CN105704101B

CN105704101B - A kind of method and apparatus for PUSH message

Info

Publication number: CN105704101B
Application number: CN201410698561.3A
Authority: CN
Inventors: 许用梁; 何健飞; 刘树成
Original assignee: Huawei Technologies Co Ltd
Current assignee: Huawei Technologies Co Ltd
Priority date: 2014-11-27
Filing date: 2014-11-27
Publication date: 2019-10-18
Anticipated expiration: 2034-11-27
Also published as: CN105704101A

Abstract

The embodiment of the invention discloses a kind of method and apparatus for PUSH message, are related to field of communication technology, help to improve safety and reduce the burden of equipment.The specific scheme is that server obtains the first field, first field is the data generated according to DH agreement, the first random number and DH parameter, first random number is the data generated according to the private cipher key of user equipment and the mark of server, and DH parameter is the parameter that user equipment and server are shared；Server obtains first key according to DH agreement, the second random number, the first field and DH parameter, and the second random number is the random number that server generates；Server encrypts first message using first key, obtains encrypted first message, and first message is the message that server is pushed to user equipment；Server sends the second field to user equipment and encrypted first message, the second field are the data generated according to DH agreement, the second random number and DH parameter.

Description

A kind of method and apparatus for PUSH message

Technical field

The present invention relates to field of communication technology more particularly to a kind of method and apparatus for PUSH message.

Background technique

In Internet service of today, server, such as application service provider (Application Service Provider, ASP) server, Push Service can be provided for user equipment.For this Push Service, user equipment is only needed Disposably registered or authorized, the ASP server can in multiple times, initiatively to user equipment PUSH message. But most of ASP server cannot need to pass through third-party platform directly to user equipment PUSH message (Third-Party Platform, TPP) server forwards pushed message to user equipment.Common TPP includes: short message Or mail service provider, apple push notification service (Apple Push Notification Service, APNs) and wechat Public platform etc..

In order to enable TPP server can not obtain the message that ASP server is pushed to user equipment, the ASP server To before the user equipment PUSH message, it is graceful that diffie-hellman can be used in the ASP server and the user equipment (Diffie-Hellman, DH) agreement carries out key agreement, obtains symmetric key.The ASP server can be used described symmetrical Key encrypts the PUSH message, and correspondingly, the symmetric key can be used in the user equipment, to the push Message is decrypted.Such as: the user equipment can receive multiple ASP servers, such as the first ASP server and the 2nd ASP Server, the message of push.The user equipment and the first ASP server are negotiated to determine the first symmetric key, save with Corresponding first symmetric key of the first ASP server.The user equipment is also negotiated with the 2nd ASP server It determines the second symmetric key, saves second symmetric key determined with the 2nd ASP server.In this way, the user Equipment needs to expend more memory space to save symmetric key, reduces safety；The user equipment also needs to configure For the administrative mechanism of the symmetric key, can quickly to search after the message for receiving a certain ASP server push Symmetric key corresponding with a certain ASP server out, increases the burden of user equipment.

Summary of the invention

The embodiment of the present invention provides a kind of method and apparatus for PUSH message, helps to improve safety and reduction The burden of equipment.

In order to achieve the above objectives, the embodiment of the present invention adopts the following technical scheme that

In a first aspect, providing a kind of method for PUSH message, comprising:

Server obtains the first field, and first field is to be generated according to DH agreement, the first random number and DH parameter Data, first random number is the data generated according to the private cipher key of user equipment and the mark of the server, described DH parameter is the parameter that the user equipment and the server are shared；

The server obtains the according to the DH agreement, the second random number, first field and the DH parameter One key, second random number are the random number that the server generates；

The server encrypts first message using the first key, obtains encrypted first message, and described first Message is the message that the server is pushed to the user equipment；

The server sends the second field and the encrypted first message, second word to the user equipment Section is the data generated according to the DH agreement, second random number and the DH parameter.

With reference to first aspect, in the first possible implementation of the first aspect, the server obtains the first word Section include:

The server receives the request message that the user equipment is sent, and the request message is for requesting the service Device provides Push Service, and the request message includes first field；

The server obtains first field from the request message.

With reference to first aspect or the first possible implementation of first aspect, second in first aspect are possible In implementation, further includes:

The server obtains the according to the DH agreement, third random number, first field and the DH parameter Two keys, the third random number are the random number that the server generates；

The server encrypts second message using second key, obtains encrypted second message, and described second Message is the message that the server is pushed to the user equipment；

The server sends third field and the encrypted second message, the third word to the user equipment Section is the data generated according to the DH agreement, the third random number and the DH parameter.

Second of possible implementation of the possible implementation of with reference to first aspect the first or first aspect, In the third possible implementation of first aspect, the request message further includes the mark of the user equipment, further includes:

The server stores the corresponding relationship between first field and the mark of the user equipment.

Second aspect provides a kind of method for PUSH message, comprising:

User equipment receives the second field and encrypted first message that server is sent, according to second field The data that DH agreement, the second random number and DH parameter generate, second random number are the random number that the server generates, institute Stating DH parameter is the parameter that the user equipment and the server are shared；

The user equipment obtains the first random number, and first random number is the private cipher key according to the user equipment The data generated with the mark of the server；

The user equipment according to the DH agreement, first random number, second field and the DH parameter, Obtain first key；

The user equipment is decrypted the encrypted first message using the first key, obtains first and disappears Breath, the first message are the message that the server is pushed to the user equipment.

In conjunction with second aspect, in the first possible implementation of the second aspect, the user equipment receives service Before the second field and encrypted first message that device is sent, further includes:

The user equipment obtains the first field, and first field is according to the DH agreement, first random number The data generated with the DH parameter；

The user equipment sends first field to the server.

In conjunction with the first possible implementation of second aspect, in second of possible implementation of second aspect In, the user equipment sends first field to the server, comprising:

The user equipment obtains request message, and the request message is used to request to provide push clothes to the server Business, the request message includes first field；

The user equipment sends the request message to the server.

In conjunction with the first possible implementation of second aspect, second aspect or second of possible reality of second aspect Existing mode, in the third possible implementation of the second aspect, further includes:

The user equipment receives the third field and encrypted second message that the server is sent, the third word Section is the data generated according to the DH agreement, third random number and the DH parameter, and the third random number is the service The random number that device generates；

The user equipment according to the DH agreement, first random number, the third field and the DH parameter, Obtain the second key；

The user equipment is decrypted using encrypted second message described in second key pair, obtains described the Two message, the second message are the message that the server is pushed to the user equipment.

The third aspect provides a kind of server, comprising:

First obtains unit, for obtaining the first field, first field is according to DH agreement, the first random number and DH The data that parameter generates, first random number are to be generated according to the private cipher key of user equipment and the mark of the server Data, the DH parameter are the parameter that the user equipment and the server are shared；

Second obtaining unit, for being joined according to the DH agreement, the second random number, first field and the DH Number, obtains first key, and second random number is the random number that the server generates；

Encryption unit, the first key for being obtained using second obtaining unit are encrypted first message, obtained Encrypted first message, the first message are the message that the server is pushed to the user equipment；

Transmission unit, for sending the second field and the encrypted first message to the user equipment, described the Two fields are the data generated according to the DH agreement, second random number and the DH parameter.

In conjunction with the third aspect, in the first possible implementation of the third aspect, further includes:

Receiving unit, the request message sent for receiving the user equipment, the request message are described for requesting Server provides Push Service, and the request message includes first field；

The first obtains unit is also used to obtain described from the request message that the receiving unit receives One field.

In conjunction with the possible implementation of the first of the third aspect or the third aspect, second in the third aspect is possible In implementation,

Second obtaining unit is also used to according to the DH agreement, third random number, first field and described DH parameter, obtains the second key, and the third random number is the random number that the server generates；

Second key encryption second message that the encryption unit is also used to obtain using second obtaining unit, Encrypted second message is obtained, the second message is the message that the server is pushed to the user equipment；

The transmission unit is also used to send third field and the encrypted second message, institute to the user equipment Stating third field is the data generated according to the DH agreement, the third random number and the DH parameter.

In conjunction with the first possible implementation of the third aspect or second of possible implementation of the third aspect, In the third possible implementation of the third aspect, the request message further includes the mark of the user equipment, further includes:

Storage unit, for storing the corresponding relationship between first field and the mark of the user equipment.

Fourth aspect provides a kind of user equipment, comprising:

Receiving unit, for receiving the second field and encrypted first message of server transmission, second field For the data generated according to DH agreement, the second random number and DH parameter, second random number be the server generate with Machine number, the DH parameter are the parameter that the user equipment and the server are shared；

First obtains unit, for obtaining the first random number, first random number is the private according to the user equipment The data for thering is the mark of key and the server to generate；

Second obtaining unit, for according to the DH agreement, first random number, second field and the DH Parameter obtains first key；

Decryption unit, the first key for being obtained using second obtaining unit is to described encrypted first Message is decrypted, and obtains first message, and the first message is the message that the server is pushed to the user equipment.

In conjunction with fourth aspect, in the first possible implementation of the fourth aspect, further includes:

Third obtaining unit, for receiving the second field and encrypted first that server is sent in the receiving unit Before message, the first field is obtained, first field is according to the DH agreement, first random number and the DH parameter The data of generation；

Transmission unit, for sending first field that the third obtaining unit obtains to the server.

In conjunction with the first possible implementation of fourth aspect, in second of possible implementation of fourth aspect In,

The third obtaining unit is also used to obtain request message, and the request message is used to mention to server request For Push Service, the request message includes first field；

The transmission unit is used to send the request message that the third obtaining unit obtains to the server.

In conjunction with the first possible implementation of fourth aspect, fourth aspect or second of possible reality of fourth aspect Existing mode, in the third possible implementation of the fourth aspect,

The receiving unit is also used to receive the third field and encrypted second message that the server is sent, described Third field is the data generated according to the DH agreement, third random number and the DH parameter, and the third random number is institute State the random number of server generation；

Second obtaining unit be also used to according to the DH agreement, first random number, the third field and The DH parameter obtains the second key；

After being encrypted described in second key pair that the decryption unit is also used to obtain using second obtaining unit Second message be decrypted, obtain the second message, the second message is that the server is pushed away to the user equipment The message sent.

Method and apparatus provided in an embodiment of the present invention for PUSH message, when the server is needed to the user When equipment PUSH message (i.e. first message), the first key can be used and encrypt the first message, obtains encrypted the One message.Second field of its own generation and the encrypted first message are sent to described by the server again User equipment.After the user equipment receives second field that the server is sent, the user equipment can be with According to the DH agreement, first random number, second field and the DH parameter, obtain described described to encrypt The first key of first message.The user equipment can decrypt the encrypted first message using the first key, obtain Obtain the first message.In this way, calculating can be passed through after the user equipment receives the encrypted message that the server is sent Key needed for decrypting the encrypted message is obtained, without saving the key for being directed to different server, it is empty to save storage Between, and the mechanism without being configured to management key, facilitate the burden for reducing user equipment.The user equipment with it is described Transmitting between server is first field and second field, and the not described first key helps to improve safety.

Detailed description of the invention

In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this Some embodiments of invention without any creative labor, may be used also for those of ordinary skill in the art To obtain other drawings based on these drawings.

Fig. 1 is the method flow diagram that one of embodiment of the present invention 1 is used for PUSH message；

A kind of method flow diagram for PUSH message that Fig. 2 is in the embodiment of the present invention 2；

A kind of method flow diagram for PUSH message that Fig. 3 is in the embodiment of the present invention 3；

Fig. 4 is the schematic diagram of one of the embodiment of the present invention 4 server；

Fig. 5 is the schematic diagram of another server in the embodiment of the present invention 4；

Fig. 6 is the schematic diagram of another server in the embodiment of the present invention 4；

Fig. 7 is the schematic diagram of one of the embodiment of the present invention 5 user equipment；

Fig. 8 is the schematic diagram of another user equipment in the embodiment of the present invention 5；

Fig. 9 is the schematic diagram of one of the embodiment of the present invention 6 server；

Figure 10 is the schematic diagram of another server in the embodiment of the present invention 6；

Figure 11 is the schematic diagram of one of the embodiment of the present invention 7 user equipment；

Figure 12 is the schematic diagram of 7 another user equipment in the embodiment of the present invention.

Specific embodiment

Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other Embodiment shall fall within the protection scope of the present invention.

To facilitate understanding of the present embodiment of the invention, the several arts that can be introduced in description of the embodiment of the present invention are introduced herein first Language:

ASP is to provide the supplier of the various services such as configuration, lease and management application software for enterprise or individual. ASP server in the embodiment of the present invention can provide Push Service for user equipment, to user equipment PUSH message.

TPP server can provide application programming interface (Application Programming for ASP server Interface, API), the message of ASP server push is forwarded to user equipment.

In embodiments of the present invention, server can receive the first field from user equipment.The server is according to DH Agreement, the second random number, first field and DH parameter obtain first key.Wherein, second random number is described The data that server generates at random.The DH parameter is the parameter that the server and the user equipment share.When the clothes When being engaged in device to user equipment PUSH message (i.e. the first message), the server is using first key encryption described the One message obtains encrypted first message.After the server sends the second field and the encryption to the user equipment First message.Second field is the data generated according to the DH agreement, second random number and the DH parameter. The user equipment, can be according to DH agreement, the first random number, institute after receiving second field that the server is sent The second field and the DH parameter are stated, the first key is obtained.Wherein, first random number is set according to the user The data that the mark of standby private cipher key and the server generates.The first key that the user equipment obtains can be used to The encrypted first message is decrypted, the first message is obtained.

Following embodiments of the invention pass through between the server and user equipment with the server for ASP server For the interaction of TPP server, it is illustrated.The server can also can provide the clothes of Push Service to be other for user equipment Business device, no longer illustrates one by one herein.The server and the user equipment can also by the servers of other platforms or Forwarding device interacts, and no longer illustrates one by one herein.

Embodiment 1

The embodiment of the present invention 1 is from the angle of ASP server, to provided in an embodiment of the present invention a kind of for PUSH message Method be illustrated.As shown in Figure 1, the method provided in an embodiment of the present invention for PUSH message includes:

S101, ASP server obtain the first field.

For example, the ASP server can receive the first field that user equipment is sent, institute by TPP server Stating ASP server and can directly receiving first field that the user equipment is sent or the ASP server directly to connect First field that the user equipment is sent by forwarding device is received, the forwarding device does not include the TPP server.

For example, the ASP server receives the request message that the user equipment is sent, and the request message is used for The ASP server is requested to provide Push Service, the request message includes first field；The ASP server is from institute It states and obtains first field in request message.

For example, first field is the data generated according to DH agreement, the first random number and DH parameter.Described One random number is the data generated according to the private cipher key of the user equipment and the mark of the ASP server.The DH ginseng Number is the parameter that the user equipment and the ASP server are shared.Wherein, first field can be the user equipment It generates, can also be generated for other believable third party devices.It is raw that first random number can be the user equipment At.

For example, the TPP server preserves the mark of the user equipment and the mark of the ASP server, When the user equipment and the ASP server are interacted by the TPP server, the user equipment can pass through The TPP server obtains the mark of the ASP server, and the ASP server can also be obtained by the TPP server The mark of the user equipment.Wherein, the mark of the user equipment can be the title of the user equipment, the user sets Address Internet protocol (Internet Protocol, IP) of standby coding, the user equipment, the user equipment matchmaker Body access control address (Media Access Control, MAC) etc. can be identified for that the information of the user equipment.The ASP The mark of server can be the title of the ASP server, the coding of the ASP server, the ASP server IP Location, MAC Address of the ASP server etc. can be identified for that the information of the ASP server.Herein no longer to the user equipment Mark and other possibility of mark of the ASP server be illustrated in the form of.

For example, if first table of random numbers is shown as R_u, the DH parameter includes the first parameter, and the first parameter can table It is shown as p, first field is represented by Y_user, then first field can be used following formula and calculate acquisition, specifically:

Wherein, the p is a prime number.G is the primitive root of p, and g is the second parameter, and the g can be calculated according to the p and be obtained. Numerical value gmodp, g²Modp, g³Modp ..., g^p-1Modp is different integers and constitutes all integers from 1 to p-1.

For example, if the p=11, due to 2mod11=2,2²Mod11=4,2³Mod11=8,2⁴Mod11=5, 2⁵Mod11=10,2⁶Mod11=9,2⁷Mod11=7,2⁸Mod11=3,2⁹Mod11=6,2¹⁰Mod11=1, and 2,4,8,5, 10,9,7,3,6 and 1, all integers from 1 to 10 are constituted, therefore, 2 be 11 primitive root, and the value of the g can be 2.The value of the p is not limited to 11, and the value of the g is also not limited to 2, herein its no longer to the p and g Its value is illustrated.

It for example, can be through consultation while the ASP server and the user equipment determine the p or later Or static configuration, it determines the g, the p's and g is not being determined to the ASP server and the user equipment herein Process is repeated.

For example, first random number is serviced according to the private cipher key of the user equipment and the ASP The data that the mark of device generates, first random number correspond to the ASP server and the user equipment.First word Section is the data generated according to first random number, the DH parameter and the DH agreement, and first field corresponds to institute State ASP server and the user equipment.

S102, the ASP server are joined according to the DH agreement, the second random number, first field and the DH Number obtains first key.

For example, second random number is the random number that the ASP server generates.The DH parameter can be institute The parameter that ASP server and the user equipment determine through consultation is stated, can also be the ASP server and the user equipment The parameter being statically configured.

For example, when the ASP server is to same user equipment PUSH message, the ASP server can be for every The message of item push generates different random numbers.It is raw i.e. when the ASP server pushes first message to the user equipment At the second random number；When the ASP server pushes second message to the user equipment, third random number is generated, it is described Third random number may differ from the second random number.Wherein, the first message and the second message are the ASP server The message pushed to the user equipment.When the ASP server is to same user equipment PUSH message, the ASP server Random number can be periodically generated, obtains the first key using the random number periodically generated.The even described ASP service Device pushes the first message and the second message to the user equipment in same period, then second random number and The third random number is identical, if the ASP server pushes the first message to the user equipment in different cycles With the second message, then second random number is different with the third random number.

For example, when the ASP server is to different user devices PUSH message, the ASP server can be for not Same user equipment generates different random numbers, can also generate identical random number for different users, not repeat herein.

For example, before the ASP server pushes the first message to the user equipment, the ASP is obtained Second random number be represented by R_i, first field is represented by Y_user, the ASP server obtain described the One key can indicate K_i.The first key can be used following formula and calculate acquisition, specifically:

S103, the ASP server encrypt the first message using the first key, obtain encrypted first and disappear Breath.

For example, the first message that the ASP server is pushed to the user equipment is carried in the ASP In the message that server generates.After in the payload (pay load) for the message that the ASP server generates may include the encryption First message, the heading for the message that the ASP server generates may include source address and destination address, the source address packet The mark of the ASP server is included, the destination address includes the mark of the user equipment.

After S104, the ASP server send the second field and the encryption to the user equipment by TPP server First message, second field is the data generated according to the DH agreement, second random number and the DH parameter.

For example, the ASP server can be obtained according to the DH agreement, second random number and the DH parameter Obtain second field.Second table of random numbers is shown as R_i, the DH parameter includes the first parameter, and first parameter indicates For p, second field is represented by Y_i, second field, which can be used following formula and calculate, to be obtained, specifically:

For example, second field and the encrypted first message are sent to described by the ASP server TPP server, by the TPP server, Xiang Suoshu user equipment sends second field and described encrypted first Message.

For example, if first field isEven if first field is by other equipment It intercepts and captures, in the case where not knowing the second random number, other equipment can not generate first key, and then can not decrypt use The encrypted first message of first key.

If g=2, p=11, R_i=8, then first field is Y_user=2⁵Mod11=10, according to the DH agreement, Second random number (the R_i=8), the first field (Y_user=10) and the DH parameter (p=11) is calculated first Key is K_i=Y_user^R_iModp=10⁸Mod11=1.If other equipment have intercepted and captured the first field, that is, the first field is intercepted and captured Numerical value is 10, is not knowing the second random number (R_i=8) in the case where, the other equipment are can not basisFirst key is calculated, and then can not decrypt and be disappeared using the first key encrypted first Breath.Therefore, the privacy of user can be effectively protected using this encryption method.Such as the description in S102, since the ASP takes Business device generates the random number that uses when the first key may be different, and therefore, the ASP server is to encryption to user equipment The first key used by the message of push may also be different, help to further increase safety.

Method provided in an embodiment of the present invention for PUSH message, ASP server can according to DH agreement, DH parameter, come The second random number generated from the first field of user equipment and the ASP server obtains for encrypting first message One key.For the ASP server by TPP server, Xiang Suoshu user equipment sends second field and the encryption First message, even if the TPP server intercepts second field, the TPP server can not be according to second words Section obtains the first key, and then can not decrypt the first message of the encryption, helps avoid the TPP server and obtains The message that the ASP server is pushed to the user equipment, helps to improve the safety of transmission.

Optionally, the method provided in an embodiment of the present invention for PUSH message further include:

The ASP server is obtained according to the DH agreement, third random number, first field and the DH parameter The second key is obtained, the third random number is the random number that the ASP server generates；

The ASP server encrypts second message using second key, obtains encrypted second message, and described the Two message are the message that the ASP server is pushed to the user equipment；

The ASP server sends third field and the encrypted second message to the user equipment, and described the Three fields are the data generated according to the DH agreement, the third random number and the DH parameter.

Optionally, the request message further includes the mark of the user equipment, provided in an embodiment of the present invention for pushing away The method for sending message further include: the server saves the corresponding pass between first field and the mark of the user equipment System.

Embodiment 2

The embodiment of the present invention 2 is from the angle of user equipment, to provided in an embodiment of the present invention a kind of for PUSH message Method be illustrated.As shown in Fig. 2, the method provided in an embodiment of the present invention for PUSH message includes:

S201, user equipment receive the second field and encrypted first that ASP server is sent by TPP server and disappear Breath.

For example, second field is the data generated according to DH agreement, the second random number and DH parameter.Described Two random numbers are the random number that the ASP server generates.The DH parameter is that the user equipment and the ASP server are total The parameter enjoyed.The DH parameter can be the parameter that the ASP server and the user equipment determine through consultation, can also be The parameter that the ASP server and the user equipment are statically configured.

For example, second random number is represented by R_i, the DH parameter includes the first parameter, first parameter It is represented by p, second field is represented by Y_i, second field, which can be used following formula and calculate, to be obtained, specifically:

For example, p can be a prime number, and g can be the primitive root of p, and the g is the second parameter, and the g can be according to institute It states p and calculates acquisition.Numerical value gmodp, g²Modp, g³Modp ..., g^p-1Modp is different integers and is formed with certain arrangement mode All integers from 1 to p-1.

S202, the user equipment obtain the first random number, and first random number is the private according to the user equipment The data for thering is the mark of key and the ASP server to generate.

The private cipher key of the user equipment is privately owned one of the user equipment not to key disclosed in other equipment. For example, the private cipher key of the user equipment can be a preset password.For different ASP servers, The private cipher key of the user equipment can be set to different passwords, for example for the first ASP server, the user is set Standby private cipher key can be the first private cipher key；For the 2nd ASP server, the private cipher key of the user equipment can be Second private cipher key, second private cipher key are different from first private cipher key.It is described for different ASP servers The private cipher key of user equipment is set to identical password, such as first private cipher key and the second private cipher key phase Together.The embodiment of the present invention to the particular content of the private cipher key of user equipment without limitation.

For example, the TPP server preserves the mark of the user equipment and the mark of the ASP server, When the user equipment and the ASP server are interacted by the TPP server, the user equipment can pass through The TPP server obtains the mark of the ASP server, and the ASP server can also be obtained by the TPP server The mark of the user equipment.

For example, first random number is corresponding with the user equipment and the ASP server.The user equipment It is random described first can be generated using pseudo-random number generator (Pseudo Random Number Generator, RPNG) Number, when the parameter for inputting the RPNG is identical, the random number that the RPNG is generated is also identical.If the user equipment is privately owned Key is SK_user, the ASP server is identified as ID_ASP, then first random number R_uFollowing formula calculating can be used to obtain , specifically:

R_u=PRNG (SK_user,ID_ASP)。

S203, the user equipment are according to the DH agreement, first random number, second field and the DH Parameter obtains first key.

For example, first table of random numbers is shown as R_u, second field that the user equipment receives indicates ForThen the first key can be used following formula and calculate acquisition, specifically:

The first key phase that the first key that the i.e. described user equipment obtains is obtained with ASP server described in S102 Together.

S204, the user equipment are decrypted the encrypted first message using the first key, obtain First message, the first message are the message that the ASP server is pushed to the user equipment.

For example, if second field isEven if second field is cut by other equipment It obtains, in the case where not knowing the first random number, other equipment can not generate first key, and then can not decrypt using institute State the encrypted first message of first key.

If g=2, p=11, R_u=5, then second field is Y_i=2⁸Mod11=3 can then be assisted according to the DH View, the first random number (R_u=5), the second field (Y_i=3) and the DH parameter (p=11), it is calculated first Key is K_i=Y_i^R_uModp=3⁵Mod11=1；Even if it is 3 that other equipment, which have intercepted and captured the second field, do not knowing that first is random Number (R_u=5) in the case where, other equipment are can not basisFirst key is calculated, and then can not Decryption uses the encrypted first message of the first key.

Method provided in an embodiment of the present invention for PUSH message, user equipment can according to DH agreement, DH parameter, come from The first random number that second field of ASP server and the user equipment generate, obtains first key.Since the user sets Standby not by TPP server, Xiang Suoshu ASP server sends first random number, therefore, even if the TPP server is cut Second field is obtained, the TPP server can not obtain described first under the premise of not obtaining first random number Key further improves the safety of transmission.The user equipment does not need storage and the ASP server corresponding first Key does not need to configure corresponding key management mechanism yet, facilitates the burden for reducing the user equipment, reduces and occupies storage Space.

Optionally, before the S201, the method provided in an embodiment of the present invention for PUSH message further include: the use Family equipment obtains the first field, and first field is raw according to the DH agreement, first random number and the DH parameter At data；The user equipment sends first field to the server.

For example, first field is identical as the first field in embodiment one, is not repeating herein.Described first Field can for the user equipment generate, or trusted third party's equipment generate, the embodiment of the present invention to this not into Row limits.

For example, the user equipment can obtain first random number before obtaining first field.It is described User equipment, from the TPP server or the ASP server, can obtain the ASP before obtaining first random number The mark of server.

For example, the user equipment can obtain request message after obtaining first field or simultaneously.It is described Request message is used to request to provide Push Service to the ASP server.The request message includes first field.It is described User equipment sends the request message to the ASP server.

The user equipment receives the third field and encrypted second message that the ASP server is sent, and described the Three fields are the data generated according to the DH agreement, third random number and the DH parameter, and the third random number is described The random number that ASP server generates；

The user equipment is decrypted using encrypted second message described in second key pair, obtains described the Two message, the second message are the message that the ASP server is pushed to the user equipment.

Embodiment 3

The embodiment of the present invention 3 be from the angle interacted between ASP server and user equipment by TPP server, it is right A kind of method for PUSH message provided in an embodiment of the present invention is illustrated.As shown in figure 3, provided in an embodiment of the present invention Method for PUSH message includes: the process for subscribing to Push Service and the process of PUSH message.

Specifically, the process for subscribing to Push Service includes: S301-S305.

S301, user equipment obtain the first field.

For example, first field is the data generated according to DH agreement, the first random number and DH parameter；Described One random number is the data generated according to the private cipher key of the user equipment and the mark of the ASP server；The DH ginseng Number is the parameter that the user equipment and the ASP server are shared.In first field and embodiment 1 or embodiment 2 First field is identical, is not repeating herein.

For example, the content of first random number can be random with the associated description in reference implementation example 2, described first Number is expressed as R_u=PRNG (SK_user,ID_ASP).The DH parameter includes the first parameter, and first parameter is represented by p, and g is Second parameter, the g can be calculated according to the p and be obtained, and first field that the user equipment obtains is specially

S302, the user equipment obtain request message, and the request message is used to request to provide push to ASP server Service, the request message includes the mark of first field and the user equipment.

S303, the user equipment send the request message to the ASP server by TPP server.

S304, the ASP server obtain the first field from the request message that the user equipment is sent.

S305, the ASP server store the corresponding relationship between first field and the mark of the user equipment.

For example, the corresponding relationship includes the mark of first field and the user equipment.The ASP service Device stores the corresponding relationship, facilitates the ASP server when to the user equipment PUSH message, without frequently from institute It states user equipment and obtains first field, help fast and effeciently to obtain first field, help to improve work effect Rate.

The process of PUSH message includes: S306-S316.

S306, the ASP server are joined according to the DH agreement, the second random number, first field and the DH Number, obtains first key, and second random number is the random number that the ASP server generates.

For example, the ASP server can obtain the first field Y from the corresponding relationship of storage_user。 The second random number that the ASP server generates every time may be different.Assuming that ASP server i-th disappears to user equipment push The second random number for ceasing (first message) Shi Shengcheng is R_i, then the ASP server is according to the second random number R_i, the first field Y_userAnd the first key that the DH parameter generates are as follows:

S307, the ASP server encrypt the first message using the first key, obtain encrypted first and disappear Breath, the first message are the message that ASP server is pushed to user equipment.

After S308, the ASP server send the second field and encryption to the user equipment by the TPP server First message, second field is the data generated according to the DH agreement, second random number and the DH parameter.

For example, second random number is R_i, second field isSecond field It can be obtained after the ASP server obtains second random number, second field can be raw by the ASP server At or believable third party device generate, the believable third equipment may not include the TPP server.

S309, the user equipment obtain first random number.

For example, the user equipment can be according to the private cipher key of the user equipment and the mark of the server Regenerate first random number R_u.The calculation method of first random number and the meter of the first random number in embodiment 2 Calculation method is identical, and details are not described herein.

S310, the user equipment are according to the DH agreement, first random number, second field and the DH Parameter obtains the first key.

Since first random number is R_u, second field be that then the user equipment obtains First key are as follows:It is serviced with ASP described in S306 The first key that device obtains is identical.

S311, the user equipment are decrypted the encrypted first message using the first key, obtain The first message.

After S311, the ASP sends second message to the user equipment, and first key encryption institute still can be used State second message.

In order to further increase the safety of transmission, the ASP server needs to push described the to the user equipment When two message, the ASP server can encrypt second message using the second key, that is, execute following S312-S316.S312- S316 is optional content.Wherein, the second message can be different from the first message, and second key can be with institute State first key difference.

S312, the ASP server are joined according to the DH agreement, third random number, first field and the DH Number, obtains second key, and the third random number is the random number that the ASP server generates.

For example, the ASP server can obtain the first word of the user equipment from the corresponding relationship of storage Section Y_user.The third random number that the ASP server generates may be different from second random number.The third random number can It is expressed as R_j, second key is represented by

S313, the ASP server encrypt the second message using second key, obtain encrypted second and disappear Breath, the second message are the message that the ASP server is pushed to the user equipment.

S314, the ASP server by the TPP server to the user equipment send third field and it is described plus Second message after close, the third field are to be generated according to the DH agreement, the third random number and the DH parameter Data.

For example, the third field is represented byThe third field can be taken by the ASP Business device generates, and can also be generated by believable third party device.The believable third party device may not include the TPP service Device.

S315, the user equipment are according to the DH agreement, first random number, the third field and the DH Parameter obtains second key.

For example, first random number is R_u, the third field be that then the user sets Standby second key obtained may be expressed as:With Second key that ASP server described in S312 is obtained is identical.

S316, the user equipment are decrypted using encrypted second message described in second key pair, are obtained The second message.

In method provided in an embodiment of the present invention, after S316, if the ASP server is also pushed to the user equipment Message, then repeatable execution S312-S316 or the ASP server are encrypted using the first key sets to the user The message of standby push, details are not described herein.

Method provided in an embodiment of the present invention for PUSH message, the ASP server is every time to the user equipment PUSH message, such as the first message or the second message, the ASP server can be used the first key encrypt to The message of the user equipment push.In order to improve the safety of transmission, the ASP server can be obtained for the first message The first key is obtained, second key is obtained for the second message, helps avoid the TPP server and crack institute State key used by ASP server.The user equipment receives encrypted the pushing away from ASP server transmission every time Message is sent, the user equipment produces the key to decrypt the encrypted PUSH message, for example, the user equipment The first key to decrypt encrypted first message is produced, the user equipment also produces encrypted to decrypt Second key of second message, in this way, the user equipment is just not necessarily to store and multiple is used to decrypt encrypted PUSH message Key facilitates the burden for reducing the user equipment, reduces the occupancy of memory space.

Embodiment 4

The embodiment of the present invention provides a kind of server.The server can be the clothes of the ASP in embodiment 1 or embodiment 3 The method that ASP server described in embodiment 1 or embodiment 3 executes can be performed in business device, above-mentioned server.As shown in figure 4, described Server includes: first obtains unit 40, the second obtaining unit 41, encryption unit 42 and transmission unit 43.

For the first obtains unit 40 for obtaining the first field, first field is according to DH agreement, first random The data that several and DH parameter generates, first random number are according to the private cipher key of user equipment and the mark of the server The data of generation, the DH parameter are the parameter that the user equipment and the server are shared.

Second obtaining unit 41 is used for according to the DH agreement, the second random number, first field and described DH parameter, obtains first key, and second random number is the random number that the server generates.

The first key encryption first that the encryption unit 42 is used to obtain using second obtaining unit 41 disappears Breath, obtains encrypted first message, and the first message is the message that the server is pushed to the user equipment.

The transmission unit 43 is used to send the second field and the encrypted first message, institute to the user equipment Stating the second field is the data generated according to the DH agreement, second random number and the DH parameter.

Optionally, as shown in figure 5, the server further include: receiving unit 44.

The receiving unit 44 is used to receive the request message that the user equipment is sent, and the request message is for requesting The server provides Push Service, and the request message includes first field.

The first obtains unit 40 is also used to obtain the first word from the request message that the receiving unit 44 receives Section.

Optionally, second obtaining unit 41 is also used to according to the DH agreement, third random number, first field And DH parameter, the second key is obtained, the third random number is the random number that the server generates.

The second key encryption second message that the encryption unit 42 is also used to obtain using second obtaining unit 41, Encrypted second message is obtained, the second message is the message that the server is pushed to the user equipment.

The transmission unit 43 is also used to send third field and the encrypted second message to the user equipment, The third field is the data generated according to the DH agreement, the third random number and the DH parameter.

Optionally, the request message further includes the mark of the user equipment, as shown in fig. 6, the server also wraps It includes: storage unit 45.

The storage unit 45 is used to store the corresponding relationship between first field and the mark of the user equipment.

It should be noted that the specific descriptions of part functional module can refer in server provided in an embodiment of the present invention Corresponding content in embodiment of the method, the present embodiment are no longer described in detail here.Server in the embodiment of the present invention can be ASP server can be interacted between ASP server and user equipment by TPP server.

Server provided in an embodiment of the present invention, the server can according to DH agreement, DH parameter, from user equipment The second random number that first field and the server generate, obtains the first key for encrypting first message.The service Device sends the first message of second field and the encryption to the user equipment, even if other equipment have intercepted and captured described Two fields, other equipment can not obtain the first key according to second field, and then can not decrypt the encryption First message, help avoid other equipment and obtain the message that the server is pushed to the user equipment, help In the safety for improving transmission.

Embodiment 5

The embodiment of the present invention provides a kind of user equipment.The user equipment can be the use in embodiment 2 or embodiment 3 Family equipment.The method that the user equipment in embodiment 2 or embodiment 3 executes can be performed in the user equipment.As shown in fig. 7, can To include: receiving unit 50, first obtains unit 51, the second obtaining unit 52 and decryption unit 53.

The second field and encrypted first message that the receiving unit 50 is sent for receiving server, described second Field is the data generated according to DH agreement, the second random number and DH parameter, and the second random number is the random number that server generates, DH parameter is the parameter that user equipment and server are shared.

The first obtains unit 51 is according to the user equipment for obtaining the first random number, first random number Private cipher key and the server mark generate data.

Second obtaining unit 52 be used for according to the DH agreement, first random number, second field and The DH parameter obtains first key.

The first key that the decryption unit 53 is used to obtain using second obtaining unit 52 is to the encryption First message afterwards is decrypted, and obtains first message, and the first message is the message that server is pushed to user equipment.

Optionally, as shown in figure 8, the user equipment further includes third obtaining unit 54 and transmission unit 55.

The third obtaining unit 54 is also used to receive described second that the server is sent in the receiving unit 50 Before field and the encrypted first message, the first field is obtained, first field is according to the DH agreement, described The data that first random number and the DH parameter generate.

The transmission unit 55 is used to send the first field that the third obtaining unit 54 obtains to the server.

Further optionally, the third obtaining unit 54 is also used to obtain request message, and the request message is used for It requests to provide Push Service to the server, the request message includes first field.

The transmission unit 55 is also used to send the request report that the third obtaining unit 54 obtains to the server Text.

Optionally, the receiving unit 50 is also used to receive the third field and encrypted second that the server is sent Message, the third field are the data generated according to the DH agreement, third random number and the DH parameter, the third with Machine number is the random number that the server generates.

Second obtaining unit 52 be also used to according to the DH agreement, first random number, the third field with And the DH parameter, obtain the second key.

Add described in second key pair that the decryption unit 53 is also used to obtain using second obtaining unit 52 Second message after close is decrypted, and obtains second message, and the second message is that the server is pushed away to the user equipment The message sent.

It should be noted that the specific descriptions of part functional module can join in user equipment provided in an embodiment of the present invention Corresponding content in test method embodiment, the present embodiment are no longer described in detail here.The user in the embodiment of the present invention sets It is standby to be interacted by TPP server between the server.

User equipment provided in an embodiment of the present invention, the user equipment can according to DH agreement, DH parameter, come from server The second field and the user equipment generate the first random number, obtain first key.Since the user equipment does not pass through Other equipment, Xiang Suoshu server sends first random number, therefore, even if other equipment have intercepted and captured second word Section, other equipment can not obtain the first key, further increase under the premise of not obtaining first random number The safety of transmission.The user equipment does not need storage first key corresponding with the server, does not need to configure yet Corresponding key management mechanism facilitates the burden for reducing the user equipment, reduces and occupies memory space.

Embodiment 6

The embodiment of the present invention provides a kind of server, as shown in figure 9, may include: memory 61, processor 62 and transmission Device 63.

Memory 61, is used to store a set of program code.

Processor 62 for executing the program code of the storage of memory 61, and is specifically used for executing following operation: obtaining the One field, the first field are the data generated according to DH agreement, the first random number and DH parameter, and the first random number is according to user The data that the private cipher key of equipment and the mark of server generate, DH parameter are the parameter that user equipment and server are shared；Root According to DH agreement, the second random number, the first field and DH parameter, first key is obtained, the second random number is what server generated Random number；First message is encrypted using first key, obtains encrypted first message, first message is that server is set to user The message of standby push.

Transmitter 63, for sending the second field and encrypted first message to user equipment, according to the second field The data that DH agreement, the second random number and DH parameter generate.

Optionally, as shown in Figure 10, server further include: receiver 64.

Receiver 64, for receiving the request message of user equipment transmission, request message is pushed away for request server offer Business is taken, request message includes the first field.

Processor 62 is also used to obtain the first field from request message.

Optionally, processor 62, are also used to according to DH agreement, third random number, the first field and DH parameter, obtain the Two keys, third random number are the random number that server generates；Second message is encrypted using the second key, obtains encrypted the Two message, second message are the message that server is pushed to user equipment.

Transmitter 63, is also used to send third field and encrypted second message to user equipment, and third field is root The data generated according to DH agreement, third random number and DH parameter.

Optionally, request message further includes the mark of user equipment, and memory 61 is also used to store the first corresponding relationship, First corresponding relationship includes the mark of the first field and user equipment.

In embodiments of the present invention, memory 61, processor 62, transmitter 63 are connected with receiver 64 by bus and complete At mutual communication.

Wherein, it is total to can be industry standard architecture (Industry Standard Architecture, ISA) for bus Line, external equipment interconnection (Peripheral Component Interconnect, PCI) bus or extension Industry Standard Architecture Structure (Extended Industry Standard Architecture, EISA) bus etc..It is total that the bus can be divided into address Line, data/address bus, control bus etc..Only to be indicated with a thick line in Fig. 9 and Figure 10 convenient for indicating, it is not intended that only A piece bus or a type of bus.

Processor 62 can be server control centre, as central processing unit (Central Processing Unit, CPU), which can use the various pieces of various interfaces and the entire ASP server of connection, by running or holding The program code and/or module that row is stored in memory 61, and the data being stored in memory 61 are called, to execute clothes The various functions of business device.The processor 61 can be by integrated circuit (Integrated Circuit, IC) or specific integrated electricity Road (Application Specific Integrated Circuit, ASIC) forms (for example, the processor 61 can be by list The IC of encapsulation is formed), it can also be made of the encapsulation IC for connecting more identical functions or different function.For example, locate Managing device 62 can only include CPU, be also possible to CPU, image processor (Graphic Processing Unit, GPU), number Control chip (such as base band core in signal processor (Digital Signal Processor, DSP) and communication unit Piece) combination.In embodiments of the present invention, CPU can be single operation core, also may include multioperation core.

Embodiment 7

The embodiment of the present invention provides a kind of user equipment, and as shown in figure 11, which includes: memory 71, receives Device 72 and processor 73.

Memory 71, is used to store a set of program code.

Receiver 72, for receiving the second field and encrypted first message of server transmission, the second field is root According to the data that DH agreement, the second random number and DH parameter generate, the second random number is the random number that server generates, and DH parameter is The parameter that user equipment and server are shared.

Processor 73 for executing the program code of the storage of memory 71, and is specifically used for executing following operation: obtaining the One random number, the first random number are the data generated according to the private cipher key of user equipment and the mark of server；It is assisted according to DH View, the first random number, the second field and DH parameter obtain first key；Using first key to encrypted first message It is decrypted, obtains first message, first message is the message that server is pushed to user equipment.

Optionally, as shown in figure 12, user equipment further include: transmitter 74.

Processor 73, be also used to receiver 72 receive server send the second field and encrypted first message it Before, the first field is obtained, the first field is the data generated according to DH agreement, the first random number and DH parameter.

Transmitter 74, for sending the first field to server.

Optionally, processor 73, are also used to obtain request message, and request message is used to request to provide push clothes to server Business, request message include the first field.

Transmitter 74 is also used to send request message to server.

Optionally, receiver 72 are also used to receive the third field and encrypted second message of server transmission, third Field is the data generated according to DH agreement, third random number and DH parameter, and third random number is the random number that server generates.

Processor 73 is also used to obtain the second key according to DH agreement, the first random number, third field and DH parameter； It is decrypted using the second message after the second key pair encryption, obtains second message, second message is that server is set to user The message of standby push.

In embodiments of the present invention, memory 71, receiver 72, processor 73 are connected with transmitter 74 by bus and complete At mutual communication.

Wherein, it is total to can be industry standard architecture (Industry Standard Architecture, ISA) for bus Line, external equipment interconnection (Peripheral Component Interconnect, PCI) bus or extension Industry Standard Architecture Structure (Extended Industry Standard Architecture, EISA) bus etc..It is total that the bus can be divided into address Line, data/address bus, control bus etc..Only to be indicated with a thick line in Figure 11 and Figure 12 convenient for indicating, it is not intended that only A piece bus or a type of bus.

Processor 73 can be central processing unit (Central Processing Unit, CPU), or CPU, number Control chip (such as base band core in word signal processor (Digital Signal Processor, DSP) and communication unit Piece) combination.In embodiments of the present invention, CPU can be single operation core, also may include multioperation core.

Receiver 72 and transmitter 74 can be the device that wireless signal is sent and received by antenna, or other The device that signal sends and receives interface is provided.

It should be noted that the specific descriptions of part functional module can join in user equipment provided in an embodiment of the present invention Corresponding content in test method embodiment, the present embodiment are no longer described in detail here.User equipment in the embodiment of the present invention with It can be interacted by TPP server between server.

Through the above description of the embodiments, it is apparent to those skilled in the art that, for description It is convenienct and succinct, only the example of the division of the above functional modules, in practical application, can according to need and will be upper It states function distribution to be completed by different functional modules, i.e., the internal structure of device is divided into different functional modules, to complete All or part of function described above.The specific work process of the system, apparatus, and unit of foregoing description, before can referring to The corresponding process in embodiment of the method is stated, details are not described herein.

In several embodiments provided herein, it should be understood that disclosed system, device and method can be with It realizes by another way.For example, the apparatus embodiments described above are merely exemplary, for example, the module or The division of unit, only a kind of logical function partition, there may be another division manner in actual implementation, such as multiple units Or component can be combined or can be integrated into another system, or some features can be ignored or not executed.Another point, institute Display or the mutual coupling, direct-coupling or communication connection discussed can be through some interfaces, device or unit Indirect coupling or communication connection can be electrical property, mechanical or other forms.

The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme 's.

It, can also be in addition, the functional units in various embodiments of the present invention may be integrated into one processing unit It is that each unit physically exists alone, can also be integrated in one unit with two or more units.Above-mentioned integrated list Member both can take the form of hardware realization, can also realize in the form of software functional units.

If the integrated unit is realized in the form of SFU software functional unit and sells or use as independent product When, it can store in a computer readable storage medium.Based on this understanding, technical solution of the present invention is substantially The all or part of the part that contributes to existing technology or the technical solution can be in the form of software products in other words It embodies, which is stored in a storage medium, including some instructions are used so that a computer It is each that equipment (can be personal computer, server or the network equipment etc.) or processor (processor) execute the present invention The all or part of the steps of embodiment the method.And storage medium above-mentioned includes: USB flash disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic or disk Etc. the various media that can store program code.

The above description is merely a specific embodiment, but scope of protection of the present invention is not limited thereto, any Those familiar with the art in the technical scope disclosed by the present invention, can easily think of the change or the replacement, and should all contain Lid is within protection scope of the present invention.Therefore, protection scope of the present invention should be based on the protection scope of the described claims.

Claims

1. a kind of method for PUSH message, which is characterized in that the described method includes:

Server obtains the first field, and first field is according to the graceful DH agreement of diffie-hellman, the first random number and DH parameter The data of generation, first random number are the number generated according to the private cipher key of user equipment and the mark of the server According to the DH parameter is the parameter that the user equipment and the server are shared；

It is close to obtain first according to the DH agreement, the second random number, first field and the DH parameter for the server Key, second random number are the random number that the server generates；

The server encrypts first message using the first key, obtains encrypted first message, the first message The message pushed for the server to the user equipment；

The server sends the second field to the user equipment and the encrypted first message, second field are According to the data that the DH agreement, second random number and the DH parameter generate, second field is for making the use Family equipment obtains the first key for decrypting the encrypted first message.

2. the method according to claim 1, wherein the first field of server acquisition includes:

The server receives the request message that the user equipment is sent, and the request message is for requesting the server to mention For Push Service, the request message includes first field；

The server obtains first field from the request message.

3. method according to claim 1 or 2, which is characterized in that the method also includes:

It is close to obtain second according to the DH agreement, third random number, first field and the DH parameter for the server Key, the third random number are the random number that the server generates；

The server encrypts second message using second key, obtains encrypted second message, the second message The message pushed for the server to the user equipment；

The server sends third field to the user equipment and the encrypted second message, the third field are The data generated according to the DH agreement, the third random number and the DH parameter.

4. according to the method described in claim 2, it is characterized in that, the request message further includes the mark of the user equipment Know, the method also includes:

The server saves the corresponding relationship between first field and the mark of the user equipment.

5. a kind of method for PUSH message, which is characterized in that the described method includes:

User equipment receives the second field and encrypted first message that server is sent, and second field is according to enlightening The data that phenanthrene-Herman DH agreement, the second random number and DH parameter generate, second random number are what the server generated Random number, the DH parameter are the parameter that the user equipment and the server are shared；

The user equipment obtains the first random number, and first random number is according to the private cipher key of the user equipment and institute State the data that the mark of server generates；

The user equipment is obtained according to the DH agreement, first random number, second field and the DH parameter First key；

The user equipment is decrypted the encrypted first message using the first key, obtains first message, The first message is the message that the server is pushed to the user equipment.

6. according to the method described in claim 5, it is characterized in that, the user equipment receives the second field that server is sent Before encrypted first message, the method also includes:

The user equipment obtains the first field, and first field is according to the DH agreement, first random number and institute State the data of DH parameter generation；

The user equipment sends first field to the server.

7. according to the method described in claim 6, it is characterized in that, the user equipment sends described first to the server Field, comprising:

The user equipment obtains request message, and the request message is used to request to provide Push Service, institute to the server Stating request message includes first field；

The user equipment sends the request message to the server.

8. the method according to any one of claim 5-7, which is characterized in that the method also includes:

The user equipment receives the third field and encrypted second message that the server is sent, and the third field is According to the data that the DH agreement, third random number and the DH parameter generate, the third random number is raw for the server At random number；

The user equipment is obtained according to the DH agreement, first random number, the third field and the DH parameter Second key；

The user equipment is decrypted using encrypted second message described in second key pair, is obtained described second and is disappeared Breath, the second message are the message that the server is pushed to the user equipment.

9. a kind of server, which is characterized in that the server includes:

First obtains unit, for obtain the first field, first field be according to the graceful DH agreement of diffie-hellman, first with The data that machine number and DH parameter generate, first random number are according to the private cipher key of user equipment and the mark of the server Know the data generated, the DH parameter is the parameter that the user equipment and the server are shared；

Second obtaining unit, for obtaining according to the DH agreement, the second random number, first field and the DH parameter First key is obtained, second random number is the random number that the server generates；

Encryption unit, the first key for being obtained using second obtaining unit are encrypted first message, are encrypted First message afterwards, the first message are the message that the server is pushed to the user equipment；

Transmission unit, for sending the second field and the encrypted first message, second word to the user equipment Section is the data generated according to the DH agreement, second random number and the DH parameter, and second field is for making institute It states user equipment and obtains the first key for decrypting the encrypted first message.

10. server according to claim 9, which is characterized in that the server further include:

Receiving unit, the request message sent for receiving the user equipment, the request message is for requesting the service Device provides Push Service, and the request message includes first field；

The first obtains unit is also used to obtain first word from the request message that the receiving unit receives Section.

11. server according to claim 9 or 10, which is characterized in that

Second obtaining unit is also used to be joined according to the DH agreement, third random number, first field and the DH Number, obtains the second key, and the third random number is the random number that the server generates；

Second key encryption second message that the encryption unit is also used to obtain using second obtaining unit, obtains Encrypted second message, the second message are the message that the server is pushed to the user equipment；

The transmission unit is also used to send third field and the encrypted second message to the user equipment, and described the Three fields are the data generated according to the DH agreement, the third random number and the DH parameter.

12. server according to claim 10, which is characterized in that the request message further includes the user equipment Mark, the server further include:

13. a kind of user equipment, which is characterized in that the user equipment includes:

Receiving unit, for receiving the second field and encrypted first message of server transmission, second field is root According to the data that the graceful DH agreement of diffie-hellman, the second random number and DH parameter generate, second random number is raw for the server At random number, the DH parameter is the shared parameter of the user equipment and the server；

First obtains unit, for obtaining the first random number, first random number is according to the privately owned close of the user equipment The data that the mark of key and the server generates；

Second obtaining unit, for being joined according to the DH agreement, first random number, second field and the DH Number obtains first key；

Decryption unit, the first key for being obtained using second obtaining unit is to the encrypted first message It is decrypted, obtains first message, the first message is the message that the server is pushed to the user equipment.

14. user equipment according to claim 13, which is characterized in that the user equipment further include:

Third obtaining unit, for receiving the second field and encrypted first message that server is sent in the receiving unit Before, the first field is obtained, first field is to generate according to the DH agreement, first random number and the DH parameter Data；

15. user equipment according to claim 14, which is characterized in that

The third obtaining unit is also used to obtain request message, and the request message is used to provide to server request and push away Business is taken, the request message includes first field；

16. user equipment described in any one of 3-15 according to claim 1, which is characterized in that

The receiving unit is also used to receive the third field and encrypted second message that the server is sent, the third Field is the data generated according to the DH agreement, third random number and the DH parameter, and the third random number is the clothes The random number that business device generates；

Second obtaining unit is also used to according to the DH agreement, first random number, the third field and described DH parameter obtains the second key；

Encrypted the described in second key pair that the decryption unit is also used to obtain using second obtaining unit Two message are decrypted, and obtain the second message, and the second message is what the server was pushed to the user equipment Message.