pass through TPP server and receive the first field that subscriber equipment sends, described ASP server can directly receive described first field that described subscriber equipment sends, or described ASP server can directly receive described first field that described subscriber equipment is sent by forwarding unit, and described forwarding unit does not include described TPP server。

For example, described ASP server receives the request message that described subscriber equipment sends, and described request message is used for asking described ASP server to provide Push Service, and described request message includes described first field；Described ASP server obtains described first field from described request message。

For example, described first field is the data generated according to DH agreement, the first random number and DH parameter。Described first random number is the data of the mark generation of the private cipher key according to described subscriber equipment and described ASP server。Described DH parameter is the parameter that described subscriber equipment and described ASP server are shared。Wherein, described first field can be that described subscriber equipment generates, it is also possible to generates for other believable third party device。Described first random number can be that described subscriber equipment generates。

For example, described TPP server preserves the mark of described subscriber equipment and the mark of described ASP server, when described subscriber equipment is interacted by described TPP server with described ASP server, described subscriber equipment can obtain the mark of described ASP server by described TPP server, and described ASP server can also obtain the mark of described subscriber equipment by described TPP server。Wherein, the mark of described subscriber equipment can be the Internet protocol (InternetProtocol of the title of described subscriber equipment, the coding of described subscriber equipment, described subscriber equipment, IP) address, described subscriber equipment medium education (MediaAccessControl, MAC) address etc. can be identified for that the information of described subscriber equipment。The mark of described ASP server can be the title of described ASP server, the coding of described ASP server, the IP address of described ASP server, described ASP server MAC Address etc. can be identified for that the information of described ASP server。No longer other form being likely to adopt of the mark of the mark of described subscriber equipment and described ASP server is illustrated at this。

For example, if described first table of random numbers is shown as R_u, described DH parameter includes the first parameter, and the first parameter is represented by p, and described first field is represented by Y_user, then described first field can adopt following formula to calculate acquisition, particularly as follows:

Y_{user} = g^{R_{u}} \mod p .

Wherein, described p is a prime number。G is the primitive root of p, and g is the second parameter, and described g can calculate according to described p and obtain。Numerical value gmodp, g²Modp, g³Modp ..., g^p-1Modp is different integers and constitutes all integers from 1 to p-1。

For example, if described p=11, due to 2mod11=2,2²Mod11=4,2³Mod11=8,2⁴Mod11=5,2⁵Mod11=10,2⁶Mod11=9,2⁷Mod11=7,2⁸Mod11=3,2⁹Mod11=6,2¹⁰Mod11=1, and 2,4,8,5,10,9,7,3,6 and 1, constitute all integers from 1 to 10, therefore, 2 is a primitive root of 11, and the value of described g can be 2。The value of described p is not limited to 11, and the value of described g is also not limited to 2, no longer other value of described p Yu described g is illustrated at this。

For example, described ASP server and described subscriber equipment determine described p simultaneously or after, can through consultation or static configuration, it is determined that described g, described ASP server and described subscriber equipment not being determined, the process of described p and described g repeats at this。

For example, described first random number is the data of the mark generation of the private cipher key according to described subscriber equipment and described ASP server, and described first random number corresponds to described ASP server and described subscriber equipment。Described first field is the data according to described first random number, described DH parameter and described DH protocol generation, and described first field corresponds to described ASP server and described subscriber equipment。

S102, described ASP server are according to described DH agreement, the second random number, described first field and described DH parameter, it is thus achieved that the first key。

For example, described second random number is the random number that described ASP server generates。The parameter that described DH parameter can be described ASP server to be determined through consultation with described subscriber equipment, it is possible to be the parameter that is statically configured with described subscriber equipment of described ASP server。

For example, when described ASP server is to same subscriber equipment PUSH message, described ASP server can generate different randoms number for every message pushed。Namely, when described ASP server pushes the first message to described subscriber equipment, the second random number is generated；When described ASP server pushes the second message to described subscriber equipment, generating the 3rd random number, described 3rd random number may differ from the second random number。Wherein, described first message and described second message are the message that described ASP server pushes to described subscriber equipment。When described ASP server is to same subscriber equipment PUSH message, described ASP server can periodically generate random number, and the random number periodically generated described in utilization obtains described first key。Even described ASP server pushes described first message and described second message in same period to described subscriber equipment, then described second random number is identical with described 3rd random number, if described ASP server pushes described first message and described second message in different cycles to described subscriber equipment, then described second random number is different with described 3rd random number。

For example, when described ASP server is to different user devices PUSH message, described ASP server can generate different randoms number for different subscriber equipmenies, it is possible to generates identical random number for different users, is not repeating at this。

For example, before described ASP server pushes described first message to described subscriber equipment, described second random number that described ASP obtains is represented by R_i, described first field is represented by Y_user, described first key that described ASP server obtains can represent K_i。Described first key can adopt following formula to calculate and obtain, particularly as follows:

K_{i} = Y_{user}^R_{i} \mod p = g^{R_{u} \times R_{i}} \mod p .

S103, described ASP server adopt described first key to encrypt described first message, it is thus achieved that the first message after encryption。

For example, described ASP server is carried in the message that described ASP server generates to described first message that described subscriber equipment pushes。The payload (payload) of the message that described ASP server generates can include the first message after described encryption, the heading of the message that described ASP server generates can include source address and destination address, described source address includes the mark of described ASP server, and described destination address includes the mark of described subscriber equipment。

S104, described ASP server send the first message after the second field and described encryption by TPP server to described subscriber equipment, and described second field is the data generated according to described DH agreement, described second random number and described DH parameter。

For example, described ASP server can according to described DH agreement, described second random number and described DH parameter, it is thus achieved that described second field。Described second table of random numbers is shown as R_i, described DH parameter includes the first parameter, and described first parameter list is shown as p, and described second field is represented by Y_i, described second field can adopt following formula to calculate and obtain, particularly as follows:

Y_{i} = g^{R_{i}} \mod p .

For example, the first message after described second field and described encryption is sent to described TPP server by described ASP server, by described TPP server, sends the first message after described second field and described encryption to described subscriber equipment。

For example, if described first field isEven if described first field is intercepted and captured by other equipment, when not knowing the second random number, other equipment cannot generate the first key, and then cannot decipher the first message after adopting described first key encryption。

If g=2, p=11, R_i=8, then described first field is Y_user=2⁵Mod11=10, according to described DH agreement, described second random number (R_i=8), described first field (Y_user=10) and described DH parameter (p=11) calculate that to obtain the first key be K_i=Y_user^R_iModp=10⁸Mod11=1。If other equipment have intercepted and captured the first field, the numerical value namely having intercepted and captured the first field is 10, is not knowing the second random number (R_i=8), when, other equipment described are cannot basisCalculate the first key, and then the first message after adopting described first key encryption cannot be deciphered。Therefore, this encryption method is adopted can be effectively protected the privacy of user。Description in S102, random number owing to adopting when described ASP server generates described first key is likely to difference, therefore, described first key that described ASP server adopts to encryption to the message that subscriber equipment pushes is likely to difference, contributes to improving further safety。

The embodiment of the present invention provide for the method for PUSH message, the second random number that ASP server can generate according to DH agreement, DH parameter, the first field and described ASP server from subscriber equipment, it is thus achieved that for encrypting the first key of the first message。Described ASP server passes through TPP server, the first message of described second field and described encryption is sent to described subscriber equipment, even if described second field of described TPP server intercepts, described TPP server cannot obtain described first key according to described second field, and then the first message of described encryption cannot be deciphered, help avoid described TPP server and obtain the message that described ASP server pushes to described subscriber equipment, be favorably improved the safety of transmission。

Alternatively, the method for PUSH message that the embodiment of the present invention provides also includes:

Described ASP server is according to described DH agreement, the 3rd random number, described first field and described DH parameter, it is thus achieved that the second key, and described 3rd random number is the random number that described ASP server generates；

Described ASP server adopts described second key to encrypt the second message, it is thus achieved that the second message after encryption, described second message is the message that described ASP server pushes to described subscriber equipment；

Described ASP server sends the second message after the 3rd field and described encryption to described subscriber equipment, and described 3rd field is the data generated according to described DH agreement, described 3rd random number and described DH parameter。

Alternatively, described request message also includes the mark of described subscriber equipment, and the method for PUSH message that the embodiment of the present invention provides also includes: described server preserves the corresponding relation between described first field and the mark of described subscriber equipment。

Embodiment 2

The embodiment of the present invention 2 is the angle from subscriber equipment, and a kind of method for PUSH message that the embodiment of the present invention is provided illustrates。As in figure 2 it is shown, the method for PUSH message that the embodiment of the present invention provides includes:

S201, subscriber equipment by TPP server receive ASP server send the second field and encryption after the first message。

For example, described second field is the data generated according to DH agreement, the second random number and DH parameter。Described second random number is the random number that described ASP server generates。Described DH parameter is the parameter that described subscriber equipment and described ASP server are shared。The parameter that described DH parameter can be described ASP server to be determined through consultation with described subscriber equipment, it is possible to be the parameter that is statically configured with described subscriber equipment of described ASP server。

For example, described second random number is represented by R_i, described DH parameter includes the first parameter, and described first parameter is represented by p, and described second field is represented by Y_i, described second field can adopt following formula to calculate and obtain, particularly as follows:

Y_{i} = g^{R_{i}} \mod p .

For example, p can be a prime number, and g can be the primitive root of p, and described g is the second parameter, and described g can calculate according to described p and obtain。Numerical value gmodp, g²Modp, g³Modp ..., g^p-1Modp is different integers and constitutes all integers from 1 to p-1 with certain arrangement mode。

S202, described subscriber equipment obtain the first random number, and described first random number is the data of the mark generation of the private cipher key according to described subscriber equipment and described ASP server。

The private cipher key of described subscriber equipment is that described subscriber equipment privately owned is not to key disclosed in other equipment。For example, the private cipher key of described subscriber equipment can be a password set in advance。For different ASP servers, the private cipher key of described subscriber equipment can be set to different passwords, and such as an ASP server, the private cipher key of described subscriber equipment can be the first private cipher key；For the 2nd ASP server, the private cipher key of described subscriber equipment can be the second private cipher key, and described second private cipher key is different from described first private cipher key。For different ASP servers, the private cipher key of described subscriber equipment is set to identical password, and such as described first private cipher key is identical with described second private cipher key。The particular content of the private cipher key of subscriber equipment is not limited by the embodiment of the present invention。

For example, described TPP server preserves the mark of described subscriber equipment and the mark of described ASP server, when described subscriber equipment is interacted by described TPP server with described ASP server, described subscriber equipment can obtain the mark of described ASP server by described TPP server, and described ASP server can also obtain the mark of described subscriber equipment by described TPP server。

For example, described first random number is corresponding with described subscriber equipment and described ASP server。Described subscriber equipment can adopt PRNG (PseudoRandomNumberGenerator, RPNG) to generate described first random number, and when the parameter inputting described RPNG is identical, the random number that described RPNG generates is also identical。If the private cipher key of described subscriber equipment is SK_user, described ASP server be designated ID_ASP, then described first random number R_uEquation below can be adopted to calculate obtain, particularly as follows:

R_u=PRNG (SK_user,ID_ASP)。

S203, described subscriber equipment are according to described DH agreement, described first random number, described second field and described DH parameter, it is thus achieved that the first key。

For example, described first table of random numbers is shown as R_u, described second field list that described subscriber equipment receives is shown asThen described first key can adopt equation below to calculate acquisition, particularly as follows:

K_{i} = Y_{i}^R_{u} \mod p = g^{R_{i} \times R_{u}} \mod p = g^{R_{u} \times R_{i}} \mod p .

Namely described first key that described subscriber equipment obtains is identical with the first key that ASP server described in S102 obtains。

S204, described subscriber equipment adopt the first message after encrypting described in described first double secret key to be decrypted, it is thus achieved that the first message, described first message is the message that described ASP server pushes to described subscriber equipment。

For example, if described second field isEven if described second field is intercepted and captured by other equipment, when not knowing the first random number, other equipment cannot generate the first key, and then cannot decipher the first message after adopting described first key encryption。

If g=2, p=11, R_u=5, then described second field is Y_i=2⁸Mod11=3, then can according to described DH agreement, described first random number (R_u=5), described second field (Y_i=3) and described DH parameter (p=11), calculate that to obtain the first key be K_i=Y_i^R_uModp=3⁵Mod11=1；Even if it is 3 that other equipment have intercepted and captured the second field, do not knowing the first random number (R_u=5), when, other equipment are cannot basisCalculate the first key, and then the first message after adopting described first key encryption cannot be deciphered。

The embodiment of the present invention provide for the method for PUSH message, the first random number that subscriber equipment can generate according to DH agreement, DH parameter, the second field and described subscriber equipment from ASP server, it is thus achieved that the first key。Owing to described subscriber equipment does not pass through TPP server, described first random number is sent to described ASP server, therefore, even if described second field of described TPP server intercepts, described TPP server is under the premise not obtaining described first random number, described first key cannot be obtained, further increase the safety of transmission。Described subscriber equipment need not store first key corresponding with described ASP server, it is not required that configures corresponding key management mechanism, contributes to reducing the burden of described subscriber equipment, reduces and takies memory space。

Alternatively, before described S201, the method for PUSH message that the embodiment of the present invention provides also includes: described subscriber equipment obtains the first field, and described first field is the data generated according to described DH agreement, described first random number and described DH parameter；Described subscriber equipment sends described first field to described server。

For example, described first field is identical with the first field in embodiment one, is not repeating at this。Described first field can be that described subscriber equipment generates, it is also possible to generating for trusted third party's equipment, this is not defined by the embodiment of the present invention。

For example, described subscriber equipment can before obtaining described first field, it is thus achieved that described first random number。Described subscriber equipment can obtaining before described first random number, from described TPP server or described ASP server, it is thus achieved that the mark of described ASP server。

For example, described subscriber equipment can obtain described first field subsequently or simultaneously, it is thus achieved that request message。Described request message is for providing Push Service to described ASP server request。Described request message includes described first field。Described subscriber equipment sends described request message to described ASP server。

The second message after 3rd field of described subscriber equipment reception described ASP server transmission and encryption, described 3rd field is the data generated according to described DH agreement, the 3rd random number and described DH parameter, and described 3rd random number is the random number that described ASP server generates；

Described subscriber equipment adopts the second message after encrypting described in described second double secret key to be decrypted, it is thus achieved that described second message, described second message is the message that described ASP server pushes to described subscriber equipment。

Embodiment 3

The embodiment of the present invention 3 is that a kind of method for PUSH message that the embodiment of the present invention is provided illustrates from the angle interacted by TPP server between ASP server and subscriber equipment。As it is shown on figure 3, the method for PUSH message that the embodiment of the present invention provides includes: subscribe to the process of Push Service and the process of PUSH message。

