CN107454042A - Message sending, receiving method and device - Google Patents

Message sending, receiving method and device Download PDF

Info

Publication number
CN107454042A
CN107454042A CN201610377962.8A CN201610377962A CN107454042A CN 107454042 A CN107454042 A CN 107454042A CN 201610377962 A CN201610377962 A CN 201610377962A CN 107454042 A CN107454042 A CN 107454042A
Authority
CN
China
Prior art keywords
message
algorithm
identifying
option
corresponding relation
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN201610377962.8A
Other languages
Chinese (zh)
Inventor
范璐
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to CN201610377962.8A priority Critical patent/CN107454042A/en
Priority to PCT/CN2017/086394 priority patent/WO2017206845A1/en
Publication of CN107454042A publication Critical patent/CN107454042A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention provides a kind of message sending, receiving method and device, wherein, the message method of reseptance includes:The identifying algorithm that receiving terminal with receiving message is consulted to determine to be used to be authenticated message and the first corresponding relation of the algorithm mark for identifying the identifying algorithm;It is determined that for the identifying algorithm assembled to message to be sent;The message to be sent is assembled using algorithm mark corresponding to the identifying algorithm of determination;The message to be sent of assembling is sent to receiving terminal.By the present invention, solve the problems, such as the identifying algorithm type of None- identified to each other between distinct device, reach the effect that identifying algorithm type to each other can be identified between distinct device.

Description

Message sending, receiving method and device
Technical field
The present invention relates to the communications field, in particular to a kind of message sending, receiving method and device.
Background technology
Transmission control protocol (Transmission Control Protocol, referred to as TCP) is a kind of connection-oriented Agreement, it provides the service of byte stream that is two-way, reliable, having flow to control.In the simplified open system of computer network In system interconnection (Open System Interconnect, referred to as OSI) model, it completes the work(specified by the 4th layer of transport layer Energy.
In order to ensure the correctness of data transfer and legitimacy, TCP can use certification key and identifying algorithm to data Certification is encrypted and decrypted.At present, TCP certifications are intended to support a variety of authentication options and identifying algorithm, and distinct device Different authentication option types, identifying algorithm type can be supported, but the certification of None- identified to each other is selected between distinct device Item, identifying algorithm type so that TCP certification compatibility is relatively low.
The content of the invention
The embodiments of the invention provide a kind of message sending, receiving method and device, at least to solve in correlation technique not The problem of with equipment room None- identified authentication option to each other, identifying algorithm type.
According to one embodiment of present invention, there is provided a kind of file transmitting method, including:Receiving terminal with receiving message The identifying algorithm for consulting to determine to be used to be authenticated message and the first couple of the algorithm mark for identifying the identifying algorithm It should be related to;It is determined that for the identifying algorithm assembled to message to be sent;Using calculation corresponding to the identifying algorithm of determination Method mark assembles to the message to be sent;The message to be sent of assembling is sent to receiving terminal.
Alternatively, assembling bag is carried out to the message to be sent using algorithm mark corresponding to the identifying algorithm of determination Include:The authentication option that receiving terminal with receiving message is consulted to determine to be used to assemble message for identifying the certification with selecting Second corresponding relation of the Option of item;It is determined that for the authentication option pending for sending message and being assembled;Using The authentication option determined carries option mark corresponding to algorithm mark corresponding to the identifying algorithm and the authentication option The mode of knowledge, the message to be sent is assembled.
Alternatively, consult to determine for the identifying algorithm for being authenticated message with being used in the receiving terminal with receiving message After the first corresponding relation of algorithm mark for identifying the identifying algorithm, in addition to:Store first corresponding relation;With/ Or, it is used for the authentication option assembled to message and for identifying the certification in the receiving terminal negotiation determination with receiving message After second corresponding relation of the Option of option, in addition to:Store second corresponding relation.
According to another embodiment of the invention, there is provided a kind of message method of reseptance, including:Transmission with sending message The identifying algorithm that end consults to determine to be used to be authenticated message and first of the algorithm mark for identifying the identifying algorithm Corresponding relation;Receive the message that the transmitting terminal is sent;Obtain the algorithm mark carried in the message;Using described in acquisition Identifying algorithm corresponding to algorithm mark is authenticated to the message received.
Alternatively, obtaining the algorithm mark carried in the message includes:Transmitting terminal with sending message is consulted to determine to use In the authentication option assembled to message and the second corresponding relation of the Option for identifying the authentication option;Obtain The Option carried in the message received;The algorithm mark is obtained from authentication option corresponding to the Option Know.
Alternatively, consult to determine for the identifying algorithm for being authenticated message with being used in the transmitting terminal with sending message After the first corresponding relation of algorithm mark for identifying the identifying algorithm, in addition to:Store first corresponding relation;With/ Or, it is used for the authentication option assembled to message and for identifying the certification in the transmitting terminal negotiation determination with sending message After second corresponding relation of the Option of option, in addition to:Store second corresponding relation.
Alternatively, the message received is authenticated using identifying algorithm corresponding to the algorithm mark of acquisition Including:Judge whether identifying algorithm and pre-defined algorithm are consistent corresponding to the algorithm mark of acquisition;It is acquisition in judged result The algorithm mark corresponding to identifying algorithm it is consistent with the pre-defined algorithm in the case of, judge to use the pre-defined algorithm pair The message received carries out checking the first validation value of acquisition and obtained with carrying out checking to the message using the identifying algorithm Whether the second validation value obtained is consistent;In the case of first validation value and the second validation value identical, it is determined that to institute State message authentication success.
According to another embodiment of the invention, there is provided a kind of packet transmission device, including:First determining module, use Consult to determine for the identifying algorithm for being authenticated message with calculating for identifying the certification in receiving the receiving terminal of message First corresponding relation of the algorithm mark of method;Second determining module, for determining to be used to recognize what message to be sent was assembled Demonstrate,prove algorithm;Module is assembled, for being carried out using algorithm mark corresponding to the identifying algorithm determined to the message to be sent Assembling;Sending module, for the message to be sent of assembling to be sent into receiving terminal.
Alternatively, assembling module includes:First determining unit, for receive message receiving terminal consult determine be used for pair The authentication option that message is assembled and the second corresponding relation of the Option for identifying the authentication option;Second determines Unit, for determining to be used for the authentication option pending for sending message and being assembled;Module units, for using determination The authentication option carries the side of Option corresponding to algorithm mark corresponding to the identifying algorithm and the authentication option Formula, the message to be sent is assembled.
Alternatively, described device includes:First memory module, for being used in the receiving terminal negotiation determination with receiving message The identifying algorithm being authenticated to message is with after the first corresponding relation of algorithm mark for identifying the identifying algorithm, depositing Store up first corresponding relation;The assembling module includes:First memory cell, for consulting in the receiving terminal with receiving message It is determined that for the authentication option that is assembled to message and the second corresponding pass of the Option for identifying the authentication option After system, second corresponding relation is stored.
According to another embodiment of the invention, there is provided a kind of message reception device, including:3rd determining module, use Consult to determine for the identifying algorithm for being authenticated message with calculating for identifying the certification in sending the transmitting terminal of message First corresponding relation of the algorithm mark of method;Receiving module, the message sent for receiving the transmitting terminal;Acquisition module, use The algorithm mark carried in the acquisition message;Authentication module, for using certification corresponding to the algorithm mark obtained Algorithm is authenticated to the message received.
Alternatively, acquisition module includes:3rd determining unit, for send message transmitting terminal consult determine be used for pair The authentication option that message is assembled and the second corresponding relation of the Option for identifying the authentication option;First obtains Unit, for obtaining the Option carried in the message received;Second acquisition unit, for from the Option The algorithm mark is obtained in corresponding authentication option.
Alternatively, described device also includes:Second memory module, for consulting to determine to use with receiving the receiving terminal of message After the identifying algorithm being authenticated to message and the first corresponding relation identified for identifying the algorithm of the identifying algorithm, Store first corresponding relation;The acquisition module includes:Second memory cell, for being assisted in the receiving terminal with receiving message Business is determined for the second corresponding of the authentication option assembled to message and the Option for identifying the authentication option After relation, second corresponding relation is stored.
Alternatively, authentication module includes:First judging unit, for judging certification corresponding to the algorithm mark of acquisition Whether algorithm is consistent with pre-defined algorithm;Second judging unit, for being corresponding to the algorithm obtained identifies in judged result In the case that identifying algorithm is consistent with the pre-defined algorithm, judge to carry out the message received using the pre-defined algorithm Checking obtain the first validation value with using the identifying algorithm to the message carry out verify acquisition the second validation value whether one Cause;Authentication unit, in the case of first validation value and the second validation value identical, it is determined that recognizing the message Demonstrate,prove successfully.
According to still another embodiment of the invention, a kind of storage medium is additionally provided.The storage medium is arranged to storage and used In the program code for performing following steps:The certification that receiving terminal with receiving message is consulted to determine to be used to be authenticated message is calculated First corresponding relation of method and the algorithm mark for identifying the identifying algorithm;It is determined that for being assembled to message to be sent Identifying algorithm;The message to be sent is assembled using algorithm mark corresponding to the identifying algorithm of determination;By group The message to be sent of dress is sent to receiving terminal.
Alternatively, storage medium is also configured to the program code that storage is used to perform following steps:Using described in determination Algorithm mark carries out assembling to the message to be sent corresponding to identifying algorithm includes:Receiving terminal with receiving message is consulted to determine For the authentication option and the second corresponding relation of the Option for identifying the authentication option assembled to message;Really It is fixed to be used for the authentication option pending for sending message and being assembled;The certification is carried using the authentication option of determination The mode of Option, group is carried out to the message to be sent corresponding to algorithm mark corresponding to algorithm and the authentication option Dress.
Alternatively, storage medium is also configured to the program code that storage is used to perform following steps:With receiving message The identifying algorithm that receiving terminal is consulted to determine to be used to be authenticated message and the algorithm mark for identifying the identifying algorithm After first corresponding relation, in addition to:Store first corresponding relation;And/or consult really in the receiving terminal with receiving message The fixed authentication option for being used to assemble message and the second corresponding relation of the Option for identifying the authentication option Afterwards, in addition to:Store second corresponding relation.
According to another embodiment of the invention, a kind of storage medium is additionally provided.The storage medium is arranged to storage and used In the program code for performing following steps:The certification that transmitting terminal with sending message is consulted to determine to be used to be authenticated message is calculated First corresponding relation of method and the algorithm mark for identifying the identifying algorithm;Receive the message that the transmitting terminal is sent;Obtain The algorithm carried in the message is taken to identify;Using identifying algorithm corresponding to the algorithm mark of acquisition to described in receiving Message is authenticated.
Alternatively, storage medium is also configured to the program code that storage is used to perform following steps:Obtain in the message The algorithm mark of carrying includes:Transmitting terminal with sending message is consulted to determine to be used for the authentication option and use for assembling message In the second corresponding relation of the Option for identifying the authentication option;Obtain the option mark carried in the message received Know;The algorithm mark is obtained from authentication option corresponding to the Option.
Alternatively, storage medium is also configured to the program code that storage is used to perform following steps:With sending message The identifying algorithm that transmitting terminal is consulted to determine to be used to be authenticated message and the algorithm mark for identifying the identifying algorithm After first corresponding relation, in addition to:Store first corresponding relation;And/or consult really in the transmitting terminal with sending message The fixed authentication option for being used to assemble message and the second corresponding relation of the Option for identifying the authentication option Afterwards, in addition to:Store second corresponding relation.
Alternatively, storage medium is also configured to the program code that storage is used to perform following steps:Using described in acquisition Identifying algorithm corresponding to algorithm mark is authenticated including to the message received:Judge the algorithm mark pair obtained Whether the identifying algorithm answered is consistent with pre-defined algorithm;Judged result for obtain the algorithm mark corresponding to identifying algorithm with In the case that the pre-defined algorithm is consistent, judge that carrying out checking to the message received using the pre-defined algorithm obtains the One validation value verifies whether the second validation value of acquisition is consistent with being carried out using the identifying algorithm to the message;Described In the case of one validation value and the second validation value identical, it is determined that to message authentication success.
By the present invention, the receiving terminal with receiving message is consulted to determine to be used for identifying algorithm and the use for being authenticated message In the first corresponding relation of the algorithm mark for identifying the identifying algorithm;It is determined that for the certification assembled to message to be sent Algorithm;The message to be sent is assembled using algorithm mark corresponding to the identifying algorithm of determination;By treating for assembling Send message and be sent to receiving terminal.It is the reception with receiving message due to being sent to the algorithm carried in the message of receiving terminal mark Consult what is determined in end, i.e. algorithm mark is the identifying algorithm being authenticated to message to be sent that transmitting-receiving two-end is consulted to determine Corresponding algorithm mark, therefore, can solve the identifying algorithm class due to indicating corresponding identifying algorithm type between distinct device Offset is inconsistent, the problem of causing the identifying algorithm type to each other of None- identified between distinct device, and it is simultaneous to reach enhancing TCP certifications The effect of capacitive.
Brief description of the drawings
Accompanying drawing described herein is used for providing a further understanding of the present invention, forms the part of the application, this hair Bright schematic description and description is used to explain the present invention, does not form inappropriate limitation of the present invention.In the accompanying drawings:
Fig. 1 is a kind of hardware block diagram of the mobile terminal of file transmitting method of the embodiment of the present invention;
Fig. 2 is the flow chart that message according to embodiments of the present invention is sent;
Fig. 3 is the enhanced authentication option form in draft-bonica-tcp-auth-06 according to embodiments of the present invention Figure;
Fig. 4 is the flow chart of the file transmitting method of the preferred embodiment of the present invention;
Fig. 5 is the flow chart that message according to embodiments of the present invention receives;
Fig. 6 is the flow chart of the message method of reseptance of the preferred embodiment of the present invention;
Fig. 7 is the structured flowchart of packet transmission device according to embodiments of the present invention;
Fig. 8 is the structured flowchart that module 76 is assembled in packet transmission device according to embodiments of the present invention;
Fig. 9 is the preferred structure block diagram of packet transmission device according to embodiments of the present invention;
Figure 10 is the structured flowchart of message reception device according to embodiments of the present invention;
Figure 11 is the structured flowchart of acquisition module 106 in message reception device according to embodiments of the present invention;
Figure 12 is the preferred structure block diagram of message reception device according to embodiments of the present invention;
Figure 13 is the structured flowchart of authentication module 108 in packet transmission device according to embodiments of the present invention.
Embodiment
Describe the present invention in detail below with reference to accompanying drawing and in conjunction with the embodiments.It should be noted that do not conflicting In the case of, the feature in embodiment and embodiment in the application can be mutually combined.
It should be noted that term " first " in description and claims of this specification and above-mentioned accompanying drawing, " Two " etc. be for distinguishing similar object, without for describing specific order or precedence.
Embodiment 1
The embodiment of the method that the embodiment of the present application one is provided can be in mobile terminal, terminal or similar fortune Calculate and performed in device.Exemplified by running on mobile terminals, Fig. 1 is a kind of movement of file transmitting method of the embodiment of the present invention The hardware block diagram of terminal.Handled as shown in figure 1, mobile terminal 10 can include one or more (one is only shown in figure) Device 102 (processor 102 can include but is not limited to Micro-processor MCV or PLD FPGA etc. processing unit), Memory 104 for data storage and the transmitting device 106 for communication function.Those of ordinary skill in the art can be with Understand, the structure shown in Fig. 1 is only to illustrate, and it does not cause to limit to the structure of above-mentioned electronic installation.For example, mobile terminal 10 It may also include more either less components than shown in Fig. 1 or there is the configuration different from shown in Fig. 1.
Memory 104 can be used for the software program and module of storage application software, such as the message in the embodiment of the present invention Programmed instruction/module corresponding to sending method, processor 102 by operation be stored in software program in memory 104 and Module, so as to perform various function application and data processing, that is, realize above-mentioned method.Memory 104 may include at a high speed with Machine memory, may also include nonvolatile memory, as one or more magnetic storage device, flash memory or other it is non-easily The property lost solid-state memory.In some instances, memory 104 can further comprise depositing relative to processor 102 is remotely located Reservoir, these remote memories can pass through network connection to mobile terminal 10.The example of above-mentioned network is including but not limited to mutual Networking, intranet, LAN, mobile radio communication and combinations thereof.
Transmitting device 106 is used to data are received or sent via a network.Above-mentioned network instantiation may include The wireless network that the communication providerses of mobile terminal 10 provide.In an example, transmitting device 106 includes a Network adaptation Device (Network Interface Controller, NIC), its can be connected by base station with other network equipments so as to it is mutual Networking is communicated.In an example, transmitting device 106 can be radio frequency (Radio Frequency, RF) module, and it is used In wirelessly being communicated with internet.
A kind of file transmitting method for running on above-mentioned mobile terminal is provided in the present embodiment, and Fig. 2 is according to this hair The flow chart that the message of bright embodiment is sent, as shown in Fig. 2 the flow comprises the following steps:
Step S202, the identifying algorithm that the receiving terminal with receiving message is consulted to determine to be used to be authenticated message is with being used for First corresponding relation of the algorithm mark of ID authentication algorithm;
Step S204, it is determined that for the identifying algorithm assembled to message to be sent;
Step S206, message to be sent is assembled using algorithm mark corresponding to the identifying algorithm of determination;
Step S208, the message to be sent of assembling is sent to receiving terminal.
By above-mentioned steps, because the corresponding relation between above-mentioned algorithm mark and identifying algorithm is that transmitting terminal is reported with receiving The receiving terminal of text consults what is determined, i.e. in the algorithm mark carried during receiving terminal gets message, it is possible to determine transmitting terminal The message is carried out to assemble used identifying algorithm, therefore, can be solved due to indicating that corresponding certification is calculated between distinct device The identifying algorithm types value (i.e. above-mentioned algorithm mark) of method type is inconsistent, causes the recognizing to each other of None- identified between distinct device The problem of demonstrate,proving algorithm types, reach the effect that identifying algorithm type to each other can be identified between distinct device.
Consult to determine for the identifying algorithm for being authenticated message with for mark recognizing in the receiving terminal with receiving message When demonstrate,proving the first corresponding relation of algorithm mark of algorithm, various ways can be used, for example, (i.e. message is sent out at the both ends of docking Sending end and receiving terminal), the algorithm types Alg ID values consulted (i.e. above-mentioned algorithm identifies) are configured by order, to identical Algorithm, in sending and receiving end, the Alg ID values of configuration are consistent.Alternatively, after transmitting terminal chooses the algorithm types of needs, by it Corresponding Alg ID values are converted into insert in authentication option;Receiving terminal is allowd to be worth to what transmitting terminal used according to Alg ID Algorithm types.In another example at the both ends of docking, each algorithm types Alg ID values can be negotiated outside by band, then pass through and configure Order configures the Alg ID values of each algorithm types, keeps transmitting-receiving two-end configuration consistency, the Alg ID values of configuration are registered in into equipment In internal list item, convenient recognizer type of subsequently tabling look-up.If further for example, opposite end do not support consult configure, docking when, Local terminal according to the algorithm types Alg ID values that opposite end is approved can carry out that registration is locally configured, and to multiple opposite ends, can enter respectively Row configuration registration.
It is alternatively possible to directly be assembled using above-mentioned algorithm mark to message to be sent, can also use will be above-mentioned Message carries and message to be sent is assembled in authentication option, but not limited to this.For example, above-mentioned message is carried when using In the case of being assembled in authentication option to message to be sent, above-mentioned steps S206 is corresponding using the identifying algorithm of determination Algorithm mark assembling is carried out to message to be sent can include:Receiving terminal with receiving message is consulted to determine to be used to enter message The authentication option and the second corresponding relation of the Option for ID authentication option of row assembling;It is determined that for transmission pending The authentication option that message is assembled;Algorithm mark corresponding to identifying algorithm and certification choosing are carried using the authentication option of determination The mode of Option, is assembled to message to be sent corresponding to.
By above-mentioned steps, because the corresponding relation of above-mentioned type selecting mark and authentication option is transmitting terminal and reception message Receiving terminal consults what is determined, i.e. the Option is the certification being authenticated to message to be sent that transmitting-receiving two-end is consulted to determine Type selecting mark corresponding to type selecting, therefore, can solve the certification due to indicating corresponding certification type selecting type between distinct device Type selecting types value (i.e. above-mentioned Option) is inconsistent, causes the certification type selecting type of None- identified to each other between distinct device Problem, realize sending and receiving end simply and easily certification.
Consult to determine for the authentication option for assembling message with for mark recognizing in the receiving terminal with receiving message When demonstrate,proving the second corresponding relation of the Option of option, various ways can be used, for example, at the both ends of docking, pass through order The option type Kind values (with above-mentioned Option) consulted are configured, transmitting-receiving two-end Kind values are consistent.Alternatively, when Using draft-bonica-tcp-auth-06 authentication option when sending message, transmitting terminal can should when sending message In Kind values write-in message corresponding to authentication option so that the report that transmitting terminal is sent can be determined when receiving message according to Kind values The authentication option of literary grace is draft-bonica-tcp-auth-06 authentication option., can be with another example at the both ends of docking Option type Kind values are negotiated by the way that band is outer, then by configuration order config option type Kind values, keep transmitting-receiving two-end to match somebody with somebody Put consistent.In another example if opposite end is not supported to consult to configure, in docking, local terminal can be according to the authentication option of opposite end accreditation Type Kind values carry out that registration is locally configured, and to multiple opposite ends, can carry out configuration registration respectively.It is it should be noted that above-mentioned Draft-bonica-tcp-auth-06 authentication option is a simple example, and above-described embodiment can also be applied to all TCP option type, in the negotiation of identifying algorithm type, to strengthen the compatibility of TCP message.
Relative to correlation technique, due to indicating authentication option corresponding to corresponding TCP authentication options type between distinct device Identifying algorithm types value corresponding to types value, identifying algorithm type is inconsistent, causes None- identified between distinct device to each other Authentication option, identifying algorithm type.It is (i.e. above-mentioned by being identified to authentication option value (i.e. above-mentioned Option) and authentication algorithm values Algorithm identifies) corresponding corresponding authentication option and identifying algorithm, realize recognizing to each other can be accurately identified distinct device Option, identifying algorithm type are demonstrate,proved, realizes effective certification.
Fig. 3 is the enhanced authentication option form in draft-bonica-tcp-auth-06 according to embodiments of the present invention Figure, as shown in figure 3, the enhanced authentication option format description in draft-bonica-tcp-auth-06 is as follows:
Kind fields grow 8 bits, for illustrating this enhanced authentication option form.
Length (length) field grows 8 bits, and numerical value is between 4-40 bytes, according to selected message authentication code (Message Authentication Code, referred to as MAC) algorithm determines that the MAC length that different MAC algorithms are generated is not One.
T fields grow 1 bit, calculate whether include TCP option part for distinguishing MAC, and 0 expression MAC, which is calculated, includes TCP Option, 1 represents not including TCP option.
K fields grow 1 bit, reserve future usage, currently fill in 0.
Alg id fields grow 6 bits, define MAC algorithm types.
Res fields grow 2 bits, reserved bit, set to 0.
Key id fields grow 6 bits, show to generate Key used in MAC.
Authentication Data (authentication data):The MAC regions of variable-length.
Alternatively, consult to determine for the identifying algorithm for being authenticated message with being used in the receiving terminal with receiving message After first corresponding relation of the algorithm mark of ID authentication algorithm, in addition to:Store the first corresponding relation;And/or with connecing The receiving terminal of receiving text is consulted to determine for the authentication option for assembling message and the option mark for ID authentication option After the second corresponding relation known, in addition to:Store the second corresponding relation.
By above-mentioned steps, due to having stored the identifying algorithm type consulted through transmitting-receiving two-end and algorithm mark The corresponding relation of corresponding relation and authentication option type and type selecting mark, when can make it that the transmitting terminal sends message again, Without consulting corresponding algorithm mark and Option, pair directly identified according to the identifying algorithm type of storage and algorithm again It should be related to and the corresponding relation of authentication option type and type selecting type calls corresponding mark.By using above-mentioned place Reason, realizes and quickly and efficiently sending and receiving end is authenticated.
For example, at the both ends of docking, the algorithm types Alg ID values consulted are configured by order, i.e., identical calculated Method, in sending and receiving end, the Alg ID values of configuration are consistent, and now the value of configuration can be registered in the table of device interior.It is optional Ground, after transmitting terminal chooses the algorithm types of needs, the registration form of equipment content can be searched, the algorithm chosen is converted into phase The Alg ID values answered are inserted in authentication option;Receiving terminal is allowd to search stepping on for the equipment content of its own according to Alg ID numbers Remember table, obtain the algorithm types that transmitting terminal uses.
Alternatively, above-mentioned registration form can be as shown in table 1, at the both ends of docking, consults to configure the Alg ID values of MD5 algorithms Alg ID values for 3, SHA1 algorithms are that the Alg ID values of 6, HMAC-MD5 algorithms are that the Alg ID values of 5, HMAC-SHA1 algorithms are 7。
The identifying algorithm of table 1 and the example arrangement registration form of Alg ID values
Algorithm types Alg ID values
MD5 3
SHA1 6
HMAC-MD5 5
HMAC-SHA1 7
Alternatively, step S202 and step S204 execution sequence can exchange, you can to first carry out step S204, Then S202 is performed again.
Fig. 4 is the flow chart of the file transmitting method of the preferred embodiment of the present invention.As shown in figure 4, this preferred embodiment side The idiographic flow that method sends message is as follows:
1) selection sends the certification key and identifying algorithm that message uses, such as selection identifying algorithm HMAC-MD5;
2) identifying algorithm is looked into above-mentioned table 1, is converted to Alg ID values 5;
3) there is the MAC value of certification cipher key calculation outgoing packet according to algorithm types;
4) enhanced authentication option is assembled, inserts the Kind values such as 50 consulted, the Alg ID values 5 after conversion, selection MAC value after the Key ID of key, and calculating etc.;
5) message is sent to receiving terminal.
Through the above description of the embodiments, those skilled in the art can be understood that according to above-mentioned implementation The method of example can add the mode of required general hardware platform to realize by software, naturally it is also possible to by hardware, but a lot In the case of the former be more preferably embodiment.Based on such understanding, technical scheme is substantially in other words to existing The part that technology contributes can be embodied in the form of software product, and the computer software product is stored in a storage In medium (such as ROM/RAM, magnetic disc, CD), including some instructions to cause a station terminal equipment (can be mobile phone, calculate Machine, server, or network equipment etc.) perform method described in each embodiment of the present invention.
Embodiment 2
A kind of message method of reseptance for running on above-mentioned mobile terminal is additionally provided in the present embodiment, and Fig. 5 is according to this The flow chart that the message of inventive embodiments receives, as shown in figure 5, the flow comprises the following steps:
Step S502, the identifying algorithm that the transmitting terminal with sending message is consulted to determine to be used to be authenticated message is with being used for First corresponding relation of the algorithm mark of ID authentication algorithm;
Step S504, the message that receiving end/sending end is sent;
Step S506, obtain the algorithm mark carried in message;
Step S508, the message received is authenticated using identifying algorithm corresponding to the algorithm mark of acquisition.
By above-mentioned steps, because receiving terminal and transmitting terminal consult that the identifying algorithm for being authenticated message and calculation is determined The corresponding relation of method mark so that receiving terminal can be recognized according to what the algorithm mark identification transmitting terminal in the message received used Demonstrate,prove the type of algorithm.Therefore, can solve the identifying algorithm type due to indicating corresponding identifying algorithm type between distinct device Value (i.e. above-mentioned algorithm identify) is inconsistent, the problem of causing the identifying algorithm type to each other of None- identified between distinct device, reaches To the effect that identifying algorithm type to each other can be identified between distinct device.
It is alternatively possible to the algorithm mark for the identifying algorithm that transmitting terminal uses directly is obtained from the message received, The algorithm mark for the identifying algorithm that transmitting terminal uses can be obtained from the authentication option in the message received, but is not limited to This.For example, above-mentioned steps S506, obtaining the algorithm mark carried in message includes:Transmitting terminal with sending message is consulted to determine For the authentication option and the second corresponding relation of the Option for ID authentication option assembled to message;Acquisition connects The Option carried in the message received;Acquisition algorithm identifies from authentication option corresponding to Option.
By above-mentioned steps, because receiving terminal and transmitting terminal consult that the authentication option for assembling message and choosing is determined The corresponding relation of item mark so that receiving terminal can be recognized according to what the Option identification transmitting terminal in the message received used The type of option is demonstrate,proved, and then algorithm corresponding to the identifying algorithm that transmitting terminal uses is obtained from authentication option corresponding to Option Mark.Therefore, can solve because the certification type selecting types value that corresponding certification type selecting type is indicated between distinct device is (i.e. above-mentioned Option) inconsistent, the problem of causing the certification type selecting type to each other of None- identified between distinct device, realize sending and receiving end letter Single convenient certification.
Alternatively, consult to determine for the identifying algorithm for being authenticated message with being used in the transmitting terminal with sending message After first corresponding relation of the algorithm mark of ID authentication algorithm, in addition to:Store the first corresponding relation;And/or with hair Option mark of the authentication option that literary transmitting terminal of delivering newspaper is consulted to determine to be used to assemble message with being used for ID authentication option After the second corresponding relation known, in addition to:Store the second corresponding relation.
By above-mentioned steps, due to having stored the identifying algorithm type consulted through transmitting-receiving two-end and algorithm mark The corresponding relation of corresponding relation and authentication option type and type selecting mark, when can make it that the receiving terminal receives message again, Without consulting corresponding algorithm mark and Option, pair directly identified according to the identifying algorithm type of storage and algorithm again It should be related to and the corresponding relation of authentication option type and type selecting type calls what the i.e. recognizable transmitting terminal of corresponding mark used Authentication option type and identifying algorithm type.
Alternatively, the message received is authenticated including using identifying algorithm corresponding to the algorithm mark of acquisition:Sentence Whether identifying algorithm and pre-defined algorithm are consistent corresponding to the disconnected algorithm mark obtained;Algorithm mark pair in judged result for acquisition In the case that the identifying algorithm answered is consistent with pre-defined algorithm, judge to carry out checking acquisition to the message received using pre-defined algorithm First validation value verifies whether the second validation value of acquisition is consistent with being carried out using identifying algorithm to message;The first validation value with In the case of second validation value identical, it is determined that to message authentication success.By above-mentioned steps, the double authentication to message is realized, Improve the security of transmitting message.
Alternatively, step S502 and step S504 execution sequence can exchange, you can to first carry out step S504, Then S502 is performed again.
Fig. 6 is the flow chart of the message method of reseptance of the preferred embodiment of the present invention.As shown in fig. 6, this preferred embodiment side The idiographic flow that method receives message is as follows:
1) message is received from transmitting terminal
2) TCP message is parsed, the enhanced authentication option in outgoing packet is parsed according to the Kind values 50 consulted.From enhancing Key ID, Alg ID, MAC value are parsed in type authentication option.
3) Alg ID values 5 are tabled look-up 1, is converted to algorithm types HMAC-MD5
4) key being locally stored and algorithm types are obtained according to Key ID, the algorithm types in comparing 3) and local calculation Whether method type is consistent, if it is inconsistent, authentication failed, if unanimously, performed 5);
5) MAC value is recalculated to the message received, contrasted with the MAC value in 2), if unanimously, be verified, Otherwise, authentication failed.
Through the above description of the embodiments, those skilled in the art can be understood that according to above-mentioned implementation The method of example can add the mode of required general hardware platform to realize by software, naturally it is also possible to by hardware, but a lot In the case of the former be more preferably embodiment.Based on such understanding, technical scheme is substantially in other words to existing The part that technology contributes can be embodied in the form of software product, and the computer software product is stored in a storage In medium (such as ROM/RAM, magnetic disc, CD), including some instructions to cause a station terminal equipment (can be mobile phone, calculate Machine, server, or network equipment etc.) perform method described in each embodiment of the present invention.
Embodiment 3
A kind of packet transmission device is additionally provided in the present embodiment, and the device is used to realize above-described embodiment and preferred reality Mode is applied, had carried out repeating no more for explanation.As used below, term " module " can realize the soft of predetermined function The combination of part and/or hardware.Although device described by following examples is preferably realized with software, hardware, or The realization of the combination of software and hardware is also what may and be contemplated.
Fig. 7 is the structured flowchart of packet transmission device according to embodiments of the present invention, as shown in fig. 7, the device includes:
First determining module 72, for consulting to determine to be used for the certification for being authenticated message with receiving the receiving terminal of message Algorithm and the first corresponding relation identified for the algorithm of ID authentication algorithm;
Second determining module 74, above-mentioned first determining module 72 is connected to, for determining to be used to carry out message to be sent The identifying algorithm of assembling;
Module 76 is assembled, is connected to above-mentioned second determining module 74, for using algorithm corresponding to the identifying algorithm determined Mark assembles to message to be sent;
Sending module 78, above-mentioned assembling module 76 is connected to, for the message to be sent of assembling to be sent into receiving terminal.
Fig. 8 is the structured flowchart that module 76 is assembled in packet transmission device according to embodiments of the present invention, as shown in figure 8, Above-mentioned assembling module 76 includes:First determining unit 82, the second determining unit 84 and module units 86, are said separately below It is bright.
First determining unit 82, for consulting to determine to be used for the certification for assembling message with receiving the receiving terminal of message Second corresponding relation of option and the Option for ID authentication option;
Second determining unit 84, above-mentioned first determining unit 82 is connected to, for determining to be used to enter transmission message pending The authentication option of row assembling;
Module units 86, above-mentioned second determining unit 84 is connected to, is calculated for carrying certification using the authentication option determined The mode of Option, is assembled to message to be sent corresponding to algorithm mark corresponding to method and authentication option.
Fig. 9 is the preferred structure block diagram of packet transmission device according to embodiments of the present invention, as shown in figure 9, said apparatus In addition to including all modules shown in Fig. 7, in addition to:First memory module 92, above-mentioned first determining module 72 is connected to, is used for It is used for the identifying algorithm being authenticated to message and for ID authentication algorithm in the receiving terminal negotiation determination with receiving message After first corresponding relation of algorithm mark, the first corresponding relation is stored, above-mentioned assembling module 86, which is removed, includes institute as shown in Figure 8 With outside unit, in addition to:First memory cell 94, above-mentioned first determining unit 82 is connected to, for receiving connecing for message Receiving end consults to determine to be used for authentication option and the second couple of the Option for ID authentication option for assembling message After should being related to, the second corresponding relation is stored.
It should be noted that above-mentioned modules can be realized by software or hardware, for the latter, Ke Yitong Cross in the following manner realization, but not limited to this:Above-mentioned module is respectively positioned in same processor;Or above-mentioned modules are with any The form of combination is located in different processors respectively.
Embodiment 4
A kind of message reception device is additionally provided in the present embodiment, and the device is used to realize above-described embodiment and preferred reality Mode is applied, had carried out repeating no more for explanation.As used below, term " module " can realize the soft of predetermined function The combination of part and/or hardware.Although device described by following examples is preferably realized with software, hardware, or The realization of the combination of software and hardware is also what may and be contemplated.
Figure 10 is the structured flowchart of message reception device according to embodiments of the present invention, and as shown in Figure 10, the device includes:
3rd determining module 102, for consulting to determine that be used to be authenticated message recognizes with sending the transmitting terminal of message Card algorithm and the first corresponding relation of the algorithm mark for identifying the identifying algorithm;
Receiving module 104, above-mentioned 3rd determining module 102 is connected to, the message sent for receiving the transmitting terminal;
Acquisition module 106, receiving module 104 is connected to, for obtaining the algorithm carried in the message mark;
Authentication module 108, above-mentioned acquisition module 106 is connected to, for recognizing using corresponding to the algorithm mark obtained Card algorithm is authenticated to the message received.
Figure 11 is the structured flowchart of acquisition module 106 in message reception device according to embodiments of the present invention, such as Figure 11 institutes Show, above-mentioned acquisition module 106 includes:
3rd determining unit 112, for consulting to determine that be used to assemble message recognizes with sending the transmitting terminal of message Second corresponding relation of card option and the Option for identifying the authentication option;
First acquisition unit 114, above-mentioned 3rd determining unit 112 is connected to, for obtaining in the message received The Option of carrying;
Second acquisition unit 116, above-mentioned first acquisition unit 114 is connected to, for recognizing from corresponding to the Option The algorithm mark is obtained in card option.
Figure 12 is the preferred structure block diagram of message reception device according to embodiments of the present invention, as shown in figure 12, above-mentioned dress Put in addition to including all modules shown in Figure 10, in addition to:Second memory module 122, it is connected to above-mentioned 3rd determining module 102, for being used for the identifying algorithm being authenticated to message and for identifying institute in the transmitting terminal negotiation determination with sending message After the first corresponding relation of algorithm mark for stating identifying algorithm, first corresponding relation is stored, above-mentioned acquisition module 106 removes Outside including unit therefor as shown in figure 11, in addition to:Also include:Second memory cell 124, it is connected to the above-mentioned 3rd and determines list Member 112, for identifying institute with being used for the authentication option that the transmitting terminal of transmission message is consulted to determine to be used to assemble message After the second corresponding relation for stating the Option of authentication option, second corresponding relation is stored.
Figure 13 is the structured flowchart of authentication module 108 in packet transmission device according to embodiments of the present invention, such as Figure 13 institutes Show, above-mentioned authentication module 108 includes:
First judging unit 132, identifying algorithm corresponding to the algorithm mark obtained for judgement are with pre-defined algorithm It is no consistent;
Second judging unit 134, above-mentioned first judging unit 132 is connected to, described in being obtained in judged result In the case that identifying algorithm corresponding to algorithm mark is consistent with the pre-defined algorithm, judge using the pre-defined algorithm to receiving The message carry out checking and obtain the first validation value verifying the of acquisition with carrying out the message using the identifying algorithm Whether two validation values are consistent;
Authentication unit 136, above-mentioned second judging unit 134 is connected to, in first validation value and described second In the case of validation value identical, it is determined that to message authentication success.
Embodiment 5
Embodiments of the invention additionally provide a kind of storage medium.Alternatively, in the present embodiment, above-mentioned storage medium can The program code for performing following steps to be arranged to storage to be used for:
S1, the identifying algorithm that the receiving terminal with receiving message is consulted to determine to be used to be authenticated message for mark with recognizing Demonstrate,prove the first corresponding relation of the algorithm mark of algorithm;
S2, it is determined that for the identifying algorithm assembled to message to be sent;
S3, message to be sent is assembled using algorithm mark corresponding to the identifying algorithm of determination;
S4, the message to be sent of assembling is sent to receiving terminal.
Alternatively, storage medium is also configured to the program code that storage is used to perform following steps:Using recognizing for determination Algorithm mark carries out assembling to message to be sent corresponding to card algorithm includes:
S1, the authentication option that the receiving terminal with receiving message is consulted to determine to be used to assemble message for mark with recognizing Demonstrate,prove the second corresponding relation of the Option of option;
S2, it is determined that for the authentication option assembled to transmission message pending;
S3, option corresponding to algorithm mark corresponding to identifying algorithm and authentication option is carried using the authentication option of determination The mode of mark, message to be sent is assembled.
Alternatively, storage medium is also configured to the program code that storage is used to perform following steps:
S1, identified in the identifying algorithm for consulting to determine to be used to be authenticated message with receiving the receiving terminal of message with being used for After first corresponding relation of the algorithm mark of identifying algorithm, in addition to:Store the first corresponding relation;And/or
S2, identified in the authentication option for consulting to determine to be used to assemble message with receiving the receiving terminal of message with being used for After second corresponding relation of the Option of authentication option, in addition to:Store the second corresponding relation.
Embodiments of the invention provide a kind of storage medium again.Alternatively, in the present embodiment, above-mentioned storage medium can The program code for performing following steps to be arranged to storage to be used for:
S1, the identifying algorithm that the transmitting terminal with sending message is consulted to determine to be used to be authenticated message for mark with recognizing Demonstrate,prove the first corresponding relation of the algorithm mark of algorithm;
S2, the message that receiving end/sending end is sent;
S3, obtain the algorithm mark carried in message;
S4, the message received is authenticated using identifying algorithm corresponding to the algorithm mark of acquisition.
Alternatively, storage medium is also configured to the program code that storage is used to perform following steps:Obtain and taken in message The algorithm mark of band includes:
S1, the authentication option that the transmitting terminal with sending message is consulted to determine to be used to assemble message for mark with recognizing Demonstrate,prove the second corresponding relation of the Option of option;
S2, obtain the Option carried in the message received;
S3, acquisition algorithm identifies from authentication option corresponding to Option.
Alternatively, storage medium is also configured to the program code that storage is used to perform following steps:
S1, identified in the identifying algorithm for consulting to determine to be used to be authenticated message with sending the transmitting terminal of message with being used for After first corresponding relation of the algorithm mark of identifying algorithm, in addition to:Store the first corresponding relation;And/or
S2, identified in the authentication option for consulting to determine to be used to assemble message with sending the transmitting terminal of message with being used for After second corresponding relation of the Option of authentication option, in addition to:Store the second corresponding relation.
Alternatively, storage medium is also configured to the program code that storage is used to perform following steps:Using the calculation of acquisition Identifying algorithm corresponding to method mark is authenticated including to the message received:
S1, judge whether identifying algorithm and pre-defined algorithm are consistent corresponding to the algorithm mark of acquisition;
S2, in the case where judged result is consistent with pre-defined algorithm for identifying algorithm corresponding to the algorithm mark of acquisition, sentence Disconnected checking the first validation value of acquisition that carried out using pre-defined algorithm to the message received using identifying algorithm with being tested message Whether consistent demonstrate,prove the second validation value obtained;
S3, in the case of the first validation value and the second validation value identical, it is determined that to message authentication success.
Alternatively, in the present embodiment, above-mentioned storage medium can include but is not limited to:USB flash disk, read-only storage (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), mobile hard disk, magnetic disc or CD etc. is various can be with the medium of store program codes.
Alternatively, in the present embodiment, processor performs according to the program code stored in storage medium:Reported with receiving The identifying algorithm that the receiving terminal negotiation of text determines to be used to be authenticated message and the algorithm mark for ID authentication algorithm First corresponding relation;It is determined that for the identifying algorithm assembled to message to be sent;Using corresponding to the identifying algorithm of determination Algorithm mark assembles to message to be sent;The message to be sent of assembling is sent to receiving terminal.
Alternatively, in the present embodiment, processor performs according to the program code stored in storage medium:Using determination Identifying algorithm corresponding to algorithm mark assembling carried out to message to be sent included:Receiving terminal with receiving message is consulted to determine to use In the authentication option assembled to message and the second corresponding relation of the Option for ID authentication option;It is determined that it is used for The authentication option assembled to transmission message pending;Algorithm mark corresponding to identifying algorithm is carried using the authentication option of determination And the mode of Option corresponding to authentication option, message to be sent is assembled.
Alternatively, in the present embodiment, processor performs according to the program code stored in storage medium:With reception The identifying algorithm that the receiving terminal of message is consulted to determine to be used to be authenticated message identifies with the algorithm for ID authentication algorithm The first corresponding relation after, in addition to:Store the first corresponding relation;And/or consult to determine with receiving the receiving terminal of message After the second corresponding relation for the authentication option assembled to message and for the Option of ID authentication option, also Including:Store the second corresponding relation.
Alternatively, in the present embodiment, processor performs according to the program code stored in storage medium:Reported with sending The identifying algorithm that the transmitting terminal negotiation of text determines to be used to be authenticated message and the algorithm mark for ID authentication algorithm First corresponding relation;The message that receiving end/sending end is sent;Obtain the algorithm mark carried in message;Identified using the algorithm of acquisition Corresponding identifying algorithm is authenticated to the message received.
Alternatively, in the present embodiment, processor performs according to the program code stored in storage medium:Obtain message The algorithm mark of middle carrying includes:Transmitting terminal with sending message consult to determine to be used for the authentication option that is assembled to message with The second corresponding relation for the Option of ID authentication option;Obtain the Option carried in the message received;From Acquisition algorithm identifies in authentication option corresponding to Option.
Alternatively, in the present embodiment, processor performs according to the program code stored in storage medium:With transmission The identifying algorithm that the transmitting terminal of message is consulted to determine to be used to be authenticated message identifies with the algorithm for ID authentication algorithm The first corresponding relation after, in addition to:Store the first corresponding relation;And/or consult to determine with sending the transmitting terminal of message After the second corresponding relation for the authentication option assembled to message and for the Option of ID authentication option, also Including:Store the second corresponding relation.
Alternatively, in the present embodiment, processor performs according to the program code stored in storage medium:Using acquisition Algorithm mark corresponding to identifying algorithm the message received is authenticated including:Recognize corresponding to the algorithm mark for judging to obtain Demonstrate,prove algorithm and whether pre-defined algorithm is consistent;It is identifying algorithm and pre-defined algorithm one corresponding to the algorithm mark of acquisition in judged result In the case of cause, judge that being carried out checking to the message received using pre-defined algorithm is obtained the first validation value and use identifying algorithm Message is carried out to verify whether the second validation value of acquisition is consistent;In the case of the first validation value and the second validation value identical, It is determined that to message authentication success.
Alternatively, the specific example in the present embodiment may be referred to described in above-described embodiment and optional embodiment Example, the present embodiment will not be repeated here.
Obviously, those skilled in the art should be understood that above-mentioned each module of the invention or each step can be with general Computing device realize that they can be concentrated on single computing device, or be distributed in multiple computing devices and formed Network on, alternatively, they can be realized with the program code that computing device can perform, it is thus possible to they are stored Performed in the storage device by computing device, and in some cases, can be with different from shown in order execution herein The step of going out or describing, they are either fabricated to each integrated circuit modules respectively or by multiple modules in them or Step is fabricated to single integrated circuit module to realize.So, the present invention is not restricted to any specific hardware and software combination.
The preferred embodiments of the present invention are the foregoing is only, are not intended to limit the invention, for the skill of this area For art personnel, the present invention can have various modifications and variations.Within the spirit and principles of the invention, that is made any repaiies Change, equivalent substitution, improvement etc., should be included in the scope of the protection.

Claims (14)

  1. A kind of 1. file transmitting method, it is characterised in that including:
    Receiving terminal negotiation determination with receiving message is used for the identifying algorithm being authenticated to message and for identifying the certification First corresponding relation of the algorithm mark of algorithm;
    It is determined that for the identifying algorithm assembled to message to be sent;
    The message to be sent is assembled using algorithm mark corresponding to the identifying algorithm of determination;
    The message to be sent of assembling is sent to receiving terminal.
  2. 2. according to the method for claim 1, it is characterised in that using algorithm mark corresponding to the identifying algorithm determined Carrying out assembling to the message to be sent includes:
    Receiving terminal negotiation determination with receiving message is used for the authentication option assembled to message and for identifying the certification Second corresponding relation of the Option of option;
    It is determined that for the authentication option assembled to the message to be sent;
    It is corresponding that algorithm mark and the authentication option corresponding to the identifying algorithm are carried using the authentication option of determination Option mode, the message to be sent is assembled.
  3. 3. method according to claim 1 or 2, it is characterised in that
    With receive the receiving terminal of message consult to determine to be used for the identifying algorithm that is authenticated to message with for recognizing described in identifying After the first corresponding relation of algorithm mark for demonstrate,proving algorithm, in addition to:Store first corresponding relation;And/or
    With receive the receiving terminal of message consult to determine to be used for the authentication option that is assembled to message with for recognizing described in identifying After the second corresponding relation for demonstrate,proving the Option of option, in addition to:Store second corresponding relation.
  4. A kind of 4. message method of reseptance, it is characterised in that including:
    Transmitting terminal negotiation determination with sending message is used for the identifying algorithm being authenticated to message and for identifying the certification First corresponding relation of the algorithm mark of algorithm;
    Receive the message that the transmitting terminal is sent;
    Obtain the algorithm mark carried in the message;
    The message received is authenticated using identifying algorithm corresponding to the algorithm mark of acquisition.
  5. 5. according to the method for claim 4, it is characterised in that obtaining the algorithm mark carried in the message includes:
    Transmitting terminal negotiation determination with sending message is used for the authentication option assembled to message and for identifying the certification Second corresponding relation of the Option of option;
    Obtain the Option carried in the message received;
    The algorithm mark is obtained from authentication option corresponding to the Option.
  6. 6. the method according to claim 4 or 5, it is characterised in that
    With send the transmitting terminal of message consult to determine to be used for the identifying algorithm that is authenticated to message with for recognizing described in identifying After the first corresponding relation of algorithm mark for demonstrate,proving algorithm, in addition to:Store first corresponding relation;And/or
    With send the transmitting terminal of message consult to determine to be used for the authentication option that is assembled to message with for recognizing described in identifying After the second corresponding relation for demonstrate,proving the Option of option, in addition to:Store second corresponding relation.
  7. 7. according to the method for claim 4, it is characterised in that using identifying algorithm corresponding to the algorithm mark obtained The message received is authenticated including:
    Judge whether identifying algorithm and pre-defined algorithm are consistent corresponding to the algorithm mark of acquisition;
    In the case where judged result is consistent with the pre-defined algorithm for identifying algorithm corresponding to the algorithm mark of acquisition, sentence Disconnected checking the first validation value of acquisition that carried out using the pre-defined algorithm to the message received is with using the identifying algorithm The message is carried out to verify whether the second validation value of acquisition is consistent;
    In the case of first validation value and the second validation value identical, it is determined that to message authentication success.
  8. A kind of 8. packet transmission device, it is characterised in that including:
    First determining module, for receive the receiving terminal of message consult to determine to be used for the identifying algorithm that is authenticated to message with The first corresponding relation that algorithm for identifying the identifying algorithm identifies;
    Second determining module, for determining to be used for the identifying algorithm for assembling message to be sent;
    Module is assembled, for carrying out group to the message to be sent using algorithm mark corresponding to the identifying algorithm determined Dress;
    Sending module, for the message to be sent of assembling to be sent into receiving terminal.
  9. 9. device according to claim 8, it is characterised in that assembling module includes:
    First determining unit, for receive the receiving terminal of message consult to determine to be used for the authentication option that is assembled to message with For the second corresponding relation of the Option for identifying the authentication option;
    Second determining unit, for determining to be used for the authentication option for assembling the message to be sent;
    Module units, identified for algorithm corresponding to the authentication option carrying identifying algorithm using determination and described The mode of Option corresponding to authentication option, the message to be sent is assembled.
  10. 10. device according to claim 8 or claim 9, it is characterised in that
    Described device also includes:First memory module, for consulting to determine to be used to enter message with receiving the receiving terminal of message The identifying algorithm of row certification with after the first corresponding relation of algorithm mark for identifying the identifying algorithm, storage described the One corresponding relation;
    The assembling module also includes:First memory cell, for consulting to determine to be used for report with receiving the receiving terminal of message The authentication option that text is assembled is with after the second corresponding relation for the Option for identifying the authentication option, storing institute State the second corresponding relation.
  11. A kind of 11. message reception device, it is characterised in that including:
    3rd determining module, for send the transmitting terminal of message consult to determine to be used for the identifying algorithm that is authenticated to message with The first corresponding relation that algorithm for identifying the identifying algorithm identifies;
    Receiving module, the message sent for receiving the transmitting terminal;
    Acquisition module, for obtaining the algorithm carried in the message mark;
    Authentication module, for being recognized using identifying algorithm corresponding to the algorithm mark obtained the message received Card.
  12. 12. according to claim 11 described device, it is characterised in that acquisition module includes:
    3rd determining unit, for send the transmitting terminal of message consult to determine to be used for the authentication option that is assembled to message with For the second corresponding relation of the Option for identifying the authentication option;
    First acquisition unit, for obtaining the Option carried in the message received;
    Second acquisition unit, for obtaining the algorithm mark from authentication option corresponding to the Option.
  13. 13. according to the described device of claim 11 or 12, it is characterised in that
    Described device also includes:Second memory module, for consulting to determine to be used to enter message with sending the transmitting terminal of message The identifying algorithm of row certification with after the first corresponding relation of algorithm mark for identifying the identifying algorithm, storage described the One corresponding relation;
    The acquisition module also includes:Second memory cell, consult to determine to be used for message for the transmitting terminal with sending message After the authentication option assembled and the second corresponding relation for the Option for identifying the authentication option, described in storage Second corresponding relation.
  14. 14. according to claim 11 described device, it is characterised in that authentication module includes:
    First judging unit, for judging whether identifying algorithm and pre-defined algorithm are consistent corresponding to the algorithm mark of acquisition;
    Second judging unit, for being identifying algorithm and the predetermined calculation corresponding to the algorithm mark of acquisition in judged result In the case that method is consistent, judge using the pre-defined algorithm to the message received carry out checking obtain the first validation value with The message is carried out using the identifying algorithm to verify whether the second validation value of acquisition is consistent;
    Authentication unit, in the case of first validation value and the second validation value identical, it is determined that to the message Certification success.
CN201610377962.8A 2016-05-31 2016-05-31 Message sending, receiving method and device Withdrawn CN107454042A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201610377962.8A CN107454042A (en) 2016-05-31 2016-05-31 Message sending, receiving method and device
PCT/CN2017/086394 WO2017206845A1 (en) 2016-05-31 2017-05-27 Packet transmitting and receiving methods and devices

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610377962.8A CN107454042A (en) 2016-05-31 2016-05-31 Message sending, receiving method and device

Publications (1)

Publication Number Publication Date
CN107454042A true CN107454042A (en) 2017-12-08

Family

ID=60479121

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610377962.8A Withdrawn CN107454042A (en) 2016-05-31 2016-05-31 Message sending, receiving method and device

Country Status (2)

Country Link
CN (1) CN107454042A (en)
WO (1) WO2017206845A1 (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1471326A (en) * 2002-07-26 2004-01-28 ��Ϊ�������޹�˾ Method of wireless link encrypting aglorithm for autonomous selective secret communication
CN101222322A (en) * 2008-01-24 2008-07-16 中兴通讯股份有限公司 Safety ability negotiation method in super mobile broadband system
CN101296081A (en) * 2007-04-29 2008-10-29 华为技术有限公司 Authentication, method, system, access body and device for distributing IP address after authentication
CN101594229A (en) * 2009-06-30 2009-12-02 华南理工大学 A kind of trusted network connection system and method based on combined public key
CN101692636A (en) * 2009-10-27 2010-04-07 中山爱科数字科技有限公司 Data element and coordinate algorithm-based method and device for encrypting mixed data
WO2012096749A2 (en) * 2011-01-14 2012-07-19 Flash Seats, Llc Mobile application bar code identification method and system
CN103259768A (en) * 2012-02-17 2013-08-21 中兴通讯股份有限公司 Method, system and device of message authentication
CN103747001A (en) * 2014-01-14 2014-04-23 中电长城(长沙)信息技术有限公司 Audio-access mobile payment terminal based on security algorithm and communication method based on security algorithm

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101335615B (en) * 2008-05-30 2010-12-29 北京飞天诚信科技有限公司 Method used in key consultation of USB KEY audio ciphering and deciphering device
CN101345761A (en) * 2008-08-20 2009-01-14 深圳市同洲电子股份有限公司 Private data transmission method and system
CN101790160A (en) * 2009-01-23 2010-07-28 中兴通讯股份有限公司 Method and device for safely consulting session key
US9602498B2 (en) * 2013-10-17 2017-03-21 Fortinet, Inc. Inline inspection of security protocols
CN103685244B (en) * 2013-11-28 2017-01-04 深圳大学 A kind of differentiation authentication method and device

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1471326A (en) * 2002-07-26 2004-01-28 ��Ϊ�������޹�˾ Method of wireless link encrypting aglorithm for autonomous selective secret communication
CN101296081A (en) * 2007-04-29 2008-10-29 华为技术有限公司 Authentication, method, system, access body and device for distributing IP address after authentication
CN101222322A (en) * 2008-01-24 2008-07-16 中兴通讯股份有限公司 Safety ability negotiation method in super mobile broadband system
CN101594229A (en) * 2009-06-30 2009-12-02 华南理工大学 A kind of trusted network connection system and method based on combined public key
CN101692636A (en) * 2009-10-27 2010-04-07 中山爱科数字科技有限公司 Data element and coordinate algorithm-based method and device for encrypting mixed data
WO2012096749A2 (en) * 2011-01-14 2012-07-19 Flash Seats, Llc Mobile application bar code identification method and system
CN103259768A (en) * 2012-02-17 2013-08-21 中兴通讯股份有限公司 Method, system and device of message authentication
CN103747001A (en) * 2014-01-14 2014-04-23 中电长城(长沙)信息技术有限公司 Audio-access mobile payment terminal based on security algorithm and communication method based on security algorithm

Also Published As

Publication number Publication date
WO2017206845A1 (en) 2017-12-07

Similar Documents

Publication Publication Date Title
US10285050B2 (en) Method and apparatus for managing a profile of a terminal in a wireless communication system
EP3557895A1 (en) Method and apparatus for managing a profile of a terminal in a wireless communication system
US7280832B2 (en) Method and apparatus for automatically selecting a bearer for a wireless connection
CN109644186A (en) Method for carrying out UDP communication via multipath between two terminals
CN107787025A (en) Method, control terminal and the system of equipment access network
CN107920354A (en) The connection method of multiband equipment and system
US10924923B2 (en) Method and apparatus for managing a profile of a terminal in a wireless communication system
CN101529937A (en) Composed message authentication code
CN108259164A (en) The identity identifying method and equipment of a kind of internet of things equipment
CN207766561U (en) A kind of system of control terminal and equipment access network
CN112583639B (en) Configuration method and device of network equipment
CN105898733A (en) Machine changing method and device based on eSIM card, mobile terminal and server
CN113162917A (en) Internet of things equipment access method, system, device and storage medium
CN110474922B (en) Communication method, PC system and access control router
CN104205764A (en) Frame passing based on ethertype
CN108476374A (en) Communication control unit, wireless device, communication control system, communication control method and program
CN102547702B (en) User authentication method, system and password processing device
CN105120454A (en) Information transmission method, network access method and corresponding terminals
JP2010193146A (en) Communication apparatus, and communication system
CN109429225A (en) Message sink, sending method and device, terminal, network functional entity
CN102056168A (en) Access method and device
CN107454042A (en) Message sending, receiving method and device
CN101645774A (en) Authentication method, device and system
CN108989173A (en) A kind of method and device of message transmissions
CN113114465B (en) Method and device for processing attribution authority, storage medium and electronic device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication
WW01 Invention patent application withdrawn after publication

Application publication date: 20171208