CN114142997A - Security authentication method, device and storage medium for inter-node communication - Google Patents

Security authentication method, device and storage medium for inter-node communication Download PDF

Info

Publication number
CN114142997A
CN114142997A CN202111370736.4A CN202111370736A CN114142997A CN 114142997 A CN114142997 A CN 114142997A CN 202111370736 A CN202111370736 A CN 202111370736A CN 114142997 A CN114142997 A CN 114142997A
Authority
CN
China
Prior art keywords
client node
check code
node
mac address
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN202111370736.4A
Other languages
Chinese (zh)
Inventor
张国辉
葛国周
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Suzhou Inspur Intelligent Technology Co Ltd
Original Assignee
Suzhou Inspur Intelligent Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Suzhou Inspur Intelligent Technology Co Ltd filed Critical Suzhou Inspur Intelligent Technology Co Ltd
Priority to CN202111370736.4A priority Critical patent/CN114142997A/en
Publication of CN114142997A publication Critical patent/CN114142997A/en
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The application discloses a security authentication method, a device and a storage medium for communication between nodes, which are applied to a server and a client node and relate to the field of communication security, and the method comprises the following steps: and generating a key according to the IP address and the MAC address of the client node, receiving the check code by the server, and generating the check code by encrypting the transmission time of the MAC address and/or the check code of the client node by using the key by the client node. The server finds out a corresponding secret key decryption check code according to the IP address of the client node which sends the check code; if the decryption fails, the client node is judged to be an abnormal node; if the decryption is successful, whether the sending time of the MAC address and/or the check code obtained by the decryption meets the preset requirement is continuously judged; if not, the client node is judged to be an abnormal node. The method provided by the application can verify whether the client node sending the information is safe or not, and can prevent lawless persons from pretending to be normal client nodes to attack the server.

Description

Security authentication method, device and storage medium for inter-node communication
Technical Field
The present application relates to the field of communication security, and in particular, to a method, an apparatus, and a storage medium for security authentication of inter-node communication.
Background
The security problem is more and more emphasized in the field of software development at present, and particularly, the security problem is more important when communication is carried out under different trust domains. Currently, the communication between different trust domain nodes is generally handshake through https certificates, and data transmission is performed after the handshake is successful. However, more and more attack means now cause the mechanism to be unreliable, because the mechanism does not perform security authentication on both communication parties, when a client node sends data to a server, a lawless person can pretend to be a normal client node to attack the server, so that the server is damaged, and irretrievable loss is brought.
Therefore, how to improve the security of communication between nodes in different trust domains is a problem to be urgently solved by the technical personnel in the field.
Disclosure of Invention
The application aims to provide a security authentication method, a security authentication device and a storage medium for communication between nodes so as to improve the security of communication between nodes in different trust domains.
In order to solve the above technical problem, the present application provides a security authentication method for inter-node communication, which is applied to a server, and includes:
receiving a check code sent by a client node, wherein the check code is generated by encrypting a self MAC address and/or sending time of the check code by the client node by using a secret key, and the secret key is generated according to an IP address and an MAC address of the client node;
decrypting the check code with the key corresponding to the IP address of the client node;
if the decryption of the check code fails, the client node is judged to be an abnormal node;
if the verification code is decrypted successfully, judging whether the MAC address and/or the sending time of the client node obtained by successful decryption meet preset requirements or not; if not, the client node is judged to be an abnormal node.
Preferably, the preset requirement is that the MAC address of the client node obtained by the check code is consistent with the MAC address stored by the server and/or the time from the sending time to the time when the server receives the check code is less than a preset value.
Preferably, the secret key expires after a preset time, and the secret key is generated as follows:
and regenerating different keys at preset time intervals.
Preferably, the method further comprises the following steps:
if the client node is judged to be an abnormal node, recording the IP address of the client node;
if the recording times of the IP address of the single client node exceed a threshold value, judging the corresponding client node as an illegal node;
and rejecting the access request of the corresponding client node, and informing other servers of rejecting the access request of the corresponding client node.
Preferably, the check code is generated by encrypting the MAC address of the client node and the sending time of the check code by using a key;
the specific step of judging whether the MAC address and/or the transmission time of the client node obtained by successful decryption meet preset requirements is:
judging whether the MAC address of the client node obtained through the check code is consistent with the MAC address stored by the server or not;
if not, judging that the MAC address of the client node does not meet the preset requirement;
if so, judging whether the time from the sending time to the time when the server receives the check code is less than a preset value, and if not, judging that the sending time does not meet preset requirements.
In order to solve the above technical problem, the present application further provides a security authentication method for inter-node communication, which is applied to a client node, and includes:
encrypting the sending time of the MAC address and/or the check code of the client node by using a secret key to generate the check code, wherein the secret key is generated according to the IP address and the MAC address of the client node;
sending the check code to a server so that the server receives the check code and decrypts the check code by the key corresponding to the IP address of the client node; if the decryption of the check code fails, the client node is judged to be an abnormal node; if the verification code is decrypted successfully, judging whether the MAC address and/or the sending time of the client node obtained by successful decryption meet preset requirements or not; if not, the client node is judged to be an abnormal node.
In order to solve the above technical problem, the present application further provides a security authentication apparatus for inter-node communication, which is applied to a server, and includes:
the system comprises a receiving module, a sending module and a processing module, wherein the receiving module is used for receiving a check code sent by a client node, the check code is generated by encrypting the MAC address of the client node and/or the sending time of the check code by using a secret key by the client node, and the secret key is generated according to the IP address and the MAC address of the client node;
the decryption module is used for decrypting the check code through the secret key corresponding to the IP address of the client node, if decryption fails, the client node is judged to be an abnormal node, and if decryption succeeds, the judgment module is triggered;
the judging module is used for judging whether the MAC address and/or the sending time of the client node obtained by successful decryption meet the preset requirements or not; if not, the client node is judged to be an abnormal node.
In order to solve the above technical problem, the present application further provides a security authentication device for inter-node communication, which is applied to a client node, and includes:
the generation module is used for encrypting the sending time of the MAC address and/or the check code of the generation module by using a secret key to generate the check code, wherein the secret key is generated according to the IP address and the MAC address of the client node;
a sending module, configured to send the check code to a server so that the server receives the check code and decrypts the check code by using the key corresponding to the IP address of the client node; if the decryption of the check code fails, the client node is judged to be an abnormal node; if the verification code is decrypted successfully, judging whether the MAC address and/or the sending time of the client node obtained by successful decryption meet preset requirements or not; if not, the client node is judged to be an abnormal node.
In order to solve the above technical problem, the present application further provides a security authentication apparatus for inter-node communication, including: a memory for storing a computer program;
and the processor is used for realizing the steps of the security authentication method for the communication between the nodes when executing the computer program.
In order to solve the above technical problem, the present application further provides a computer-readable storage medium, where a computer program is stored, and the computer program, when executed by a processor, implements the steps of the security authentication method for inter-node communication.
The application provides a security authentication method for communication between nodes, which is applied to a server and generates corresponding keys according to an IP address and an MAC address of a client node, namely the IP address, the MAC address and the keys of the client node correspond one to one. The server receives a check code sent by the client node, wherein the check code is generated by encrypting the MAC address of the client node and/or the sending time of the check code by using a secret key. The server finds out a corresponding secret key decryption check code according to the IP address of the client node which sends the check code; if the decryption fails, the client node is judged to be an abnormal node; if the decryption is successful, whether the sending time of the MAC address and/or the check code obtained by the decryption meets the preset requirement is continuously judged; if not, the client node is judged to be an abnormal node. The method provided by the application can verify whether the client node sending the information is safe or not, and can prevent lawless persons from pretending to be normal client nodes to attack the server.
The application also provides a security authentication method for communication between nodes, which is applied to the client node and corresponds to the method, so that the method has the same beneficial effects as the method.
The application also provides a security authentication device and a computer readable storage medium for communication between nodes, which correspond to the method, so that the method has the same beneficial effects as the method.
Drawings
In order to more clearly illustrate the embodiments of the present application, the drawings needed for the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings can be obtained by those skilled in the art without inventive effort.
Fig. 1 is a flowchart of a security authentication method applied to inter-node communication of a server according to an embodiment of the present disclosure;
fig. 2 is a flowchart illustrating a communication between a client node and a server according to an embodiment of the present disclosure;
fig. 3 is a flowchart of a security authentication method applied to inter-node communication of a client node according to an embodiment of the present application;
fig. 4 is a structural diagram of a security authentication apparatus applied to inter-node communication of a server according to an embodiment of the present application;
fig. 5 is a structural diagram of a security authentication apparatus applied to inter-node communication of a client node according to an embodiment of the present application;
fig. 6 is a block diagram of a security authentication apparatus for inter-node communication according to another embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all the embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments in the present application without any creative effort belong to the protection scope of the present application.
The core of the application is to provide a security authentication method, a device and a storage medium for communication between nodes.
In order that those skilled in the art will better understand the disclosure, the following detailed description will be given with reference to the accompanying drawings.
When communication is performed between different trust domain nodes, it is particularly important to ensure the security of the communication, for example, communication between different trust domain nodes may be required in a storage system. The client node sends information to the server, and lawless persons often pretend to be normal client nodes to attack the server, so an authentication mechanism is needed to be provided to help the server to distinguish whether the client node is legal or not. Fig. 1 is a flowchart of a security authentication method applied to inter-node communication of a server according to an embodiment of the present application, where the method includes:
s10: receiving a check code sent by a client node, wherein the check code is generated by encrypting the MAC address of the client node and/or the sending time of the check code by using a secret key of the client node, and the secret key is generated according to the IP address and the MAC address of the client node;
s11: decrypting the check code with a key corresponding to the IP address of the client node; if the decryption of the check code fails, the client node is judged to be an abnormal node; if the verification code is decrypted successfully, the process proceeds to step S12.
S12: judging whether the MAC address and/or the sending time of the client node obtained by successful decryption meet the preset requirements or not; if not, the client node is judged to be an abnormal node.
In practical application, the client node can use two modules to complete related functions, namely a client node registration module and a security node check module, the client node registers own information to a server through the client node registration module, wherein the registered information comprises a MAC address, an IP address and the like of the client node, a corresponding key is generated after registration, the generated key and the client node are in one-to-one correspondence, namely different MAC addresses and IP addresses correspond to different keys, if a plurality of client nodes exist, the information of the plurality of client nodes has registration records on the server, and the server can search the corresponding key according to the IP addresses of the client nodes. The server sends the secret key to the corresponding client node, the client node encrypts the MAC address and/or the timestamp information of the client node by using the secret key corresponding to the client node to generate a check code, wherein the encryption algorithm used in encryption can be an AES (advanced encryption standard) encryption algorithm, and the timestamp information is the time for the client node to send the check code. In general, when accessing a server, a client node carries the check code in a request message header, and after receiving a request message, the server detects whether the client node requesting access is legal or not through a security node check module, where the detection process specifically includes: after receiving the request message, the server obtains the IP address of the client node that sends the request message, obtains a corresponding secret key according to the IP address, decrypts the check code in the header of the request message by using the secret key, and if decryption fails, it indicates that the check code sent by the client node is modified or that the corresponding client node is abnormal, the server intercepts the request message, and records the IP address corresponding to the client node. If the decryption is successful, whether the MAC address and/or the sending time of the client node obtained by the successful decryption meet the preset requirements needs to be further judged, if so, the request message is represented as a legal request, and the server can continue to process the request; if the preset requirement is not met, the check code sent by the client node is modified or the corresponding client node is abnormal, the server intercepts the request message and records the IP address corresponding to the client node. It should be noted that the check code sent by the client node may only include one of the MAC address and the sending time of the check code, or both of them, and the server decrypts the check code to obtain the corresponding information and determines whether the information meets the preset requirement, and the specific determination manner is not limited.
The application provides a security authentication method for communication between nodes, which is applied to a server and generates corresponding keys according to an IP address and an MAC address of a client node, namely the IP address, the MAC address and the keys of the client node correspond one to one. The server receives a check code sent by the client node, wherein the check code is generated by encrypting the MAC address of the client node and/or the sending time of the check code by using a secret key. The server finds out a corresponding secret key decryption check code according to the IP address of the client node which sends the check code; if the decryption fails, the client node is judged to be an abnormal node; if the decryption is successful, whether the sending time of the MAC address and/or the check code obtained by the decryption meets the preset requirement is continuously judged; if not, the client node is judged to be an abnormal node. The method provided by the application can verify whether the client node sending the information is safe or not, and can prevent lawless persons from pretending to be normal client nodes to attack the server.
In the above embodiment, it is necessary to determine whether the MAC address and/or the sending time of the client node obtained by successful decryption meet the preset requirement, and a suitable determination manner can improve the determination efficiency. Therefore, the preset requirement provided in this embodiment is specifically that the MAC address of the client node obtained by the check code is consistent with the MAC address stored by the server and/or the time from the sending time to the time when the server itself receives the check code is less than the preset value.
If the MAC address of the client node obtained through the check code is consistent with the MAC address stored by the server, the client node which is used for representing that the sent check code is not modified and sending the check code is registered on the server before, and the client node is a legal client node. After the sending time of the check code is obtained, the server calculates the time from the sending time to the time when the server receives the check code, if the difference value of the time is smaller than a preset value, the sent check code is directly transmitted from the client node to the server, no extra time is left in the middle to be modified by other lawbreakers, and it needs to be noted that the size of the preset value is based on the actual situation and can be set to be one minute.
The scheme provided by the embodiment can effectively judge whether the MAC address of the client node and/or the sending time of the check code meet the preset requirement, so as to judge whether the client node sending the check code is normal.
In practical applications, if the key of the client node is used for too long, the lawless person may crack the key, thereby pretending to be a normal client node to send data to the server. Therefore, the set key is invalid after the preset time, and different keys are regenerated every other preset time. The preset time is not limited, and the lawbreaker does not have enough time to break the key in practical application. The scheme provided by the embodiment can prevent lawless persons from breaking the key of the client to attack the server.
In the above embodiment, if a check code sent by the client node has a problem, the server may record the IP address of the client node, and the server may determine that the check code sent by the client node is an abnormal node because of problems such as transmission delay and the like, but the client node can still send data normally. If the IP address of a client node is recorded multiple times, the probability that the client node is an illegal node is high. Therefore, the method further comprises the following steps: if the client node is judged to be an abnormal node, recording the IP address of the client node; if the recording times of the IP address of a single client node exceed a threshold value, judging the corresponding client node as an illegal node; and denying the access request of the corresponding client node, and informing other servers of denying the access request of the corresponding client node to avoid being attacked. The size of the threshold is not required here, and the threshold may be set to 5 times.
When the check code is generated by encrypting the MAC address of the client node and the sending time of the check code by using the secret key, whether the sending time of the MAC address and the check code meets the preset requirement needs to be judged, if the judging sequence is proper, some redundant steps can be avoided, and the judging efficiency is improved. Therefore, the specific step of judging whether the MAC address and/or the transmission time of the client node obtained by successful decryption meet the preset requirements is as follows: judging whether the MAC address of the client node obtained through the check code is consistent with the MAC address stored by the server or not; if not, judging that the MAC address of the client node does not meet the preset requirement; if so, judging whether the time from the sending time to the time when the server receives the check code is less than a preset value, and if not, judging that the sending time does not meet the preset requirement.
The scheme provided by the embodiment firstly judges whether the MAC address of the client node meets the requirement, if not, the client node is directly judged to be an abnormal node, and the sending time of the check code is not judged any more; if the MAC address of the client node obtained by the check code is consistent with the MAC address stored by the server, the representation that the client node sending the check code has been registered in the server before, but the request message may be modified by a lawless person in other places, and it is necessary to determine whether the time from the sending time to the time when the server receives the check code is less than a preset value, and if so, the representation that the request message is directly transmitted from the client node to the server and is not modified.
The scheme provided by the embodiment can effectively judge whether the client node is an abnormal node or not, and improves the efficiency of detecting the abnormal node.
Fig. 2 is a flowchart of communication between a client node and a server according to an embodiment of the present application, where the flowchart is merely an implementation manner of the present application, and does not limit other manners. As shown, the figure includes a client node 10 and a server 11. The client node 10 registers its own information on the server 11 and generates a key, and then encrypts information such as an MAC address and a timestamp using the key to obtain a check code, the client node 10 sends a request message carrying the check code to the server 11, the server 11 checks the check code in the request message, and if there is no problem in the check, it is determined that the client node 10 is normal.
Fig. 3 is a flowchart of a security authentication method applied to inter-node communication of a client node according to an embodiment of the present application; the method comprises the following steps:
s13: encrypting the sending time of the MAC address and/or the check code of the client node by using a secret key to generate the check code, wherein the secret key is generated according to the IP address and the MAC address of the client node;
s14: sending the check code to the server so that the server receives the check code and decrypts the check code by a key corresponding to the IP address of the client node; if the decryption of the check code fails, the client node is judged to be an abnormal node; if the verification code is decrypted successfully, judging whether the MAC address and/or the sending time of the client node obtained by successful decryption meet the preset requirement; if not, the client node is judged to be an abnormal node.
The security authentication method for inter-node communication provided by this embodiment is applied to a client node, where the client node encrypts its own MAC address and/or transmission time of a check code to generate the check code, and transmits the check code to a server so that the server completes a check operation. Since the embodiment of the method applied to the client node corresponds to the embodiment of the method applied to the server, for a specific embodiment, please refer to the description of the embodiment of the method applied to the server, which is not repeated here.
The security authentication method applied to the inter-node communication of the client node according to the embodiment corresponds to the method applied to the server, and therefore has the same beneficial effects as the method applied to the server.
In the above embodiments, the security authentication method for inter-node communication is described in detail, and the present application also provides embodiments corresponding to the security authentication device for inter-node communication. It should be noted that the present application describes embodiments of the apparatus portion from two perspectives, one is from the perspective of function modules, which are respectively applied to the server and the client node, and the other is from the perspective of hardware.
Based on the angle of the functional module, this embodiment provides a security authentication device applied to the inter-node communication of the server, fig. 4 is a structural diagram of the security authentication device applied to the inter-node communication of the server provided in this embodiment, as shown in fig. 4, the device includes:
the receiving module 20 is configured to receive a check code sent by a client node, where the check code is generated by the client node encrypting its MAC address and/or sending time of the check code by using a key, and the key is generated according to an IP address and an MAC address of the client node;
the decryption module 21 is configured to decrypt the check code with the key corresponding to the IP address of the client node, determine that the client node is an abnormal node if decryption fails, and trigger the determination module if decryption succeeds;
the judging module 22 is configured to judge whether the MAC address and/or the sending time of the client node obtained by successful decryption meet a preset requirement; if not, the client node is judged to be an abnormal node.
Since the embodiments of the apparatus portion and the method portion correspond to each other, please refer to the description of the embodiments of the method portion for the embodiments of the apparatus portion, which is not repeated here.
The security authentication device for inter-node communication provided by the embodiment corresponds to the method, and therefore has the same beneficial effects as the method.
Based on the angle of the functional module, this embodiment further provides a security authentication apparatus applied to the inter-node communication of the client node, and fig. 5 is a structural diagram of the security authentication apparatus applied to the inter-node communication of the client node according to this embodiment, as shown in fig. 5, the apparatus includes:
a generating module 23, configured to encrypt the MAC address and/or the sending time of the check code by using a key to generate the check code, where the key is generated according to the IP address and the MAC address of the client node;
a sending module 24, configured to send the check code to the server so that the server receives the check code and decrypts the check code by using the key corresponding to the IP address of the client node; if the decryption of the check code fails, the client node is judged to be an abnormal node; if the verification code is decrypted successfully, judging whether the MAC address and/or the sending time of the client node obtained by successful decryption meet the preset requirement; if not, the client node is judged to be an abnormal node.
Since the embodiments of the apparatus portion and the method portion correspond to each other, please refer to the description of the embodiments of the method portion for the embodiments of the apparatus portion, which is not repeated here.
The security authentication device for inter-node communication provided by the embodiment corresponds to the method, and therefore has the same beneficial effects as the method.
Based on the hardware perspective, the present embodiment provides another security authentication device for inter-node communication, fig. 6 is a structural diagram of a security authentication device for inter-node communication provided in another embodiment of the present application, and as shown in fig. 6, the security authentication device for inter-node communication includes: a memory 30 for storing a computer program;
a processor 31 for implementing the steps of the secure authentication method for inter-node communication as mentioned in the above embodiments when executing the computer program.
The security authentication device for inter-node communication provided in this embodiment may include, but is not limited to, a smart phone, a tablet computer, a notebook computer, or a desktop computer.
The processor 31 may include one or more processing cores, such as a 4-core processor, an 8-core processor, and the like. The processor 31 may be implemented in at least one hardware form of a DSP (Digital Signal Processing), an FPGA (Field-Programmable Gate Array), and a PLA (Programmable Logic Array). The processor 31 may also include a main processor and a coprocessor, where the main processor is a processor for Processing data in an awake state, and is also called a Central Processing Unit (CPU); a coprocessor is a low power processor for processing data in a standby state. In some embodiments, the processor 31 may be integrated with a GPU (Graphics Processing Unit), which is responsible for rendering and drawing the content required to be displayed on the display screen. In some embodiments, the processor 31 may further include an AI (Artificial Intelligence) processor for processing a calculation operation related to machine learning.
Memory 30 may include one or more computer-readable storage media, which may be non-transitory. Memory 30 may also include high speed random access memory, as well as non-volatile memory, such as one or more magnetic disk storage devices, flash memory storage devices. In this embodiment, the memory 30 is at least used for storing the following computer program 301, wherein after being loaded and executed by the processor 31, the computer program can implement the relevant steps of the security authentication method for inter-node communication disclosed in any of the foregoing embodiments. In addition, the resources stored by the memory 30 may also include an operating system 302, data 303, and the like, and the storage may be transient storage or permanent storage. Operating system 302 may include Windows, Unix, Linux, etc. Data 303 may include, but is not limited to, data involved in secure authentication methods for inter-node communications, and the like.
In some embodiments, the security authentication device for inter-node communication may further include a display 32, an input/output interface 33, a communication interface 34, a power source 35, and a communication bus 36.
Those skilled in the art will appreciate that the architecture shown in fig. 6 does not constitute a limitation of the security authentication means of inter-node communication and may include more or fewer components than those shown.
The security authentication device for inter-node communication provided by the embodiment of the application comprises a memory and a processor, wherein when the processor executes a program stored in the memory, the following method can be realized: a security authentication method for communication between nodes.
The security authentication device for inter-node communication provided by the embodiment corresponds to the method, and therefore has the same beneficial effects as the method.
Finally, the application also provides a corresponding embodiment of the computer readable storage medium. The computer-readable storage medium has a computer program stored thereon, and the computer program, when executed by the processor, implements the steps described in the above method embodiments (which may be a method corresponding to the server or a method corresponding to the client node).
It is to be understood that if the method in the above embodiments is implemented in the form of software functional units and sold or used as a stand-alone product, it can be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be substantially or partially implemented in the form of a software product, which is stored in a storage medium and performs all or part of the steps of the methods described in the embodiments of the present application, or all or part of the technical solution. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
The computer-readable storage medium provided by the embodiment corresponds to the method, and therefore has the same beneficial effects as the method.
The security authentication method, device and storage medium for inter-node communication provided by the present application are described in detail above. The embodiments are described in a progressive manner in the specification, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description. It should be noted that, for those skilled in the art, it is possible to make several improvements and modifications to the present application without departing from the principle of the present application, and such improvements and modifications also fall within the scope of the claims of the present application.
It is further noted that, in the present specification, relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the same element.

Claims (10)

1. A security authentication method for communication between nodes is applied to a server and comprises the following steps:
receiving a check code sent by a client node, wherein the check code is generated by encrypting a self MAC address and/or sending time of the check code by the client node by using a secret key, and the secret key is generated according to an IP address and an MAC address of the client node;
decrypting the check code with the key corresponding to the IP address of the client node;
if the decryption of the check code fails, the client node is judged to be an abnormal node;
if the verification code is decrypted successfully, judging whether the MAC address and/or the sending time of the client node obtained by successful decryption meet preset requirements or not; if not, the client node is judged to be an abnormal node.
2. The method according to claim 1, wherein the preset requirement is that a MAC address of the client node obtained by the check code is consistent with a MAC address stored by the server and/or a time from the sending time to the time when the server itself receives the check code is less than a preset value.
3. The method for security authentication of inter-node communication according to claim 1, wherein the key is invalidated after a preset time, and the key is generated as follows:
and regenerating different keys at preset time intervals.
4. The method for secure authentication of inter-node communication according to any one of claims 1 to 3, further comprising:
if the client node is judged to be an abnormal node, recording the IP address of the client node;
if the recording times of the IP address of the single client node exceed a threshold value, judging the corresponding client node as an illegal node;
and rejecting the access request of the corresponding client node, and informing other servers of rejecting the access request of the corresponding client node.
5. The method according to claim 1, wherein the check code is generated by encrypting the MAC address of the client node and the transmission time of the check code by using a key;
the specific step of judging whether the MAC address and/or the transmission time of the client node obtained by successful decryption meet preset requirements is:
judging whether the MAC address of the client node obtained through the check code is consistent with the MAC address stored by the server or not;
if not, judging that the MAC address of the client node does not meet the preset requirement;
if so, judging whether the time from the sending time to the time when the server receives the check code is less than a preset value, and if not, judging that the sending time does not meet preset requirements.
6. A security authentication method for communication between nodes, which is applied to a client node, comprises the following steps:
encrypting the sending time of the MAC address and/or the check code of the client node by using a secret key to generate the check code, wherein the secret key is generated according to the IP address and the MAC address of the client node;
sending the check code to a server so that the server receives the check code and decrypts the check code by the key corresponding to the IP address of the client node; if the decryption of the check code fails, the client node is judged to be an abnormal node; if the verification code is decrypted successfully, judging whether the MAC address and/or the sending time of the client node obtained by successful decryption meet preset requirements or not; if not, the client node is judged to be an abnormal node.
7. A security authentication device for communication between nodes, applied to a server, includes:
the system comprises a receiving module, a sending module and a processing module, wherein the receiving module is used for receiving a check code sent by a client node, the check code is generated by encrypting the MAC address of the client node and/or the sending time of the check code by using a secret key by the client node, and the secret key is generated according to the IP address and the MAC address of the client node;
the decryption module is used for decrypting the check code through the secret key corresponding to the IP address of the client node, if decryption fails, the client node is judged to be an abnormal node, and if decryption succeeds, the judgment module is triggered;
the judging module is used for judging whether the MAC address and/or the sending time of the client node obtained by successful decryption meet the preset requirements or not; if not, the client node is judged to be an abnormal node.
8. A security authentication device for communication between nodes, applied to a client node, comprises:
the generation module is used for encrypting the sending time of the MAC address and/or the check code of the generation module by using a secret key to generate the check code, wherein the secret key is generated according to the IP address and the MAC address of the client node;
a sending module, configured to send the check code to a server so that the server receives the check code and decrypts the check code by using the key corresponding to the IP address of the client node; if the decryption of the check code fails, the client node is judged to be an abnormal node; if the verification code is decrypted successfully, judging whether the MAC address and/or the sending time of the client node obtained by successful decryption meet preset requirements or not; if not, the client node is judged to be an abnormal node.
9. An apparatus for secure authentication of inter-node communication, comprising a memory for storing a computer program;
processor for implementing the steps of the method for secure authentication of an inter-node communication according to any of claims 1 to 6 when executing said computer program.
10. A computer-readable storage medium, characterized in that a computer program is stored thereon, which computer program, when being executed by a processor, carries out the steps of the method for secure authentication of communication between nodes according to any one of claims 1 to 6.
CN202111370736.4A 2021-11-18 2021-11-18 Security authentication method, device and storage medium for inter-node communication Withdrawn CN114142997A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111370736.4A CN114142997A (en) 2021-11-18 2021-11-18 Security authentication method, device and storage medium for inter-node communication

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111370736.4A CN114142997A (en) 2021-11-18 2021-11-18 Security authentication method, device and storage medium for inter-node communication

Publications (1)

Publication Number Publication Date
CN114142997A true CN114142997A (en) 2022-03-04

Family

ID=80390306

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111370736.4A Withdrawn CN114142997A (en) 2021-11-18 2021-11-18 Security authentication method, device and storage medium for inter-node communication

Country Status (1)

Country Link
CN (1) CN114142997A (en)

Similar Documents

Publication Publication Date Title
CN110324143B (en) Data transmission method, electronic device and storage medium
WO2022126980A1 (en) Data transmission method and apparatus, terminal, and storage medium
CN110492990B (en) Private key management method, device and system under block chain scene
US20200410796A1 (en) Secure smart unlocking
US9798677B2 (en) Hybrid cryptographic key derivation
US20170244562A1 (en) Security information configuration method, security verification method, and related chip
WO2022022009A1 (en) Message processing method and apparatus, device, and storage medium
CN111245597A (en) Key management method, system and equipment
CN113971289A (en) Trusted starting method and device of block chain all-in-one machine
TWI725148B (en) Methods, systems, and media for using dynamic public key infrastructure to send and receive encrypted messages
JP2019514314A (en) Method, system and medium for using dynamic public key infrastructure to send and receive encrypted messages
US11997210B2 (en) Protection of online applications and webpages using a blockchain
US10122755B2 (en) Method and apparatus for detecting that an attacker has sent one or more messages to a receiver node
CN112487380A (en) Data interaction method, device, equipment and medium
CN106992978B (en) Network security management method and server
CN114172664B (en) Data encryption and data decryption methods and devices, electronic equipment and storage medium
CN114942729A (en) Data safety storage and reading method for computer system
CN113726743A (en) Method, device, equipment and medium for detecting network replay attack
EP4333360A1 (en) Securing network communications using dynamically and locally generated secret keys
CN115473655B (en) Terminal authentication method, device and storage medium for access network
CN109120621B (en) Data processor
CN108154037B (en) Inter-process data transmission method and device
CN116366364A (en) Terminal data processing method and system for cloud computer
WO2018028359A1 (en) Service processing method and device, and storage medium and electronic device
CN114142997A (en) Security authentication method, device and storage medium for inter-node communication

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication
WW01 Invention patent application withdrawn after publication

Application publication date: 20220304