Concrete, the process subscribing to Push Service includes: S301-S305。

S301, subscriber equipment obtain the first field。

For example, described first field is the data generated according to DH agreement, the first random number and DH parameter；Described first random number is the data of the mark generation of the private cipher key according to described subscriber equipment and described ASP server；Described DH parameter is the parameter that described subscriber equipment and described ASP server are shared。Described first field is identical with the first field in embodiment 1 or embodiment 2, is not repeating at this。

For example, the content of described first random number is referred to the associated description in embodiment 2, and described first table of random numbers is shown as R_u=PRNG (SK_user,ID_ASP)。Described DH parameter includes the first parameter, and it is the second parameter that described first parameter is represented by p, g, and described g can calculate according to described p and obtain, and described first field that described subscriber equipment obtains is specially

S302, described subscriber equipment obtain request message, and described request message is for providing Push Service to ASP server request, and described request message includes the mark of described first field and described subscriber equipment。

S303, described subscriber equipment send described request message by TPP server to described ASP server。

S304, described ASP server obtain the first field from the described request message that described subscriber equipment sends。

S305, described ASP server store the corresponding relation between the mark of described first field and described subscriber equipment。

For example, described corresponding relation includes the mark of described first field and described subscriber equipment。Described ASP server stores described corresponding relation, contribute to described ASP server when to described subscriber equipment PUSH message, without frequently obtaining described first field from described subscriber equipment, contribute to fast and effeciently obtaining described first field, be favorably improved work efficiency。

The process of PUSH message includes: S306-S316。

S306, described ASP server are according to described DH agreement, the second random number, described first field and described DH parameter, it is thus achieved that the first key, and described second random number is the random number that described ASP server generates。

For example, described ASP server can obtain described first field Y from the described corresponding relation of storage_user。The second random number that described ASP server generates every time is likely to difference。The second random number generated when assuming ASP server i & lt to subscriber equipment PUSH message (the first message) is R_i, then described ASP server is according to the second random number R_i, the first field Y_userAnd described first key that described DH parameter generates is:

K_{i} = Y_{user}^R_{i} \mod p = g^{R_{u} \times R_{i}} \mod p .

S307, described ASP server adopt described first key to encrypt described first message, it is thus achieved that the first message after encryption, described first message is the message that ASP server pushes to subscriber equipment。

S308, described ASP server by described TPP server to described subscriber equipment send the second field and encryption after the first message, described second field be according to described DH agreement, described second random number and described DH parameter generate data。

For example, described second random number is R_i, described second field isDescribed second field can obtain after described ASP server obtains described second random number, and described second field can be generated by described ASP server or believable third party device generates, and described believable 3rd equipment may not include described TPP server。

S309, described subscriber equipment obtain described first random number。

For example, described subscriber equipment can regenerate described first random number R according to the mark of the private cipher key of described subscriber equipment and described server_u。The computational methods of described first random number are identical with the computational methods of the first random number in embodiment 2, do not repeat them here。

S310, described subscriber equipment are according to described DH agreement, described first random number, described second field and described DH parameter, it is thus achieved that described first key。

Owing to described first random number is R_u, described second field beThe first key that then described subscriber equipment obtains is:

K_{i} = Y_{i}^R_{u} \mod p = g^{R_{i} \times R_{u}} \mod p = g^{R_{u} \times R_{i}} \mod p,

Identical with the first key that ASP server described in S306 obtains。

S311, described subscriber equipment adopt the first message after encrypting described in described first double secret key to be decrypted, it is thus achieved that described first message。

After S311, described ASP sends the second message to described subscriber equipment, and described first key still can be adopted to encrypt described second message。

In order to improve the safety of transmission further, when described ASP server needs to described subscriber equipment propelling movement described second message, described ASP server can adopt the second key to encrypt the second message, namely performs following S312-S316。S312-S316 is optional content。Wherein, described second message can be different from described first message, and described second key can be different from described first key。

S312, described ASP server are according to described DH agreement, the 3rd random number, described first field and described DH parameter, it is thus achieved that described second key, and described 3rd random number is the random number that described ASP server generates。

For example, described ASP server can obtain the first field Y of described subscriber equipment from the corresponding relation of storage_user。The 3rd random number that described ASP server generates likely differs from described second random number。Described 3rd random number is represented by R_j, described second key is represented by

K_{j} = Y_{user}^R_{j} \mod p = g^{R_{u} \times R_{j}} \mod p .

S313, described ASP server adopt described second key to encrypt described second message, it is thus achieved that the second message after encryption, described second message is the message that described ASP server pushes to described subscriber equipment。

S314, described ASP server are by described TPP server to the second message after described subscriber equipment transmission the 3rd field and described encryption, and described 3rd field is the data generated according to described DH agreement, described 3rd random number and described DH parameter。

For example, described 3rd field is represented byDescribed 3rd field can be generated by described ASP server, also can be generated by believable third party device。Described believable third party device may not include described TPP server。

S315, described subscriber equipment are according to described DH agreement, described first random number, described 3rd field and described DH parameter, it is thus achieved that described second key。

For example, described first random number is R_u, described 3rd field beDescribed second key that then described subscriber equipment obtains is represented by:

K_{j} = Y_{j}^R_{u} \mod p = g^{R_{j} \times R_{u}} \mod p = g^{R_{u} \times R_{j}} \mod p,

Identical with described second key that ASP server described in S312 obtains。

S316, described subscriber equipment adopt the second message after encrypting described in described second double secret key to be decrypted, it is thus achieved that described second message。

In the method that the embodiment of the present invention provides, after S316, if described ASP server is also to described subscriber equipment PUSH message, then repeatable execution S312-S316, or described ASP server adopts described first key to encrypt the message pushed to described subscriber equipment, does not repeat them here。

The method for PUSH message that the embodiment of the present invention provides, described ASP server is every time to described subscriber equipment PUSH message, such as described first message or described second message, described ASP server can adopt described first key to encrypt the message pushed to described subscriber equipment。In order to improve the safety of transmission, described ASP server can obtain described first key for described first message, obtains described second key for described second message, helps avoid described TPP server and crack the key that described ASP server adopts。Described subscriber equipment receives from the PUSH message after the encryption of described ASP server transmission every time, described subscriber equipment can generate the key of the PUSH message after deciphering described encryption, such as, described subscriber equipment can generate the first key of the first message after deciphering encryption, described subscriber equipment also can generate the second key of the second message after deciphering encryption, so, described subscriber equipment is no need for the multiple key for deciphering the PUSH message after encryption of storage, contribute to reducing the burden of described subscriber equipment, reduce taking of memory space。

Embodiment 4

The embodiment of the present invention provides a kind of server。Described server can be the ASP server in embodiment 1 or embodiment 3, and above-mentioned server can perform the method that ASP server described in embodiment 1 or embodiment 3 performs。As shown in Figure 4, described server includes: first obtains unit 40, second obtains unit 41, ciphering unit 42 and transmitting element 43。

Described first obtains unit 40 is used for obtaining the first field, described first field is the data generated according to DH agreement, the first random number and DH parameter, described first random number is the data that the mark of the private cipher key according to subscriber equipment and described server generates, the parameter that described DH parameter is described subscriber equipment and described server is shared。

Described second obtains unit 41 for according to described DH agreement, the second random number, described first field and described DH parameter, it is thus achieved that the first key, and described second random number is the random number that described server generates。

Described ciphering unit 42 encrypts the first message for adopting the described second described first key obtaining unit 41 acquisition, it is thus achieved that the first message after encryption, described first message is the message that described server pushes to described subscriber equipment。

Described transmitting element 43 is used for the first message send the second field and described encryption to described subscriber equipment after, and described second field is the data generated according to described DH agreement, described second random number and described DH parameter。

Alternatively, as it is shown in figure 5, described server also includes: receive unit 44。

Described reception unit 44 is for receiving the request message that described subscriber equipment sends, and described request message is used for asking described server to provide Push Service, and described request message includes described first field。

Described first obtains unit 40 is additionally operable to obtain the first field from the request message that described reception unit 44 receives。

Alternatively, described second acquisition unit 41 is additionally operable to according to described DH agreement, the 3rd random number, described first field and DH parameter, it is thus achieved that the second key, described 3rd random number is the random number that described server generates。

Described ciphering unit 42 is additionally operable to adopt the described second the second key obtaining unit 41 acquisition to encrypt the second message, it is thus achieved that the second message after encryption, described second message is the message that described server pushes to described subscriber equipment。

Described transmitting element 43 is additionally operable to the second message send the 3rd field and described encryption to described subscriber equipment after, and described 3rd field is the data generated according to described DH agreement, described 3rd random number and described DH parameter。

Alternatively, described request message also includes the mark of described subscriber equipment, and as shown in Figure 6, described server also includes: memory element 45。

Described memory element 45 is used for the corresponding relation storing between the mark of described first field and described subscriber equipment。

It should be noted that the specific descriptions of part functional module are referred to the corresponding content in embodiment of the method in the server of embodiment of the present invention offer, the present embodiment is no longer described in detail here。Server in the embodiment of the present invention can be ASP server, can be interacted by TPP server between ASP server and subscriber equipment。

The server that the embodiment of the present invention provides, described server can according to DH agreement, DH parameter, the second random number of generating from the first field of subscriber equipment and described server, it is thus achieved that for encrypting the first key of the first message。Described server sends the first message of described second field and described encryption to described subscriber equipment, even if miscellaneous equipment has intercepted and captured described second field, described miscellaneous equipment cannot obtain described first key according to described second field, and then the first message of described encryption cannot be deciphered, help avoid described miscellaneous equipment and obtain the message that described server pushes to described subscriber equipment, be favorably improved the safety of transmission。

Embodiment 5

The embodiment of the present invention provides a kind of subscriber equipment。Described subscriber equipment can be the subscriber equipment in embodiment 2 or embodiment 3。Described subscriber equipment can perform the method that the subscriber equipment in embodiment 2 or embodiment 3 performs。As it is shown in fig. 7, may include that reception unit 50, first obtains unit 51, second and obtains unit 52 and decryption unit 53。

Described reception unit 50 is used for the first message after receiving the second field of server transmission and encryption, described second field is the data generated according to DH agreement, the second random number and DH parameter, second random number is the random number that server generates, and DH parameter is the parameter that subscriber equipment and server are shared。

Described first obtains unit 51 is used for obtaining the first random number, and described first random number is the data of the mark generation of the private cipher key according to described subscriber equipment and described server。

Described second obtains unit 52 for according to described DH agreement, described first random number, described second field and described DH parameter, it is thus achieved that the first key。

Described decryption unit 53 is decrypted for the first message after adopting described second to obtain encryption described in described first double secret key that unit 52 obtains, it is thus achieved that the first message, described first message is the message that server pushes to subscriber equipment。

Alternatively, as shown in Figure 8, described subscriber equipment also includes the 3rd acquisition unit 54 and transmitting element 55。

Described 3rd obtain unit 54 be additionally operable to described reception unit 50 receive described server send described second field and described encryption after the first message before, obtaining the first field, described first field is the data generated according to described DH agreement, described first random number and described DH parameter。

Described transmitting element 55 obtains, for sending the described 3rd to described server, the first field that unit 54 obtains。

Further alternatively, the described 3rd obtains unit 54, is additionally operable to obtain request message, and described request message is for providing Push Service to described server request, and described request message includes described first field。

Described transmitting element 55, is additionally operable to send the described 3rd to described server and obtains the request message that unit 54 obtains。

Alternatively, described reception unit 50 is additionally operable to the second message after receiving the 3rd field of described server transmission and encryption, described 3rd field is the data generated according to described DH agreement, the 3rd random number and described DH parameter, and described 3rd random number is the random number that described server generates。

Described second obtains unit 52 is additionally operable to according to described DH agreement, described first random number, described 3rd field and described DH parameter, it is thus achieved that the second key。

The second message that described decryption unit 53 is additionally operable to after adopting described second to obtain encryption described in described second double secret key that unit 52 obtains is decrypted, it is thus achieved that the second message, described second message is the message that described server pushes to described subscriber equipment。

It should be noted that the specific descriptions of part functional module are referred to the corresponding content in embodiment of the method in the subscriber equipment of embodiment of the present invention offer, the present embodiment is no longer described in detail here。Can be interacted by TPP server between described subscriber equipment and described server in the embodiment of the present invention。

The subscriber equipment that the embodiment of the present invention provides, described subscriber equipment can according to DH agreement, DH parameter, the first random number of generating from the second field of server and described subscriber equipment, it is thus achieved that the first key。Owing to described subscriber equipment does not pass through miscellaneous equipment, described first random number is sent to described server, therefore, even if described miscellaneous equipment has intercepted and captured described second field, described miscellaneous equipment is under the premise not obtaining described first random number, described first key cannot be obtained, further increase the safety of transmission。Described subscriber equipment need not store first key corresponding with described server, it is not required that configures corresponding key management mechanism, contributes to reducing the burden of described subscriber equipment, reduces and takies memory space。

Embodiment 6

The embodiment of the present invention provides a kind of server, as it is shown in figure 9, may include that memorizer 61, processor 62 and transmitter 63。

Memorizer 61, is used for storing batch processing code。

Processor 62, for performing the program code of memorizer 61 storage, and specifically for performing following operation: obtain the first field, first field is the data generated according to DH agreement, the first random number and DH parameter, first random number is the data that the mark of the private cipher key according to subscriber equipment and server generates, the parameter that DH parameter is subscriber equipment and server is shared；According to DH agreement, the second random number, the first field and DH parameter, it is thus achieved that the first key, the second random number is the random number that server generates；Adopting the first key to encrypt the first message, it is thus achieved that the first message after encryption, the first message is the message that server pushes to subscriber equipment。

Transmitter 63, for the first message after sending the second field to subscriber equipment and encrypt, the second field is the data generated according to DH agreement, the second random number and DH parameter。

Alternatively, as shown in Figure 10, this server also includes: receptor 64。

Receptor 64, for receiving the request message that subscriber equipment sends, request message provides Push Service for request server, and request message includes the first field。

Processor 62, is additionally operable to obtain the first field from request message。

Alternatively, processor 62, it is additionally operable to according to DH agreement, the 3rd random number, the first field and DH parameter, it is thus achieved that the second key, the 3rd random number is the random number that server generates；Adopting the second key to encrypt the second message, it is thus achieved that the second message after encryption, the second message is the message that server pushes to subscriber equipment。

Transmitter 63, is additionally operable to the second message send the 3rd field and encryption to subscriber equipment after, and the 3rd field is the data generated according to DH agreement, the 3rd random number and DH parameter。

Alternatively, request message also includes the mark of subscriber equipment, memorizer 61, is additionally operable to storage the first corresponding relation, and the first corresponding relation includes the mark of the first field and subscriber equipment。

In embodiments of the present invention, memorizer 61, processor 62, transmitter 63 and receptor 64 are connected by bus and complete mutual communicating。

Wherein, bus can be industry standard architecture (IndustryStandardArchitecture, ISA) bus, external equipment interconnect (PeripheralComponentInterconnect, PCI) bus or extended industry-standard architecture (ExtendedIndustryStandardArchitecture, EISA) bus etc.。This bus can be divided into address bus, data/address bus, control bus etc.。For ease of representing, Fig. 9 and Figure 10 only represents with a thick line, it is not intended that only have a bus or a type of bus。

Processor 62 can be the control centre of server, such as central processing unit (CentralProcessingUnit, CPU), this control centre can utilize various interface and the various piece of the whole ASP server of connection, it is stored in the program code in memorizer 61 and/or module by running or performing, and call the data being stored in memorizer 61, to perform the various functions of server。This processor 61 can by integrated circuit (IntegratedCircuit, or specific integrated circuit (ApplicationSpecificIntegratedCircuit IC), ASIC) composition is (such as, this processor 61 can be made up of the IC of single encapsulation), it is also possible to it is made up of the encapsulation IC connecting many identical functions or difference in functionality。For example, processor 62 can only include CPU, can also be CPU, image processor (GraphicProcessingUnit, GPU), the combination of the control chip (such as baseband chip) in digital signal processor (DigitalSignalProcessor, DSP) and communication unit。In embodiments of the present invention, CPU can be single arithmetic core, it is also possible to include multioperation core。

Embodiment 7

The embodiment of the present invention provides a kind of subscriber equipment, and as shown in figure 11, this subscriber equipment includes: memorizer 71, receptor 72 and processor 73。

Memorizer 71, is used for storing batch processing code。

Receptor 72, for receive server send the second field and encryption after the first message, second field is the data generated according to DH agreement, the second random number and DH parameter, and the second random number is the random number that server generates, and DH parameter is the parameter that subscriber equipment and server are shared。

Processor 73, for performing the program code of memorizer 71 storage, and specifically for performing following operation: obtain the first random number, the first random number is the data of the mark generation of the private cipher key according to subscriber equipment and server；According to DH agreement, the first random number, the second field and DH parameter, it is thus achieved that the first key；Adopting the first message after the first key pair encryption to be decrypted, it is thus achieved that the first message, the first message is the message that server pushes to subscriber equipment。

Alternatively, as shown in figure 12, this subscriber equipment also includes: transmitter 74。

Processor 73, be additionally operable to receptor 72 receive server send the second field and encryption after the first message before, it is thus achieved that the first field, the first field be according to DH agreement, the first random number and DH parameter generate data。

Transmitter 74, for sending the first field to server。

Alternatively, processor 73, it is additionally operable to obtain request message, request message is for providing Push Service to server request, and request message includes the first field。

Transmitter 74, is additionally operable to send request message to server。

Alternatively, receptor 72, it is additionally operable to the second message after receiving the 3rd field of server transmission and encryption, the 3rd field is the data generated according to DH agreement, the 3rd random number and DH parameter, and the 3rd random number is the random number that server generates。

Processor 73, is additionally operable to according to DH agreement, the first random number, the 3rd field and DH parameter, it is thus achieved that the second key；Adopting the second message after the second key pair encryption to be decrypted, it is thus achieved that the second message, the second message is the message that server pushes to subscriber equipment。

In embodiments of the present invention, memorizer 71, receptor 72, processor 73 and transmitter 74 are connected by bus and complete mutual communicating。

Wherein, bus can be industry standard architecture (IndustryStandardArchitecture, ISA) bus, external equipment interconnect (PeripheralComponentInterconnect, PCI) bus or extended industry-standard architecture (ExtendedIndustryStandardArchitecture, EISA) bus etc.。This bus can be divided into address bus, data/address bus, control bus etc.。For ease of representing, Figure 11 and Figure 12 only represents with a thick line, it is not intended that only have a bus or a type of bus。

Processor 73 can be central processing unit (CentralProcessingUnit, CPU), it can also be the combination of control chip (such as baseband chip) in CPU, digital signal processor (DigitalSignalProcessor, DSP) and communication unit。In embodiments of the present invention, CPU can be single arithmetic core, it is also possible to include multioperation core。

Receptor 72 and transmitter 74 can be the device being sent and receiving wireless signal by antenna, it is also possible to provide signal to send the device with receiving interface for other。

It should be noted that the specific descriptions of part functional module are referred to the corresponding content in embodiment of the method in the subscriber equipment of embodiment of the present invention offer, the present embodiment is no longer described in detail here。Can be interacted by TPP server between subscriber equipment and server in the embodiment of the present invention。

Through the above description of the embodiments, those skilled in the art is it can be understood that arrive, for convenience and simplicity of description, only it is illustrated with the division of above-mentioned each functional module, in practical application, as desired above-mentioned functions distribution can be completed by different functional modules, be divided into different functional modules by the internal structure of device, to complete all or part of function described above。The specific works process of the system of foregoing description, device and unit, it is possible to reference to the corresponding process in preceding method embodiment, do not repeat them here。

In several embodiments provided herein, it should be understood that disclosed system, apparatus and method, it is possible to realize by another way。Such as, device embodiment described above is merely schematic, such as, the division of described module or unit, being only a kind of logic function to divide, actual can have other dividing mode when realizing, for instance multiple unit or assembly can in conjunction with or be desirably integrated into another system, or some features can ignore, or do not perform。Another point, shown or discussed coupling each other or direct-coupling or communication connection can be through INDIRECT COUPLING or the communication connection of some interfaces, device or unit, it is possible to be electrical, machinery or other form。

The described unit illustrated as separating component can be or may not be physically separate, and the parts shown as unit can be or may not be physical location, namely may be located at a place, or can also be distributed on multiple NE。Some or all of unit therein can be selected according to the actual needs to realize the purpose of the present embodiment scheme。

It addition, each functional unit in each embodiment of the present invention can be integrated in a processing unit, it is also possible to be that unit is individually physically present, it is also possible to two or more unit are integrated in a unit。Above-mentioned integrated unit both can adopt the form of hardware to realize, it would however also be possible to employ the form of SFU software functional unit realizes。

If described integrated unit is using the form realization of SFU software functional unit and as independent production marketing or use, it is possible to be stored in a computer read/write memory medium。Based on such understanding, part or all or part of of this technical scheme that prior art is contributed by technical scheme substantially in other words can embody with the form of software product, this computer software product is stored in a storage medium, including some instructions with so that a computer equipment (can be personal computer, server, or the network equipment etc.) or processor (processor) perform all or part of step of method described in each embodiment of the present invention。And aforesaid storage medium includes: USB flash disk, portable hard drive, read only memory (ROM, Read-OnlyMemory), the various media that can store program code such as random access memory (RAM, RandomAccessMemory), magnetic disc or CD。

The above; being only the specific embodiment of the present invention, but protection scope of the present invention is not limited thereto, any those familiar with the art is in the technical scope that the invention discloses; change can be readily occurred in or replace, all should be encompassed within protection scope of the present invention。Therefore, protection scope of the present invention should be as the criterion with described scope of the claims。

Claims

1. the method for PUSH message, it is characterised in that described method includes:

Server obtains the first field, described first field is the data generated according to the graceful DH agreement of with the diffie-hellman, the first random number and DH parameter, described first random number is the data that the mark of the private cipher key according to subscriber equipment and described server generates, the parameter that described DH parameter is described subscriber equipment and described server is shared；

2. method according to claim 1, it is characterised in that described server obtains the first field and includes:

3. method according to claim 1 and 2, it is characterised in that described method also includes:

4. according to the method in claim 2 or 3, it is characterised in that described request message also includes the mark of described subscriber equipment, and described method also includes:

Described server preserves the corresponding relation between described first field and the mark of described subscriber equipment。

5. the method for PUSH message, it is characterised in that described method includes:

The first message after second field of subscriber equipment reception server transmission and encryption, described second field is the data generated according to the graceful DH agreement of with the diffie-hellman, the second random number and DH parameter, described second random number is the random number that described server generates, and described DH parameter is the parameter that described subscriber equipment and described server are shared；

6. method according to claim 5, it is characterised in that before the first message after the second field of described subscriber equipment reception server transmission and encryption, described method also includes:

7. method according to claim 6, it is characterised in that described subscriber equipment sends described first field to described server, including:

8. the method according to any one of claim 5-7, it is characterised in that described method also includes:

9. a server, it is characterised in that described server includes:

First obtains unit, for obtaining the first field, described first field is the data generated according to the graceful DH agreement of with the diffie-hellman, the first random number and DH parameter, described first random number is the data that the mark of the private cipher key according to subscriber equipment and described server generates, the parameter that described DH parameter is described subscriber equipment and described server is shared；

10. server according to claim 9, it is characterised in that described server also includes:

11. the server according to claim 9 or 10, it is characterised in that

12. the server according to claim 10 or 11, it is characterised in that described request message also includes the mark of described subscriber equipment, and described server also includes:

13. a subscriber equipment, it is characterised in that described subscriber equipment includes:

Receive unit, for receive server send the second field and encryption after the first message, described second field is the data generated according to the graceful DH agreement of with the diffie-hellman, the second random number and DH parameter, described second random number is the random number that described server generates, and described DH parameter is the parameter that described subscriber equipment and described server are shared；

14. subscriber equipment according to claim 13, it is characterised in that described subscriber equipment also includes:

15. subscriber equipment according to claim 14, it is characterised in that

16. the subscriber equipment according to any one of claim 13-15, it is characterised in that