CN106209835A - Peer-to-peer network communication system and method - Google Patents

Peer-to-peer network communication system and method Download PDF

Info

Publication number
CN106209835A
CN106209835A CN201610538484.4A CN201610538484A CN106209835A CN 106209835 A CN106209835 A CN 106209835A CN 201610538484 A CN201610538484 A CN 201610538484A CN 106209835 A CN106209835 A CN 106209835A
Authority
CN
China
Prior art keywords
passage
formal
customer end
private key
pki
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610538484.4A
Other languages
Chinese (zh)
Other versions
CN106209835B (en
Inventor
南野
卢小明
陈姝
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
BEIJING ZHONGXIANG BIT TECHNOLOGY Co Ltd
Original Assignee
BEIJING ZHONGXIANG BIT TECHNOLOGY Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by BEIJING ZHONGXIANG BIT TECHNOLOGY Co Ltd filed Critical BEIJING ZHONGXIANG BIT TECHNOLOGY Co Ltd
Priority to CN201610538484.4A priority Critical patent/CN106209835B/en
Publication of CN106209835A publication Critical patent/CN106209835A/en
Application granted granted Critical
Publication of CN106209835B publication Critical patent/CN106209835B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Abstract

The present invention provides a kind of peer-to-peer network communication system and method, described system includes peer-to-peer network and some telecommunication customer ends, described telecommunication customer end includes: passage builds initiation unit, for generating the first public private key pair, occasional passage identity information is sent to set up occasional passage by forward node, exchange PKI by occasional passage, generate and send formal passage identity information and the 3rd public private key pair to set up formal passage;Passage builds response unit, and for generating the second public private key pair, reception occasional passage identity information, to set up occasional passage, exchanges PKI by occasional passage, receives formal passage identity information and the 3rd public private key pair to set up formal passage;Communication unit, for sending the 3rd PKI for checking to forward node;Receive message and decipher with private key;The public key encryption message to be sent obtained with exchange, and by the 3rd private key signature, sent by formal passage.The present invention, without centralized server, operates without registering and logging simultaneously.

Description

Peer-to-peer network communication system and method
Technical field
The application relates to technical field of network communication, is specifically related to a kind of peer-to-peer network communication system and method.
Background technology
The communication mode of current 90% MSN (Instant Messaging is called for short IM) is all centralized, Its login mode is required for user and carries out authentication, such as, need by phone number login, username and password login etc.. Current authentication mode is more single, is required for being verified by centralized server.It is exemplified below two kinds presently the most Conventional login mode.
One, centralised login mode
As a example by MSN Messenger, the program on user's microcomputer is referred to as MSN Messenger client, described visitor Family end is connected to a MSN Messenger server by Internet.That is, described client by described server and its His client interactive information.The client of user conversates with server, is then processed these session informations by server And notify the client of other users.
Fig. 1 is the communication schematic diagram that MSN Messenger client logs in.As it is shown in figure 1, described server specifically wraps Include:
Dispatching server (Dispatch Server is called for short DS server).DS server is the clothes that client initially connects Business device, is responsible for suitably notifying server to client distribution.Domain name is messenger.hotmail.com, standards service end Mouth is 1863.After completing to send task, cut off TCP and connect.
Notice server (Notification Server is called for short NS server).The purpose of NS server mainly retains The online information of user, also has the information of other users important persons of interest.Including login, change state, obtain user List, amendment user profile, initiation are chatted, accept calling, mail notification, are exited.Notice server also provides for other equally Notice service, the new mail prompting of such as Hotmail and establishment or addition session etc..Serve port is specified by dispatching server, It is generally also 1863.
Wiring server (Switchboard Server is called for short SS server).SS server is for preserving each user's Instant session information, in other words, the user's correspondence in each MSN is connected in the session of a shared power board.Therefore, this In can also regard as chat between client use transfer server.
The communication process logged in by above MSN, centralised login mode needs to have been come by centralized server Becoming, log in needs username and password to verify simultaneously.
Two, open mandate login mode
Open authorize (Open Authorization is called for short OAuth) one peace that has been the Authorization definition for user resources Entirely, opening and simple standard, third party is without knowing account and the password of user, so that it may get the authorization message of user.
Fig. 2 is the schematic diagram of a kind of open mandate login mode.As in figure 2 it is shown, the most frequently used opening in currently available technology Put mandate login mode to comprise the following steps (as a example by QQ authorizes):
User accesses third party website, and this website provides the login mode using QQ to log in;
After user clicks on QQ login, third party website server will connect authorized party's (QQ) server and make requests on;
User gives authorized party (QQ) server mandate third party website in the page redirected out and accesses user profile Authority;
Authorized party (QQ) server provides the user profile through authorizing to third party website server.
Above-mentioned login mode needs also exist for centralized authorized party's server and third-party server, and login needs pass through The checking of authorized party's server.
Summary of the invention
In view of drawbacks described above of the prior art or deficiency, it is desirable to provide a kind of without centralized server, simultaneously without User carries out registering and logging operation can ensure peer-to-peer network communication system and the method for communication security.
First aspect, the present invention provides a kind of telecommunication customer end, and described telecommunication customer end includes:
Passage builds initiation unit, for generating the first public private key pair, by some described forward node to the second communication Client sends occasional passage identity information to set up occasional passage, leading to by described occasional passage and the second telecommunication customer end Response unit exchange PKI is built in road, generates and sends formal passage identity information and the 3rd public and private key corresponding to formal passage To set up formal passage;Wherein, described first public private key pair includes the first PKI and the first private key;
Passage builds response unit, for generating the second public private key pair, receives the first telecommunication customer end by some forwardings The occasional passage identity information that node sends is to set up occasional passage, by described occasional passage and described first telecommunication customer end Passage build initiation elements exchange PKI, and receive formal passage identity information and corresponding to the 3rd public and private key of formal passage To set up formal passage;Wherein, described second public private key pair includes the second PKI and the second private key;
Communication unit, for sending the 3rd PKI to each described forward node, is turned for the checking of each described forward node The message sent out;Receive the message sent by described formal passage, build with described passage and initiate the first private key that unit is held Or described passage builds the second private key that response unit holds and deciphers described message;And, build initiation unit with described passage The second PKI of obtaining of exchange or described passage are built the first PKI that response unit exchange obtains and are added message to be sent Close, and with the 3rd private key, described message to be sent is signed, send described message to be sent by described formal passage.
Second aspect, the present invention provides a kind of peer-to-peer network, and including some forward node, described forward node includes:
Retransmission unit, the information being used for forwarding telecommunication customer end to send is to set up occasional passage and formal passage, to described Telecommunication customer end obtains the 3rd PKI, with telecommunication customer end described in described 3rd public key verifications by the transmission of described formal passage Message: it is legal to verify, forwards;
Wherein, the described message sent by described formal passage is signed with the 3rd private key by described telecommunication customer end Name, the 3rd public private key pair of described 3rd PKI and described 3rd private key composition is corresponding to described formal passage.
The third aspect, the present invention provides a kind of peer-to-peer network communication system, and described system includes several above-mentioned communications visitor Family end and above-mentioned peer-to-peer network.
Fourth aspect, the present invention provides a kind of peer-to-peer network means of communication, and described method includes:
Generate the first public private key pair;
Occasional passage identity information is sent to the second telecommunication customer end interim logical to set up by some described forward node Road;
Build response unit exchange PKI by the passage of described occasional passage and the second telecommunication customer end, generate and send Formal passage identity information and corresponding to the 3rd public private key pair of formal passage to set up formal passage;
Send the 3rd PKI to each described forward node, verify the message forwarded for each described forward node;
Message to be sent is encrypted by the second PKI obtained with exchange, and with the 3rd private key to described message to be sent Sign, send described message to be sent by described formal passage;
Receive the message sent by described formal passage, decipher described message with the first private key.
Wherein, described first public private key pair includes the first PKI and the first private key.
5th aspect, the present invention provides a kind of peer-to-peer network means of communication, and described method includes:
Generate the second public private key pair;
Receive the occasional passage identity information that the first telecommunication customer end sent by some forward node interim logical to set up Road;
Build initiation elements exchange PKI by the passage of described occasional passage Yu described first telecommunication customer end, and receive Formal passage identity information and corresponding to the 3rd public private key pair of formal passage to set up formal passage;
Send the 3rd PKI to each described forward node, verify the message forwarded for each described forward node;
Message to be sent is encrypted by the first PKI obtained with exchange, and with the 3rd private key to described message to be sent Sign, send described message to be sent by described formal passage;
Receive the message sent by described formal passage, decipher described message with the second private key.
Wherein, described second public private key pair includes the second PKI and the second private key.
6th aspect, the present invention provides a kind of peer-to-peer network means of communication, and described method includes:
Forward the information that the first telecommunication customer end sends to set up occasional passage;
Forward the information that the first telecommunication customer end and the second telecommunication customer end send to set up formal passage respectively;
The 3rd PKI is obtained to described first telecommunication customer end or described second telecommunication customer end;
With the first telecommunication customer end described in described 3rd public key verifications or described second telecommunication customer end by described formally The message that passage sends: it is legal to verify, forwards.
Wherein, the described message sent by described formal passage is by described first telecommunication customer end or described second communication Client is signed with the 3rd private key, and the 3rd public private key pair of described 3rd PKI and described 3rd private key composition is corresponding to institute State formal passage.
The peer-to-peer network communication system of the present invention many embodiments offer and method are by setting up occasional passage to build alternately The information of formula of attentioning passage, exchanges the PKI of both sides' telecommunication customer end in occasional passage simultaneously, and corresponding to formal passage The 3rd public private key pair, simultaneously the forward node in peer-to-peer network provides the 3rd PKI, thus sends logical in formal passage Cross the public key encryption of exchange, simultaneously by the information of the 3rd private key signature: on the one hand, forward node may utilize the 3rd PKI to be carried out Checking, just forwards if being verified, thus has ensured the legitimacy of passage;On the other hand, the communication client of information is received End can utilize the private key of self to be decrypted information, thus has ensured the safety of information;Finally achieve without centralized Server, carries out registering and logging operation without user simultaneously and can carry out safety communication;
Peer-to-peer network communication system and method that some embodiments of the invention provide are passed through to send corresponding to temporarily further The Quick Response Code of passage identity code sets up occasional passage, improves the safety of communication.
Accompanying drawing explanation
By the detailed description that non-limiting example is made made with reference to the following drawings of reading, other of the application Feature, purpose and advantage will become more apparent upon:
Fig. 1 is the communication schematic diagram that MSN Messenger client logs in.
Fig. 2 is the schematic diagram of a kind of open mandate login mode.
Fig. 3 is the structural representation of telecommunication customer end in one embodiment of the invention.
Fig. 4 is the flow chart of a kind of peer-to-peer network means of communication in one embodiment of the invention.
Fig. 5 is the flow chart of the another kind of peer-to-peer network means of communication in one embodiment of the invention.
Fig. 6 is the flow chart of step S12 in method shown in Fig. 4.
Fig. 7 is the flow chart of step S22 in method shown in Fig. 5.
Fig. 8 is the flow chart of step S13 in method shown in Fig. 4.
Fig. 9 is the flow chart of step S23 in method shown in Fig. 5.
Figure 10 is the schematic diagram of the process generating formal passage in one embodiment of the invention.
Figure 11 is the flow chart of step S14 in method shown in Fig. 4.
Figure 12 is the flow chart of step S24 in method shown in Fig. 5.
Figure 13 is the structural representation of peer-to-peer network in one embodiment of the invention.
Figure 14 is the flow chart of a kind of peer-to-peer network means of communication in one embodiment of the invention.
Figure 15 is the flow chart of step S31 in method shown in Figure 14.
Figure 16 is the flow chart of step S32 in method shown in Figure 14.
Figure 17 is the structural representation of peer-to-peer network communication system in one embodiment of the invention.
Detailed description of the invention
With embodiment, the application is described in further detail below in conjunction with the accompanying drawings.It is understood that this place is retouched The specific embodiment stated is used only for explaining related invention, rather than the restriction to this invention.It also should be noted that, in order to It is easy to describe, accompanying drawing illustrate only and invent relevant part.
It should be noted that in the case of not conflicting, the embodiment in the application and the feature in embodiment can phases Combination mutually.Describe the application below with reference to the accompanying drawings and in conjunction with the embodiments in detail.
Fig. 3 is the structural representation of telecommunication customer end in one embodiment of the invention.
As it is shown on figure 3, in the present embodiment, the telecommunication customer end 10 that the present invention provides includes that passage builds initiation unit 11, passage builds response unit 12 and communication unit 13.
In the present embodiment, each telecommunication customer end 10 carries out mutual communication by some forward node of peer-to-peer network.
Passage build initiation unit 11 for generating the first public private key pair, by some described forward node to the second communication Client 10 sends occasional passage identity information to set up occasional passage, by described occasional passage and the second telecommunication customer end 10 Passage build response unit 12 and exchange PKI, generate and send formal passage identity information and corresponding to formal passage the 3rd Public private key pair is to set up formal passage.Wherein, described first public private key pair includes the first PKI and the first private key.
Passage builds response unit 12 for generating the second public private key pair, receives the first telecommunication customer end 10 by some turns Send out node send occasional passage identity information to set up occasional passage, by described occasional passage and the first telecommunication customer end 10 Passage build initiation unit 11 and exchange PKI, and receive formal passage identity information and the 3rd public and private corresponding to formal passage Key is to set up formal passage.Wherein, described second public private key pair includes the second PKI and the second private key.
Communication unit 13, for sending the 3rd PKI to each described forward node, is turned for the checking of each described forward node The message sent out;Receive the message sent by described formal passage, build with passage initiate the first private key of holding of unit 11 or Passage builds the second private key described message of deciphering that response unit 12 is held;And, build initiation unit 11 with passage and exchange To the second PKI or passage build response unit 12 the first PKI of obtaining of exchange and message to be sent be encrypted, and with the Described message to be sent is signed by three private keys, sends described message to be sent by described formal passage.
Fig. 4 is the flow chart of a kind of peer-to-peer network means of communication in one embodiment of the invention.Peer-to-peer network shown in Fig. 4 leads to Communication method corresponding can be applied to the passage of above-mentioned telecommunication customer end 10 and build in initiation unit 11 and communication unit 13.
As shown in Figure 4, in the present embodiment, the peer-to-peer network means of communication that the present invention provides include:
S11: generate the first public private key pair;
S12: send occasional passage identity information by some described forward node to the second telecommunication customer end and face to set up Shi Tongdao;
S13: build response unit exchange PKI by the passage of described occasional passage and the second telecommunication customer end, generate also Send formal passage identity information and correspond to the 3rd public private key pair of formal passage to set up formal passage;
S14: send the 3rd PKI to each described forward node, verifies the message forwarded for each described forward node;
S15: message to be sent is encrypted by the second PKI obtained with exchange, and with the 3rd private key to described to be sent Message is signed, and sends described message to be sent by described formal passage;
S16: receive the message sent by described formal passage, deciphers described message with the first private key.
Wherein, described first public private key pair includes the first PKI and the first private key.
Fig. 5 is the flow chart of the another kind of peer-to-peer network means of communication in one embodiment of the invention.Method shown in Fig. 5 can be right The passage that should be applied to above-mentioned telecommunication customer end 10 is built in response unit 12 and communication unit 13.
As it is shown in figure 5, in the present embodiment, the another kind of peer-to-peer network means of communication that the present invention provides include:
S21: generate the second public private key pair;
S22: receive the occasional passage identity information that the first telecommunication customer end sent by some forward node and face to set up Shi Tongdao;
S23: build initiation elements exchange PKI by the passage of described occasional passage Yu described first telecommunication customer end, and Receive formal passage identity information and correspond to the 3rd public private key pair of formal passage to set up formal passage;
S24: send the 3rd PKI to each described forward node, verifies the message forwarded for each described forward node;
S25: message to be sent is encrypted by the first PKI obtained with exchange, and with the 3rd private key to described to be sent Message is signed, and sends described message to be sent by described formal passage;
S26: receive the message sent by described formal passage, deciphers described message with the second private key.
Wherein, described second public private key pair includes the second PKI and the second private key.
Specifically, in the present embodiment, the first telecommunication customer end and the second telecommunication customer end are respectively when each initializing Generate the first public private key pair and the second public private key pair.In step S11, the passage of the first telecommunication customer end is built initiation unit 11 and is obtained Take the first telecommunication customer end and initialize the first public private key pair generated;In step S12, the passage of the second telecommunication customer end builds sound Answer unit 12 to obtain the second telecommunication customer end and initialize the second public private key pair generated.
In a preferred embodiment, passage builds initiation unit 11 and passage is built response unit 12 and can be distinguished the most initial Metaplasia becomes the first public private key pair and the second public private key pair, and obtains the public and private key initializing generation respectively in step S11 and S12 Right.
In another preferred embodiment, passage builds initiation unit 11 and passage is built response unit 12 and can taken every time Generate different public private key pairs before building occasional passage and formal passage, i.e. generate first when performing step S11/S12 every time public Private key is right/the second public private key pair.
In step s 12, the passage of the first telecommunication customer end build initiation unit 11 by some described forward node to The passage of the second telecommunication customer end is built response unit 12 and is sent occasional passage identity information;Accordingly, in step S22, the The passage of two telecommunication customer ends is built response unit 12 and is received described occasional passage identity information to obtain occasional passage identity code Temp_channel_id, thus set up occasional passage.
In step S13 and step S23, the passage of the first telecommunication customer end builds initiation unit 11 and the second communication client The passage of end is built response unit 12 and is exchanged the PKI each held by occasional passage;The passage of the first telecommunication customer end is taken Build initiation unit 11 and also generate formal passage identity information and corresponding to the 3rd public private key pair of formal passage and by interim logical Road transmission builds response unit 12 to the passage of the second telecommunication customer end;The passage of the second telecommunication customer end builds response unit 12 Obtain formal passage identity code channel_id according to formal passage identity information, thus set up formal passage.
In step S14 and step S24, the passage of the first telecommunication customer end builds initiation unit 11 and the second telecommunication customer end Passage build response unit 12 and monitor formal passage respectively, and provide the 3rd PKI for each forward node.
In step S15 and step S25, the passage of the first telecommunication customer end builds initiation unit 11 and the second telecommunication customer end Passage build response unit 12 respectively with step S13 and S23 exchanging the second PKI and the first PKI obtained to be sent Information is encrypted, and signs information to be sent with the 3rd private key, then is transmitted by formal passage.
When forward node receives the information sent above by formal passage, forward node by above-mentioned steps S14 or The information received is verified by the 3rd PKI obtained in S24: if being verified, forwarding, authentication failed is not carried out Forward, to ensure the legitimacy of passage.
In step S16 and S26, the passage of the first telecommunication customer end is built and is initiated unit 11 and the second telecommunication customer end Passage is built response unit 12 and is decrypted, with the first private key each held and the second private key, the information received respectively.
The telecommunication customer end of above-described embodiment offer and the peer-to-peer network means of communication are by setting up occasional passage to build alternately The information of formula of attentioning passage, exchanges the PKI of both sides' telecommunication customer end in occasional passage simultaneously, and corresponding to formal passage The 3rd public private key pair, simultaneously the forward node in peer-to-peer network provides the 3rd PKI, thus sends logical in formal passage Cross the public key encryption of exchange, simultaneously by the information of the 3rd private key signature: on the one hand, forward node may utilize the 3rd PKI to be carried out Checking, just forwards if being verified, thus has ensured the legitimacy of passage;On the other hand, the communication client of information is received End can utilize the private key of self to be decrypted information, thus has ensured the safety of information;Finally achieve without centralized Server, carries out registering and logging operation without user simultaneously and can carry out safety communication.
Fig. 6 is the flow chart of step S12 in method shown in Fig. 4.
As shown in Figure 6, in a preferred embodiment, step S12 includes:
S121: generate occasional passage identity code and corresponding Quick Response Code;
S122: send described Quick Response Code by some described forward node to the second telecommunication customer end, for described second Telecommunication customer end obtains described occasional passage identity code by scanning described Quick Response Code, thus sets up occasional passage.
Fig. 7 is the flow chart of step S22 in method shown in Fig. 5.
As it is shown in fig. 7, with step S12 shown in Fig. 6 accordingly, in a preferred embodiment, described occasional passage identity Information is Quick Response Code, and step S22 includes:
S221: the Quick Response Code that scanning receives is to obtain occasional passage identity code, thus sets up occasional passage.
Fig. 8 is the flow chart of step S13 in method shown in Fig. 4.
As shown in Figure 8, in a preferred embodiment, step S13 includes:
S131: monitor described occasional passage, the passage receiving the second telecommunication customer end builds response unit by some institutes State the second PKI that forward node returns;
S132: generate formal passage identity information and the 3rd public private key pair corresponding to formal passage;
S133: build response unit by described occasional passage to the passage of the second telecommunication customer end and send described formal logical Road identity information, the 3rd public private key pair and the first PKI.
Fig. 9 is the flow chart of step S23 in method shown in Fig. 5.
As it is shown in figure 9, with step S13 shown in Fig. 8 accordingly, in a preferred embodiment, step S23 includes:
S231: build initiation unit by described occasional passage to the passage of described first telecommunication customer end and send the second public affairs Key;
S232: monitor described occasional passage, the passage receiving described first telecommunication customer end builds what initiation unit sent Formal passage identity information, the 3rd public private key pair and the first PKI.
Figure 10 is the schematic diagram of the process generating formal passage in one embodiment of the invention.
Specifically, as illustrated in figures 6-10, in step S12 and step S22, the passage of the first telecommunication customer end builds initiation Unit 11 uses the form of Quick Response Code to send occasional passage identity code;In step S131 and step S232, the second communication client The passage of end is built response unit 12 and is returned the second PKI by occasional passage;In step S132, the first telecommunication customer end Passage is built initiation unit 11 and is generated formal passage identity information and the 3rd public private key pair corresponding to formal passage;In step In S133 and step S232, the passage of the first telecommunication customer end build initiate unit 11 with receive the second PKI to described formally Passage identity information, the 3rd public private key pair and the first PKI are encrypted, then are transmitted by occasional passage, the second communication visitor The passage of family end build response unit 12 receive above-mentioned every add confidential information after the second private key of holding with self be decrypted.
Above-described embodiment sets up occasional passage corresponding to the Quick Response Code of occasional passage identity code by sending further, and leads to Cross the second public key encryption formal passage identity information, the 3rd public private key pair and the first PKI that occasional passage sends, improve logical The safety of news.
Figure 11 is the flow chart of step S14 in method shown in Fig. 4.Figure 12 is the flow process of step S24 in method shown in Fig. 5 Figure.
As is illustrated by figs. 11 and 12, in step S14 and step S24, it is single that the passage of the first telecommunication customer end builds initiation Unit 11 and second passage of telecommunication customer end are built response unit 12 and are performed following steps respectively:
Monitor described formal passage;
Receive the 3rd PKI request that each described forward node sends;
Return the 3rd PKI to each described forward node, verify the message forwarded for each described forward node.
Figure 13 is the structural representation of peer-to-peer network in one embodiment of the invention.
As shown in figure 13, in the present embodiment, the peer-to-peer network 20 that the present invention provides includes some forward node 21.
Forward node 21 includes: retransmission unit, and the information being used for forwarding telecommunication customer end 10 to send is to set up occasional passage And formal passage, obtain the 3rd PKI to telecommunication customer end 10, pass through described with described 3rd public key verifications telecommunication customer end 10 The message that formal passage sends: it is legal to verify, forwards.
Wherein, the described message sent by described formal passage is signed with the 3rd private key by telecommunication customer end 10, 3rd public private key pair of described 3rd PKI and described 3rd private key composition is corresponding to described formal passage.
Figure 14 is the flow chart of a kind of peer-to-peer network means of communication in one embodiment of the invention.Peer-to-peer network shown in Figure 14 The means of communication can corresponding be applied in the forward node 21 shown in Figure 13.
As shown in figure 14, in the present embodiment, the peer-to-peer network means of communication that the present invention provides include:
S31: forward the information that the first telecommunication customer end sends to set up occasional passage;
S32: forward the information that the first telecommunication customer end and the second telecommunication customer end send to set up formal passage respectively;
S33: obtain the 3rd PKI to described first telecommunication customer end or described second telecommunication customer end;
S34: pass through described with the first telecommunication customer end described in described 3rd public key verifications or described second telecommunication customer end The message that formal passage sends: it is legal to verify, forwards.
Wherein, the described message sent by described formal passage is by described first telecommunication customer end or described second communication Client is signed with the 3rd private key, and the 3rd public private key pair of described 3rd PKI and described 3rd private key composition is corresponding to institute State formal passage.
Peer-to-peer network and the peer-to-peer network means of communication that above-described embodiment provides achieve without centralized server, simultaneously Carry out registering and logging operation without user and can carry out safety communication.
In a preferred embodiment, the information that described forwarding telecommunication customer end sends includes to set up occasional passage: forward The Quick Response Code that first telecommunication customer end sends, obtains the interim of correspondence for the second telecommunication customer end by scanning described Quick Response Code Passage identity code, thus set up occasional passage.
Figure 15 is the flow chart of step S31 in method shown in Figure 14.Method shown in Figure 15 can correspondence be applied to above-mentioned excellent Select in the peer-to-peer network of embodiment.
As shown in figure 15, in a preferred embodiment, step S31 includes:
S311: forward the Quick Response Code that the first telecommunication customer end sends, for the second telecommunication customer end by scanning described two Dimension code obtains corresponding occasional passage identity code, thus sets up occasional passage.
In a preferred embodiment, the information that described forwarding telecommunication customer end sends includes to set up formal passage: forward The second PKI that second telecommunication customer end returns;Forward the formal passage identity information of the first telecommunication customer end transmission, the 3rd public affairs Private key to and the first PKI.
Figure 16 is the flow chart of step S32 in method shown in Figure 14.Method shown in Figure 16 can correspondence be applied to above-mentioned excellent Select in the peer-to-peer network of embodiment.
As shown in figure 16, in a preferred embodiment, step S32 includes:
S321: forward the second PKI that the second telecommunication customer end returns;
S322: forward formal passage identity information, the 3rd public private key pair and the first PKI that the first telecommunication customer end sends.
Figure 17 is the structural representation of peer-to-peer network communication system in one embodiment of the invention.
As shown in figure 17, in the present embodiment, the peer-to-peer network communication system that the present invention provides includes any of the above-described enforcement Peer-to-peer network described in example and several telecommunication customer ends described in any of the above-described embodiment.
The peer-to-peer network communication system that above-described embodiment provides achieves without centralized server, enters without user simultaneously The operation of row registering and logging can carry out safety communication.
Flow chart in accompanying drawing and block diagram, it is illustrated that according to system, method and the computer journey of various embodiments of the invention Architectural framework in the cards, function and the operation of sequence product.In this, each square frame in flow chart or block diagram can generation One module of table, program segment or a part for code, a part for described module, program segment or code comprises one or more For realizing the executable instruction of the logic function of regulation.It should also be noted that some as replace realization in, institute in square frame The function of mark can also occur to be different from the order marked in accompanying drawing.Such as, the square frame that two succeedingly represent is actual On can perform substantially in parallel, they can also perform sometimes in the opposite order, depending on this is according to involved function.Also It should be noted that the combination of the square frame in each square frame in block diagram and/or flow chart and block diagram and/or flow chart, permissible The function specified by execution or the special hardware based system of operation are realized, or can pass through specialized hardware and meter The combination of calculation machine instruction realizes.
It is described in the embodiment of the present application involved unit or module can realize by the way of software, it is also possible to Realize by the way of hardware.Described unit or module can also be arranged within a processor, and such as, communication unit is permissible It is provided in the software program in computer or intelligent movable equipment, it is also possible to be the hardware chip individually carrying out communication.Wherein, The title of these unit or module is not intended that such as, passage is taken to this unit or the restriction of module itself under certain conditions Build initiation unit and passage is built response unit and is also described as " for adding good friend's adding device of communication good friend ".
As on the other hand, present invention also provides a kind of computer-readable recording medium, this computer-readable storage medium Matter can be the computer-readable recording medium described in above-described embodiment included in device;Can also be individualism, not The computer-readable recording medium being fitted in equipment.Computer-readable recording medium storage has one or more than one journey Sequence, described program is used for performing to be described in the formula input method of the application by one or more than one processor.
Above description is only the preferred embodiment of the application and the explanation to institute's application technology principle.People in the art Member should be appreciated that invention scope involved in the application, however it is not limited to the technology of the particular combination of above-mentioned technical characteristic Scheme, also should contain in the case of without departing from described inventive concept simultaneously, above-mentioned technical characteristic or its equivalent feature carry out Combination in any and other technical scheme of being formed.Such as features described above has similar merit with (but not limited to) disclosed herein The technical scheme that the technical characteristic of energy is replaced mutually and formed.

Claims (19)

1. a telecommunication customer end, it is characterised in that each described telecommunication customer end is entered by some forward node of peer-to-peer network The mutual communication of row, described telecommunication customer end includes:
Passage builds initiation unit, for generating the first public private key pair, by some described forward node to the second communication client End transmission occasional passage identity information, to set up occasional passage, is taken by the passage of described occasional passage and the second telecommunication customer end Build response unit exchange PKI, generate and send formal passage identity information and corresponding to formal passage the 3rd public private key pair with Set up formal passage;Wherein, described first public private key pair includes the first PKI and the first private key;
Passage builds response unit, for generating the second public private key pair, receives the first telecommunication customer end by some forward node The occasional passage identity information sent to set up occasional passage, logical by described occasional passage and described first telecommunication customer end Road build initiation elements exchange PKI, and receive formal passage identity information and corresponding to formal passage the 3rd public private key pair with Set up formal passage;Wherein, described second public private key pair includes the second PKI and the second private key;
Communication unit, for sending the 3rd PKI to each described forward node, is forwarded for the checking of each described forward node Message;Receive the message sent by described formal passage, build with described passage and initiate the first private key or the institute that unit is held State passage and build the second private key described message of deciphering that response unit is held;And, build initiation elements exchange with described passage The second PKI obtained or described passage are built response unit the first PKI of obtaining of exchange and are encrypted message to be sent, and With the 3rd private key, described message to be sent is signed, send described message to be sent by described formal passage.
Peer-to-peer network communication system the most according to claim 1, it is characterised in that described occasional passage identity information is two Dimension code;
Described interim logical to set up to the second telecommunication customer end transmission occasional passage identity information by some described forward node Road includes:
Generate occasional passage identity code and corresponding Quick Response Code;
Described Quick Response Code is sent to the second telecommunication customer end, for described second telecommunication customer end by some described forward node Obtain described occasional passage identity code by scanning described Quick Response Code, thus set up occasional passage;
The occasional passage identity information that described reception the first telecommunication customer end is sent by some forward node is interim logical to set up Road includes:
The Quick Response Code that scanning receives is to obtain occasional passage identity code, thus sets up occasional passage.
Peer-to-peer network communication system the most according to claim 1, it is characterised in that described by described occasional passage and The passage of two telecommunication customer ends builds response unit exchange PKI, generates and sends formal passage identity information and corresponding to formal 3rd public private key pair of passage includes to set up formal passage:
Monitoring described occasional passage, the passage receiving the second telecommunication customer end builds response unit by some described forward node The second PKI returned;
Generate formal passage identity information and the 3rd public private key pair corresponding to formal passage;
Build response unit by described occasional passage to the passage of the second telecommunication customer end and send described formal passage identity letter Breath, the 3rd public private key pair and the first PKI;
The described passage by described occasional passage Yu described first telecommunication customer end builds initiation elements exchange PKI, and receives Formal passage identity information and the 3rd public private key pair corresponding to formal passage include to set up formal passage:
Build initiation unit by described occasional passage to the passage of described first telecommunication customer end and send the second PKI;
Monitoring described occasional passage, the passage receiving described first telecommunication customer end builds the formal passage body initiating unit transmission Part information, the 3rd public private key pair and the first PKI.
Peer-to-peer network communication system the most according to claim 1, it is characterised in that described to the transmission of each described forward node 3rd PKI, the message forwarded for the checking of each described forward node includes:
Monitor described formal passage;
Receive the 3rd PKI request that each described forward node sends;
Return the 3rd PKI to each described forward node, verify the message forwarded for each described forward node.
5. a peer-to-peer network, it is characterised in that include that some forward node, described forward node include:
Retransmission unit, the information being used for forwarding telecommunication customer end to send is to set up occasional passage and formal passage, to described communication Client obtains the 3rd PKI, with telecommunication customer end described in described 3rd public key verifications by disappearing that described formal passage sends Breath: it is legal to verify, forwards;
Wherein, the described message sent by described formal passage is signed with the 3rd private key by described telecommunication customer end, institute State the 3rd public private key pair of the 3rd PKI and described 3rd private key composition corresponding to described formal passage.
Peer-to-peer network the most according to claim 5, it is characterised in that the information that described forwarding telecommunication customer end sends is to build Vertical occasional passage includes:
Forward the Quick Response Code that the first telecommunication customer end sends, right by scanning the acquisition of described Quick Response Code for the second telecommunication customer end The occasional passage identity code answered, thus set up occasional passage.
Peer-to-peer network the most according to claim 5, it is characterised in that the information that described forwarding telecommunication customer end sends is to build The formula passage of attentioning includes:
Forward the second PKI that the second telecommunication customer end returns;
Forward formal passage identity information, the 3rd public private key pair and the first PKI that the first telecommunication customer end sends.
8. a peer-to-peer network communication system, it is characterised in that described system includes described in several any one of claim 1-4 Telecommunication customer end and any one of claim 5-7 described in peer-to-peer network.
9. peer-to-peer network means of communication, it is characterised in that described method includes:
Generate the first public private key pair;
Occasional passage identity information is sent to set up occasional passage to the second telecommunication customer end by some described forward node;
Build response unit exchange PKI by the passage of described occasional passage and the second telecommunication customer end, generate and send formal Passage identity information and corresponding to the 3rd public private key pair of formal passage to set up formal passage;
Send the 3rd PKI to each described forward node, verify the message forwarded for each described forward node;
Message to be sent is encrypted by the second PKI obtained with exchange, and carries out described message to be sent with the 3rd private key Signature, sends described message to be sent by described formal passage;
Receive the message sent by described formal passage, decipher described message with the first private key;
Wherein, described first public private key pair includes the first PKI and the first private key.
The peer-to-peer network means of communication the most according to claim 9, it is characterised in that described by some described forwarding joints O'clock to second telecommunication customer end send occasional passage identity information include to set up occasional passage:
Generate occasional passage identity code and corresponding Quick Response Code;
Described Quick Response Code is sent to the second telecommunication customer end, for described second telecommunication customer end by some described forward node Obtain described occasional passage identity code by scanning described Quick Response Code, thus set up occasional passage.
The 11. peer-to-peer network means of communication according to claim 9, it is characterised in that described by described occasional passage with The passage of the second telecommunication customer end builds response unit exchange PKI, generates and sends formal passage identity information and corresponding to just 3rd public private key pair of formula passage includes to set up formal passage:
Monitoring described occasional passage, the passage receiving the second telecommunication customer end builds response unit by some described forward node The second PKI returned;
Generate formal passage identity information and the 3rd public private key pair corresponding to formal passage;
Build response unit by described occasional passage to the passage of the second telecommunication customer end and send described formal passage identity letter Breath, the 3rd public private key pair and the first PKI.
The 12. peer-to-peer network means of communication according to claim 9, it is characterised in that described send out to each described forward node Sending the 3rd PKI, the message forwarded for the checking of each described forward node includes:
Monitor described formal passage;
Receive the 3rd PKI request that each described forward node sends;
Return the 3rd PKI to each described forward node, verify the message forwarded for each described forward node.
13. 1 kinds of peer-to-peer network means of communication, it is characterised in that described method includes:
Generate the second public private key pair;
Receive occasional passage identity information that the first telecommunication customer end sent by some forward node to set up occasional passage;
Build initiation elements exchange PKI by the passage of described occasional passage Yu described first telecommunication customer end, and receive formal Passage identity information and corresponding to the 3rd public private key pair of formal passage to set up formal passage;
Send the 3rd PKI to each described forward node, verify the message forwarded for each described forward node;
Message to be sent is encrypted by the first PKI obtained with exchange, and carries out described message to be sent with the 3rd private key Signature, sends described message to be sent by described formal passage;
Receive the message sent by described formal passage, decipher described message with the second private key;
Wherein, described second public private key pair includes the second PKI and the second private key.
The 14. peer-to-peer network means of communication according to claim 13, it is characterised in that described occasional passage identity information is Quick Response Code, described reception occasional passage identity information includes to set up occasional passage:
The Quick Response Code that scanning receives is to obtain occasional passage identity code, thus sets up occasional passage.
The 15. peer-to-peer network means of communication according to claim 13, it is characterised in that described by described occasional passage with Corresponding passage builds initiation elements exchange PKI, and receives formal passage identity information and the 3rd public affairs corresponding to formal passage Private key is to including setting up formal passage:
Build initiation unit by described occasional passage to the passage of described first telecommunication customer end and send the second PKI;
Monitoring described occasional passage, the passage receiving described first telecommunication customer end builds the formal passage body initiating unit transmission Part information, the 3rd public private key pair and the first PKI.
The 16. peer-to-peer network means of communication according to claim 13, it is characterised in that described send out to each described forward node Sending the 3rd PKI, the message forwarded for the checking of each described forward node includes:
Monitor described formal passage;
Receive the 3rd PKI request that each described forward node sends;
Return the 3rd PKI to each described forward node, verify the message forwarded for each described forward node.
17. 1 kinds of peer-to-peer network means of communication, it is characterised in that described method includes:
Forward the information that the first telecommunication customer end sends to set up occasional passage;
Forward the information that the first telecommunication customer end and the second telecommunication customer end send to set up formal passage respectively;
The 3rd PKI is obtained to described first telecommunication customer end or described second telecommunication customer end;
Described formal passage is passed through with the first telecommunication customer end described in described 3rd public key verifications or described second telecommunication customer end The message sent: it is legal to verify, forwards;
Wherein, the described message sent by described formal passage is by described first telecommunication customer end or described second communication client End sign with the 3rd private key, described 3rd PKI and described 3rd private key composition the 3rd public private key pair correspond to described just Formula passage.
The 18. peer-to-peer network means of communication according to claim 17, it is characterised in that described forwarding the first telecommunication customer end The information sent includes to set up occasional passage:
Forward the Quick Response Code that the first telecommunication customer end sends, right by scanning the acquisition of described Quick Response Code for the second telecommunication customer end The occasional passage identity code answered, thus set up occasional passage.
The 19. peer-to-peer network means of communication according to claim 17, it is characterised in that described forward respectively first communication visitor The information that family end and the second telecommunication customer end send includes to set up formal passage:
Forward the second PKI that the second telecommunication customer end returns;
Forward formal passage identity information, the 3rd public private key pair and the first PKI that the first telecommunication customer end sends.
CN201610538484.4A 2016-07-08 2016-07-08 Peer-to-peer network communication system and method Active CN106209835B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610538484.4A CN106209835B (en) 2016-07-08 2016-07-08 Peer-to-peer network communication system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610538484.4A CN106209835B (en) 2016-07-08 2016-07-08 Peer-to-peer network communication system and method

Publications (2)

Publication Number Publication Date
CN106209835A true CN106209835A (en) 2016-12-07
CN106209835B CN106209835B (en) 2019-11-22

Family

ID=57474179

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610538484.4A Active CN106209835B (en) 2016-07-08 2016-07-08 Peer-to-peer network communication system and method

Country Status (1)

Country Link
CN (1) CN106209835B (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106919384A (en) * 2017-02-13 2017-07-04 浙江慧脑信息科技有限公司 A kind of browser that can transmit user profile
CN108449357A (en) * 2018-04-08 2018-08-24 武汉斗鱼网络科技有限公司 A kind of mandate login method, device, smart machine and storage medium
CN111148094A (en) * 2019-12-30 2020-05-12 全链通有限公司 Registration method of 5G user terminal, user terminal equipment and medium
CN111148098A (en) * 2019-12-30 2020-05-12 江苏全链通信息科技有限公司 5G terminal equipment registration method, equipment and storage medium
WO2020134711A1 (en) * 2018-12-29 2020-07-02 华为技术有限公司 Message forwarding method and apparatus

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1925393A (en) * 2006-09-08 2007-03-07 苏州胜联电子信息有限公司 Point-to-point network identity authenticating method
EP1865656A1 (en) * 2006-06-08 2007-12-12 BRITISH TELECOMMUNICATIONS public limited company Provision of secure communications connection using third party authentication
CN103746770A (en) * 2013-12-20 2014-04-23 浙江工业大学 Message authentication code and probability secret key distribution mechanism-based anti-pollution network coding method
CN105191172A (en) * 2013-05-16 2015-12-23 三星电子株式会社 Communication method and device
CN105656624A (en) * 2016-02-29 2016-06-08 浪潮(北京)电子信息产业有限公司 Client side, server and data transmission method and system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1865656A1 (en) * 2006-06-08 2007-12-12 BRITISH TELECOMMUNICATIONS public limited company Provision of secure communications connection using third party authentication
CN1925393A (en) * 2006-09-08 2007-03-07 苏州胜联电子信息有限公司 Point-to-point network identity authenticating method
CN105191172A (en) * 2013-05-16 2015-12-23 三星电子株式会社 Communication method and device
CN103746770A (en) * 2013-12-20 2014-04-23 浙江工业大学 Message authentication code and probability secret key distribution mechanism-based anti-pollution network coding method
CN105656624A (en) * 2016-02-29 2016-06-08 浪潮(北京)电子信息产业有限公司 Client side, server and data transmission method and system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
杨柳 等: "《基于P2P网络的可验证门限群签名方案》", 《计算机应用与软件》 *

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106919384A (en) * 2017-02-13 2017-07-04 浙江慧脑信息科技有限公司 A kind of browser that can transmit user profile
CN106919384B (en) * 2017-02-13 2020-09-15 浙江慧脑信息科技有限公司 Browser system capable of transmitting user information
CN108449357A (en) * 2018-04-08 2018-08-24 武汉斗鱼网络科技有限公司 A kind of mandate login method, device, smart machine and storage medium
WO2020134711A1 (en) * 2018-12-29 2020-07-02 华为技术有限公司 Message forwarding method and apparatus
CN111148094A (en) * 2019-12-30 2020-05-12 全链通有限公司 Registration method of 5G user terminal, user terminal equipment and medium
CN111148098A (en) * 2019-12-30 2020-05-12 江苏全链通信息科技有限公司 5G terminal equipment registration method, equipment and storage medium
CN111148094B (en) * 2019-12-30 2023-11-21 全链通有限公司 Registration method of 5G user terminal, user terminal equipment and medium

Also Published As

Publication number Publication date
CN106209835B (en) 2019-11-22

Similar Documents

Publication Publication Date Title
US9882723B2 (en) Method and system for authentication
Bird et al. Systematic design of a family of attack-resistant authentication protocols
CN106209835A (en) Peer-to-peer network communication system and method
US20040073795A1 (en) Systems and methods for password-based connection
CN109347635A (en) A kind of Internet of Things security certification system and authentication method based on national secret algorithm
US10742426B2 (en) Public key infrastructure and method of distribution
CN102957584B (en) Home network equipment management method, control equipment and home network equipment
CN103051453A (en) Digital certificate-based mobile terminal network security trading system and digital certificate-based mobile terminal network security trading method
CN104883367B (en) A kind of method, system and applications client that auxiliary verification logs in
TW200818838A (en) Mutual authentication and secure channel establishment between two parties using consecutive one-time passwords
CN102651739A (en) Login verification method, system and instant messaging (IM) server
Azad et al. Authentic caller: Self-enforcing authentication in a next-generation network
CN104202163A (en) Password system based on mobile terminal
CN102893575A (en) One time passwords with ipsec and ike version 1 authentication
CN101547096A (en) Net-meeting system and management method thereof based on digital certificate
CN105323063A (en) Identity verification method of mobile terminal and fixed intelligent terminal based on two-dimensional code
Schliep et al. End-to-end secure mobile group messaging with conversation integrity and deniability
CN101083526A (en) Method, communication system, communication apparatus and server for generating cipher key
US20110033034A1 (en) High-Assurance Teleconference Authentication
US20240064143A1 (en) Methods, mediums, and systems for verifying devices in an encrypted messaging system
CN103986716B (en) Establishing method for SSL connection and communication method and device based on SSL connection
CN107104888B (en) Safe instant messaging method
CN101252438A (en) Third party identification authentication system based on mobile type IC
US11658955B1 (en) Methods, mediums, and systems for verifying devices in an encrypted messaging system
US11743035B2 (en) Methods, mediums, and systems for verifying devices in an encrypted messaging system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant