CN107104798A - A kind of information transmitting methods verified based on connectionless communication - Google Patents
A kind of information transmitting methods verified based on connectionless communication Download PDFInfo
- Publication number
- CN107104798A CN107104798A CN201710381797.8A CN201710381797A CN107104798A CN 107104798 A CN107104798 A CN 107104798A CN 201710381797 A CN201710381797 A CN 201710381797A CN 107104798 A CN107104798 A CN 107104798A
- Authority
- CN
- China
- Prior art keywords
- message
- checking
- key
- location
- trustworthy location
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a kind of information transfer system verified based on connectionless communication, the system includes the first equipment, security authentication services end, ustomer premises access equipment and application service end, wherein, first equipment verifies message for producing trustworthy location checking message, and sending the trustworthy location by way of connectionless communication;The user equipment is used to receive the trustworthy location checking message that the first equipment is sent, and user equipment is produced is sent to security authentication services end by first position checking message;The security authentication services end is used to receive first position checking message, extracts the trustworthy location checking message that message includes, verifies the trustworthy location signature of the trustworthy location checking message;The application service end is used for the 3rd location verification message for receiving the transmission of security service end, extracts and verifies that message is verified in first position, if the verification passes, and application service end just pushes correspondence response and follow-up service to corresponding ustomer premises access equipment.
Description
Technical field
The present invention relates to computer information technology field, more particularly to a kind of information transmission verified based on connectionless communication
Method.
Background technology
For a certain FX in practicality, in order to allow into region device authentication and know between current spatial
Relation on attributes is closed on, such as whether shop or position to have approached Delegation management, the checking can not be forged, it is necessary to one
Effective supplement is realized to be verified for the secure access based on checking approximated position.GPS information is disclosed information, living in business
It can be used for pushed information when being used in dynamic, but because can forge, cannot be used for verifying the space bit residing for equipment
Whether be non-repudiation, so cannot also be used to verify in real life if putting.Also have at present and be based on WIFI, bluetooth is determined
Position technology, the wireless signal that these technologies are used can be used for pushing, but there is also the scene being forged, such as forge WIFI
SSID, or forge bluetooth equipment ID.Therefore for verify current approximated position so as to obtain information whether be authorize power
Lack false proof security capabilities in the application scenarios that prestige is sent.
In addition in practicality, people need conveniently to obtain information at the scene, if obtained every time for verifying position
Put relation information data obtain will be connected with the communication node network verification password for the object being verified if, will
Increase the step of user's input password and operation, it is therefore desirable to one kind can by convenient checking in the case of connectionless communication and
The method for obtaining information;This network access connection after password authentification with WIFI equipment such as by communicating or being tested by man-machine interface
The complicated connection-oriented communication of communication, etc. can not all reach the facility of connectionless communication after bluetooth equipment connection after card
Property.
Need a kind of checking with communication equipment be closely located to relation it is whether legal without concern for specifically reality what
The technology of position, so that the third party for obtaining the location verification relation information can not position the actual position of user but can
To provide service by shared position recognition result, therefore it is good protection for privacy of user.User can be disclosed
Verify current approximated position relation and obtain information and disclose the actual position of oneself without wanting service third party, for hidden
Private is a protection well.
The content of the invention
To realize the purpose of the present invention, it is achieved using following technical scheme:
A kind of checking information Transfer Technology based on connectionless communication, including the first equipment, security service end, user terminal are set
Standby and application service end.
The trustworthy location checking message includes position code, variable code, trustworthy location signature;The position code
Unique correspondence first key and the second key;The first key is stored in the first equipment;Second key is stored in peace
In full authentication server;The first key and second key are corresponding relations, i.e., can be tested using second key
Whether card information signature is to calculate to produce using first key;Described information signature is the first equipment for including position code
The trustworthy location produced is calculated using first key with the information sequence of variable code to sign;The variable code is believed for dynamic change
Breath, the variable code that the trustworthy location checking message produced every time includes all is different.
The user equipment receives the trustworthy location checking message that the first equipment is sent, using being stored in user equipment
In the 3rd cipher key calculation include receive the trustworthy location checking message information sequence produce information signature;Described 3rd
Key and the 4th key are corresponding relations, i.e., can verify whether information signature is using the 3rd using the 4th key
Cipher key calculation is produced;First position checking message includes aforementioned messages signature and the trustworthy location verifies message;In practicality, the
One location verification message can also include applying identification id, and for the key of mark the 3rd and the 4th key corresponding relation should
Use service key identification id;Application service key identification id can be used to inquire about the side of corresponding 4th key at application service end
Method checking first position checking information signature;First checking message is sent to security authentication services end.
The security service end preserves the second key;The security service end receives first and verifies message, extracts in message
Including the trustworthy location verify message, search corresponding second key using position code, use the second key authentication
The trustworthy location signature of the trustworthy location checking message, if passed through, is tested it is assumed that user terminal have received believable position
Information is demonstrate,proved, produces and the 3rd checking message is forwarded to application service end, the 3rd location verification message includes being used to verify
The information of ustomer premises access equipment and for determine application service end to corresponding ustomer premises access equipment push response and follow-up service letter
Breath;
The application service end preserves the 4th key;The application service end receives the first position of security service end forwarding
Message is verified, information signature, if the verification passes, application service are verified using the 4th key authentication first corresponding with user terminal
End is exactly the corresponding informance that is associated with variable code to the corresponding ustomer premises access equipment pushed information of the 4th key.
A kind of method of compressed signature length is further comprises in the present invention, when the trustworthy location verifies that the length of message surpasses
When going out the transmittability of broadcast channel, the 5th key can be used to calculate message M for trustworthy location checking message, the calculating disappears
The length for ceasing M is less than the length that trustworthy location is signed, and using message M replace trustworthy location verify signature produce after compression can
Believe location verification message;The first equipment produces and sends second place checking message to secure verification servers simultaneously;It is described
Second place checking message includes uncompressed trustworthy location and verifies message and message M;The feelings of message are verified in compression trustworthy location
Under condition, after security authentication services termination receives first position checking message and second place checking message, first position is used
The message M that checking message includes searches corresponding second place checking message;The 6th key is searched using position code to test
Message M is demonstrate,proved, that is, extracts the uncompressed trustworthy location checking message that second place checking message includes, uses the 6th cipher key calculation
Message authentication code, if the message M that the message authentication code calculated and first position checking message include is equal, checking is logical
Cross, continue subsequent treatment, verify that the trustworthy location in message is signed using the second key authentication second place, after being verified,
First position checking message is forwarded to application service end;If checking does not pass through, stop flow.
A kind of information transfer system verified based on connectionless communication, the system includes the first equipment, security authentication services
End, ustomer premises access equipment and application service end, wherein:
First equipment is used to produce trustworthy location checking message, and it is credible to send by way of connectionless communication this
Location verification message;
The user equipment is used to receive the trustworthy location checking message that the first equipment is sent, and calculating includes trusted bit
Put the information sequence of checking message and produce first position checking message, first position checking message is sent to peace by user equipment
Full service for checking credentials end;
The security authentication services end is used to receive first position checking message, extracts the trustworthy location that the message includes
Message is verified, the trustworthy location signature of the trustworthy location checking message is verified, if the verification passes, it is assumed that user equipment connects
Trustworthy location checking message is have received, then produces the 3rd location verification message and the 3rd location verification message is forwarded to using clothes
Business end, the 3rd location verification message includes being used to verify that message is verified and for certainly in the first position for initiating ustomer premises access equipment
Determine the position code from follow-up service to corresponding ustomer premises access equipment and variable code information that application service end pushes response and;
The application service end is used for the 3rd location verification message for receiving the forwarding of security authentication services end, extracts and verifies
Message is verified in first position, if the verification passes, and application service end is just pushed and the 3rd location verification message to ustomer premises access equipment
Corresponding response and follow-up service.
Described system, wherein:The trustworthy location checking message includes trustworthy location relation information and trustworthy location label
Name;When first key and the second key are unsymmetrical key, the trustworthy location relation information includes position code and can
Time-varying code, the position code correspondence first key and the second key;When first key and the second key are symmetric keys, institute
Stating trustworthy location relation information includes variable code, and the variable code is dynamic-change information;
The first key is stored in the first equipment;Second key is stored in security authentication services end;It is described
Trustworthy location signature is that the first equipment calculates generation for the information sequence including trustworthy location relation information using first key
Trustworthy location signature.
Described system, wherein:First equipment first judges whether to need to described before trustworthy location checking message is sent
Trustworthy location verifies message compression;If the length of the trustworthy location checking message is more than the communication of current first device configuration
The maximum of mode sends length, is judged as needing compression, is then configured to the first equipment and the information is compressed;First equipment
The trustworthy location checking message after trustworthy location checking message or compression is sent in the way of connectionless communication.
Described system, wherein:When needing compression, the trustworthy location that the first equipment generates after compression as follows is tested
Demonstrate,prove message and generation and send second place checking message to security service end:The compression trustworthy location checking of (1) first equipment
Message, which is calculated, to be obtained message M, message M length and is less than the length that trustworthy location verifies message, and the first equipment is by generation
What the trustworthy location signing messages and other information that message M replaces in trustworthy location checking message were sent up to meeting most greatly enhances
Degree, the trustworthy location checking message after thus generation is compressed;(2) first equipment generate the second place checking message, second
Location verification message includes the unpressed trustworthy location checking message and correspondence message M, second place checking message generation
Afterwards, the first equipment sends second place checking message to secure verification servers.
Described system, wherein:The ustomer premises access equipment receives the trustworthy location checking message that the first equipment is sent
Or the trustworthy location checking message after compression, the institute for including receiving using the 3rd cipher key calculation being stored in ustomer premises access equipment
The information sequence for stating trustworthy location checking message produces first position checking information signature;The ustomer premises access equipment produces first
Checking message is put, first position checking message includes first position and verifies that information signature and the trustworthy location received checking disappear
Trustworthy location checking message after breath or compression;First position checking message is sent to security authentication services by ustomer premises access equipment
End.
Described system, wherein:The second key is preserved at security authentication services end and the position corresponding to the second key is known
Other code, the trustworthy location checking message that the security authentication services end checking first position checking message includes:Do not pressing
In the case of contracting trustworthy location checking message, the security service end receives first position checking message, and extracting message includes
The trustworthy location checking message, in the case where first key and the second key are unsymmetrical key, use trustworthy location
Verify that the position code in message searches corresponding second key, message is verified using trustworthy location described in the second key authentication
Trustworthy location signature, if passed through, it is assumed that ustomer premises access equipment have received trustworthy location checking message, then security service end
First position checking message is included sending in the 3rd location verification message to application service end, checking does not pass through then termination
Reason;In the case where first key and the second key are symmetric key, using the trustworthy location verify message include can
Believe that position signature query safe service for checking credentials end is signed with the presence or absence of same trustworthy location, calculating this if there is just checking can
The variable code that letter position signature is used verifies whether the variable code that message includes is consistent with the trustworthy location, if unanimously,
It is assumed that ustomer premises access equipment have received trustworthy location checking message, then just to extract corresponding second key institute right at security service end
The position code answered, then security service end first position is verified that message and corresponding position code and variable code include
Send to application service end, verified not by then not producing and sending the 3rd location verification message simultaneously in 3rd location verification message
Termination;
Or, in the case of compressing, the second key, security authentication services are preserved in the security authentication services end
Termination is received after first position checking message, and the message M that verifying message using first position includes searches corresponding second
Put checking message, extract the unpressed trustworthy location checking message in the second place checking message found, using with the
One equipment compression algorithm same when calculating and counterpart keys are unpressed trustworthy location checking in second place checking message
Message is calculated and obtains message M1, and the message M that verifying message with first position includes is compared, if unanimously, be verified, after
Continuous next step processing, otherwise, stopping processing;Continue next step processing, be unsymmetrical key in first key and the second key
In the case of, extract the second place checking message in uncompressed trustworthy location checking message, using including position code look into
Look for corresponding second key, and the unpressed trusted bit included using the second key authentication correspondence second place checking message
The trustworthy location signature that checking message includes is put, after being verified, the position that checking message in the correspondence second place includes is extracted
Identification code, variable code are put, first position is verified that message and the position code extracted and variable code are included in the 3rd position
Checking message is sent to application service end, and checking is not by producing and sending the 3rd location verification message and termination;
In the case that first key and the second key are symmetric key, the uncompressed trustworthy location extracted in second place checking message is tested
Demonstrate,prove message, using including sign query safe service for checking credentials end of trustworthy location signed with the presence or absence of same trustworthy location, such as
The variable code used during trustworthy location signature and second place checking is just calculated and there is the security authentication services end in fruit
Whether the variable code that includes of trustworthy location checking message consistent in message, if unanimously, decide that be verified it is assumed that with
Family termination have received trustworthy location checking message and extract the variable code that includes, and security authentication services end extracts corresponding the
The corresponding position code of two keys, security authentication services end by first position verify message and extract position code and
Variable code, which is included in the 3rd location verification message, to be sent to application service end, is verified not by then not producing and sending the 3rd
Put checking message and termination;
The 3rd location verification message includes being used to verify the first position checking message for initiating ustomer premises access equipment and use
The position code and variable code of response and follow-up service are pushed to corresponding ustomer premises access equipment in decision application service end
Information.
Described system, wherein:Verify ustomer premises access equipment and carry out respective handling in application service end:The application service end
Preserve the 4th key;The application service end receives the 3rd location verification message that security authentication services end is sent, and extracts bag
The first position checking message included, verifies information signature, such as using the 4th key authentication first position corresponding with user equipment
Fruit is verified, position code and pair of variable code association that application service end the 3rd location verification message of extraction includes
Information is answered to push response and/or follow-up service to corresponding user equipment.
Described system, wherein:Position code is extracted in application service end from the 3rd location verification message, using clothes
Business end is previously stored with the response message corresponding from different position codes or information on services, the content of described information also with
The relating to parameters such as variable code, after first position checking information signature is verified, application service end is recognized according to the position
The corresponding response message of code inquiry or information on services, and the corresponding response for determining to push to user equipment with reference to variable code
And/or follow-up service.
A kind of information transmitting methods verified based on connectionless communication, are comprised the following steps:
First equipment produces trustworthy location checking message, and sends by way of connectionless communication trustworthy location checking
Message;
Ustomer premises access equipment receives the trustworthy location checking message that the first equipment is sent, and calculating includes trustworthy location checking
The information sequence of message simultaneously produces first position checking message, and first position checking message is sent to safety and tested by ustomer premises access equipment
Demonstrate,prove service end;
Security authentication services end receives first position checking message, and the trustworthy location checking that extracting the message includes disappears
Breath, verifies the trustworthy location signature of trustworthy location checking message, if passed through, it is assumed that have received can for ustomer premises access equipment
Believe location verification message, then produce and the 3rd location verification message is forwarded to application service end, the 3rd location verification disappears
Breath includes being used to verify the first position checking message for initiating ustomer premises access equipment and for determining that application service end is used to corresponding
Family end equipment pushes the position code and variable code information of response and follow-up service;
Application service end receives the 3rd location verification message that security authentication services end is sent, and extracts first position checking and disappears
Breath, checking first position checking message, if the verification passes, application service end just pushes the 3rd location verification to ustomer premises access equipment
The corresponding response of message and follow-up service.
Described method, wherein:The trustworthy location checking message includes trustworthy location relation information and trustworthy location label
Name;When first key and the second key are unsymmetrical key, the trustworthy location relation information includes position code and can
Time-varying code, the position code correspondence first key and the second key;When first key and the second key are symmetric keys, institute
Stating trustworthy location relation information includes variable code;The variable code is dynamic-change information;
The first key is stored in the first equipment;Second key is stored in security authentication services end;It is described
Trustworthy location signature is that the first equipment calculates generation for the information sequence including trustworthy location relation information using first key
Trustworthy location signature.
Described method, wherein:First equipment first judges whether to need to described before trustworthy location checking message is sent
Trustworthy location verifies message compression;If the length of the trustworthy location checking message is more than the channel that current first equipment possesses
Maximum sends length, is judged as needing compression, then the first equipment is compressed the information;First equipment is with connectionless communication
Mode send trustworthy location checking message or compression after trustworthy location checking message.
Described method, wherein:When needing compression, the trustworthy location that the first equipment generates after compression as follows is tested
Demonstrate,prove message and generation and send second place checking message to security service end:(1) first equipment is that trustworthy location checking disappears
The length that breath compression calculating obtains message M, the message M is less than the length that trustworthy location verifies message, and the first equipment will be generated
Message M replace trustworthy location checking message in trustworthy location signing messages and other parts information until meet send
Maximum message length, the trustworthy location checking message after thus generation is compressed;(2) first equipment generate the second place checking
Message, second place checking message includes the unpressed trustworthy location checking message and correspondence message M, second place checking
After message generation, the second place is verified that message is sent to security authentication services end by the first equipment.
Described method, wherein:The ustomer premises access equipment receives the trustworthy location checking message that the first equipment is sent
Or the trustworthy location checking message after compression, the institute for including receiving using the 3rd cipher key calculation being stored in ustomer premises access equipment
The information sequence for stating trustworthy location checking message produces first position checking information signature;The ustomer premises access equipment produces first
Checking message is put, first position checking message includes first position and verifies information signature and the trustworthy location received checking
Trustworthy location checking message after message or compression;First position checking message is sent to security authentication services by ustomer premises access equipment
End.
Described method, wherein:The second key is preserved at security authentication services end and the position corresponding to the second key is known
Other code, the trustworthy location checking message that the security authentication services end checking first position checking message includes:Do not pressing
In the case of contracting trustworthy location checking message, the security service end receives first position checking message, and extracting message includes
The trustworthy location checking message, in the case where first key and the second key are unsymmetrical key, use trustworthy location
Verify that the position code in message searches corresponding second key, message is verified using trustworthy location described in the second key authentication
Trustworthy location signature, if the verification passes, it is assumed that user terminal have received trustworthy location checking message, then security service end
Produce and send the 3rd location verification message to application service end, the 3rd location verification message is verified including first position
Message, corresponding position code and variable code, checking do not pass through then termination;It is symmetrical in first key and the second key
In the case of key, the trustworthy location signature query safe service for checking credentials end that verifying message using the trustworthy location includes is
It is no to there is same trustworthy location signature, if there is just by checking security service end calculate the trustworthy location sign use can
Whether time-varying code is consistent with the trustworthy location checking message received the variable code included, if consistent it is determined that checking is logical
Cross, it is assumed that user terminal have received trustworthy location checking message, then just to extract corresponding second key institute right at security service end
The position code answered, then security service end first position is verified that message and corresponding position code and variable code include
Send to application service end, verified not by then not producing and sending the 3rd location verification message simultaneously in 3rd location verification message
Termination;
Or, in the case of compressing, the second key, security authentication services are preserved in the security authentication services end
Termination is received after first position checking message, and the message M that verifying message using first position includes searches corresponding second
Checking message is put, the uncompressed trustworthy location checking message that the corresponding second place checking message found includes is extracted,
The use of algorithm and counterpart keys same when compressing calculating with the first equipment is that the second place verifies unpressed credible in message
Location verification message is calculated and obtains message M1, and the message M that verifying message with first position includes is compared, if unanimously, tested
Card passes through, and continues next step processing, otherwise, stopping processing;When continuing next step processing, in first key and the second key right and wrong
In the case of symmetric key, extract the second place checking message in uncompressed trustworthy location checking message, using including position
Put identification code and search corresponding second key, and do not pressed using what the second key authentication correspondence second place checking message included
Trustworthy location signature in the trustworthy location checking message of contracting, after being verified, extracts and is wrapped in correspondence second place checking message
The position code that includes, variable code, verify that message and the position code extracted and variable code are included the by first position
Three location verification message are sent to application service end;Checking is not by producing the 3rd location verification message and termination then;
In the case where first key and the second key are symmetric key, the uncompressed trustworthy location in second place checking message is extracted
Verify message, using including sign query safe service for checking credentials end of trustworthy location signed with the presence or absence of same trustworthy location,
If there is the variable code and the second place used when just calculating trustworthy location signature by the security authentication services end
Whether the variable code that trustworthy location checking message includes in checking message is consistent, and decision verification passes through if consistent, just recognizes
Determine user terminal to have received trustworthy location checking message and extract the variable code that includes, security authentication services end extracts corresponding the
The corresponding position code of two keys, security authentication services end by first position verify message and extract position code and
Variable code, which is included in the 3rd location verification message, to be sent to application service end, is verified not by not producing and sending the 3rd position
Verify message and termination;
The 3rd location verification message includes being used to verify the first position checking message for initiating ustomer premises access equipment and use
The position code and variable code of response and follow-up service are pushed to corresponding ustomer premises access equipment in decision application service end
Information.
Described system, wherein:Verify ustomer premises access equipment and carry out respective handling in application service end:The application service end
Preserve the 4th key;The application service end receives the 3rd location verification message of security authentication services end forwarding, extracts bag
The first position checking message included, message label are verified using the 4th key authentication first position corresponding with ustomer premises access equipment
Name, if the verification passes, position code that application verification service end is just included using the 3rd location verification message and can
The corresponding informance of time-varying code association pushes response and/or follow-up service to corresponding user equipment.
Described method, wherein:Application verification service end extracts obtained position from the 3rd location verification message
Identification code, application verification service end is previously stored with the response message corresponding from different position codes or information on services,
The content of described information also with the relating to parameters such as variable code, including first position checking information signature be verified after, should
With service for checking credentials end, according to being obtained from the 3rd location verification message, position code inquires about corresponding response message or service is believed
Breath, and determine with reference to variable code to the corresponding response of user equipment push and/or follow-up service.
One kind checking equipment, including:Mainframe computer system, subscriber side telecommunications module, trustworthy location checking message calculates mould
Block and trustworthy location checking message compression module;Wherein:
The mainframe computer system is used to manage the first equipment, storage key and calculated;
The subscriber side telecommunications module is used to send trustworthy location checking message to ustomer premises access equipment;
The trustworthy location checking message computing module is used to calculate using first key based on trustworthy location relation information
Generation trustworthy location, which is signed and produces trustworthy location, verifies message;
The trustworthy location checking message compression module is used to produce the need for the transmittability according to user side communication interface
Trustworthy location checking message after raw compression.
Described equipment, wherein:The trustworthy location checking message includes trustworthy location relation information and trustworthy location label
Name;When first key and the second key are unsymmetrical key, the trustworthy location relation information includes position code and can
Time-varying code, the position code correspondence first key and the second key;When first key and the second key are symmetric keys, institute
Stating trustworthy location relation information includes variable code;The first key is stored in the first equipment;Second key is stored in
In security authentication services end;The trustworthy location signature is the first equipment for including the information sequence of trustworthy location relation information
The trustworthy location produced is calculated using first key to sign.
Described equipment, wherein:Wherein position code corresponds to actual place and the device object of the first deployed with devices.
Described equipment, wherein:Trustworthy location checking message compression module is using preset algorithm and key to trusted bit
Put checking message and calculate length of the length less than trustworthy location checking message for obtaining correspondence message M, the message M, trusted bit
Put checking message compression module by the message M of generation replace trustworthy location signing messages in trustworthy location checking message and its
He sends the channel maximum length that message allows at partial information until meeting, and realizes the compression that message is verified to trustworthy location,
Trustworthy location checking message after generation compression.
Described equipment, wherein:Trustworthy location checking message compression module generation second place checking message, the second place
Verify that message includes the unpressed trustworthy location checking message and correspondence message M;After second place checking message generation, the
The second place is verified that message is sent to security authentication services end by one equipment.
Brief description of the drawings
Accompanying drawing described herein is used for providing a further understanding of the present invention, constitutes the part of the present invention, this hair
Bright schematic description and description is used to explain the present invention, does not constitute inappropriate limitation of the present invention.In the accompanying drawings:
If Fig. 1 is for service for checking credentials schematic diagram in position in the embodiment of the present invention.
If Fig. 2 is for the first equipment schematic diagram in the embodiment of the present invention.
If Fig. 3 is for security service end schematic diagram in the embodiment of the present invention.
If Fig. 4 is for application service end schematic diagram in the embodiment of the present invention.
If Fig. 5 is for the method schematic diagram of compression trustworthy location checking message in the embodiment of the present invention.
If Fig. 6 is for service for checking credentials schematic flow sheet in position in the embodiment of the present invention.
Embodiment
The preferred embodiments of the present invention are illustrated below in conjunction with Figure of description, it will be appreciated that described herein
Preferred embodiment is merely to illustrate and explain the present invention, and is not intended to limit the present invention, and in the case where not conflicting, this hair
The feature in embodiment and embodiment in bright can be mutually combined.
Implement example 1;
If Fig. 1 is for a kind of checking information transmission system schematic diagram based on connectionless communication in the embodiment of the present invention.
The system includes the first equipment, security authentication services end, ustomer premises access equipment and application service end.
The connectionless communication, which refers to the first equipment, to be used to send the communication mode that trustworthy location verifies message, is specially in hair
Before sending the message, do not set up IP layers of communication connection in advance, but use just and sound common signal channel that communicating pair configures or
Broadcast channel and physical layer frame carrying, and follow relevant communication protocol and directly transmit mode with receive information;Specifically, communication
Both sides include sender of communications and communication receiver, just and sound common signal channel or broadcast that sender of communications is configured in communicating pair
Relevant communication protocol is followed on channel and physical layer frame carrying and sends information, and communication receiver passes through the public affairs that are configured in communicating pair
The communication party that relevant communication protocol parses carrying information is received and followed on fair common signal channel or broadcast channel and physical layer frame
Formula;The broadcast channel and physical layer frame and the communication protocol regulation of relevant bearer including but not limited to generally used in radio communication
Data packet format communication mode;In the WIFI radio communications for such as obeying the standards of IEEE 802.11, Beacon frame are used
The SSID of transmission is exactly signified a kind of connectionless communication in the present invention, and sender of communications does not set up IP layers of communication link with recipient
Connect, SSID information is directly sent in Beacon frame carryings, recipient intercepts Beacon frame and logical according to what is followed
Letter protocol analysis data are so as to realize the reception of SSID information.
First equipment produces trustworthy location checking message (S101);The trustworthy location checking message includes trusted bit
Put relation information, trustworthy location signature;First equipment is by connectionless communication, the Beacon broadcasted in such as WIFI radio communications
Frame sends trustworthy location checking message;Or the short distance of Quick Response Code and sound wave can also be used close to the side of user equipment
Formula transmission trustworthy location checking message;The SSID in the Beacon frame of WIFI broadcast can be used preferably in practicality
(Service Set Identifier) field verifies message to transmit trustworthy location;
The first key is securely held in the first equipment and for recognizing the first equipment;First equipment is for bag
The information sequence for including trustworthy location relation information calculates generation trustworthy location signature using first key;When first key and second
When key is unsymmetrical key, the trustworthy location relation information includes position code and variable code, the position code
Correspondence first key and the second key;When first key and the second key are symmetric keys, the trustworthy location relation information
Including variable code;The variable code is dynamic-change information.
Position code can be marking arrangement in practicality, or infield position and space distribution identification
Number;Directly place/equipment that marking arrangement is disposed can also be carried out using the identifier of equipment;The variable code is believed for dynamic change
Breath, the variable code that the trustworthy location checking message produced every time includes can be different, and the variable code can be based on
The fixed cycle change of time, can use the algorithm that pre-sets and it is synchronous with security service end change, can be with common portion
Relevance in the multimedia equipment of administration and change;The trustworthy location checking message can be produced upon receiving a request,
Can also persistently it be produced according to the fixed cycle;As variable code can use the own time of the first equipment;NTP can also be used to assist
The time synchronization information obtained is discussed as variable code;Can also be and the system disposed jointly in it is consistent between other network nodes
The regular dynamic-change information of negotiation;First equipment can be according to the connectionless channel for sending trustworthy location checking message
Communication capacity is configured to whether verify the method and flow of message using the trustworthy location sent after compression, is specifically shown in implementation example
Description in 2.
The user equipment receives the trustworthy location checking message (S102) that the first equipment is sent;Using being stored in use
The 3rd cipher key calculation in the equipment of family is included before the compression that receives or trustworthy location verifies the information sequence of message after compression
Row produce first position checking information signature;In practicality, optionally, user equipment can also apply application service identification id
The information such as service key identification id are included in first position checking message, and wherein application service key identification id can be in application
Service end is used for recognizing for verifying that the 4th key of information signature is verified in first position;First of the user equipment generation
Put the trustworthy location checking message that checking message includes first position checking information signature and received;User equipment is by first position
Checking message is sent to security authentication services end.
The security authentication services end preserves the second key;The security authentication services end receives first position checking message
(S103) trustworthy location checking message that message includes, is extracted;Verified using trustworthy location described in the second key authentication
The trustworthy location signature of message, if passed through, it is assumed that user terminal have received trustworthy location checking message, specific verification method
It is described in detail, repeats no more in example 6;Verify that trustworthy location checking message passes through rear, the 3rd location verification of security service end generation
Message simultaneously sends the 3rd location verification message to application service end, and the 3rd location verification message includes being used to verify initiation
Ustomer premises access equipment first position checking message and for determine application service end to corresponding ustomer premises access equipment push response and
The position code and variable code information of follow-up service.
The application service end preserves the 4th key;The application service end receives the 3rd position that security service end is sent
Verify message (S104);Information signature is verified in the first position included using the 4th key authentication corresponding with ustomer premises access equipment,
If the verification passes, the corresponding informance that application service end is just associated using the position code included with variable code is to the 4th key
Corresponding ustomer premises access equipment pushes response and follow-up service;In practicality, message is verified in the first position included by verifying, can
It is which user terminal with the user terminal for confirming follow-up push response and service, thus determines to push correspondence response with after
The enough information of this process of continuous service.
Position code and variable code are extracted in application service end from the 3rd location verification message, and application service end is advance
The response message or information on services for being stored with corresponding from different position codes, the content of described information is also with variable code etc.
Relating to parameters, after first position checking information signature is verified, phase is inquired about in application service end according to the position code
The response message or information on services answered, and determine with reference to variable code to the corresponding response of user equipment push and/or follow-up clothes
It is engaged in (S105).
Implement example 2;
If Fig. 2 is for the first equipment schematic diagram in the embodiment of the present invention.
First equipment sends trustworthy location checking message for connectionless communication mode, can wirelessly connect in practicality
Mouth broadcast channel sends trustworthy location checking message, and it is substantially a kind of equipment for providing trustworthy location checking message, including:
Mainframe computer system, subscriber side telecommunications module, trustworthy location checking message computing module and trustworthy location checking message compression mould
Block;The mainframe computer system is used to manage the first equipment, stores key, and calculating, decryption is encrypted and calculates;The user side
Communication module is used to send trustworthy location checking message to ustomer premises access equipment;The trustworthy location checking message computing module is based on
Trustworthy location relation information using first key calculate produce trustworthy location sign and produce trustworthy location verify message, it is described can
Believe that location verification message includes trustworthy location relation information and trustworthy location is signed;When first key and the second key are asymmetric
During key, the trustworthy location relation information includes position code and variable code, the position code correspondence first key
With the second key;When first key and the second key are symmetric keys, the trustworthy location relation information includes variable code;Make
The method for calculating information signature with first key can be based on asymmetric key, can also be based on symmetric key algorithm;Based on not
Symmetric key can use business public algorithm such as RSA;When being signed using asymmetric key calculation message, obtained signature is long
Degree will exceed 32 character upper limits of transmission maximum capacity of WIFI SSID broadcast channels, so being accomplished by using certain method
Compression;The algorithm of compression includes calculating hash function, using symmetric key algorithm, can use and calculate message MAC value
Algorithm, such as hmac algorithm;The specific method of compression is as follows:
Method one calculates hash value message M for trustworthy location checking message, such as uses SHA1 algorithms;Method two makes
It is that trustworthy location checking message calculating message authentication code obtains message M with the 5th key in the first equipment is stored in;Institute in implementation
State the 5th key be used for compress purpose, be not the first equipment of unique identification, the 6th key use corresponding with the 5th key
Trustworthy location before corresponding compression, which is obtained, in reduction verifies message;The trustworthy location verifies message compression module according to user side
The need for the transmittability of communication interface produce compression after trustworthy location checking message, and send the second place checking message to
Security authentication services end;The hash algorithm of same length is compared with message authentication code algorithm, due to having used key, message authentication
Code algorithm is more difficult to Brute Force;Exemplified by application method two, in specific implementation, trustworthy location checking message compression module uses storage
The 5th key calculate message M for trustworthy location checking message, the length of the message M is less than the length of trustworthy location checking information
Degree, trustworthy location verifies that the message M of generation is replaced the trustworthy location in trustworthy location checking message and signed by message compression module
Information and other partial informations send the maximum length allowed until meeting message;Thus the trustworthy location checking message generated
Length may conform to the limitation of channel maximal bit length, the compression that message is verified to trustworthy location be realized, after generation compression
Trustworthy location verifies message;The authentication code algorithm for calculating message M can be the various commercial public algorithm such as HMAC;Trustworthy location
Verify that message compression module generates the second place checking message, second place checking message includes described unpressed credible
Location verification message and correspondingly calculate obtained message M;After second place checking message generation, the first equipment tests the second place
Message is demonstrate,proved to send to security authentication services end.
First equipment described in implementation can using device id as position code, using the system time of the first equipment as
Variable code provides service;First equipment is calculated using the first key preserved and time-based fixed period of change is produced and sent out
Trustworthy location is sent to verify message;First equipment uses the 5th key compression trustworthy location checking message preserved.
Implement example 3;
If Fig. 3 is for security authentication services end schematic diagram in the embodiment of the present invention.
The security authentication services end preserves the second key, for verifying information authentication and the to the first position received
Two location verification message, verify the trustworthy location checking message included, are produced after being verified and send the 3rd location verification and disappear
Breath;
The security authentication services end receives first and verifies message, verifies that the trustworthy location verifies the trustworthy location of message
Signature, if passed through, it is assumed that user terminal have received trustworthy location checking message, produces and sends the 3rd location verification message
To application service end.Specifically:
The trustworthy location checking message that the security authentication services end checking first position checking message includes;Do not pressing
In the case of contracting trustworthy location checking message:The security authentication services end receives first position checking message, extracts in message
Including the trustworthy location verify message;In the case where first key and the second key are unsymmetrical key, security service
End is configured so that position code searches corresponding second key, and message is verified using trustworthy location described in the second key authentication
Trustworthy location signature, if passed through, it is assumed that user terminal have received trustworthy location checking message, then security service end is by the
One location verification message, which is included in the 3rd location verification message, to be sent to application service end, and checking does not pass through then termination;
The algorithm that asymmetric signature is calculated in implementation can business public key RSA signature algorithm, or ECC signature algorithms;
In the case where first key and the second key are symmetric key, the security service end is configured so that and first
The synchronous variable code of equipment and the second cipher key calculation trustworthy location signature, and security service end preserves the position corresponding to the second key
Put identification code;Security service end will can be used to the corresponding trustworthy location signature of the first equipment for verifying using the second key according to can
The rule or presetting method of time-varying code configuration, which calculate to complete to preserve, to be used to verify;Disappeared using the first position checking that is included in received
The trustworthy location signature query safe service for checking credentials end in trustworthy location checking message in breath can with the presence or absence of same
Believe position signature, tested if there is the variable code and the trustworthy location received that just checking calculating trustworthy location signature is used
Whether the variable code that card message includes is consistent, if passed through, it is assumed that user terminal have received trustworthy location checking message, then
The position code corresponding to corresponding second key is just extracted at security service end, then security service end disappears first position checking
Breath and corresponding position code and variable code, which are included in the 3rd location verification message, to be sent to application service end, is verified obstructed
Cross, do not produce and send the 3rd location verification message and termination;
In the case of compressing, security authentication services termination is received after first position checking message, uses first
The message M that putting checking message includes searches corresponding second place checking message;Extract the corresponding second place found
The uncompressed trustworthy location checking message that checking message includes, using compressed with the first equipment calculate when same algorithm and right
Answer key to be calculated for unpressed trustworthy location checking message in second place checking message and obtain message M1, tested with first position
The message M that card message includes compares, if unanimously, be verified, and continues next step processing, otherwise, stopping processing;
In implementation during second place checking message is searched, if due to Network Packet Loss or delay cause the
Two location verification message are not received, and are not found corresponding second place checking message, can be taken in setting threshold time
The mode inside inquired about again ensures reliability, if final do not find corresponding second place checking message, just terminates checking
Process;If finding corresponding second place checking message, extracting the corresponding second place checking message found includes
Uncompressed trustworthy location checking message, using compressed with the first equipment calculate when same algorithm and counterpart keys be second
Put unpressed trustworthy location checking message calculating in checking message and obtain message M1, verify what message included with first position
Message M compares, if unanimously, be verified, and continues next step processing, otherwise, stopping processing;, in implementation, security service end
Corresponding method when being used in the compression of the first equipment, used here as, safety corresponding with the foregoing method for using the 5th key compression
Service end is configured to the 6th key corresponding with the 5th key of storage;Security service end using the 6th key for it is unpressed can
Letter location verification message compression, which is calculated, obtains message M1, and the message M that message M1 is verified into message with first position includes is compared,
If consistent, continue next step processing, otherwise, stopping processing;If compressed using the method for one-way hash function, such as in practicality
Using SHA1 algorithm, then corresponding security service end is obtained to unpressed trustworthy location checking message using SHA1 Hash calculations
Compared to message M1, the message M that verifying message with first position includes, if unanimously, continue next step processing, otherwise, stop
Only handle;Continue next step processing, in the case where first key and the second key are unsymmetrical key, tested using the second place
The position code that includes of trustworthy location checking message that card message includes searches corresponding second key, and using this
Trustworthy location signature in the unpressed trustworthy location checking message that two key authentication second places checking message includes, is tested
After card passes through, the position code that checking message in the correspondence second place includes, variable code, by the 3rd location verification message are extracted
Send to application service end, the 3rd location verification message include first position verify message and the position code extracted with
And variable code;Checking is not by producing the 3rd location verification message and termination then;It is in first key and the second key
In the case of symmetric key, extract the second place checking message in uncompressed trustworthy location checking message, using including can
Whether letter position signature query safe service for checking credentials end, which has, has same trustworthy location signature, if there is just verifying the peace
Full service end calculates trustworthy location in the variable code used during trustworthy location signature and second place checking message and verified
Whether the variable code that message includes is consistent, if passed through, it is assumed that user terminal have received trustworthy location checking message and carry
Take including variable code, and the corresponding position code of corresponding second key is extracted at security service end, and security service end is by the
One location verification message and the position code extracted and variable code, which are included in the 3rd location verification message, to be sent to application
Service end, checking is not by producing and sending the 3rd location verification message and termination;.
Implement example 4;
If Fig. 4 is for application service end schematic diagram in the embodiment of the present invention.
The application service end stores station location marker information and the home position that the trustworthy location checking message includes
The corresponding relation of spatial information, the position code correspond to the first deployed with devices actual place object, including equipment or
Space, including indoor or outdoors;The application service end is received produces after security service end checking trustworthy location checking message
The 3rd raw location verification message, using the 4th key authentication user terminal of preservation, matches somebody with somebody confidence by rear use variable code correspondence
Breath is responded or information is pushed.The information of push can be network address, video etc.;Response can be subsequent transaction flow circle
Face etc..Specifically:
Verify ustomer premises access equipment and carry out respective handling in application service end:The application service end receives security service end hair
The 3rd location verification message sent, information signature is verified using corresponding 4th key authentication first position, if the verification passes,
The corresponding informance that application service end is just associated using variable code pushes response and follow-up service to corresponding user equipment;Implement
In, user terminal can include application service key ID in generation first position checking message to be used to recognize the 4th key of correspondence, is answered
It can verify that message includes application service key ID according to first position with service end, search corresponding 4th key.It is preferred that
, application service end can extract position code and variable code from the 3rd location verification message, and application server is prestored
Have the response message corresponding from different position codes or an information on services, the content of described information also with the parameter such as variable code
It is relevant, if variable code can be the time;Application service end using position code variable code determine corresponding response message or
Information on services;The first position checking message that the 3rd location verification message includes is being extracted, the 4th key authentication of correspondence is used
First checking information signature is by rear, and application service end can be inquired about with obtaining position code in the 3rd location verification message
Inquire about corresponding response message or information on services, and with reference to variable code determine to relative user equipment push corresponding response and
Follow-up service;The contents list that shop needs to push such as is found out using the position code in shop, feels to work as using variable code
The particular content is pushed to the corresponding user terminal of the 4th key by the particular content of preceding period, application service end.
Implement example 5;
If Fig. 5 is the method schematic diagram of compression trustworthy location checking message in the embodiment of the present invention.
Due to compatibility in practicality, general agreement limitation, different communication mode, the information that channel can be transmitted is limited
's;As WIFI SSID maximums can transmit the information of 32 bytes;Bluetooth iBeacon can transmit the information of 30 bytes, trusted bit
The length of checking message is put considerably beyond the transmittability of channel;If using being transmitted several times, synchronization and group certainly will be related to
The challenge of bag.It is specific that signing messages is produced after RSA 2048bit key signatures for 2048bit as used, add the time
With positional information 256bit, then once transmitting all information at least needs 288 bytes, if coming wide using WIFI SSID
In the case of broadcasting the information, the message length that SSID singles can be transmitted is 32 characters, i.e. 256bit information capacity, if
It is divided into if being transmitted several times, it is repeatedly just excessively poor in the reliability for one-way transmission of eating dishes without rice or wine in the case of no synchronization mechanism, be
Improve reliability and the situation of broadcast message is successfully captured by recipient, optimal information is once to send, be so accomplished by pressure
Contracting;There are two schemes optional.
Scheme 1:Sent using after compression algorithm;Scheme 2:Sent using multiple burst;Preferably using transmission after compression
It is preferably method.Specific method can use one-way hash function method, message authentication code etc., such as using the side of message authentication code
Method, then calculate message authentication code to trustworthy location checking message using the 5th key preserved in the first equipment, have very in practicality
Many commercialization algorithm combinations, are obtained 160bit information after such as HMAC-SHA1 compressions, are obtained after being compressed using HMAC-SHA256
256bit information;Such as use after HMAC-SHA256 compression algorithms, obtain 256bit message M, replace credible using message M
Trustworthy location signature and other parts information in location verification message is until meet the maximum capacity of channel transmission;In this calculation
In method method case, message M just replaces all trustworthy locations to verify that message digit is sent in WIFI SSID information;In practicality
The middle rational compression algorithm used is all the algorithm with one-way hash function, is produced using foregoing SHA1 or HMAC-SHA1
The raw message M uniquely recognizes the trustworthy location checking message before compression.
Idiographic flow is as follows:When the trustworthy location verifies that the length of message exceeds the transmittability of broadcast channel, such as
Using the method for message authentication code, then message is calculated to trustworthy location checking message using the 5th key preserved in the first equipment
Authentication code obtains message M, and replaces the trustworthy location being included in trustworthy location checking message to sign and other using message M
Partial information is until meet the maximum capacity of channel transmission, and the trustworthy location after generation compression verifies message;While the first equipment
Produce second place checking message and the second place is verified that message is sent to security authentication services end;The second place checking
Message includes unpressed trustworthy location and verifies message and message M;First position checking is received in security authentication services termination to disappear
After breath, the message M that verifying message using first position includes searches the corresponding second place and verifies message;Extract correspondence second
The unpressed trustworthy location checking message that location verification message includes;The 6th key preserved using security service end is to
The uncompressed trustworthy location checking message that two location verification message include is close using the algorithm same with the first equipment and correspondence
Key calculates and obtains message M1, and be used herein as HMAC-SHA256 and the 6th cipher key calculation in example arrives message M1, by M1 and first
The message M that location verification message includes compares, if unanimously, be verified, and continues next step processing, otherwise, at stopping
Reason;Using this process, complete to verify compression of the message in the transmission of connectionless communication interface for trustworthy location.
Implement example 6;
If Fig. 6 is that the information transferring method flow based on connectionless authentication implemented by present system is illustrated
Figure.
The first equipment produces trustworthy location checking message S601 in implementation;The trustworthy location checking message includes trusted bit
Put relation information and trustworthy location signature;When first key and the second key are unsymmetrical key, the trustworthy location relation
Information includes position code and variable code, the position code correspondence first key and the second key;When first key and
When second key is symmetric key, the trustworthy location relation information includes variable code;The variable code is dynamic-change information;
Position code (code is code set in advance, the attribute for recognizing the first equipment, includes the physical location of deployment, space,
Facility, and other related information defined in business application scene), variable code is (when can be the system of the first equipment
Between etc. variable information);The first key is stored in the first equipment;Second key is stored in secure verification servers
In;If using the method with key, then related the 5th key preservation in compression trustworthy location checking message is practical
In the first equipment, related the 6th key is stored in secure verification servers;The first key and described second
Key is corresponding relation, i.e., can verify whether trustworthy location signature is to calculate to produce using first key using second key
It is raw;The trustworthy location signature is that the first equipment uses first key meter for the information sequence including trustworthy location relation information
Calculate the trustworthy location signature produced;The variable code is dynamic-change information, is wrapped in the trustworthy location checking message produced every time
The variable code included changes according to preset rule or algorithm, and such as variable code can be that local clock regularly changes, alterable
Can also be with;The trustworthy location checking message can be produced upon receiving a request, can also persistently be produced according to the fixed cycle
It is raw.
Transmission energy of the equipment of step S602 first based on the connectionless communication for sending trustworthy location checking message
Power judges whether to need to verify message compression to the trustworthy location;Work as if the length of the trustworthy location checking message is more than
The maximum transmission length that preceding first equipment possesses, is judged as needing compression;As using if realizing connectionless communication based on WIFI
The method that WIFI broadcast channel transmissions SSID can be used, this method can transmit 32 characters, the i.e. information of 256bit bit lengths,
If trustworthy location checking message has exceeded this length, it is necessary to compress;Here the mode of connectionless communication can include but
It is not limited to WIFI broadcast channels, Bluetooth broadcast channel;In addition to broadcast channel, trustworthy location checking message can also pass through first
Equipment is converted to Quick Response Code expression, realizes that trustworthy location verifies the transmission of message by way of ustomer premises access equipment is scanned;With two
Tie up code table and reach analogy, trustworthy location checking message can be converted to information of acoustic wave stream transmission etc.;As used two dimension in practicality
Code, it is possible to meet length requirement, avoiding the need for compression (can be tested trustworthy location by the Quick Response Code converting member of the first equipment
Card message is converted to 2 D code information);The connectionless communication, which refers to when the first equipment sends message to user equipment, to be not required to
Connection is first set up, but while using communicating pair shared with just and sound communication protocol and channel transmission message, including but
The mode for being not limited by broadcast sends data, if user equipment within the scope of information is received with regard to information can be received.
Trustworthy location checking message after the generation compression of the equipment of step S603 first, and produce and sent out to security service end
The second place is sent to verify message:In the use-case using HMAC-SHA256, (1) first equipment is using the 5th key of storage
Trustworthy location checking message calculates message M, the message M length of the length less than trustworthy location checking information, the first equipment
The trustworthy location signing messages and other parts the message M of generation replaced in trustworthy location checking message are permitted until meeting channel
Perhaps maximum transmitted ability, the length of trustworthy location checking message may conform to the high specific speciality of channel after the compression thus generated
The limitation of degree, realizes the compression that message is verified to trustworthy location, the trustworthy location checking message after generation compression;(2) first
Equipment generates the second place checking message, and second place checking message includes the unpressed trustworthy location checking message
With message M, while the second place is verified after message generation, the second place is verified message to security authentication services end by the first equipment
Send.
The trustworthy location that the equipment of step S604 first is sent after trustworthy location checking message or compression with connectionless communication is tested
Demonstrate,prove message;In addition, the first equipment can also be disappeared using the method transmission trustworthy location checking of Quick Response Code or information of acoustic wave stream
Breath;WIFI broadcast channel can be used in practicality (as used SSID to transmit);Bluetooth broadcast channel sends above-mentioned message.
Step 605 user equipment produces first position checking message:The user equipment receives the institute that the first equipment is sent
The trustworthy location checking message after trustworthy location checking message or compression is stated, the 3rd key meter preserved in a user device is used
The information sequence for calculating the trustworthy location checking message after the trustworthy location checking message for including receiving or compression produces the
One location verification information signature;The first position checking message includes application service key identification id, application service identification id;
Optionally, it can include producing the timestamp that message is verified in first position;The user equipment produces first position checking message,
First position checking message includes first position and verifies information signature and the trustworthy location received checking message (trustworthy location
Checking message can be the message after origination message or compression);
First position checking message is sent to security authentication services end by step S606 user equipmenies;
Security authentication services end checking first position checking message described in step S607;In no compression trustworthy location checking
In the case of message, application method is as follows:The second key and corresponding position code are preserved in the security service end,
Second key is used to verify information authentication to the trustworthy location that the first position checking message received includes:The peace
Full service end receives first position checking message, the trustworthy location checking message that message includes is extracted, in system configuration
In the case of being unsymmetrical key for first key and the second key, verify that the position in message is recognized using the trustworthy location
Code searches corresponding second key, and the trustworthy location for verifying message using trustworthy location described in the second key authentication is signed, if
Pass through, it is assumed that user terminal have received effective trustworthy location checking message, then security service end produces and tests the 3rd position
Card message is forwarded to application service end, and checking does not pass through then termination;The 3rd location verification message includes first position
Verify message, position code and variable code;In the case where first key and the second key are symmetric key, using it is described can
The trustworthy location signature query safe service for checking credentials end that letter location verification message includes whether there is same trustworthy location label
Name, variable code and the trustworthy location received that trustworthy location signature is used are calculated if there is just checking security service end
Whether the variable code that checking message includes is consistent, if passed through, it is assumed that user terminal have received trustworthy location checking message,
Then the position code corresponding to corresponding second key is just extracted at security service end, then security service end is by the 3rd location verification
Sent in message to application service end, checking is not by then producing and sending the 3rd location verification message and termination;Institute
State the 3rd location verification message and verify message and corresponding position code and variable code including first position;
In the case of compressing, various methods can be used in practicality, such as one-way hash function, message authentication code is calculated
Method etc.;Message authentication code algorithm is such as used, the second key and the 6th key, the first equipment are preserved in the security authentication services end
Preserve first key and the 5th key;Security authentication services termination is received after first position checking message, is tested using first position
The message M that card message includes searches corresponding second place checking message;Extracting correspondence second place checking message includes
Unpressed trustworthy location checking message, the 6th key preserved using security service end and HMAC-SHA256 algorithms are calculated
The unpressed trustworthy location checking message that second place checking message includes obtains message M1, and M1 and first position are verified
The message M that message includes compares, if unanimously, continuing next step processing, otherwise, stopping processing;Continue next step processing,
In the case where first key and the second key are unsymmetrical key, the position that message includes is verified using unpressed trustworthy location
Put identification code and search corresponding second key, and do not pressed using what the second key authentication correspondence second place checking message included
Trustworthy location signature in the trustworthy location checking message of contracting, after being verified, extracts and is wrapped in correspondence second place checking message
The position code included, variable code produces and the 3rd location verification message is forwarded into application service end, the 3rd position is tested
Demonstrate,proving message includes position code and variable code that message and extraction are verified in first position;Checking is not by producing and sending
3rd location verification message and termination;In the case where first key and the second key are symmetric key, second is extracted
Put the uncompressed trustworthy location checking message in checking message, using including trustworthy location sign query safe service for checking credentials end
Whether have and there is same trustworthy location signature, during if there is just verifying that the security service end calculates trustworthy location signature
The variable code used verifies whether the variable code that trustworthy location checking message includes in message is consistent with the second place, such as
Fruit passes through, it is assumed that user terminal have received trustworthy location checking message and extract the variable code included, and security service end is carried
The corresponding position code of corresponding second key is taken, first position is verified that message and the position extracted are recognized by security service end
Code and variable code, which are included in the 3rd location verification message, to be sent to application service end, and checking is not by producing and sending the
Three location verification message and termination;
The 3rd location verification message includes being used to verify the first position checking message for initiating ustomer premises access equipment and use
The position code and variable code of response and follow-up service are pushed to corresponding ustomer premises access equipment in decision application service end
Information.
Verify ustomer premises access equipment and carry out respective handling in step S608 application services end:Preserve in the application service end
Four keys;The application service end receives the 3rd location verification message that security authentication services end is sent, and extracts first included
Location verification message, the 4th key corresponding with user equipment is searched using application service key identification id, and close using the 4th
Key checking first position checking information signature, if the verification passes, then verifies that ustomer premises access equipment passes through, application service end is just used
Including the corresponding informance that is associated with variable code of position code to corresponding user equipment push response and follow-up service;If
Checking does not pass through, and is handled with regard to stopping.It is preferred that, application service end can obtain position identification from the 3rd location verification message is extracted
Code, application server is previously stored with the response message corresponding from different position codes or information on services, described information
Content also with the relating to parameters such as variable code, it is practical in variable code can be the first equipment system time, tested in first position
After card information signature is verified, application service end can be according to the position code obtained from first location verification message
Corresponding response message or information on services, and the system time of the first equipment with reference to represented by variable code are inquired about, is set to user
It is standby to push corresponding response and follow-up service;The context number for pre-entering or defining is can also be using variable code.
Step S609 application services end pushes corresponding response and follow-up service to relative user equipment.
Claims (10)
1. it is a kind of based on connectionless communication verify the information transfer system, the system include the first equipment, security authentication services end,
Ustomer premises access equipment and application service end, it is characterised in that:
First equipment is used to produce trustworthy location checking message, and sends by way of connectionless communication the trustworthy location
Verify message;
The user equipment is used to receive the trustworthy location checking message that the first equipment is sent, and calculating includes trustworthy location and tested
Demonstrate,prove the information sequence of message and produce first position checking message, first position checking message is sent to safety and tested by user equipment
Demonstrate,prove service end;
The security authentication services end is used to receive first position checking message, extracts the trustworthy location checking that the message includes
Message, verifies the trustworthy location signature of the trustworthy location checking message, if the verification passes, it is assumed that user equipment is received
Trustworthy location checking message, then produce the 3rd location verification message and the 3rd location verification message be forwarded into application service
End, the 3rd location verification message includes being used to verify the first position checking message for initiating ustomer premises access equipment and for determining
Application service end pushes the position code and variable code information of response and follow-up service to corresponding ustomer premises access equipment;
The application service end is used for the 3rd location verification message for receiving the forwarding of security authentication services end, extracts and verifies first
Location verification message, if the verification passes, application service end just push corresponding with the 3rd location verification message to ustomer premises access equipment
Response and follow-up service.
2. system according to claim 1, it is characterised in that:The trustworthy location checking message includes trustworthy location relation
Information and trustworthy location signature;When first key and the second key are unsymmetrical key, the trustworthy location relation information bag
Include position code and variable code, the position code correspondence first key and the second key;When first key and second close
When key is symmetric key, the trustworthy location relation information includes variable code, and the variable code is dynamic-change information;
The first key is stored in the first equipment;Second key is stored in security authentication services end;It is described credible
Position signature is the first equipment calculated for the information sequence including trustworthy location relation information using first key produce can
Believe position signature.
3. system according to claim 1 or 2, it is characterised in that:First equipment is before trustworthy location checking message is sent
First judge whether to need to verify message compression to the trustworthy location;Work as if the length of the trustworthy location checking message is more than
The maximum of the communication mode of preceding first device configuration sends length, is judged as needing compression, is then configured to the first equipment to this
Information is compressed;First equipment sends the trustworthy location after trustworthy location checking message or compression in the way of connectionless communication
Verify message.
4. system according to claim 3, it is characterised in that:When needing compression, the first equipment is generated as follows
Trustworthy location after compression verifies message and generation and sends second place checking message to security service end:(1) first sets
The length that standby compression trustworthy location checking message calculating obtains message M, the message M is less than the length that trustworthy location verifies message
Degree, the first equipment replaces the message M of generation trustworthy location signing messages and other information in trustworthy location checking message
Until the maximum length sent is met, the trustworthy location checking message after thus generation is compressed;(2) first equipment generation described the
Two location verification message, second place checking message includes the unpressed trustworthy location checking message and correspondence message M, the
After the generation of two location verification message, the first equipment sends second place checking message to secure verification servers.
5. the system according to claim 3 or 4, it is characterised in that:The ustomer premises access equipment receives what the first equipment was sent
Trustworthy location checking message after the trustworthy location checking message or compression, it is close using the be stored in ustomer premises access equipment the 3rd
The information sequence that key calculates the trustworthy location checking message for including receiving produces first position checking information signature;It is described
Ustomer premises access equipment produces first position checking message, and first position checking message includes first position checking information signature and received
The trustworthy location checking message or compression after trustworthy location checking message;Message is verified in first position by ustomer premises access equipment
It is sent to security authentication services end.
6. system according to claim 5, it is characterised in that:Preserve the second key and correspond in security authentication services end
The position code of second key, the trustworthy location that the security authentication services end checking first position checking message includes is tested
Demonstrate,prove message:In the case of no compression trustworthy location checking message, the security service end receives first position checking message,
The trustworthy location checking message that message includes is extracted, is the situation of unsymmetrical key in first key and the second key
Under, verify that the position code in message searches corresponding second key using trustworthy location, using described in the second key authentication
The trustworthy location signature of trustworthy location checking message, if passed through, it is assumed that ustomer premises access equipment have received trustworthy location checking
Message, then security service end by first position checking message include sent in the 3rd location verification message to application service end,
Checking does not pass through then termination;In the case where first key and the second key are symmetric key, the trustworthy location is used
The trustworthy location signature query safe service for checking credentials end that checking message includes is signed with the presence or absence of same trustworthy location, if
The variable code included in the presence of variable code and trustworthy location checking message that just checking calculating trustworthy location signature is used
It is whether consistent, if unanimously, it is assumed that ustomer premises access equipment have received trustworthy location checking message, then security service end is just extracted
Position code corresponding to corresponding second key, then security service end first position is verified that message and corresponding position are known
Other code and variable code, which are included in the 3rd location verification message, to be sent to application service end, is verified not by then not producing and sending
3rd location verification message and termination;
Or, in the case of compressing, the second key, security authentication services termination are preserved in the security authentication services end
Receive after first position checking message, the message M that verifying message using first position includes searches the corresponding second place and tested
Message is demonstrate,proved, the unpressed trustworthy location checking message in the second place checking message found is extracted, is set using with first
Standby compression algorithm same when calculating and counterpart keys are unpressed trustworthy location checking message in second place checking message
Calculating obtains message M1, and the message M that verifying message with first position includes is compared, if unanimously, be verified, under continuation
The processing of one step, otherwise, stopping processing;Continue next step processing, be the situation of unsymmetrical key in first key and the second key
Under, extract the second place checking message in uncompressed trustworthy location checking message, using including position code search pair
The second key answered, and tested using the second key authentication unpressed trustworthy location that correspondingly checking message in the second place includes
The trustworthy location signature that card message includes, after being verified, the position that extracting correspondence second place checking message includes is known
Other code, variable code, verify that message and the position code extracted and variable code are included in the 3rd location verification by first position
Message is sent to application service end, and checking is not by producing and sending the 3rd location verification message and termination;First
In the case that key and the second key are symmetric key, the uncompressed trustworthy location checking extracted in second place checking message disappears
Breath, using including sign query safe service for checking credentials end of trustworthy location signed with the presence or absence of same trustworthy location, if deposited
The variable code used during trustworthy location signature and second place checking message are just calculated at the security authentication services end
Whether the variable code that middle trustworthy location checking message includes is consistent, if unanimously, deciding that and being verified it is assumed that user terminal
It has received trustworthy location checking message and extract the variable code that includes, and to extract corresponding second close at security authentication services end
The corresponding position code of key, security authentication services end message and the position code extracted are verified into and variable in first position
Code, which is included in the 3rd location verification message, to be sent to application service end, and checking is not tested by then not producing and sending the 3rd position
Demonstrate,prove message and termination;
The 3rd location verification message includes being used to verify the first position checking message for initiating ustomer premises access equipment and for certainly
Determine the position code from follow-up service to corresponding ustomer premises access equipment and variable code information that application service end pushes response and.
7. system according to claim 6, it is characterised in that:Verify ustomer premises access equipment and carry out corresponding position in application service end
Reason:Preserve the 4th key in the application service end;The application service end receives the 3rd that security authentication services end is sent
Checking message is put, the first position checking message included is extracted, uses the 4th key authentication first corresponding with user equipment
Checking information signature is put, if the verification passes, the position code that the 3rd location verification message includes is extracted at application service end
And the corresponding informance of variable code association pushes response and/or follow-up service to corresponding user equipment.
8. system according to claim 7, it is characterised in that:Extracted from the 3rd location verification message at application service end
Position code, application service end is previously stored with the response message corresponding from different position codes or information on services,
The content of described information also with the relating to parameters such as variable code, after first position checking information signature is verified, application service
Corresponding response message or information on services are inquired about in end according to the position code, and determine with reference to variable code to user equipment
The corresponding response and/or follow-up service pushed.
9. a kind of information transmitting methods verified based on connectionless communication, it is characterised in that comprise the following steps:
First equipment produces trustworthy location checking message, and sends by way of connectionless communication trustworthy location checking and disappear
Breath;
Ustomer premises access equipment receives the trustworthy location checking message that the first equipment is sent, and calculating includes trustworthy location checking message
Information sequence and produce first position checking message, ustomer premises access equipment by first position checking message be sent to safety verification take
Business end;
Security authentication services end receives first position checking message, extracts the trustworthy location checking message that the message includes, tests
The trustworthy location signature of the trustworthy location checking message is demonstrate,proved, if passed through, it is assumed that ustomer premises access equipment have received trusted bit
Checking message is put, then produces and the 3rd location verification message is forwarded to application service end, the 3rd location verification message package
Include for verifying that message is verified and for determining application service end to corresponding user terminal in the first position of initiation ustomer premises access equipment
Equipment pushes the position code and variable code information of response and follow-up service;
Application service end receives the 3rd location verification message that security authentication services end is sent, and extracts first position checking message,
First position checking message is verified, if the verification passes, application service end just pushes the 3rd location verification to ustomer premises access equipment and disappeared
Cease corresponding response and follow-up service.
10. method according to claim 9, it is characterised in that:The trustworthy location checking message is closed including trustworthy location
It is information and trustworthy location signature;When first key and the second key are unsymmetrical key, the trustworthy location relation information
Including position code and variable code, the position code correspondence first key and the second key;When first key and second
When key is symmetric key, the trustworthy location relation information includes variable code;The variable code is dynamic-change information;
The first key is stored in the first equipment;Second key is stored in security authentication services end;It is described credible
Position signature is the first equipment calculated for the information sequence including trustworthy location relation information using first key produce can
Believe position signature.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710293410 | 2017-04-28 | ||
| CN2017102934103 | 2017-04-28 |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107104798A true CN107104798A (en) | 2017-08-29 |
| CN107104798B CN107104798B (en) | 2020-03-03 |
Family
ID=59670028
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710381797.8A Expired - Fee Related CN107104798B (en) | 2017-04-28 | 2017-05-26 | Information transmission method based on connectionless communication verification |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107104798B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110380842A (en) * | 2019-08-08 | 2019-10-25 | 北方工业大学 | CAN bus message endorsement method, device and system suitable for wisdom net connection automobile |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101378565A (en) * | 2008-09-22 | 2009-03-04 | 中兴通讯股份有限公司 | Method and system for providing business guide information based on user position |
| CN103813311A (en) * | 2014-03-06 | 2014-05-21 | 福建师范大学 | Position information privacy protecting method |
| CN104584670A (en) * | 2012-08-23 | 2015-04-29 | 交互数字专利控股公司 | Method and apparatus for performing device-to-device discovery |
| CN105594236A (en) * | 2013-09-26 | 2016-05-18 | Gh9有限会社 | Low-power-consumption short-range radio communication system |
| WO2016142225A1 (en) * | 2015-03-09 | 2016-09-15 | Philips Lighting Holding B.V. | Detection of falsification of mobile terminal location |
| WO2016207018A1 (en) * | 2015-06-23 | 2016-12-29 | Philips Lighting Holding B.V. | System for protecting location information |
-
2017
- 2017-05-26 CN CN201710381797.8A patent/CN107104798B/en not_active Expired - Fee Related
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101378565A (en) * | 2008-09-22 | 2009-03-04 | 中兴通讯股份有限公司 | Method and system for providing business guide information based on user position |
| CN104584670A (en) * | 2012-08-23 | 2015-04-29 | 交互数字专利控股公司 | Method and apparatus for performing device-to-device discovery |
| CN105594236A (en) * | 2013-09-26 | 2016-05-18 | Gh9有限会社 | Low-power-consumption short-range radio communication system |
| CN103813311A (en) * | 2014-03-06 | 2014-05-21 | 福建师范大学 | Position information privacy protecting method |
| WO2016142225A1 (en) * | 2015-03-09 | 2016-09-15 | Philips Lighting Holding B.V. | Detection of falsification of mobile terminal location |
| WO2016207018A1 (en) * | 2015-06-23 | 2016-12-29 | Philips Lighting Holding B.V. | System for protecting location information |
Non-Patent Citations (1)
| Title |
|---|
| 贾金营: "移动计算环境下基于位置服务的位置隐私保护技术研究", 《中国博士学位论文全文数据库 信息科技辑》 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110380842A (en) * | 2019-08-08 | 2019-10-25 | 北方工业大学 | CAN bus message endorsement method, device and system suitable for wisdom net connection automobile |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107104798B (en) | 2020-03-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8225094B2 (en) | Device authentication in a PKI | |
| CN1835436B (en) | General power authentication frame and method of realizing power auttientication | |
| CN101867530B (en) | Things-internet gateway system based on virtual machine and data interactive method | |
| CN102006294B (en) | IP multimedia subsystem (IMS) multimedia communication method and system as well as terminal and IMS core network | |
| CN100373991C (en) | Enciphered consulating method for speech-sound communication in grouped network | |
| CN100571124C (en) | Prevent the method for Replay Attack and guarantee the unduplicated method of message SN | |
| CN102045210B (en) | End-to-end session key consultation method and system for supporting lawful interception | |
| CN105827408A (en) | Timestamp technique-based industrial network security transmission method | |
| CN105577680A (en) | Key generation method, encrypted data analyzing method, devices and key managing center | |
| US8996858B2 (en) | Systems and methods for utilizing IMS data security mechanisms in a circuit switched network | |
| JP2010538533A (en) | Method and system for communication using extended sequence numbers | |
| CN104735747A (en) | Information transferring and receiving method and internet-of-things equipment | |
| CN1921682B (en) | Method for enhancing key negotiation in universal identifying framework | |
| CN110784865A (en) | Network distribution method and terminal of Internet of things equipment, Internet of things equipment and network distribution system | |
| CN102256249A (en) | Identity authentication method and equipment applied to wireless network | |
| CN101163003A (en) | System and method for authenticating network for terminal when SIM card use UMTS terminal and UMTS system | |
| MX2022006548A (en) | Methods and devices for establishing secure communication for applications. | |
| WO2017185872A1 (en) | Short message processing method, device, and system, and storage medium | |
| EP1180315A1 (en) | Integrity protection method for radio network signaling | |
| CN106878324A (en) | Short message authentication method, short message certification server and terminal | |
| US8130953B2 (en) | Security protection for data communication | |
| CN104883372A (en) | Anti-cheating and anti-attack data transmission method based on wireless Ad Hoc network | |
| CN101399603A (en) | Resynchronization method, authentication method and device | |
| JP3792648B2 (en) | Wireless LAN high-speed authentication method and high-speed authentication method | |
| CN107104798A (en) | A kind of information transmitting methods verified based on connectionless communication |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20170822 Address after: 100107 Beijing Chaoyang District Wankexingyuan 4 Building 805 Applicant after: Guo Zhengzheng Address before: 100084 Beijing Zhongguancun East Road, No. 1, building No. 8, ground floor, No. CB108-018, No. Applicant before: BEIJING DONGSHI TECHNOLOGY Co.,Ltd. |
|
| TA01 | Transfer of patent application right | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20200303 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |