CN112689014A - Double-full-duplex communication method and device, computer equipment and storage medium - Google Patents
Double-full-duplex communication method and device, computer equipment and storage medium Download PDFInfo
- Publication number
- CN112689014A CN112689014A CN202011552858.0A CN202011552858A CN112689014A CN 112689014 A CN112689014 A CN 112689014A CN 202011552858 A CN202011552858 A CN 202011552858A CN 112689014 A CN112689014 A CN 112689014A
- Authority
- CN
- China
- Prior art keywords
- client
- reference data
- websocket
- server
- connection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000004891 communication Methods 0.000 title claims abstract description 66
- 238000000034 method Methods 0.000 title claims abstract description 36
- 230000004044 response Effects 0.000 claims description 53
- 238000012795 verification Methods 0.000 claims description 16
- 238000012546 transfer Methods 0.000 claims description 13
- 238000004806 packaging method and process Methods 0.000 claims description 8
- 238000004590 computer program Methods 0.000 claims description 6
- 238000004422 calculation algorithm Methods 0.000 description 13
- 230000005540 biological transmission Effects 0.000 description 8
- 239000012634 fragment Substances 0.000 description 8
- 230000006870 function Effects 0.000 description 7
- 235000014510 cooky Nutrition 0.000 description 6
- 238000010586 diagram Methods 0.000 description 6
- 230000003287 optical effect Effects 0.000 description 5
- 238000012545 processing Methods 0.000 description 5
- 238000013075 data extraction Methods 0.000 description 4
- 238000005538 encapsulation Methods 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 230000002093 peripheral effect Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 101100269850 Caenorhabditis elegans mask-1 gene Proteins 0.000 description 1
- 101100364301 Schizosaccharomyces pombe (strain 972 / ATCC 24843) rsv1 gene Proteins 0.000 description 1
- 101100364302 Schizosaccharomyces pombe (strain 972 / ATCC 24843) rsv2 gene Proteins 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000001808 coupling effect Effects 0.000 description 1
- 125000004122 cyclic group Chemical group 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000013467 fragmentation Methods 0.000 description 1
- 238000006062 fragmentation reaction Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 230000008707 rearrangement Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 230000011664 signaling Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Abstract
The embodiment of the invention provides a duplex full-duplex communication method, a duplex full-duplex communication device, computer equipment and a storage medium, wherein the method comprises the following steps: the method comprises the steps of generating a security token aiming at identity information of a client, exchanging reference data with the client when establishing a WebSocket connection with the client, checking the legality of the client relative to the WebSocket connection according to the reference data before communicating with the client based on the security token, maintaining the WebSocket connection if the client is legal relative to the WebSocket connection, communicating with the client by using the security token through the WebSocket connection, preventing lawbreakers from automatically establishing the WebSocket connection with a server to communicate with the server, preventing the client from being offline, and improving the security of the server and user data.
Description
Technical Field
The embodiment of the invention relates to the technical field of communication, in particular to a duplex full-duplex communication method, a duplex full-duplex communication device, computer equipment and a storage medium.
Background
In the prior art, many websites adopt a polling technology to realize instant messaging, that is, at specific time intervals, a client sends an HTTP (HyperText Transfer Protocol) request to a server, and the server returns the latest data to the client. Because the client continuously sends the HTTP request to the server, and a header of the HTTP request is relatively long, but data included in the header may be only a small value, more bandwidth is occupied, but the utilization rate of the bandwidth is low.
Aiming at the problems, the full-duplex communication (full-duplex) between the client and the server is realized at present, a WebSocket protocol is adopted in HTML5(Hypertext Markup Language 5, 5 th edition), the WebSocket protocol provides a fast channel between the client and the server, and the real-time transmission of data between the client and the server can be realized.
At present, internet applications are various, wherein most of the applications have the characteristics of quick response, frequent interaction, push response and the like, such as games, chat applications and the like, and the applications are suitable for a web socket protocol, but the web socket protocol does not have an identity authentication mechanism, and when a server performs identity authentication on a client, other identity authentication schemes need to be additionally used to ensure the security.
Authentication information is usually generated during identity authentication, if the authentication information is leaked, a lawless person can bypass the client side to communicate with the server side based on the WebSocket, and the risk is high.
Disclosure of Invention
The embodiment of the invention provides a duplex full-duplex communication method, a duplex full-duplex communication device, computer equipment and a storage medium, and aims to solve the problem of high risk of verification based on a WebSocket protocol.
In a first aspect, an embodiment of the present invention provides a duplex full duplex communication method, including:
generating a security token for identity information of a client;
exchanging reference data with the client when establishing a Websocket connection with the client;
before the security token is used for communicating with the client, verifying the legality of the client relative to the Websocket connection according to the reference data;
if the connection of the client side relative to the network nested word WebSocket is legal, maintaining the connection of the network nested word WebSocket;
and communicating with the client by using the security token through the network nested word WebSocket connection.
Optionally, the method further comprises:
and if the connection of the client side relative to the network nested word Websocket is illegal, disconnecting the network nested word Websocket connection.
Optionally, the reference data comprises server-side reference data;
when establishing the Websocket connection with the client, exchanging reference data with the client, wherein the reference data comprises:
receiving a handshake request sent by the client based on a WebSocket protocol;
randomly generating a character string as reference data of a server;
generating a handshake response for the handshake request based on the WebSocket protocol;
encapsulating the server-side reference data into the handshake response;
and if the packaging is finished, sending the handshake response to the client to establish a Websocket connection with the client.
Optionally, the encapsulating the server-side reference data into the handshake response includes:
generating a self-defined field in a header of the handshake response as a server field;
and writing the server reference data into the server field.
Optionally, the reference data further comprises client reference data;
when establishing the Websocket connection with the client, exchanging reference data with the client, and further comprising:
and extracting the specified character string from the handshake request as client reference data.
Optionally, the extracting a specified character string from the handshake request as client reference data includes:
searching a self-defined field in a header of the handshake request to be used as a client field;
and reading the character string in the field of the client as client reference data.
Optionally, the verifying, according to the reference data, the validity of the client with respect to the WebSocket connection includes:
receiving first target data sent by the client through the Websocket connection;
generating second target data based on the reference data;
if the first target data is the same as the second target data, determining that the client side is legal in connection relative to the Websocket;
and if the first target data is different from the second target data, determining that the connection of the client side relative to the network nested word Websocket is illegal.
Optionally, the reference data includes server-side reference data and client-side reference data; the generating second target data based on the reference data comprises:
encrypting the server side reference data to obtain second target data;
alternatively, the first and second electrodes may be,
generating comprehensive reference data based on the server-side reference data and the client-side reference data;
and encrypting the comprehensive reference data to obtain second target data.
Optionally, the generating a security token for the identity information of the client includes:
receiving identity information sent by a client based on a hypertext transfer security protocol (HTTPS);
verifying the identity information;
if the verification is successful, generating a security token for the identity information;
sending the security token to the client based on the hypertext transfer security protocol (HTTPS).
Optionally, the using the security token to communicate with the client through the WebSocket connection includes:
receiving a communication request sent by the client through the Websocket connection, wherein the communication request carries the security token;
verifying the security token;
and if the verification is successful, sending a communication response to the client through the Websocket connection.
In a second aspect, an embodiment of the present invention further provides a dual-full-duplex communication apparatus, including:
the security token generation module is used for generating a security token aiming at the identity information of the client;
the reference data exchange module is used for exchanging reference data with the client when establishing a Websocket connection with the client;
the validity checking module is used for checking the validity of the client relative to the Websocket connection according to the reference data before the security token is used for communicating with the client;
the communication connection maintaining module is used for maintaining the connection of the network nested word WebSocket if the connection of the client side relative to the network nested word WebSocket is legal;
and the authentication communication module is used for communicating with the client by using the security token through the network nested word WebSocket connection.
Optionally, the method further comprises:
and the communication connection disconnection module is used for disconnecting the connection of the network nested word WebSocket if the connection of the client side relative to the network nested word WebSocket is illegal.
Optionally, the reference data comprises server-side reference data; the reference data exchange module includes:
the handshake request receiving submodule is used for receiving a handshake request sent by the client based on a WebSocket protocol;
the character string generation submodule is used for randomly generating a character string as the reference data of the server;
a handshake response generation submodule, configured to generate a handshake response for the handshake request based on the WebSocket protocol;
a reference data packaging submodule, configured to package the server-side reference data into the handshake response;
and the handshake response sending submodule is used for sending the handshake response to the client to establish network nested word (WebSocket) connection with the client if the packaging is finished.
Optionally, the reference data encapsulation sub-module includes:
a server field generating unit, configured to generate a custom field in a header of the handshake response as a server field;
and the reference data writing unit is used for writing the server-side reference data into the server-side field.
Optionally, the reference data further comprises client reference data; the reference data exchange module further comprises:
and the reference data extraction submodule is used for extracting the specified character string from the handshake request to be used as client reference data.
In one embodiment of the invention, the reference data extraction sub-module comprises:
a client field searching unit, configured to search a self-defined field in a header of the handshake request, where the self-defined field is used as a client field;
and the character string reading unit is used for reading the character string in the field of the client as the reference data of the client.
Optionally, the validity checking module includes:
the first target data receiving submodule is used for receiving first target data sent by the client through the Websocket connection;
a second target data generation submodule for generating second target data based on the reference data;
a legality determining submodule, configured to determine that the client is legally connected with respect to the WebSocket if the first target data is the same as the second target data;
and the illegal determining submodule is used for determining that the client side is illegally connected relative to the Websocket if the first target data is different from the second target data.
Optionally, the reference data includes server-side reference data and client-side reference data; the second target data generation submodule includes:
the first encryption unit is used for encrypting the server side reference data to obtain second target data;
alternatively, the first and second electrodes may be,
the comprehensive reference data generating unit is used for generating comprehensive reference data based on the server side reference data and the client side reference data;
and the second encryption unit is used for encrypting the comprehensive reference data to obtain second target data.
Optionally, the security token generation module includes:
the identity information receiving submodule is used for receiving identity information sent by the client based on a hypertext transfer secure protocol (HTTPS);
the identity information verification submodule is used for verifying the identity information;
the safety token generation submodule is used for generating a safety token for the identity information if the verification is successful;
and the security token sending submodule is used for sending the security token to the client based on the hypertext transfer security protocol (HTTPS).
Optionally, the authentication communication module comprises:
the communication request receiving submodule is used for receiving a communication request sent by the client through the WebSocket connection, and the communication request carries the security token;
the safety token verifying submodule is used for verifying the safety token;
and the communication response sending submodule is used for sending the communication response to the client through the WebSocket connection if the verification is successful.
In a third aspect, an embodiment of the present invention further provides a computer device, where the computer device includes:
one or more processors;
a memory for storing one or more programs,
when executed by the one or more processors, cause the one or more processors to implement the method of duplex communication according to any one of the first aspect.
In a fourth aspect, the embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the duplex communication method according to any one of the first aspect.
In this embodiment, a security token is generated for identity information of a client, when a WebSocket connection with a client is established, reference data is exchanged with the client, before the client communicates with the client based on the security token, validity of the client with respect to the WebSocket connection is checked according to the reference data, if the client is legal with respect to the WebSocket connection, the WebSocket connection with the client is maintained, and the security token is used to communicate with the client through the WebSocket connection with the WebSocket connection The information and the precaution that the client is offline improve the safety of the server and the user data.
Drawings
Fig. 1 is a flowchart of a duplex communication method according to an embodiment of the present invention;
fig. 2 is a signaling diagram of a communication between a client and a server according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of a duplex communication apparatus according to a second embodiment of the present invention;
fig. 4 is a schematic structural diagram of a computer device according to a third embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be further noted that, for the convenience of description, only some of the structures related to the present invention are shown in the drawings, not all of the structures.
Example one
Fig. 1 is a flowchart of a duplex communication method provided in an embodiment of the present invention, where this embodiment is applicable to challenge, when performing authentication on identity information based on a WebSocket protocol, to establish a WebSocket connection for a client to prevent an off-hook situation, where the method may be executed by a duplex communication apparatus, where the duplex communication apparatus may be implemented by software and/or hardware, and may be configured in a computer device, such as a server, a workstation, and the like, and specifically includes the following steps:
In practical applications, the WebSocket protocol can be applied to different business scenarios, for example, social subscription, multiplayer game, collaborative editing, click stream data, stock fund quotation, live sports update, multimedia chat, location-based application, online education, and the like, in the WebSocket protocol, the computer device can be referred to as a server for the client, and in addition, the form of the client is different in different business scenarios, for example, in the social subscription, the client can be a browser and an instant messenger, in the multiplayer game, the client can be a browser and a game application, in the collaborative editing, the client can be a browser, an instant messenger, an office tool, and the like, which is not limited in this embodiment.
If a user logs in the system through authentication of the client and establishes the WebSocket connection, the server authenticates identity information (such as an account number, a password, fingerprint data, face data and the like) of the client, and at the moment, an identity authentication system can be established in the WebSocket connection.
Generally, identity information can be authenticated between the server and the client based on the security token, the cookie, and the like as authentication information.
In this embodiment, the authentication of the identity information based on the security token is selected based on at least one of the following factors:
1. and (4) coupling property. The authentication of the identity information based on the cookie means that the authentication of the client and the service of providing the WebSocket of the network nested word are the same management mechanism of the session cookie. The service is based on java (a door-to-object programming language) some web framework, while socket is provided by socket. It is difficult to make the systems with two functions coordinate a shared authentication mode, and the identity information based on the security token can release the dependence on the service.
2. session management. If the service providing the web socket word WebSocket maintains cookie-based authentication, the session is stored by means of some storage (DB (data base), Remote Dictionary Server). The service of the WebSocket serving as the network nested word is provided as a service for solving communication connection, the efficiency of maintaining the session is low, and the maintenance of the session can be eliminated by carrying out identity information based on the security token.
3. And (4) applicability. cookies may also be disabled in some device or browser settings, resulting in authentication failure of identity information, while disabling identity information bypass cookies is done based on a security token.
The method comprises the steps that when a client logs in a system, identity information can be sent to a server, the server verifies the identity information, if verification is successful, a security token is generated for the client, the security token comprises user information and can be used for distinguishing users with different identities, and generally, the security token consists of the user information, a timestamp and a signature encrypted by a hash (hash) function.
In an embodiment of the present invention, in order to enhance the security of the identity information authentication, an authentication interface of an HTTPS (Hyper Text Transfer Protocol over secure session Layer) may be called between the client and the server to perform the identity information authentication.
The server side can use an asymmetric encryption algorithm (such as an RSA algorithm) to generate a public key and a private key, the server side transmits the public key to a digital certificate CA and packages and transmits the public key to the client side, after the digital certificate CA reaches the client side, TLS (secure transport layer protocol) of the client side verifies whether the digital certificate CA is valid or not through factors such as an issuing organization, the validity period of the public key, CA digital signature and the like, if the digital certificate CA has a problem, a warning frame pops up to prompt that the digital certificate CA has a problem, if the digital certificate CA has no problem, the client side can use the symmetric encryption to generate a secret key, encrypt the secret key by the digital certificate CA and then send the secret key to the server side, and the. And the server receives the key encrypted by the digital certificate CA, and decrypts the key by using the private key of the server to obtain the key. Therefore, the client and the server both obtain the key, and the information exchange is relatively safe.
As shown in fig. 2, when receiving identity information input by a user, a client invokes a symmetric key algorithm to encrypt the identity information using the key, and sends the encrypted identity information to a server based on a hypertext transfer security protocol HTTPS.
The server receives the identity information sent by the client based on a hypertext transfer secure protocol (HTTPS), calls a symmetric key algorithm to decrypt the identity information by using the key, verifies the identity information, compares whether the current identity information is the same as the previously recorded identity information, determines that the verification is passed if the current identity information is the same as the previously recorded identity information, and determines that the verification fails if the current identity information is different from the previously recorded identity information.
If the verification is successful, the server side can generate a security token for the identity information, and a symmetric key algorithm is called to encrypt the security token by using the key. And sending the security token to the client based on the HTTPS.
The client receives the security token sent by the server based on the hypertext transfer security protocol (HTTPS), and calls a symmetric key algorithm to decrypt the security token by using the key.
And 102, exchanging reference data with the client when establishing the Websocket connection with the client.
In this embodiment, when the client and the server complete verification of the identity information, the client may initiate connection of the WebSocket to the server, and in the process of establishing the WebSocket connection between the server and the client, the server and the client may exchange reference data with each other, where the reference data may be used to verify validity of the client with respect to the WebSocket connection based on a Challenge/Response (Challenge/Response) manner after the WebSocket connection between the client and the server is established.
Since the Challenge/Response (Challenge/Response) manner is different, the reference data generated is different, and the manner in which the client and the server exchange the reference data is also different, which is not limited in this embodiment.
In one case, as shown in fig. 2, the server generates reference data, and for convenience of distinction, the reference data generated by the server is recorded as server reference data, and when a WebSocket connection with the client is established, the server transmits the server reference data to the client.
In a specific implementation, the client sends a handshake request based on a WebSocket protocol, and an example of a header of the handshake request is as follows:
GET/chat HTTP/1.1
Host:server.example.com
Connection:Upgrade
Upgrade:websocket
Sec-WebSocket-Protocol:chat,superchat
Sec-WebSocket-Version:13
Sec-WebSocket-key:dGhlIHNhbXBsZSBub25jZQ==
wherein "Connection" is Upgrade "and" Upgrade "are used to notify the server to Upgrade the communication Protocol to the WebSocket Protocol," Sec-WebSocket-Protocol "is a user-defined string, and this example indicates that under the same URL (Uniform Resource Locator), the required protocols of different services, such as chat, are" Sec-WebSocket-Version "indicating the Version of the WebSocket Protocol," Sec-WebSocket-key "indicating the encrypted string.
The server can receive a handshake request sent by the client based on the WebSocket protocol, and at this time, in response to the handshake request, on one hand, a random function (such as rank ()) is called to randomly generate a character string as server reference data, wherein the length of the character string can be set according to the requirements of a service scene on factors such as encryption strength, time, bandwidth and the like, such as 16 bits, and on the other hand, a handshake response is generated for the handshake request based on the WebSocket protocol, and the server reference data is packaged into the handshake response.
Further, the server may generate a custom field in the header of the handshake response as the server field, and write the server reference data in the server field, where an example of the header of the handshake response is as follows:
HTTP/1.1 101Switching Protocols
Upgrade:websocket
Connection:Upgrade
Sec-WebSocket-Accept:s3pPLMBiTxaQ9kYGzzhZRbK+xOo=
Sec-WebSocket-Protocol:chat
Server-Salt:123456
the '101 Switching Protocols' is a 101 state code and indicates Switching to a WebSocket protocol, the 'Sec-WebSocket-Accept' is encryption of a field in the 'Sec-WebSocket-key', handshaking is agreed to establish WebSocket connection of the network nested words, a client receives the 'Sec-WebSocket-Accept' and then compares and verifies a character string in the 'Sec-WebSocket-key', the 'Server-Salt' is a service end field, and the '123456' is service end parameter data.
And if the packaging is finished, sending a handshake response to the client, finishing protocol switching between the client and the server at the moment, and establishing network nested word Websocket connection between the server and the client.
In another case, as shown in fig. 2, both the client and the server generate reference data, for convenience of distinction, the reference data generated by the client is recorded as client reference data, the reference data generated by the server is recorded as server reference data, and when a WebSocket connection with the client is established, the client transmits the client reference data to the client, and the server transmits the server reference data to the client.
In specific implementation, on one hand, a client calls a random function (such as rank ()) to randomly generate a character string as server reference data, wherein the length of the character string can be set according to requirements of a service scene on factors such as encryption strength, time, bandwidth and the like, such as 16 bits, and on the other hand, a handshake request is sent based on a WebSocket protocol, and the client reference data is encapsulated into a handshake response.
Further, the client may generate a custom field in the header of the handshake request as a client field, and write the client reference data in the client field, and examples of the header of the handshake request are as follows:
GET/chat HTTP/1.1
Host:server.example.com
Connection:Upgrade
Upgrade:websocket
Sec-WebSocket-Protocol:chat,superchat
Sec-WebSocket-Version:13
Sec-WebSocket-key:dGhlIHNhbXBsZSBub25jZQ==
Client-Slat:741852
wherein "Client-flat" represents the Client field and "741852" represents the Client reference data.
The server side can receive a handshake request sent by the client side based on a network nested word WebSocket protocol, and at the moment, a specified character string is extracted from the handshake request and used as client side reference data.
Further, a custom field may be found in the header of the handshake request as a Client field, such as "Client-flat", and a string in the Client field may be read as the Client reference data.
In addition, in response to the handshake request, on one hand, a random function (e.g., rank ()) is called to randomly generate a character string as server reference data, where the length of the character string may be set according to requirements of a service scenario for factors such as encryption strength, time, bandwidth, and the like, for example, 16 bits, and on the other hand, a handshake response is generated for the handshake request based on a WebSocket protocol, and the server reference data is encapsulated into the handshake response.
Further, the server may generate a custom field in the header of the handshake response as the server field, and write the server reference data in the server field, where an example of the header of the handshake response is as follows:
HTTP/1.1 101Switching Protocols
Upgrade:websocket
Connection:Upgrade
Sec-WebSocket-Accept:s3pPLMBiTxaQ9kYGzzhZRbK+xOo=
Sec-WebSocket-Protocol:chat
Server-Salt:123456
and if the packaging is finished, sending a handshake response to the client, finishing protocol switching between the client and the server at the moment, and establishing network nested word Websocket connection between the server and the client.
Of course, the above manner of exchanging the reference data is only an example, and when the embodiment of the present invention is implemented, other manners of exchanging the reference data may be set according to actual situations, for example, the client transmits the client reference data to the server, and the like. In addition, besides the above-mentioned manner of exchanging the reference data, a person skilled in the art may also adopt other manners of exchanging the reference data according to actual needs, and the embodiment of the present invention is not limited thereto.
And 103, before the security token is used for communicating with the client, verifying the legality of the client relative to the Websocket connection of the network nested word according to the reference data.
After the server establishes the WebSocket connection with the client, before the server communicates with the client using the security token, that is, after step 102 and before step 105, the client may use the reference data as the Challenge, and respond to the Challenge to check the validity of the client with respect to the WebSocket connection, that is, determine whether the client is legal or illegal with respect to the WebSocket connection.
In a specific implementation, as shown in fig. 2, the client may generate first target data according to a predetermined authentication manner based on the reference data, package the first target data into a validity check request, and send the validity check request to the server through a WebSocket connection, so as to send the first target data to the server through the WebSocket connection.
In contrast, the server can receive the first target data sent by the client through the WebSocket connection, and generate the second target data based on the authentication mode agreed in advance by the reference data.
Since the Challenge/Response (Challenge/Response) manner is different, the reference data is different, and the authentication manner pre-agreed by the client and the server is also different, which is not limited in this embodiment.
In one case, if the reference data is the server-side reference data, both the client and the server can encrypt the server-side reference data by using a pre-agreed encryption algorithm to obtain the second target data.
Further, the encryption Algorithm may be a Hash-based Message Authentication Code (HMAC), such as MD5(Message-Digest Algorithm 5, version 5 Message Digest Algorithm), SHA (Secure Hash Algorithm), CRC (Cyclic Redundancy Check), and the like, which are not limited in this embodiment.
The key used by the HMAC may be encrypted using other means and pre-embedded in the client.
In another case, if the reference data is the server-side reference data and the client-side reference data, both the client and the server can use a pre-agreed combination mode to generate the comprehensive reference data based on the server-side reference data and the client-side reference data, and encrypt the comprehensive reference data by using a pre-agreed encryption algorithm to obtain the second target data.
Further, the combination manner may be bit-wise addition (data addition of the same bits), bit-wise subtraction (data subtraction of the same bits), bit-wise xor (data xor of the same bits), bit-wise interpolation (where data in one reference data is inserted before or after data of the same bits in another reference data), and the like, which is not limited in this embodiment.
In one example, assume that the server-side reference data is "123456", the client-side reference data is "741852", and the combined reference data after bitwise addition is "864 CA 8", where "a" represents 10, "C" represents 12, and the combined reference data after bitwise interpolation is "172431485562".
Of course, the above-mentioned manner of generating the first target data and the second target data is only an example, and when the embodiment of the present invention is implemented, other manners of generating the first target data and the second target data may be set according to actual situations, for example, when the reference data is the client reference data, both the client and the server may encrypt the client reference data by using a pre-agreed encryption algorithm to obtain the second target data, and the like. In addition, besides the above-mentioned manners of generating the first target data and the second target data, a person skilled in the art may also adopt other manners of generating the first target data and the second target data according to actual needs, and the embodiment of the present invention is not limited to this.
As shown in fig. 2, if the server generates the second target data, the first target data and the second target data may be compared, a comparison result is packaged into a validity check response, and the validity check response is sent to the client through a WebSocket connection.
And if the comparison result shows that the first target data is the same as the second target data, the reference data of the first target data and the reference data of the second target data are the same, and the current client is the client when the Websocket connection is established, determining that the connection of the current client relative to the Websocket is legal.
And if the comparison result shows that the first target data and the second target data are different, the reference data of the first target data and the reference data of the second target data are different, and the current client is not the client when the Websocket connection of the network nested words is established, determining that the connection of the client relative to the Websocket is illegal.
And step 104, if the connection of the client side relative to the network nested word Websocket is legal, maintaining the connection of the network nested word Websocket.
If the client side is legal relative to the WebSocket connection and the risk of leakage of the security token generated for the client side is low, the server side can maintain the WebSocket connection of the network nested words.
If the client is connected illegally relative to the WebSocket, and the risk of leakage of the security token generated for the client is high, the server can disconnect the WebSocket.
And 105, communicating with the client by using the security token through the network nested word WebSocket connection.
The WebSocket is an application layer Protocol on the seventh layer of the application layer, and uses the HTTP Protocol to perform a handshake, and after the handshake is successful, data communicated between the server and the client is transmitted from a TCP (Transmission Control Protocol) channel.
The data transmission of the network nested word WebSocket is in a frame form, a message is divided into a plurality of frames, and the frames are transmitted according to the sequence. In this way, the transmission of the large data can be carried out in a fragmentation mode, the condition that the length flag bit is not enough due to the data size is not considered, and the message can be transmitted while the data is generated, namely, the transmission efficiency is improved.
The protocol used for the transmission of the WebSocket is as follows:
FIN: a bit of 1 is used to indicate that this is the last message fragment of a message, although the first message fragment could also be the last message fragment.
The RSV1, the RSV2 and the RSV3 are all 1 bit respectively, if no custom protocol is agreed between the two parties, the values of the several bits are all 0, otherwise, the Websocket connection of the network socket is broken.
4-bit operation code, defining effective load data, if an unknown operation code is received, breaking the WebSocket connection of the network nested characters, and defining the operation code as follows:
% x0 denotes a continuous message fragment
% x1 denotes text message fragments
% x2 table non-binary message fragments
% x3-7 reserved opcodes for future non-control message fragments
% x8 denotes connection closure
% x9 ping for heartbeat check
% xA represents pong of heart beat examination
% xB-F is the reserved opcode for future control message fragments.
Mask 1 bit, defining whether the transmitted data has a Mask, if it is set to 1, the Mask key is placed in the masking-key area, the client side sends all the messages to the server side, and the value of this bit is 1.
Payload length, the length of the transmission data, expressed in bytes: 7 bits, 7+16 bits, or 7+64 bits. If the value is in the range of 0-125 in bytes, the value indicates the length of the transmission data; if the value is 126, the following two bytes represent a 16-ary unsigned number, which is used to represent the length of the transmitted data; if this value is 127, then 8 bytes would follow a 64-bit non-coincident number, which is used to indicate the length of the transmitted data. The number of multi-byte lengths is expressed in the order of network bytes. The length of the payload data is the sum of the extension data and the application data, and the length of the extension data may be 0, so that the length of the payload data is the length of the application data at this time.
0 or 4 bytes, the data sent to the server by the client is all used as a mask by an embedded 32-bit value; the mask key exists when the mask bit is set to 1.
And (x + y) bits of Payload data, wherein the load data is the sum of the lengths of the extension data and the application data.
X bits, if there is no special agreement between the client and the server, the length of the Extension data is always 0, any Extension specifies the length of the Extension data, or the calculation mode of the length, and how to determine the correct handshake mode during handshake. If the extension data exists, the extension data is included in the length of the payload data.
Y bits, arbitrary Application data, placed after the extension data, the length of the Application data being the length of the payload data-the length of the extension data.
In this embodiment, as shown in fig. 2, the client may generate a communication request according to a requirement of a service scenario, write a security token in application data of the communication request, and send the communication request to the server in connection with a WebSocket.
The server can receive a communication request sent by the client through the WebSocket connection, wherein the communication request carries a security token.
And the modules such as socket and IO on the server side can be bound with a global callback to verify the security token.
And if the security token is successfully verified, responding to the communication request, calculating the resource required by the client, writing the resource into the communication response, and sending the communication response to the client through the WebSocket connection.
In this embodiment, a security token is generated for identity information of a client, when a WebSocket connection with a client is established, reference data is exchanged with the client, before the client communicates with the client based on the security token, validity of the client with respect to the WebSocket connection is checked according to the reference data, if the client is legal with respect to the WebSocket connection, the WebSocket connection with the client is maintained, and the security token is used to communicate with the client through the WebSocket connection with the WebSocket connection The information and the precaution that the client is offline improve the safety of the server and the user data.
It should be noted that, for simplicity of description, the method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the present invention is not limited by the illustrated order of acts, as some steps may occur in other orders or concurrently in accordance with the embodiments of the present invention. Further, those skilled in the art will appreciate that the embodiments described in the specification are presently preferred and that no particular act is required to implement the invention.
Example two
Fig. 3 is a block diagram of a dual-station communication device according to a second embodiment of the present invention, which may specifically include the following modules:
a security token generation module 301, configured to generate a security token for identity information of a client;
a reference data exchange module 302, configured to exchange reference data with the client when establishing a WebSocket connection with the client;
a validity checking module 303, configured to check, before the security token is used to communicate with the client, validity of the client with respect to the WebSocket connection according to the reference data;
a communication connection maintaining module 304, configured to maintain the WebSocket connection if the client is legal with respect to the WebSocket connection;
and an authentication communication module 305, configured to communicate with the client using the security token through the WebSocket connection.
In one embodiment of the present invention, further comprising:
and the communication connection disconnection module is used for disconnecting the connection of the network nested word WebSocket if the connection of the client side relative to the network nested word WebSocket is illegal.
In one embodiment of the invention, the reference data comprises server-side reference data;
the reference data exchange module 302 includes:
the handshake request receiving submodule is used for receiving a handshake request sent by the client based on a WebSocket protocol;
the character string generation submodule is used for randomly generating a character string as the reference data of the server;
a handshake response generation submodule, configured to generate a handshake response for the handshake request based on the WebSocket protocol;
a reference data packaging submodule, configured to package the server-side reference data into the handshake response;
and the handshake response sending submodule is used for sending the handshake response to the client to establish network nested word (WebSocket) connection with the client if the packaging is finished.
In one embodiment of the invention, the reference data encapsulation submodule includes:
a server field generating unit, configured to generate a custom field in a header of the handshake response as a server field;
and the reference data writing unit is used for writing the server-side reference data into the server-side field.
In one embodiment of the invention, the reference data further comprises client reference data;
the reference data exchange module 302 further comprises:
and the reference data extraction submodule is used for extracting the specified character string from the handshake request to be used as client reference data.
In one embodiment of the invention, the reference data extraction sub-module comprises:
a client field searching unit, configured to search a self-defined field in a header of the handshake request, where the self-defined field is used as a client field;
and the character string reading unit is used for reading the character string in the field of the client as the reference data of the client.
In an embodiment of the present invention, the validity checking module 303 includes:
the first target data receiving submodule is used for receiving first target data sent by the client through the Websocket connection;
a second target data generation submodule for generating second target data based on the reference data;
a legality determining submodule, configured to determine that the client is legally connected with respect to the WebSocket if the first target data is the same as the second target data;
and the illegal determining submodule is used for determining that the client side is illegally connected relative to the Websocket if the first target data is different from the second target data.
In one embodiment of the invention, the reference data comprises server-side reference data and client-side reference data; the second target data generation submodule includes:
the first encryption unit is used for encrypting the server side reference data to obtain second target data;
alternatively, the first and second electrodes may be,
the comprehensive reference data generating unit is used for generating comprehensive reference data based on the server side reference data and the client side reference data;
and the second encryption unit is used for encrypting the comprehensive reference data to obtain second target data.
In one embodiment of the present invention, the security token generation module 301 includes:
the identity information receiving submodule is used for receiving identity information sent by the client based on a hypertext transfer secure protocol (HTTPS);
the identity information verification submodule is used for verifying the identity information;
the safety token generation submodule is used for generating a safety token for the identity information if the verification is successful;
and the security token sending submodule is used for sending the security token to the client based on the hypertext transfer security protocol (HTTPS).
In one embodiment of the present invention, the authentication communication module 305 includes:
the communication request receiving submodule is used for receiving a communication request sent by the client through the WebSocket connection, and the communication request carries the security token;
the safety token verifying submodule is used for verifying the safety token;
and the communication response sending submodule is used for sending the communication response to the client through the WebSocket connection if the verification is successful.
The duplex full-duplex communication device provided by the embodiment of the invention can execute the duplex full-duplex communication method provided by any embodiment of the invention, and has the corresponding functional modules and beneficial effects of the execution method.
EXAMPLE III
Fig. 4 is a schematic structural diagram of a computer device according to a third embodiment of the present invention. FIG. 4 illustrates a block diagram of an exemplary computer device 12 suitable for use in implementing embodiments of the present invention. The computer device 12 shown in FIG. 4 is only one example and should not bring any limitations to the functionality or scope of use of embodiments of the present invention.
As shown in FIG. 4, computer device 12 is in the form of a general purpose computing device. The components of computer device 12 may include, but are not limited to: one or more processors or processing units 16, a system memory 28, and a bus 18 that couples various system components including the system memory 28 and the processing unit 16.
The system memory 28 may include computer system readable media in the form of volatile memory, such as Random Access Memory (RAM)30 and/or cache memory 32. Computer device 12 may further include other removable/non-removable, volatile/nonvolatile computer system storage media. By way of example only, storage system 34 may be used to read from and write to non-removable, nonvolatile magnetic media (not shown in FIG. 4, and commonly referred to as a "hard drive"). Although not shown in FIG. 4, a magnetic disk drive for reading from and writing to a removable, nonvolatile magnetic disk (e.g., a "floppy disk") and an optical disk drive for reading from or writing to a removable, nonvolatile optical disk (e.g., a CD-ROM, DVD-ROM, or other optical media) may be provided. In these cases, each drive may be connected to bus 18 by one or more data media interfaces. Memory 28 may include at least one program product having a set (e.g., at least one) of program modules that are configured to carry out the functions of embodiments of the invention.
A program/utility 40 having a set (at least one) of program modules 42 may be stored, for example, in memory 28, such program modules 42 including, but not limited to, an operating system, one or more application programs, other program modules, and program data, each of which examples or some combination thereof may comprise an implementation of a network environment. Program modules 42 generally carry out the functions and/or methodologies of the described embodiments of the invention.
The processing unit 16 executes various functional applications and data processing, such as implementing the duplex communication method provided by the embodiments of the present invention, by executing programs stored in the system memory 28.
Example four
A fourth embodiment of the present invention further provides a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, the computer program implements each process of the above-mentioned duplex communication method, and can achieve the same technical effect, and in order to avoid repetition, details are not repeated here.
A computer readable storage medium may include, for example, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
It is to be noted that the foregoing is only illustrative of the preferred embodiments of the present invention and the technical principles employed. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, although the present invention has been described in greater detail by the above embodiments, the present invention is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present invention, and the scope of the present invention is determined by the scope of the appended claims.
Claims (13)
1. A method of duplex communication, comprising:
generating a security token for identity information of a client;
exchanging reference data with the client when establishing a Websocket connection with the client;
before the security token is used for communicating with the client, verifying the legality of the client relative to the Websocket connection according to the reference data;
if the connection of the client side relative to the network nested word WebSocket is legal, maintaining the connection of the network nested word WebSocket;
and communicating with the client by using the security token through the network nested word WebSocket connection.
2. The method of claim 1, further comprising:
and if the connection of the client side relative to the network nested word Websocket is illegal, disconnecting the network nested word Websocket connection.
3. The method of claim 1, wherein the reference data comprises server-side reference data;
when establishing the Websocket connection with the client, exchanging reference data with the client, wherein the reference data comprises:
receiving a handshake request sent by the client based on a WebSocket protocol;
randomly generating a character string as reference data of a server;
generating a handshake response for the handshake request based on the WebSocket protocol;
encapsulating the server-side reference data into the handshake response;
and if the packaging is finished, sending the handshake response to the client to establish a Websocket connection with the client.
4. The method of claim 3, wherein encapsulating the server-side reference data into the handshake response comprises:
generating a self-defined field in a header of the handshake response as a server field;
and writing the server reference data into the server field.
5. The method of claim 3, wherein the reference data further comprises client reference data;
when establishing the Websocket connection with the client, exchanging reference data with the client, and further comprising:
and extracting the specified character string from the handshake request as client reference data.
6. The method of claim 5, wherein the extracting the specified string from the handshake request as client reference data comprises:
searching a self-defined field in a header of the handshake request to be used as a client field;
and reading the character string in the field of the client as client reference data.
7. The method according to any one of claims 1 to 6, wherein the verifying the validity of the client with respect to the Websocket connection according to the reference data includes:
receiving first target data sent by the client through the Websocket connection;
generating second target data based on the reference data;
if the first target data is the same as the second target data, determining that the client side is legal in connection relative to the Websocket;
and if the first target data is different from the second target data, determining that the connection of the client side relative to the network nested word Websocket is illegal.
8. The method of claim 7, wherein the reference data comprises server-side reference data, client-side reference data; the generating second target data based on the reference data comprises:
encrypting the server side reference data to obtain second target data;
alternatively, the first and second electrodes may be,
generating comprehensive reference data based on the server-side reference data and the client-side reference data;
and encrypting the comprehensive reference data to obtain second target data.
9. The method of any of claims 1-6, wherein generating the security token for the identity information of the client comprises:
receiving identity information sent by a client based on a hypertext transfer security protocol (HTTPS);
verifying the identity information;
if the verification is successful, generating a security token for the identity information;
sending the security token to the client based on the hypertext transfer security protocol (HTTPS).
10. The method according to any one of claims 1 to 6, wherein the communicating with the client through the WebSocket connection using the security token comprises:
receiving a communication request sent by the client through the Websocket connection, wherein the communication request carries the security token;
verifying the security token;
and if the verification is successful, sending a communication response to the client through the Websocket connection.
11. A duplex communication apparatus, comprising:
the security token generation module is used for generating a security token aiming at the identity information of the client;
the reference data exchange module is used for exchanging reference data with the client when establishing a Websocket connection with the client;
the validity checking module is used for checking the validity of the client relative to the Websocket connection according to the reference data before the security token is used for communicating with the client;
the communication connection maintaining module is used for maintaining the connection of the network nested word WebSocket if the connection of the client side relative to the network nested word WebSocket is legal;
and the authentication communication module is used for communicating with the client by using the security token through the network nested word WebSocket connection.
12. A computer device, characterized in that the computer device comprises:
one or more processors;
a memory for storing one or more programs,
when executed by the one or more processors, cause the one or more processors to implement the bi-fully operative communication method of any of claims 1-10.
13. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the method of duplex communication according to any one of claims 1-10.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011552858.0A CN112689014A (en) | 2020-12-24 | 2020-12-24 | Double-full-duplex communication method and device, computer equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011552858.0A CN112689014A (en) | 2020-12-24 | 2020-12-24 | Double-full-duplex communication method and device, computer equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112689014A true CN112689014A (en) | 2021-04-20 |
Family
ID=75452890
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011552858.0A Pending CN112689014A (en) | 2020-12-24 | 2020-12-24 | Double-full-duplex communication method and device, computer equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112689014A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114598603A (en) * | 2022-03-22 | 2022-06-07 | 北京东土科技股份有限公司 | Scheduling method of TSN (transport service network), centralized network configurator and external scheduler |
| CN115037507A (en) * | 2022-04-22 | 2022-09-09 | 京东科技控股股份有限公司 | Method, device and system for user access management |
| CN117692448A (en) * | 2024-02-02 | 2024-03-12 | 深圳安德空间技术有限公司 | Remote real-time monitoring method and system for detecting underground space by three-dimensional ground penetrating radar |
| CN117692448B (en) * | 2024-02-02 | 2024-04-26 | 深圳安德空间技术有限公司 | Remote real-time monitoring method and system for detecting underground space by three-dimensional ground penetrating radar |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100306547A1 (en) * | 2009-05-28 | 2010-12-02 | Fallows John R | System and methods for providing stateless security management for web applications using non-http communications protocols |
| US20140052993A1 (en) * | 2012-08-17 | 2014-02-20 | Kabushiki Kaisha Toshiba | Information operating device, information output device, and information processing method |
| US20160184710A1 (en) * | 2014-12-31 | 2016-06-30 | Wrafl, Inc. | Secure Computing for Virtual Environment and Interactive Experiences |
| CN109347809A (en) * | 2018-09-25 | 2019-02-15 | 北京计算机技术及应用研究所 | A kind of application virtualization safety communicating method towards under autonomous controllable environment |
| CN110190955A (en) * | 2019-05-27 | 2019-08-30 | 新华三信息安全技术有限公司 | Information processing method and device based on secure socket layer protocol certification |
| CN110971616A (en) * | 2019-12-24 | 2020-04-07 | 广州市百果园信息技术有限公司 | Connection establishing method based on secure transport layer protocol, client and server |
| CN111163164A (en) * | 2019-12-27 | 2020-05-15 | 山东乾云启创信息科技股份有限公司 | Cloud desktop secure transmission method and device based on Roc chip |
-
2020
- 2020-12-24 CN CN202011552858.0A patent/CN112689014A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100306547A1 (en) * | 2009-05-28 | 2010-12-02 | Fallows John R | System and methods for providing stateless security management for web applications using non-http communications protocols |
| CN102884517A (en) * | 2009-05-28 | 2013-01-16 | 卡金公司 | System and methods for providing stateless security management for web applications using non-HTTP communications protocols |
| US20140052993A1 (en) * | 2012-08-17 | 2014-02-20 | Kabushiki Kaisha Toshiba | Information operating device, information output device, and information processing method |
| US20160184710A1 (en) * | 2014-12-31 | 2016-06-30 | Wrafl, Inc. | Secure Computing for Virtual Environment and Interactive Experiences |
| CN109347809A (en) * | 2018-09-25 | 2019-02-15 | 北京计算机技术及应用研究所 | A kind of application virtualization safety communicating method towards under autonomous controllable environment |
| CN110190955A (en) * | 2019-05-27 | 2019-08-30 | 新华三信息安全技术有限公司 | Information processing method and device based on secure socket layer protocol certification |
| CN110971616A (en) * | 2019-12-24 | 2020-04-07 | 广州市百果园信息技术有限公司 | Connection establishing method based on secure transport layer protocol, client and server |
| CN111163164A (en) * | 2019-12-27 | 2020-05-15 | 山东乾云启创信息科技股份有限公司 | Cloud desktop secure transmission method and device based on Roc chip |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114598603A (en) * | 2022-03-22 | 2022-06-07 | 北京东土科技股份有限公司 | Scheduling method of TSN (transport service network), centralized network configurator and external scheduler |
| CN115037507A (en) * | 2022-04-22 | 2022-09-09 | 京东科技控股股份有限公司 | Method, device and system for user access management |
| CN115037507B (en) * | 2022-04-22 | 2024-04-05 | 京东科技控股股份有限公司 | User access management method, device and system |
| CN117692448A (en) * | 2024-02-02 | 2024-03-12 | 深圳安德空间技术有限公司 | Remote real-time monitoring method and system for detecting underground space by three-dimensional ground penetrating radar |
| CN117692448B (en) * | 2024-02-02 | 2024-04-26 | 深圳安德空间技术有限公司 | Remote real-time monitoring method and system for detecting underground space by three-dimensional ground penetrating radar |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| WO2021196915A1 (en) | Encryption and decryption operation-based data transmission methods and systems, and computer device | |
| CN114900338B (en) | Encryption and decryption method, device, equipment and medium | |
| JP2005509938A (en) | Method, apparatus and computer program for implementing mutual challenge response authentication protocol using operating system functions | |
| CN109688098B (en) | Method, device and equipment for secure communication of data and computer readable storage medium | |
| WO2009146655A1 (en) | A method, equipment and system for password inputting | |
| CN113225352B (en) | Data transmission method and device, electronic equipment and storage medium | |
| TW200421812A (en) | System and method for securing digital messages | |
| CN111600948B (en) | Cloud platform application and data security processing method, system, storage medium and program based on identification password | |
| CN115333839B (en) | Data security transmission method, system, equipment and storage medium | |
| CN112689014A (en) | Double-full-duplex communication method and device, computer equipment and storage medium | |
| CN114244508B (en) | Data encryption method, device, equipment and storage medium | |
| CN113630412B (en) | Resource downloading method, resource downloading device, electronic equipment and storage medium | |
| CN111249740A (en) | Resource data access method and system | |
| WO2022042198A1 (en) | Identity authentication method and apparatus, computer device, and storage medium | |
| CN112968910B (en) | Replay attack prevention method and device | |
| CN114070568A (en) | Data processing method and device, electronic equipment and storage medium | |
| CN112073185B (en) | Cloud game safety transmission method and device | |
| CN117336092A (en) | Client login method and device, electronic equipment and storage medium | |
| CN112566121A (en) | Method for preventing attack, server, electronic equipment and storage medium | |
| CN114830572A (en) | Data transmission method, device, equipment, system and storage medium | |
| CN115473655B (en) | Terminal authentication method, device and storage medium for access network | |
| CN116647345A (en) | Method and device for generating permission token, storage medium and computer equipment | |
| CN115766119A (en) | Communication method, communication apparatus, communication system, and storage medium | |
| CN112565156B (en) | Information registration method, device and system | |
| CN114707158A (en) | Network communication authentication method and network communication authentication system based on TEE |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |