CN109600364B - Method, device and computer readable storage medium for realizing message verification - Google Patents

Method, device and computer readable storage medium for realizing message verification Download PDF

Info

Publication number
CN109600364B
CN109600364B CN201811475721.2A CN201811475721A CN109600364B CN 109600364 B CN109600364 B CN 109600364B CN 201811475721 A CN201811475721 A CN 201811475721A CN 109600364 B CN109600364 B CN 109600364B
Authority
CN
China
Prior art keywords
message count
message
count
local
verified
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811475721.2A
Other languages
Chinese (zh)
Other versions
CN109600364A (en
Inventor
李林峰
陈静相
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Neusoft Corp
Original Assignee
Neusoft Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Neusoft Corp filed Critical Neusoft Corp
Priority to CN201811475721.2A priority Critical patent/CN109600364B/en
Publication of CN109600364A publication Critical patent/CN109600364A/en
Application granted granted Critical
Publication of CN109600364B publication Critical patent/CN109600364B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The embodiment of the application discloses a method, a device, a storage device and a program product for realizing message verification, and particularly discloses that a message count in original information received by a receiver only comprises a low-order message count, and when the message count is determined to only comprise the low-order message count, a message count to be verified is generated according to a local high-order message count and the low-order message count in the local message count; then, judging whether the message count to be verified meets a preset condition, if so, indicating that the received original information is safe, and updating the local message count into the message count to be verified; if not, indicating that the original message is in danger of replay attack, the original message is discarded. Therefore, according to the embodiment of the application, under the condition of realizing defense against replay attack, the number of freshness value bits is reduced, the communication overhead is saved, and the data transmission load is reduced.

Description

Method, device and computer readable storage medium for realizing message verification
Technical Field
The present application relates to the field of communications technologies, and in particular, to a method, an apparatus, a storage device, and a program product for implementing message authentication.
Background
Replay Attacks (Replay Attacks), also called Replay Attacks, Replay Attacks or Freshness Attacks (Freshness Attacks), refer to an attacker sending a message that has already been received by a receiver in order to cheat the receiver. The basic principle of replay attacks is to re-send the previously overheard data to the recipient intact. Many times, the data transmitted over the network is encrypted, at which point the eavesdropper cannot obtain an accurate representation of the data. But if he knows the role of the data he can achieve the aim of deceiving the receiver by sending it again without knowing the content of the data.
There are currently three main defense approaches against replay attacks:
first, the method of adding random numbers has the advantage that the authentication parties do not need time synchronization, and the authentication parties remember the used random numbers, and if the messages are found to have the previously used random numbers, the attacks are regarded as replay attacks. The disadvantage is that the used random number needs to be saved additionally, and if the recording time period is longer, the cost of saving and inquiring is larger.
Secondly, time stamping has the advantage that no additional information needs to be saved. The disadvantage is that the authentication parties need accurate time synchronization, the better the synchronization, the less the possibility of attack. However, when the system is large and spans a wide area, it is not easy to achieve precise time synchronization. If the clocks of both parties are not synchronized by accident, the correct information may be misjudged as the reproduced information and discarded, and the wrong reproduced information may be received as the latest information.
Thirdly, adding the freshness value means that the two parties add an integer which is gradually increased in the message, and as long as a discontinuous freshness value message is received, the replay threat is determined. The method has the advantages that time synchronization is not needed, and the amount of stored information is smaller than that of a random number mode. The disadvantage is that with the increase of the freshness value, the number of freshness value bits carried in the message is more, which causes the communication overhead to be too large.
Disclosure of Invention
In view of this, embodiments of the present application provide a method and an apparatus for implementing message authentication, a storage device, and a program product, which solve the technical problem that adding a freshness value to a communication packet for defending against replay attack may cause an excessive communication overhead.
In order to solve the above problem, the technical solution provided by the embodiment of the present application is as follows:
a method of implementing message authentication, the method comprising:
receiving an original message, wherein the original message carries a freshness value, the freshness value comprises a message count, and the message count only comprises a low-order message count;
when the message count only comprises a low message count, generating a message count to be verified according to a local high message count and the low message count in the local message count;
judging whether the count of the message to be verified meets a preset condition or not;
if the message count to be verified meets the preset condition, updating the local message count to the message count to be verified;
and if the count of the messages to be verified does not meet the preset condition, discarding the original messages.
In a possible implementation manner, the generating a to-be-verified message count according to a local higher message count and the lower message count in a local message count includes:
when the low-order message count is larger than the local low-order message count in the local message count, adding the local high-order message count in the local message count and the trial times to obtain a processed local high-order message count;
when the low-order message count is less than or equal to the local low-order message count in the local message count, adding one to the local high-order message count in the local message count and adding the number of attempts to obtain a processed local high-order message count;
and generating a message count to be verified by the processed local high-order message count and the processed low-order message count.
In a possible implementation manner, the determining whether the to-be-verified message count meets a preset condition includes:
judging whether the message count to be verified is matched with the local message count;
if the message count to be verified is matched with the local message count, determining that the message count to be verified meets a preset condition;
if the message count to be verified is not matched with the local message count, judging whether the number of attempts exceeds the maximum number of attempts;
if the trial times do not exceed the maximum trial times, adding one to the trial times, and repeatedly executing the steps of generating a message count to be verified according to a local high-order message count and a local low-order message count in the local message count and the subsequent steps;
and if the number of attempts exceeds the maximum number of attempts, determining that the message count to be verified does not meet the preset condition.
In a possible implementation manner, the original message further carries first digest information calculated according to a complete message count, where the complete message count includes the lower message count and the higher message count, and the determining whether the message count to be verified matches the local message count includes:
calculating second abstract information according to the to-be-verified message count;
verifying whether the first summary information is consistent with the second summary information;
if the first summary information is consistent with the second summary information, determining that the message count to be verified is matched with a local message count;
and if the first summary information is inconsistent with the second summary information, determining that the message count to be verified is not matched with the local message count.
In a possible implementation manner, the original message further carries third digest information calculated according to the original message and a complete message count, where the complete message count includes the lower message count and the higher message count, and the determining whether the message count to be verified matches the local message count includes:
calculating fourth abstract information according to the original message and the to-be-verified message count;
verifying whether the third summary information is consistent with the fourth summary information;
if the third summary information is consistent with the fourth summary information, determining that the message count to be verified is matched with a local message count;
and if the third summary information is inconsistent with the fourth summary information, determining that the message count to be verified is not matched with the local message count.
In one possible implementation, the message count includes a higher message count and a lower message count, and the method further includes:
verifying whether a difference value between the message count and a local message count is within a preset range when it is determined that the message count includes a high-order message count and a low-order message count;
if the difference value between the message count and the local message count is in the preset range, updating the local message count into the message count;
and if the difference value between the message count and the local message count is not in the preset range, discarding the original message.
In one possible implementation, the method further includes:
and after receiving the message counting synchronization message, clearing the local message counting.
In a possible implementation manner, the message count synchronization message carries an update count, and the clearing the local message count includes:
verifying whether the update count is equal to a local update count plus one;
if the local message count is equal to the local message count, clearing the local message count, and adding one to the local update count;
and if not, discarding the message counting synchronization message.
An apparatus that enables message authentication, the apparatus comprising:
a receiving unit, configured to receive an original message, where the original message carries a freshness value, the freshness value includes a message count, and the message count only includes a low-order message count;
the generating unit is used for generating a message count to be verified according to a local high-order message count and a low-order message count in a local message count when the message count only comprises the low-order message count;
the judging unit is used for judging whether the to-be-verified message count meets a preset condition or not;
the first updating unit is used for updating the local message count to the message count to be verified when the judgment result of the judging unit shows that the message count to be verified meets the preset condition;
and the first discarding unit is used for discarding the original message when the judgment result of the judging unit is that the count of the message to be verified does not accord with the preset condition.
In one possible implementation manner, the generating unit includes:
the first processing subunit is configured to, when the low-order message count is greater than a local low-order message count in the local message count, add the local high-order message count in the local message count to the number of attempts to obtain a processed local high-order message count;
the second processing subunit is used for adding one to the local high-order message count in the local message count and adding the number of attempts to obtain a processed local high-order message count when the low-order message count is less than or equal to the local low-order message count in the local message count;
and the generating subunit is used for generating a to-be-verified message count from the processed local high-order message count and the processed low-order message count.
In a possible implementation manner, the determining unit includes:
the first judging subunit is used for judging whether the message count to be verified is matched with the local message count;
the first determining subunit is configured to determine that the message count to be verified meets a preset condition when the determination result of the first determining subunit is that the message count to be verified is matched with the local message count;
the second judging subunit is configured to, when the judgment result of the first judging subunit is that the to-be-verified message count is not matched with the local message count, judge whether the number of attempts exceeds the maximum number of attempts;
a third processing subunit, configured to, when the determination result of the second determining subunit is that the number of attempts does not exceed the maximum number of attempts, add one to the number of attempts, then execute the generating subunit to generate a to-be-verified message count and a subsequent unit;
and the second determining subunit is configured to determine that the to-be-verified message count does not meet the preset condition when the determination result of the second determining subunit is that the number of attempts exceeds the maximum number of attempts.
In a possible implementation manner, the original message further carries first summary information calculated according to a complete message count, where the complete message count includes the lower message count and the higher message count, and the first determining subunit is specifically configured to:
calculating second abstract information according to the to-be-verified message count;
verifying whether the first summary information is consistent with the second summary information;
if the first summary information is consistent with the second summary information, determining that the message count to be verified is matched with a local message count;
and if the first summary information is inconsistent with the second summary information, determining that the message count to be verified is not matched with the local message count.
In a possible implementation manner, the original message further carries third summary information calculated according to the original message and a complete message count, where the complete message count includes the lower message count and the higher message count, and the first determining subunit is specifically configured to:
calculating fourth abstract information according to the original message and the to-be-verified message count;
verifying whether the third summary information is consistent with the fourth summary information;
if the third summary information is consistent with the fourth summary information, determining that the message count to be verified is matched with a local message count;
and if the third summary information is inconsistent with the fourth summary information, determining that the message count to be verified is not matched with the local message count.
In one possible implementation, the message count includes a higher message count and a lower message count, and the apparatus further includes:
a verification unit for verifying whether a difference between the message count and a local message count is within a preset range when it is determined that the message count includes a higher message count and a lower message count;
a second updating unit, configured to update the local message count to the message count when the verification result of the verifying unit is that the difference between the message count and the local message count is within the preset range;
and the second discarding unit is used for discarding the original message when the verification result of the verification unit is that the difference value between the message count and the local message count is not in the preset range.
In one possible implementation, the apparatus further includes:
and the zero clearing unit is used for clearing the local message count after receiving the message count synchronization message.
In a possible implementation manner, the message count synchronization message carries an update count, and the zero clearing unit includes:
the verification subunit is used for verifying whether the update count is equal to the local update count after being increased by one;
the processing subunit is used for clearing the local message count and adding one to the local update count when the verification results of the verification subunits are equal;
a discarding subunit, configured to discard the message count synchronization message when the verification result of the verification subunit is unequal.
A computer readable storage medium having stored therein instructions which, when run on a terminal device, cause the terminal device to perform the above-described method of implementing message authentication.
A computer program product, which, when run on a terminal device, causes the terminal device to perform the above-described method of implementing message authentication.
Therefore, the embodiment of the application has the following beneficial effects:
the message count in the original message received by the receiver only comprises a low-order message count, and when the message count is determined to only comprise the low-order message count, the message count to be verified is generated according to a local high-order message count and the low-order message count in the local message count; then, judging whether the message count to be verified meets a preset condition, if so, indicating that the received original information is safe, and updating the local message count into the message count to be verified; if not, indicating that the original message is in danger of replay attack, the original message is discarded. Therefore, according to the embodiment of the application, under the condition of realizing defense against replay attack, the number of freshness value bits is reduced, the communication overhead is saved, and the data transmission load is reduced.
Drawings
Fig. 1 is a schematic diagram of a framework of an exemplary application scenario provided in an embodiment of the present application;
fig. 2 is a flowchart of a method for implementing message authentication according to an embodiment of the present application;
fig. 3 is a flowchart of a method for generating a message to be verified according to an embodiment of the present application;
fig. 4 is a flowchart of another method for implementing message authentication according to an embodiment of the present application;
fig. 5 is a flowchart of another method for implementing message authentication according to an embodiment of the present application;
fig. 6 is a structural diagram of an apparatus for implementing message authentication according to an embodiment of the present application.
Detailed Description
In order to make the aforementioned objects, features and advantages of the present application more comprehensible, embodiments accompanying the drawings are described in detail below.
In order to facilitate understanding of the technical solutions provided in the present application, the following description will first be made on the background of the present application.
The inventor finds that the traditional defense replay attack method mainly adopts the freshness value addition for defense, and when a discontinuous freshness value message is received, the replay danger is determined to exist. However, as the freshness value is continuously increased, the number of bits of the freshness value carried in the message is large, and for a communication protocol message with a small data load, the freshness value with a large number of bits causes a large communication overhead, thereby causing communication congestion.
Based on this, the present application provides a method and an apparatus for implementing message authentication, since in a short time, as the number of times of sending and receiving messages increases, the lower message count of the message count in the freshness value may significantly change, but the higher message count may not change too much, so that only the lower message count of the message count may be added to the original message. And when the receiver determines that the message count only comprises a low-order message count after receiving the original message, generating a message count to be verified according to a local high-order message count and the low-order message count in the local message count. Then, judging whether the message count to be verified meets a preset condition, if so, indicating that the original information has no replay attack threat, updating the local message count into the message count to be verified; otherwise, the original information is discarded. Therefore, the number of freshness value bits is reduced, the communication overhead is reduced, and the communication congestion is avoided while the message verification is realized.
Referring to fig. 1, the figure is a schematic diagram of a framework of an exemplary application scenario provided in an embodiment of the present application. The method for realizing message authentication provided by the embodiment of the application can be applied to a communication client.
The client 10 may be a sender, and the client 20 may be a receiver. In actual application, the client 10 sends an original message to the client 20, and when the client 20 determines that the message count only includes the low-order message count after receiving the original message, the client generates a to-be-verified message count according to the local high-order message count and the low-order message count in the local message count stored in the client 20. And then the original message is verified by using the message count to be verified.
Those skilled in the art will appreciate that the block diagram shown in fig. 1 is only one example in which embodiments of the present application may be implemented. The scope of applicability of the embodiments of the present application is not limited in any way by this framework.
It should be noted that client 10 and client 20 may be hosted by terminals, which may be any existing, developing, or future developed user equipment capable of interacting with each other via any form of wired and/or wireless connection (e.g., Wi-Fi, LAN, cellular, coaxial cable, etc.), including but not limited to: smart wearable devices, smart phones, non-smart phones, tablets, laptop personal computers, desktop personal computers, minicomputers, midrange computers, mainframe computers, and the like, either now in existence, under development, or developed in the future. The embodiments of the present application are not limited in any way in this respect.
In order to facilitate understanding of the technical solutions provided by the present application, a method for implementing message authentication provided by the present application will be described below with reference to the accompanying drawings.
Referring to fig. 2, which is a flowchart of a method for implementing message authentication according to an embodiment of the present application, as shown in fig. 2, the method may include:
s201: an original message is received.
In this embodiment, when the two parties communicate, the receiving party may receive the original message sent by the sending party. The original message carries a freshness value comprising a message count, which in one possible implementation comprises only a low-order message count.
In a specific implementation, the freshness value may further include an update count for recording the number of updates of the freshness value, and a specific application of the update count will be described in the following embodiments.
In this embodiment, the complete message count may be divided into a higher message count and a lower message count, the higher message count representing the higher part of the complete message count, and the lower message count representing the lower part of the complete message count, for example, 100203, and then the higher message count is 100 and the lower message count is 203 for the complete message count.
It should be noted that the lengths of the portions in the freshness value can be set according to actual requirements. The lower message counting part of the message counting is a necessary option, and as for the length of the lower message counting, both communication parties can negotiate in advance. It will be appreciated that the greater the number of messaging times over a communication cycle, the longer the lower message count portion should be to ensure that the message count does not overflow. In addition, the two communication parties can also obtain different low-order message counting lengths aiming at different types of message negotiation, and after the receiving party receives the original information, the low-order message counting lengths can be determined according to the original information types. In addition, the update count portion is an option, and if update synchronization of the freshness value is not required, the length of the update count portion may be set to 0.
In practical applications, in one implementation, when the sender sends the original message, only the lower message count of the message count is added to the original message. In addition, in order to ensure the integrity of the message count, a digest algorithm can be adopted to add digest information to the original message. The summary information may be summary information of a complete message count, wherein the complete message count includes a high-order message count and a low-order message count; the summary information may also be summary information of the original information and the complete message count. After receiving the original information, the receiving side may perform integrity verification according to the summary information, wherein the integrity verification of the summary information will be described in the following embodiments.
It can be understood that the sender can locally store the complete message count, and only add the lower message count of the complete message count to the original information when sending the original information to the receiver, thereby reducing the communication overhead occupied by sending the original information. After the sender sends the original message, the local complete message count is updated, and when the low order overflows, the high order is automatically increased by 1.
S202: determining that the message count includes only the lower message count.
In this embodiment, after receiving the original message, the receiving side may determine whether the message count in the original message only includes the low-order message count according to the negotiated length of the low-order message count, and perform a subsequent verification operation when the message count only includes the low-order message count.
S203: and generating a message count to be verified according to the local high-order message count and the low-order message count in the local message count.
In this embodiment, after the receiver determines that the message count only includes the low-order message count, the to-be-verified message count may be generated according to the local high-order message count in the local message count and the received low-order message count. That is, a complete message count to be verified is constructed using the local high message count and the received low message count in the message count stored locally by the receiver.
A specific implementation of generating the to-be-verified message count according to the local high-order message count and the received low-order message count will be described in the following embodiments.
S204: judging whether the count of the message to be verified meets a preset condition, and if so, executing S205; otherwise, S206 is executed.
S205: and updating the local message count into the message count to be verified.
S206: the original message is discarded.
In the embodiment, after the message count to be verified is generated, whether the message count to be verified meets the preset condition is judged, if the message count to be verified meets the preset condition, the fact that the received original information has no replay attack threat is shown, the local message count is updated to the message count to be verified; if the preset condition is not met, the received original information is indicated to have the possibility of a replay attack threat, and the original information is discarded.
According to the embodiment, the message count in the original message received by the receiver only comprises the low-order message count, and when the message count only comprises the low-order message count, the message count to be verified is formed according to the local high-order message count and the low-order message count in the local message count; then, judging whether the message count to be verified meets a preset condition, if so, indicating that the received original information is safe, and updating the local message count into the message count to be verified; if not, indicating that the original message is in danger of replay attack, the original message is discarded. Therefore, according to the embodiment of the application, under the condition of realizing defense against replay attack, the number of freshness value bits is reduced, the communication overhead is saved, and the data transmission load is reduced.
In the above embodiment, when it is determined that only the lower message count is included in the message count, a to-be-verified message count is generated according to the local higher message count in the local message count and the received lower message count.
Referring to fig. 3, which is a flowchart of a method for generating a message count to be verified according to an embodiment of the present application, as shown in fig. 3, the method may include:
s301: judging whether the low-order message count is larger than the local low-order message count in the local message count; if so, executing S302; if not, S303 is performed.
In this embodiment, when it is determined that the message count only includes the low-order message count, the size of the local low-order message count in the low-order message count and the local message count is determined, and if the low-order message count is greater than the local message count, S302 is executed; if the lower message count is less than or equal to the local lower message count of the local message counts, S303 is performed.
S302: and adding the local high-order message count in the local message count and the number of attempts to obtain a processed local high-order message count.
In this embodiment, when the low-order message count is greater than the local low-order message count, the local high-order message count is updated, specifically, the local high-order message count and the number of attempts are added to be used as an updated local high-order message count, and then S304 is executed by using the updated local high-order message count, so as to generate a to-be-verified message count.
The number of attempts is the number of times of judging whether the count of the message to be verified meets the preset condition, namely the number of times of judgment, the initial value is 0, and the number of attempts is increased by 1 per judgment.
S303: and adding one to the local high-order message count in the local message count and adding the number of attempts to obtain a processed local high-order message count.
In this embodiment, when the low-order message count is less than or equal to the local low-order message count, the local high-order message count is updated, specifically, the local high-order message count is added with one more than the local high-order message count and the number of attempts is added to serve as the updated local high-order message count, and then S304 is executed by using the updated local high-order message count.
It can be understood that the message count of the sender is updated immediately after the original message is sent, the local message count of the receiver is updated only when the original message is received, and when the original message is lost, the message count of the sender is updated, but the receiver does not update the local message count because the original message is not received, so that the high-order message counts of the two parties are inconsistent. Therefore, by setting the number of attempts, the local high-order message count of the receiver is updated by using the number of attempts, and the legal original message is ensured to be successfully received.
S304: and generating a message count to be verified by the processed local high-order message count and the processed local low-order message count.
In this embodiment, the processed local high-order message count and low-order message count are used to generate a to-be-verified message count, so that the to-be-verified message count is used to perform verification operation on subsequent messages.
For example, the sender low-order message count is 02, the receiver local high-order message count is 01, the local low-order message count is 01, and the initial number of attempts is 0. Since the low-order message count 02 is greater than the local low-order message count 01, the local high-order message count is added to the trial frequency 0 to obtain a processed local high-order message count of 01, and the generated message count to be verified is 0102.
For another example, the lower message count of the sender is 02, the local upper message count of the receiver is 01, the local lower message count is 03, and the initial number of attempts is 0. Because the low-order message count 02 is smaller than the local low-order message count 03, the processed local high-order message count is obtained by adding one to the local high-order message count and adding the number of attempts 0, and the generated message count to be verified is 0202.
In the above embodiment, after generating the to-be-verified message count, it is determined whether the to-be-verified message count meets the preset condition, and a determination method is provided in the embodiment of the present application, which will be described below with reference to the accompanying drawings.
Referring to fig. 4, which is a flowchart of another method for implementing message authentication provided in the embodiment of the present application, as shown in fig. 4, the method may include:
s401: the original information is received.
S402: determining that the message count includes only the lower message count.
S403: and generating a message count to be verified according to the local high-order message count and the low-order message count in the local message count.
In this embodiment, a specific implementation method for generating a to-be-verified message count may refer to the method described in fig. 3. It should be noted that, in this embodiment, S401 to S403 and S201 to S203 have the same implementation, which may specifically refer to the implementation of the above embodiments, and this embodiment is not described herein again.
S404: judging whether the message count to be verified is matched with the local message count; if so, go to S408; otherwise, S405 is executed.
In this embodiment, the message count to be verified is matched with the local message count, and if the message count to be verified is matched with the local message count, S408 is executed, the message count to be verified is determined to meet the preset condition, and the local message count is updated to the message count to be verified; if not, S405 is executed to determine whether the number of attempts reaches the maximum number of attempts.
In specific implementation, this embodiment provides two implementation manners for determining whether the to-be-verified message count is matched with the local message count, and the following two determination manners are described respectively:
one is, when the original message further carries first digest information calculated according to a complete message count, where the complete message count includes a lower message count and an upper message count, determining whether the message count to be verified matches the local message count includes:
1) calculating second abstract information according to the count of the message to be verified;
2) verifying whether the first summary information is consistent with the second summary information;
3) if the first abstract information is consistent with the second abstract information, determining that the message count to be verified is matched with the local message count;
4) and if the first summary information is inconsistent with the second summary information, determining that the message count to be verified is not matched with the local message count.
In this embodiment, when the original information also carries the first digest information generated according to the complete message count, and since the to-be-verified message count is also the complete message count, the to-be-verified message count is used to generate new digest information, that is, the second digest information. Then, comparing whether the two summary messages are the same or not, and if so, determining that the message count to be verified is matched with the local message count; and if the two summary information are not the same, determining that the message count to be verified is not matched with the local message count.
If the original message further carries third digest information calculated according to the original message and the complete message count, where the complete message count includes a lower message count and an upper message count, determining whether the message count to be verified matches the local message count includes:
1) calculating fourth abstract information according to the original message and the count of the message to be verified;
2) verifying whether the third summary information is consistent with the fourth summary information;
3) if the third abstract information is consistent with the fourth abstract information, determining that the message count to be verified is matched with the local message count;
4) and if the third summary information is inconsistent with the fourth summary information, determining that the message count to be verified is not matched with the local message count.
In this embodiment, when the original information further carries a third digest message generated according to the original information and the complete message count, and since the message count to be verified is also the complete message count, new digest information, that is, fourth digest information is generated according to the received original information and the message count to be verified. Then, comparing whether the two summary messages are the same or not, and if so, determining that the message count to be verified is matched with the local message count; and if the two summary information are not the same, determining that the message count to be verified is not matched with the local message count.
It should be noted that the third summary information carried in the original message is obtained by calculating according to the data part and the complete message count in the original message. I.e. calculated using data excluding freshness values in the original message and a complete message count. Therefore, when the receiver calculates the fourth summary information, the fourth summary information is obtained by using the received original message with the data of the freshness value removed and the message count to be verified.
In addition, it should be noted that, when the second digest information is generated by using the message count to be verified, the same digest algorithm as that used for generating the first digest information is required to ensure that the calculated second digest information is consistent with the first digest information when the original information has no replay attack threat. Similarly, when the fourth summary information is generated according to the count of the message to be verified and the original information, the summary algorithm used for generating the third summary information needs to be the same. Common Digest algorithms include Message Digest (MD) Algorithm, Secure Hash (SHA) Algorithm, Message Authentication Code (MAC) Algorithm, and so on.
S405: judging whether the number of attempts exceeds the maximum number of attempts, if not, executing S406; otherwise, S407 is executed.
In the embodiment, when the message count to be verified is judged not to be matched with the local message count, whether the current trial frequency exceeds the maximum trial frequency is judged, and if the current trial frequency exceeds the maximum trial frequency, the message count to be verified is determined not to meet the preset condition; otherwise, S406 is executed to add 1 to the number of attempts.
The maximum number of attempts is the maximum difference between the allowed received message count and the local message count, that is, a packet loss situation is allowed to exist, but the packet loss number needs to be within a certain number range.
S406: after the number of attempts is increased by one, S403 is executed.
In this embodiment, when the number of attempts does not exceed the maximum number of attempts, 1 is added to the number of attempts, the local high-order message count is updated according to the number of attempts, a to-be-verified message count is generated by using the updated local high-order message count and the received low-order message count, and a new to-be-verified message count is determined again.
S407: and determining that the count of the messages to be verified does not meet the preset condition.
S408: and determining that the count of the message to be verified meets a preset condition.
For example, the message count of the sender is 02, the message count of the lower is 02, the local message count of the receiver is 01, the local message count of the lower is 01, the initial number of attempts is 0, and the maximum number of attempts is 3. Since the low-order message count 02 is greater than the local low-order message count 01, the local high-order message count 01 is added to the trial frequency 0 to obtain a processed local high-order message count 01, the generated message count to be verified is 0102, and the digest information in the original message is generated according to the complete message count 0202, so that the message count to be verified does not meet the preset condition. At this time, the number of attempts is 1, if the number of attempts does not exceed the maximum number of attempts, the local high-order message count 01 is added to the number of attempts 1, so that a processed local high-order message count is 02, the generated message count to be verified is 0202, and if the generated message count to be verified is the same as the complete message count according to the digest information in the original information, the message count to be verified meets a preset condition, and the local message count is updated to 0202.
When the high-order message count is 05, because the maximum number of attempts is 3, when the number of attempts increases to 3, the local high-order message count is 04, the generated to-be-verified message count is 0402, which is still different from the complete message count 0502 according to which the digest information is calculated, and it is determined that the to-be-verified message count does not meet the preset condition.
For another example, the message count of the sender is 03 for the high-order message count, 02 for the low-order message count, 01 for the local high-order message count of the receiver, 03 for the local low-order message count, 0 for the initial number of attempts, and 3 for the maximum number of attempts. Since the low-order message count 02 is smaller than the local low-order message count 03, the local high-order message count 01 is added with one and then added with the trial frequency 0 to obtain a processed local high-order message count 02, the generated message count to be verified is 0202, and the digest information in the original message is generated according to the complete message count 0302, so that the message count to be verified does not meet the preset condition. At this time, the number of attempts is 1, if the number of attempts does not exceed the maximum number of attempts, the local high-order message count 01 is added with one and then added with the number of attempts 1, so that the processed local high-order message count is 03, the generated to-be-verified message count is 0302, and if the to-be-verified message count is the same as the complete message count according to the summary information in the original information, the to-be-verified message count meets the preset condition, and the local message count is updated to 0302.
By the method provided by the embodiment, after an original message is received, when the message count of the original message only includes a low-order message count, a message count to be verified is generated by using the low-order message count and a local high-order message count, the message count to be verified is verified according to summary information carried in the original message, and if the verification is passed, the local message count is updated to the message count to be verified; otherwise, the original message is discarded, and under the condition of realizing defense against replay attack, the freshness value bit number is reduced, the communication overhead is saved, and the data transmission load is reduced.
In the above embodiments, a specific scheme of implementing message authentication when the message count in the original message includes only the lower message count is described. In another implementation, the message count may further include a higher message count and a lower message count, and when the message count includes the higher message count and the lower message count, another message authentication method is provided in the present application, which will be described below with reference to the accompanying drawings.
Referring to fig. 5, which is a flowchart of another method for implementing message authentication provided in the embodiment of the present application, as shown in fig. 5, the method may include:
s501: an original message is received.
In this embodiment, the receiver receives an original message sent by the sender, where the original message includes a freshness value, and the freshness value includes a message count, and the message count includes a higher message count and a lower message count.
In practical applications, in this implementation, when the sender sends the original message, a complete message count may be added to the original message. Of course, the original message may also be added with summary information to ensure the integrity of the information.
S502: determining the message count includes determining a higher message count and a lower message count.
S503: verifying whether the difference value between the message count and the local message count is within a preset range, and if so, executing S504; otherwise, S505 is executed.
In this embodiment, after receiving the original message, when determining that the message count includes a high-order message count and a low-order message count, it is determined whether a difference between the message count and the local message count is within a preset range. The preset range is a preset reasonable difference range, and the reasonable difference range represents the maximum allowable packet loss number.
S504: the local message count is updated to a message count.
In this embodiment, if the difference between the message count and the local message count is within the preset range, the local message count is updated to the message count if the verification passes.
S505: the original message is discarded.
In this embodiment, if the difference between the message count and the local message count is not within the set range, the verification fails, and the original message is determined to be an invalid message and discarded.
According to the embodiment, when the message count in the received original message comprises the high-order message count and the low-order message count, the received message count and the local message count are subjected to subtraction, whether replay attack exists in the received original message is verified by verifying whether the difference value of the received message count and the local message count is within the preset range, and therefore replay attack is effectively defended.
In practical application, when the message sending is completed or the subsequent counting cannot be performed due to overflow of the local message count, the local message count needs to be cleared, specifically, after the message count synchronization message is received, the local message count is cleared.
In the specific implementation, the message counting synchronization message carries an update count, and after the receiving method receives the message counting synchronization message, the receiving method verifies whether the received update count is equal to the local update count added by 1; if the local message count is equal to the local message count, the local message count is cleared, and the local update count is increased by 1; if not, the verification fails and the message count synchronization message is discarded.
Based on the above method embodiment, the present application further provides a device for implementing message authentication, which will be described below with reference to the accompanying drawings.
Referring to fig. 6, which is a block diagram of an apparatus for implementing message authentication according to an embodiment of the present application, as shown in fig. 6, the apparatus may include:
a receiving unit 601, configured to receive an original message, where the original message carries a freshness value, where the freshness value includes a message count, and the message count only includes a low-order message count;
a generating unit 602, configured to generate a to-be-verified message count according to a local higher message count and a local lower message count in a local message count when it is determined that the message count only includes the lower message count;
a determining unit 603, configured to determine whether the to-be-verified message count meets a preset condition;
a first updating unit 604, configured to update the local message count to the to-be-verified message count when the determination result of the determining unit indicates that the to-be-verified message count meets the preset condition;
a first discarding unit 605, configured to discard the original message when the determination result of the determining unit is that the to-be-verified message count does not meet the preset condition.
In one possible implementation manner, the generating unit includes:
the first processing subunit is configured to, when the low-order message count is greater than a local low-order message count in the local message count, add the local high-order message count in the local message count to the number of attempts to obtain a processed local high-order message count;
the second processing subunit is used for adding one to the local high-order message count in the local message count and adding the number of attempts to obtain a processed local high-order message count when the low-order message count is less than or equal to the local low-order message count in the local message count;
and the generating subunit is used for generating a to-be-verified message count from the processed local high-order message count and the processed low-order message count.
In a possible implementation manner, the determining unit includes:
the first judging subunit is used for judging whether the message count to be verified is matched with the local message count;
the first determining subunit is configured to determine that the message count to be verified meets a preset condition when the determination result of the first determining subunit is that the message count to be verified is matched with the local message count;
the second judging subunit is configured to, when the judgment result of the first judging subunit is that the to-be-verified message count is not matched with the local message count, judge whether the number of attempts exceeds the maximum number of attempts;
a third processing subunit, configured to, when the determination result of the second determining subunit is that the number of attempts does not exceed the maximum number of attempts, add one to the number of attempts, then execute the generating subunit to generate a to-be-verified message count and a subsequent unit;
and the second determining subunit is configured to determine that the to-be-verified message count does not meet the preset condition when the determination result of the second determining subunit is that the number of attempts exceeds the maximum number of attempts.
In a possible implementation manner, the original message further carries first summary information calculated according to a complete message count, where the complete message count includes the lower message count and the higher message count, and the first determining subunit is specifically configured to:
calculating second abstract information according to the to-be-verified message count;
verifying whether the first summary information is consistent with the second summary information;
if the first summary information is consistent with the second summary information, determining that the message count to be verified is matched with a local message count;
and if the first summary information is inconsistent with the second summary information, determining that the message count to be verified is not matched with the local message count.
In a possible implementation manner, the original message further carries third summary information calculated according to the original message and a complete message count, where the complete message count includes the lower message count and the higher message count, and the first determining subunit is specifically configured to:
calculating fourth abstract information according to the original message and the to-be-verified message count;
verifying whether the third summary information is consistent with the fourth summary information;
if the third summary information is consistent with the fourth summary information, determining that the message count to be verified is matched with a local message count;
and if the third summary information is inconsistent with the fourth summary information, determining that the message count to be verified is not matched with the local message count.
In one possible implementation, the message count includes a higher message count and a lower message count, and the apparatus further includes:
a verification unit for verifying whether a difference between the message count and a local message count is within a preset range when it is determined that the message count includes a higher message count and a lower message count;
a second updating unit, configured to update the local message count to the message count when the verification result of the verifying unit is that the difference between the message count and the local message count is within the preset range;
and the second discarding unit is used for discarding the original message when the verification result of the verification unit is that the difference value between the message count and the local message count is not in the preset range.
In one possible implementation, the apparatus further includes:
and the zero clearing unit is used for clearing the local message count after receiving the message count synchronization message.
In a possible implementation manner, the message count synchronization message carries an update count, and the zero clearing unit includes:
the verification subunit is used for verifying whether the update count is equal to the local update count after being increased by one;
the processing subunit is used for clearing the local message count and adding one to the local update count when the verification results of the verification subunits are equal;
a discarding subunit, configured to discard the message count synchronization message when the verification result of the verification subunit is unequal.
It should be noted that, the implementation of each unit or module in this embodiment may refer to the implementation of fig. 1 to fig. 5, and details of this embodiment are not described herein again.
In addition, an embodiment of the present application further provides a computer-readable storage medium, where instructions are stored in the computer-readable storage medium, and when the instructions are executed on a terminal device, the instructions cause the terminal device to execute the above method for implementing message verification.
The embodiment of the present application further provides a computer program product, which when running on a terminal device, enables the terminal device to execute the above method for implementing message authentication.
According to the embodiment, the message count in the original message received by the receiver only includes the low-order message count, and when the message count is determined to only include the low-order message count, the message count to be verified is generated according to the local high-order message count and the local low-order message count in the local message count; then, judging whether the message count to be verified meets a preset condition, if so, indicating that the received original information is safe, and updating the local message count into the message count to be verified; if not, indicating that the original message is in danger of replay attack, the original message is discarded. Therefore, according to the embodiment of the application, under the condition of realizing defense against replay attack, the number of freshness value bits is reduced, the communication overhead is saved, and the data transmission load is reduced.
It should be noted that, in the present specification, the embodiments are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments may be referred to each other. For the system or the device disclosed by the embodiment, the description is simple because the system or the device corresponds to the method disclosed by the embodiment, and the relevant points can be referred to the method part for description.
It should be understood that in the present application, "at least one" means one or more, "a plurality" means two or more. "and/or" for describing an association relationship of associated objects, indicating that there may be three relationships, e.g., "a and/or B" may indicate: only A, only B and both A and B are present, wherein A and B may be singular or plural. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship. "at least one of the following" or similar expressions refer to any combination of these items, including any combination of single item(s) or plural items. For example, at least one (one) of a, b, or c, may represent: a, b, c, "a and b", "a and c", "b and c", or "a and b and c", wherein a, b, c may be single or plural.
It is further noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the application. Thus, the present application is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (7)

1. A method for implementing message authentication, the method comprising:
receiving an original message, wherein the original message carries a freshness value, the freshness value comprises a message count, and the message count only comprises a low-order message count;
when the message count only comprises a low message count, generating a message count to be verified according to a local high message count and the low message count in the local message count; the generating a message count to be verified according to the local high-order message count and the low-order message count in the local message count includes: when the low-order message count is larger than the local low-order message count in the local message count, adding the local high-order message count in the local message count and the trial times to obtain a processed local high-order message count; when the low-order message count is less than or equal to the local low-order message count in the local message count, adding one to the local high-order message count in the local message count and adding the number of attempts to obtain a processed local high-order message count; generating a message count to be verified by the processed local high-order message count and the processed local low-order message count; the trial times refer to the times of judging whether the count of the message to be verified meets the preset condition;
judging whether the count of the message to be verified meets a preset condition or not;
if the message count to be verified meets the preset condition, updating the local message count to the message count to be verified;
and if the count of the messages to be verified does not meet the preset condition, discarding the original messages.
2. The method according to claim 1, wherein the determining whether the message count to be verified meets a preset condition comprises:
judging whether the message count to be verified is matched with the local message count;
if the message count to be verified is matched with the local message count, determining that the message count to be verified meets a preset condition;
if the message count to be verified is not matched with the local message count, judging whether the number of attempts exceeds the maximum number of attempts;
if the trial times do not exceed the maximum trial times, adding one to the trial times, and repeatedly executing the steps of generating a message count to be verified according to a local high-order message count and a local low-order message count in the local message count and the subsequent steps;
and if the number of attempts exceeds the maximum number of attempts, determining that the message count to be verified does not meet the preset condition.
3. The method according to claim 2, wherein the original message further carries first digest information calculated according to a complete message count, the complete message count includes the lower message count and an upper message count, and the determining whether the message count to be verified matches the local message count includes:
calculating second abstract information according to the to-be-verified message count;
verifying whether the first summary information is consistent with the second summary information;
if the first summary information is consistent with the second summary information, determining that the message count to be verified is matched with a local message count;
and if the first summary information is inconsistent with the second summary information, determining that the message count to be verified is not matched with the local message count.
4. The method according to claim 2, wherein the original message further carries third digest information calculated according to the original message and a complete message count, the complete message count includes the lower message count and an upper message count, and the determining whether the message count to be verified matches the local message count includes:
calculating fourth abstract information according to the original message and the to-be-verified message count;
verifying whether the third summary information is consistent with the fourth summary information;
if the third summary information is consistent with the fourth summary information, determining that the message count to be verified is matched with a local message count;
and if the third summary information is inconsistent with the fourth summary information, determining that the message count to be verified is not matched with the local message count.
5. The method of claim 1, further comprising:
after receiving the message counting synchronization message, clearing the local message counting;
the message count synchronization message also carries an update count, and the clearing the local message count includes:
verifying whether the update count is equal to a local update count plus one;
if the local message count is equal to the local message count, clearing the local message count, and adding one to the local update count;
and if not, discarding the message counting synchronization message.
6. An apparatus for implementing message authentication, the apparatus comprising:
a receiving unit, configured to receive an original message, where the original message carries a freshness value, the freshness value includes a message count, and the message count only includes a low-order message count;
the generating unit is used for generating a message count to be verified according to a local high-order message count and a low-order message count in a local message count when the message count only comprises the low-order message count;
the judging unit is used for judging whether the to-be-verified message count meets a preset condition or not;
the first updating unit is used for updating the local message count to the message count to be verified when the judgment result of the judging unit shows that the message count to be verified meets the preset condition;
the first discarding unit is used for discarding the original message when the judgment result of the judging unit is that the count of the message to be verified does not accord with the preset condition;
the generation unit includes:
the first processing subunit is configured to, when the low-order message count is greater than a local low-order message count in the local message count, add the local high-order message count in the local message count to the number of attempts to obtain a processed local high-order message count;
the second processing subunit is used for adding one to the local high-order message count in the local message count and adding the number of attempts to obtain a processed local high-order message count when the low-order message count is less than or equal to the local low-order message count in the local message count; the trial times refer to the times of judging whether the count of the message to be verified meets the preset condition;
and the generating subunit is used for generating a to-be-verified message count from the processed local high-order message count and the processed low-order message count.
7. A computer-readable storage medium having stored therein instructions that, when executed on a terminal device, cause the terminal device to perform the method of implementing message authentication of any of claims 1-5.
CN201811475721.2A 2018-12-04 2018-12-04 Method, device and computer readable storage medium for realizing message verification Active CN109600364B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811475721.2A CN109600364B (en) 2018-12-04 2018-12-04 Method, device and computer readable storage medium for realizing message verification

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811475721.2A CN109600364B (en) 2018-12-04 2018-12-04 Method, device and computer readable storage medium for realizing message verification

Publications (2)

Publication Number Publication Date
CN109600364A CN109600364A (en) 2019-04-09
CN109600364B true CN109600364B (en) 2021-06-08

Family

ID=65960995

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811475721.2A Active CN109600364B (en) 2018-12-04 2018-12-04 Method, device and computer readable storage medium for realizing message verification

Country Status (1)

Country Link
CN (1) CN109600364B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112019358A (en) * 2019-05-28 2020-12-01 阿里巴巴集团控股有限公司 Network configuration method, device, equipment and system
WO2021222662A1 (en) * 2020-04-30 2021-11-04 Sensata Technologies, Inc. Secure wireless protocol for wireless sensor networks
CN113259374B (en) * 2021-06-10 2021-11-02 中汽创智科技有限公司 Fresh value management method and device
CN115190578B (en) * 2022-07-19 2023-10-24 北京汽车研究总院有限公司 Information updating method and device in vehicle-mounted communication

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101442401A (en) * 2007-11-19 2009-05-27 华为技术有限公司 Method and apparatus for sending and receiving data, and data transmission system
CN104468503A (en) * 2013-09-13 2015-03-25 通用汽车环球科技运作有限责任公司 Methods and apparatus for secure communication in a vehicle-based data communication system
CN106464499A (en) * 2014-06-05 2017-02-22 Kddi株式会社 Communication network system, transmission node, reception node, message checking method, and computer program
EP3264718A1 (en) * 2016-06-29 2018-01-03 Argus Cyber Security Ltd. System and method for detection and prevention of attacks on in-vehicle networks

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101442401A (en) * 2007-11-19 2009-05-27 华为技术有限公司 Method and apparatus for sending and receiving data, and data transmission system
CN104468503A (en) * 2013-09-13 2015-03-25 通用汽车环球科技运作有限责任公司 Methods and apparatus for secure communication in a vehicle-based data communication system
CN106464499A (en) * 2014-06-05 2017-02-22 Kddi株式会社 Communication network system, transmission node, reception node, message checking method, and computer program
EP3264718A1 (en) * 2016-06-29 2018-01-03 Argus Cyber Security Ltd. System and method for detection and prevention of attacks on in-vehicle networks

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
《Cyber-Security for the Controller Area Network(CAN) Communication Protocol》;Chung-Wei Lin;《2012 Internation Conference on Cyber Security》;20121216;1-7 *

Also Published As

Publication number Publication date
CN109600364A (en) 2019-04-09

Similar Documents

Publication Publication Date Title
CN109600364B (en) Method, device and computer readable storage medium for realizing message verification
US10972284B2 (en) Method of providing a hash value for a piece of data, electronic device and computer program
US7426382B2 (en) Contact validation and trusted contact updating in mobile wireless communications devices
US5958053A (en) Communications protocol with improved security
US20190342327A1 (en) Front-end protocol for server protection
JP4608000B2 (en) Secure and bandwidth efficient encryption synchronization method
US20150333912A1 (en) Authenticating the identity of initiators of tcp connections
US11343673B2 (en) Enhanced aggregated re-authentication for wireless devices
WO2016015573A1 (en) Method, device and system for terminal to establish connection
Park One-time password based on hash chain without shared secret and re-registration
CN111314358A (en) Attack protection method, device, system, computer storage medium and electronic equipment
CN104917765A (en) Attack prevention method, and equipment
US20220417015A1 (en) Key update method and related apparatus
CN104601541A (en) Data transmission method, server and user equipment
CN112770321A (en) Internet of things equipment authentication and secure transmission method, computer equipment and storage medium
EP3565178B1 (en) Message protection method, user device and core network device
CN110868246B (en) Information transmission method and system
CN109525612B (en) Multi-terminal message encryption transmission method and system
WO2020103159A1 (en) Message transmitting and receiving method and apparatus
WO2016049870A1 (en) Method and system for generating dynamic login credential
Tahmasbi et al. Adaptive ternary timing covert channel in IEEE 802.11
CN110995612B (en) Message processing method, system and communication equipment
JP7045455B2 (en) Access denied methods, devices and systems, as well as storage media and professionals
CN112134884A (en) Message serial number updating method
CN107172016B (en) Safety trust processing method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant