CN110351092A - Transmission method and device, storage medium, the electronic device of data packet - Google Patents

Transmission method and device, storage medium, the electronic device of data packet Download PDF

Info

Publication number
CN110351092A
CN110351092A CN201910503334.3A CN201910503334A CN110351092A CN 110351092 A CN110351092 A CN 110351092A CN 201910503334 A CN201910503334 A CN 201910503334A CN 110351092 A CN110351092 A CN 110351092A
Authority
CN
China
Prior art keywords
information
dimension
data packet
requesting party
signing messages
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910503334.3A
Other languages
Chinese (zh)
Inventor
李天白
程威
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Siyuan Ideal Holding Group Co ltd
Original Assignee
Beijing Siyuan Internet Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Siyuan Internet Technology Co Ltd filed Critical Beijing Siyuan Internet Technology Co Ltd
Priority to CN201910503334.3A priority Critical patent/CN110351092A/en
Publication of CN110351092A publication Critical patent/CN110351092A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3218Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs
    • H04L9/3221Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs interactive zero-knowledge proofs
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/121Timestamp
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a kind of transmission methods of data packet and device, storage medium, electronic device.Wherein, this method comprises: generating normal data packet, wherein, the normal data packet includes at least signing messages that the target data sent to requesting party, the requesting party sign to content in the normal data packet and the public key of the requesting party for being verified to the signing messages;The data packet is sent to recipient.The present invention solves realizes the lower technical problem of the method security of user authentication in the related technology.

Description

Transmission method and device, storage medium, the electronic device of data packet
Technical field
The present invention relates to internet areas, and the transmission method and device, storage in particular to a kind of data packet are situated between Matter, electronic device.
Background technique
The method that non-zero-knowledge proof is generallyd use in conventional information security system realizes user authentication, such as user/password Verifying scene or IP address verifying scene, these scenes be all based on the comparison to real information realize user is recognized Card, such as when needing to authenticate user, user must show the id account number and password of user, in order to which system is by the id account number of user It is compared with the information stored in password and system, the verifying of user identity is completed by comparing;For another example, it was demonstrated that system can Based on believable third party's integrated data store, user identity is authenticated by the way of Characteristic Contrast.
The problem of the above method is that use cost is high, verification mode is complicated, there are certain risks in data set.
For above-mentioned problem, currently no effective solution has been proposed.
Summary of the invention
The embodiment of the invention provides a kind of transmission methods of data packet and device, storage medium, electronic device, at least It solves to realize the lower technical problem of the method security of user authentication in the related technology.
According to an aspect of an embodiment of the present invention, a kind of transmission method of data packet is provided, comprising: generate criterion numeral According to packet, wherein normal data packet include at least the target data sent to requesting party, requesting party to content in normal data packet into The public key of signing messages and the requesting party for being verified to signing messages that row signature obtains;Data are sent to recipient Packet.
Optionally, generating normal data packet includes: to obtain the information of the first dimension, the information of the second dimension, third dimension Information, the information of fourth dimension degree, the information of the 5th dimension, the information and signing messages of 6 DOF degree, wherein the first dimension Information be used to indicate requesting party and recipient, the information of the second dimension is used to indicate target data, the information of third dimension with Time correlation, the information of fourth dimension degree are used to indicate the purpose of transmission, and the information of the 5th dimension is used to indicate the addressing letter of transmission Breath, the information of 6 DOF degree are used to indicate information processing manner, signing messages for the first dimension information, in the second dimension Cleartext information, the information of third dimension, the information of fourth dimension degree, the information of the information of the 5th dimension and 6 DOF degree are signed What name obtained;By the information of the first dimension, the information of the second dimension, the information of third dimension, the information of fourth dimension degree, the 5th dimension The information of degree, the information of 6 DOF degree and signing messages are combined into normal data packet.
Optionally, the information for obtaining the first dimension includes: the mark of acquisition request side and the mark of user information and recipient Knowledge and user information.
Optionally, the information for obtaining third dimension includes: the timestamp and target data obtained when generating target data Timing mark.
Optionally, the information of third dimension is obtained further include: obtain the message sequence number of target data.
Optionally, the information for obtaining the 5th dimension includes: the public key of acquisition request side.
Optionally, the information of the 5th dimension is obtained further include: obtain the Internet protocol address of recipient, recipient sets At least one of standby mark and the services addresses of recipient.
Optionally, the information for obtaining 6 DOF degree includes: to obtain the coding mode and/or cipher mode of target data.
According to an aspect of an embodiment of the present invention, a kind of transmission method of data packet is provided, comprising: acquisition request side The normal data packet of transmission, wherein normal data packet includes at least the signing messages of the target data of requesting party's transmission, requesting party To the public key of signing messages and requesting party that content in normal data packet is signed;Using the public key of requesting party to label Name information is verified, to determine the legitimacy of requesting party.
Optionally, signing messages is verified using the public key of requesting party, with determine the legitimacy of requesting party include: from Obtained in normal data packet the information of the first dimension, the information of the second dimension, the information of third dimension, the information of fourth dimension degree, Information, the information and signing messages of 6 DOF degree of 5th dimension, wherein the information of the first dimension be used to indicate requesting party and Recipient, the information of the second dimension are used to indicate target data, the information and time correlation of third dimension, the information of fourth dimension degree It is used to indicate the purpose of transmission, the information of the 5th dimension is used to indicate the addressing information of transmission, and the information of 6 DOF degree is for referring to Show information processing manner, signing messages is the letter to cleartext information, third dimension in the information of the first dimension, the second dimension What the information of breath, the information of fourth dimension degree, the information of the 5th dimension and 6 DOF degree was signed;According to 6 DOF degree Information instruction information processing manner the information of the second dimension is handled, obtain the cleartext information in the second dimension;? Using in the correct situation of public key verifications signing messages of requesting party, determine that requesting party is legal;It is tested using the public key of requesting party It demonstrate,proves in the incorrect situation of signing messages, determines that requesting party is illegal.
According to another aspect of an embodiment of the present invention, a kind of transmitting device of data packet is additionally provided, comprising: generate single Member, for generating normal data packet, wherein normal data packet includes at least the target data sent to requesting party, requesting party couple The public affairs of content is signed in normal data packet signing messages and the requesting party for being verified to signing messages Key;Transmission unit, for sending data packet to recipient.
According to another aspect of an embodiment of the present invention, a kind of transmitting device of data packet is additionally provided, comprising: obtain single Member, the normal data packet sent for acquisition request side, wherein normal data packet includes at least the number of targets that requesting party sends According to the public key of signing messages and requesting party that the signing messages of, requesting party signs to content in normal data packet; Authentication unit, for being verified using the public key of requesting party to signing messages, to determine the legitimacy of requesting party.
According to another aspect of an embodiment of the present invention, a kind of storage medium is additionally provided, which includes storage Program, program execute above-mentioned method when running.
According to another aspect of an embodiment of the present invention, it additionally provides a kind of electronic device, including memory, processor and deposits The computer program that can be run on a memory and on a processor is stored up, processor executes above-mentioned side by computer program Method.
In embodiments of the present invention, by using above-mentioned data structure, in the scene of safety communication data exchange, one The integration and distribution for passing through information in secondary simple interaction realize the number label of the verification mode nizk based on zero-knowledge proof Name so as to directly realize authentication in a manner of zero interaction, and ensure that the confidentiality and integrity of message transmission, can To solve to realize the lower technical problem of the method security of user authentication in the related technology, and then reaches and improve verification process The technical effect of safety.
Detailed description of the invention
The drawings described herein are used to provide a further understanding of the present invention, constitutes part of this application, this hair Bright illustrative embodiments and their description are used to explain the present invention, and are not constituted improper limitations of the present invention.In the accompanying drawings:
Fig. 1 is the schematic diagram of the hardware environment of the transmission method of data packet according to an embodiment of the present invention;
Fig. 2 is a kind of flow chart of the transmission method of optional data packet according to an embodiment of the present invention;
Fig. 3 is a kind of flow chart of the transmission method of optional data packet according to an embodiment of the present invention;
Fig. 4 is a kind of schematic diagram of the transmitting device of optional data packet according to an embodiment of the present invention;
Fig. 5 is a kind of schematic diagram of the transmitting device of optional data packet according to an embodiment of the present invention;
And
Fig. 6 is a kind of structural block diagram of terminal according to an embodiment of the present invention.
Specific embodiment
In order to enable those skilled in the art to better understand the solution of the present invention, below in conjunction in the embodiment of the present invention Attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is only The embodiment of a part of the invention, instead of all the embodiments.Based on the embodiments of the present invention, ordinary skill people The model that the present invention protects all should belong in member's every other embodiment obtained without making creative work It encloses.
It should be noted that description and claims of this specification and term " first " in above-mentioned attached drawing, " Two " etc. be to be used to distinguish similar objects, without being used to describe a particular order or precedence order.It should be understood that using in this way Data be interchangeable under appropriate circumstances, so as to the embodiment of the present invention described herein can in addition to illustrating herein or Sequence other than those of description is implemented.In addition, term " includes " and " having " and their any deformation, it is intended that cover Cover it is non-exclusive include, for example, the process, method, system, product or equipment for containing a series of steps or units are not necessarily limited to Step or unit those of is clearly listed, but may include be not clearly listed or for these process, methods, product Or other step or units that equipment is intrinsic.
Technical term meaning involved in the application is as follows:
TCP (Transmission Control Protocol transmission control protocol) is a kind of connection-oriented, reliable , transport layer communication protocol based on byte stream, defined by the RFC 793 of IETF.
UDP is the abbreviation of User Datagram Protocol, and Chinese name is User Datagram Protocol, is OSI (Open System Interconnection, open system interconnection) a kind of connectionless transport layer protocol in reference model, face is provided Simple unreliable information transmission service to affairs, IETFRFC 768 is the formal specification of UDP.Protocol number of the UDP in IP packet It is 17.
Secure transport layer protocol (TLS) is used to provide confidentiality and data integrity between two communication application programs. The agreement is formed by two layers: TLS record protocol (TLS Record) and tls handshake protocol (TLS Handshake).
ECC is writing a Chinese character in simplified form for " Elliptic curve cryptography ", and Chinese is " Elliptic Curve Cryptography ".
One side according to an embodiment of the present invention provides a kind of embodiment of the method for the transmission method of data packet.
Optionally, in the present embodiment, the transmission method of above-mentioned data packet can be applied to as shown in Figure 1 by terminal 101 and the hardware environment that is constituted of server 103 (server also can be replaced other terminals different from terminal 101) in. As shown in Figure 1, server 103 is attached by network with terminal 101, it can be used for the client to install in terminal or terminal The service for checking credentials is provided, database 105 can be set on the server or independently of server, for providing storage for server 103 Verification process needs the service of data to be used, and above-mentioned network includes but is not limited to: wide area network, Metropolitan Area Network (MAN) or local area network, terminal 101 are not limited to PC, mobile phone, tablet computer etc..
The transmission method of the data packet of the embodiment of the present invention can also be executed by terminal 101, wherein terminal 101 executes The transmission method of the data packet of the embodiment of the present invention is also possible to be executed by client mounted thereto.Fig. 2 is according to this The flow chart of the transmission method of a kind of optional data packet of inventive embodiments, as shown in Fig. 2, this method may include following step It is rapid:
Step S202, terminal generate normal data packet, normal data packet include at least the target data sent to requesting party, The signing messages and asked for what is verified to signing messages that requesting party signs to content in normal data packet The public key for the side of asking.
Above-mentioned requesting party is the side where terminal, corresponding to the user verified using the terminal request;And Recipient is the side where the server verified.
In the above-described embodiments, normal data packet is generated can include: obtain information (available " who " table of the first dimension Show), the information of the second dimension (available " what " is indicated), the information (available " when " is indicated) of third dimension, fourth dimension degree Information (available " why " is indicated), the information (available " where " is indicated) of the 5th dimension, the information (available " how " of 6 DOF degree Indicate) and signing messages (available " sign " is indicated), wherein the information of the first dimension is used to indicate requesting party and recipient, The information of second dimension is used to indicate target data, and the information and time correlation of third dimension, the information of fourth dimension degree is for referring to Show that the purpose of transmission, the information of the 5th dimension are used to indicate the addressing information of transmission, the information of 6 DOF degree is used to indicate information Processing mode, signing messages are to the information of cleartext information, third dimension in the information of the first dimension, the second dimension, the 4th What the information of the information of dimension, the information of the 5th dimension and 6 DOF degree was signed;By the information of the first dimension, The information of two-dimensions, the information of third dimension, the information of fourth dimension degree, the information of the 5th dimension, the information of 6 DOF degree and Signing messages is combined into normal data packet.
Optionally, when obtaining the information of the first dimension, can acquisition request side mark and user information and recipient Mark and user information are the information of the first dimension.
Optionally, when obtaining the information of third dimension, the timestamp and target data when generating target data can be obtained Timing be identified as the information of third dimension.
Optionally, when obtaining the information of third dimension, the message of target data can also be obtained in addition to obtaining above content Serial number.
Optionally, obtain the 5th dimension information when, can acquisition request side public key.
Optionally, when obtaining the information of the 5th dimension, other than the public key of acquisition request side, it can also obtain recipient's At least one of Internet protocol address, the device identification of recipient and services addresses of recipient.
Optionally, when obtaining the information of 6 DOF degree, the coding mode and/or cipher mode of target data can be obtained.
Optionally, coding mode and/or cipher mode when obtaining the information of 6 DOF degree, in addition to obtaining target data Outside, the signature scheme of signing messages can also be obtained.
Table 1
In the above-described embodiments, a kind of structure of optional normal data packet is as shown in table 1, can be by information when initialization 6 dimension integrators, this 6 dimensions specifically may include: who (both sides of secure interactive is marked, i.e. identification request Side and reciever), what (original contents for needing interactive information), when (such as timestamp can carry timing id), why (i.e. The scene of information exchange, it may include purpose is such as requested resource, deletes resource, obtains key, referred to different service identifiers construction Enable collection definition etc.), where (i.e. addressing label, can be realized in the form of the address ip+equipment id+ public key+services addresses), how (format analysis processing, coding and the encryption mode of such as information, i.e. the default treatment mode of corresponding instruction collection can be unified herein Definition).Information exchange each time can be digitally signed by constructing a normal data packet to 6 dimensions, realize one The ability that secondary request can verify that.
Step S204, terminal send data packet to recipient.
The transmission method of the data packet of the embodiment of the present invention can be executed by server 103, and Fig. 3 is real according to the present invention The flow chart for applying a kind of transmission method of optional data packet of example, as shown in figure 3, this method may comprise steps of:
Step S302, the normal data packet that server acquisition request side is sent, normal data packet are sent out including at least requesting party The signing messages and request that the signing messages of the target data, requesting party sent signs to content in normal data packet The public key of side.
The public key of step S304, server by utilizing requesting party verify signing messages, to determine that requesting party's is legal Property.
In the embodiment shown in step S304, a kind of optional embodiment is as follows, using the public key of requesting party to label Name information is verified, to determine that the legitimacy of requesting party includes: the information for obtaining the first dimension from normal data packet, second Information, the information of third dimension, the information of fourth dimension degree, the information of the 5th dimension, the information and label of 6 DOF degree of dimension Name information, wherein the information of the first dimension is used to indicate requesting party and recipient, and the information of the second dimension is used to indicate number of targets According to the information and time correlation of third dimension, the information of fourth dimension degree are used to indicate the purpose of transmission, and the information of the 5th dimension is used In the addressing information of instruction transmission, the information of 6 DOF degree is used to indicate information processing manner, and signing messages is to the first dimension Information, the cleartext information in the second dimension, the information of third dimension, the information of fourth dimension degree, the information of the 5th dimension and What the information of 6 DOF degree was signed;The information processing manner indicated according to the information of 6 DOF degree is to the second dimension Information is handled, and the cleartext information in the second dimension is obtained;In the correct feelings of public key verifications signing messages using requesting party Under condition, determine that requesting party is legal;In the incorrect situation of public key verifications signing messages using requesting party, determine requesting party not It is legal.
In the above-mentioned technical solutions, a kind of verification mode of zero-knowledge proof is provided, zero-knowledge proof is an a kind of side (i.e. certifier) be not needing to show certain information (such as x value) but can prove that he holds the information to another party (i.e. verifier) Scheme.Different from the zero-knowledge proof method used in the related technology, in fact now user authentication when will be by the non-of public and private key Symmetric cryptography technology is realized, and realizes that process is largely all based on interactive mode and realizes, such as CA, PKI system, Interaction is always needed to carry out the problem of constantly carrying out public key exchange, face man-in-the-middle attack.
Through the above steps, by using above-mentioned data structure, in the scene of safety communication data exchange, in primary letter The integration and distribution for passing through information during single cross is mutual, realize the digital signature of the verification mode nizk based on zero-knowledge proof, with Authentication directly can be realized in a manner of zero interaction afterwards, and ensure that the confidentiality and integrity of message transmission, can solve The lower technical problem of the method security of user authentication is certainly realized in the related technology, and then reaches the safety for improving verification process The technical effect of property.
As a kind of optional embodiment, the technical solution of the application is described in detail below with reference to specific embodiment.
It is assumed that interaction both sides are Alice (i.e. sender), Bob (i.e. recipient), locating environment is the logical of enterprises Scene is interrogated, concrete implementation is shown in steps are as follows:
When step S101, Alice need to send information to Bob, the terminal that can be used in the terminal 1 and Bob that Alice is used Create tcp connection between 2 (tcp connection herein also can be replaced other connections, such as udp connection).
Step S102 after creating tcp connection between terminal 1 and terminal 2, assembles report using the Protocol Design format of table 1 Text, the encryption method to substitute tls assemble message and are encoded in a binary format to message encryption.Field request can be wrapped The unique identification id and the pet name " Alice " of Alice are included, field response may include the unique identification id and the pet name " of Bob Bob";At Encode field, the coding modes such as different coding mode, such as plaintext, ecc encryption are defined, if being defined as adding It is close, then it can be symmetric cryptography, be also possible to asymmetric encryption, such as using the plaintext of the public key encryption data of Bob, ciphertext is deposited It puts at Data field, the content data in Data is the specific message (job requirement that such as Alice is sent to Bob for needing interaction Deng);Corresponding contents are inserted in Time and Time id field, Time and Time id are the fields for having incidence relation, and Time can To take the timestamp of unix system, Time id may be randomly generated No. id, and as the message count that message sender is sent is passed Increase, such as same session, i.e., incremental to the serial number of the message of the same response, recipient can store this value and carry out pair Than that can be reset to avoid message;, can be according to business difference by field Type custom instruction collection, the service at rear is different, can To define arbitrary instruction collection, such as instruction set " send message ", representative is to send message;It is stored by Address field Addressing system is such as addressed according to ip, then can then fill in other side such as by public key addressing in the address ip that the field fills in recipient Public key;Sender is verified for the ease of recipient, which must be filled with the public key of sender.
Step S103 signs to the message of above 6 dimensions, and specific signature scheme can be any, but needs Signature scheme used in specifying in Encode field such as selects the asymmetric signature technology of ecdsa or eddsa to carry out whole label Name, is put in entire message end for signature value, in this way, constructing the digital signature based on nizk, signature herein is What the original text based on Data carried out.
Step S104 after recipient receives message, obtains the plaintext in Data according to the coding mode in Encode field; 6 dimensional informations are combined, in conjunction with the specific signature technology specified in Encode, are verified using the public key of sender, one Denier is verified, then is illustrated, the message strictly sended over from Alice.
So far, Bob obtains the secret information (information only Bob can be unlocked) that Alice is sended over, and only needs primary Sexual intercourse is mutual, can verify informed source and not be tampered in Alice and 6 dimension message process.
Using the above-mentioned technical proposal of the application, the authentication at center may be implemented, accomplish that end-to-end equality interaction is recognized Card, removes the intervention of trusted third party;Data can be transmitted by once interaction, can guarantee the integrality of binary data not by It destroys;Using the Information encapsulation of various dimensions, it is directly realized certification and the integration of data confidentiality;Each message information is taken automatically Band timestamp and timing, avoid the Replay Attack to message automatically;Complete information always carries final signature, as long as private key is not lost It loses, safety can be guaranteed.
It should be noted that for the various method embodiments described above, for simple description, therefore, it is stated as a series of Combination of actions, but those skilled in the art should understand that, the present invention is not limited by the sequence of acts described because According to the present invention, some steps may be performed in other sequences or simultaneously.Secondly, those skilled in the art should also know It knows, the embodiments described in the specification are all preferred embodiments, and related actions and modules is not necessarily of the invention It is necessary.
Through the above description of the embodiments, those skilled in the art can be understood that according to above-mentioned implementation The method of example can be realized by means of software and necessary general hardware platform, naturally it is also possible to by hardware, but it is very much In the case of the former be more preferably embodiment.Based on this understanding, technical solution of the present invention is substantially in other words to existing The part that technology contributes can be embodied in the form of software products, which is stored in a storage In medium (such as ROM/RAM, magnetic disk, CD), including some instructions are used so that a terminal device (can be mobile phone, calculate Machine, server or network equipment etc.) execute method described in each embodiment of the present invention.
Other side according to an embodiment of the present invention additionally provides a kind of for implementing the transmission method of above-mentioned data packet Data packet transmitting device.Fig. 4 is a kind of schematic diagram of the transmitting device of optional data packet according to an embodiment of the present invention, As shown in figure 4, the apparatus may include: generation unit 401 and transmission unit 403.
Generation unit 401, for generating normal data packet, wherein the normal data packet is included at least to be sent out to requesting party Signing messages that the target data sent, the requesting party sign to content in the normal data packet and for pair The public key for the requesting party that the signing messages is verified.
Transmission unit 403, for sending the data packet to recipient.
It should be noted that the generation unit 401 in the embodiment can be used for executing the step in the embodiment of the present application S202, the transmission unit 403 in the embodiment can be used for executing the step S204 in the embodiment of the present application.
Optionally, when generation unit generates normal data packet, it can be used for obtaining the information of the first dimension, the letter of the second dimension Breath, the information of third dimension, the information of fourth dimension degree, the information of the 5th dimension, the information of 6 DOF degree and the A.L.S. Breath, wherein the information of first dimension is used to indicate the requesting party and the recipient, and the information of second dimension is used In the instruction target data, the information of the information and time correlation of the third dimension, the fourth dimension degree is used to indicate biography The information of defeated purpose, the 5th dimension is used to indicate the addressing information of transmission, and the information of the 6 DOF degree is used to indicate Information processing manner, the signing messages are to the cleartext information, described in the information of first dimension, second dimension The information of third dimension, the information of the fourth dimension degree, the information of the information of the 5th dimension and the 6 DOF degree into Row signature obtains;By the information of the first dimension, information of second dimension, the information of the third dimension, described The information of fourth dimension degree, the information of the 5th dimension, the information of the 6 DOF degree and the signing messages are combined into institute State normal data packet.
Optionally, generation unit obtain the first dimension information when, obtain the requesting party mark and user information and The mark and user information of the recipient, the information as the first dimension.
Optionally, generation unit obtain third dimension information when, obtain generate the target data when timestamp and The timing of the target data identifies, the information as third dimension.
Optionally, when generation unit obtains the information of third dimension, the message sequence number of the target data can be also obtained, it will A part in its information as third dimension.
Optionally, when generation unit obtains the information of the 5th dimension, the public key of the requesting party is obtained, as the 5th dimension Information.
Optionally, when generation unit obtains the information of the 5th dimension, with can also obtaining the Internet protocol of the recipient At least one of location, the device identification of the recipient and services addresses of the recipient, as the 5th dimension Information in a part.
Optionally, it when generation unit obtains the information of 6 DOF degree, obtains the coding mode of the target data and/or adds Close mode, the information as 6 DOF degree.
Optionally, when generation unit obtains the information of 6 DOF degree, the signature scheme of signing messages can be also obtained, is made For a part in the information of 6 DOF degree.
Other side according to an embodiment of the present invention additionally provides a kind of for implementing the transmission method of above-mentioned data packet Data packet transmitting device.Fig. 5 is a kind of schematic diagram of the transmitting device of optional data packet according to an embodiment of the present invention, As shown in figure 5, the apparatus may include: acquiring unit 501 and authentication unit 503.
Acquiring unit 501, the normal data packet sent for acquisition request side, wherein the normal data packet at least wraps The signing messages of the target data, the requesting party that include requesting party's transmission signs to content in the normal data packet The public key of obtained signing messages and the requesting party;
Authentication unit 503 is verified the signing messages for the public key using the requesting party, described in determination The legitimacy of requesting party.
It should be noted that the acquiring unit 501 in the embodiment can be used for executing the step in the embodiment of the present application S302, the authentication unit 503 in the embodiment can be used for executing the step S304 in the embodiment of the present application.
Herein it should be noted that above-mentioned module is identical as example and application scenarios that corresponding step is realized, but not It is limited to above-described embodiment disclosure of that.It should be noted that above-mentioned module as a part of device may operate in as In hardware environment shown in FIG. 1, hardware realization can also be passed through by software realization.
By above-mentioned module, by using above-mentioned data structure, in the scene of safety communication data exchange, in primary letter The integration and distribution for passing through information during single cross is mutual, realize the digital signature of the verification mode nizk based on zero-knowledge proof, with Authentication directly can be realized in a manner of zero interaction afterwards, and ensure that the confidentiality and integrity of message transmission, can solve The lower technical problem of the method security of user authentication is certainly realized in the related technology, and then reaches the safety for improving verification process The technical effect of property.
Using the above-mentioned technical proposal of the application, the authentication at center may be implemented, accomplish that end-to-end equality interaction is recognized Card, removes the intervention of trusted third party;Data can be transmitted by once interaction, can guarantee the integrality of binary data not by It destroys;Using the Information encapsulation of various dimensions, it is directly realized certification and the integration of data confidentiality;Each message information is taken automatically Band timestamp and timing, avoid the Replay Attack to message automatically;Complete information always carries final signature, as long as private key is not lost It loses, safety can be guaranteed.
Herein it should be noted that above-mentioned module is identical as example and application scenarios that corresponding step is realized, but not It is limited to above-described embodiment disclosure of that.It should be noted that above-mentioned module as a part of device may operate in as In hardware environment shown in FIG. 1, hardware realization can also be passed through by software realization, wherein hardware environment includes network Environment.
Other side according to an embodiment of the present invention additionally provides a kind of for implementing the transmission method of above-mentioned data packet Server or terminal.
Fig. 6 is a kind of structural block diagram of terminal according to an embodiment of the present invention, as shown in fig. 6, the terminal may include: one A or multiple (one is only shown in Fig. 6) processor 601, memory 603 and transmitting device 605, as shown in fig. 6, the terminal It can also include input-output equipment 607.
Wherein, memory 603 can be used for storing software program and module, such as the biography of the data packet in the embodiment of the present invention Transmission method and the corresponding program instruction/module of device, the software program that processor 601 is stored in memory 603 by operation And module realizes the transmission method of above-mentioned data packet thereby executing various function application and data processing.Memory 603 may include high speed random access memory, can also include nonvolatile memory, as one or more magnetic storage device, Flash memory or other non-volatile solid state memories.In some instances, memory 603 can further comprise relative to processing The remotely located memory of device 601, these remote memories can pass through network connection to terminal.The example of above-mentioned network includes But be not limited to internet, intranet, local area network, mobile radio communication and combinations thereof.
Above-mentioned transmitting device 605 is used to that data to be received or sent via network, can be also used for processor with Data transmission between memory.Above-mentioned network specific example may include cable network and wireless network.In an example, Transmitting device 605 includes a network adapter (Network Interface Controller, NIC), can pass through cable It is connected with other network equipments with router so as to be communicated with internet or local area network.In an example, transmission dress 605 are set as radio frequency (Radio Frequency, RF) module, is used to wirelessly be communicated with internet.
Wherein, specifically, memory 603 is for storing application program.
The application program that processor 601 can call memory 603 to store by transmitting device 605, to execute following steps It is rapid:
Generate normal data packet, wherein the normal data packet includes at least the target data sent to requesting party, described Signing messages that requesting party signs to content in the normal data packet and for being carried out to the signing messages The public key of the requesting party of verifying;
The data packet is sent to recipient.
Processor 601 is also used to execute following step:
Obtain the information of the first dimension, the information of the second dimension, the information of third dimension, the information of fourth dimension degree, the 5th The information of dimension, the information of 6 DOF degree and the signing messages, wherein the information of first dimension is used to indicate described Requesting party and the recipient, the information of second dimension are used to indicate the target data, the information of the third dimension With time correlation, the information of the fourth dimension degree is used to indicate the purpose of transmission, and the information of the 5th dimension is used to indicate biography Defeated addressing information, the information of the 6 DOF degree are used to indicate information processing manner, and the signing messages is to described first The information of dimension, the cleartext information in second dimension, the information of the third dimension, the information of the fourth dimension degree, institute What the information of the information and the 6 DOF degree of stating the 5th dimension was signed;
By the information of first dimension, the information of second dimension, the information of the third dimension, the fourth dimension The information of degree, the information of the 5th dimension, the information of the 6 DOF degree and the signing messages are combined into the standard Data packet.
Using the embodiment of the present invention, by using above-mentioned data structure, in the scene of safety communication data exchange, one The integration and distribution for passing through information in secondary simple interaction realize the number label of the verification mode nizk based on zero-knowledge proof , then authentication directly can be realized in a manner of zero interaction, and ensure that the confidentiality and integrity of message transmission, it can To solve to realize the lower technical problem of the method security of user authentication in the related technology, and then reaches and improve verification process The technical effect of safety.
Optionally, the specific example in the present embodiment can be with reference to example described in above-described embodiment, the present embodiment Details are not described herein.
It will appreciated by the skilled person that structure shown in fig. 6 is only to illustrate, terminal can be smart phone (such as Android phone, iOS mobile phone), tablet computer, palm PC and mobile internet device (Mobile Internet Devices, MID), the terminal devices such as PAD.Fig. 6 it does not cause to limit to the structure of above-mentioned electronic device.For example, terminal is also May include than shown in Fig. 6 more perhaps less component (such as network interface, display device) or have with shown in Fig. 6 Different configurations.
Those of ordinary skill in the art will appreciate that all or part of the steps in the various methods of above-described embodiment is can It is completed with instructing the relevant hardware of terminal device by program, which can store in a computer readable storage medium In, storage medium may include: flash disk, read-only memory (Read-Only Memory, ROM), random access device (Random Access Memory, RAM), disk or CD etc..
The embodiments of the present invention also provide a kind of storage mediums.Optionally, in the present embodiment, above-mentioned storage medium can With the program code of the transmission method for executing data packet.
Optionally, in the present embodiment, above-mentioned storage medium can be located at multiple in network shown in above-described embodiment On at least one network equipment in the network equipment.
Optionally, in the present embodiment, storage medium is arranged to store the program code for executing following steps:
Generate normal data packet, wherein the normal data packet includes at least the target data sent to requesting party, described Signing messages that requesting party signs to content in the normal data packet and for being carried out to the signing messages The public key of the requesting party of verifying;
The data packet is sent to recipient.
Optionally, storage medium is also configured to store the program code for executing following steps:
Obtain the information of the first dimension, the information of the second dimension, the information of third dimension, the information of fourth dimension degree, the 5th The information of dimension, the information of 6 DOF degree and the signing messages, wherein the information of first dimension is used to indicate described Requesting party and the recipient, the information of second dimension are used to indicate the target data, the information of the third dimension With time correlation, the information of the fourth dimension degree is used to indicate the purpose of transmission, and the information of the 5th dimension is used to indicate biography Defeated addressing information, the information of the 6 DOF degree are used to indicate information processing manner, and the signing messages is to described first The information of dimension, the cleartext information in second dimension, the information of the third dimension, the information of the fourth dimension degree, institute What the information of the information and the 6 DOF degree of stating the 5th dimension was signed;
By the information of first dimension, the information of second dimension, the information of the third dimension, the fourth dimension The information of degree, the information of the 5th dimension, the information of the 6 DOF degree and the signing messages are combined into the standard Data packet.
Optionally, the specific example in the present embodiment can be with reference to example described in above-described embodiment, the present embodiment Details are not described herein.
Optionally, in the present embodiment, above-mentioned storage medium can include but is not limited to: USB flash disk, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), mobile hard disk, magnetic disk or The various media that can store program code such as CD.
The serial number of the above embodiments of the invention is only for description, does not represent the advantages or disadvantages of the embodiments.
If the integrated unit in above-described embodiment is realized in the form of SFU software functional unit and as independent product When selling or using, it can store in above-mentioned computer-readable storage medium.Based on this understanding, skill of the invention Substantially all or part of the part that contributes to existing technology or the technical solution can be with soft in other words for art scheme The form of part product embodies, which is stored in a storage medium, including some instructions are used so that one Platform or multiple stage computers equipment (can be personal computer, server or network equipment etc.) execute each embodiment institute of the present invention State all or part of the steps of method.
In the above embodiment of the invention, it all emphasizes particularly on different fields to the description of each embodiment, does not have in some embodiment The part of detailed description, reference can be made to the related descriptions of other embodiments.
In several embodiments provided herein, it should be understood that disclosed client, it can be by others side Formula is realized.Wherein, the apparatus embodiments described above are merely exemplary, such as the division of the unit, and only one Kind of logical function partition, there may be another division manner in actual implementation, for example, multiple units or components can combine or It is desirably integrated into another system, or some features can be ignored or not executed.Another point, it is shown or discussed it is mutual it Between coupling, direct-coupling or communication connection can be through some interfaces, the INDIRECT COUPLING or communication link of unit or module It connects, can be electrical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme 's.
It, can also be in addition, the functional units in various embodiments of the present invention may be integrated into one processing unit It is that each unit physically exists alone, can also be integrated in one unit with two or more units.Above-mentioned integrated list Member both can take the form of hardware realization, can also realize in the form of software functional units.
The above is only a preferred embodiment of the present invention, it is noted that for the ordinary skill people of the art For member, various improvements and modifications may be made without departing from the principle of the present invention, these improvements and modifications are also answered It is considered as protection scope of the present invention.

Claims (14)

1. a kind of transmission method of data packet characterized by comprising
Generate normal data packet, wherein the normal data packet includes at least the target data sent to requesting party, the request Signing messages that side signs to content in the normal data packet and for being verified to the signing messages The requesting party public key;
The data packet is sent to recipient.
2. the method according to claim 1, wherein generation normal data packet includes:
Obtain the information of the first dimension, the information of the second dimension, the information of third dimension, the information of fourth dimension degree, the 5th dimension Information, the information of 6 DOF degree and the signing messages, wherein the information of first dimension is used to indicate the request The square and described recipient, the information of second dimension are used to indicate the target data, the information of the third dimension and when Between it is related, the information of the fourth dimension degree is used to indicate the purpose of transmission, and the information of the 5th dimension is used to indicate transmission Addressing information, the information of the 6 DOF degree are used to indicate information processing manner, and the signing messages is to first dimension Information, the cleartext information in second dimension, the information of the third dimension, the information of the fourth dimension degree, described What the information of five dimensions and the information of the 6 DOF degree were signed;
By the information of first dimension, the information of second dimension, the information of the third dimension, the fourth dimension degree Information, the information of the 5th dimension, the information of the 6 DOF degree and the signing messages are combined into the normal data Packet.
3. according to the method described in claim 2, it is characterized in that, the information for obtaining the first dimension includes:
Obtain the mark and user information and the mark and user information of the recipient of the requesting party.
4. according to the method described in claim 2, it is characterized in that, the information for obtaining third dimension includes:
Obtain the timing mark of timestamp when generating the target data and the target data.
5. according to the method described in claim 4, it is characterized in that, obtaining the information of third dimension further include:
Obtain the message sequence number of the target data.
6. according to the method described in claim 2, it is characterized in that, the information for obtaining the 5th dimension includes:
Obtain the public key of the requesting party.
7. according to the method described in claim 6, it is characterized in that, obtaining the information of the 5th dimension further include:
With obtaining the business of the Internet protocol address of the recipient, the device identification of the recipient and the recipient At least one of location.
8. according to the method described in claim 2, it is characterized in that, the information for obtaining 6 DOF degree includes:
Obtain the coding mode and/or cipher mode of the target data.
9. a kind of transmission method of data packet characterized by comprising
The normal data packet that acquisition request side is sent, wherein the normal data packet includes at least the mesh that the requesting party sends Mark data, the signing messages signed to content in the normal data packet of signing messages of the requesting party and institute State the public key of requesting party;
The signing messages is verified using the public key of the requesting party, with the legitimacy of the determination requesting party.
10. according to the method described in claim 9, it is characterized in that, using the public key of the requesting party to the signing messages It is verified, the legitimacy with the determination requesting party includes:
The information of the first dimension, the information of the second dimension, the information of third dimension, fourth dimension are obtained from the normal data packet The information of degree, the information of the 5th dimension, the information of 6 DOF degree and the signing messages, wherein the letter of first dimension Breath is used to indicate the requesting party and recipient, and the information of second dimension is used to indicate the target data, the third The information and time correlation of dimension, the information of the fourth dimension degree are used to indicate the purpose of transmission, the information of the 5th dimension It is used to indicate the addressing information of transmission, the information of the 6 DOF degree is used to indicate information processing manner, and the signing messages is To the cleartext information in the information of first dimension, second dimension, the information of the third dimension, the fourth dimension degree Information, the information of the 5th dimension and the information of the 6 DOF degree signed;
The information of second dimension is handled according to the information processing manner that the information of the 6 DOF degree indicates, is obtained Cleartext information in second dimension;
In the correct situation of signing messages described in the public key verifications using the requesting party, determine that the requesting party is legal;
In the incorrect situation of signing messages described in the public key verifications using the requesting party, determine that the requesting party does not conform to Method.
11. a kind of transmitting device of data packet characterized by comprising
Generation unit, for generating normal data packet, wherein the normal data packet includes at least the target sent to requesting party Signing messages that data, the requesting party sign to content in the normal data packet and for the signature The public key for the requesting party that information is verified;
Transmission unit, for sending the data packet to recipient.
12. a kind of transmitting device of data packet characterized by comprising
Acquiring unit, the normal data packet sent for acquisition request side, wherein the normal data packet includes at least described ask The label that the signing messages of target data, the requesting party that the side of asking is sent signs to content in the normal data packet The public key of name information and the requesting party;
Authentication unit is verified the signing messages for the public key using the requesting party, with the determination requesting party Legitimacy.
13. a kind of storage medium, which is characterized in that the storage medium includes the program of storage, wherein when described program is run Execute method described in 1 to 10 any one of the claims.
14. a kind of electronic device, including memory, processor and it is stored on the memory and can transports on the processor Capable computer program, which is characterized in that the processor executes the claims 1 to 10 by the computer program Method described in one.
CN201910503334.3A 2019-06-11 2019-06-11 Transmission method and device, storage medium, the electronic device of data packet Pending CN110351092A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910503334.3A CN110351092A (en) 2019-06-11 2019-06-11 Transmission method and device, storage medium, the electronic device of data packet

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910503334.3A CN110351092A (en) 2019-06-11 2019-06-11 Transmission method and device, storage medium, the electronic device of data packet

Publications (1)

Publication Number Publication Date
CN110351092A true CN110351092A (en) 2019-10-18

Family

ID=68181874

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910503334.3A Pending CN110351092A (en) 2019-06-11 2019-06-11 Transmission method and device, storage medium, the electronic device of data packet

Country Status (1)

Country Link
CN (1) CN110351092A (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101854625A (en) * 2009-04-03 2010-10-06 华为技术有限公司 Selective processing method and device of security algorithm, network entity and communication system
CN106534086A (en) * 2016-10-31 2017-03-22 深圳数字电视国家工程实验室股份有限公司 Device authentication method and system, terminal device and server
CN106992865A (en) * 2017-03-30 2017-07-28 北京深思数盾科技股份有限公司 Data signature method and system, data sign test method and device

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101854625A (en) * 2009-04-03 2010-10-06 华为技术有限公司 Selective processing method and device of security algorithm, network entity and communication system
CN106534086A (en) * 2016-10-31 2017-03-22 深圳数字电视国家工程实验室股份有限公司 Device authentication method and system, terminal device and server
CN106992865A (en) * 2017-03-30 2017-07-28 北京深思数盾科技股份有限公司 Data signature method and system, data sign test method and device

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
C语言程序猿: "一个自定义的自报报文格式", 《21电子网》 *

Similar Documents

Publication Publication Date Title
CN111083131B (en) Lightweight identity authentication method for power Internet of things sensing terminal
US9621545B2 (en) System and method for connecting client devices to a network
US6263437B1 (en) Method and apparatus for conducting crypto-ignition processes between thin client devices and server devices over data networks
CN110011795B (en) Symmetric group key negotiation method based on block chain
US8971540B2 (en) Authentication
US10742426B2 (en) Public key infrastructure and method of distribution
US20150244525A1 (en) Authentication
US8285989B2 (en) Establishing a secured communication session
CN108650227A (en) Handshake method based on datagram secure transfer protocol and system
US9106644B2 (en) Authentication
EP0661845B1 (en) System and method for message authentication in a non-malleable public-key cryptosystem
CN111756529B (en) Quantum session key distribution method and system
CN111970699B (en) Terminal WIFI login authentication method and system based on IPK
CN113904809B (en) Communication method, device, electronic equipment and storage medium
CN109150897A (en) A kind of communication encrypting method and device end to end
CN101938500B (en) Method and system for verifying source address
US20110320359A1 (en) secure communication method and device based on application layer for mobile financial service
CN107094156A (en) A kind of safety communicating method and system based on P2P patterns
CN109639426A (en) Bidirectional self-authentication method based on identification password
KR101704540B1 (en) A method of managing group keys for sharing data between multiple devices in M2M environment
CN116204914A (en) Trusted privacy computing method, device, equipment and storage medium
CN103986716B (en) Establishing method for SSL connection and communication method and device based on SSL connection
CN114928503B (en) Method for realizing secure channel and data transmission method
CN110417804A (en) A kind of bidirectional identity authentication encryption communication method and system suitable for chip microcontroller
CN110417722A (en) A kind of business datum communication means, communication equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20191128

Address after: 102300 no.6-1-21, office building, building 20, Pudong, Mentougou District, Beijing

Applicant after: Beijing Siyuan ideal Holding Group Co.,Ltd.

Address before: 100102 No. 301, No. 316 building, Nanhu garden, Chaoyang District, Beijing 18

Applicant before: BEIJING SYSWIN INTERCONNECTED TECHNOLOGY CO.,LTD.

RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20191018