CN116961932A - Message verification method and device - Google Patents

Message verification method and device Download PDF

Info

Publication number
CN116961932A
CN116961932A CN202210384599.8A CN202210384599A CN116961932A CN 116961932 A CN116961932 A CN 116961932A CN 202210384599 A CN202210384599 A CN 202210384599A CN 116961932 A CN116961932 A CN 116961932A
Authority
CN
China
Prior art keywords
message
network device
information
encryption
network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210384599.8A
Other languages
Chinese (zh)
Inventor
张耀坤
杨冰涛
谢经荣
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CN202210384599.8A priority Critical patent/CN116961932A/en
Publication of CN116961932A publication Critical patent/CN116961932A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/16Arrangements for providing special services to substations
    • H04L12/18Arrangements for providing special services to substations for broadcast or conference, e.g. multicast
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The embodiment of the application provides a message verification method and device, which are used for verifying a message sender based on encryption type and verification information carried by a message after a message receiver receives the message in the message transmission process of an Automatic Multicast Tunnel (AMT) network so as to improve the security of the network. In the method, a first network device receives a first message from a second network device, the first message including a first encryption type and first authentication information; and the first network device sends the second message to the second network device when determining that the second network device passes the verification based on the first encryption type and the first verification information.

Description

Message verification method and device
Technical Field
The present application relates to the field of communications technologies, and in particular, to a method and an apparatus for message authentication.
Background
During multicast communication, some intermediate nodes between a multicast source (source) and a receiver (receiver) of a multicast message may lack multicast capability (Lack multicast capability), which easily causes transmission interruption of the multicast message. For this purpose, automatic multicast tunneling (automatic multicast tunneling, AMT) techniques are currently proposed for solving the problem of transmission interruption.
Currently, in an AMT network, a device connected to a multicast source is called a relay (relay) device, a device connected to a receiving party is called a gateway (gateway) device, and the relay device and the gateway device are connected through an intermediate network lacking multicast capability. In the AMT network, after receiving a multicast message from a multicast source, the relay device packages the multicast message into a unicast message and forwards the unicast message, and the unicast message passes through an intermediate network lacking multicast capability to reach the gateway device; and after processing the received unicast message into a multicast message, the gateway equipment executes multicast forwarding.
However, in the current AMT network, no secure and reliable message authentication scheme has been proposed yet, which causes that the device cannot identify illegal messages (such as impersonation, flooding, etc.) after receiving the message, thereby affecting the security of the network.
Disclosure of Invention
The embodiment of the application provides a message verification method and a message verification device, which can verify a message sender so as to improve the security of a network.
The first aspect of the embodiment of the present application provides a method for verifying a message, which is applied to an AMT network, where the method is performed by a first network device, or the method is performed by a part of components (such as a processor, a chip, or a chip system) in the first network device, or the method is implemented by a logic module or software capable of implementing all or part of the functions of the first network device. In the first aspect and its possible implementation manner, the method for packet verification is described by using a first network device as an example, where the first network device is a device such as a router, a switch, a virtual machine, and the like. In the method, a first network device receives a first message from a second network device, the first message including a first encryption type and first authentication information; and the first network device sends the second message to the second network device when determining that the second network device passes the verification based on the first encryption type and the first verification information.
Based on the technical scheme, after receiving a first message containing a first encryption type and first verification information, the first network device verifies the second network device based on the first encryption type and the first verification information before sending a second message to the second network device, and when the verification is passed, the first network device sends the second message to the second network device. In other words, when the first network device is used as a message receiver and the second network device is used as a message sender, the message receiver verifies the message sender based on the encryption type and verification information carried by the message, that is, the message receiver identifies whether the first message is an illegal message based on the encryption type and verification information carried by the first message, and further interacts other messages with the message sender only when verification passes (that is, the first message is identified not to be the illegal message). Therefore, in the message transmission process of the AMT network, after the message receiver receives the message, the message sender is verified based on the encryption type and verification information carried by the message, so that the security of the network is improved.
Optionally, the first network device does not send the second message to the second network device when the first network device determines that the second network device fails to pass the authentication based on the first encryption type and the first authentication information. In other words, when the first network device determines that the second network device fails to verify based on the first encryption type and the first verification information, the first network device may identify the first message as an illegal message or the first network device may identify the second network device as a sender of the illegal message; in this case, the first network device does not send the second message to the second network device, so as to improve the security of the network.
In a possible implementation manner of the first aspect, the first network device is a gateway device, and the second network device is a relay device; the first message is a relay announcement (relay advertisement) message and the second message is a request (request) message.
Based on the above technical solution, the first network device may be a gateway device in the AMT network and the second network device may be a relay device in the AMT network, so that after receiving a relay notification message for notifying information of the relay device from the relay device, the gateway device may implement verification on the relay device based on a first encryption type and first verification information carried by the first message, that is, identify whether the relay notification message sent by the relay device is an illegal message, and if verification passes (that is, identify that the relay notification message is not an illegal message), the gateway device sends a request message for requesting member query (member query) information from the relay device to the relay device.
In a possible implementation manner of the first aspect, the first network device is a relay device, and the second network device is a gateway device; the first message is a relay discovery message, and the second message is a relay notification message.
Based on the above technical solution, the first network device may be a relay device in the AMT network and the second network device may be a gateway device in the AMT network, so that after receiving a relay discovery message for discovering the relay device from the gateway device, the relay device may implement verification on the gateway device based on a first encryption type and first verification information carried by the first message, that is, identify whether the relay discovery message sent by the gateway device is an illegal message, and send a relay notification message for notifying the relay device information to the gateway device if the verification passes (that is, identify that the relay discovery message is not an illegal message).
In a possible implementation manner of the first aspect, the second message includes a second encryption type and second authentication information.
Based on the above technical solution, when the first network device determines that the second network device passes the authentication based on the first encryption type and the first authentication information, the second message sent by the first network device to the second network device may also include the encryption type and the authentication information. In other words, the second message sent by the first network device includes the second encryption type and the second verification information, so that after the second network device receives the second message, the second network device can verify the first network device based on the second encryption type and the second verification information, and interact other messages with the first network device after the second network device passes the verification, so as to improve the security of the network.
In a possible implementation manner of the first aspect, the second encryption type is the same as the first encryption type, and the second authentication information is the same as the first authentication information.
Based on the above technical solution, under the condition that the second message sent by the first network device to the second network device may also include an encryption type and verification information, the second encryption type carried by the second message is the same as the first encryption type carried by the first message, and the second verification information carried by the second message is the same as the first verification information carried by the first message, so that the first network device generates the second encryption type and the second verification information in the second message based on the first message, and meanwhile, the second network device can also be convenient for the computational complexity of verifying the second message after receiving the second message.
Optionally, the second encryption type is different from the first encryption type, and/or the second authentication information is different from the first authentication information.
Based on the above technical solution, in the case that the second message sent by the first network device to the second network device may also include an encryption type and authentication information, the second encryption type carried by the second message and the first encryption type carried by the first message, and the second authentication information carried by the second message and the first authentication information carried by the first message are the same, and at least one of the two is different. The information for verification carried by the first message is different from the information for verification carried by the second message, so that the difficulty in counterfeiting the first message and the second message is improved, and the safety of a plurality of messages transmitted by the AMT network is further improved.
In a possible implementation manner of the first aspect, the determining, by the first network device, that the second network device verifies based on the first encryption type and the first verification information includes: the first network device encrypts the preconfigured information based on an encryption mode corresponding to the first encryption type to obtain target verification information; when the target authentication information is the same as the first authentication information, the first network device determines that the first authentication information is authenticated.
Based on the above technical solution, the method for verifying the second network device by the first network device based on the first encryption type and the first verification information may be a forward verification method, that is, the first network device encrypts the preconfigured information based on the encryption method corresponding to the first encryption type, and obtains the target verification information; when the target authentication information is the same as the first authentication information, the first network device determines that the first authentication information is authenticated.
In a possible implementation manner of the first aspect, the determining, by the first network device, the first authentication information based on the first encryption type, the second network device authentication pass includes: the first network device decrypts the first verification information based on an encryption mode corresponding to the first encryption type to obtain target information; when the target information is the same as the preconfigured information, the first network device determines that the first authentication information is authenticated.
Based on the above technical solution, the method for verifying the second network device by the first network device based on the first encryption type and the first verification information may be a reverse verification method, that is, the first network device decrypts the first verification information based on the encryption method corresponding to the first encryption type, and obtains the target information; when the target information is the same as the preconfigured information, the first network device determines that the first authentication information is authenticated.
In a possible implementation manner of the first aspect, the preconfigured information is included in the verified information set.
Alternatively, the authenticated information set may also be referred to as white list (white list) information, which includes one or more items of the preconfigured authenticated information.
Based on the above technical solution, the first network device may be preconfigured with a verified information set, where the verified information set includes one or more pieces of verified information, and the one or more pieces of verified information may correspond to a message sent by the verified device. After receiving the first message, the first network device verifies that the target information corresponding to the first message is included in the verified information set, and the first network device can determine that the first network device passes verification.
In a possible implementation manner of the first aspect, the encryption manner corresponding to the first encryption type includes any one of hash operation message authentication code-secure hash algorithm 256 (hash-based message authentication code-secure hash algorithm, HMAC-SHA 256) encryption, keychain (keychain) encryption, and information digest algorithm fifth edition (message digest algorithm, md5) encryption.
It should be understood that, in the embodiment of the present application, the encryption manner corresponding to the first encryption type (or the possible second encryption type) may include, but is not limited to, the encryption manner described above, and other encryption manners may also be used in the practical application of the scheme, which is not limited herein.
A second aspect of the embodiment of the present application provides a packet verification device, where the packet verification device is disposed in a first network device in an AMT multicast network, and the device may implement the method in the first aspect or any one of possible implementation manners of the first aspect. The apparatus comprises corresponding units or modules for performing the above-described methods. The units or modules included in the apparatus may be implemented in a software and/or hardware manner. For example, the apparatus may be a first network device, or the apparatus may be a component (e.g., a processor, a chip, or a system-on-a-chip, etc.) in the first network device, or the apparatus may also be a logic module or software that can implement all or part of the functionality of the first network device.
The device comprises a receiving unit and a transmitting unit; the receiving and transmitting unit is used for receiving a first message from the second network equipment, wherein the first message comprises a first encryption type and first verification information; the transceiver unit is further configured to send the second message to the second network device when the processing unit determines that the second network device passes the authentication based on the first encryption type and the first authentication information.
In one possible implementation manner of the second aspect, the first network device is a gateway device, and the second network device is a relay device; the first message is a relay notification message, and the second message is a request message.
In a possible implementation manner of the second aspect, the first network device is a relay device, and the second network device is a gateway device; the first message is a relay discovery message, and the second message is a relay notification message.
In a possible implementation manner of the second aspect, the second message includes a second encryption type and second authentication information.
In a possible implementation manner of the second aspect, the second encryption type is the same as the first encryption type, and the second authentication information is the same as the first authentication information.
In a possible implementation manner of the second aspect, the processing unit is specifically configured to: encrypting the preconfigured information based on an encryption mode corresponding to the first encryption type to obtain target verification information; and when the target verification information is the same as the first verification information, determining that the first verification information passes verification.
In a possible implementation manner of the second aspect, the processing unit is specifically configured to: decrypting the first verification information based on an encryption mode corresponding to the first encryption type to obtain target information; and when the target information is the same as the preconfigured information, determining that the first verification information passes verification.
In a possible implementation manner of the second aspect, the preconfigured information is included in the verified information set.
Alternatively, the authenticated information set may also be referred to as white list (white list) information, which includes one or more items of the preconfigured authenticated information.
In a possible implementation manner of the second aspect, the encryption manner corresponding to the first encryption type includes any one of hash operation message authentication code-secure hash algorithm 256HMAC-SHA256 encryption, key chain keychain encryption, and information digest algorithm fifth edition MD5 encryption.
In the second aspect of the embodiment of the present application, the component modules of the packet verification device may also be configured to execute the steps executed in each possible implementation manner of the first aspect, and achieve corresponding technical effects, and may refer to the first aspect, which is not described herein again.
A third aspect of the embodiments of the present application provides a packet authentication device, including at least one processor, where the at least one processor is coupled to a memory; the memory is used for storing programs or instructions; the at least one processor is configured to execute the program or instructions to cause the apparatus to implement the method according to the first aspect or any one of the possible implementation manners of the first aspect.
The fourth aspect of the embodiment of the application provides a message authentication device, which comprises at least one logic circuit and an input/output interface; the logic circuitry is to perform the method as described in the foregoing first aspect or any one of the possible implementations of the first aspect.
A fifth aspect of embodiments of the present application provides a computer-readable storage medium storing computer-executable instructions; when executed by a processor, the computer-executable instructions perform the method as described above in the first aspect or any one of the possible implementation manners of the first aspect.
A sixth aspect of the embodiments of the present application provides a computer program product (or computer program) which, when executed by a processor, performs the method of any one of the possible implementations of the first aspect or the first aspect.
A seventh aspect of the embodiments of the present application provides a chip system, which includes at least one processor for supporting the message authentication device to implement the functions involved in the first aspect or any one of the possible implementations of the first aspect.
In one possible design, the system-on-chip may further include a memory for storing program instructions and data necessary for the message authentication device. The chip system can be composed of chips, and can also comprise chips and other discrete devices. Optionally, the system on a chip further comprises interface circuitry providing program instructions and/or data to the at least one processor.
An eighth aspect of the present embodiment provides a message authentication system, where the message authentication system includes the message authentication device of the third aspect.
A ninth aspect of the present embodiment provides a message authentication system, where the message authentication system includes the message authentication device of the fourth aspect, or the message authentication device of the fifth aspect.
The technical effects of any one of the design manners of the second aspect to the ninth aspect may be referred to the technical effects of the different implementation manners of the first aspect, and are not described herein.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below.
Fig. 1 is a schematic diagram of an application scenario provided in an embodiment of the present application;
fig. 2 is another schematic diagram of an application scenario provided in an embodiment of the present application;
FIG. 3 is a schematic diagram of a message authentication method according to an embodiment of the present application;
FIG. 4a is a diagram illustrating a message format according to an embodiment of the present application;
FIG. 4b is a diagram illustrating another embodiment of a message format according to the present application;
FIG. 5 is another schematic diagram of a message authentication method according to an embodiment of the present application;
FIG. 6 is a schematic diagram of a message authentication device according to an embodiment of the present application;
FIG. 7 is another schematic diagram of a message authentication device according to an embodiment of the present application;
fig. 8 is a schematic diagram of a message authentication system according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be described below with reference to the accompanying drawings in the embodiments of the present application.
The terms "system" and "network" in embodiments of the application may be used interchangeably. "at least one" means one or more, and "a plurality" means two or more. "and/or", describes an association relationship of an association object, and indicates that there may be three relationships, for example, a and/or B, and may indicate: cases where A alone, both A and B together, and B alone, where A and B may be singular or plural. The character "/" generally indicates that the context-dependent object is an "or" relationship. "at least one of" or the like means any combination of these items, including any combination of single item(s) or plural items(s). For example, "at least one of A, B, and C" includes A, B, C, AB, AC, BC, or ABC. And, unless otherwise specified, references to "first," "second," etc. ordinal words of embodiments of the present application are used for distinguishing between multiple objects and not for defining a sequence, timing, priority, or importance of the multiple objects.
In the present application, the words "exemplary" or "such as" are used to mean serving as an example, instance, or illustration. Any embodiment or design described herein as "exemplary" or "for example" should not be construed as preferred or advantageous over other embodiments or designs. Rather, the use of words such as "exemplary" or "such as" is intended to present related concepts in a concrete fashion.
Referring to fig. 1, a schematic architecture diagram of a route detection system according to an embodiment of the present application is provided. As shown in fig. 1, the system includes a plurality of network devices, such as network device 101, network device 102, network device 103, network device 104, and network device 105, as well as other network devices that may be present.
Optionally, in fig. 1, the network device 101, the network device 102, the network device 103, the network device 104, and the network device 105 are routers (routers), switches, virtual machines, and the like.
In the communication system shown in fig. 1, a plurality of communication modes, such as unicast, multicast or broadcast, can be supported between different network devices, and the present application mainly relates to a multicast communication mode between different devices.
Multicasting, also known as multi-target broadcasting, multicasting, refers to a communication method for transmitting information between a sender and multiple receivers (receivers) in a network, wherein the sender may also be referred to as a multicast source (source).
Alternatively, in multicast communication, the sender may be the network device shown in fig. 1 or another device (e.g., a terminal device) connected to the network device shown in fig. 1, and the receiver may be the network device shown in fig. 1 or another device (e.g., a terminal device) connected to the network device shown in fig. 1. The multicast message sent by the sender needs to be forwarded by one or more network devices, so that the receiver can receive the multicast message.
Multicast is widely used in network services such as internet protocol television (internet protocol television, IPTV), real-time data transmission, and multimedia conferences, and is capable of saving network bandwidth and reducing network load more effectively than unicast, but requires that all network data communication devices support multicast transmission.
Currently, some intermediate nodes between a sender and a receiver may lack multicast-enabled capability, resulting in failure to interrupt the transmission of multicast messages, subject to service provider policies or network restrictions. Illustratively, devices and networks included in the network (lack multicast capability) lacking multicast capability in the scenario shown in fig. 2 cannot send corresponding multicast messages from source to receiver according to conventional multicast communication.
Request for comments (request for comments, RFC) 7450 defines an AMT technology that addresses the above problems, the nature of AMT networks being devices and networks that traverse Lack multicast capability multicast messages by unicast forwarding, requiring no or little modification to existing network infrastructure. In RFC7450, there are also defined roles of relay (i.e., a device connected to a multicast source or a leaf node of a multicast network), gateway (i.e., a device connected to a multicast receiving terminal), and the like. The Relay device and the gateway device are connected through a network in lack multicast capability, that is, the Relay device may be referred to as a root node of the network, and the gateway device may be referred to as a leaf node of the network. For example, as shown in fig. 2, the main task of the AMT network is to encapsulate the multicast message by AMT and user datagram protocol (user datagram protocol, UDP), and implement the information interconnection between the relay and gateway devices under the condition that the intermediate path network domain of the relay and gateway devices does not support the multicast function. Specifically, when a multicast message is forwarded from a multicast source to a relay device, the relay device encapsulates the multicast message as an IP/UDP unicast message as required, forwards the multicast message to a gateway device corresponding to the multicast message, and then decapsulates and strips off an IP/UDP unicast message header by the gateway device to continue multicast forwarding, so that a multicast receiver (receiver) receives the multicast message.
In the implementation procedure of the AMT network, a Relay Discovery (Relay Discovery) implementation stage is included. In this implementation phase, the gateway device "discovers (or looks for)" the nearest relay device of the corresponding network segment by sending a relay discovery message carrying an anycast address (anycast addressing), and uses a random nonce (random nonce) generated randomly to ensure subsequent flow verification; after receiving the message, the relay device sends a relay notification (relay advertisement) message carrying the random number to tell the gateway device the unicast address of the relay device. Through this implementation stage, the gateway device confirms the relay device and its unicast address that need to interact, and can subsequently receive the multicast message based on the unicast address.
In one implementation, the random number carried in the relay discovery message sent by the gateway device is a random and non-zero random number, where the random number is used for authentication, that is, after the gateway device receives the relay advertisement message, the authentication needs to be performed on the identity of the relay device by using the random number carried in the relay advertisement message. When the random number carried in the relay advertisement message is the same as the random number carried in the relay discovery message, the gateway device determines that the relay device passes verification, that is, determines that the relay device is a legal device, and can further interact with other multicast messages with the relay device. However, in the above implementation manner, since the random number is data transmitted in plaintext in both the relay discovery message and the relay advertisement message, after the random number is acquired, the AMT network is easily attacked by illegal messages (such as counterfeiting, flooding, etc.).
As can be seen, in the current AMT network, no secure and reliable message authentication scheme has been proposed yet, which results in that the device cannot identify illegal messages (such as impersonation, flooding, etc.) after receiving the message, thereby affecting the security of the network.
In order to solve the above problems, embodiments of the present application provide a method and an apparatus for verifying a message, which are used for implementing verification of a message sender based on an encryption type and verification information carried by a message after a message receiver receives the message in a message transmission process of an AMT network, so as to improve network security. Embodiments of the present application will be further described below with reference to the accompanying drawings.
Referring to fig. 3, a schematic diagram of a method 100 for discovering a root node according to the present application is provided, and the method 100 for discovering a root node includes the following steps.
S101, the second network equipment sends a first message.
In this embodiment, the second network device sends the first message in step S101, and correspondingly, the first network device receives the first message in step S101. The first message comprises a first encryption type and first verification information.
S102, when the first network equipment determines that the second network equipment passes the verification, the first network equipment sends a second message.
In this embodiment, the first network device authenticates the second network device based on the first encryption type and the first authentication information acquired in step S101, and when determining that the second network device passes the authentication, the first network device sends a second message in step S102. Accordingly, the second network device receives the second packet in step S102.
In one possible implementation, the second message sent by the first network device in step S102 includes a second encryption type and second authentication information. Specifically, when the first network device determines that the second network device passes the authentication based on the first encryption type and the first authentication information, the second message sent by the first network device to the second network device in step S102 may also include the encryption type and the authentication information. In other words, the second message sent by the first network device in step S102 includes the second encryption type and the second verification information, so that after the second network device receives the second message in step S102, the second network device may verify the first network device based on the second encryption type and the second verification information, and interact other messages with the first network device after the verification is passed, so as to improve the security of the network.
Optionally, the second encryption type is the same as the first encryption type, and the second authentication information is the same as the first authentication information. Specifically, in the case that the second packet sent by the first network device in step S102 includes the encryption type and the verification information, the second encryption type carried by the second packet is the same as the first encryption type carried by the first packet, and the second verification information carried by the second packet is the same as the first verification information carried by the first packet, so that the first network device can generate the second encryption type and the second verification information in the second packet based on the first packet, and at the same time, the second network device can also be convenient for the computational complexity of verifying the second packet after receiving the second packet.
Optionally, the second encryption type is different from the first encryption type, and/or the second authentication information is different from the first authentication information. Specifically, in the case that the second message sent by the first network device in step S102 to the second network device may also include the encryption type and the authentication information, the second encryption type carried by the second message and the first encryption type carried by the first message, and the second authentication information carried by the second message and the first authentication information carried by the first message are the same, and at least one of the two is different. The information for verification carried by the first message is different from the information for verification carried by the second message, so that the difficulty in counterfeiting the first message and the second message is improved, and the safety of a plurality of messages transmitted by the AMT network is further improved.
In one possible implementation, the encryption mode corresponding to the first encryption type carried by the first message (or the second encryption type carried by the second message that may exist) includes any one of hash operation message authentication code-secure hash algorithm 256 (hash-based message authentication code-secure hash algorithm, HMAC-SHA 256) encryption, keychain (keychain) encryption, and message digest algorithm fifth edition (message digest algorithm, md5) encryption.
It should be understood that, in the embodiment of the present application, the encryption manner corresponding to the first encryption type (or the possible second encryption type) may include, but is not limited to, the encryption manner described above, and in practical application of the scheme, other encryption manners, such as a null authentication or a plaintext authentication mode, may also be used, which is not limited herein. The following description will take an implementation procedure of the first encryption type as an example (i.e., an implementation procedure of the second encryption type may refer to the following implementation procedure).
In one implementation example, when the encryption mode corresponding to the first encryption type is null authentication, null authentication refers to not opening authentication. The first encryption type carried by the first message indicates that the current encryption mode is not to start authentication, so that a receiver of the first message can determine that a sender of the first message passes authentication without authenticating the first authentication information, and at the moment, a field corresponding to the first authentication information is a reserved field (namely the field can be used for bearing other information), so that the encryption and decryption cost of both sides of the message is saved. In the implementation manner, through flexible value of the field corresponding to the first encryption type in the message, indication of multiple encryption modes can be realized, and compared with the verification process based on random numbers only, the method and the device can increase the flexibility of scheme implementation and simultaneously multiplex the first verification information to bear other information so as to improve the bearing efficiency of effective information in the message.
In another implementation example, when the encryption mode indicated by the first encryption type is a plaintext authentication mode, that is, the first encryption type carried by the first packet indicates that the current encryption mode is plaintext encryption. In the implementation mode, the indication of multiple encryption modes can be realized through the flexible value of the field corresponding to the first encryption type in the message, and compared with the verification process only based on the random number, the method can increase the flexibility of the scheme implementation and increase the security through the multiple plaintext encryption modes of the matching of the random number and the first verification information.
In another implementation example, when the encryption mode corresponding to the first encryption type is Keychain (Keychain), since Keychain is composed of a plurality of authentication keys, each key includes an Identifier (ID) and a password, and the key has a lifetime, different authentication keys can be selected in Keychain in a rolling manner through the lifetime of the key, so that Keychain can select authentication keys in a rolling manner to enhance the attack resistance.
In one possible implementation, the determining, by the first network device, that the second network device verifies passing based on the first encryption type and the first verification information in step S102 includes: the first network device encrypts the preconfigured information based on an encryption mode corresponding to the first encryption type to obtain target verification information; when the target authentication information is the same as the first authentication information, the first network device determines that the first authentication information is authenticated. Specifically, the method of verifying the second network device by the first network device based on the first encryption type and the first verification information may be a forward verification method, that is, the first network device encrypts the preconfigured information based on the encryption method corresponding to the first encryption type, so as to obtain the target verification information; when the target authentication information is the same as the first authentication information, the first network device determines that the first authentication information is authenticated.
In one possible implementation, the determining, by the first network device, the first authentication information based on the first encryption type in step S102 includes: the first network device decrypts the first verification information based on an encryption mode corresponding to the first encryption type to obtain target information; when the target information is the same as the preconfigured information, the first network device determines that the first authentication information is authenticated. Specifically, the mode of the first network device for verifying the second network device based on the first encryption type and the first verification information may be a reverse verification mode, that is, the first network device decrypts the first verification information based on the encryption mode corresponding to the first encryption type, to obtain the target information; when the target information is the same as the preconfigured information, the first network device determines that the first authentication information is authenticated.
Optionally, the preconfigured information is included in the validated information set. In particular, the first network device may be preconfigured with a verified set of information comprising one or more items of verified information, which may correspond to messages sent by the verified device. After receiving the first message, the first network device verifies that the target information corresponding to the first message is included in the verified information set, and the first network device can determine that the first network device passes verification.
Further alternatively, the verified information set may also be referred to as white list (white list) information, which includes one or more items of the preconfigured verified information.
In one possible implementation, the first network device and the second network device may be multiple roles in an AMT network, as will be described below by way of some examples.
In the first implementation manner, the first network device is gateway device, and the second network device is relay device; the first message is a relay announcement (relay advertisement) message and the second message is a request (request) message.
Specifically, the first network device may be a gateway device in the AMT network and the second network device may be a relay device in the AMT network, so that after receiving a relay notification message for notifying information of the relay device from the relay device, the gateway device may implement verification on the relay device based on a first encryption type and first verification information carried by the first message, that is, identify whether the relay notification message sent by the relay device is an illegal message, and if the verification passes (that is, identify that the relay notification message is not an illegal message), the gateway device sends a request message for requesting a multicast member query (membership) information from the relay device to the relay device.
In a second implementation manner, the first network device is a relay device, and the second network device is a gateway device; the first message is a relay discovery message, and the second message is a relay notification message.
Specifically, the first network device may be a relay device in the AMT network and the second network device may be a gateway device in the AMT network, so that after receiving a relay discovery message for discovering the relay device from the gateway device, the relay device may implement verification on the gateway device based on a first encryption type and first verification information carried by the first message, that is, identify whether the relay discovery message sent by the gateway device is an illegal message, and send a relay notification message for notifying that the relay device information to the gateway device if the verification is passed (that is, identify that the relay discovery message is not an illegal message).
The above-described second implementation will be exemplarily described based on the implementation procedures shown in fig. 4a, 4b and 5.
In the second implementation manner, the first message sent by the gateway device as the second network device in step S101 is a relay discovery message, and fig. 4a is an implementation example of the relay discovery message.
As shown in fig. 4a, the relay discovery message may include the following fields:
message Type (Type): the value of the Type is 1; the method comprises the steps of indicating the Type of an AMT message, and determining the message as a relay discovery message based on 'type=1' after a relay device (such as a first network device) receives the Type of message;
verification type (Authentication Type): i.e., a first authentication type;
authentication information (Authentication): i.e. the first authentication information.
Optionally, as shown in fig. 4a, the relay discovery packet may further include at least one of the following fields:
version (Version, V): v defaults to 0 to indicate the version of the AMT protocol;
reserved (Reserved): reserving a field;
discovery code (Discovery Nonce): i.e. the random number mentioned before for verification.
Accordingly, in the second implementation manner, the second message sent by the relay device as the first network device in step S102 is a relay notification message, and fig. 4b is an implementation example of the relay notification message.
As shown in fig. 4b, the relay advertisement message may include the following fields:
message Type (Type): the value of the Type is 2; the method comprises the steps of indicating the Type of an AMT message, and determining the message as a relay notification message based on 'type=2' after gateway equipment (such as second network equipment) receives the Type of message;
Verification type (Authentication Type): i.e., a second authentication type;
authentication information (Authentication): i.e. the second authentication information.
Optionally, as shown in fig. 4b, the relay discovery packet may further include at least one of the following fields:
version (Version, V): v defaults to 0 to indicate the version of the AMT protocol;
reserved (Reserved): reserving a field;
discovery code (Discovery Nonce): i.e. the aforementioned random number for authentication;
relay device Address information (Relay Address M (IPV 4 or IPV 6)): a fourth version of an internet protocol (internet protocol version, ipv 4) address or a sixth version of an internet protocol (internet protocol version, ipv 6) address for indicating the first network device (i.e., relay device).
It should be understood that the present application is not limited to the values of the number of bytes (or the number of bits) of the different fields and the sequence between the different fields in the frame formats shown in fig. 4a to 4b, and the values of the number of bytes (or the number of bits) of the different fields and the sequence between the different fields in the frame formats shown in fig. 4a to 4b are only one implementation example. The values of the byte numbers (or bit numbers) of the different fields in the frame formats shown in fig. 4a to 4b may be other values, and the sequence between the different fields in the frame formats shown in fig. 4a to 4b may be other field sequences, which is not limited herein. In addition, the different fields in the frame formats shown in fig. 4a to 4b may be implemented independently.
In addition, in the second implementation manner, the implementation process of the gateway device and the relay device shown in fig. 3 may also be represented as the implementation process shown in fig. 5. As shown in fig. 5, the following steps are included.
And A. The gateway equipment sends a relay discovery message carrying authentication information, and correspondingly, the relay equipment receives the relay discovery message in the step A.
In this embodiment, the relay discovery message is recorded as the first message in the step S101, and the authentication information carried by the relay discovery message is the first verification type and the first verification information in the step S101.
And B, authenticating the received relay discovery message by the relay device, replying relay advertisement message if authentication is passed, and not replying if authentication is not passed. Correspondingly, if the authentication is passed, the gateway device receives the relay advertisement message in step B.
In this embodiment, the relay advertisement message is denoted as the second message in the step S102.
Optionally, the relay advertisement message may also carry authentication information, where the authentication information is the second authentication type and the second authentication information in the second message in step 102.
Step C, the gateway equipment verifies the discovery nonce (namely the random number) of the received relay advertisement message, and if the discovery nonce is not verified, the gateway equipment does not reply; if the discovery nonce passes the verification, continuing to authenticate the authentication information in the message, continuing the next interaction after the authentication passes, and not replying if the authentication does not pass.
In the implementation process shown in fig. 5, gateway sends a relay discovery message carrying authentication information, after receiving the message, relay equipment checks an authentication field in the message, if the authentication field does not pass, the message is not replied, and if the authentication field passes, the message is replied relay advertisement; finally, after the gateway receives the relay advertisement message, the gateway firstly verifies the discovery nonce of the relay advertisement message received, and if the discovery nonce is not verified, the gateway does not reply the message; if the discovery nonce passes the verification, continuing to authenticate the authentication information in the message, continuing the next interaction after the authentication passes, and not replying the message if the authentication does not pass. Therefore, the fields of the AMT protocol message are expanded, the AMT protocol supporting authentication function is realized, the security of the AMT protocol is enhanced, and attacks such as counterfeiting, flooding and the like in a network can be effectively defended.
It should be understood that in the foregoing implementation process, the first network device and the second network device are respectively a relay device and a gateway device, or the first network device and the second network device are respectively a gateway device and a relay device are taken as an example. In practical applications, the first network device and the second network device may also be the same device in the AMT network, for example, the first network device and the second network device are both relay devices, and the first network device and the second network device are both gateway devices. In addition, any one of the first network device or the second network device is other roles in the AMT network, such as a multicast source, a multicast receiver (receiver), or other roles defined in the future AMT network, which is not limited herein.
Based on the above technical solution, after the first network device receives the first packet including the first encryption type and the first authentication information in step S101, the first network device authenticates the second network device based on the first encryption type and the first authentication information before sending the second packet to the second network device, and when the authentication passes, the first network device sends the second packet to the second network device in step S102. In other words, when the first network device is used as a message receiver and the second network device is used as a message sender, the message receiver verifies the message sender based on the encryption type and verification information carried by the message, that is, the message receiver identifies whether the first message is an illegal message based on the encryption type and verification information carried by the first message, and further interacts other messages with the message sender only when verification passes (that is, the first message is identified not to be the illegal message). Therefore, in the message transmission process of the AMT network, after the message receiver receives the message, the message sender is verified based on the encryption type and verification information carried by the message, so that the security of the network is improved.
Optionally, the first network device does not send the second message to the second network device when determining that the second network device fails to verify based on the first encryption type and the first verification information. In other words, when the first network device determines that the second network device fails to verify based on the first encryption type and the first verification information, the first network device may identify the first message as an illegal message or the first network device may identify the second network device as a sender of the illegal message; in this case, the first network device does not send the second message to the second network device, so as to improve the security of the network.
Referring to fig. 6, an embodiment of the present application provides a message authentication device, where the message authentication device 600 may implement the function of the message authentication device (i.e. the first network device) in the above method embodiment, so that the beneficial effects of the above method embodiment may also be implemented.
The message authentication device 600 includes a transceiver unit 601 and a processing unit 602. The transceiver 601 is configured to receive a first packet from a second network device, where the first packet includes a first encryption type and first authentication information; the transceiver unit 601 is further configured to send the second message to the second network device when the processing unit 602 determines that the second network device passes authentication based on the first encryption type and the first authentication information.
In one possible implementation, the first network device is a gateway device, and the second network device is a relay device; the first message is a relay notification message, and the second message is a request message.
In one possible implementation, the first network device is a relay device and the second network device is a gateway device; the first message is a relay discovery message, and the second message is a relay notification message.
In one possible implementation, the second message includes a second encryption type and second authentication information.
In one possible implementation, the second encryption type is the same as the first encryption type, and the second authentication information is the same as the first authentication information.
In one possible implementation, the processing unit 602 is specifically configured to: encrypting the preconfigured information based on an encryption mode corresponding to the first encryption type to obtain target verification information; and when the target verification information is the same as the first verification information, determining that the first verification information passes verification.
In one possible implementation, the processing unit 602 is specifically configured to: decrypting the first verification information based on an encryption mode corresponding to the first encryption type to obtain target information; and when the target information is the same as the preconfigured information, determining that the first verification information passes verification.
In one possible implementation, the preconfigured information is contained in a validated set of information.
Alternatively, the authenticated information set may also be referred to as white list (white list) information, which includes one or more items of the preconfigured authenticated information.
In one possible implementation manner, the encryption manner corresponding to the first encryption type includes any one of a hash operation message authentication code-secure hash algorithm 256HMAC-SHA256 encryption, a key chain keychain encryption, and a message digest algorithm fifth version MD5 encryption.
It should be noted that, the content of the information execution process of each unit of the above-mentioned message authentication device 600 may be specifically referred to the description in the foregoing method embodiment of the present application, and the description is omitted herein.
The embodiment of the application further provides a communication device 700, and referring to fig. 7, fig. 7 is a schematic structural diagram of the communication device 700 according to the embodiment of the application.
Optionally, the communication apparatus 700 performs the functions of the first network device of fig. 3 and related embodiments; wherein the communication apparatus 800 performs the functions of the second network device in fig. 3 and related embodiments.
The communication device 700 shown in fig. 7 comprises a memory 702 and at least one processor 701.
Alternatively, the processor 701 may implement the method in the above embodiment by reading the instructions stored in the memory 702, or the processor 701 may implement the method in the above embodiment by internally stored instructions. In the case where the processor 701 implements the method in the above embodiment by reading the instructions stored in the memory 702, the instructions for implementing the method provided in the above embodiment of the present application are stored in the memory 702.
Alternatively, at least one processor 701 is one or more CPUs, or a single-core CPU, or a multi-core CPU.
Further optionally, the at least one processor 701 may be further configured to perform the implementation procedure corresponding to the processing unit 602 in the foregoing embodiment shown in fig. 6, and achieve corresponding beneficial effects, which are not described herein.
Memory 702 includes, but is not limited to, RAM, ROM, EPROM, flash memory, or optical memory, among others. The memory 702 holds instructions for the operating system.
After the program instructions stored in the memory 702 are read by the at least one processor 701, the communication device performs the corresponding operations in the foregoing embodiments.
Optionally, the communication device shown in fig. 7 further comprises a network interface 703. The network interface 703 may be a wired interface, such as an FDDI, GE interface; the network interface 703 may also be a wireless interface. The network interface 703 is used to perform data transceiving in fig. 3 and related embodiments.
Further optionally, the network interface 703 may also be used to execute the implementation procedure corresponding to the transceiver unit 601 in the embodiment shown in fig. 6, and achieve corresponding beneficial effects, which are not described herein.
It should be understood that the network interface 703 has a function of receiving data and a function of transmitting data, and the function of "receiving data" and the function of "transmitting data" may be integrated in the same transceiver interface, or the function of "receiving data" and the function of "transmitting data" may be implemented in different interfaces, which is not limited herein. In other words, the network interface 703 may include one or more interfaces for implementing a function of "receiving data" and a function of "transmitting data".
After the processor 701 reads the program instructions in the memory 702, the other functions that can be executed by the communication device 700 are described in the foregoing method embodiments.
Optionally, the communication device 700 further comprises a bus 704, and the processor 701 and the memory 702 are typically connected to each other through the bus 704, but may be connected to each other in other manners.
Optionally, the communication apparatus 700 further comprises an input/output interface 705, where the input/output interface 705 is configured to connect to an input device, and receive relevant configuration information input by a user or other device capable of linking with the communication apparatus 700 through the input device. Input devices include, but are not limited to, a keyboard, touch screen, microphone, and the like.
The communication device 700 provided in the embodiment of the present application is configured to execute the method executed by the message authentication device (the first network device) provided in each of the above method embodiments, and achieve the corresponding beneficial effects.
For example, in the case where the communication apparatus 700 performs the function of the first network device in fig. 3 and related embodiments; after receiving the first message including the first encryption type and the first authentication information, the communication device 700 authenticates the communication device 800 based on the first encryption type and the first authentication information by the communication device 700 before transmitting the second message to the communication device 800, and when the authentication is passed, the communication device 700 transmits the second message to the communication device 800. In other words, when the communication device 700 is used as a message receiver and the communication device 800 is used as a message sender, the message receiver performs verification on the message sender based on the encryption type and the verification information carried by the message, that is, the message receiver identifies whether the first message is an illegal message based on the encryption type and the verification information carried by the first message, and further interacts with the message sender only when the verification is passed (that is, the first message is identified not to be an illegal message). Therefore, in the message transmission process of the AMT network, after the message receiver receives the message, the message sender is verified based on the encryption type and verification information carried by the message, so that the security of the network is improved.
Optionally, when the communication device 700 determines that the authentication of the communication device 800 is not passed based on the first encryption type and the first authentication information, the communication device 700 does not send the second message to the communication device 800. In other words, when the communication device 700 determines that the authentication of the communication device 800 is not passed based on the first encryption type and the first authentication information, the communication device 700 may identify the first message as an illegal message or the communication device 700 may identify the communication device 800 as a sender of the illegal message; in this case, the communication device 700 does not send the second message to the communication device 800, so as to improve the security of the network.
The specific implementation of the communication device shown in fig. 7 may refer to the descriptions in the foregoing method embodiments, and will not be described in detail herein.
The embodiment of the application also provides a communication system, which is shown in fig. 8, and fig. 8 is a schematic diagram of the communication system according to the embodiment of the application. As shown in fig. 8, the present application relates to that a first network device and a second network device can be applied to an AMT network. Among other things, the AMT network may include a multicast source (e.g., "source" in fig. 8) and a multicast receiver (e.g., "receiver" in fig. 8). In fig. 8, the first network device and the second network device may be respectively a relay device and a gateway device in the AMT network, or the first network device and the second network device may be respectively a gateway device and a relay device in the AMT network. Optionally, other relay devices and other gateway devices are also included in the AMT network.
As an implementation example, in the communication system shown in fig. 8, after receiving a first packet including a first encryption type and first authentication information, the first network device authenticates the second network device based on the first encryption type and the first authentication information before sending a second packet to the second network device, and sends the second packet to the second network device when the authentication is passed. In other words, when the first network device is used as a message receiver and the second network device is used as a message sender, the message receiver verifies the message sender based on the encryption type and verification information carried by the message, that is, the message receiver identifies whether the first message is an illegal message based on the encryption type and verification information carried by the first message, and further interacts other messages with the message sender only when verification passes (that is, the first message is identified not to be the illegal message). Therefore, in the message transmission process of the AMT network, after the message receiver receives the message, the message sender is verified based on the encryption type and verification information carried by the message, so that the security of the network is improved.
Optionally, the first network device does not send the second message to the second network device when determining that the second network device fails to verify based on the first encryption type and the first verification information. In other words, when the first network device determines that the second network device fails to verify based on the first encryption type and the first verification information, the first network device may identify the first message as an illegal message or the first network device may identify the second network device as a sender of the illegal message; in this case, the first network device does not send the second message to the second network device, so as to improve the security of the network.
It should be understood that, in the communication system shown in fig. 8, the first network device and the second network device may also apply other methods related to the foregoing embodiments and achieve corresponding technical effects, which are not described herein.
In the several embodiments provided in the present application, it should be understood that the disclosed systems, devices, and methods may be implemented in other manners. For example, the apparatus embodiments described above are merely illustrative, e.g., the division of the units is merely a logical function division, and there may be additional divisions when actually implemented, e.g., multiple units or components may be combined or integrated into another system, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other form.
The above embodiments are only for illustrating the technical solution of the present application, and not for limiting the same; although the application has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit of the application.

Claims (18)

1. A method for message authentication, wherein the method is applied to an automatic multicast tunnel AMT network, the method comprising:
the method comprises the steps that first network equipment receives a first message from second network equipment, wherein the first message comprises a first encryption type and first verification information;
and the first network equipment sends a second message to the second network equipment when determining that the second network equipment passes the verification based on the first encryption type and the first verification information.
2. The method of claim 1, wherein the first network device is a gateway device and the second network device is a relay device;
The first message is a relay notification message, and the second message is a request message.
3. The method of claim 1, wherein the first network device is a relay device and the second network device is a gateway device;
the first message is a relay discovery message, and the second message is a relay notification message.
4. A method according to any one of claims 1 to 3, wherein the second message comprises a second encryption type and second authentication information.
5. The method of claim 4, wherein the second encryption type is the same as the first encryption type and the second authentication information is the same as the first authentication information.
6. The method of any of claims 1-5, wherein the first network device determining that the second network device verifies passing based on the first encryption type and the first verification information comprises:
the first network device encrypts the preconfigured information based on an encryption mode corresponding to the first encryption type to obtain target verification information;
when the target authentication information is the same as the first authentication information, the first network device determines that the first authentication information is authenticated.
7. The method of any of claims 1-5, wherein the first network device determining the first authentication information based on the first encryption type to determine that the second network device authentication passes comprises:
the first network device decrypts the first verification information based on an encryption mode corresponding to the first encryption type to obtain target information;
and when the target information is the same as the preconfigured information, the first network device determines that the first verification information passes verification.
8. The method of claim 7, wherein the preconfigured information is included in a validated set of information.
9. The method according to any one of claims 1 to 8, wherein the encryption mode corresponding to the first encryption type includes any one of a hash operation message authentication code-secure hash algorithm 256HMAC-SHA256 encryption, a key chain keychain encryption, and a message digest algorithm fifth version MD5 encryption.
10. The message verification device is characterized by being arranged in first network equipment in an automatic multicast tunnel AMT multicast network, and comprises a processing unit and a receiving and transmitting unit;
The receiving and transmitting unit is used for receiving a first message from second network equipment, wherein the first message comprises a first encryption type and first verification information;
the receiving and transmitting unit is further configured to send a second message to the second network device when the processing unit determines that the second network device passes the authentication based on the first encryption type and the first authentication information.
11. The apparatus of claim 10, wherein the first network device is a gateway device and the second network device is a relay device;
the first message is a relay notification message, and the second message is a request message.
12. The apparatus of claim 10, wherein the first network device is a relay device and the second network device is a gateway device;
the first message is a relay discovery message, and the second message is a relay notification message.
13. The apparatus according to any of claims 10 to 12, wherein the second message comprises a second encryption type and second authentication information.
14. The apparatus of claim 13, wherein the second encryption type is the same as the first encryption type and the second authentication information is the same as the first authentication information.
15. The device according to any one of claims 10 to 14, wherein the processing unit is specifically configured to:
encrypting the preconfigured information based on an encryption mode corresponding to the first encryption type to obtain target verification information;
and when the target verification information is the same as the first verification information, determining that the first verification information passes verification.
16. The device according to any one of claims 10 to 14, wherein the processing unit is specifically configured to:
decrypting the first verification information based on an encryption mode corresponding to the first encryption type to obtain target information;
and when the target information is the same as the preconfigured information, determining that the first verification information passes verification.
17. The apparatus of claim 16, wherein the preconfigured information is included in a validated set of information.
18. The apparatus according to any one of claims 10 to 17, wherein the encryption means corresponding to the first encryption type includes any one of a hash operation message authentication code-secure hash algorithm 256HMAC-SHA256 encryption, a key chain keychain encryption, and a message digest algorithm fifth version MD5 encryption.
CN202210384599.8A 2022-04-13 2022-04-13 Message verification method and device Pending CN116961932A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210384599.8A CN116961932A (en) 2022-04-13 2022-04-13 Message verification method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210384599.8A CN116961932A (en) 2022-04-13 2022-04-13 Message verification method and device

Publications (1)

Publication Number Publication Date
CN116961932A true CN116961932A (en) 2023-10-27

Family

ID=88441287

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210384599.8A Pending CN116961932A (en) 2022-04-13 2022-04-13 Message verification method and device

Country Status (1)

Country Link
CN (1) CN116961932A (en)

Similar Documents

Publication Publication Date Title
Bohge et al. An authentication framework for hierarchical ad hoc sensor networks
US6101543A (en) Pseudo network adapter for frame capture, encapsulation and encryption
RU2406252C2 (en) Method and system for providing secure communication using cellular network for multiple special communication devices
CN107769914B (en) Method and network device for protecting data transmission security
US6725276B1 (en) Apparatus and method for authenticating messages transmitted across different multicast domains
EP1842331B1 (en) Method of authenticating multicast messages
Tiloca et al. Axiom: DTLS-based secure IoT group communication
US8464053B2 (en) Systems, methods, and media for retransmitting data using the secure real-time transport protocol
JP4329656B2 (en) Message reception confirmation method, communication terminal apparatus, and message reception confirmation system
US9648650B2 (en) Pairing of devices through separate networks
CN109698791B (en) Anonymous access method based on dynamic path
US8843748B2 (en) Method for establishing secure network architecture, method and system for secure communication
US20050129236A1 (en) Apparatus and method for data source authentication for multicast security
WO2005125089A1 (en) System, method and computer program product for authenticating a data source in multicast communications
Alhakami et al. A secure MAC protocol for cognitive radio networks (SMCRN)
US11418354B2 (en) Authentication method, device, and system
CN100365990C (en) Automatic setting of security in communication network system
Park et al. Survey for secure IoT group communication
CN116961932A (en) Message verification method and device
JP2004134855A (en) Sender authentication method in packet communication network
EP4156622A1 (en) Method for checking application information, message processing method and device
JP2007173959A (en) Encryption communication apparatus
JP2004357284A (en) Transmission/reception system
KR100617804B1 (en) System and Method for Providing a Multicast Broadcast Service In A Communication System
Ueno et al. A receiver authentication and group key delivery protocol for secure multicast

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination