CN116112197A - Authentication information transmission method, authentication information transmission system, storage medium, and apparatus - Google Patents

Authentication information transmission method, authentication information transmission system, storage medium, and apparatus Download PDF

Info

Publication number
CN116112197A
CN116112197A CN202211355586.4A CN202211355586A CN116112197A CN 116112197 A CN116112197 A CN 116112197A CN 202211355586 A CN202211355586 A CN 202211355586A CN 116112197 A CN116112197 A CN 116112197A
Authority
CN
China
Prior art keywords
authentication information
data packet
authentication
server
tcp
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211355586.4A
Other languages
Chinese (zh)
Inventor
文曦畅
胡文广
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sangfor Technologies Co Ltd
Original Assignee
Sangfor Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sangfor Technologies Co Ltd filed Critical Sangfor Technologies Co Ltd
Priority to CN202211355586.4A priority Critical patent/CN116112197A/en
Publication of CN116112197A publication Critical patent/CN116112197A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/141Setup of application sessions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • H04L69/163In-band adaptation of TCP data exchange; In-band control procedures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The application provides an authentication information transmission method, which is applied to an authentication information sending module in a terminal and comprises the following steps: acquiring authentication information of a data packet to be sent in a TCP long connection; the TCP long connection is established between a client side and a server side of the server in the terminal; constructing an authentication data packet; and sending the authentication data packet to an authentication information receiving module of the server so that the authentication information receiving module can confirm the authentication information of the data packet received by the server. According to the method and the device, the communication safety of the service system can be improved, the communication equipment and the communication protocol are not required to be updated, the communication upgrading cost of the service system is reduced, and meanwhile no extra service influence is caused on the service system. The application also provides an authentication information transmission system, a computer readable storage medium and electronic equipment, which have the beneficial effects.

Description

Authentication information transmission method, authentication information transmission system, storage medium, and apparatus
Technical Field
The present invention relates to the field of communications technologies, and in particular, to an authentication information transmission method, an authentication information transmission system, a storage medium, and an electronic device.
Background
Currently, many business systems have communication potential safety hazards and have the requirement of transmitting authentication information. The common practice is as follows: by adopting a token mode, the token needs to be put into a request data stream when a protocol is designed: such as http, typically uses url parameters to store tokens, such as https:// www.example.com/uritken=12345678.
However, the service system needs to be upgraded in this way, however, the service system used by the enterprise is very many and belongs to different manufacturers, so that it is very difficult to upgrade the service system, and the service system is safely upgraded with long time consumption, high cost and low efficiency, which brings a great number of hidden troubles to the enterprise service.
If the service system upgrade is not considered, the authentication information is written in the option field of the TCP header or the IP header of the message, but because the TCP header and the IP header have the length limitation, too many available bytes are not used for storing the authentication information, and the authentication information transmission failure is caused.
Therefore, how to improve the security of the service system is a technical problem that needs to be solved by those skilled in the art.
Disclosure of Invention
The invention aims to provide an authentication information transmission method, an authentication information transmission system, a storage medium and electronic equipment, wherein the communication security of a service system can be improved by adding authentication information without modifying the communication protocol of the service system.
In order to solve the above technical problems, the present application provides an authentication information transmission method, which is applied to an authentication information sending module in a terminal, and the method includes:
acquiring authentication information of a data packet to be sent in a TCP long connection; the TCP long connection is established between a client side and a server side of the server in the terminal;
constructing an authentication data packet, wherein the authentication data packet comprises: the five-tuple and authentication information of the data packet to be sent further comprise a TCP serial number or a TCP serial number range;
and sending the authentication data packet to an authentication information receiving module of the server so that the authentication information receiving module can confirm the authentication information of the data packet received by the server.
Optionally, the authentication information includes: at least one of user identity information, session identification, process information, and terminal environment information.
Optionally, the authentication information receiving module that sends the authentication data packet to the server includes:
and transmitting the authentication data packet to the authentication information receiving module based on a third party connection independent of the TCP long connection.
Optionally, the third party connection is a UDP connection.
Optionally, the authentication information receiving module that sends the authentication data packet to the server includes:
based on the TCP long connection, sending the authentication data packet to an authentication information receiving module of the server; the five-tuple of the authentication data packet is consistent with the five-tuple of the long connection, and carries authentication data packet identification information to indicate the authentication data packet.
Optionally, the identification is performed as an authentication data packet by setting a TCP sequence number of the authentication data packet to an illegal sequence number.
Optionally, the sending time of the authentication data packet is earlier than the sending time of the corresponding data packet to be sent, so that the authentication information receiving module obtains the authentication information before receiving the data packet to be sent, thereby performing access control.
The application also provides an authentication information transmission system, comprising:
the authentication information acquisition module is used for acquiring authentication information of a data packet to be sent in the TCP long connection; the TCP long connection is established between a client side and a server side of the server in the terminal;
the authentication data construction module is used for constructing an authentication data packet, wherein the authentication data packet comprises the following components: the five-tuple and authentication information of the data packet to be sent further comprise a TCP serial number or a TCP serial number range; and the communication module is used for sending the authentication data packet to the authentication information receiving module of the server so that the authentication information receiving module can confirm the authentication information of the data packet received by the server.
The present application also provides a computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the method as described above.
The application also provides an electronic device comprising a memory in which a computer program is stored and a processor which when calling the computer program in the memory implements the steps of the method as described above.
The application provides an authentication information transmission method, which is applied to an authentication information sending module in a terminal and comprises the following steps: acquiring authentication information of a data packet to be sent in a TCP long connection; the TCP long connection is established between a client side and a server side of the server in the terminal; constructing an authentication data packet, wherein the authentication data packet comprises: the five-tuple and authentication information of the data packet to be sent further comprise a TCP serial number or a TCP serial number range; and sending the authentication data packet to an authentication information receiving module of the server so that the authentication information receiving module can confirm the authentication information of the data packet received by the server.
The authentication information of the data packet to be sent is obtained, so that the authentication data packet is constructed, the authentication information of the data packet to be sent is confirmed by the server through the transmission of the authentication data packet, and the data packet to be sent is authenticated through the quintuple carried in the authentication data packet and the authentication information. The authentication data packet does not need to change the communication protocol of the original service system, is independent of the service system, does not utilize the option field of the header in the original data packet, but can be used for carrying out access verification on the data packet sent by the terminal based on the authentication data packet by adopting an externally hung authentication mode, so that the communication safety of the service system is improved, the communication safety is used for subsequent audit and/or management and control, communication equipment and communication protocol are not required to be updated, the communication upgrading cost of the service system is reduced, and meanwhile, no additional service influence is caused on the service system.
The application further provides an authentication information transmission system, a computer readable storage medium and an electronic device, which have the above beneficial effects and are not described herein.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings that are required to be used in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are only embodiments of the present application, and that other drawings may be obtained according to the provided drawings without inventive effort to a person skilled in the art.
Fig. 1 is a flowchart of an authentication information transmission method provided in an embodiment of the present application;
fig. 2 is a schematic structural diagram of an authentication information transmission system according to an embodiment of the present application:
fig. 3 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
For the purposes of making the objects, technical solutions and advantages of the embodiments of the present application more clear, the technical solutions of the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is apparent that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments, which can be made by one of ordinary skill in the art without undue burden from the present disclosure, are within the scope of the present disclosure.
Referring to fig. 1, fig. 1 is a flowchart of an authentication information transmission method according to an embodiment of the present application, where the authentication information transmission method includes:
s101: acquiring authentication information of a data packet to be sent in a TCP long connection; the TCP long connection is established between a client side and a server side of the server in the terminal;
this step is intended to acquire authentication information, and is not limited to how to acquire authentication information, and may be generally acquired from a service initiator, or may be acquired from a master of the service initiator. The service initiator may generate authentication information containing self-related and access-related information.
The specific content of the authentication information is not limited herein, and may include at least one of user identity information of the service initiator itself, session identification, process information, and terminal environment information, or a combination of any of the several items. Of course, the specific format of the authentication information is not limited herein, and may be any format data agreed by both parties of the service. It is easy to understand that the authentication information may be generated according to at least one of the access right, the session identification and the application environment information of the service initiator, and the identity information of the service initiator, before the step is performed. Of course, the authentication information may also include other information for performing verification, which is not limited herein by way of example.
In addition, if the authentication information includes real-time information of the service initiator, for example, the current application environment, the process of acquiring the authentication information may be repeated operations performed continuously, that is, acquiring the authentication information in the TCP long connection multiple times. For example, if the service initiator suddenly infects a virus, the application environment actually changes greatly, and the authentication information can also include application environment information for recording the current state of the service initiator, so that the service receiver and the authentication information receiving module of the server can confirm that the TCP long connection initiated by the service initiator may have a virus through checking the authentication information, so as to block access in time.
S102: constructing an authentication data packet;
this step aims at constructing an authentication data packet, where the authentication data packet at least includes: the five-tuple of the data packet to be sent and authentication information, wherein the data packet to be sent also comprises a TCP serial number or a TCP serial number range. The five-tuple mainly refers to a source IP address, a source port, a destination IP address, a destination port and a transport layer protocol. It can be seen that, by default, before executing this step, the quintuple and authentication information of the data packet to be sent, and information such as the TCP sequence number or the TCP sequence number range, etc. are already acquired. The present step is not particularly limited as to how to acquire the information such as the quintuple.
In a feasible manner, the existence of the message to be transmitted can be determined by detecting the transmission action of the message in the TCP long connection, and then an authentication data packet is constructed according to the message to be transmitted.
In addition, this step is not specifically limited to how to construct the authentication packet, and is not limited to the specific format and type of the authentication packet. It may be constructed in the same packet format as the TCP packet, or may be in the UDP protocol, or in a packet format of another protocol type.
S103: and sending the authentication data packet to an authentication information receiving module of the server so that the authentication information receiving module can confirm the authentication information of the data packet received by the server.
The step aims at sending the authentication data packet to an authentication information receiving module of the server. Here, how to transmit the authentication packet is not limited.
Here, how to transmit the authentication data packet is not limited, and this embodiment provides two ways:
in the first way, a third party connection independent of the TCP long connection may be established, and then the authentication packet may be delivered to the service recipient through the third party connection. For example, if the third party connection is a UDP connection, a UDP packet is constructed as the authentication packet. It should also be noted that the authentication data packet needs to contain a data sequence number or a range of data sequence numbers in a TCP long connection. Taking the TCP stream as an example, it contains the seq number, i.e. the sequence number of the data packet, during transmission, usually in numerical order. If the TCP long connection includes authentication data packets of multiple service originators, in order to avoid confusion of the authentication data packets, it needs to ensure that the authentication data packets of each service initiator correspond to respective data packets, that is, configure sequence numbers or sequence number ranges of data corresponding to the service initiator for the authentication data packets. If the data packet sequence number of the service initiator a is 1000-2000, the corresponding authentication data packet should also include the data sequence number range or directly include the sequence number 1000, and when the authentication information is replaced with 2001, the authentication data packet includes the sequence number 2001. This enables the service receiver to acknowledge the service initiator based on the sequence number. And at this time, the TCP long connection may correspond to a plurality of authentication data packets, and each service initiator corresponds to at least one authentication data packet.
In this manner, the transmission process of the authentication packet, i.e., the third party connection, is independent of the TCP long connection, i.e., the normal traffic communication. And it can be seen that the transmission process of the authentication data packet is not constrained by the communication protocol of the service system, and only a third party communication mode which does not affect the service transmission needs to be configured in advance. In fact, the third party communication mode is very simple in the normal service system communication process, and can be, for example, a TCP transmission or a UDP transmission.
In the second way, it is necessary to include the authentication packet in the TCP long connection for transmission, i.e. to add the authentication packet to the TCP long connection, and to set a communication configuration in which the authentication packet applies the TCP long connection, i.e. to send the authentication packet over the established TCP long connection, instead of over another connection which is otherwise independent of the TCP long connection. The method comprises the following specific steps:
the five-tuple of the authentication data packet is configured as the five-tuple of the TCP long connection, so that the authentication data packet includes the five-tuple of the data packet to be transmitted, and in addition, in order to be distinguished from the data packet transmitted by the TCP long connection itself, the authentication data packet must further include identification information indicating that the authentication data packet is itself an authentication data packet. In one possible implementation, the identification information may be: illegal serial number. Among them, the illegal serial number is: sequence numbers that are not possible with normal packets in the TCP long connection. The selection of specific identification information can be determined according to actual conditions.
For illegal serial numbers, the kernel protocol stack of the server cannot be identified and is automatically discarded, so that the authentication information receiving module can directly return the authentication data packet to the kernel protocol stack after acquiring the authentication data packet, and the kernel protocol stack discards the authentication data packet.
The data packets during TCP transmission all contain sequence numbers that identify the current data location to be transmitted, typically in numerical order, to avoid out of order received data. For example, 1 … 100 …, etc., but if 1 … 100 … 4100 … 200 shows an illegal sequence number of 4100 in the clear middle, the authentication packet receiving module considers that the packet is out of window range, recognizes that the packet can be confirmed to be actually an authentication packet, and returns the authentication packet to the kernel protocol stack after checking the authentication packet, and the kernel protocol stack discards the authentication packet. In this way, the influence of the authentication data packet transmitted in the form of a data packet on the normal service data transmission is avoided.
For the authentication message receiving module, after the TCP long connection is adopted to confirm that the data with the illegal serial number is received, the data packet can be restored into the authentication data packet, the access check is carried out on the authentication data packet, and after the access check is finished, the data packet with the illegal serial number is discarded by utilizing a protocol stack based on the TCP transmission principle.
It should be noted that the authentication message sending module may first transmit the authentication message before the TCP long connection sends the data message of the response, that is, transmit the authentication message synchronously with the TCP long connection as much as possible. The authentication packet sending module may be configured in advance, and is used for implementing authentication packet packaging and sending configuration before sending the authentication packet. Correspondingly, an authentication message receiving module can be configured in the server for realizing the functions of receiving, analyzing, checking and the like of the authentication data packet.
In addition, the transmission sequence of the authentication data packet and the data packet to be sent is not limited in the embodiment of the present application. In a feasible manner, the sending time of the authentication data packet is set to be earlier than the sending time of the corresponding data packet to be sent, so that the authentication information receiving module of the server side obtains the authentication information packet before receiving the data packet to be sent, and access control is performed on the data packet to be authenticated. Of course, in other embodiments of the present application, the authentication data packet and the data packet to be sent may be sent simultaneously, but the data packet to be sent may be received only after the server side authenticates the authentication data packet.
The authentication information of the data packet to be sent is obtained, so that the authentication data packet is constructed, the authentication information of the data packet to be sent is confirmed by the server through the transmission of the authentication data packet, and the data packet to be sent is authenticated through the quintuple carried in the authentication data packet and the authentication information. The authentication data packet does not need to change the communication protocol of the original service system, is independent of the service system, and enables the service end to carry out access verification on the data packet sent by the terminal based on the authentication data packet by adopting a plug-in authentication mode, so that the communication safety of the service system is improved, communication equipment and communication protocol are not required to be updated, the communication upgrading cost of the service system is reduced, and meanwhile, no additional service influence is caused on the service system.
The authentication information transmission method provided by the present application is described below in a specific application procedure of the present application:
if the method is applied to the communication upgrading of the client and the server, the communication potential safety hazard exists between the current client and the server. After the authentication information transmission method provided by the application is applied, an authentication message sending module can be configured at the terminal (for example, a plug-in is installed in the terminal), and an authentication message receiving module can be configured at the server. At the terminal side, the authentication message sending module detects the application environment, identity information and the like of the user, simultaneously obtains quintuple information and TCP serial numbers of data packets to be sent in the TCP long connection, and constructs authentication data packets.
When communicating with the server, the terminal first transmits an authentication data packet. At this time, the terminal may transmit the authentication data packet through the third party line, or may send the authentication data packet to the service segment together with the data packet to be sent in the TCP long connection.
The authentication packet receiving module of the server may first check the authentication packet to detect the user identity of the client, system environment information, etc., and if the user identity is confirmed to be correct, allow the long TCP connection corresponding to the authentication information, or continue to audit the long TCP connection or other access behaviors according to the authentication packet. If the abnormality is confirmed, the access can be blocked in time.
Referring to fig. 2, fig. 2 is a schematic structural diagram of an authentication information transmission system according to an embodiment of the present application, where the system includes:
the authentication information acquisition module is used for acquiring authentication information of a data packet to be sent in the TCP long connection; the TCP long connection is established between a client side and a server side of the server in the terminal;
the authentication data construction module is used for constructing an authentication data packet, wherein the authentication data packet comprises the following components: the five-tuple and authentication information of the data packet to be sent further comprise a TCP serial number or a TCP serial number range;
and the communication module is used for sending the authentication data packet to the authentication information receiving module of the server so that the authentication information receiving module can confirm the authentication information of the data packet received by the server.
Based on the foregoing embodiments, as a preferred embodiment, the communication module is a module for sending the authentication data packet to the authentication information receiving module based on a third party connection independent of the TCP long connection.
Based on the above embodiments, as a preferred embodiment, the authentication information transmission system further includes:
and the authentication data packet identification module is used for identifying the TCP sequence number of the authentication data packet as an illegal sequence number.
Based on the above embodiments, as a preferred embodiment, the authentication information transmission system may further include:
the data packet sending time setting module is used for setting that the sending time of the authentication data packet is earlier than the corresponding sending time of the data packet to be sent, so that the authentication information receiving module obtains the authentication information before receiving the data packet to be sent, and access control is performed.
The present application also provides a computer-readable storage medium having stored thereon a computer program which, when executed, can implement the steps of the method provided by the above-described embodiments. The storage medium may include: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The application further provides an electronic device, which may include a memory and a processor, where the memory stores a computer program, and the processor may implement the steps of the method provided in the foregoing embodiment when calling the computer program in the memory. Of course the electronic device may also include various network interfaces, power supplies, etc. Referring to fig. 3, fig. 3 is a schematic structural diagram of an electronic device provided in an embodiment of the present application, where the electronic device in this embodiment may include: a processor 2101 and a memory 2102.
Optionally, the electronic device may further comprise a communication interface 2103, an input unit 2104 and a display 2105 and a communication bus 2106.
The processor 2101, memory 2102, communication interface 2103, input unit 2104, display 2105, and all communicate with each other via communication bus 2106.
In the embodiment of the present application, the processor 2101 may be a central processing unit (Central Processing Unit, CPU), an asic, a dsp, an off-the-shelf programmable gate array, or other programmable logic device.
The processor may call a program stored in the memory 2102. In particular, the processor may perform the operations performed by the terminal in the above embodiments.
The memory 2102 is used to store one or more programs, and the programs may include program code that includes computer operation instructions, and in this embodiment, at least the programs for implementing the following functions are stored in the memory:
acquiring authentication information of a data packet to be sent in a TCP long connection; the TCP long connection is established between a client side and a server side of the server in the terminal;
constructing an authentication data packet, wherein the authentication data packet comprises: the five-tuple and authentication information of the data packet to be sent further comprise a TCP serial number or a TCP serial number range;
and sending the authentication data packet to an authentication information receiving module of the server so that the authentication information receiving module can confirm the authentication information of the data packet received by the server. In one possible implementation, the memory 2102 may include a storage program area and a storage data area, wherein the storage program area may store an operating system, and at least one application program required for functions, etc.; the storage data area may store data created during use of the computer.
The electronic device may be a single hardware device, such as a PC. However, it may also be in the form of a cluster of hardware devices, such as a cloud computing platform, in which case a virtual machine may be run in the cloud computing platform, where the steps of the method provided in the above embodiments may be run to send authentication information related to the virtual machine.
In addition, memory 2102 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device or other volatile solid state storage device.
The communication interface 2103 may be an interface of a communication module, such as an interface of a GSM module.
The application may also include a display 2105 and an input unit 2104, and so on.
The structure of the electronic device shown in fig. 3 is not limited to the electronic device in the embodiment of the present application, and the electronic device may include more or fewer components than those shown in fig. 3 or may combine some components in practical applications.
In the description, each embodiment is described in a progressive manner, and each embodiment is mainly described by the differences from other embodiments, so that the same similar parts among the embodiments are mutually referred. The system provided by the embodiment is relatively simple to describe as it corresponds to the method provided by the embodiment, and the relevant points are referred to in the description of the method section.
Specific examples are set forth herein to illustrate the principles and embodiments of the present application, and the description of the examples above is only intended to assist in understanding the methods of the present application and their core ideas. It should be noted that it would be obvious to those skilled in the art that various improvements and modifications can be made to the present application without departing from the principles of the present application, and such improvements and modifications fall within the scope of the claims of the present application.
It should also be noted that in this specification, relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.

Claims (10)

1. An authentication information transmission method, which is applied to an authentication information transmission module in a terminal, the method comprising:
acquiring authentication information of a data packet to be sent in a TCP long connection; the TCP long connection is established between a client side and a server side of the server in the terminal;
constructing an authentication data packet, wherein the authentication data packet comprises: the five-tuple and authentication information of the data packet to be sent further comprise a TCP serial number or a TCP serial number range;
and sending the authentication data packet to an authentication information receiving module of the server so that the authentication information receiving module can confirm the authentication information of the data packet received by the server.
2. The authentication information transmission method according to claim 1, wherein the authentication information includes: at least one of user identity information, session identification, process information, and terminal environment information.
3. The authentication information transmission method according to claim 1, wherein the authentication information receiving module that transmits the authentication data packet to the server side includes:
and transmitting the authentication data packet to the authentication information receiving module based on a third party connection independent of the TCP long connection.
4. A method of transmitting authentication information according to claim 3, wherein the third party connection is a UDP connection.
5. The authentication information transmission method according to claim 1, wherein the authentication information receiving module that transmits the authentication data packet to the server side includes:
based on the TCP long connection, sending the authentication data packet to an authentication information receiving module of the server; the five-tuple of the authentication data packet is consistent with the five-tuple of the long connection, and carries authentication data packet identification information to indicate the authentication data packet.
6. The authentication information transmission method according to claim 5, wherein the authentication packet is identified by setting a TCP sequence number of the authentication packet to an illegal sequence number.
7. The authentication information transmission method according to any one of claims 1 to 6, wherein a transmission time of the authentication data packet is earlier than a transmission time of the corresponding data packet to be transmitted, so that the authentication information receiving module obtains the authentication information before receiving the data packet to be transmitted, thereby performing access control.
8. An authentication information transmission system, comprising:
the authentication information acquisition module is used for acquiring authentication information of a data packet to be sent in the TCP long connection; the TCP long connection is established between a client side and a server side of the server in the terminal;
the authentication data construction module is used for constructing an authentication data packet, wherein the authentication data packet comprises the following components: the five-tuple and authentication information of the data packet to be sent further comprise a TCP serial number or a TCP serial number range;
and the communication module is used for sending the authentication data packet to the authentication information receiving module of the server so that the authentication information receiving module can confirm the authentication information of the data packet received by the server.
9. A computer-readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the authentication information transmission method according to any one of claims 1-7.
10. An electronic device comprising a memory and a processor, wherein the memory has a computer program stored therein, and wherein the processor, when calling the computer program in the memory, implements the steps of the authentication information transmission method according to any one of claims 1-7.
CN202211355586.4A 2022-11-01 2022-11-01 Authentication information transmission method, authentication information transmission system, storage medium, and apparatus Pending CN116112197A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211355586.4A CN116112197A (en) 2022-11-01 2022-11-01 Authentication information transmission method, authentication information transmission system, storage medium, and apparatus

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211355586.4A CN116112197A (en) 2022-11-01 2022-11-01 Authentication information transmission method, authentication information transmission system, storage medium, and apparatus

Publications (1)

Publication Number Publication Date
CN116112197A true CN116112197A (en) 2023-05-12

Family

ID=86262043

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211355586.4A Pending CN116112197A (en) 2022-11-01 2022-11-01 Authentication information transmission method, authentication information transmission system, storage medium, and apparatus

Country Status (1)

Country Link
CN (1) CN116112197A (en)

Similar Documents

Publication Publication Date Title
CN101111832B (en) System and method for providing client identifying information to a server
CN101009607B (en) Systems and methods for detecting and preventing flooding attacks in a network environment
US8544075B2 (en) Extending a customer relationship management eventing framework to a cloud computing environment in a secure manner
CN112087502B (en) Method, device and equipment for processing request and storage medium
JP2018528679A (en) Device and method for establishing a connection in a load balancing system
CN108259425A (en) The determining method, apparatus and server of query-attack
US8424024B2 (en) Application-specific serial port redirector
CN111064755B (en) Data protection method and device, computer equipment and storage medium
CN112968910B (en) Replay attack prevention method and device
CN108900562B (en) Login state sharing method and device, electronic equipment and medium
KR101809365B1 (en) Message Fragmentation Method using a MQTT Protocol in M2M/IoT Platforms
CN102655509A (en) Network attack identification method and device
CN110417905B (en) Contract issuing method, device, equipment and union chain system
CN110545230B (en) Method and device for forwarding VXLAN message
CN111726328B (en) Method, system and related device for remotely accessing a first device
US10785147B2 (en) Device and method for controlling route of traffic flow
CN108512889B (en) Application response pushing method based on HTTP and proxy server
CN107040613A (en) A kind of message transmitting method and system
CN107277163B (en) Equipment remote mapping method and device
US9450906B2 (en) Managing a messaging queue in an asynchronous messaging system
CN107507086B (en) Invoice processing method and invoice processing system
CN116112197A (en) Authentication information transmission method, authentication information transmission system, storage medium, and apparatus
CN113259436B (en) Network request processing method and device
CN101662368A (en) Network data filtering device capable of fighting against Trojan horse programs and corresponding method
CN105939401B (en) Handle the method and device of message

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination