CN109413123A - Session keeping method and relevant device - Google Patents

Session keeping method and relevant device Download PDF

Info

Publication number
CN109413123A
CN109413123A CN201710705004.3A CN201710705004A CN109413123A CN 109413123 A CN109413123 A CN 109413123A CN 201710705004 A CN201710705004 A CN 201710705004A CN 109413123 A CN109413123 A CN 109413123A
Authority
CN
China
Prior art keywords
session
label information
server
client
dtls
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710705004.3A
Other languages
Chinese (zh)
Inventor
汪淑华
熊晓春
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CN201710705004.3A priority Critical patent/CN109413123A/en
Publication of CN109413123A publication Critical patent/CN109413123A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/146Markers for unambiguous identification of a particular session, e.g. session cookie or URL-encoding
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/166Implementing security features at a particular protocol layer at the transport layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/142Managing session states for stateless protocols; Signalling session states; State transitions; Keeping-state mechanisms

Abstract

The embodiment of the invention discloses a kind of session keeping method and relevant devices, which comprises when server establishes DTLS session between client, generates session label information, the session label information is for identifying the DTLS session;The session label information is sent to the client by the server;The server receives the first data from the client by the DTLS session, and first data carry the session label information;Server DTLS context according to corresponding to the session label information handles first data.Using the embodiment of the present invention, DTLS session is kept by using session label information, can improving data transmission efficiency, save power consumption, and improve the applicability of session holding.

Description

Session keeping method and relevant device
Technical field
This application involves field of communication technology more particularly to session keeping methods and relevant device.
Background technique
With the development of Internet of Things (Internet of Things, IoT) technology, IoT is using more and more extensive, IoT use Family/terminal quantity rapid growth, networking scene are also more and more diversified.IoT terminal passes through network address translation (Network Address Translation, NAT) equipment docked with the IoT platform of public network, to transmit data.According to market safety need Want, using Datagram Transport Layer safety (Datagram Transport Layer Security, DTLS) protection IoT terminal and The data transmitted between IoT platform.
DTLS session is shaken hands foundation by IoT terminal and IoT platform, and after being successfully established, both sides use five-tuple (i.e. source/mesh IP address, source/destination port numbers and protocol type) or four-tuple (i.e. source/destination IP address and source/destination port numbers) is only One identifies the DTLS connection, and therefore, sender carries five-tuple/four-tuple in the IP head of data packet, will include the data packet Message is sent to recipient, and recipient can find corresponding DTLS safe context according to five-tuple/four-tuple, according to DTLS Data packet is decrypted in safe context/processing such as completeness check.But data are sent about magnanimity IoT terminal periodic Scene (such as water meter one day or longer time send a data), it is desirable that low-power consumption.For example require thousands of milliampere hour Battery uses 5~10 years, then IoT terminal enters deep sleep state after sending data every time so as to power saving, is in depth There is no interacting between the IoT terminal of dormant state and IoT platform, lead to NAT table item (source IP address/purpose IP address, source Mouth/destination port mapping table) etc. resources aging.In the case where NAT table item aging, IoT terminal is sent out to IoT platform every time Five-tuple/four-tuple entrained by the data packet sent is all different, and leads to five yuan that IoT platform can not be carried according to data packet Group/four-tuple finds accurate DTLS context, and IoT terminal needs to renegotiate between IoT platform to establish DTLS connection, Resource consumed by renegotiating is more than sending resource consumed by data, and the applicability for causing session to keep is lower, and data pass Defeated efficiency is lower, and power consumption is higher.
Summary of the invention
The embodiment of the present invention provides a kind of session keeping method and relevant device, is kept by using session label information DTLS session, can improving data transmission efficiency, save power consumption, and improve session holding applicability.
In a first aspect, the embodiment of the present invention provides a kind of session keeping method, comprising:
When server establishes DTLS session between client, session label information, the session label information are generated For identifying the DTLS session;
The session label information is sent to the client by the server;
The server receives the first data from the client by the DTLS session, and first data are taken With the session label information;
Server DTLS context according to corresponding to the session label information, at first data Reason.
In a kind of possible design scheme, the server can also be when reaching session identification renewal time, to institute It states session label information to be updated, obtains updated session label information;Second data are sent to visitor by the server Family end, the second data include session label information and the updated session label information;The server passes through described DTLS session receives the third data from the client, and the third data carry the updated session identification letter Breath;Server DTLS context according to corresponding to the updated session label information, to the third data into Row processing.
In a kind of possible design scheme, the server is when reaching session identification renewal time, to the session Identification information is updated, after obtaining updated session label information, further includes:
The server encrypts the updated session label information, is updated and encrypted session mark Know information;
Wherein, second data include the session label information and the update and encrypted session identification is believed Breath.
In a kind of possible design scheme, the server is when reaching session identification renewal time, to the session Identification information is updated, after obtaining updated session label information, further includes:
The server carries out integrity protection to the updated session label information, is updated and integrality is protected Session label information after shield;
Wherein, second data include the session mark after the session label information and the update and integrity protection Know information.
In a kind of possible design scheme, the server is when reaching session identification renewal time, to the session Identification information is updated, after obtaining updated session label information, further includes:
The server carries out encryption and integrity protection to the updated session label information, is encrypted and complete Session label information after whole property protection;
Wherein, second data include the session mark after the session label information and the encryption and integrity protection Know information.
In a kind of possible design scheme, the server by the session label information be sent to the client it Before, it can also be by other sessions in the session label information and session identification database in addition to the session label information Identification information is compared, and the session identification database includes for identifying each DTLS established between the server The session label information of session;When the session label information and other described session label informations are all different, institute is triggered It states server and the session label information is sent to the client.
In a kind of possible design scheme, the server generates session label information, is specifically as follows: the service DTLS negotiation is carried out between device and the client;When negotiating successfully, the server generates the session label information.
In a kind of possible design scheme, DTLS negotiation is carried out between the server and the client, specifically may be used With are as follows: the server receives the session from the client and keeps request message;The server responds the session and protects Request message is held, and when the server supports DTLS session to keep, Xiang Suoshu client sends session and keeps confirmation message, The session keeps confirmation message to be used to indicate the server and supports DTLS session holding.
In a kind of possible design scheme, the server can also be sent out by the DTLS session to the client The 4th data are sent, the 4th data carry the session label information.
Second aspect, the embodiment of the present invention provide a kind of session keeping method, comprising:
Client receives the session label information from server, the session label information be the server with institute It states to establish between client and be generated when DTLS session, the session label information is for identifying the DTLS session;
The client sends the first data to the server by the DTLS session, and first data carry institute State session label information.
In a kind of possible design scheme, the client may also receive from the second data of the server, Second data include the session label information and updated session label information;The client is according to the session DTLS context corresponding to identification information handles second data, obtains the updated session identification letter Breath;The client sends third data to the server by the DTLS session, and the third data carrying is described more Session label information after new.
In a kind of possible design scheme, the second data include the session label information and update and encrypted meeting Identification information is talked about, the update and encrypted session label information are that the server believes the updated session identification What breath was encrypted;
Client DTLS context according to corresponding to the session label information, at second data Reason, obtains the updated session label information, comprising: the client is according to corresponding to the session label information DTLS context handles second data, obtains the encrypted session label information;The client is to institute It states encrypted session label information to be decrypted, obtains the updated session label information.
In a kind of possible design scheme, the second data include the session label information and update and integrity protection Session label information afterwards, it is described update and integrity protection after session label information be the server to the update after Session label information carry out integrity protection and obtain;
Client DTLS context according to corresponding to the session label information, at second data Reason, obtains the updated session label information, comprising: the client is according to corresponding to the session label information DTLS context handles second data, the session label information after obtaining the update and integrity protection;Institute It states client and completeness check is carried out to the session label information after the update and integrity protection, obtain described updated Session label information.
In a kind of possible design scheme, the second data include the session label information and encryption and integrity protection Session label information afterwards, it is described encryption and integrity protection after session label information be the server to the update after Session label information carry out encryption and integrity protection obtains;
Client DTLS context according to corresponding to the session label information, at second data Reason, obtains the updated session label information, comprising: the client is according to corresponding to the session label information DTLS context handles second data, the session label information after obtaining the encryption and integrity protection;Institute Client is stated the session label information after the encryption and integrity protection is decrypted and completeness check, obtain it is described more Session label information after new.
In a kind of possible design scheme, the client may also receive from the 4th data of the server, 4th data carry the session label information;The client is on the DTLS according to corresponding to the session label information Hereafter, the 4th data are handled.
In a kind of possible design scheme, the client receives the session label information from server, specifically may be used With are as follows: DTLS negotiation is carried out between the client and the server;When negotiating successfully, the client, which receives, comes from institute State the session label information of server.
In a kind of possible design scheme, DTLS negotiation is carried out between the client and the server, specifically may be used With are as follows: the client sends session to the server and keeps request message;When receiving the session from the server When keeping confirmation message, determination is negotiated successfully, and the session keeps confirmation message to be used to indicate the server and supports DTLS meeting Words are kept.
In a kind of possible design scheme, the client sends first to the server by the DTLS session After data, the operating status of the client can also be updated to dormant state.
The third aspect, the embodiment of the invention also provides a kind of server, which, which has, realizes above method example The function of middle server behavior.The function can also execute corresponding software realization by hardware realization by hardware. The hardware or software include one or more units corresponding with above-mentioned function or module.
It may include that processing unit, receiving unit and transmission are single in the structure of server in a kind of possible design scheme Member, the processing unit are configured as that server is supported to execute corresponding function in the above method.The receiving unit and transmission Unit is used to support the communication between server and other equipment.The server can also include storage unit, the storage Unit saves the necessary program instruction of server and data for coupling with processing unit.As an example, processing unit can be with For processor, receiving unit can be receiver, and transmission unit can be transmitter, and storage unit can be memory.
Fourth aspect, the embodiment of the present invention provide a kind of client, which, which has, realizes visitor in above method example The function of family end behavior.The function can also execute corresponding software realization by hardware realization by hardware.It is described Hardware or software include one or more units corresponding with above-mentioned function or module.
In a kind of possible design scheme, in the structure of client include processing unit, receiving unit and transmission unit, The processing unit is configured as supporting corresponding function in the client executing above method.The receiving unit and transmission unit For supporting the communication between client and other equipment.The client can also include storage unit, the storage unit For coupling with processing unit, the necessary program instruction of client and data are saved.As an example, processing unit can be place Device is managed, receiving unit can be receiver, and transmission unit can be transmitter, and storage unit can be memory.
5th aspect, the embodiment of the invention provides a kind of sessions to keep system, which includes the service of above-mentioned aspect Device and/or client.In alternatively possible design scheme, which can also include scheme provided in an embodiment of the present invention In the other equipment that are interacted with the server or client.
6th aspect, the embodiment of the invention provides a kind of computer storage mediums, for being stored as above-mentioned server institute Computer software instructions comprising for executing program designed by above-mentioned aspect.
7th aspect, the embodiment of the invention provides a kind of computer storage mediums, for being stored as above-mentioned client institute Computer software instructions comprising for executing program designed by above-mentioned aspect.
Eighth aspect, the embodiment of the invention provides a kind of computer program products including instruction, when it is in computer When upper operation, so that computer executes method described in above-mentioned various aspects.
9th aspect, the embodiment of the invention provides a kind of chip systems, which includes processor, for servicing Device realizes function involved in above-mentioned aspect, for example, for example generating or handling data and/or letter involved in the above method Breath.In a kind of possible design scheme, the chip system further includes memory, the memory, for saving server Necessary program instruction and data.The chip system, can be made of chip, also may include chip and other discrete devices.
Tenth aspect, the embodiment of the invention provides a kind of chip systems, which includes processor, for supporting Client realizes function involved in above-mentioned aspect, for example, for example receive or handle data involved in the above method and/ Or information.In a kind of possible design scheme, the chip system further includes memory, the memory, for saving visitor The necessary program instruction in family end and data.The chip system, can be made of chip, also may include chip and other deviding devices Part.
Implement the embodiment of the present invention, when server establishes DTLS session between client, generates session label information; Session label information is sent to client by server;Server receives the first data from client by DTLS session, First data carry session label information;Server DTLS context according to corresponding to session label information, to the first data It is handled.For relatively traditional session keeping method in the case where NAT table item aging, client is every time to server transmission Five-tuple/four-tuple entrained by data packet is all different, the five-tuple/quaternary for causing server that can not be carried according to data packet Group finds accurate DTLS context, and client needs to renegotiate between IoT platform to establish DTLS session, and the present invention is real Session label information and five-tuple in example/four-tuple decoupling are applied, no matter whether five-tuple/four-tuple is identical, can be by using Session label information keep DTLS session, can improving data transmission efficiency, save power consumption, and improve session holding applicability.
Detailed description of the invention
It to describe the technical solutions in the embodiments of the present invention more clearly, below will be to needed in the embodiment Attached drawing is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the invention, for ability For the those of ordinary skill of domain, without any creative labor, it can also be obtained according to these attached drawings others Attached drawing.
Fig. 1 is the structural schematic diagram that a kind of session provided in an embodiment of the present invention keeps system;
Fig. 2 is a kind of interaction schematic diagram of session keeping method provided in an embodiment of the present invention;
Fig. 3 is a kind of structural schematic diagram of server provided in an embodiment of the present invention;
Fig. 4 be another embodiment of the present invention provides a kind of server structural schematic diagram;
Fig. 5 be another embodiment of the present invention provides a kind of server structural schematic diagram;
Fig. 6 is a kind of structural schematic diagram of client provided in an embodiment of the present invention;
Fig. 7 be another embodiment of the present invention provides a kind of client structural schematic diagram;
Fig. 8 be another embodiment of the present invention provides a kind of client structural schematic diagram.
Specific embodiment
The embodiment of the present invention is described with reference to the attached drawing in the embodiment of the present invention.
It should be understood that the technical solution of the application can be applied particularly in the various communication systems using DTLS transmission data, Such as: global system for mobile communications (Global System of Mobile communication, GSM), CDMA (Code Division Multiple Access, CDMA), wideband code division multiple access (Wideband Code Division Multiple Access, WCDMA), TD SDMA (Time Division-Synchronous Code Division Multiple Access, TD-SCDMA), Universal Mobile Communication System (Universal Mobile Telecommunication System, UMTS), long term evolution (Long Term Evolution, LTE) system etc., with logical The technical solution of the continuous development of letter technology, the application can also be used in future network, such as the 5th third-generation mobile communication technology (The Fifth Generation Mobile Communication Technology, 5G) system, it is referred to as (the New that newly eats dishes without rice or wine Radio, NR) system, or can be used for D2D (device to device) system, M2M (machine to machine) system Etc., the application is without limitation.
The application combination server is described, which can be IoT platform or any other server and (such as answer With server) etc..
In this application, client can be applied in terminal, and terminal may include IoT terminal or any other equipment. Wherein, terminal is a kind of equipment with communication function, may include the handheld device with wireless communication function, vehicle-mounted sets Standby, wearable device calculates equipment or the other processing equipments for being connected to radio modem etc., optionally, can also wrap Include the equipment with wired communication functions.Terminal can be called different titles in different networks, such as: user equipment (User Equipment, UE), terminal, mobile station, subscriber unit, platform, cellular phone, personal digital assistant, wireless-modulated Demodulator, wireless telecom equipment, handheld device, laptop computer, wireless phone, wireless local loop platform etc..For convenience of description, Terminal can be referred to as UE in the application.The terminal can refer to wireless terminal, catv terminal.The wireless terminal can be directed to User provides the equipment of voice and/or data connectivity, has the handheld device of wireless connecting function or is connected to wireless tune Other processing equipments of modulator-demodulator, can through wireless access network (such as RAN, radio access network) with one or Multiple cores net is communicated.
The application scenarios of the application are introduced below, referring to Figure 1, Fig. 1 is one kind provided in an embodiment of the present invention The architecture diagram of session holding system.Specifically, as shown in Figure 1, may include at least one client 101 in the session holding system With server 102, client 101 can be linked into server 102 by using DTLS agreement, so as to client 101 and service DTLS session is established between device 102, when server 102 establishes DTLS session between client 101, can produce session mark Know information, and session label information is sent to client 101, client 101 can be sent by DTLS session to server First data, the first data carry the session label information, then server 102 can be according to corresponding to session label information DTLS context handles the first data, without renegotiating to establish DTLS session, can improving data transmission efficiency, Power consumption is saved, and improves the applicability of session holding.In addition, client 101 passes through with server 102 in the embodiment of the present invention DTLS session transmissions data can promote the transmission safety of data.
Optionally, the 4th data can also be sent to client 101 by server 102, and the 4th data carry the session mark Information is known, then the DTLS context according to corresponding to the session label information of client 101, at the 4th data Reason.
Optionally, it may include counting Counter, being based on that server 102, which generates algorithm used in session label information, Disposal password algorithm (An HMAC-Based One-Time Password Algorithm, HOTP), the secure hash of HMAC Algorithm -1 (Secure Hash Algorithm-1, SHAI), (the Secure Hash of Secure Hash Algorithm -3 Algorithm-3, SHA3) or pseudo-random function (pseudo-random function, PRF) etc..Server 102 can incite somebody to action Session label information is sent to client 101 by data message.
It should be noted that server can be different with different clients foundation respectively when there are multiple client DTLS session.For different DTLS sessions, different sessions identification information is can be generated in server, to identify the DTLS session.
Optionally, it can also include network address translation (Network Address which, which keeps system, Translation, NAT) equipment 103, which can store NAT table item, and NAT table item may include DTLS session institute Address/purpose IP address agreement (Internet Protocol, IP) interconnected between corresponding source network, with source port/purpose Corresponding relationship between port.Illustratively, the operating status of client is updated to after dormant state, client and server Between no data transmission, will lead to NAT table item aging.
This application discloses a kind of session keeping method and relevant devices, keep DTLS meeting by using session label information Words, can improving data transmission efficiency, and save power consumption.It is described in detail individually below.
Fig. 2 is referred to, Fig. 2 is a kind of interaction schematic diagram of session keeping method provided in an embodiment of the present invention, specifically, As shown in Fig. 2, the session keeping method of the embodiment of the present invention may comprise steps of:
201, DTLS negotiation is carried out between server and client.
In the initial network entry stage, server can carry out DTLS negotiation between client, specifically, client can be to Server sends session and keeps request message, and server response session keeps request message, and supports DTLS session in server When holding, session is sent to client and keeps confirmation message, session keeps confirmation message to be used to indicate server and supports DTLS meeting Words are kept.It should be noted that the concrete mode that DTLS negotiates may include the following two kinds:
One, user end to server sends Client Hello message (i.e. above-mentioned session keeps request message), Client Hello message can carry Resume_Id, illustratively, Resume_Id can be 10000 ... 00, when server support DTLS When session is kept, subsequent negotiations can be continued, i.e., negotiate updated session label information between client in ciphering process Needed for Encryption Algorithm and key and/or private key, updated session label information can also be negotiated between client The protection algorithm integrallty needed for integrity protection process, and the completeness check needed for integrity check process Algorithm etc..When server does not support DTLS session to keep, server can send session to client and keep failed message, example Such as Alert or other exception responses.
Two, user end to server sends Client Hello message (i.e. above-mentioned session keeps request message), Client Hello message can carry extension information (extension, such as extension type=36), when server supports DTLS When session is kept, server can send session to client and keep confirmation message (such as Server Hello), which protects Above-mentioned extension information can be carried by holding confirmation message, to indicate that server supports DTLS session to keep.When server is not supported When DTLS session is kept, abnormality processing can be carried out according to standard DTLS.
202, when negotiating successfully, server generates session label information.
DTLS session is successfully established when negotiating successfully, between client and server, server can produce session mark Know information, session label information can be used for identifying the DTLS session.Since this programme is based on standard DTLS, provide to The compatible mechanism of normalised DTLS, Resume-ID (i.e. session label information) are located at DTLS record head, all data packets Head carries Resume-ID, and having integrity protection in the Resume-ID of data packet head, (what normalized DTLS was provided is complete Property protection mechanism).Illustratively, the specific method that server generates session label information can be as follows:
struct{
ContentType type;
ProtocolVersion version;
uint16epoch;
uint48sequence_number;
uint64Resume_id;//New field
uint16length;
opaque fragment[DTLSPlaintext.length];
}DTLSPlaintext;
It should be noted that the length of session label information can be more than or equal to 64bits, wherein session label information High-order 1bit can be fixed as 1;Secondary high bit is 0, is used to indicate version identifier;Afterwards 62bits for identify generate at random it is interior Hold, the content that the rear 62bits of different sessions identification information is included is different.
It should be noted that difference DTLS session can correspond to different DTLS contexts, then server generates session mark After knowing information, it can establish the corresponding of the DTLS context of session label information and the identified session of the session label information and close System.Further, when server is updated session label information, obtains updated session label information, server The corresponding relationship of above-mentioned session label information and DTLS context can be updated to updated session label information and above-mentioned The corresponding relationship of DTLS context.
It optionally, can be by the session label information and session mark data after server generates session label information Other session label informations in library in addition to the session label information are compared, and session identification database includes for identifying The session label information for each DTLS session established between server, when session label information and other session label informations When being all different, which can be sent to client by server.For example, being built between server and client 3 Before vertical 3rd DTLS session, the first DTLS session is established between client 1 respectively, and establish between client 2 2nd DTLS session, wherein the session label information for identify the first DTLS session is 10110...00, for mark the The session label information of two DTLS sessions is 10101...10, and server can will be used to identify that the session mark of the first DTLS session Know information and the session label information for identifying the 2nd DTLS session is stored into session identification database, server generates use After the session label information for identifying the 3rd DTLS session, the session label information of the 3rd DTLS session can will be used to identify that Respectively and the session label information for identifying the first DTLS session, the session identification letter and for identifying the 2nd DTLS session Breath is compared, such as the session label information for identifying the 3rd DTLS session is 10001...00, then server can be true Other session label informations in fixed session label information and session identification database for identifying the 3rd DTLS session are not It is identical.
Optionally, after server generates session label information, which can be stored to session identification In database.
It should be noted that detecting after server generates session label information and ensuring the unique of session label information Property and randomness, can avoid session label information collision, it is ensured that the one DTLS session of a session label information unique identification, protect Card is different for the session label information of different clients, promotes magnanimity terminal and establishes DTLS meeting between server simultaneously Data transmission security when words.
203, session label information is sent to client by server.
Specifically, after server generates session label information, can by session label information by Finish message or Person's Update message is sent to client, after client receives the session label information, can store session identification letter Breath, and establish the corresponding relationship of the DTLS context of session label information and the identified session of the session label information.
204, client sends the first data to server by DTLS session, and the first data carry session label information.
Optionally, server can send the 4th data to client by the DTLS session, and the 4th data carry the meeting Identification information is talked about, client can be handled third data according to the DTLS context corresponding to session label information.
It should be noted that the data transmitted between client and server are required to carry session label information, so as to Receiving end (such as client or server) keeps DTLS session according to the session label information.
205, server DTLS context according to corresponding to session label information, handles the first data.
Specifically, after server receives the first data, it can be according to pair of session label information and DTLS context It should be related to, obtain DTLS context corresponding to the session label information that the first data carry, and according on the DTLS got Hereafter the first data are decrypted or the processing such as completeness check.
206, the operating status of client is updated to dormant state by client.
Client by the first data be sent to server and/or client receive the 4th data from server it Afterwards, the operating status of client can be updated to dormant state.It is countless between client in a dormant state and server According to transmission, NAT table item aging will lead to.It should be noted that after client completes the transmission of this data, by the fortune of client Row state is updated to dormant state or other similar dormant state (such as data pause transmission state, i.e. client and service No data transmits device whithin a period of time), electricity can be saved.
207, when reaching session identification renewal time, server is updated session label information, after obtaining update Session label information.
Specifically, server can provide session label information period update mechanism, i.e. server starting session identification letter Breath updates timer, and when reaching session identification renewal time, server is updated session label information, after obtaining update Session label information.
It should be noted that server carries out period update to session label information, client can be prevented to be tracked, with true Protect data transmission security.
208, server carries out encryption and integrity protection to updated session label information, is encrypted and integrality Session label information after protection.
For example, if the Encryption Algorithm that server and client are negotiated is rivest, shamir, adelman, server can be with Updated session label information is encrypted using the public key for negotiating to obtain, and complete using negotiating with client Property protection algorism to above-mentioned session label information carry out integrity protection, encrypted and after integrity protection session identification letter Breath.Optionally, server can also use the private key for negotiating to obtain to encrypt updated session label information, and use The protection algorithm integrallty negotiated with client carries out integrity protection to above-mentioned session label information, is encrypted and complete Session label information after whole property protection.Rivest, shamir, adelman may include RSA cryptographic algorithms (RSA algorithm, RSA), Elgamal algorithm, knapsack algorithm, Rabin Encryption Algorithm, D-H algorithm (Denavit-Hartenberg, D-H), ellipse Curve encryption algorithm (Elliptic Curves Cryptography, ECC) etc..
For another example, if the Encryption Algorithm that server and client are negotiated is symmetric encipherment algorithm, server can make It is encrypted with the updated session label information of key pair for negotiating to obtain, and uses the integrality negotiated with client Protection algorism carries out integrity protection to above-mentioned session label information, is encrypted and the session identification after integrity protection is believed Breath.Symmetric encipherment algorithm may include data encryption standards (Data Encryption Standard, DES) algorithm, three tuples According to Encryption Algorithm (Triple DES, 3DES), 128 (Advanced of packet key algorithm RC5 or Advanced Encryption Standard Encryption Standard128, AES128) etc..
209, the second data are sent to client by server, and the second data include session label information and encryption and complete Property protection after session label information.
Illustratively, server can be using the session label information after encryption and integrity protection as data Payload It is sent to client, the head for the data that client receives includes the session label information before updating.Optionally, which can Being transmitted in negotiated successful DTLS exit passageway.
210, client DTLS context according to corresponding to session label information, handles the second data, obtains Session label information after encryption and integrity protection.
211, client is decrypted the session label information after encryption and integrity protection and completeness check, obtains Updated session label information.
For example, if the Encryption Algorithm that client and server are negotiated is rivest, shamir, adelman, and server uses The public key for negotiating to obtain encrypts updated session label information, and the protection algorithm integrallty pair obtained using negotiation Above-mentioned session label information carries out integrity protection, is encrypted and the session label information after integrity protection, then client Session label information after the private key pair encryption for negotiating to obtain and integrity protection can be used is decrypted, and use is negotiated The integrity check algorithm arrived carries out completeness check to above-mentioned session label information, obtains updated session label information. Optionally, if server encrypts updated session label information using the private key for negotiating to obtain, and use is negotiated The protection algorithm integrallty arrived carries out integrity protection to above-mentioned session label information, is encrypted and the meeting after integrity protection Talk about identification information, then client can be used the session label information after negotiating obtained key pair encryption and integrity protection into Row decryption, and completeness check is carried out to above-mentioned session label information using the integrity check algorithm for negotiating to obtain, it obtains more Session label information after new.
For another example, if the Encryption Algorithm that client and server are negotiated is symmetric encipherment algorithm, client can make It is decrypted with the session label information after the key pair encryption and integrity protection for negotiating to obtain, and complete using negotiating to obtain Whole property checking algorithm carries out completeness check to above-mentioned session label information, obtains updated session label information.
212, client sends third data to server by DTLS session, and third data carry updated session mark Know information.
Optionally, after client gets updated session label information, the session mark before updating can be discharged Know information, and store-updated session label information.Further, client can also be by the session label information before update The corresponding relationship of updated session label information and above-mentioned DTLS context is updated to the corresponding relationship of DTLS context.
213, server DTLS context according to corresponding to updated session label information, at third data Reason.
In embodiments of the present invention, when server establishes DTLS session between client, session label information is generated; Session label information is sent to client by server;Server receives the first data from client by DTLS session, First data carry session label information;Server DTLS context according to corresponding to session label information, to the first data It is handled.The embodiment of the present invention can improving data transmission efficiency, save power consumption, and improve session holding applicability.
Fig. 3 is referred to, is a kind of possible structural schematic diagram of server involved in the embodiment of the present invention, refering to figure Shown in 3, the server can include: receiving unit 301, processing unit 302 and transmission unit 303.Wherein, these units can be held The corresponding function of server in row above method example, for example, processing unit 302, for being established between client When DTLS session, session label information is generated, the session label information is for identifying the DTLS session;Transmission unit 303, For the session label information to be sent to the client;Receiving unit 301, for by the DTLS session receive come From the first data of the client, first data carry the session label information;Processing unit 302, is also used to root According to DTLS context corresponding to the session label information, first data are handled.
Optionally, the processing unit 302 is also used to when reaching session identification renewal time, is believed the session identification Breath is updated, and obtains updated session label information;
The transmission unit 303 is also used to for the second data to be sent to the client, and the second data include session identification Information and the updated session label information;
The receiving unit 301 is also used to receive the third data from the client, institute by the DTLS session It states third data and carries the updated session label information;
The processing unit 302 is also used to the DTLS context according to corresponding to the updated session label information, The third data are handled.
Optionally, processing unit 302 are also used to be updated to the session label information, obtain updated meeting After talking about identification information, encryption and integrity protection are carried out to the updated session label information, encrypted and completely Property protection after session label information;
Wherein, second data include the session mark after the session label information and the encryption and integrity protection Know information.
Optionally, the processing unit 302 is also used to the transmission unit 303 and is sent to the session label information Before the client, by its in the session label information and session identification database in addition to the session label information He is compared session label information, the session identification database include for identify established between the server it is each The session label information of a DTLS session;
The transmission unit 303 is also used to when the session label information and other described session label informations not phase Meanwhile the session label information is sent to the client.
Optionally, the processing unit 302 generates session label information, is specifically used for:
DTLS negotiation is carried out between the client;
When negotiating successfully, the session label information is generated.
Optionally, DTLS negotiation is carried out between the processing unit 302 and the client, is specifically used for:
It receives the session from the client and keeps request message;
It responds the session and keeps request message, and when the server supports DTLS session to keep, Xiang Suoshu client End sends session and keeps confirmation message, and the session holding confirmation message is used to indicate the server and DTLS session is supported to protect It holds.
Optionally, the transmission unit 303 is also used to send the 4th number to the client by the DTLS session According to the 4th data carry the session label information.
It should be noted that being schematical, only a kind of logic function to the division of unit in the embodiment of the present invention It divides, there may be another division manner in actual implementation.Each functional unit in the embodiment of the present invention can integrate at one In processing unit, it is also possible to each unit and physically exists alone, a list can also be integrated in two or more units In member.Above-mentioned integrated unit both can take the form of hardware realization, can also realize in the form of software functional units.
Using integrated unit, Fig. 4 shows the another kind of server involved in above-described embodiment Possible structural schematic diagram, as shown in figure 4, the server can include: processing unit 402 and receiving unit 403, transmission unit 404.Processing unit 402 can be used for the movement to server and carry out control management, for example, processing unit 402 is for supporting service Device executes process 201,202,205,207,208 and 212 in Fig. 2 etc., and/or for techniques described herein its Its process.Receiving unit 403, transmission unit 404 can be used for supporting the communication of server Yu other network entities, for example, with Fig. 1 Communication to functional unit shown in Fig. 3 (or module) or network entity.Server can also include storage unit 401, program code and data for storage server.
Wherein, processing unit 402 can be processor or controller, such as can be central processing unit (Central Processing Unit, CPU), general processor, digital signal processor (Digital Signal Processor, DSP), Specific integrated circuit (Application-Specific Integrated Circuit, ASIC), field programmable gate array It is (Field Programmable Gate Array, FPGA) or other programmable logic device, transistor logic, hard Part component or any combination thereof.It may be implemented or execute to combine and various illustratively patrol described in the disclosure of invention Collect box, module and circuit.The processor is also possible to realize the combination of computing function, such as includes one or more micro- places Manage device combination, DSP and the combination of microprocessor etc..Receiving unit 403 can be receiver, and transmission unit 404 can be hair Emitter or receiving unit 403 and transmission unit 404 can integrate as transceiver.Storage unit 401 can be memory.
When processing unit 402 is processor, receiving unit 403 and transmission unit 404 are integrated into transceiver, storage unit 401 when being memory, and server involved in the embodiment of the present invention can be server shown in fig. 5.
As shown in fig.5, the server can include: processor 502, transceiver 503, memory 501 and bus 504. Wherein, transceiver 503, processor 502 and memory 501 are connected with each other by bus 504;Bus 504 can be peripheral hardware portion Part interconnection standards (peripheral component interconnect, PCI) bus or expanding the industrial standard structure (extended industry standard architecture, EISA) bus etc..It is total that the bus can be divided into address Line, data/address bus, control bus etc..Only to be indicated with a thick line in Fig. 5 convenient for indicating, it is not intended that only one total Line or a type of bus.
Fig. 6 is referred to, is a kind of possible structural schematic diagram of client involved in the embodiment of the present invention, refering to figure Shown in 6, the client can include: transmission unit 601 and receiving unit 602.Wherein, these units can execute the above method and show The corresponding function of client in example, for example, receiving unit 602, described for receiving the session label information from server Session label information is generation when the server establishes the safe DTLS session of Datagram Transport Layer between the client , the session label information is for identifying the DTLS session;Transmission unit 601, for by the DTLS session to institute It states server and sends the first data, first data carry the session label information.
Optionally, receiving unit 602 are also used to receive the second data from the server, second data packet Include the session label information and updated session label information;
The client further include:
Processing unit 603, for the DTLS context according to corresponding to the session label information, to second data It is handled, obtains the updated session label information;
The transmission unit 601 is also used to send third data to the server by the DTLS session, described the Three data carry the updated session label information.
Optionally, second data include the session identification after the session label information and encryption and integrity protection Information, the session label information after the encryption and integrity protection are that the server believes the updated session identification Breath carries out what encryption was obtained with integrity protection;
The processing unit 603 DTLS context according to corresponding to the session label information, to second data It is handled, obtains the updated session label information, be specifically used for:
According to DTLS context corresponding to the session label information, second data are handled, institute is obtained Session label information after stating encryption and integrity protection;
Session label information after the encryption and integrity protection is decrypted and completeness check, obtain it is described more Session label information after new.
Optionally, the receiving unit 602 is also used to receive the 4th data from the server, the 4th number According to the carrying session label information;
The client further include:
Processing unit 603, for the DTLS context according to corresponding to the session label information, to the third data It is handled.
Optionally, the receiving unit 602 receives the session label information from server, is specifically used for:
DTLS negotiation is carried out between the server;
When negotiating successfully, the session label information from the server is received.
Optionally, DTLS negotiation is carried out between the receiving unit 602 and the server, is specifically used for:
Session, which is sent, to the server keeps request message;
When receiving the session holding confirmation message from the server, determination is negotiated successfully, and the session is kept Confirmation message is used to indicate the server and DTLS session is supported to keep.
Optionally, the client further include:
Processing unit 603 sends the first number to the server by the DTLS session for the transmission unit 601 According to later, the operating status of the client is updated to dormant state.
It should be noted that being schematical, only a kind of logic function to the division of unit in the embodiment of the present invention It divides, there may be another division manner in actual implementation.Each functional unit in the embodiment of the present invention can integrate at one In processing unit, it is also possible to each unit and physically exists alone, a list can also be integrated in two or more units In member.Above-mentioned integrated unit both can take the form of hardware realization, can also realize in the form of software functional units.
Using integrated unit, Fig. 7 shows the another kind of client involved in above-described embodiment Possible structural schematic diagram, as shown in fig. 7, the client can include: processing unit 702 and receiving unit 703, transmission unit 704.Processing unit 702 can be used for the movement to client and carry out control management, and/or for techniques described herein its Its process.Receiving unit 703, transmission unit 704 can be used for supporting the communication of client Yu other network entities, for example, with Fig. 1 Communication to functional unit shown in Fig. 5 (or module) or network entity.Client can also include storage unit 701, for storing the program code and data of client.
Wherein, processing unit 702 can be processor or controller, such as can be CPU, general processor, DSP, ASIC, FPGA or other programmable logic device, transistor logic, hardware component or any combination thereof.It can be with It realizes or executes and combine various illustrative logic blocks, module and circuit described in the disclosure of invention.The processing Device is also possible to realize the combination of computing function, such as combines comprising one or more microprocessors, the group of DSP and microprocessor Close etc..Receiving unit 703 can be receiver, and transmission unit 704 can be transmitter or receiving unit 703 and send Unit 704 can integrate as transceiver.Storage unit 701 can be memory.
When processing unit 702 is processor, receiving unit 703 and transmission unit 704 are integrated into transceiver, storage unit 701 when being memory, and client involved in the embodiment of the present invention can be client shown in Fig. 8.
As shown in fig.8, the client can include: processor 802, transceiver 803, memory 801 and bus 804. Wherein, transceiver 803, processor 802 and memory 801 are connected with each other by bus 804;Bus 804 can be pci bus Or eisa bus etc..The bus can be divided into address bus, data/address bus, control bus etc..For convenient for indicating, in Fig. 8 only It is indicated with a thick line, it is not intended that an only bus or a type of bus.
The step of method in conjunction with described in the disclosure of invention or algorithm can realize in a manner of hardware, can also It is realized in a manner of being to execute software instruction by processor.Software instruction can be made of corresponding software module, software mould Block can be stored on random access memory (English: Random Access Memory, abbreviation: RAM), flash memory, read-only deposit Reservoir (English: Read Only Memory, abbreviation: ROM), Erasable Programmable Read Only Memory EPROM (English: Erasable Programmable ROM, abbreviation: EPROM), Electrically Erasable Programmable Read-Only Memory (English: Electrically EPROM, Abbreviation: EEPROM), register, hard disk, mobile hard disk, CD-ROM (CD-ROM) or any other shape well known in the art In the storage medium of formula.A kind of illustrative storage medium is coupled to processor, to enable a processor to from the storage medium Information is read, and information can be written to the storage medium.Certainly, storage medium is also possible to the component part of processor.Processing Device and storage medium can be located in ASIC.In addition, the ASIC can be located in relevant device.Certainly, processor and storage are situated between Matter can also be used as discrete assembly and be present in relevant device.
During realization, each step of the above method can by the integrated logic circuit of the hardware in processor or The instruction of software form is completed.The step of method in conjunction with disclosed in the embodiment of the present application, can be embodied directly in hardware processor Execute completion, or in processor hardware and software module combination execute completion.Software module can be located at random storage Device, flash memory, read-only memory, this fields such as programmable read only memory or electrically erasable programmable memory, register at In ripe storage medium.The storage medium is located at memory, and processor reads the information in memory, completes in conjunction with its hardware The step of stating method.To avoid repeating, it is not detailed herein.
It should also be understood that first, second, third, fourth and the various digital numbers that are referred to herein are only for convenience of description The differentiation of progress, is not intended to limit scope of the present application.
It should be understood that the terms "and/or", only a kind of incidence relation for describing affiliated partner, expression can deposit In three kinds of relationships, for example, A and/or B, can indicate: individualism A exists simultaneously A and B, these three situations of individualism B. In addition, character "/" herein, typicallys represent the relationship that forward-backward correlation object is a kind of "or".
It should be understood that magnitude of the sequence numbers of the above procedures are not meant to execute suitable in the various embodiments of the application Sequence it is successive, the execution of each process sequence should be determined by its function and internal logic, the implementation process structure without coping with the application At any restriction.
Those of ordinary skill in the art may be aware that described in conjunction with the examples disclosed in this document various illustrative Logical block (illustrative logical block) and step (step), can be with electronic hardware or computer software Combination with electronic hardware is realized.These functions are implemented in hardware or software actually, depending on technical solution Specific application and design constraint.Professional technician can to each specific application come using distinct methods to realize The function of description, but such implementation should not be considered as beyond the scope of the present invention.
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description, The specific work process of device and unit, can refer to corresponding processes in the foregoing method embodiment, and details are not described herein.
In the above-described embodiments, can come wholly or partly by software, hardware, firmware or any combination thereof real It is existing.When implemented in software, it can entirely or partly realize in the form of a computer program product.The computer program Product includes one or more computer instructions.When loading on computers and executing the computer program instructions, all or It partly generates according to process described herein or function.The computer can be general purpose computer, special purpose computer, meter Calculation machine network or other programmable devices.The computer instruction may be stored in a computer readable storage medium, or It is transmitted from a computer readable storage medium to another computer readable storage medium, for example, the computer instruction can To pass through wired (such as coaxial cable, optical fiber, Digital Subscriber Line from a web-site, computer, server or data center (DSL)) or wireless (such as infrared, wireless, microwave etc.) mode is into another web-site, computer, server or data The heart is transmitted.The computer readable storage medium can be any usable medium or include that computer can access The data storage devices such as one or more usable mediums integrated server, data center.The usable medium can be magnetism Medium, (for example, floppy disk, hard disk, tape), optical medium (for example, DVD) or semiconductor medium (such as solid state hard disk Solid State Disk (SSD)) etc..

Claims (26)

1. a kind of session keeping method, which is characterized in that the described method includes:
When server establishes the safe DTLS session of Datagram Transport Layer between client, session label information is generated, it is described Session label information is for identifying the DTLS session;
The session label information is sent to the client by the server;
The server receives the first data from the client by the DTLS session, and first data carry institute State session label information;
Server DTLS context according to corresponding to the session label information handles first data.
2. the method according to claim 1, wherein the method also includes:
The server is updated the session label information, after obtaining update when reaching session identification renewal time Session label information;
Second data are sent to the client by the server, and second data include the session label information and institute State updated session label information;
The server receives the third data from the client by the DTLS session, and the third data carry institute State updated session label information;
Server DTLS context according to corresponding to the updated session label information, to the third data into Row processing.
3. according to the method described in claim 2, it is characterized in that, the server when reaching session identification renewal time, The session label information is updated, after obtaining updated session label information, further includes:
The server carries out encryption and integrity protection to the updated session label information, is encrypted and integrality Session label information after protection;
Wherein, second data include the session identification letter after the session label information and the encryption and integrity protection Breath.
4. method according to any one of claims 1 to 3, which is characterized in that the server is by the session label information It is sent to before the client, further includes:
The server is by its in the session label information and session identification database in addition to the session label information He is compared session label information, the session identification database include for identify established between the server it is each The session label information of a DTLS session;
When the session label information and other described session label informations are all different, the server is triggered by the meeting Words identification information is sent to the client.
5. the method according to claim 1, wherein the server generates session label information, comprising:
DTLS negotiation is carried out between the server and the client;
When negotiating successfully, the server generates the session label information.
6. according to the method described in claim 5, it is characterized in that, carrying out DTLS association between the server and the client Quotient, comprising:
The server receives the session from the client and keeps request message;
The server responds the session and keeps request message, and when the server supports DTLS session to keep, to institute It states client and sends session holding confirmation message, the session keeps confirmation message to be used to indicate the server and supports DTLS meeting Words are kept.
7. the method according to claim 1, wherein the method also includes:
The server sends the 4th data to the client by the DTLS session, and the 4th data carry the meeting Talk about identification information.
8. a kind of session keeping method, which is characterized in that the described method includes:
Client receives the session label information from server, the session label information be the server with the visitor It establishes between the end of family and is generated when the safe DTLS session of Datagram Transport Layer, the session label information is for identifying the DTLS Session;
The client sends the first data to the server by the DTLS session, and first data carry the meeting Talk about identification information.
9. according to the method described in claim 8, it is characterized in that, the method also includes:
The client receives the second data from the server, second data include the session label information and Updated session label information;
Client DTLS context according to corresponding to the session label information handles second data, Obtain the updated session label information;
The client sends third data to the server by the DTLS session, and the third data carrying is described more Session label information after new.
10. according to the method described in claim 9, it is characterized in that, second data include the session label information and Session label information after encryption and integrity protection, the session label information after the encryption and integrity protection is the clothes Business device carries out encryption to the updated session label information and integrity protection obtains;
Client DTLS context according to corresponding to the session label information handles second data, Obtain the updated session label information, comprising:
Client DTLS context according to corresponding to the session label information handles second data, Session label information after obtaining the encryption and integrity protection;
Session label information after the encryption and integrity protection is decrypted the client and completeness check, obtains The updated session label information.
11. according to the method described in claim 8, it is characterized in that, the method also includes:
The client receives the 4th data from the server, and the 4th data carry the session label information;
Client DTLS context according to corresponding to the session label information handles the 4th data.
12. according to the method described in claim 8, it is characterized in that, the client receives the session identification from server Information, comprising:
DTLS negotiation is carried out between the client and the server;
When negotiating successfully, the client receives the session label information from the server.
13. according to the method for claim 12, which is characterized in that carry out DTLS between the client and the server Negotiate, comprising:
The client sends session to the server and keeps request message;
When receiving the session holding confirmation message from the server, determination is negotiated successfully, and the session keeps confirmation Message is used to indicate the server and DTLS session is supported to keep.
14. a kind of server, which is characterized in that the server includes:
Processing unit when for establishing the safe DTLS session of Datagram Transport Layer between client, generates session identification letter Breath, the session label information is for identifying the DTLS session;
Transmission unit, for the session label information to be sent to the client;
Receiving unit, for receiving the first data from the client by the DTLS session, first data are taken With the session label information;
The processing unit is also used to the DTLS context according to corresponding to the session label information, to first data It is handled.
15. server according to claim 14, which is characterized in that
The processing unit is also used to be updated the session label information when reaching session identification renewal time, obtain To updated session label information;
The transmission unit, is also used to for the second data being sent to the client, and second data include the session mark Know information and the updated session label information;
The receiving unit is also used to receive the third data from the client, the third by the DTLS session Data carry the updated session label information;
The processing unit is also used to the DTLS context according to corresponding to the updated session label information, to described Third data are handled.
16. server according to claim 15, which is characterized in that
The processing unit is also used to be updated to the session label information, obtains updated session label information Later, encryption and integrity protection are carried out to the updated session label information, is encrypted and after integrity protection Session label information;
Wherein, second data include the session identification letter after the session label information and the encryption and integrity protection Breath.
17. 4 to 16 any server according to claim 1, which is characterized in that
The processing unit is also used to before the session label information is sent to the client by the transmission unit, will Other session label informations in the session label information and session identification database in addition to the session label information into Row compares, and the session identification database includes the session for identifying each DTLS session established between the server Identification information;
The transmission unit is also used to when the session label information is all different with other described session label informations, will The session label information is sent to the client.
18. server according to claim 14, which is characterized in that the processing unit generates session label information, tool Body is used for:
DTLS negotiation is carried out between the client;
When negotiating successfully, the session label information is generated.
19. server according to claim 18, which is characterized in that carried out between the processing unit and the client DTLS negotiates, and is specifically used for:
It receives the session from the client and keeps request message;
It responds the session and keeps request message, and when the server supports DTLS session to keep, Xiang Suoshu client hair Session is sent to keep confirmation message, the session keeps confirmation message to be used to indicate the server and supports DTLS session holding.
20. server according to claim 14, which is characterized in that
The transmission unit is also used to send the 4th data, the 4th data to the client by the DTLS session Carry the session label information.
21. a kind of client, which is characterized in that the client includes:
Receiving unit, for receiving the session label information from server, the session label information is that the server exists It establishes between the client and is generated when the safe DTLS session of Datagram Transport Layer, the session label information is for identifying The DTLS session;
Transmission unit, for sending the first data to the server by the DTLS session, first data carry institute State session label information.
22. client according to claim 21, which is characterized in that
The receiving unit, is also used to receive the second data from the server, and second data include the session Identification information and updated session label information;
The client further include:
Processing unit, for the DTLS context according to corresponding to the session label information, at second data Reason, obtains the updated session label information;
The transmission unit is also used to send third data, the third data to the server by the DTLS session Carry the updated session label information.
23. client according to claim 22, which is characterized in that second data include the session label information With the session label information after encryption and integrity protection, the session label information after the encryption and integrity protection is described Server carries out encryption to the updated session label information and integrity protection obtains;
Processing unit DTLS context according to corresponding to the session label information, at second data Reason, obtains the updated session label information, is specifically used for:
According to DTLS context corresponding to the session label information, second data are handled, obtain described add Session label information after close and integrity protection;
Session label information after the encryption and integrity protection is decrypted and completeness check, after obtaining the update Session label information.
24. client according to claim 21, which is characterized in that
The receiving unit, is also used to receive the 4th data from the server, and the 4th data carry the session Identification information;
The client further include:
Processing unit, for the DTLS context according to corresponding to the session label information, at the 4th data Reason.
25. client according to claim 21, which is characterized in that the receiving unit receives the session from server Identification information is specifically used for:
DTLS negotiation is carried out between the server;
When negotiating successfully, the session label information from the server is received.
26. client according to claim 25, which is characterized in that carried out between the receiving unit and the server DTLS negotiates, and is specifically used for:
Session, which is sent, to the server keeps request message;
When receiving the session holding confirmation message from the server, determination is negotiated successfully, and the session keeps confirmation Message is used to indicate the server and DTLS session is supported to keep.
CN201710705004.3A 2017-08-16 2017-08-16 Session keeping method and relevant device Pending CN109413123A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710705004.3A CN109413123A (en) 2017-08-16 2017-08-16 Session keeping method and relevant device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710705004.3A CN109413123A (en) 2017-08-16 2017-08-16 Session keeping method and relevant device

Publications (1)

Publication Number Publication Date
CN109413123A true CN109413123A (en) 2019-03-01

Family

ID=65454798

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710705004.3A Pending CN109413123A (en) 2017-08-16 2017-08-16 Session keeping method and relevant device

Country Status (1)

Country Link
CN (1) CN109413123A (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110445757A (en) * 2019-07-05 2019-11-12 中国平安人寿保险股份有限公司 Personnel information encryption method, device, computer equipment and storage medium
CN110535976A (en) * 2019-09-27 2019-12-03 杭州迪普科技股份有限公司 A kind of session keeping method and device
CN112187780A (en) * 2020-09-25 2021-01-05 杭州涂鸦信息技术有限公司 Safety refreshing method and system for app login session
CN112217845A (en) * 2019-07-09 2021-01-12 华为技术有限公司 Data transmission method based on Netconf protocol and related equipment
CN115052050A (en) * 2022-04-26 2022-09-13 深圳市云伽智能技术有限公司 Session negotiation method, device and controller based on ICAP

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100031042A1 (en) * 2007-10-26 2010-02-04 Telcordia Technologies, Inc. Method and System for Secure Session Establishment Using Identity-Based Encryption (VDTLS)
CN101765228A (en) * 2010-01-29 2010-06-30 杭州华三通信技术有限公司 Recovery method of CAPWAP tunnel and device thereof
CN103747535A (en) * 2013-12-10 2014-04-23 福建星网锐捷网络有限公司 Method, apparatus and system for recovering CAPWAP control channel
CN105580339A (en) * 2013-07-25 2016-05-11 康维达无线有限责任公司 End-to-end M2M service layer sessions
WO2016077716A1 (en) * 2014-11-13 2016-05-19 Convida Wireless, Llc Communication sessions at a coap protocol layer
JP2017046179A (en) * 2015-08-26 2017-03-02 日本電信電話株式会社 Terminal support system and terminal support method

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100031042A1 (en) * 2007-10-26 2010-02-04 Telcordia Technologies, Inc. Method and System for Secure Session Establishment Using Identity-Based Encryption (VDTLS)
CN101765228A (en) * 2010-01-29 2010-06-30 杭州华三通信技术有限公司 Recovery method of CAPWAP tunnel and device thereof
CN105580339A (en) * 2013-07-25 2016-05-11 康维达无线有限责任公司 End-to-end M2M service layer sessions
CN103747535A (en) * 2013-12-10 2014-04-23 福建星网锐捷网络有限公司 Method, apparatus and system for recovering CAPWAP control channel
WO2016077716A1 (en) * 2014-11-13 2016-05-19 Convida Wireless, Llc Communication sessions at a coap protocol layer
JP2017046179A (en) * 2015-08-26 2017-03-02 日本電信電話株式会社 Terminal support system and terminal support method

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110445757A (en) * 2019-07-05 2019-11-12 中国平安人寿保险股份有限公司 Personnel information encryption method, device, computer equipment and storage medium
CN112217845A (en) * 2019-07-09 2021-01-12 华为技术有限公司 Data transmission method based on Netconf protocol and related equipment
CN110535976A (en) * 2019-09-27 2019-12-03 杭州迪普科技股份有限公司 A kind of session keeping method and device
CN110535976B (en) * 2019-09-27 2021-09-21 杭州迪普科技股份有限公司 Session maintaining method and device
CN112187780A (en) * 2020-09-25 2021-01-05 杭州涂鸦信息技术有限公司 Safety refreshing method and system for app login session
CN112187780B (en) * 2020-09-25 2022-11-15 杭州涂鸦信息技术有限公司 Safety refreshing method and system for app login session
CN115052050A (en) * 2022-04-26 2022-09-13 深圳市云伽智能技术有限公司 Session negotiation method, device and controller based on ICAP

Similar Documents

Publication Publication Date Title
CN109413123A (en) Session keeping method and relevant device
CN110891269B (en) Data protection method, equipment and system
US20200228977A1 (en) Parameter Protection Method And Device, And System
EP3308519A1 (en) System, apparatus and method for transferring ownership of a device from manufacturer to user using an embedded resource
CN110366175B (en) Security negotiation method, terminal equipment and network equipment
CN107196919B (en) Data matching method and device
CN108476131A (en) Data transmission method, device and equipment
CN114143117B (en) Data processing method and device
CN109104273A (en) Message processing method and receiving end server
US11824841B2 (en) Secure transport session resumption for constrained devices
US10419212B2 (en) Methods, systems, apparatuses, and devices for securing network communications using multiple security protocols
CN108322464B (en) Key verification method and device
CN113872755A (en) Key exchange method and device
US11652910B2 (en) Data transmission method, device, and system
EP3843438A1 (en) Key generation method, device, and system
Abdmeziem et al. Lightweighted and energy-aware MIKEY-Ticket for e-health applications in the context of internet of things
Migault et al. Diet-ESP: IP layer security for IoT
Suresh et al. A novel key exchange algorithm for security in internet of things
WO2020140929A1 (en) Key generation method, ue, and network device
CN112751664A (en) Internet of things networking method and device and computer readable storage medium
CN109905213A (en) Data safe transmission method and node device
CN111193797B (en) Information processing method of internet of things operating system with trusted computing architecture
US11159502B2 (en) Lightweight key exchange protocol
CN113556733B (en) Subscription hidden identifier generation and decryption methods and related devices
US20220255911A1 (en) Method for Secure Communication and Device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20190301