CN109413123A - Session keeping method and relevant device - Google Patents
Session keeping method and relevant device Download PDFInfo
- Publication number
- CN109413123A CN109413123A CN201710705004.3A CN201710705004A CN109413123A CN 109413123 A CN109413123 A CN 109413123A CN 201710705004 A CN201710705004 A CN 201710705004A CN 109413123 A CN109413123 A CN 109413123A
- Authority
- CN
- China
- Prior art keywords
- session
- label information
- server
- client
- dtls
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/146—Markers for unambiguous identification of a particular session, e.g. session cookie or URL-encoding
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/166—Implementing security features at a particular protocol layer at the transport layer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/142—Managing session states for stateless protocols; Signalling session states; State transitions; Keeping-state mechanisms
Abstract
The embodiment of the invention discloses a kind of session keeping method and relevant devices, which comprises when server establishes DTLS session between client, generates session label information, the session label information is for identifying the DTLS session;The session label information is sent to the client by the server;The server receives the first data from the client by the DTLS session, and first data carry the session label information;Server DTLS context according to corresponding to the session label information handles first data.Using the embodiment of the present invention, DTLS session is kept by using session label information, can improving data transmission efficiency, save power consumption, and improve the applicability of session holding.
Description
Technical field
This application involves field of communication technology more particularly to session keeping methods and relevant device.
Background technique
With the development of Internet of Things (Internet of Things, IoT) technology, IoT is using more and more extensive, IoT use
Family/terminal quantity rapid growth, networking scene are also more and more diversified.IoT terminal passes through network address translation (Network
Address Translation, NAT) equipment docked with the IoT platform of public network, to transmit data.According to market safety need
Want, using Datagram Transport Layer safety (Datagram Transport Layer Security, DTLS) protection IoT terminal and
The data transmitted between IoT platform.
DTLS session is shaken hands foundation by IoT terminal and IoT platform, and after being successfully established, both sides use five-tuple (i.e. source/mesh
IP address, source/destination port numbers and protocol type) or four-tuple (i.e. source/destination IP address and source/destination port numbers) is only
One identifies the DTLS connection, and therefore, sender carries five-tuple/four-tuple in the IP head of data packet, will include the data packet
Message is sent to recipient, and recipient can find corresponding DTLS safe context according to five-tuple/four-tuple, according to DTLS
Data packet is decrypted in safe context/processing such as completeness check.But data are sent about magnanimity IoT terminal periodic
Scene (such as water meter one day or longer time send a data), it is desirable that low-power consumption.For example require thousands of milliampere hour
Battery uses 5~10 years, then IoT terminal enters deep sleep state after sending data every time so as to power saving, is in depth
There is no interacting between the IoT terminal of dormant state and IoT platform, lead to NAT table item (source IP address/purpose IP address, source
Mouth/destination port mapping table) etc. resources aging.In the case where NAT table item aging, IoT terminal is sent out to IoT platform every time
Five-tuple/four-tuple entrained by the data packet sent is all different, and leads to five yuan that IoT platform can not be carried according to data packet
Group/four-tuple finds accurate DTLS context, and IoT terminal needs to renegotiate between IoT platform to establish DTLS connection,
Resource consumed by renegotiating is more than sending resource consumed by data, and the applicability for causing session to keep is lower, and data pass
Defeated efficiency is lower, and power consumption is higher.
Summary of the invention
The embodiment of the present invention provides a kind of session keeping method and relevant device, is kept by using session label information
DTLS session, can improving data transmission efficiency, save power consumption, and improve session holding applicability.
In a first aspect, the embodiment of the present invention provides a kind of session keeping method, comprising:
When server establishes DTLS session between client, session label information, the session label information are generated
For identifying the DTLS session;
The session label information is sent to the client by the server;
The server receives the first data from the client by the DTLS session, and first data are taken
With the session label information;
Server DTLS context according to corresponding to the session label information, at first data
Reason.
In a kind of possible design scheme, the server can also be when reaching session identification renewal time, to institute
It states session label information to be updated, obtains updated session label information;Second data are sent to visitor by the server
Family end, the second data include session label information and the updated session label information;The server passes through described
DTLS session receives the third data from the client, and the third data carry the updated session identification letter
Breath;Server DTLS context according to corresponding to the updated session label information, to the third data into
Row processing.
In a kind of possible design scheme, the server is when reaching session identification renewal time, to the session
Identification information is updated, after obtaining updated session label information, further includes:
The server encrypts the updated session label information, is updated and encrypted session mark
Know information;
Wherein, second data include the session label information and the update and encrypted session identification is believed
Breath.
In a kind of possible design scheme, the server is when reaching session identification renewal time, to the session
Identification information is updated, after obtaining updated session label information, further includes:
The server carries out integrity protection to the updated session label information, is updated and integrality is protected
Session label information after shield;
Wherein, second data include the session mark after the session label information and the update and integrity protection
Know information.
In a kind of possible design scheme, the server is when reaching session identification renewal time, to the session
Identification information is updated, after obtaining updated session label information, further includes:
The server carries out encryption and integrity protection to the updated session label information, is encrypted and complete
Session label information after whole property protection;
Wherein, second data include the session mark after the session label information and the encryption and integrity protection
Know information.
In a kind of possible design scheme, the server by the session label information be sent to the client it
Before, it can also be by other sessions in the session label information and session identification database in addition to the session label information
Identification information is compared, and the session identification database includes for identifying each DTLS established between the server
The session label information of session;When the session label information and other described session label informations are all different, institute is triggered
It states server and the session label information is sent to the client.
In a kind of possible design scheme, the server generates session label information, is specifically as follows: the service
DTLS negotiation is carried out between device and the client;When negotiating successfully, the server generates the session label information.
In a kind of possible design scheme, DTLS negotiation is carried out between the server and the client, specifically may be used
With are as follows: the server receives the session from the client and keeps request message;The server responds the session and protects
Request message is held, and when the server supports DTLS session to keep, Xiang Suoshu client sends session and keeps confirmation message,
The session keeps confirmation message to be used to indicate the server and supports DTLS session holding.
In a kind of possible design scheme, the server can also be sent out by the DTLS session to the client
The 4th data are sent, the 4th data carry the session label information.
Second aspect, the embodiment of the present invention provide a kind of session keeping method, comprising:
Client receives the session label information from server, the session label information be the server with institute
It states to establish between client and be generated when DTLS session, the session label information is for identifying the DTLS session;
The client sends the first data to the server by the DTLS session, and first data carry institute
State session label information.
In a kind of possible design scheme, the client may also receive from the second data of the server,
Second data include the session label information and updated session label information;The client is according to the session
DTLS context corresponding to identification information handles second data, obtains the updated session identification letter
Breath;The client sends third data to the server by the DTLS session, and the third data carrying is described more
Session label information after new.
In a kind of possible design scheme, the second data include the session label information and update and encrypted meeting
Identification information is talked about, the update and encrypted session label information are that the server believes the updated session identification
What breath was encrypted;
Client DTLS context according to corresponding to the session label information, at second data
Reason, obtains the updated session label information, comprising: the client is according to corresponding to the session label information
DTLS context handles second data, obtains the encrypted session label information;The client is to institute
It states encrypted session label information to be decrypted, obtains the updated session label information.
In a kind of possible design scheme, the second data include the session label information and update and integrity protection
Session label information afterwards, it is described update and integrity protection after session label information be the server to the update after
Session label information carry out integrity protection and obtain;
Client DTLS context according to corresponding to the session label information, at second data
Reason, obtains the updated session label information, comprising: the client is according to corresponding to the session label information
DTLS context handles second data, the session label information after obtaining the update and integrity protection;Institute
It states client and completeness check is carried out to the session label information after the update and integrity protection, obtain described updated
Session label information.
In a kind of possible design scheme, the second data include the session label information and encryption and integrity protection
Session label information afterwards, it is described encryption and integrity protection after session label information be the server to the update after
Session label information carry out encryption and integrity protection obtains;
Client DTLS context according to corresponding to the session label information, at second data
Reason, obtains the updated session label information, comprising: the client is according to corresponding to the session label information
DTLS context handles second data, the session label information after obtaining the encryption and integrity protection;Institute
Client is stated the session label information after the encryption and integrity protection is decrypted and completeness check, obtain it is described more
Session label information after new.
In a kind of possible design scheme, the client may also receive from the 4th data of the server,
4th data carry the session label information;The client is on the DTLS according to corresponding to the session label information
Hereafter, the 4th data are handled.
In a kind of possible design scheme, the client receives the session label information from server, specifically may be used
With are as follows: DTLS negotiation is carried out between the client and the server;When negotiating successfully, the client, which receives, comes from institute
State the session label information of server.
In a kind of possible design scheme, DTLS negotiation is carried out between the client and the server, specifically may be used
With are as follows: the client sends session to the server and keeps request message;When receiving the session from the server
When keeping confirmation message, determination is negotiated successfully, and the session keeps confirmation message to be used to indicate the server and supports DTLS meeting
Words are kept.
In a kind of possible design scheme, the client sends first to the server by the DTLS session
After data, the operating status of the client can also be updated to dormant state.
The third aspect, the embodiment of the invention also provides a kind of server, which, which has, realizes above method example
The function of middle server behavior.The function can also execute corresponding software realization by hardware realization by hardware.
The hardware or software include one or more units corresponding with above-mentioned function or module.
It may include that processing unit, receiving unit and transmission are single in the structure of server in a kind of possible design scheme
Member, the processing unit are configured as that server is supported to execute corresponding function in the above method.The receiving unit and transmission
Unit is used to support the communication between server and other equipment.The server can also include storage unit, the storage
Unit saves the necessary program instruction of server and data for coupling with processing unit.As an example, processing unit can be with
For processor, receiving unit can be receiver, and transmission unit can be transmitter, and storage unit can be memory.
Fourth aspect, the embodiment of the present invention provide a kind of client, which, which has, realizes visitor in above method example
The function of family end behavior.The function can also execute corresponding software realization by hardware realization by hardware.It is described
Hardware or software include one or more units corresponding with above-mentioned function or module.
In a kind of possible design scheme, in the structure of client include processing unit, receiving unit and transmission unit,
The processing unit is configured as supporting corresponding function in the client executing above method.The receiving unit and transmission unit
For supporting the communication between client and other equipment.The client can also include storage unit, the storage unit
For coupling with processing unit, the necessary program instruction of client and data are saved.As an example, processing unit can be place
Device is managed, receiving unit can be receiver, and transmission unit can be transmitter, and storage unit can be memory.
5th aspect, the embodiment of the invention provides a kind of sessions to keep system, which includes the service of above-mentioned aspect
Device and/or client.In alternatively possible design scheme, which can also include scheme provided in an embodiment of the present invention
In the other equipment that are interacted with the server or client.
6th aspect, the embodiment of the invention provides a kind of computer storage mediums, for being stored as above-mentioned server institute
Computer software instructions comprising for executing program designed by above-mentioned aspect.
7th aspect, the embodiment of the invention provides a kind of computer storage mediums, for being stored as above-mentioned client institute
Computer software instructions comprising for executing program designed by above-mentioned aspect.
Eighth aspect, the embodiment of the invention provides a kind of computer program products including instruction, when it is in computer
When upper operation, so that computer executes method described in above-mentioned various aspects.
9th aspect, the embodiment of the invention provides a kind of chip systems, which includes processor, for servicing
Device realizes function involved in above-mentioned aspect, for example, for example generating or handling data and/or letter involved in the above method
Breath.In a kind of possible design scheme, the chip system further includes memory, the memory, for saving server
Necessary program instruction and data.The chip system, can be made of chip, also may include chip and other discrete devices.
Tenth aspect, the embodiment of the invention provides a kind of chip systems, which includes processor, for supporting
Client realizes function involved in above-mentioned aspect, for example, for example receive or handle data involved in the above method and/
Or information.In a kind of possible design scheme, the chip system further includes memory, the memory, for saving visitor
The necessary program instruction in family end and data.The chip system, can be made of chip, also may include chip and other deviding devices
Part.
Implement the embodiment of the present invention, when server establishes DTLS session between client, generates session label information;
Session label information is sent to client by server;Server receives the first data from client by DTLS session,
First data carry session label information;Server DTLS context according to corresponding to session label information, to the first data
It is handled.For relatively traditional session keeping method in the case where NAT table item aging, client is every time to server transmission
Five-tuple/four-tuple entrained by data packet is all different, the five-tuple/quaternary for causing server that can not be carried according to data packet
Group finds accurate DTLS context, and client needs to renegotiate between IoT platform to establish DTLS session, and the present invention is real
Session label information and five-tuple in example/four-tuple decoupling are applied, no matter whether five-tuple/four-tuple is identical, can be by using
Session label information keep DTLS session, can improving data transmission efficiency, save power consumption, and improve session holding applicability.
Detailed description of the invention
It to describe the technical solutions in the embodiments of the present invention more clearly, below will be to needed in the embodiment
Attached drawing is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the invention, for ability
For the those of ordinary skill of domain, without any creative labor, it can also be obtained according to these attached drawings others
Attached drawing.
Fig. 1 is the structural schematic diagram that a kind of session provided in an embodiment of the present invention keeps system;
Fig. 2 is a kind of interaction schematic diagram of session keeping method provided in an embodiment of the present invention;
Fig. 3 is a kind of structural schematic diagram of server provided in an embodiment of the present invention;
Fig. 4 be another embodiment of the present invention provides a kind of server structural schematic diagram;
Fig. 5 be another embodiment of the present invention provides a kind of server structural schematic diagram;
Fig. 6 is a kind of structural schematic diagram of client provided in an embodiment of the present invention;
Fig. 7 be another embodiment of the present invention provides a kind of client structural schematic diagram;
Fig. 8 be another embodiment of the present invention provides a kind of client structural schematic diagram.
Specific embodiment
The embodiment of the present invention is described with reference to the attached drawing in the embodiment of the present invention.
It should be understood that the technical solution of the application can be applied particularly in the various communication systems using DTLS transmission data,
Such as: global system for mobile communications (Global System of Mobile communication, GSM), CDMA
(Code Division Multiple Access, CDMA), wideband code division multiple access (Wideband Code Division
Multiple Access, WCDMA), TD SDMA (Time Division-Synchronous Code
Division Multiple Access, TD-SCDMA), Universal Mobile Communication System (Universal Mobile
Telecommunication System, UMTS), long term evolution (Long Term Evolution, LTE) system etc., with logical
The technical solution of the continuous development of letter technology, the application can also be used in future network, such as the 5th third-generation mobile communication technology (The
Fifth Generation Mobile Communication Technology, 5G) system, it is referred to as (the New that newly eats dishes without rice or wine
Radio, NR) system, or can be used for D2D (device to device) system, M2M (machine to machine) system
Etc., the application is without limitation.
The application combination server is described, which can be IoT platform or any other server and (such as answer
With server) etc..
In this application, client can be applied in terminal, and terminal may include IoT terminal or any other equipment.
Wherein, terminal is a kind of equipment with communication function, may include the handheld device with wireless communication function, vehicle-mounted sets
Standby, wearable device calculates equipment or the other processing equipments for being connected to radio modem etc., optionally, can also wrap
Include the equipment with wired communication functions.Terminal can be called different titles in different networks, such as: user equipment
(User Equipment, UE), terminal, mobile station, subscriber unit, platform, cellular phone, personal digital assistant, wireless-modulated
Demodulator, wireless telecom equipment, handheld device, laptop computer, wireless phone, wireless local loop platform etc..For convenience of description,
Terminal can be referred to as UE in the application.The terminal can refer to wireless terminal, catv terminal.The wireless terminal can be directed to
User provides the equipment of voice and/or data connectivity, has the handheld device of wireless connecting function or is connected to wireless tune
Other processing equipments of modulator-demodulator, can through wireless access network (such as RAN, radio access network) with one or
Multiple cores net is communicated.
The application scenarios of the application are introduced below, referring to Figure 1, Fig. 1 is one kind provided in an embodiment of the present invention
The architecture diagram of session holding system.Specifically, as shown in Figure 1, may include at least one client 101 in the session holding system
With server 102, client 101 can be linked into server 102 by using DTLS agreement, so as to client 101 and service
DTLS session is established between device 102, when server 102 establishes DTLS session between client 101, can produce session mark
Know information, and session label information is sent to client 101, client 101 can be sent by DTLS session to server
First data, the first data carry the session label information, then server 102 can be according to corresponding to session label information
DTLS context handles the first data, without renegotiating to establish DTLS session, can improving data transmission efficiency,
Power consumption is saved, and improves the applicability of session holding.In addition, client 101 passes through with server 102 in the embodiment of the present invention
DTLS session transmissions data can promote the transmission safety of data.
Optionally, the 4th data can also be sent to client 101 by server 102, and the 4th data carry the session mark
Information is known, then the DTLS context according to corresponding to the session label information of client 101, at the 4th data
Reason.
Optionally, it may include counting Counter, being based on that server 102, which generates algorithm used in session label information,
Disposal password algorithm (An HMAC-Based One-Time Password Algorithm, HOTP), the secure hash of HMAC
Algorithm -1 (Secure Hash Algorithm-1, SHAI), (the Secure Hash of Secure Hash Algorithm -3
Algorithm-3, SHA3) or pseudo-random function (pseudo-random function, PRF) etc..Server 102 can incite somebody to action
Session label information is sent to client 101 by data message.
It should be noted that server can be different with different clients foundation respectively when there are multiple client
DTLS session.For different DTLS sessions, different sessions identification information is can be generated in server, to identify the DTLS session.
Optionally, it can also include network address translation (Network Address which, which keeps system,
Translation, NAT) equipment 103, which can store NAT table item, and NAT table item may include DTLS session institute
Address/purpose IP address agreement (Internet Protocol, IP) interconnected between corresponding source network, with source port/purpose
Corresponding relationship between port.Illustratively, the operating status of client is updated to after dormant state, client and server
Between no data transmission, will lead to NAT table item aging.
This application discloses a kind of session keeping method and relevant devices, keep DTLS meeting by using session label information
Words, can improving data transmission efficiency, and save power consumption.It is described in detail individually below.
Fig. 2 is referred to, Fig. 2 is a kind of interaction schematic diagram of session keeping method provided in an embodiment of the present invention, specifically,
As shown in Fig. 2, the session keeping method of the embodiment of the present invention may comprise steps of:
201, DTLS negotiation is carried out between server and client.
In the initial network entry stage, server can carry out DTLS negotiation between client, specifically, client can be to
Server sends session and keeps request message, and server response session keeps request message, and supports DTLS session in server
When holding, session is sent to client and keeps confirmation message, session keeps confirmation message to be used to indicate server and supports DTLS meeting
Words are kept.It should be noted that the concrete mode that DTLS negotiates may include the following two kinds:
One, user end to server sends Client Hello message (i.e. above-mentioned session keeps request message), Client
Hello message can carry Resume_Id, illustratively, Resume_Id can be 10000 ... 00, when server support DTLS
When session is kept, subsequent negotiations can be continued, i.e., negotiate updated session label information between client in ciphering process
Needed for Encryption Algorithm and key and/or private key, updated session label information can also be negotiated between client
The protection algorithm integrallty needed for integrity protection process, and the completeness check needed for integrity check process
Algorithm etc..When server does not support DTLS session to keep, server can send session to client and keep failed message, example
Such as Alert or other exception responses.
Two, user end to server sends Client Hello message (i.e. above-mentioned session keeps request message), Client
Hello message can carry extension information (extension, such as extension type=36), when server supports DTLS
When session is kept, server can send session to client and keep confirmation message (such as Server Hello), which protects
Above-mentioned extension information can be carried by holding confirmation message, to indicate that server supports DTLS session to keep.When server is not supported
When DTLS session is kept, abnormality processing can be carried out according to standard DTLS.
202, when negotiating successfully, server generates session label information.
DTLS session is successfully established when negotiating successfully, between client and server, server can produce session mark
Know information, session label information can be used for identifying the DTLS session.Since this programme is based on standard DTLS, provide to
The compatible mechanism of normalised DTLS, Resume-ID (i.e. session label information) are located at DTLS record head, all data packets
Head carries Resume-ID, and having integrity protection in the Resume-ID of data packet head, (what normalized DTLS was provided is complete
Property protection mechanism).Illustratively, the specific method that server generates session label information can be as follows:
struct{
ContentType type;
ProtocolVersion version;
uint16epoch;
uint48sequence_number;
uint64Resume_id;//New field
uint16length;
opaque fragment[DTLSPlaintext.length];
}DTLSPlaintext;
It should be noted that the length of session label information can be more than or equal to 64bits, wherein session label information
High-order 1bit can be fixed as 1;Secondary high bit is 0, is used to indicate version identifier;Afterwards 62bits for identify generate at random it is interior
Hold, the content that the rear 62bits of different sessions identification information is included is different.
It should be noted that difference DTLS session can correspond to different DTLS contexts, then server generates session mark
After knowing information, it can establish the corresponding of the DTLS context of session label information and the identified session of the session label information and close
System.Further, when server is updated session label information, obtains updated session label information, server
The corresponding relationship of above-mentioned session label information and DTLS context can be updated to updated session label information and above-mentioned
The corresponding relationship of DTLS context.
It optionally, can be by the session label information and session mark data after server generates session label information
Other session label informations in library in addition to the session label information are compared, and session identification database includes for identifying
The session label information for each DTLS session established between server, when session label information and other session label informations
When being all different, which can be sent to client by server.For example, being built between server and client 3
Before vertical 3rd DTLS session, the first DTLS session is established between client 1 respectively, and establish between client 2
2nd DTLS session, wherein the session label information for identify the first DTLS session is 10110...00, for mark the
The session label information of two DTLS sessions is 10101...10, and server can will be used to identify that the session mark of the first DTLS session
Know information and the session label information for identifying the 2nd DTLS session is stored into session identification database, server generates use
After the session label information for identifying the 3rd DTLS session, the session label information of the 3rd DTLS session can will be used to identify that
Respectively and the session label information for identifying the first DTLS session, the session identification letter and for identifying the 2nd DTLS session
Breath is compared, such as the session label information for identifying the 3rd DTLS session is 10001...00, then server can be true
Other session label informations in fixed session label information and session identification database for identifying the 3rd DTLS session are not
It is identical.
Optionally, after server generates session label information, which can be stored to session identification
In database.
It should be noted that detecting after server generates session label information and ensuring the unique of session label information
Property and randomness, can avoid session label information collision, it is ensured that the one DTLS session of a session label information unique identification, protect
Card is different for the session label information of different clients, promotes magnanimity terminal and establishes DTLS meeting between server simultaneously
Data transmission security when words.
203, session label information is sent to client by server.
Specifically, after server generates session label information, can by session label information by Finish message or
Person's Update message is sent to client, after client receives the session label information, can store session identification letter
Breath, and establish the corresponding relationship of the DTLS context of session label information and the identified session of the session label information.
204, client sends the first data to server by DTLS session, and the first data carry session label information.
Optionally, server can send the 4th data to client by the DTLS session, and the 4th data carry the meeting
Identification information is talked about, client can be handled third data according to the DTLS context corresponding to session label information.
It should be noted that the data transmitted between client and server are required to carry session label information, so as to
Receiving end (such as client or server) keeps DTLS session according to the session label information.
205, server DTLS context according to corresponding to session label information, handles the first data.
Specifically, after server receives the first data, it can be according to pair of session label information and DTLS context
It should be related to, obtain DTLS context corresponding to the session label information that the first data carry, and according on the DTLS got
Hereafter the first data are decrypted or the processing such as completeness check.
206, the operating status of client is updated to dormant state by client.
Client by the first data be sent to server and/or client receive the 4th data from server it
Afterwards, the operating status of client can be updated to dormant state.It is countless between client in a dormant state and server
According to transmission, NAT table item aging will lead to.It should be noted that after client completes the transmission of this data, by the fortune of client
Row state is updated to dormant state or other similar dormant state (such as data pause transmission state, i.e. client and service
No data transmits device whithin a period of time), electricity can be saved.
207, when reaching session identification renewal time, server is updated session label information, after obtaining update
Session label information.
Specifically, server can provide session label information period update mechanism, i.e. server starting session identification letter
Breath updates timer, and when reaching session identification renewal time, server is updated session label information, after obtaining update
Session label information.
It should be noted that server carries out period update to session label information, client can be prevented to be tracked, with true
Protect data transmission security.
208, server carries out encryption and integrity protection to updated session label information, is encrypted and integrality
Session label information after protection.
For example, if the Encryption Algorithm that server and client are negotiated is rivest, shamir, adelman, server can be with
Updated session label information is encrypted using the public key for negotiating to obtain, and complete using negotiating with client
Property protection algorism to above-mentioned session label information carry out integrity protection, encrypted and after integrity protection session identification letter
Breath.Optionally, server can also use the private key for negotiating to obtain to encrypt updated session label information, and use
The protection algorithm integrallty negotiated with client carries out integrity protection to above-mentioned session label information, is encrypted and complete
Session label information after whole property protection.Rivest, shamir, adelman may include RSA cryptographic algorithms (RSA algorithm,
RSA), Elgamal algorithm, knapsack algorithm, Rabin Encryption Algorithm, D-H algorithm (Denavit-Hartenberg, D-H), ellipse
Curve encryption algorithm (Elliptic Curves Cryptography, ECC) etc..
For another example, if the Encryption Algorithm that server and client are negotiated is symmetric encipherment algorithm, server can make
It is encrypted with the updated session label information of key pair for negotiating to obtain, and uses the integrality negotiated with client
Protection algorism carries out integrity protection to above-mentioned session label information, is encrypted and the session identification after integrity protection is believed
Breath.Symmetric encipherment algorithm may include data encryption standards (Data Encryption Standard, DES) algorithm, three tuples
According to Encryption Algorithm (Triple DES, 3DES), 128 (Advanced of packet key algorithm RC5 or Advanced Encryption Standard
Encryption Standard128, AES128) etc..
209, the second data are sent to client by server, and the second data include session label information and encryption and complete
Property protection after session label information.
Illustratively, server can be using the session label information after encryption and integrity protection as data Payload
It is sent to client, the head for the data that client receives includes the session label information before updating.Optionally, which can
Being transmitted in negotiated successful DTLS exit passageway.
210, client DTLS context according to corresponding to session label information, handles the second data, obtains
Session label information after encryption and integrity protection.
211, client is decrypted the session label information after encryption and integrity protection and completeness check, obtains
Updated session label information.
For example, if the Encryption Algorithm that client and server are negotiated is rivest, shamir, adelman, and server uses
The public key for negotiating to obtain encrypts updated session label information, and the protection algorithm integrallty pair obtained using negotiation
Above-mentioned session label information carries out integrity protection, is encrypted and the session label information after integrity protection, then client
Session label information after the private key pair encryption for negotiating to obtain and integrity protection can be used is decrypted, and use is negotiated
The integrity check algorithm arrived carries out completeness check to above-mentioned session label information, obtains updated session label information.
Optionally, if server encrypts updated session label information using the private key for negotiating to obtain, and use is negotiated
The protection algorithm integrallty arrived carries out integrity protection to above-mentioned session label information, is encrypted and the meeting after integrity protection
Talk about identification information, then client can be used the session label information after negotiating obtained key pair encryption and integrity protection into
Row decryption, and completeness check is carried out to above-mentioned session label information using the integrity check algorithm for negotiating to obtain, it obtains more
Session label information after new.
For another example, if the Encryption Algorithm that client and server are negotiated is symmetric encipherment algorithm, client can make
It is decrypted with the session label information after the key pair encryption and integrity protection for negotiating to obtain, and complete using negotiating to obtain
Whole property checking algorithm carries out completeness check to above-mentioned session label information, obtains updated session label information.
212, client sends third data to server by DTLS session, and third data carry updated session mark
Know information.
Optionally, after client gets updated session label information, the session mark before updating can be discharged
Know information, and store-updated session label information.Further, client can also be by the session label information before update
The corresponding relationship of updated session label information and above-mentioned DTLS context is updated to the corresponding relationship of DTLS context.
213, server DTLS context according to corresponding to updated session label information, at third data
Reason.
In embodiments of the present invention, when server establishes DTLS session between client, session label information is generated;
Session label information is sent to client by server;Server receives the first data from client by DTLS session,
First data carry session label information;Server DTLS context according to corresponding to session label information, to the first data
It is handled.The embodiment of the present invention can improving data transmission efficiency, save power consumption, and improve session holding applicability.
Fig. 3 is referred to, is a kind of possible structural schematic diagram of server involved in the embodiment of the present invention, refering to figure
Shown in 3, the server can include: receiving unit 301, processing unit 302 and transmission unit 303.Wherein, these units can be held
The corresponding function of server in row above method example, for example, processing unit 302, for being established between client
When DTLS session, session label information is generated, the session label information is for identifying the DTLS session;Transmission unit 303,
For the session label information to be sent to the client;Receiving unit 301, for by the DTLS session receive come
From the first data of the client, first data carry the session label information;Processing unit 302, is also used to root
According to DTLS context corresponding to the session label information, first data are handled.
Optionally, the processing unit 302 is also used to when reaching session identification renewal time, is believed the session identification
Breath is updated, and obtains updated session label information;
The transmission unit 303 is also used to for the second data to be sent to the client, and the second data include session identification
Information and the updated session label information;
The receiving unit 301 is also used to receive the third data from the client, institute by the DTLS session
It states third data and carries the updated session label information;
The processing unit 302 is also used to the DTLS context according to corresponding to the updated session label information,
The third data are handled.
Optionally, processing unit 302 are also used to be updated to the session label information, obtain updated meeting
After talking about identification information, encryption and integrity protection are carried out to the updated session label information, encrypted and completely
Property protection after session label information;
Wherein, second data include the session mark after the session label information and the encryption and integrity protection
Know information.
Optionally, the processing unit 302 is also used to the transmission unit 303 and is sent to the session label information
Before the client, by its in the session label information and session identification database in addition to the session label information
He is compared session label information, the session identification database include for identify established between the server it is each
The session label information of a DTLS session;
The transmission unit 303 is also used to when the session label information and other described session label informations not phase
Meanwhile the session label information is sent to the client.
Optionally, the processing unit 302 generates session label information, is specifically used for:
DTLS negotiation is carried out between the client;
When negotiating successfully, the session label information is generated.
Optionally, DTLS negotiation is carried out between the processing unit 302 and the client, is specifically used for:
It receives the session from the client and keeps request message;
It responds the session and keeps request message, and when the server supports DTLS session to keep, Xiang Suoshu client
End sends session and keeps confirmation message, and the session holding confirmation message is used to indicate the server and DTLS session is supported to protect
It holds.
Optionally, the transmission unit 303 is also used to send the 4th number to the client by the DTLS session
According to the 4th data carry the session label information.
It should be noted that being schematical, only a kind of logic function to the division of unit in the embodiment of the present invention
It divides, there may be another division manner in actual implementation.Each functional unit in the embodiment of the present invention can integrate at one
In processing unit, it is also possible to each unit and physically exists alone, a list can also be integrated in two or more units
In member.Above-mentioned integrated unit both can take the form of hardware realization, can also realize in the form of software functional units.
Using integrated unit, Fig. 4 shows the another kind of server involved in above-described embodiment
Possible structural schematic diagram, as shown in figure 4, the server can include: processing unit 402 and receiving unit 403, transmission unit
404.Processing unit 402 can be used for the movement to server and carry out control management, for example, processing unit 402 is for supporting service
Device executes process 201,202,205,207,208 and 212 in Fig. 2 etc., and/or for techniques described herein its
Its process.Receiving unit 403, transmission unit 404 can be used for supporting the communication of server Yu other network entities, for example, with Fig. 1
Communication to functional unit shown in Fig. 3 (or module) or network entity.Server can also include storage unit
401, program code and data for storage server.
Wherein, processing unit 402 can be processor or controller, such as can be central processing unit (Central
Processing Unit, CPU), general processor, digital signal processor (Digital Signal Processor, DSP),
Specific integrated circuit (Application-Specific Integrated Circuit, ASIC), field programmable gate array
It is (Field Programmable Gate Array, FPGA) or other programmable logic device, transistor logic, hard
Part component or any combination thereof.It may be implemented or execute to combine and various illustratively patrol described in the disclosure of invention
Collect box, module and circuit.The processor is also possible to realize the combination of computing function, such as includes one or more micro- places
Manage device combination, DSP and the combination of microprocessor etc..Receiving unit 403 can be receiver, and transmission unit 404 can be hair
Emitter or receiving unit 403 and transmission unit 404 can integrate as transceiver.Storage unit 401 can be memory.
When processing unit 402 is processor, receiving unit 403 and transmission unit 404 are integrated into transceiver, storage unit
401 when being memory, and server involved in the embodiment of the present invention can be server shown in fig. 5.
As shown in fig.5, the server can include: processor 502, transceiver 503, memory 501 and bus 504.
Wherein, transceiver 503, processor 502 and memory 501 are connected with each other by bus 504;Bus 504 can be peripheral hardware portion
Part interconnection standards (peripheral component interconnect, PCI) bus or expanding the industrial standard structure
(extended industry standard architecture, EISA) bus etc..It is total that the bus can be divided into address
Line, data/address bus, control bus etc..Only to be indicated with a thick line in Fig. 5 convenient for indicating, it is not intended that only one total
Line or a type of bus.
Fig. 6 is referred to, is a kind of possible structural schematic diagram of client involved in the embodiment of the present invention, refering to figure
Shown in 6, the client can include: transmission unit 601 and receiving unit 602.Wherein, these units can execute the above method and show
The corresponding function of client in example, for example, receiving unit 602, described for receiving the session label information from server
Session label information is generation when the server establishes the safe DTLS session of Datagram Transport Layer between the client
, the session label information is for identifying the DTLS session;Transmission unit 601, for by the DTLS session to institute
It states server and sends the first data, first data carry the session label information.
Optionally, receiving unit 602 are also used to receive the second data from the server, second data packet
Include the session label information and updated session label information;
The client further include:
Processing unit 603, for the DTLS context according to corresponding to the session label information, to second data
It is handled, obtains the updated session label information;
The transmission unit 601 is also used to send third data to the server by the DTLS session, described the
Three data carry the updated session label information.
Optionally, second data include the session identification after the session label information and encryption and integrity protection
Information, the session label information after the encryption and integrity protection are that the server believes the updated session identification
Breath carries out what encryption was obtained with integrity protection;
The processing unit 603 DTLS context according to corresponding to the session label information, to second data
It is handled, obtains the updated session label information, be specifically used for:
According to DTLS context corresponding to the session label information, second data are handled, institute is obtained
Session label information after stating encryption and integrity protection;
Session label information after the encryption and integrity protection is decrypted and completeness check, obtain it is described more
Session label information after new.
Optionally, the receiving unit 602 is also used to receive the 4th data from the server, the 4th number
According to the carrying session label information;
The client further include:
Processing unit 603, for the DTLS context according to corresponding to the session label information, to the third data
It is handled.
Optionally, the receiving unit 602 receives the session label information from server, is specifically used for:
DTLS negotiation is carried out between the server;
When negotiating successfully, the session label information from the server is received.
Optionally, DTLS negotiation is carried out between the receiving unit 602 and the server, is specifically used for:
Session, which is sent, to the server keeps request message;
When receiving the session holding confirmation message from the server, determination is negotiated successfully, and the session is kept
Confirmation message is used to indicate the server and DTLS session is supported to keep.
Optionally, the client further include:
Processing unit 603 sends the first number to the server by the DTLS session for the transmission unit 601
According to later, the operating status of the client is updated to dormant state.
It should be noted that being schematical, only a kind of logic function to the division of unit in the embodiment of the present invention
It divides, there may be another division manner in actual implementation.Each functional unit in the embodiment of the present invention can integrate at one
In processing unit, it is also possible to each unit and physically exists alone, a list can also be integrated in two or more units
In member.Above-mentioned integrated unit both can take the form of hardware realization, can also realize in the form of software functional units.
Using integrated unit, Fig. 7 shows the another kind of client involved in above-described embodiment
Possible structural schematic diagram, as shown in fig. 7, the client can include: processing unit 702 and receiving unit 703, transmission unit
704.Processing unit 702 can be used for the movement to client and carry out control management, and/or for techniques described herein its
Its process.Receiving unit 703, transmission unit 704 can be used for supporting the communication of client Yu other network entities, for example, with Fig. 1
Communication to functional unit shown in Fig. 5 (or module) or network entity.Client can also include storage unit
701, for storing the program code and data of client.
Wherein, processing unit 702 can be processor or controller, such as can be CPU, general processor, DSP,
ASIC, FPGA or other programmable logic device, transistor logic, hardware component or any combination thereof.It can be with
It realizes or executes and combine various illustrative logic blocks, module and circuit described in the disclosure of invention.The processing
Device is also possible to realize the combination of computing function, such as combines comprising one or more microprocessors, the group of DSP and microprocessor
Close etc..Receiving unit 703 can be receiver, and transmission unit 704 can be transmitter or receiving unit 703 and send
Unit 704 can integrate as transceiver.Storage unit 701 can be memory.
When processing unit 702 is processor, receiving unit 703 and transmission unit 704 are integrated into transceiver, storage unit
701 when being memory, and client involved in the embodiment of the present invention can be client shown in Fig. 8.
As shown in fig.8, the client can include: processor 802, transceiver 803, memory 801 and bus 804.
Wherein, transceiver 803, processor 802 and memory 801 are connected with each other by bus 804;Bus 804 can be pci bus
Or eisa bus etc..The bus can be divided into address bus, data/address bus, control bus etc..For convenient for indicating, in Fig. 8 only
It is indicated with a thick line, it is not intended that an only bus or a type of bus.
The step of method in conjunction with described in the disclosure of invention or algorithm can realize in a manner of hardware, can also
It is realized in a manner of being to execute software instruction by processor.Software instruction can be made of corresponding software module, software mould
Block can be stored on random access memory (English: Random Access Memory, abbreviation: RAM), flash memory, read-only deposit
Reservoir (English: Read Only Memory, abbreviation: ROM), Erasable Programmable Read Only Memory EPROM (English: Erasable
Programmable ROM, abbreviation: EPROM), Electrically Erasable Programmable Read-Only Memory (English: Electrically EPROM,
Abbreviation: EEPROM), register, hard disk, mobile hard disk, CD-ROM (CD-ROM) or any other shape well known in the art
In the storage medium of formula.A kind of illustrative storage medium is coupled to processor, to enable a processor to from the storage medium
Information is read, and information can be written to the storage medium.Certainly, storage medium is also possible to the component part of processor.Processing
Device and storage medium can be located in ASIC.In addition, the ASIC can be located in relevant device.Certainly, processor and storage are situated between
Matter can also be used as discrete assembly and be present in relevant device.
During realization, each step of the above method can by the integrated logic circuit of the hardware in processor or
The instruction of software form is completed.The step of method in conjunction with disclosed in the embodiment of the present application, can be embodied directly in hardware processor
Execute completion, or in processor hardware and software module combination execute completion.Software module can be located at random storage
Device, flash memory, read-only memory, this fields such as programmable read only memory or electrically erasable programmable memory, register at
In ripe storage medium.The storage medium is located at memory, and processor reads the information in memory, completes in conjunction with its hardware
The step of stating method.To avoid repeating, it is not detailed herein.
It should also be understood that first, second, third, fourth and the various digital numbers that are referred to herein are only for convenience of description
The differentiation of progress, is not intended to limit scope of the present application.
It should be understood that the terms "and/or", only a kind of incidence relation for describing affiliated partner, expression can deposit
In three kinds of relationships, for example, A and/or B, can indicate: individualism A exists simultaneously A and B, these three situations of individualism B.
In addition, character "/" herein, typicallys represent the relationship that forward-backward correlation object is a kind of "or".
It should be understood that magnitude of the sequence numbers of the above procedures are not meant to execute suitable in the various embodiments of the application
Sequence it is successive, the execution of each process sequence should be determined by its function and internal logic, the implementation process structure without coping with the application
At any restriction.
Those of ordinary skill in the art may be aware that described in conjunction with the examples disclosed in this document various illustrative
Logical block (illustrative logical block) and step (step), can be with electronic hardware or computer software
Combination with electronic hardware is realized.These functions are implemented in hardware or software actually, depending on technical solution
Specific application and design constraint.Professional technician can to each specific application come using distinct methods to realize
The function of description, but such implementation should not be considered as beyond the scope of the present invention.
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description,
The specific work process of device and unit, can refer to corresponding processes in the foregoing method embodiment, and details are not described herein.
In the above-described embodiments, can come wholly or partly by software, hardware, firmware or any combination thereof real
It is existing.When implemented in software, it can entirely or partly realize in the form of a computer program product.The computer program
Product includes one or more computer instructions.When loading on computers and executing the computer program instructions, all or
It partly generates according to process described herein or function.The computer can be general purpose computer, special purpose computer, meter
Calculation machine network or other programmable devices.The computer instruction may be stored in a computer readable storage medium, or
It is transmitted from a computer readable storage medium to another computer readable storage medium, for example, the computer instruction can
To pass through wired (such as coaxial cable, optical fiber, Digital Subscriber Line from a web-site, computer, server or data center
(DSL)) or wireless (such as infrared, wireless, microwave etc.) mode is into another web-site, computer, server or data
The heart is transmitted.The computer readable storage medium can be any usable medium or include that computer can access
The data storage devices such as one or more usable mediums integrated server, data center.The usable medium can be magnetism
Medium, (for example, floppy disk, hard disk, tape), optical medium (for example, DVD) or semiconductor medium (such as solid state hard disk Solid
State Disk (SSD)) etc..
Claims (26)
1. a kind of session keeping method, which is characterized in that the described method includes:
When server establishes the safe DTLS session of Datagram Transport Layer between client, session label information is generated, it is described
Session label information is for identifying the DTLS session;
The session label information is sent to the client by the server;
The server receives the first data from the client by the DTLS session, and first data carry institute
State session label information;
Server DTLS context according to corresponding to the session label information handles first data.
2. the method according to claim 1, wherein the method also includes:
The server is updated the session label information, after obtaining update when reaching session identification renewal time
Session label information;
Second data are sent to the client by the server, and second data include the session label information and institute
State updated session label information;
The server receives the third data from the client by the DTLS session, and the third data carry institute
State updated session label information;
Server DTLS context according to corresponding to the updated session label information, to the third data into
Row processing.
3. according to the method described in claim 2, it is characterized in that, the server when reaching session identification renewal time,
The session label information is updated, after obtaining updated session label information, further includes:
The server carries out encryption and integrity protection to the updated session label information, is encrypted and integrality
Session label information after protection;
Wherein, second data include the session identification letter after the session label information and the encryption and integrity protection
Breath.
4. method according to any one of claims 1 to 3, which is characterized in that the server is by the session label information
It is sent to before the client, further includes:
The server is by its in the session label information and session identification database in addition to the session label information
He is compared session label information, the session identification database include for identify established between the server it is each
The session label information of a DTLS session;
When the session label information and other described session label informations are all different, the server is triggered by the meeting
Words identification information is sent to the client.
5. the method according to claim 1, wherein the server generates session label information, comprising:
DTLS negotiation is carried out between the server and the client;
When negotiating successfully, the server generates the session label information.
6. according to the method described in claim 5, it is characterized in that, carrying out DTLS association between the server and the client
Quotient, comprising:
The server receives the session from the client and keeps request message;
The server responds the session and keeps request message, and when the server supports DTLS session to keep, to institute
It states client and sends session holding confirmation message, the session keeps confirmation message to be used to indicate the server and supports DTLS meeting
Words are kept.
7. the method according to claim 1, wherein the method also includes:
The server sends the 4th data to the client by the DTLS session, and the 4th data carry the meeting
Talk about identification information.
8. a kind of session keeping method, which is characterized in that the described method includes:
Client receives the session label information from server, the session label information be the server with the visitor
It establishes between the end of family and is generated when the safe DTLS session of Datagram Transport Layer, the session label information is for identifying the DTLS
Session;
The client sends the first data to the server by the DTLS session, and first data carry the meeting
Talk about identification information.
9. according to the method described in claim 8, it is characterized in that, the method also includes:
The client receives the second data from the server, second data include the session label information and
Updated session label information;
Client DTLS context according to corresponding to the session label information handles second data,
Obtain the updated session label information;
The client sends third data to the server by the DTLS session, and the third data carrying is described more
Session label information after new.
10. according to the method described in claim 9, it is characterized in that, second data include the session label information and
Session label information after encryption and integrity protection, the session label information after the encryption and integrity protection is the clothes
Business device carries out encryption to the updated session label information and integrity protection obtains;
Client DTLS context according to corresponding to the session label information handles second data,
Obtain the updated session label information, comprising:
Client DTLS context according to corresponding to the session label information handles second data,
Session label information after obtaining the encryption and integrity protection;
Session label information after the encryption and integrity protection is decrypted the client and completeness check, obtains
The updated session label information.
11. according to the method described in claim 8, it is characterized in that, the method also includes:
The client receives the 4th data from the server, and the 4th data carry the session label information;
Client DTLS context according to corresponding to the session label information handles the 4th data.
12. according to the method described in claim 8, it is characterized in that, the client receives the session identification from server
Information, comprising:
DTLS negotiation is carried out between the client and the server;
When negotiating successfully, the client receives the session label information from the server.
13. according to the method for claim 12, which is characterized in that carry out DTLS between the client and the server
Negotiate, comprising:
The client sends session to the server and keeps request message;
When receiving the session holding confirmation message from the server, determination is negotiated successfully, and the session keeps confirmation
Message is used to indicate the server and DTLS session is supported to keep.
14. a kind of server, which is characterized in that the server includes:
Processing unit when for establishing the safe DTLS session of Datagram Transport Layer between client, generates session identification letter
Breath, the session label information is for identifying the DTLS session;
Transmission unit, for the session label information to be sent to the client;
Receiving unit, for receiving the first data from the client by the DTLS session, first data are taken
With the session label information;
The processing unit is also used to the DTLS context according to corresponding to the session label information, to first data
It is handled.
15. server according to claim 14, which is characterized in that
The processing unit is also used to be updated the session label information when reaching session identification renewal time, obtain
To updated session label information;
The transmission unit, is also used to for the second data being sent to the client, and second data include the session mark
Know information and the updated session label information;
The receiving unit is also used to receive the third data from the client, the third by the DTLS session
Data carry the updated session label information;
The processing unit is also used to the DTLS context according to corresponding to the updated session label information, to described
Third data are handled.
16. server according to claim 15, which is characterized in that
The processing unit is also used to be updated to the session label information, obtains updated session label information
Later, encryption and integrity protection are carried out to the updated session label information, is encrypted and after integrity protection
Session label information;
Wherein, second data include the session identification letter after the session label information and the encryption and integrity protection
Breath.
17. 4 to 16 any server according to claim 1, which is characterized in that
The processing unit is also used to before the session label information is sent to the client by the transmission unit, will
Other session label informations in the session label information and session identification database in addition to the session label information into
Row compares, and the session identification database includes the session for identifying each DTLS session established between the server
Identification information;
The transmission unit is also used to when the session label information is all different with other described session label informations, will
The session label information is sent to the client.
18. server according to claim 14, which is characterized in that the processing unit generates session label information, tool
Body is used for:
DTLS negotiation is carried out between the client;
When negotiating successfully, the session label information is generated.
19. server according to claim 18, which is characterized in that carried out between the processing unit and the client
DTLS negotiates, and is specifically used for:
It receives the session from the client and keeps request message;
It responds the session and keeps request message, and when the server supports DTLS session to keep, Xiang Suoshu client hair
Session is sent to keep confirmation message, the session keeps confirmation message to be used to indicate the server and supports DTLS session holding.
20. server according to claim 14, which is characterized in that
The transmission unit is also used to send the 4th data, the 4th data to the client by the DTLS session
Carry the session label information.
21. a kind of client, which is characterized in that the client includes:
Receiving unit, for receiving the session label information from server, the session label information is that the server exists
It establishes between the client and is generated when the safe DTLS session of Datagram Transport Layer, the session label information is for identifying
The DTLS session;
Transmission unit, for sending the first data to the server by the DTLS session, first data carry institute
State session label information.
22. client according to claim 21, which is characterized in that
The receiving unit, is also used to receive the second data from the server, and second data include the session
Identification information and updated session label information;
The client further include:
Processing unit, for the DTLS context according to corresponding to the session label information, at second data
Reason, obtains the updated session label information;
The transmission unit is also used to send third data, the third data to the server by the DTLS session
Carry the updated session label information.
23. client according to claim 22, which is characterized in that second data include the session label information
With the session label information after encryption and integrity protection, the session label information after the encryption and integrity protection is described
Server carries out encryption to the updated session label information and integrity protection obtains;
Processing unit DTLS context according to corresponding to the session label information, at second data
Reason, obtains the updated session label information, is specifically used for:
According to DTLS context corresponding to the session label information, second data are handled, obtain described add
Session label information after close and integrity protection;
Session label information after the encryption and integrity protection is decrypted and completeness check, after obtaining the update
Session label information.
24. client according to claim 21, which is characterized in that
The receiving unit, is also used to receive the 4th data from the server, and the 4th data carry the session
Identification information;
The client further include:
Processing unit, for the DTLS context according to corresponding to the session label information, at the 4th data
Reason.
25. client according to claim 21, which is characterized in that the receiving unit receives the session from server
Identification information is specifically used for:
DTLS negotiation is carried out between the server;
When negotiating successfully, the session label information from the server is received.
26. client according to claim 25, which is characterized in that carried out between the receiving unit and the server
DTLS negotiates, and is specifically used for:
Session, which is sent, to the server keeps request message;
When receiving the session holding confirmation message from the server, determination is negotiated successfully, and the session keeps confirmation
Message is used to indicate the server and DTLS session is supported to keep.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710705004.3A CN109413123A (en) | 2017-08-16 | 2017-08-16 | Session keeping method and relevant device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710705004.3A CN109413123A (en) | 2017-08-16 | 2017-08-16 | Session keeping method and relevant device |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109413123A true CN109413123A (en) | 2019-03-01 |
Family
ID=65454798
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710705004.3A Pending CN109413123A (en) | 2017-08-16 | 2017-08-16 | Session keeping method and relevant device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109413123A (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110445757A (en) * | 2019-07-05 | 2019-11-12 | 中国平安人寿保险股份有限公司 | Personnel information encryption method, device, computer equipment and storage medium |
CN110535976A (en) * | 2019-09-27 | 2019-12-03 | 杭州迪普科技股份有限公司 | A kind of session keeping method and device |
CN112187780A (en) * | 2020-09-25 | 2021-01-05 | 杭州涂鸦信息技术有限公司 | Safety refreshing method and system for app login session |
CN112217845A (en) * | 2019-07-09 | 2021-01-12 | 华为技术有限公司 | Data transmission method based on Netconf protocol and related equipment |
CN115052050A (en) * | 2022-04-26 | 2022-09-13 | 深圳市云伽智能技术有限公司 | Session negotiation method, device and controller based on ICAP |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20100031042A1 (en) * | 2007-10-26 | 2010-02-04 | Telcordia Technologies, Inc. | Method and System for Secure Session Establishment Using Identity-Based Encryption (VDTLS) |
CN101765228A (en) * | 2010-01-29 | 2010-06-30 | 杭州华三通信技术有限公司 | Recovery method of CAPWAP tunnel and device thereof |
CN103747535A (en) * | 2013-12-10 | 2014-04-23 | 福建星网锐捷网络有限公司 | Method, apparatus and system for recovering CAPWAP control channel |
CN105580339A (en) * | 2013-07-25 | 2016-05-11 | 康维达无线有限责任公司 | End-to-end M2M service layer sessions |
WO2016077716A1 (en) * | 2014-11-13 | 2016-05-19 | Convida Wireless, Llc | Communication sessions at a coap protocol layer |
JP2017046179A (en) * | 2015-08-26 | 2017-03-02 | 日本電信電話株式会社 | Terminal support system and terminal support method |
-
2017
- 2017-08-16 CN CN201710705004.3A patent/CN109413123A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20100031042A1 (en) * | 2007-10-26 | 2010-02-04 | Telcordia Technologies, Inc. | Method and System for Secure Session Establishment Using Identity-Based Encryption (VDTLS) |
CN101765228A (en) * | 2010-01-29 | 2010-06-30 | 杭州华三通信技术有限公司 | Recovery method of CAPWAP tunnel and device thereof |
CN105580339A (en) * | 2013-07-25 | 2016-05-11 | 康维达无线有限责任公司 | End-to-end M2M service layer sessions |
CN103747535A (en) * | 2013-12-10 | 2014-04-23 | 福建星网锐捷网络有限公司 | Method, apparatus and system for recovering CAPWAP control channel |
WO2016077716A1 (en) * | 2014-11-13 | 2016-05-19 | Convida Wireless, Llc | Communication sessions at a coap protocol layer |
JP2017046179A (en) * | 2015-08-26 | 2017-03-02 | 日本電信電話株式会社 | Terminal support system and terminal support method |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110445757A (en) * | 2019-07-05 | 2019-11-12 | 中国平安人寿保险股份有限公司 | Personnel information encryption method, device, computer equipment and storage medium |
CN112217845A (en) * | 2019-07-09 | 2021-01-12 | 华为技术有限公司 | Data transmission method based on Netconf protocol and related equipment |
CN110535976A (en) * | 2019-09-27 | 2019-12-03 | 杭州迪普科技股份有限公司 | A kind of session keeping method and device |
CN110535976B (en) * | 2019-09-27 | 2021-09-21 | 杭州迪普科技股份有限公司 | Session maintaining method and device |
CN112187780A (en) * | 2020-09-25 | 2021-01-05 | 杭州涂鸦信息技术有限公司 | Safety refreshing method and system for app login session |
CN112187780B (en) * | 2020-09-25 | 2022-11-15 | 杭州涂鸦信息技术有限公司 | Safety refreshing method and system for app login session |
CN115052050A (en) * | 2022-04-26 | 2022-09-13 | 深圳市云伽智能技术有限公司 | Session negotiation method, device and controller based on ICAP |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109413123A (en) | Session keeping method and relevant device | |
CN110891269B (en) | Data protection method, equipment and system | |
US20200228977A1 (en) | Parameter Protection Method And Device, And System | |
EP3308519A1 (en) | System, apparatus and method for transferring ownership of a device from manufacturer to user using an embedded resource | |
CN110366175B (en) | Security negotiation method, terminal equipment and network equipment | |
CN107196919B (en) | Data matching method and device | |
CN108476131A (en) | Data transmission method, device and equipment | |
CN114143117B (en) | Data processing method and device | |
CN109104273A (en) | Message processing method and receiving end server | |
US11824841B2 (en) | Secure transport session resumption for constrained devices | |
US10419212B2 (en) | Methods, systems, apparatuses, and devices for securing network communications using multiple security protocols | |
CN108322464B (en) | Key verification method and device | |
CN113872755A (en) | Key exchange method and device | |
US11652910B2 (en) | Data transmission method, device, and system | |
EP3843438A1 (en) | Key generation method, device, and system | |
Abdmeziem et al. | Lightweighted and energy-aware MIKEY-Ticket for e-health applications in the context of internet of things | |
Migault et al. | Diet-ESP: IP layer security for IoT | |
Suresh et al. | A novel key exchange algorithm for security in internet of things | |
WO2020140929A1 (en) | Key generation method, ue, and network device | |
CN112751664A (en) | Internet of things networking method and device and computer readable storage medium | |
CN109905213A (en) | Data safe transmission method and node device | |
CN111193797B (en) | Information processing method of internet of things operating system with trusted computing architecture | |
US11159502B2 (en) | Lightweight key exchange protocol | |
CN113556733B (en) | Subscription hidden identifier generation and decryption methods and related devices | |
US20220255911A1 (en) | Method for Secure Communication and Device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190301 |