CN115580399A - Network communication connection method, device, network communication system and storage medium - Google Patents

Network communication connection method, device, network communication system and storage medium Download PDF

Info

Publication number
CN115580399A
CN115580399A CN202211181414.XA CN202211181414A CN115580399A CN 115580399 A CN115580399 A CN 115580399A CN 202211181414 A CN202211181414 A CN 202211181414A CN 115580399 A CN115580399 A CN 115580399A
Authority
CN
China
Prior art keywords
client
key
information
authentication
equipment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211181414.XA
Other languages
Chinese (zh)
Inventor
陈龙辉
梁选勤
余毅鹏
张懋林
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
SHENZHEN TIANSHITONG TECHNOLOGY CO LTD
Original Assignee
SHENZHEN TIANSHITONG TECHNOLOGY CO LTD
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by SHENZHEN TIANSHITONG TECHNOLOGY CO LTD filed Critical SHENZHEN TIANSHITONG TECHNOLOGY CO LTD
Priority to CN202211181414.XA priority Critical patent/CN115580399A/en
Publication of CN115580399A publication Critical patent/CN115580399A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention discloses a network communication connection method, a device, a network communication system and a storage medium, wherein the network communication connection method is applied to the network communication system, and the network communication system comprises the following steps: the network communication connection method comprises the following steps: the client and the equipment end respectively generate a secret key according to a preset secret key generation rule to obtain a corresponding local secret key, the client and the equipment end respectively generate a symmetric secret key according to the corresponding local secret key to obtain a corresponding secret key, the client performs login authentication on user login information, if the login authentication is successful, the client encrypts the user login information according to the secret key of the client, the equipment end performs session authentication on encrypted information according to the secret key of the equipment end, and if the session authentication is successful, the client establishes a session channel for the equipment end to enable the client and the equipment end to perform data interaction. The invention can respectively carry out authentication through the client and the equipment end so as to reduce the risk of hijacking data or forging the request.

Description

Network communication connection method, device, network communication system and storage medium
Technical Field
The present invention relates to the field of network communication technologies, and in particular, to a network communication connection method, an apparatus, a network communication system, and a storage medium.
Background
After the login authentication is passed, returning token information (including user information and expiration time) of a current user and a login success response to the client web browser, wherein the client web browser needs to carry a token to perform a data request each time after receiving the token, the equipment end verifies the validity of the token, returns error information if the token is invalid, and successfully returns request information if the token is valid. Although an expiration time is set for the token, data theft may still occur through hijacking or spoofing of the request.
Disclosure of Invention
The present invention is directed to solving at least one of the problems of the prior art. Therefore, the invention provides a network communication connection method which can perform authentication respectively through a client and a device so as to reduce the risk that data is hijacked or a request is forged.
The invention also provides a network communication connecting device.
The invention also provides a network communication system.
The invention also provides a computer readable storage medium.
In a first aspect, an embodiment of the present invention provides, applied to a network communication system, the network communication system including: client and equipment end includes:
if the client receives a user login request, the client generates a key according to a preset key generation rule to obtain a client local key; the equipment terminal generates a key according to the key generation rule to obtain an equipment terminal local key;
the equipment side carries out symmetric key generation on the client side local key according to the equipment side local key to obtain an equipment side key; the client side carries out symmetric key generation on the local key of the equipment side according to the local key of the client side to obtain a client side key;
the client receives user login information and performs login authentication on the user login information to obtain login authentication information;
if the login authentication information represents successful login authentication, the client encrypts the user login information according to the client key to obtain login encryption information;
the equipment end receives the login encrypted information and performs session authentication on the login encrypted information according to the equipment end key to obtain authentication detection information;
and if the authentication detection information represents that the session authentication is successful, the client establishes a session channel for the equipment end so as to enable the client and the equipment end to perform data interaction.
The network communication connection method of the embodiment of the invention at least has the following beneficial effects: after a client receives a user login request sent by an equipment end, the client generates a corresponding local key according to a preset key generation rule to obtain a client local key, the equipment end receives the client local key sent by the client, generates a corresponding local key according to the key generation rule to obtain an equipment end local key, generates a symmetric key for the client local key according to the equipment end local key to obtain an equipment end key, receives the equipment end local key sent by the equipment end, generates a symmetric key for the equipment end local key according to the client local key to obtain a client key, receives user login information sent by the equipment end, queries the corresponding user login information in a corresponding storage space by the client to perform login authentication on the user login information to obtain login authentication information, if the login authentication information is successful, the client encrypts the user login information according to the client key to obtain login encryption information, the equipment end receives the login encryption information sent by the client, performs session authentication on the login information according to the equipment end to obtain authentication detection information, and if the client successfully performs session authentication on the client, and establishes a session with the equipment to pass a session detection channel. Local keys are exchanged through a client and an equipment end so that the client and the equipment end respectively generate corresponding keys, the client performs login authentication on user login information, if the login authentication is successful, the client encrypts the user login information according to the client key and sends the user login information to the equipment end, the equipment end performs session authentication on the encrypted information, and if the session authentication is successful, the client establishes a session channel so that the client and the equipment end perform data interaction and can perform authentication through the client and the equipment end respectively so as to reduce the risk of hijacking data or forging requests.
According to another embodiment of the present invention, a network communication connection method, where the client local secret key includes a client public key and a client private key, the device local secret key includes a device public key and a device private key, and the client performs symmetric secret key generation on the device local secret key according to the client local secret key to obtain a client secret key, includes:
the client sends the client public key to the equipment end and receives an equipment end public key fed back by the equipment end;
and the client performs key synthesis according to the equipment public key and the client private key to obtain the client key.
According to another embodiment of the present invention, a method for network communication connection, in which a device side performs symmetric key generation on a client side local key according to a device side local key to obtain a device side key, includes:
the equipment end receives the client public key sent by the client;
and the equipment side performs key synthesis according to the client public key and the equipment side private key to obtain the equipment side key.
According to further embodiments of the present invention, a network communication connection method, the method further comprising:
the equipment terminal generates an identification number of a session according to a preset identification number generation algorithm to obtain a target identification number;
the equipment side sends the target identification number to the client side and receives the user login information fed back by the client side;
the equipment side acquires other information of the current user according to the user login information to obtain other information of the user;
and the equipment terminal manages the other information of the user and the target identification number.
According to another embodiment of the present invention, the method for connecting network communication, wherein the authentication detection information includes authentication success information and authentication failure information, the device side receives the login encryption information, and performs session authentication on the login encryption information according to the device side key to obtain the authentication detection information, includes:
the equipment end receives the login encrypted information and decrypts the login encrypted information according to the equipment end key to obtain the user login information and the target identification number;
the equipment terminal inquires the identification number in a preset memory space according to the target identification number to obtain inquiry information;
if the query information represents that the target identification number is stored in the memory space, the equipment terminal checks the user login information to obtain check information;
if the check information represents that the user login information is correct, the authentication success information is obtained;
and if the query information represents that the target identification number is not stored in the memory space or the check information represents that the user login information is wrong, obtaining the authentication failure information.
According to further embodiments of the present invention, a network communication connection method, the method further comprising:
the client sends a preset login request and the target identification number to the equipment end;
and the equipment end removes the target identification number in the memory space so as to enable the equipment end to successfully log out.
According to further embodiments of the present invention, a network communication connection method, the method further comprising:
the client side obtains the data interaction condition in real time to obtain interaction information;
if the interaction information represents that the data interaction between the client and the equipment end is abnormal, the client detects the network connection condition to obtain network connection information;
if the network connection information represents that the network connection is normal, the client detects the service condition of a preset server according to a preset asynchronous request to obtain service information;
and if the service of the service information representation server is available, the client and the equipment end are reconnected in a session channel, so that the client and the equipment end perform normal data interaction.
In a second aspect, an embodiment of the present invention provides a network communication connection apparatus, which is applied to a network communication system, where the network communication system includes: client and equipment end, include:
the client comprises:
the first key generation module is used for generating a key according to a preset key generation rule to obtain a client local key if a user login request is received;
the second key generation module is used for generating a symmetric key for the local key of the equipment terminal according to the local key of the client terminal to obtain a key of the client terminal;
the client authentication module is used for receiving user login information and performing login authentication on the user login information to obtain login authentication information;
the data encryption module is used for encrypting the user login information according to the client key to obtain login encryption information if the login authentication information represents successful login authentication;
the device side includes:
the third key generation module is used for generating a key according to the key generation rule to obtain a local key of the equipment end;
the fourth key generation module is used for generating a symmetric key for the client local key according to the equipment end local key to obtain an equipment end key;
the equipment terminal authentication module is used for receiving the login encrypted information and carrying out session authentication on the login encrypted information according to the equipment terminal secret key to obtain authentication detection information;
the client further comprises:
and the session establishing module is used for establishing a session channel for the equipment end if the authentication detection information represents that the session authentication is successful, so that the client and the equipment end perform data interaction.
The network communication connection device of the embodiment of the invention at least has the following beneficial effects: when a first key generation module receives a user login request sent by an equipment end, the first key generation module generates a corresponding local key according to a preset key generation rule to obtain a client local key, a third key generation module generates a corresponding local key according to a key generation rule after receiving the client local key sent by the client to obtain an equipment end local key, a fourth key generation module performs symmetric key generation on the client local key according to the equipment end local key to obtain an equipment end key, a second key generation module receives the equipment end local key sent by the equipment end, a second key generation module performs symmetric key generation on the equipment end local key according to the client local key to obtain a client key, a client authentication module receives user login information sent by the equipment end, the client authentication module inquires corresponding user login information in a corresponding storage space to authenticate the user login information to obtain login authentication information, if the login authentication information represents that the login is successful, a data encryption module encrypts the user information according to the client key to obtain login information, the client authentication module receives the login information sent by the client authentication module, the authentication module performs session detection on the establishment of a session authentication channel according to the authentication information, and the session detection of the authentication module. The local keys are exchanged through the client and the equipment end so that the client and the equipment end respectively generate corresponding keys, the client performs login authentication on user login information, if the login authentication is successful, the client encrypts the user login information according to the keys and sends the encrypted user login information to the equipment end, the equipment end performs session authentication on the encrypted information, and if the session authentication is successful, the client establishes a session channel so that the client and the equipment end perform data interaction and can perform authentication through the client and the equipment end respectively so as to reduce the risk of hijacking data or forging requests.
In a third aspect, an embodiment of the present invention provides a network communication system, further including:
at least one processor, and,
a memory communicatively coupled to the at least one processor; wherein, the first and the second end of the pipe are connected with each other,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the network communication connection method of the first aspect.
In a fourth aspect, an embodiment of the present invention provides a computer-readable storage medium storing computer-executable instructions for causing a computer to perform the network communication connection method according to the first aspect.
Additional features and advantages of the application will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by the practice of the application. The objectives and other advantages of the application may be realized and attained by the structure particularly pointed out in the written description and drawings.
Drawings
Fig. 1 is a flowchart illustrating a network communication connection method according to an embodiment of the present invention;
FIG. 2 is a flowchart illustrating an embodiment of step S102 of FIG. 1;
FIG. 3 is a schematic flow chart of another embodiment of step S102 in FIG. 1;
FIG. 4 is a flow chart illustrating a method for network communication connection according to another embodiment of the present invention;
FIG. 5 is a flowchart illustrating an embodiment of step S105 in FIG. 1;
FIG. 6 is a flow chart illustrating a method for network communication connection according to another embodiment of the present invention;
FIG. 7 is a flow chart illustrating a method for network communication connection according to another embodiment of the present invention;
fig. 8 is a block diagram of an embodiment of a network communication connection device according to the invention.
Description of the reference numerals:
a first key generation module 801, a third key generation module 802, a fourth key generation module 803, a second key generation module 804, a client authentication module 805, a data encryption module 806, a device authentication module 807, and a session establishment module 808.
Detailed Description
The idea of the invention and the resulting technical effects will be clearly and completely described below in connection with the embodiments, so that the objects, features and effects of the invention can be fully understood. It is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all embodiments, and other embodiments obtained by those skilled in the art without inventive efforts are within the protection scope of the present invention based on the embodiments of the present invention.
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention will be described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and do not limit the invention.
It should be noted that although functional block divisions are provided in the system drawings and logical orders are shown in the flowcharts, in some cases, the steps shown and described may be performed in different orders than the block divisions in the systems or in the flowcharts.
In the description of the present invention, unless otherwise explicitly limited, terms such as arrangement, installation, connection and the like should be understood in a broad sense, and those skilled in the art can reasonably determine the specific meanings of the above terms in the present invention in combination with the specific contents of the technical solutions.
In the description of the embodiments of the present invention, if "a number" is referred to, it means one or more, if "a plurality" is referred to, it means two or more, if "greater than", "less than" or "more than" is referred to, it is understood that the number is not included, and if "greater than", "lower" or "inner" is referred to, it is understood that the number is included. References to "first" and "second" are to be understood as distinguishing technical features and are not to be construed as indicating or implying a relative importance or implicitly indicating the number of technical features indicated or implicitly indicating the precedence of the technical features indicated.
With the development of the internet of things technology, the internet of things technology is used in more and more fields to realize cloud-up and big data analysis of data, such as industrial internet of things, agricultural internet of things and the like. The authentication and certification management capability of the equipment of the Internet of things is an important premise for realizing the safety of the Internet of things. The existing identity authentication mode for the equipment of the Internet of things has certain safety problem under the condition of using in a local area network.
After receiving a login instruction sent by a web browser of an application client, an equipment end sends user information according to the login instruction to perform login authentication, after the login authentication is passed, token information (including user information and expiration time) and a login success response of a current user are returned to the web browser of the client, the web browser of the client needs to carry the token to perform a data request each time after receiving the token, the equipment end verifies the validity of the token, if the token is invalid, error information is returned, and if the token is valid, the request information is successfully returned. Although an expiration time is set for the token, data theft may still occur through hijacking or spoofing of the request.
In addition, before the equipment terminal accesses the platform of the internet of things, a user calls a registered equipment interface (verification code mode) through an application server or registers equipment on the platform of the internet of things through a control console, and a unique identification code nodeId (such as IMEI) of the equipment terminal is set as a verification code of the platform accessed by the equipment terminal. When the equipment end is accessed to the Internet of things platform, the unique equipment identification is carried, and the access authentication of the equipment is completed. When the DTLS/DTLS + transmission layer security protocol is used for access, namely the equipment end is identified as the security equipment, the security encryption of a transmission channel between the equipment end and the Internet of things platform is carried out through a secret key, and the registration, login and authentication of the equipment end are required to be carried out by means of the Internet of things platform.
The present invention is directed to solving at least one of the problems of the prior art. Therefore, the invention provides a network communication connection method which can perform authentication respectively through a client and a device so as to reduce the risk of hijacking data or forging requests.
Referring to fig. 1, fig. 1 is a flowchart illustrating a network communication connection method according to an embodiment of the present invention. In some embodiments, the method is applied to a network communication system, and the network communication system comprises: a client and a device, which specifically includes but is not limited to including step S101 to step S106.
Step S101, if a client receives a user login request, the client generates a key according to a preset key generation rule to obtain a local key of the client; the equipment side generates a key according to a key generation rule to obtain an equipment side local key;
step S102, the equipment side carries out symmetric key generation on a local key of the client side according to the local key of the equipment side to obtain an equipment side key; the client side carries out symmetric key generation on the local key of the equipment side according to the local key of the client side to obtain a key of the client side;
step S103, the client receives the user login information and performs login authentication on the user login information to obtain login authentication information;
step S104, if the login authentication information represents successful login authentication, the client encrypts the user login information according to the client key to obtain login encryption information;
step S105, the equipment end receives the login encryption information and performs session authentication on the login encryption information according to the equipment end key to obtain authentication detection information;
and step S106, if the authentication detection information represents that the session authentication is successful, the client establishes a session channel for the equipment end so as to enable the client and the equipment end to perform data interaction.
In steps S101 to S106 illustrated in this embodiment, after the client receives the user login request sent by the device, the client generates a corresponding local key according to a preset key generation rule to obtain a client local key. And after the equipment end receives the local key of the client end sent by the client end, the equipment end generates a corresponding local key according to the key generation rule to obtain the local key of the equipment end. And generating a symmetric key for the local key of the client according to the local key of the equipment end to obtain the key of the equipment end. And the client receives the local key of the equipment terminal sent by the equipment terminal, and the client performs symmetric key generation on the local key of the equipment terminal according to the local key of the client to obtain the key of the client. The client receives the user login information sent by the equipment terminal, and the client inquires the corresponding user login information in the corresponding storage space so as to perform login authentication on the user login information and obtain login authentication information. If the login authentication information represents that the login authentication is successful, the client encrypts the user login information according to the client key to obtain login encryption information. The equipment end receives the login encryption information sent by the client, and the equipment end performs session authentication on the login encryption information according to the equipment end secret key to obtain authentication detection information. The client receives authentication detection information sent by the equipment end, and if the authentication detection information represents that the session authentication is successful, the client establishes a session channel for the equipment end so that the client and the equipment end perform data interaction through the established session channel. The local keys are exchanged through the client and the equipment end so that the client and the equipment end respectively generate corresponding keys, the client performs login authentication on user login information, if the login authentication is successful, the client encrypts the user login information according to the keys and sends the encrypted user login information to the equipment end, the equipment end performs session authentication on the encrypted information, and if the session authentication is successful, the client establishes a session channel so that the client and the equipment end perform data interaction and can perform authentication through the client and the equipment end respectively so as to reduce the risk of hijacking data or forging requests.
It should be noted that, data interaction is directly performed between the client and the device, and user login information is directly transmitted between the client and the device, so that the client and the device perform authentication and login on user login information input by a user respectively, and security authentication can be performed without using an internet of things platform, thereby implementing authentication between the client and the device. The client includes a web browser, and the client is not specifically limited in this application.
In some embodiments, before step S101, the client establishes a session channel with the device end through an http channel to obtain an http protocol session, so that the client and the device end transmit data such as a key, user login information, and a target identification number.
In step S101 of some embodiments, a key generation rule is predefined based on the wasm technology, where the key generation rule includes an algorithm for generating a key, and the key generation rule may be selected according to practical situations, and is not specifically limited in this application.
Referring to fig. 2, fig. 2 is a flowchart illustrating a network communication connection method according to an embodiment of the present invention. In some embodiments, the client local key includes a client public key and a client private key, the device local key includes a device public key and a device private key, and the client performs symmetric key generation on the device local key according to the client local key to obtain the client key, which includes, but is not limited to, steps S201 to S202.
Step S201, the client sends the client public key to the equipment end and receives the equipment end public key fed back by the equipment end;
step S202, the client side carries out key synthesis according to the device side public key and the client side private key to obtain a client side secret key.
In steps S201 to S202 illustrated in this embodiment, the client sends the client public key to the device side, the device side feeds back the device public key to the client after receiving the client public key, and the client performs key synthesis on the device public key and the client private key to generate a corresponding symmetric key, so as to obtain a client secret key. The public key is exchanged between the client and the equipment end, the client synthesizes the public key of the equipment end and the private key of the client to generate a corresponding symmetric key, and the client key is obtained and can be directly exchanged between the client and the equipment end to generate the required symmetric key.
In step S202 in some embodiments, the client defines a synthesis algorithm based on the wasm technology, and synthesizes the device public key and the client private key according to the synthesis algorithm to obtain a client secret key. The synthesis algorithm may be defined according to actual situations, and is not specifically limited in the present application.
Referring to fig. 3, fig. 3 is a flowchart illustrating a network communication connection method according to an embodiment of the present invention. In some embodiments, the device side performs symmetric key generation on the client side local key according to the device side local key, and obtaining the device side key includes, but is not limited to, steps S301 to S302.
Step S301, the equipment receives a client public key sent by the client;
step S302, the device side performs key synthesis according to the client public key and the device side private key to obtain a device side key.
In steps S301 to S302 illustrated in this embodiment, the device side receives the client public key sent by the client public key, and the device side performs key synthesis on the client public key and the device side private key to generate a corresponding symmetric key, so as to obtain a device side key. The public key is exchanged between the client and the equipment end, the equipment end synthesizes the client public key and the equipment private key to generate a corresponding symmetric key, and the equipment secret key is obtained.
In step S302 of some embodiments, the device side defines a synthesis algorithm based on the wasm technology, where the synthesis algorithm may be an ECDH algorithm, and the device side synthesizes the client public key and the device side private key according to the ECDH algorithm and a preset variable to obtain a device side key. The synthesis algorithm may be defined according to an actual situation, and is not specifically limited in the present application, and the preset variable may be time or other variables, and is not specifically limited in the present application.
The synthesis algorithm defined by the device side based on the wasm technology is consistent with that of the client side, the key of the device side is the same as that of the client side, and the wasm is used as a plug-in unit for encryption and decryption, so that the key generation rule is prevented from being leaked at the client side.
The client randomly generates a client public key and a client private key, and then sends the client public key to the equipment side, the equipment side randomly generates an equipment public key and an equipment private key after receiving the client public key, and the equipment side synthesizes the equipment public key and the client public key to obtain an equipment secret key. The device side feeds back the device side public key to the client side after generating the device side secret key, and the client side synthesizes the device side public key and the client side private key to obtain a client side secret key.
Referring to fig. 4, fig. 4 is a flowchart illustrating a network communication connection method according to an embodiment of the present invention. In some embodiments, the network communication connection method further includes, but is not limited to, including steps S401 to S403.
Step S401, the equipment terminal generates an identification number of a conversation according to a preset identification number generation algorithm to obtain a target identification number;
step S402, the device side manages the target identification number and the device side key;
step S403, the equipment side sends the target identification number to the client side and receives user login information fed back by the client side;
step S404, the equipment side acquires other information of the current user according to the user login information to obtain other information of the user;
step S405, the device side manages other information of the user and the target identification number.
In steps S401 to S405 illustrated in this embodiment, after receiving the client public key, the device side generates an identification number corresponding to the session according to a preset identification number generation algorithm to obtain a target identification number, stores the target identification number in a preset memory space, and performs data management after associating the target identification number with the device side secret key. The equipment end sends the target identification number to the client and receives user login information fed back by the client, acquires other user information of the current user according to the user login information to obtain other user information, associates the other user information with the target identification number and then performs session management. Therefore, the equipment side generates the target identification number to label the subsequently generated session channel, sends the target identification number to the client side, receives the user login information fed back by the client side, obtains other information of the user according to the user login information to obtain the other information of the user, and performs information management on the other information of the user and the target identification number, so that the risk that data is hijacked or a request is forged can be reduced.
It should be noted that, after receiving the client public key, the device generates a device key, generates a target identification number according to a preset identification number generation algorithm, and performs data management after associating the device key and the target identification number. The device side sends the device side public key and the target identification number to the client side at the same time, receives user login information fed back by the client side, obtains other information of the user according to the user login information to obtain other information of the user, and performs data management after the device side associates the other information of the user with the target identification number so as to achieve session management of the device side. Unlike conventional session management: the device side uses a uniform session management mode for authentication and authentication of the websocket protocol, and is realized in an application layer, and session management of the client side is no longer a session management method using session.
In step S401 in some embodiments, the target identification number is generated according to the time parameter and an identification number generation algorithm, which may be a fixed hash algorithm, and the identification number generation algorithm is not specifically limited in this application.
In step S402 of some embodiments, the management is performed by saving into the object data structure under the current user.
In step S404 of some embodiments, the other information of the current user represents other user information of the user currently logged in by the device side, for example: identity information, etc.
In step S405 of some embodiments, the management is to save into the object data structure under the current user.
In step S103 of some embodiments, the client performs login authentication on the user login information by querying the corresponding storage space to implement http protocol session authentication, and can implement authentication on session login by the client to reduce the risk of hijacking data or forging a request.
In step S104 of some embodiments, the client encrypts the target identification number and the user login information according to the client key based on the ECDH algorithm to obtain login encryption information, which can prevent others from stealing data when the target identification number and the user login information are transmitted.
Referring to fig. 5, fig. 5 is a flowchart illustrating a network communication connection method according to an embodiment of the present invention. In some embodiments, the authentication detection information includes authentication success information and authentication failure information, the device side receives the login encryption information, and performs session authentication on the login encryption information according to the device side key, and the obtaining of the authentication detection information includes, but is not limited to, steps S501 to S505.
Step S501, the equipment end receives the login encrypted information and decrypts the login encrypted information according to the equipment end key to obtain user login information and a target identification number;
step S502, the equipment side inquires the identification number in a preset memory space according to the target identification number to obtain inquiry information;
step S503, if the query information represents that the memory space has the stored target identification number, the equipment end checks the user login information to obtain check information;
step S504, if the check information represents that the user login information is correct, the authentication success information is obtained;
step S505, if the target identification number is not stored in the query information representation memory space, or the check information represents that the user login information is wrong, authentication failure information is obtained.
In steps S501 to S505 illustrated in this embodiment, after receiving the login encryption information, the device decrypts the login encryption information according to the device key to obtain decrypted user login information and a decrypted target identification number, and the device queries a corresponding identification number in a preset memory space according to the decrypted target identification number to obtain query information. And if the query information represents that the memory space has the stored target identification number, the equipment end checks the user login information input by the user in the corresponding memory space according to the decrypted user login information to obtain check information. If the check information represents that the user login information is correct, successful authentication information is obtained, and if the query information represents that the memory space does not store the target identification number or the check information represents that the user login information is wrong, authentication failure information is obtained. The target identification number fed back by the client is inquired through the equipment terminal, and the user login information fed back by the client is checked, so that the equipment terminal performs session authentication on the login encryption information, the equipment terminal can perform authentication on the session login, and the risk of hijacking data or forging the request is reduced.
In step S501 of some embodiments, the device side decrypts the login encryption information according to the device side key based on the ECDH algorithm, so as to obtain the target identification number and the user login information. The downlink data and the received data of the equipment end are encrypted and decrypted by using an equipment end key and then transmitted to the client, and the uplink data and the received data of the client are encrypted and decrypted by using a client key and then transmitted to the equipment end.
In step S502 of some embodiments, if the device side queries a corresponding target identification number in a preset memory space according to the decrypted target identification number, the query information represents that the memory space has stored the target identification number. If the device side does not inquire the corresponding target identification number in the preset memory space according to the decrypted target identification number, the inquiry information represents that the target identification number is not stored in the memory space. And the query target identification number is used for judging whether the http protocol session of the current equipment exists or not.
In step S106 of some embodiments, the client establishes a session channel based on the websocket protocol, and enables the client and the device to perform normal data interaction, so that the client and the device can directly perform data transmission without using any platform.
In some embodiments, a client establishes a session with an equipment end through an http channel to obtain an http protocol session, after a user inputs user login information through the equipment end, the equipment end transmits the user login information and a login request to the client through the http protocol session, the client randomly generates a client public key and a client private key according to a key generation rule based on wasm after receiving the login request, and the client sends the client public key and an authentication request to the equipment end. After receiving the authentication request, the device side randomly generates a device side public key and a device side private key according to the key generation rule based on the wasm, generates a symmetric key according to the device side private key and the client side public key to obtain a device side key, simultaneously generates and stores a target identification number, associates the target identification number with the device side key and then performs data management, and sends the device side public key and the target identification number to the client side. The client side synthesizes a client side private key and an equipment side public key according to a synthesis algorithm based on the wasm to generate a symmetric key to obtain a client side key, encrypts a target identification number and user login information according to the client side key after the client side logs in and authenticates the target identification number and the user login information to obtain login encryption information, and sends the login encryption information to the equipment side. The equipment side decrypts the login encryption information according to the equipment side secret key to obtain a decrypted target identification number and decrypted user login information, inquires whether the decrypted target identification number exists or not, if the target identification number exists, checks whether the decrypted user login information is correct or not, if the user login information is correct, associates the target identification number with the user login information, manages data, and returns authentication success information to the client side. After the session authentication of the device side is successful, the client establishes a session channel based on a websocket protocol so as to realize normal data interaction between the device side and the client. And if the target identification number does not exist or the user login information is incorrect, returning authentication failure information to the client.
Referring to fig. 6, fig. 6 is a flowchart illustrating a network communication connection method according to an embodiment of the present invention. In some embodiments, the network communication connection method further includes, but is not limited to, including step S601 to step S602.
Step S601, the client sends a preset logout request and a target identification number to the equipment end;
step S602, the device removes the target identification number in the memory space, so that the device logs out successfully.
In steps S601 to S602 illustrated in this embodiment, a preset logout request and a target identification number are sent to an equipment end through a client, after the equipment end receives the logout request, a corresponding identification number is searched in a corresponding memory space according to the target identification number sent by the client, the target identification number is removed after the target identification number is found, and an equipment end key and other user information associated with the target identification number are released, so that the equipment end successfully logs out. The client side sends the login request and the target identification number to the equipment side, the equipment side removes the target identification number in the memory space, releases the associated equipment side key and other user information according to the target identification number so as to log out the equipment side, and can release the user information when the equipment side logs out so as to protect the data information of the user.
In step S601 in some embodiments, if there is no data report in the preset time interval, that is, there is no data transmission between the device side and the client side, the client side automatically sends a logout request, or the user actively sends a logout request through the client side. The preset time interval is preferably 30 minutes in the present application, and the preset time interval may be selected according to actual situations, which is not specifically limited in the present application.
Referring to fig. 7, fig. 7 is a flowchart illustrating a network communication connection method according to an embodiment of the present invention. In some embodiments, the network communication connection method further includes, but is not limited to, including steps S701 to S704.
Step S701, a client acquires the data interaction condition in real time to obtain interaction information;
step S702, if the interaction information represents that the data interaction between the client and the equipment is abnormal, the client detects the network connection condition to obtain network connection information;
step S703, if the network connection information represents that the network connection is normal, the client detects the service condition of a preset server according to a preset asynchronous request to obtain service information;
step S704, if the service of the service information representation server is available, the client and the equipment end are reconnected in the session channel, so that the client and the equipment end can perform normal data interaction.
In steps S701 to S704 illustrated in this embodiment, the client obtains a data interaction situation with the device in real time to obtain interaction information, if the interaction information indicates that the data interaction between the client and the device is abnormal, the client automatically detects whether the local network connection of the client is normal to obtain network connection information, if the network connection information indicates that the network connection is normal, the client detects whether a service of a preset server is available according to a preset asynchronous request to obtain service information, and if the service of the service information indicates that the service of the server is available, the client and the device are reconnected to each other in a session channel to enable the client and the device to perform normal data interaction. The client checks the reason of abnormal data interaction between the client and the equipment end by eliminating the problems of network connection and the service of the server, and if the network connection is normal and the server is available, the session channel is reconnected so that the client and the equipment end can perform normal data interaction, and the session channel can be reconnected when the data interaction is temporarily abnormal, so that the use experience of a user is improved.
In step S703 of some embodiments, the preset asynchronous request is preferably an ajax asynchronous request in the present application, and the preset asynchronous request may be selected according to practical situations, and the present application does not specifically limit the preset asynchronous request. The preset server is preferably an http server in the application, the preset server can be selected according to actual conditions, and the application does not specifically limit the preset server.
In addition, an embodiment of the present application further discloses a network communication connection device, please refer to fig. 8, where fig. 8 is a block diagram of a network communication connection device according to an embodiment of the present invention. Moreover, the network communication connection method may be implemented, in which the network communication connection apparatus is applied to a network communication system, the network communication system includes a client and a device, and the network communication connection apparatus includes: the first key generation module 801, the third key generation module 802, the fourth key generation module 803, the second key generation module 804, the client authentication module 805, the data encryption module 806, the device side authentication module 807 and the session establishment module 808 are all in communication connection.
The client comprises: if a user login request is received, the first key generation module 801 is configured to perform key generation according to a preset key generation rule to obtain a client local key. The second key generation module 804 performs symmetric key generation on the device-side local key according to the client-side local key to obtain a client-side key. The client authentication module 805 receives the user login information, and performs login authentication on the user login information to obtain login authentication information. If the login authentication information represents that the login authentication is successful, the data encryption module 806 encrypts the user login information according to the client key to obtain login encryption information;
the equipment end includes: the third key generation module 802 generates a key according to the key generation rule to obtain the device-side local key. The fourth key generation module 803 performs symmetric key generation on the client local key according to the device local key to obtain a device local key. The device side authentication module 807 receives the login encryption information, and performs session authentication on the login encryption information according to the device side key to obtain authentication detection information;
the client further comprises: if the authentication detection information represents that the session authentication is successful, the session establishment module 808 performs session channel establishment on the device side, so that the client side and the device side perform data interaction.
After the first key generation module 801 receives a user login request sent by the device side, the first key generation module 801 generates a corresponding local key according to a preset key generation rule, so as to obtain a client local key. After receiving the client local key sent by the client, the third key generation module 802 generates a corresponding local key according to the key generation rule, so as to obtain the device local key. The fourth key generation module 803 performs symmetric key generation on the client local key according to the device local key to obtain a device local key. The second key generation module 804 receives the device-side local key sent by the device side, and the second key generation module 804 performs symmetric key generation on the device-side local key according to the client-side local key to obtain a client-side key. The client authentication module 805 receives the user login information sent by the device, and the client authentication module 805 queries the corresponding user login information in the corresponding storage space to perform login authentication on the user login information to obtain login authentication information. If the login authentication information represents that the login authentication is successful, the data encryption module 806 encrypts the user login information according to the client key to obtain login encryption information. The device side authentication module 807 receives the login encryption information sent by the client, and the device side authentication module 807 performs session authentication on the login encryption information according to the device side key to obtain authentication detection information. The session establishing module 808 receives authentication detection information sent by the device side, and if the authentication detection information represents that the session authentication is successful, the session establishing module 808 establishes a session channel for the device side, so that the client and the device side perform data interaction through the established session channel. The local keys are exchanged through the client and the equipment end so that the client and the equipment end respectively generate corresponding keys, the client performs login authentication on user login information, if the login authentication is successful, the client encrypts the user login information according to the keys and sends the encrypted user login information to the equipment end, the equipment end performs session authentication on the encrypted information, and if the session authentication is successful, the client establishes a session channel so that the client and the equipment end perform data interaction and can perform authentication through the client and the equipment end respectively so as to reduce the risk of hijacking data or forging requests.
The operation process of the network communication connection device in this embodiment specifically refers to steps S101 to S106, steps S201 and S202, steps S301 and S302, steps S401 to S405, steps S501 to S505, step S601 and S602, and steps S701 to S704 of the network communication connection method in fig. 1, fig. 2, fig. 3, fig. 4, fig. 5, fig. 6, and fig. 7 described above, and is not repeated here.
Another embodiment of the present invention discloses a network communication system, further comprising: at least one processor, and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor to enable the at least one processor to perform a network communication connection method as control method steps S101 to S106 in fig. 1, control method steps S201 and S202 in fig. 2, control method steps S301 and S302 in fig. 3, control method steps S401 to S405 in fig. 4, control method steps S501 to S505 in fig. 5, control method steps S601 and S602 in fig. 6, and control method steps S701 to S704 in fig. 7.
Another embodiment of the present invention discloses a storage medium, including: the storage medium stores computer-executable instructions for causing a computer to execute the network communication connection method of control method steps S101 to S106 in fig. 1, control method steps S201 and S202 in fig. 2, control method steps S301 and S302 in fig. 3, control method steps S401 to S405 in fig. 4, control method steps S501 to S505 in fig. 5, control method steps S601 and S602 in fig. 6, and control method steps S701 to S704 in fig. 7.
The above described embodiments of the apparatus are merely illustrative, wherein the units illustrated as separate components may or may not be physically separate, may be located in one place, or may be distributed over a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment.
One of ordinary skill in the art will appreciate that all or some of the steps, systems, and methods disclosed above may be implemented as software, firmware, hardware, and suitable combinations thereof. Some or all of the physical components may be implemented as software executed by a processor, such as a central processing unit, digital signal processor, or microprocessor, or as hardware, or as an integrated circuit, such as an application specific integrated circuit. Such software may be distributed on computer readable media, which may include computer storage media (or non-transitory media) and communication media (or transitory media). The term computer storage media includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data, as is well known to those of ordinary skill in the art. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital Versatile Disks (DVD) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can accessed by a computer. In addition, communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media as known to those skilled in the art.
The embodiments of the present invention have been described in detail with reference to the accompanying drawings, but the present invention is not limited to the above embodiments, and various changes can be made within the knowledge of those skilled in the art without departing from the gist of the present invention. Furthermore, the embodiments of the present invention and the features of the embodiments may be combined with each other without conflict.

Claims (10)

1. A network communication connection method, applied to a network communication system, the network communication system comprising: client and equipment end includes:
if the client receives a user login request, the client generates a key according to a preset key generation rule to obtain a client local key; the equipment terminal generates a key according to the key generation rule to obtain an equipment terminal local key;
the equipment side carries out symmetric key generation on the client side local key according to the equipment side local key to obtain an equipment side key; the client generates a symmetric key for the local key of the equipment terminal according to the local key of the client to obtain a key of the client;
the client receives user login information and performs login authentication on the user login information to obtain login authentication information;
if the login authentication information represents that login authentication is successful, the client encrypts the user login information according to the client key to obtain login encryption information;
the equipment end receives the login encrypted information and performs session authentication on the login encrypted information according to the equipment end key to obtain authentication detection information;
and if the authentication detection information represents that the session authentication is successful, the client establishes a session channel for the equipment end so as to enable the client and the equipment end to perform data interaction.
2. The network communication connection method of claim 1, wherein the client local secret key comprises a client public key and a client private key, the device local secret key comprises a device public key and a device private key, and the client performs symmetric secret key generation on the device local secret key according to the client local secret key to obtain a client secret key, comprising:
the client sends the client public key to the equipment end and receives an equipment end public key fed back by the equipment end;
and the client performs key synthesis according to the equipment public key and the client private key to obtain the client secret key.
3. The network communication connection method according to claim 2, wherein the device side performs symmetric key generation on the client side local key according to the device side local key to obtain the device side key, and the method comprises:
the equipment end receives the client public key sent by the client;
and the equipment side performs key synthesis according to the client public key and the equipment side private key to obtain the equipment side key.
4. The network communication connection method of claim 3, further comprising:
the equipment terminal generates an identification number of a session according to a preset identification number generation algorithm to obtain a target identification number;
the equipment side sends the target identification number to the client side and receives the user login information fed back by the client side;
the equipment side acquires other information of the current user according to the user login information to obtain other information of the user;
and the equipment terminal manages the other information of the user and the target identification number.
5. The network communication connection method according to claim 4, wherein the authentication detection information includes authentication success information and authentication failure information, the device side receives the login encryption information and performs session authentication on the login encryption information according to the device side key to obtain the authentication detection information, and the method includes:
the equipment end receives the login encrypted information and decrypts the login encrypted information according to the equipment end key to obtain the user login information and the target identification number;
the equipment side inquires the identification number in a preset memory space according to the target identification number to obtain inquiry information;
if the query information represents that the target identification number is stored in the memory space, the equipment terminal checks the user login information to obtain check information;
if the check information represents that the user login information is correct, the authentication success information is obtained;
and if the query information represents that the target identification number is not stored in the memory space or the check information represents that the user login information is wrong, obtaining the authentication failure information.
6. The network communication connection method of claim 5, wherein the method further comprises:
the client sends a preset logout request and the target identification number to the equipment end;
and the equipment end removes the target identification number in the memory space so as to enable the equipment end to successfully log out.
7. The network communication connection method according to any one of claims 1 to 6, wherein the method further comprises:
the client side obtains the data interaction condition in real time to obtain interaction information;
if the interaction information represents that the data interaction between the client and the equipment is abnormal, the client detects the network connection condition to obtain network connection information;
if the network connection information represents that the network connection is normal, the client detects the service condition of a preset server according to a preset asynchronous request to obtain service information;
and if the service of the service information representation server is available, the client and the equipment end are reconnected in a session channel, so that the client and the equipment end perform normal data interaction.
8. A network communication connection device, applied to a network communication system, the network communication system comprising: client and equipment end, include:
the client comprises:
the first key generation module is used for generating a key according to a preset key generation rule to obtain a client local key if a user login request is received;
the second key generation module is used for generating a symmetric key for the local key of the equipment terminal according to the local key of the client terminal to obtain a key of the client terminal;
the client authentication module is used for receiving user login information and performing login authentication on the user login information to obtain login authentication information;
the data encryption module is used for encrypting the user login information according to the client key to obtain login encryption information if the login authentication information represents successful login authentication;
the device side includes:
the third key generation module is used for generating a key according to the key generation rule to obtain a local key of the equipment end;
a fourth key generation module, configured to perform symmetric key generation on the client local key according to the device-side local key, to obtain a device-side key;
the equipment side authentication module is used for receiving the login encrypted information and carrying out session authentication on the login encrypted information according to the equipment side key to obtain authentication detection information;
the client further comprises:
and the session establishing module is used for establishing a session channel for the equipment end if the authentication detection information represents that the session authentication is successful, so that the client and the equipment end perform data interaction.
9. A network communication system, characterized by further comprising:
at least one processor, and,
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the network communication connection method of any one of claims 1 to 7.
10. A computer-readable storage medium storing computer-executable instructions for causing a computer to perform the network communication connection method according to any one of claims 1 to 7.
CN202211181414.XA 2022-09-27 2022-09-27 Network communication connection method, device, network communication system and storage medium Pending CN115580399A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211181414.XA CN115580399A (en) 2022-09-27 2022-09-27 Network communication connection method, device, network communication system and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211181414.XA CN115580399A (en) 2022-09-27 2022-09-27 Network communication connection method, device, network communication system and storage medium

Publications (1)

Publication Number Publication Date
CN115580399A true CN115580399A (en) 2023-01-06

Family

ID=84584010

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211181414.XA Pending CN115580399A (en) 2022-09-27 2022-09-27 Network communication connection method, device, network communication system and storage medium

Country Status (1)

Country Link
CN (1) CN115580399A (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102833253A (en) * 2012-08-29 2012-12-19 五八同城信息技术有限公司 Method and server for establishing safe connection between client and server
CN109257387A (en) * 2018-11-20 2019-01-22 郑州云海信息技术有限公司 Method and apparatus for disconnection reconnecting
CN111935166A (en) * 2020-08-18 2020-11-13 杭州萤石软件有限公司 Communication authentication method, system, electronic device, server, and storage medium
CN112583787A (en) * 2019-09-30 2021-03-30 意法半导体有限公司 Apparatus and method for encryption
CN114048438A (en) * 2021-11-10 2022-02-15 广州歌神信息科技有限公司 Equipment authentication method and device, equipment, medium and product thereof

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102833253A (en) * 2012-08-29 2012-12-19 五八同城信息技术有限公司 Method and server for establishing safe connection between client and server
CN109257387A (en) * 2018-11-20 2019-01-22 郑州云海信息技术有限公司 Method and apparatus for disconnection reconnecting
CN112583787A (en) * 2019-09-30 2021-03-30 意法半导体有限公司 Apparatus and method for encryption
CN111935166A (en) * 2020-08-18 2020-11-13 杭州萤石软件有限公司 Communication authentication method, system, electronic device, server, and storage medium
CN114048438A (en) * 2021-11-10 2022-02-15 广州歌神信息科技有限公司 Equipment authentication method and device, equipment, medium and product thereof

Similar Documents

Publication Publication Date Title
US11128477B2 (en) Electronic certification system
US10959092B2 (en) Method and system for pairing wireless mobile device with IoT device
EP2705642B1 (en) System and method for providing access credentials
CN113099443B (en) Equipment authentication method, device, equipment and system
JP2018519706A (en) Method, network access device, application server, and non-volatile computer readable storage medium for causing a network access device to access a wireless network access point
CN109167802B (en) Method, server and terminal for preventing session hijacking
CN112019566B (en) Data transmission method, server, client and computer storage medium
CN105721412A (en) Method and device for authenticating identity between multiple systems
KR20110083886A (en) Apparatus and method for other portable terminal authentication in portable terminal
CN113572728B (en) Method, device, equipment and medium for authenticating Internet of things equipment
CN105516135A (en) Method and device used for account login
CN113473458B (en) Device access method, data transmission method and computer readable storage medium
CN109698746A (en) Negotiate the method and system of the sub-key of generation bound device based on master key
US9160739B2 (en) Secure data transmission system
CN114553480B (en) Cross-domain single sign-on method and device, electronic equipment and readable storage medium
CN110138558B (en) Transmission method and device of session key and computer-readable storage medium
CN109587134B (en) Method, apparatus, device and medium for secure authentication of interface bus
CN110719169A (en) Method and device for transmitting router safety information
CN115473655A (en) Terminal authentication method, device and storage medium for access network
CN113079506B (en) Network security authentication method, device and equipment
CN114944921A (en) Login authentication method and device, electronic equipment and storage medium
CN115580399A (en) Network communication connection method, device, network communication system and storage medium
CN113596823A (en) Slice network protection method and device
CN110225011B (en) Authentication method and device for user node and computer readable storage medium
CN116321126A (en) Intelligent equipment network access method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination