CN109120608B - Anti-replay safe communication processing method and device - Google Patents

Anti-replay safe communication processing method and device Download PDF

Info

Publication number
CN109120608B
CN109120608B CN201810864997.3A CN201810864997A CN109120608B CN 109120608 B CN109120608 B CN 109120608B CN 201810864997 A CN201810864997 A CN 201810864997A CN 109120608 B CN109120608 B CN 109120608B
Authority
CN
China
Prior art keywords
data
module
frame number
result
receiving
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810864997.3A
Other languages
Chinese (zh)
Other versions
CN109120608A (en
Inventor
陆舟
于华章
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Feitian Technologies Co Ltd
Original Assignee
Feitian Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Feitian Technologies Co Ltd filed Critical Feitian Technologies Co Ltd
Priority to CN201810864997.3A priority Critical patent/CN109120608B/en
Publication of CN109120608A publication Critical patent/CN109120608A/en
Application granted granted Critical
Publication of CN109120608B publication Critical patent/CN109120608B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information

Abstract

The invention discloses a processing method and a device for anti-replay safe communication, wherein the method comprises the following steps: the first equipment analyzes the received first data sent by the second equipment to obtain a first analysis result, and obtains original data according to the first analysis result and a preset key; acquiring a first frame number from the original data, comparing the acquired first frame number with a stored first frame number, and updating the stored first frame number according to the acquired first frame number if the comparison result conforms to a preset rule; if the comparison result does not accord with the preset rule, the first data is discarded; if the number of the used times of the first frame number is the same as the preset value, discarding the received data if the number of the used times is larger than the preset value, and if the number of the used times is equal to the initial value, sending the original data to an upper layer application for processing to obtain first data to be sent; and if the first frame number is smaller than the preset value, generating to-be-transmitted data according to the first to-be-transmitted data and the stored first frame number, and transmitting the to-be-transmitted data to the second equipment.

Description

Anti-replay safe communication processing method and device
Technical Field
The invention relates to the field of information security, in particular to a method and a device for processing anti-replay secure communication.
Background
As the way devices communicate increases, the communication between devices becomes more frequent and easier. The data in the air when the device sends the data is easy to intercept, so that the security of the communication data is particularly important, and particularly account numbers, passwords and the like of the user bring property loss to the user. Even if the data is encrypted, for the device, if a third party maliciously intercepts the data and then repeatedly uses the data attack, the device is in a paralyzed state.
Disclosure of Invention
The invention aims to overcome the defects of the prior art and provides a method and a device for processing anti-replay safe communication.
The invention provides a processing method for preventing replay safety communication, which comprises the following steps:
step S1: when a first device establishes connection with a second device, the first device and the second device initialize a first frame number and store the first frame number;
step S2: when the first equipment receives first data sent by the second equipment, analyzing the first data to obtain a first analysis result, and obtaining original data according to the first analysis result and a preset key;
step S3: the first device obtains a third frame number from the original data, compares the obtained third frame number with the stored first frame number, and if the obtained third frame number is the same as the stored first frame number, executes the step S4; if the comparison result meets the preset rule, updating the stored first frame number according to the acquired third frame number, waiting for receiving data, and returning to the step S2; if the comparison result does not meet the preset rule, discarding the first data, waiting for receiving the data, and returning to the step S2;
step S4: the first device reads and judges the use times of the stored first frame number, if the use times of the first frame number is larger than a preset value, the first device discards the first data, waits for receiving data, and returns to the step S2; if the number of times of use of the first frame number is smaller than the preset value and is not the initial value, updating the number of times of use of the first frame number, and executing step S5; if the number of times of use of the first frame number is equal to the initial value, sending the original data to an upper layer application, receiving a first processing result obtained by processing the original data by the upper layer application, storing the first processing result as first data to be sent into a cache, waiting for receiving the data, and returning to the step S2;
step S5: the first equipment splices a stored first frame number before first data to be sent in a cache to obtain a first splicing result, and calculates the first splicing result to obtain a first calculation result; calculating the first to-be-transmitted data by using the first calculation result to obtain a second calculation result, and encrypting the first calculation result by using the preset key to obtain a first encryption value; and sending the first encrypted value and the second calculation result to the second device, waiting for receiving data, and returning to the step S2.
Further, the step S1 further includes: the first equipment and the second equipment initialize and store a second frame number;
the method further comprises the following steps:
step A1: when the first device receives user trigger information;
step A2: the first equipment updates the stored second frame number, splices the updated second frame number before the second data to be sent to obtain a second splicing result, and calculates the second splicing result to obtain a third calculation result; calculating the second data to be sent by using the third calculation result to obtain a fourth calculation result, and encrypting the third calculation result by using the preset key to obtain a second encryption value;
step A3: and the first equipment sends the second encryption value and the fourth calculation result to the second equipment, and waits for receiving response data returned by the second equipment.
Further, the method further comprises:
step B1: when the first equipment receives response data sent by the second equipment, the first equipment obtains second data according to the preset key and the response data, and obtains a fourth frame number from the second data;
step B2: the first equipment judges whether the acquired fourth frame number is matched with the stored second frame number, if so, the second equipment stores second data and waits for receiving the data; otherwise, the response data is discarded and the data is waited to be received.
Further, the preset key is generated or stored according to preset data.
Further, the preset key is generated according to preset data and includes: calculating preset data through a preset algorithm to obtain a preset key;
the method further comprises the following steps: when the first equipment is disconnected with the second equipment, the first equipment empties the stored preset key.
Further, the first device initializes the number of times of use of the first frame number, specifically: the first equipment resets the using times of the first frame number to 0;
the number of times of use for updating the first frame number is specifically: the number of uses of the first frame number is self-incremented by 1.
Further, the calculating of the first splicing result in the step S5 obtains a first calculation result; calculating the first to-be-transmitted data by using the first calculation result to obtain a second calculation result, specifically: performing abstract calculation on the first splicing result to obtain a first calculation result; encrypting the first data to be sent by using the first calculation result to obtain a second calculation result,
the sending, in the step S5, the first encrypted value and the second calculation result to the second device specifically includes: and splicing the first encryption value and a second calculation result, sending the splicing result to the second equipment, and waiting for receiving data.
Further, the obtaining of the original data according to the first parsing result and the preset key includes: and decrypting the first digest encryption value in the first analysis result by using the preset key to obtain a first digest value after successful decryption, and decrypting the original encryption data in the first analysis result by using the first digest value to obtain the original data after successful decryption.
Further, the calculating of the second splicing result in the step a2 obtains a third calculation result; calculating the second data to be sent by using the third calculation result to obtain a fourth calculation result, including: the first equipment performs summary calculation on the second splicing result to obtain a third calculation result; and encrypting the second data to be sent by using the third calculation result to obtain a fourth calculation result.
Further, the obtaining, by the first device, second data according to the preset key and the response data includes: and decrypting the second digest encryption value in the response data by using the preset key, successfully decrypting to obtain a second digest value, decrypting the original encryption data in the response data by using the second digest value, and successfully decrypting to obtain second data.
The present invention also provides a playback-preventing secure communication processing apparatus, comprising:
the initial storage module is used for initializing and storing the first frame number and the use times of the first frame number when the first equipment establishes connection with the second equipment; the second equipment simultaneously initializes and stores a first frame number;
the first receiving module is used for receiving first data sent by the second equipment;
the first analysis module is used for analyzing the first data received by the first receiving module to obtain a first analysis result;
the first obtaining module is used for obtaining original data according to a first analysis result obtained by the analysis of the first decryption module and a preset key;
the first obtaining module is used for obtaining a third frame number from the original data obtained by the first obtaining module;
the first comparing module is used for comparing the third frame number acquired by the first acquiring module with the first frame number stored by the initial storing module, and if the third frame number is the same as the first frame number stored by the initial storing module, the reading judging module is triggered; if the comparison result meets the preset rule, triggering a first updating module; if the comparison result does not accord with the preset rule, triggering a first discarding module;
the first discarding module is configured to discard the first data received by the first receiving module, and trigger the first receiving module to wait for receiving the data;
the first updating module is configured to update the first frame number stored by the initial storing module according to the third frame number acquired by the first acquiring module, and trigger the first receiving module to wait for receiving data;
the reading judgment module is used for reading and judging the use times of the first frame number stored by the initial storage module, if the use times of the first frame number is greater than a preset value, the third discarding module is triggered, and if the use times of the first frame number is less than the preset value and is not an initial value, the third updating module is triggered; if the number of times of use of the first frame number is equal to an initial value, triggering the first sending module to send the original data to an upper layer application;
the first receiving module is further configured to receive a first processing result obtained by processing the original data by the upper layer application;
the third discarding module is configured to discard the first data received by the first receiving module, and trigger the first receiving module to wait for receiving the data;
the third updating module is configured to update the number of times of use of the first frame number stored by the initial storing module, and trigger the first splicing module;
a second storing module, configured to store a first processing result obtained by processing the original data by the upper layer application received by the first receiving module, as first data to be sent, in a cache, and trigger the first receiving module to wait for receiving the data;
the first splicing module is configured to splice the first frame number stored in the initial storage module before the first data to be transmitted in the second storage module to obtain a first splicing result;
the first calculation module is used for calculating a first splicing result obtained by the first splicing module to obtain a first calculation result; calculating the first data to be sent by using the first calculation result to obtain a second calculation result;
the first encryption module is used for encrypting a first calculation result obtained by the first calculation module by using the preset key to obtain a first encryption value;
and the first sending module is used for sending the first encrypted value obtained by the first encryption module and the second calculation result obtained by the first calculation module to the second equipment, and triggering the first receiving module to wait for receiving data.
Further, the initial saving module is further configured to initialize and save a second frame number; the second equipment simultaneously initializes and stores a second frame number;
the first receiving module is further used for receiving user trigger information;
the device further comprises:
the second updating module is used for updating the stored second frame number when the first receiving module receives the user trigger information;
the second splicing module is used for splicing the second frame number updated by the second updating module before the second data to be sent to obtain a second splicing result;
the second calculation module is used for calculating a second splicing result obtained by the second splicing module to obtain a third calculation result; calculating the second data to be sent by using the third calculation result to obtain a fourth calculation result;
the second encryption module is used for encrypting a third calculation result obtained by the second calculation module by using the preset key to obtain a second encryption value;
the first sending module is further configured to send the second encrypted value obtained by the second encryption module and the fourth calculation result obtained by the second calculation module to the second device, and trigger the first receiving module to wait for receiving response data returned by the second device.
Further, the first receiving module is further configured to receive response data sent by the second device;
the device further comprises:
a second obtaining module, configured to, when the first receiving module receives response data sent by the second device, obtain second data according to the preset key and the response data;
a second obtaining module, configured to obtain a fourth frame number from the second data obtained by the second obtaining module;
the second judging module is used for judging whether the fourth frame number acquired by the second acquiring module is matched with the second frame number stored by the initial storing module or not, and if so, the first storing module is triggered; otherwise, triggering a second discarding module;
the second discarding module is configured to discard the response data received by the first receiving module, and trigger the first receiving module to wait for receiving data;
the first storage module is configured to store second data and trigger the first receiving module to wait for receiving the data.
Further, the preset key is generated or stored according to preset data.
Further, the preset key is generated according to preset data and includes: calculating preset data through a preset algorithm to obtain a preset key;
the device further comprises:
and the clearing module is used for clearing the calculated preset key when the first equipment is disconnected with the second equipment.
Further, the initial saving module is further configured to initialize the number of times of use of the first frame number, specifically: the initial storage module is further configured to reset the number of times of use of the first frame number to 0;
the third updating module is specifically configured to add 1 to the number of times of use of the first frame number stored by the initial storing module.
Further, the first calculation module is specifically configured to perform summary calculation on the first splicing result to obtain a first calculation result; encrypting the first data to be sent by using the first calculation result to obtain a second calculation result;
the first sending module is specifically configured to splice the first encrypted value obtained by the first encryption module and the second calculation result obtained by the first calculation module, send the splice result to the second device, and trigger the first receiving module to wait for receiving data.
Further, the first obtaining module is specifically configured to decrypt, using the preset key, a first digest encrypted value in a first analysis result obtained by the first analysis module through analysis, obtain a first digest value after decryption is successful, decrypt, using the first digest value, original encrypted data in the first analysis result obtained by the first analysis module through analysis, and obtain original data after decryption is successful.
Further, the second calculation module is specifically configured to perform summary calculation on the second splicing result obtained by the second splicing module to obtain a third calculation result; and encrypting the second data to be sent by using the third calculation result to obtain a fourth calculation result.
Further, the second obtaining module is specifically configured to, when the first receiving module receives the response data sent by the second device, decrypt the second digest encryption value in the response data by using the preset key, obtain the second digest value after decryption is successful, decrypt the original encryption data in the response data by using the second digest value, and obtain the second data after decryption is successful.
Compared with the prior art, the invention has the following advantages:
in order to increase the difficulty of cracking, the technical scheme of the invention uses different data to calculate the data to be transmitted in each communication; and different data are generated related to the data to be sent each time, and then different data are verified and encrypted by adopting the preset key, so that the safety of the data is protected. And adding a frame number into the data transmitted each time, wherein the frame number is also transmitted by adopting a ciphertext, and the playback is prevented by judging the frame number. The technical scheme of the invention can ensure the stable and safe communication and prevent the equipment from being attacked by replay.
Drawings
Fig. 1 is a flowchart of a processing method for preventing replay security communication according to an embodiment of the present invention;
fig. 2 is a flowchart of a processing method for preventing replay security communication according to a second embodiment of the present invention;
fig. 3 is a block diagram of a playback-prevention secure communication processing apparatus according to a third embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Example one
An embodiment of the present invention provides a processing method for preventing playback security communication, as shown in fig. 1, including:
step S1: when the first equipment establishes connection with the second equipment, the first equipment initializes and stores a first frame number and the use times of the first frame number; the second equipment simultaneously initializes and stores the first frame number;
the first device initializes the number of times of use of the first frame number, specifically: the first equipment resets the using times of the first frame number to 0;
step S2: when first equipment receives first data sent by second equipment, analyzing the first data to obtain a first analysis result, and obtaining original data according to the first analysis result and a preset key;
in this embodiment, obtaining the original data according to the first parsing result and the preset key includes: and decrypting the first digest encryption value in the first analysis result by using the preset key to obtain the first digest value successfully, decrypting the original encryption data in the first analysis result by using the first digest value, and obtaining the original data successfully.
Step S3: the first device obtains a third frame number from the original data, compares the obtained third frame number with the stored first frame number, and if the obtained third frame number is the same as the stored first frame number, executes the step S4; if the comparison result meets the preset rule, updating the stored first frame number according to the acquired third frame number, waiting for receiving data, and returning to the step S2; if the comparison result does not meet the preset rule, discarding the first data, waiting for receiving the data, and returning to the step S2;
step S4: the first device reads the use times of the stored first frame number, discards the first data if the use times of the first frame number is greater than a preset value, waits for receiving the data, and returns to the step S2; if the number of times of use of the first frame number is smaller than the preset value and is not the initial value, updating the number of times of use of the first frame number, and executing step S5; and if the number of times of use of the first frame number is equal to the initial value, sending the original data to an upper layer application, receiving a first processing result obtained by processing the original data by the upper layer application, saving the first processing result as first data to be sent to a cache, waiting for receiving the data, and returning to the step S2.
Specifically, in this embodiment, the number of times of using the updated first frame number is specifically: the number of times of use of the first frame number is added by 1;
in this embodiment, if the initial value of the first frame number is 0, the comparison result meets the preset rule that the acquired third frame number is greater than the stored first frame number; if the initial value of the first frame number is a preset value, the comparison result accords with a preset rule, and specifically, the obtained third frame number is smaller than the stored first frame number;
step S5: the first equipment splices a stored first frame number before first data to be sent in a cache to obtain a first splicing result, and calculates the first splicing result to obtain a first calculation result; calculating the first data to be transmitted by using the first calculation result to obtain a second calculation result, and encrypting the first calculation result by using a preset key to obtain a first encryption value; the first encrypted value and the second calculation result are sent to the second device, waiting for the reception of the data, and the process returns to step S2.
Preferably, in step S5 in this embodiment, the first splicing result is calculated to obtain a first calculation result; calculating the first data to be sent by using the first calculation result to obtain a second calculation result, which specifically comprises the following steps: the first equipment performs abstract calculation on the first splicing result to obtain a first calculation result; encrypting the first data to be sent by using the first calculation result to obtain a second calculation result;
sending the first encryption value and the second calculation result to the second device, specifically: and splicing the first encryption value and the second calculation result, sending the splicing result to the second equipment, and waiting for receiving the data.
If the first device in this embodiment is the active device, step S1 further includes: the first equipment initializes and stores a second frame number;
the method of this embodiment may further include:
step A1: when the first equipment receives user trigger information;
step A2: the first equipment updates the stored second frame number, splices the updated second frame number before the second data to be sent to obtain a second splicing result, and calculates the second splicing result to obtain a third calculation result; calculating the second data to be sent by using the third calculation result to obtain a fourth calculation result, and encrypting the third calculation result by using a preset key to obtain a second encryption value;
preferably, in step a2 of this embodiment, the second splicing result is calculated to obtain a third calculation result; calculating the second data to be sent by using the third calculation result to obtain a fourth calculation result, which specifically comprises: the first equipment performs abstract calculation on the second splicing result to obtain a third calculation result; the first equipment encrypts the second data to be sent by using the third calculation result to obtain a fourth calculation result;
step A3: and the first equipment sends the second encryption value and the fourth calculation result to the second equipment and waits for receiving response data returned by the second equipment.
Correspondingly, when the first device receives the response data returned by the second device, the following operations are also required to be performed:
step B1: the first equipment obtains second data according to the preset key and the response data, and obtains a fourth frame number from the second data;
in this embodiment, the obtaining, by the first device, the second data according to the preset key and the response data includes: decrypting the second digest encryption value in the response data by using the preset key, successfully decrypting to obtain a second digest value, decrypting the original encryption data in the response data by using the second digest value, and successfully decrypting to obtain second data;
step B2: the first equipment judges whether the acquired fourth frame number is matched with the stored second frame number, if so, the second equipment stores the second data and waits for receiving the data; otherwise, the response data is discarded and the data is waited to be received.
The preset key in this embodiment may be obtained by calculating preset data through a preset algorithm in each communication, and when the first device is disconnected from the second device, the first device empties the stored preset key, so that the security of the communication is improved; or when the first device and the second device establish connection for the first time, the preset data is calculated through a preset algorithm to obtain the preset key, and the preset key is stored, and when the first device and the second device establish connection communication again, the first device directly obtains the stored preset key for use, so that the communication speed can be improved.
Example two
An embodiment of the present invention provides a method for processing anti-replay secure communication, as shown in fig. 2, including:
step 101: when the first equipment establishes connection with the second equipment, initializing a first frame number, the use times of the first frame number, a second frame number and the use times of the second frame number in the first equipment, and initializing a third frame number and a fourth frame number in the second equipment;
preferably, the initial values of the first frame number and the number of times of use of the first frame number, and the initial values of the second frame number and the number of times of use of the second frame number are all 0;
in this embodiment, specific conditions that the first frame number, the number of times of using the first frame number, the second frame number, and the number of times of using the second frame number in the first device need to be initialized, and the third frame number and the fourth frame number in the second device need to be initialized include:
the method 1, storing the frame number in the slave device, and the master device can obtain the frame number stored before the slave device is not turned off in the first communication. If the main device judges that the frame number in the main device is consistent with the acquired frame number, the result is that the slave device retransmits the last time, and the result is not the content which the main device wants to acquire at this time, the main device actively adds 1 to the frame number to retransmit the current instruction, and the slave device retransmits the last result according to the difference of the frame numbers, re-processes the result and returns the processed result to the main device;
after the first device is disconnected from the second device, for example, the buffer data in the slave device is emptied, so that although the frame numbers of the master device and the slave device are the same, no retransmitted data exists, and the calculation must be carried out again;
if the first device and the second device reestablish the connection, the first frame number, the use times of the second frame number and the second frame number in the first device reset the initial value to be reused, and the third frame number and the fourth frame number in the second device reset and initialize to be reused;
step 102: judging the type of the information when the first equipment receives the information, if the information is data sent by the second equipment, executing step 103, and if the information is triggered by a user, executing step 111;
in this embodiment, if the first device receives the user trigger information, it indicates that the first device is an active device;
step 103: the first device judges the type of the received data, if the type of the received data is instruction data, step 104 is executed, and if the type of the received data is response data, step 109 is executed;
in this embodiment, step 103 specifically includes: the first equipment judges the third byte data in the received data, if the third byte data is 01, the third byte data is instruction data, and if the third byte data is 02, the third byte data is response data;
for example, the received instruction data is: a00A 01000001, where 0001 is the third frame number; the received response data is: a00A 02000001, where 0001 is frame number four;
in this embodiment, if the first device receives instruction data sent by the second device, the second device is a master device, and the first device is a slave device, and if the first device receives response data sent by the second device, the first device is a master device, and the second device is a slave device;
step 104: the first equipment analyzes the instruction data to obtain a first analysis result, generates a preset key according to preset data, and obtains original data according to the first analysis result and the preset key;
in this embodiment, obtaining the original data according to the first parsing result and the preset key specifically includes: decrypting the first digest encryption value in the first analysis result by using a preset key, successfully decrypting to obtain a first digest value, decrypting the original encryption data in the first analysis result by using the first digest value, and successfully decrypting to obtain original data;
optionally, in this embodiment, the generating the preset key according to the preset data specifically includes: calculating preset data through a preset algorithm to obtain a preset key;
preferably, the preset key in this embodiment is regenerated every communication;
for example, analyzing the instruction data to obtain a first analysis result is: A4284F94100E5CD79810AFDFBB5A329B6000CD7CFE3108D3EF273003762C3252B0E2E13B61BC8B23E281364CC80FB771C33D74BBF540D4C243E95EF59BE4FC0DDE51D0D451B97DABAD00CE 125C 0FA13500D01EB3B07DCA802E7DE445CE85E6CC8CAF01EF71847D6BCEB441D3751357BF 9A5AE05C09E8B9EEB7B85FCCCB9EAFA8ED195C3E40450BA 4C8F2A1797A9D 578B14A41230AF 24230 AF 2492DC754C7A 6DBE1D 19D 6009 BF 9A5AE 19C 6319E 8B9 DE 8 DE 195C3E4 DF 450 EC 35C 8F2A 1797D 578B14A41230AF0A 2455 AF 2455F 35D 35 AD 35 AA 35D 35 DE 35C 35 DE 35C 35 DE 35B 35 DE 35C 35B 35 DE 35C 8D 35D 2D 35 DE 35D 2D 35 DE 2D 35 DE 2D 35A 35 DE 2D 2; the generated preset key is as follows: e60AD25549960447B57B1E959F51D 887; the first digest encryption value 'U2 FsdGvkX1+ IBgzYPCHUwhSfqJ3FSm/oVh8Qxjzen6 GRESCaxymgjmPGGQTn 5p0mHRrZ3xn2S84qEkCji469PWfN0Qxyf2CZvfSMJBaTjySR9kqFPSRO9 YSJBRRiPAla' is decrypted to obtain the first digest value: 2a3870ece301d8b978fc2ebdc810f71a35c512935e90cfe6d004a11cc 8694743; the original encrypted data "U2 FsdGvkX1/ATOPwyOqcZWv/fPW9 cbsl/mxYnEhCojvN 2 hrqNBy +6qDnz/i 3B" in the spliced data is decrypted by using the first digest value to obtain the following original data: 001122334455667788, respectively;
step 105: the first device acquires a third frame number from the original data, compares the acquired third frame number with a pre-stored first frame number, discards the instruction data if the acquired third frame number is smaller than the pre-stored first frame number, waits for receiving the data, and returns to the step 102; if the acquired third frame number is larger than the pre-stored first frame number, updating the pre-stored first frame number according to the acquired third frame number, waiting for receiving data, and returning to the step 102; if the acquired third frame number is equal to the pre-stored first frame number, executing step 106;
specifically, in this embodiment, updating the pre-stored first frame number according to the obtained third frame number specifically includes: replacing the pre-stored first frame number with the acquired third frame number; optionally, the initial value of the pre-stored first frame number is 1;
for example, if the obtained third frame number is 01 and the pre-stored first frame number is 03, replacing the pre-stored first frame number 03 with the obtained third frame number 01;
step 106: the first device reads the number of times of use of the first frame number, if the number of times of use is greater than a preset value, the instruction data is discarded, the data is waited to be received, and the step 102 is returned; if the number of times of use is less than the preset value and is not 0, updating the number of times of use of the first frame number, and executing step 107; if the number of times of use is equal to 0, sending the original data to an upper layer application, receiving a first processing result obtained by processing the original data by the upper layer application, saving the first processing result as data to be sent into a cache, waiting for receiving the data, and returning to the step 102;
in this embodiment, the updating the number of times of use of the first frame number specifically includes: the number of times of use of the first frame number is added by 1;
optionally, the preset value is 3, for example, if the number of times of use is 0, the processing result is 87654321; if the number of times of use is less than 3 and is not 0, executing step 107, namely returning the response data 87654321 in the cache to the second device;
step 107: the first equipment splices a first frame number before the data in the cache to obtain a first splicing result, and generates an instruction response according to the data in the cache, the first splicing result and a preset key;
specifically, in this embodiment, generating an instruction response according to the data in the cache, the first splicing result, and the preset key includes:
step A1: the first equipment performs summary calculation on the first splicing result to obtain a second summary value;
for example, the response data in this step is: 87654321, the first frame number is: 0002, the first splice result is: 000287654321, respectively; and performing summary calculation on the first splicing result to obtain a second summary value: c57fcd97734da8db2b78e00c0d5243354eb123cd3e011f409ffba764d3e34 bce;
step A2: the first equipment encrypts the data in the cache by using a second digest value to obtain second ciphertext data, and calculates the second digest value by using a preset key to obtain a second encrypted digest value;
for example, in this step, the second digest value c57fcd97734da8db2b78e00c0d5243354eb123cd3e011f409ffba764d3e34bce is used to encrypt the response data 87654321, and the obtained second ciphertext data is: u2FsdGVkX1+ hjzXZVlRcd3H2fiX/DmX8Cu5JCX8D7bk ═ jvzvzx; the second cryptographic digest value is: u2FsdGvkX185/psxoisxrFRwwbcwl2kXIoMp + X1SEfXKnUVHtMpyhHSn7cQfjGMyjCXzb/KKdgekywv5nV7MgIX68bX1HDTvklKVEBbhqyLU +30 di/YoCnbRct 18 JNz;
step A3: and the first equipment splices the second encrypted digest value and the second ciphertext data to obtain an instruction response.
For example, the concatenation result of the second cryptographic digest value and the second ciphertext data in this embodiment is: u2FsdGvkX1+ hjzXZVlRcd3H2fiX/DmX8Cu5JCX8D7bk ═ U2FsdGvkX185/psxoisxrFRwwbcwl2kXIoMp + X1SEfXKnUVHtMpyhHSn7cQfjGMyjCXzb/KKdgekywv5nV7MgIX68bX1HDTvkLKVEBbhqyLU +30 di/YoCnbRcRcJJJz; the saved frame number is 0002; the generated command response is: A00A0100U2FsdGvkX1+ hjzXZVlRcd3H2fiX/DmX8Cu5JCX8D7bk ═ U2FsdGvkX185/psxoisxrFRwwbcwl2kXIoMp + X1 SEfXKnUVHtMpyHSn 7cQfjGMyjCXzb/KKdgekywv5nV7MgIX68bX1HDTvklKVEBbhqyLU +30 di/YoCnbRct JN 18 z;
step 108: the first device sends the instruction response to the second device, waits for receiving data, and returns to step 102;
step 109: the first equipment generates a preset key according to the preset data, decrypts the answer data corresponding to the preset key to obtain second data, and acquires a fourth frame number from the second data;
preferably, the decrypting using the preset key to correspond to the answer data obtains the second data, which specifically includes: the first equipment decrypts the second digest encryption value in the response data by using the preset key, the second digest value is obtained after decryption is successful, the original encryption data in the response data is decrypted by using the second digest value, and the second data is obtained after decryption is successful;
for example, the second data in this step is a00A 02000001, and the obtained second frame number is 0001;
step 110: the first device judges whether the acquired fourth frame number is matched with the second frame number in the sending instruction, if so, the second device saves the second data, waits for receiving the data, and returns to the step 102; otherwise, discarding the response data, waiting for receiving the data, and returning to the step 102;
step 111: the first equipment generates a preset key according to preset data;
optionally, in this embodiment, the generating the preset key according to the preset data specifically includes: calculating preset data through a preset algorithm to obtain a preset key;
step 112: the first device updates the second frame number, splices the updated second frame number before the data to be sent to obtain a second splicing result, generates a sending instruction according to the data to be sent, the second splicing result and the preset key, sends the sending instruction to the second device, waits for the data to be received, and returns to the step 102;
specifically, in this embodiment, generating a sending instruction according to the data to be sent, the second concatenation result, and the preset key includes:
step A21: the first equipment performs summary calculation on the second splicing result to obtain a third summary value;
step A22: the first equipment encrypts the data to be sent by using the third abstract value to obtain third ciphertext data, and calculates the third abstract value by using a preset key to obtain a third encrypted abstract value;
step A23: and the first equipment splices the second frame number, the third encryption digest value and the third ciphertext data to obtain a sending instruction.
EXAMPLE III
A third embodiment of the present invention provides an anti-replay security communication processing apparatus, as shown in fig. 3, including:
an initial saving module 301, configured to initialize and save the number of times of use of a first frame number better than a first frame number when a first device establishes a connection with a second device; the second equipment simultaneously initializes and stores the first frame number;
optionally, the initial saving module may be configured to reset the number of times of use of the first frame number to 0;
a first receiving module 302, configured to receive first data sent by a second device;
a first analyzing module 303, configured to analyze the first data received by the first receiving module 302 to obtain a first analysis result;
a first obtaining module 304, configured to obtain original data according to a first analysis result obtained through analysis by the first analyzing module 303 and a preset key;
in this embodiment, the first obtaining module 304 is specifically configured to decrypt, using a preset key, a first digest encrypted value in a first analysis result obtained by analyzing by the first analyzing module 303, obtain the first digest value after decryption is successful, decrypt, using the first digest value, original encrypted data in the first analysis result obtained by analyzing by the first analyzing module 303, and obtain original data after decryption is successful;
a first obtaining module 305, configured to obtain a third frame number from the original data obtained by the first obtaining module 304;
a first comparing module 306, configured to compare the third frame number acquired by the first acquiring module 305 with the first frame number stored in the initial storing module 301, and if the third frame number is the same as the first frame number, trigger the reading determining module 309; if the comparison result meets the preset rule, the first updating module 308 is triggered; if the comparison result does not accord with the preset rule, the first discarding module 307 is triggered;
a first discarding module 307, configured to discard the first data received by the first receiving module 302, and trigger the first receiving module 302 to wait for receiving the data;
a first updating module 308, configured to update the first frame number stored in the initial storing module 301 according to the third frame number acquired by the first acquiring module 305, and trigger the first receiving module 302 to wait for receiving data;
a reading and judging module 309, configured to read and judge the number of times of use of the first frame number stored in the initial storing module 301, trigger the third discarding module 311 if the number of times of use of the first frame number is greater than the preset value, and trigger the third updating module 312 if the number of times of use of the first frame number is not less than the preset value and is not the initial value; if the number of times of use of the first frame number is equal to the initial value, the first sending module 316 is triggered to send the original data to the upper layer application;
the first receiving module 302 is further configured to receive a first processing result obtained by processing the original data by the upper layer application;
a second storing module 310, configured to store a first processing result obtained by processing the original data by the upper application received by the first receiving module 302, as first data to be sent, in a cache, and trigger the first receiving module 302 to wait for receiving the data;
a third discarding module 311, configured to discard the first data received by the first receiving module 302, and trigger the first receiving module 302 to wait for receiving the data;
a third updating module 312, configured to update the number of times of using the first frame number stored in the initial storing module 301, and trigger the first splicing module 313;
optionally, the third updating module 312 is specifically configured to add 1 to the number of times of use of the first frame number stored by the initial storing module 301;
the first splicing module 313 is configured to splice the first frame number stored in the initial storage module 301 before the first to-be-transmitted data in the second storage module 310 to obtain a first splicing result;
the first calculation module 314 is configured to calculate a first splicing result obtained by the first splicing module 313 to obtain a first calculation result; calculating the first data to be sent by using the first calculation result to obtain a second calculation result;
in this embodiment, the first calculating module 314 is specifically configured to perform a summary calculation on the first splicing result to obtain a first calculating result; encrypting the first data to be sent by using the first calculation result to obtain a second calculation result;
a first encryption module 315, configured to encrypt the first calculation result obtained by the first calculation module 314 by using a preset key to obtain a first encrypted value;
a first sending module 316, configured to send the first encrypted value obtained by the first encrypting module 315 and the second calculation result obtained by the first calculating module 314 to a second device, and trigger the first receiving module 302 to wait for receiving data;
in this embodiment, the first sending module 316 is specifically configured to splice the first encrypted value obtained by the first encrypting module 315 with the second calculation result obtained by the first calculating module 314, and send the splicing result to the second device, so as to trigger the first receiving module 302 to wait for receiving data.
Optionally, in this embodiment, the initial saving module 301 is further configured to initialize and save a second frame number; the second equipment initializes and stores the second frame number at the same time;
the first receiving module 302 is further configured to receive user trigger information;
the apparatus of this embodiment further comprises:
a second updating module, configured to update the stored second frame number when the first receiving module 302 receives the user trigger information;
the second splicing module is used for splicing the second frame number updated by the second updating module before the second data to be sent to obtain a second splicing result;
the second calculation module is used for calculating a second splicing result obtained by the second splicing module to obtain a third calculation result; calculating the second data to be sent by using the third calculation result to obtain a fourth calculation result;
in this embodiment, the second calculation module is specifically configured to perform summary calculation on the second splicing result obtained by the second splicing module to obtain a third calculation result; encrypting the second data to be sent by using the third calculation result to obtain a fourth calculation result;
the second encryption module is used for encrypting a third calculation result obtained by the second calculation module by using a preset key to obtain a second encryption value;
the first sending module 316 is further configured to send the second encrypted value obtained by the second encryption module and the fourth calculation result obtained by the second calculation module to the second device, and trigger the first receiving module 302 to wait for receiving response data returned by the second device.
Correspondingly, the first receiving module 302 is further configured to receive response data sent by the second device;
the apparatus of this embodiment further comprises:
a second obtaining module, configured to obtain second data according to the preset key and the response data when the first receiving module 302 receives the response data sent by the second device;
in this embodiment, the second obtaining module is specifically configured to, when the first receiving module 302 receives the response data sent by the second device, decrypt the second digest encryption value in the response data by using the preset key, obtain the second digest value after decryption is successful, decrypt the original encryption data in the response data by using the second digest value, and obtain the second data after decryption is successful;
the second obtaining module is used for obtaining a fourth frame number from the second data obtained by the second obtaining module;
the second judging module is used for judging whether the fourth frame number acquired by the second acquiring module is matched with the second frame number stored by the initial storing module or not, and if so, the first storing module is triggered; otherwise, triggering a second discarding module;
a second discarding module, configured to discard the response data received by the first receiving module 302, and trigger the first receiving module 302 to wait for receiving the data;
the first saving module is configured to save the second data and trigger the first receiving module 302 to wait for receiving the data.
In this embodiment, the preset key is generated or stored according to the preset data, and preferably, the preset key is generated according to the preset data, and includes: calculating preset data through a preset algorithm to obtain a preset key; the apparatus further comprises: and the clearing module is used for clearing the calculated preset key when the first equipment is disconnected with the second equipment.
In the technical scheme of the invention, in order to increase the difficulty of cracking, different keys are used for encryption in each communication; the generation of the key is related to the data sent each time, and then the pre-planted key is used for verifying and encrypting the data, so that the security of the data is protected. The frame number is added into the data sent each time, the frame number is also sent by adopting a ciphertext, and the playback is prevented by judging the frame number. The technical scheme of the invention can ensure the stable and safe communication and prevent the equipment from being attacked by replay.
The above description is only for the preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present invention are included in the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims (20)

1. A method for processing anti-replay secure communications, comprising:
step S1: when a first device establishes connection with a second device, the first device initializes and stores a first frame number and the number of times of use of the first frame number; the second equipment simultaneously initializes and stores a first frame number;
step S2: when the first equipment receives first data sent by the second equipment, analyzing the first data to obtain a first analysis result, and obtaining original data according to the first analysis result and a preset key;
step S3: the first device obtains a third frame number from the original data, compares the obtained third frame number with the stored first frame number, and if the obtained third frame number is the same as the stored first frame number, executes the step S4; if the comparison result meets the preset rule, updating the stored first frame number according to the acquired third frame number, waiting for receiving data, and returning to the step S2; if the comparison result does not meet the preset rule, discarding the first data, waiting for receiving the data, and returning to the step S2;
step S4: the first device reads and judges the use times of the stored first frame number, if the use times of the first frame number is larger than a preset value, the first device discards the first data, waits for receiving data, and returns to the step S2; if the number of times of use of the first frame number is smaller than the preset value and is not the initial value, updating the number of times of use of the first frame number, and executing step S5; if the number of times of use of the first frame number is equal to the initial value, sending the original data to an upper layer application, receiving a first processing result obtained by processing the original data by the upper layer application, storing the first processing result as first data to be sent into a cache, waiting for receiving the data, and returning to the step S2;
step S5: the first equipment splices a stored first frame number before first data to be sent in a cache to obtain a first splicing result, and calculates the first splicing result to obtain a first calculation result; calculating the first to-be-transmitted data by using the first calculation result to obtain a second calculation result, and encrypting the first calculation result by using the preset key to obtain a first encryption value; and sending the first encrypted value and the second calculation result to the second device, waiting for receiving data, and returning to the step S2.
2. The method of claim 1, wherein the step S1 further comprises: the first equipment and the second equipment initialize and store a second frame number;
the method further comprises the following steps:
step A1: when the first device receives user trigger information;
step A2: the first equipment updates the stored second frame number, splices the updated second frame number before the second data to be sent to obtain a second splicing result, and calculates the second splicing result to obtain a third calculation result; calculating the second data to be sent by using the third calculation result to obtain a fourth calculation result, and encrypting the third calculation result by using the preset key to obtain a second encryption value;
step A3: and the first equipment sends the second encryption value and the fourth calculation result to the second equipment, and waits for receiving response data returned by the second equipment.
3. The method of claim 2, further comprising:
step B1: when the first equipment receives response data sent by the second equipment, the first equipment obtains second data according to the preset key and the response data, and obtains a fourth frame number from the second data;
step B2: the first equipment judges whether the acquired fourth frame number is matched with the stored second frame number, if so, the second equipment stores second data and waits for receiving the data; otherwise, the response data is discarded and the data is waited to be received.
4. A method according to any of claims 1-3, wherein the preset key is generated or stored from preset data.
5. The method of claim 4, wherein the preset key is generated from preset data comprising: calculating preset data through a preset algorithm to obtain a preset key;
the method further comprises the following steps: when the first equipment is disconnected with the second equipment, the first equipment empties the stored preset key.
6. The method of claim 1, wherein the first device initializes a number of uses of a first frame number, specifically: the first equipment resets the using times of the first frame number to 0;
the number of times of use for updating the first frame number is specifically: the number of uses of the first frame number is self-incremented by 1.
7. The method according to claim 1, wherein said calculating of said first splicing result in step S5 results in a first calculation result; calculating the first to-be-transmitted data by using the first calculation result to obtain a second calculation result, specifically: performing abstract calculation on the first splicing result to obtain a first calculation result; encrypting the first data to be sent by using the first calculation result to obtain a second calculation result,
the sending, in the step S5, the first encrypted value and the second calculation result to the second device specifically includes: and splicing the first encryption value and a second calculation result, sending the splicing result to the second equipment, and waiting for receiving data.
8. The method of claim 1, wherein the deriving raw data according to the first parsing result and the preset key comprises: and decrypting the first digest encryption value in the first analysis result by using the preset key to obtain a first digest value after successful decryption, and decrypting the original encryption data in the first analysis result by using the first digest value to obtain the original data after successful decryption.
9. The method of claim 2, wherein said calculating of said second concatenation result in step a2 yields a third calculation result; calculating the second data to be sent by using the third calculation result to obtain a fourth calculation result, including: the first equipment performs summary calculation on the second splicing result to obtain a third calculation result; and encrypting the second data to be sent by using the third calculation result to obtain a fourth calculation result.
10. The method of claim 3, wherein the first device deriving second data from the preset key and the response data comprises: and decrypting the second digest encryption value in the response data by using the preset key, successfully decrypting to obtain a second digest value, decrypting the original encryption data in the response data by using the second digest value, and successfully decrypting to obtain second data.
11. An anti-replay secure communication processing apparatus, comprising:
the initial storage module is used for initializing and storing the first frame number and the use times of the first frame number when the first equipment establishes connection with the second equipment; the second equipment simultaneously initializes and stores a first frame number;
the first receiving module is used for receiving first data sent by the second equipment;
the first analysis module is used for analyzing the first data received by the first receiving module to obtain a first analysis result;
the first obtaining module is used for obtaining original data according to a first analysis result obtained by the analysis of the first decryption module and a preset key;
the first obtaining module is used for obtaining a third frame number from the original data obtained by the first obtaining module;
the first comparing module is used for comparing the third frame number acquired by the first acquiring module with the first frame number stored by the initial storing module, and if the third frame number is the same as the first frame number stored by the initial storing module, the reading judging module is triggered; if the comparison result meets the preset rule, triggering a first updating module; if the comparison result does not accord with the preset rule, triggering a first discarding module;
the first discarding module is configured to discard the first data received by the first receiving module, and trigger the first receiving module to wait for receiving the data;
the first updating module is configured to update the first frame number stored by the initial storing module according to the third frame number acquired by the first acquiring module, and trigger the first receiving module to wait for receiving data;
the reading judgment module is used for reading and judging the using times of the first frame number stored by the initial storage module, if the using times of the first frame number is greater than a preset value, a third discarding module is triggered, and if the using times of the first frame number is less than the preset value and is not an initial value, a third updating module is triggered; if the number of times of use of the first frame number is equal to an initial value, triggering a first sending module to send the original data to an upper layer application;
the first receiving module is further configured to receive a first processing result obtained by processing the original data by the upper layer application;
the third discarding module is configured to discard the first data received by the first receiving module, and trigger the first receiving module to wait for receiving the data;
the third updating module is configured to update the number of times of use of the first frame number stored by the initial storing module, and trigger the first splicing module;
a second storing module, configured to store a first processing result obtained by processing the original data by the upper layer application received by the first receiving module, as first data to be sent, in a cache, and trigger the first receiving module to wait for receiving the data;
the first splicing module is configured to splice the first frame number stored in the initial storage module before the first data to be transmitted in the second storage module to obtain a first splicing result;
the first calculation module is used for calculating a first splicing result obtained by the first splicing module to obtain a first calculation result; calculating the first data to be sent by using the first calculation result to obtain a second calculation result;
the first encryption module is used for encrypting a first calculation result obtained by the first calculation module by using the preset key to obtain a first encryption value;
the first sending module is configured to send the first encrypted value obtained by the first encrypting module and the second calculation result obtained by the first calculating module to the second device, and trigger the first receiving module to wait for receiving data.
12. The apparatus of claim 11,
the initial storage module is also used for initializing and storing a second frame number; the second equipment simultaneously initializes and stores a second frame number;
the first receiving module is further used for receiving user trigger information;
the device further comprises:
the second updating module is used for updating the stored second frame number when the first receiving module receives the user trigger information;
the second splicing module is used for splicing the second frame number updated by the second updating module before the second data to be sent to obtain a second splicing result;
the second calculation module is used for calculating a second splicing result obtained by the second splicing module to obtain a third calculation result; calculating the second data to be sent by using the third calculation result to obtain a fourth calculation result;
the second encryption module is used for encrypting a third calculation result obtained by the second calculation module by using the preset key to obtain a second encryption value;
the first sending module is further configured to send the second encrypted value obtained by the second encryption module and the fourth calculation result obtained by the second calculation module to the second device, and trigger the first receiving module to wait for receiving response data returned by the second device.
13. The apparatus of claim 12,
the first receiving module is further configured to receive response data sent by the second device;
the device further comprises:
a second obtaining module, configured to, when the first receiving module receives response data sent by the second device, obtain second data according to the preset key and the response data;
a second obtaining module, configured to obtain a fourth frame number from the second data obtained by the second obtaining module;
the second judging module is used for judging whether the fourth frame number acquired by the second acquiring module is matched with the second frame number stored by the initial storing module or not, and if so, the first storing module is triggered; otherwise, triggering a second discarding module;
the second discarding module is configured to discard the response data received by the first receiving module, and trigger the first receiving module to wait for receiving data;
the first storage module is configured to store second data and trigger the first receiving module to wait for receiving the data.
14. The apparatus of any one of claims 11-13, wherein the preset key is generated or stored based on preset data.
15. The apparatus of claim 14, wherein the preset key is generated from preset data comprising: calculating preset data through a preset algorithm to obtain a preset key;
the device further comprises:
and the clearing module is used for clearing the calculated preset key when the first equipment is disconnected with the second equipment.
16. The apparatus as claimed in claim 11, wherein the initial saving module is further configured to initialize a number of uses of the first frame number, specifically: the initial storage module is further configured to reset the number of times of use of the first frame number to 0;
the third updating module is specifically configured to add 1 to the number of times of use of the first frame number stored by the initial storing module.
17. The apparatus according to claim 11, wherein the first calculating module is specifically configured to perform a digest calculation on the first splicing result to obtain a first calculation result; encrypting the first data to be sent by using the first calculation result to obtain a second calculation result;
the first sending module is specifically configured to splice the first encrypted value obtained by the first encryption module and the second calculation result obtained by the first calculation module, send the splice result to the second device, and trigger the first receiving module to wait for receiving data.
18. The apparatus according to claim 11, wherein the first obtaining module is specifically configured to decrypt, using the preset key, a first digest encrypted value in a first parsing result obtained by parsing by the first parsing module, where the decryption succeeds to obtain the first digest value, and decrypt, using the first digest value, original encrypted data in the first parsing result obtained by parsing by the first parsing module, where the decryption succeeds to obtain original data.
19. The apparatus according to claim 12, wherein the second calculating module is specifically configured to perform a digest calculation on the second splicing result obtained by the second splicing module to obtain a third calculating result; and encrypting the second data to be sent by using the third calculation result to obtain a fourth calculation result.
20. The apparatus according to claim 13, wherein the second obtaining module is specifically configured to, when the first receiving module receives the response data sent by the second device, decrypt the second digest encryption value in the response data using the preset key, obtain the second digest value after decryption is successful, decrypt the original encryption data in the response data using the second digest value, and obtain the second data after decryption is successful.
CN201810864997.3A 2018-08-01 2018-08-01 Anti-replay safe communication processing method and device Active CN109120608B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810864997.3A CN109120608B (en) 2018-08-01 2018-08-01 Anti-replay safe communication processing method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810864997.3A CN109120608B (en) 2018-08-01 2018-08-01 Anti-replay safe communication processing method and device

Publications (2)

Publication Number Publication Date
CN109120608A CN109120608A (en) 2019-01-01
CN109120608B true CN109120608B (en) 2020-11-24

Family

ID=64863882

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810864997.3A Active CN109120608B (en) 2018-08-01 2018-08-01 Anti-replay safe communication processing method and device

Country Status (1)

Country Link
CN (1) CN109120608B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111510916B (en) * 2020-04-08 2023-04-14 国网上海市电力公司 WAMS data encryption and decryption method, device and system

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1852614A (en) * 2006-02-20 2006-10-25 华为技术有限公司 Method for processing AK context
CN101060404A (en) * 2006-04-19 2007-10-24 华为技术有限公司 A method and system protecting the wireless network against the replay attack
CN101242274A (en) * 2005-06-24 2008-08-13 华为技术有限公司 Method for guaranteeing non-duplicate message SN and preventing from re-play attack and mobile terminal
CN101340289A (en) * 2008-08-19 2009-01-07 北京飞天诚信科技有限公司 Replay attack preventing method and method thereof
CN101820619A (en) * 2010-01-15 2010-09-01 北京工业大学 Efficient and energy-saving link safety method in wireless sensor network
CN102315937A (en) * 2010-07-09 2012-01-11 塔塔咨询服务有限公司 The affaris safety trade system of data and method between radio communication device and the server

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102014200309A1 (en) * 2014-01-10 2015-07-16 Robert Bosch Gmbh Method for checking an output

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101242274A (en) * 2005-06-24 2008-08-13 华为技术有限公司 Method for guaranteeing non-duplicate message SN and preventing from re-play attack and mobile terminal
CN1852614A (en) * 2006-02-20 2006-10-25 华为技术有限公司 Method for processing AK context
CN101060404A (en) * 2006-04-19 2007-10-24 华为技术有限公司 A method and system protecting the wireless network against the replay attack
CN101340289A (en) * 2008-08-19 2009-01-07 北京飞天诚信科技有限公司 Replay attack preventing method and method thereof
CN101820619A (en) * 2010-01-15 2010-09-01 北京工业大学 Efficient and energy-saving link safety method in wireless sensor network
CN102315937A (en) * 2010-07-09 2012-01-11 塔塔咨询服务有限公司 The affaris safety trade system of data and method between radio communication device and the server

Also Published As

Publication number Publication date
CN109120608A (en) 2019-01-01

Similar Documents

Publication Publication Date Title
CN107294937B (en) Data transmission method based on network communication, client and server
CN109167802B (en) Method, server and terminal for preventing session hijacking
EP3547601B1 (en) Biometric information transmission establishing method , device, system, and storage medium
US10601590B1 (en) Secure secrets in hardware security module for use by protected function in trusted execution environment
CN106357690B (en) data transmission method, data sending device and data receiving device
US6944762B1 (en) System and method for encrypting data messages
CN113067828A (en) Message processing method and device, server, computer equipment and storage medium
CN112702318A (en) Communication encryption method, decryption method, client and server
CN108199847B (en) Digital security processing method, computer device, and storage medium
KR20150079489A (en) Instant messaging method and system
CN111130798B (en) Request authentication method and related equipment
CN110166489B (en) Data transmission method, system, equipment and computer medium in Internet of things
CN111914291A (en) Message processing method, device, equipment and storage medium
CN115065472B (en) Security chip encryption and decryption method and device based on multi-key encryption and decryption
CN109729000B (en) Instant messaging method and device
CN110690956A (en) Bidirectional authentication method and system, server and terminal
KR20150135032A (en) System and method for updating secret key using physical unclonable function
CN115314313A (en) Information encryption method and device, storage medium and computer equipment
JP2022117456A (en) Message transmission system with hardware security module
CN109120608B (en) Anti-replay safe communication processing method and device
CN109257387A (en) Method and apparatus for disconnection reconnecting
US8452968B2 (en) Systems, methods, apparatus, and computer readable media for intercepting and modifying HMAC signed messages
CN113630412A (en) Resource downloading method, resource downloading device, electronic equipment and storage medium
CN114065170A (en) Method and device for acquiring platform identity certificate and server
CN108809632B (en) Quantum safety sleeving layer device and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant