WO2020077867A1 - Method and system for establishing communication link - Google Patents

Method and system for establishing communication link Download PDF

Info

Publication number
WO2020077867A1
WO2020077867A1 PCT/CN2018/124627 CN2018124627W WO2020077867A1 WO 2020077867 A1 WO2020077867 A1 WO 2020077867A1 CN 2018124627 W CN2018124627 W CN 2018124627W WO 2020077867 A1 WO2020077867 A1 WO 2020077867A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
task
task scheduling
scheduling server
terminal
Prior art date
Application number
PCT/CN2018/124627
Other languages
French (fr)
Chinese (zh)
Inventor
陈天庆
陈仕财
陈亚殊
Original Assignee
平安科技(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 平安科技(深圳)有限公司 filed Critical 平安科技(深圳)有限公司
Publication of WO2020077867A1 publication Critical patent/WO2020077867A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • H04L43/0805Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability
    • H04L43/0811Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability by checking connectivity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/60Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • H04L69/163In-band adaptation of TCP data exchange; In-band control procedures

Definitions

  • This application belongs to the field of Internet technology, and particularly relates to a method and system for establishing a communication link.
  • Dialing test as an important means to test the completeness of the communication network, how to quickly and effectively conduct the dialing test will directly affect the efficiency of the construction of the communication network.
  • Existing dialing test technology when the dialing test needs to be performed, the task scheduling server needs to deliver the dialing test task to each task execution terminal. In order to improve the security of the dialing test process, the task scheduling server needs to Check the validity of the task execution terminal.
  • the task scheduling server and the task execution terminal need to go through multiple processes such as three-way communication link handshake-network authentication-authentication result confirmation, etc., and the data link establishment time is longer
  • the task scheduling server needs to frequently establish a call with the task execution terminal to carry out the test project content, thereby greatly reducing the efficiency of dialing and testing.
  • the embodiments of the present application provide a method and system for establishing a communication link to solve the existing dialing and testing technology.
  • the data link takes a long time to establish, especially when there are many dialing and testing tasks, the task scheduling server Frequently establish a call with the task execution terminal to carry out the test project content, thereby greatly reducing the efficiency of dialing test.
  • a first aspect of an embodiment of the present application provides a method for establishing a communication link, including:
  • the task scheduling server determines the dial test item based on the dial test start condition, and obtains the terminal identification of the task execution terminal matching the dial test item;
  • the task scheduling server obtains a communication key associated with the terminal identifier, generates a first transmission control protocol TCP message based on the communication key, and sends the first TCP message to the task execution terminal;
  • the task execution terminal determines an association key corresponding to the communication key according to the communication key in the first TCP message, and generates a second TCP message based on the association key, and converts the Sending a second TCP message to the task scheduling server;
  • the task scheduling server verifies the associated key of the second TCP packet, and if the verification result is a successful verification, generates a dial test command based on the dial test item;
  • the task scheduling server sends a third TCP message carrying the dialing test instruction to the task execution terminal, and establishes a communication link with the task execution terminal.
  • the communication key is added to the TCP message by the TCP three-way handshake between the task scheduling server and the task execution terminal to establish a communication link, so that the TCP message can not only be used to ensure that the task scheduling server and Whether the communication link between the task execution terminals is connected, and can also complete the operation of legality authentication, unifying the two processes of communication link establishment and network authentication, reducing the data interaction between the task scheduling server and the task execution terminal The number of times improves the efficiency of establishing a communication link, thereby improving the efficiency of dialing and testing.
  • FIG. 1 is an interaction flowchart of a method for establishing a communication link provided by the first embodiment of the present application
  • FIG. 2 is a specific implementation flowchart of a communication link establishment method S102 provided in a second embodiment of the present application
  • FIG. 3 is a flowchart of a specific implementation of a method S103 for establishing a communication link according to a third embodiment of the present application;
  • FIG. 4 is a specific implementation flowchart of a method S102 for establishing a communication link according to a fourth embodiment of the present application
  • FIG. 5 is a flowchart of a specific implementation of a method S101 for establishing a communication link according to a fifth embodiment of the present application;
  • FIG. 6 is a structural block diagram of a dialing and testing task scheduling system provided by an embodiment of the present application.
  • the execution subject of the process is a dialing test task scheduling system
  • the dialing test task scheduling system includes a task scheduling server and at least one task execution terminal.
  • the task execution terminal includes but is not limited to: a computer, a smart phone, a tablet computer, and other devices capable of establishing a communication link with the task scheduling server, and executes the scheduling task delivered by the task scheduling server.
  • FIG. 1 shows an interactive flowchart of the communication link establishment method provided in the first embodiment of the present application, which is described in detail as follows:
  • the task scheduling server determines a dial test item based on the dial test start condition, and acquires a terminal identifier of a task execution terminal that matches the dial test item.
  • the administrator can test the communication network by dialing the test to determine the cause of the abnormality, and detect the communication network after the abnormality is repaired or the network is updated it's usable or not.
  • the task scheduling server is required to send the dial test task for the required test to the task execution terminal, and respond to the corresponding dial test task through the task execution terminal, and the test result corresponding to the task Feedback to the task scheduling server. That is, data interaction is required between the task scheduling server and the task execution terminal.
  • the task scheduling server In order to prevent the dial test data from being stolen and to determine whether the task execution terminal is a legal device, the task scheduling server needs to execute the task before performing the dial test The terminal performs network authentication operations, which can improve the security of the dialing test process. Based on this, in order to improve the efficiency of dialing and testing, the task scheduling server will combine the communication link connection process with the network authentication process, thereby reducing the number of data interactions between the task scheduling server and the task execution terminal.
  • the task scheduling server may be connected to multiple task execution terminals, and each task execution terminal may be connected to multiple test machines, and each test machine may execute a dial test task issued by the task scheduling server, and based on each test The response condition of the machine generates the test result of the dial test terminal, and returns the test result to the task scheduling server through the established legal communication link.
  • the same test machine can be connected to multiple task execution terminals, that is, respond to dialing test tasks sent by different task execution terminals in a time-division multiplexing manner.
  • the task scheduling server can be a node server based on Golang, and periodically perform dialing test operations through preset dialing test triggering rules, thereby periodically testing the completeness of the communication network. When the task scheduling server detects the abnormal situation in the communication network by parsing the test result, it sends a network abnormal instruction to the upper computer server so that the upper computer server can handle the abnormal situation.
  • the task scheduling server will identify the dialing test item corresponding to the dialing test start condition. It should be noted that different dialing test items can have the same dialing test start conditions. In this case, the task scheduling server needs to execute multiple dialing test items, and different dialing test items can be handed over to different task execution terminals. Perform concurrent processing. Of course, if different dial-up test items have a high degree of relevance and depend on the test results of other dial-up test items, the same task execution terminal can be referred to the multiple dial-up test items.
  • different dialing test items can be processed by the corresponding task execution terminal, that is, the task scheduling server can store a correspondence between a dialing test item and the task execution terminal. After the task scheduling server obtains the dialing test item, The task execution terminal matched with the dialing test item may be acquired based on the corresponding relationship, so as to obtain the corresponding terminal identifier. It should be noted that the terminal identifier may be the physical address, network address, device number in the dialing task scheduling system of the task execution terminal, and other information that can be used to mark the identity of the device.
  • the task scheduling server obtains a communication key associated with the terminal identifier, generates a first transmission control protocol TCP message based on the communication key, and sends the first TCP message to the task Executive terminal.
  • the task scheduling server will integrate the two processes of network authentication and communication link establishment. Therefore, the task scheduling server will encapsulate the communication key in the TCP message of the transmission control protocol, so as to perform three TCP handshake During the process, it is determined whether the task execution terminal is a legal device by identifying the communication key in the TCP message. Specifically, the terminal device determines the communication key associated with the terminal ID of the terminal that executes the task.
  • the communication key may be a static key, that is, a pair of keys is agreed between the task execution terminal and the task scheduling server, which are respectively the communication key stored on the task scheduling server and the association stored on the task execution terminal
  • the key, the two keys are related to each other, for example, each character in the communication key can be converted by a preset conversion relationship to obtain the associated key. It can be seen that, if the task execution terminal can return the associated key based on the communication key, the task scheduling server can be identified as a legitimate device.
  • the communication key can be stolen during the communication process, in this legal verification process, instead of directly feeding back the communication key, it returns the associated key of the communication key, and the key conversion algorithm only stores the task
  • the scheduling server and the task execution terminal do not transmit the key conversion algorithm during communication transmission, which can greatly reduce the probability of key leakage and improve the security of communication link establishment.
  • the key between the task scheduling server and the task execution terminal may be dynamically allocated.
  • both the task scheduling server and the task execution terminal are connected to a host server.
  • the host server will issue the communication key and the associated key within a preset time period. Among them, the communication key and the associated key will be sent to the task scheduling server and the task execution terminal in pairs, and the communication key and the associated key will be valid within this time period.
  • the upper server will resend A new pair of keys, the communication key and associated key sent in the previous cycle will be invalid. Therefore, the task scheduling server will obtain the communication key valid in the current time period and send it to the task execution terminal.
  • the task execution terminal When the task execution terminal receives the communication key, since the host server sends the dynamic key in pairs, Therefore, the associated key paired with it can be queried based on the communication key and sent to the task scheduling server.
  • the task scheduling server also detects whether the fed back associated key matches the communication key, thereby completing the network authentication process.
  • the task execution terminal determines an association key corresponding to the communication key according to the communication key in the first TCP message, and generates a second TCP message based on the association key , Sending the second TCP packet to the task scheduling server.
  • the task execution terminal when the task execution terminal receives the first TCP message, it indicates that the task scheduling server and the task execution terminal need to establish a communication link and perform the dialing test process. In order to respond to the first TCP message, the Inform the task scheduling server that the link between the two is connected, and the task execution terminal will generate a second TCP message based on the first TCP message.
  • the task execution terminal will parse the communication key contained in the first TCP message, and query the associated key matching the communication key, and then encapsulate the associated key in the generated TCP message.
  • the associated key may be stored in a reserved field of the TCP message, and the bit value of the option field may be adjusted, so that when the task scheduling server receives the second TCP message, it can determine that the reserved field carries valid data , Which is the associated key.
  • the task execution terminal may be connected to multiple task scheduling servers, that is, the task execution terminal may store associated keys of different task scheduling servers.
  • the task execution terminal will determine the server ID of the task scheduling server based on the source address in the first TCP message, so as to obtain the associated key matching the server ID and encapsulate it in the second TCP message .
  • the task scheduling server verifies the associated key of the second TCP message. If the verification result is that the verification is successful, a dial test test instruction is generated based on the dial test item.
  • the task scheduling server after receiving the second TCP message, extracts the associated key contained in the second TCP message and identifies whether the associated key matches the communication key.
  • the task scheduling server may store a verification algorithm, and the task scheduling server may import both the communication key and the associated key into the verification algorithm, and identify whether the two match based on the verification value of the verification algorithm.
  • the verification algorithm may be a hash function
  • the task scheduling server may import the communication key into the hash function to determine the hash value of the communication key, if the associated key is imported into the hash Within the function, if the output hash value is the same as the communication key hash value, the two match is recognized, that is, the verification is successful; otherwise, if the output hash value is different from the communication key hash value, then the recognition If the two do not match, the verification fails.
  • the task scheduling server After the task scheduling server recognizes that the verification is successful, it indicates that the task execution terminal is a legitimate device and can issue dial test instructions to it in response to the dial test item. Specifically, the task scheduling server will obtain the project identification of the dial test item, determine the test parameters based on the project identification, and generate the dial test command according to the test parameters.
  • the task scheduling server sends a third TCP message carrying the dialing test instruction to the task execution terminal, and establishes a communication link with the task execution terminal.
  • the task scheduling server will add the generated dial test instruction to the third TCP message, and send the third TCP message to the task execution terminal.
  • the task scheduling The server recognizes that the communication link is a legal communication link, and the task execution terminal is also a legal device.
  • the task execution terminal After the task execution terminal receives the third TCP message, the task execution terminal will also recognize the communication link as a legitimate communication link since it has completed three handshake operations, and extract the dial test from the third TCP message Instruction, and complete the test content corresponding to the dial test item.
  • a method for establishing a communication link adds a communication key to a TCP message during a three-way TCP handshake between a task scheduling server and a task execution terminal to establish a communication link
  • TCP packets can not only be used to ensure that the communication link between the task scheduling server and the task execution terminal is connected, but also complete the operation of legality authentication, unifying the two processes of communication link establishment and network authentication It reduces the number of data interactions between the task scheduling server and the task execution terminal, improves the efficiency of communication link establishment, and thus improves the efficiency of dial test.
  • FIG. 2 shows a specific implementation flowchart of a communication link establishment method S102 provided by the second embodiment of the present application.
  • the execution subject of the process is a task scheduling server.
  • a communication link establishment method S102 provided in this embodiment includes: S1021 ⁇ S1024, specifically described as follows:
  • the task scheduling server acquiring the communication key associated with the terminal identifier, and generating a first transmission control protocol TCP message based on the communication key includes:
  • a random key generation algorithm corresponding to the terminal identifier is queried, and a confusion encryption key is obtained through the random key generation algorithm.
  • the random key generation algorithm corresponding to different task execution terminals may be different. Therefore, the task scheduling server may acquire the random key generation algorithm corresponding to the task execution terminal based on the terminal identifier. Specifically, the random key algorithm of each task execution terminal may be stored at the host computer server, and the host computer server may update the random key generation algorithm of each task execution terminal at a preset update period. The task scheduling server can communicate with the host computer server, and obtain the random key generation algorithm corresponding to the terminal identifier through the host computer server.
  • the task execution terminal side may be configured with a key analysis algorithm, and the key analysis algorithm and the random key generation algorithm are two algorithms corresponding to each other, that is, the random key generation algorithm is based on a preset key
  • the rules randomly generate obfuscated encryption keys, and the key analysis algorithm can identify whether the obfuscated encryption keys meet the key rules. If the obfuscated encryption keys meet the key rules, the obfuscated encryption keys are recognized as legal. Key; otherwise, the key is recognized as an illegal key, which does not match the task execution terminal.
  • the task scheduling server may run the random key generation algorithm, and use the random key generation algorithm to generate the communication link used in this process Obfuscated encryption key.
  • the characters contained in the obfuscated encryption key are random, and the key length is also random.
  • the obfuscation encryption key is set with a minimum key length and a maximum key length, that is, the key length of the obfuscation encryption key has a fixed range.
  • the number of key divisions is determined according to the character length of the terminal identification, and the obfuscated encryption key is divided into multiple subkeys based on the division times.
  • the task scheduling server needs to perform obfuscation and encryption processing on the terminal identification, so that the obfuscated and encrypted terminal identification is sent as a communication key to the task execution terminal. Since the task execution terminal stores its own terminal identification, that is, after the terminal identification is processed through obfuscation encryption, if it is sent to a legitimate task execution terminal, the task execution terminal can still resolve the confusion in the communication key by using the locally recorded terminal identification Encryption key. For an illegal task execution terminal, because the terminal ID recorded locally is inconsistent with the terminal ID of the legal device, the obfuscated encryption key cannot be resolved through the communication key, and the corresponding associated key cannot be generated. Based on the above reasons, the difficulty of cracking the communication key can be increased, thereby improving the security and confidentiality of establishing the communication link.
  • the task scheduling server recognizes the character length of the terminal identifier of the target task execution terminal, and determines the number of key divisions based on the size of the character length. Specifically, if the length of the terminal logo is longer, in order to better hide the native terminal logo, the corresponding number of key splits is greater, so that more obfuscation insertion points can be configured; and the shorter the length of the terminal logo, The smaller the corresponding key division times. After determining the number of key divisions, the task scheduling server can divide the generated obfuscation encryption key into equal amounts to generate multiple subkeys.
  • the terminal identifier may be composed of the physical address and network address of the task execution terminal.
  • the task scheduling server can add the network address to the physical address at the head or tail of the physical address, or even a preset insertion point, and add the physical address of the network address Identify the terminal ID of the task execution terminal.
  • a plurality of the subkeys are inserted into preset insertion positions in the terminal identification, and the terminal identification after inserting the subkey is identified as the communication key.
  • the task scheduling server may determine the number of insertion points according to the number of key divisions, and identify multiple insertion positions from the terminal identification according to the arrangement rules of the insertion points, and then the task scheduling server may divide each The subkey is added to the terminal identification according to each insertion position, and the terminal identification after inserting the subkey is recognized as the communication key.
  • the task scheduling server may determine the corresponding insertion position based on the division order of each subkey, that is, the division order of the subkey matches the sequence number of the insertion position.
  • the task scheduling server generates a first transmission control protocol TCP message based on the communication key.
  • the task scheduling server adds the generated communication key to the native first TCP message, so that the task execution terminal can extract the communication key from the first TCP message and generate the corresponding Associated key.
  • the obfuscation encryption key is generated by a random algorithm, and the obfuscation encryption key is divided and inserted into the terminal identification to generate the communication key, which can increase the difficulty of cracking the communication key, thereby improving the establishment of the communication link Security.
  • FIG. 3 shows a specific implementation flowchart of a communication link establishment method S103 provided in the third embodiment of the present application.
  • the execution subject of the process is a task execution terminal.
  • a communication link establishment method S103 provided in this embodiment includes: S1031 ⁇ S1032, specific The details are as follows:
  • the task execution terminal determining the associated key corresponding to the communication key according to the communication key in the first TCP message includes:
  • each subkey is extracted from the communication key based on the terminal identification and the insertion position, and the obfuscated encryption key is restored based on the insertion order of the subkeys.
  • the task execution terminal may extract the communication key from the TCP message. After the communication key is determined, the task execution terminal obtains the local terminal identification, and obtains the sub-key that is confusedly inserted from the communication key by comparing the communication key and the terminal identification. It should be noted that, since the key scheduling algorithm and the key insertion algorithm are pre-agreed between the task scheduling server and the legal task execution terminal, the task execution terminal can determine the number of key splits based on the local terminal identification and based on the secret The number of key divisions determines the insertion position of each subkey. After receiving the communication key, the insertion position can be marked and extracted based on the local terminal identification.
  • the task execution terminal may determine the arrangement order of the subkeys in the obfuscated encryption key according to the insertion order of the respective subkeys in the communication key, and perform each subkey based on the arrangement order Combine and restore the obfuscated encryption key before splitting.
  • the task execution terminal may determine whether the obfuscated encryption key is a legal key through a preset key recognition algorithm, and if so, perform the relevant operations of S1032; otherwise, if the If the key is an illegal key or the obfuscated encryption key cannot be parsed by the key identification algorithm, the first TCP message is identified as an illegal message, and no communication connection is established with the task scheduling server.
  • the obfuscated encryption key is imported into an associated key generation algorithm to generate an associated key corresponding to the obfuscated encryption key.
  • the task execution terminal after acquiring the obfuscated encryption key, the task execution terminal outputs the associated key corresponding to the obfuscated encryption key through the associated key generation algorithm.
  • the associated key generation algorithm may be a hash function. After the obfuscated encryption key is imported into the hash function, the hash value corresponding to the obfuscated encryption key may be determined, and the hash value may be identified as associated Key.
  • the task scheduling server is also configured with a corresponding associated key generation algorithm.
  • the task scheduling server can also determine the associated key corresponding to the obfuscated encryption key through the associated key generation algorithm, and upon receiving the feedback from the task execution terminal After the second TCP message, identify whether the locally generated association key is consistent with the association key carried in the second TCP message, thereby identifying whether the verification is successful.
  • the obfuscated encryption key is restored through the local terminal identification, and the corresponding associated key is generated, which can improve the security of the communication link establishment.
  • FIG. 4 shows a specific implementation flowchart of a communication link establishment method S102 provided by the fourth embodiment of the present application.
  • the execution subject of the process is a task scheduling server.
  • a communication link establishment method provided in this embodiment S102 includes: S1025 ⁇ S1027, detailed as follows:
  • the task scheduling server acquiring the communication key associated with the terminal identifier, and generating a first transmission control protocol TCP message based on the communication key includes:
  • the network address of the task execution terminal is obtained, and a native TCP message is generated based on the network address.
  • the task scheduling server will obtain the network address corresponding to the terminal ID based on the terminal ID of the task execution terminal, and detect whether each of the current communication interfaces has established a communication link with the communication address. If it is, the dial test instruction is sent directly through the established communication link; otherwise, if each communication interface has not established a communication link with the network address, a native TCP message is generated according to the network address and the local network address.
  • the value of the option field in the native TCP packet is the default value, and the reserved field is also filled with invalid character strings.
  • the option field in the native TCP message is set to a preset bit value.
  • the task scheduling server after generating a native TCP message, the task scheduling server needs to encapsulate the communication key in the TCP message.
  • the task The scheduling server adjusts the bit value of the option field and sets the option field to a preset bit value.
  • the bit value may be "XX”.
  • the bit value of the communication peer identification option field is a non-default value and is "XX”
  • the preset bit value is a bit value predetermined by the task scheduling server and the task execution terminal.
  • the communication key is added to a reserved field in the native TCP message, and the native TCP message after adding the communication key and setting a preset bit value is identified as the first TCP Message.
  • the task scheduling server adds the generated communication key to the reserved field of the native TCP packet.
  • the reserved field and the above-mentioned option field are located in the header of the TCP packet, and the TCP report is not changed. The content of the text.
  • the task scheduling server has added the communication key to the TCP message, so it can identify the native TCP message with the communication key added and the option field modified as the first TCP message.
  • the communication key can be added to the TCP message without additional communication export, reducing the amount of data in the TCP message and improving the transmission efficiency .
  • FIG. 5 shows a specific implementation flowchart of a communication link establishment method provided in a fifth embodiment of the present application.
  • the execution subject of the process is a task scheduling server.
  • a communication link establishment method provided in this embodiment S101 includes: S1011 ⁇ S1012, detailed as follows:
  • the task scheduling server determines a dial test item based on the dial test start condition, and obtains a terminal identifier of a task execution terminal matching the dial test item, including:
  • the task scheduling server when it needs to perform the dial test, it will obtain a running status list, which records the running status of each task execution terminal in the dial testing and scheduling system.
  • the running status includes occupancy State, idle state and fault state.
  • the task scheduling server can determine the current running state of each task execution terminal according to the running state list.
  • the task scheduling terminal will detect whether there is a task execution terminal whose operation status is idle in the operation status list, and if so, identify the task execution terminal as a candidate central terminal.
  • S1012 query the executable item information of each of the candidate execution terminals, and identify any candidate execution terminal that contains the dialing test item in the executable item information as a task execution that matches the dialing test item terminal.
  • the task scheduling server after detecting that there is a task execution terminal in an idle state, the task scheduling server will obtain the executable item information of each candidate execution terminal, and the executable item information is used to indicate that the task execution terminal can respond to the dial test Project, based on this, the task scheduling server will query whether the executable project information contains the identified dial test item, if it exists, it means that the candidate execution terminal has the corresponding ability to complete the dial test item, therefore, identify the candidate execution terminal The task execution terminal criticized for the dialing test project.
  • the task execution terminal criticized and dialed for the test item is selected and the response efficiency of the dial test item is improved.
  • FIG. 6 shows a structural block diagram of a dialing and testing task scheduling system provided by an embodiment of the present application.
  • Each unit included in the terminal device is used to execute each step in the embodiment corresponding to FIG. 1.
  • only parts related to this embodiment are shown.
  • the dialing test task scheduling system includes: a task scheduling server 61 and at least one task execution terminal 62;
  • the task scheduling server 61 is configured to determine a dial test item based on the dial test start condition if a preset dial test start condition is satisfied, and obtain a terminal identifier of the task execution terminal 62 that matches the dial test item;
  • the task scheduling server 61 is configured to obtain a communication key associated with the terminal identifier, generate a first transmission control protocol TCP message based on the communication key, and send the first TCP message to the task Executive terminal 62;
  • the task execution terminal 62 is configured to determine an association key corresponding to the communication key according to the communication key in the first TCP message, and generate a second TCP message based on the association key , Sending the second TCP message to the task scheduling server 61;
  • the task scheduling server 61 is configured to verify the associated key of the second TCP packet, and if the verification result is successful, generate a dial test command based on the dial test item;
  • the task scheduling server 61 is configured to send a third TCP message carrying the dialing test instruction to the task execution terminal 62, and establish a communication link with the task execution terminal 62.
  • the task scheduling server 61 is configured to obtain a communication key associated with the terminal identification, and generate a first transmission control protocol TCP packet based on the communication key, including:
  • the task scheduling server 61 is configured to query a random key generation algorithm corresponding to the terminal identifier, and obtain a confusion encryption key through the random key generation algorithm;
  • the task scheduling server 61 is configured to determine the number of key divisions according to the character length of the terminal identification, and divide the obfuscation encryption key into multiple subkeys based on the division times;
  • the task scheduling server 61 is configured to insert a plurality of the sub-keys into a preset insertion position in the terminal identification, and identify the terminal identification after inserting the sub-key as the communication key;
  • the task scheduling server 61 is configured to generate a first transmission control protocol TCP message based on the communication key.
  • the task execution terminal 62 is configured to determine the associated key corresponding to the communication key according to the communication key in the first TCP message, including:
  • the task execution terminal 62 is configured to extract each of the subkeys from the communication key based on the terminal identification and the insertion position, and restore the confusion based on the insertion order of the subkeys Encryption key
  • the task execution terminal 62 is configured to import the obfuscated encryption key into an associated key generation algorithm, and generate an associated key corresponding to the obfuscated encryption key.
  • the task scheduling server 61 is configured to obtain a communication key associated with the terminal identification, and generate a first transmission control protocol TCP packet based on the communication key, including:
  • the task scheduling server 61 is configured to obtain a network address of the task execution terminal 62, and generate a native TCP message based on the network address;
  • the task scheduling server 61 is configured to set the option field in the native TCP message to a preset bit value
  • the task scheduling server 61 is configured to add the communication key to a reserved field in the native TCP message, and add the communication key and the native TCP message after setting a preset bit value Recognized as the first TCP message.
  • the task scheduling server 61 is configured to determine a dial test item based on the dial test start condition and obtain a terminal identifier of the task execution terminal 62 that matches the dial test item, including:
  • the task scheduling server 61 is configured to obtain a list of operation states of the task execution terminal 62, and select a task execution terminal whose operation state is idle as a candidate execution terminal;
  • the task scheduling server 61 is configured to query the executable item information of each candidate execution terminal, and identify any candidate execution terminal that includes the dialing test item in the executable item information as being associated with the dialing test Task execution terminal for project matching.
  • the dialing test task scheduling system can also add the communication key to the TCP message by performing a three-way TCP handshake between the task scheduling server and the task execution terminal to establish a communication link.
  • the message can not only be used to ensure that the communication link between the task scheduling server and the task execution terminal is connected, but also complete the operation of legality authentication, unify the two processes of communication link establishment and network authentication, reducing tasks
  • the number of data interactions between the dispatch server and the task execution terminal improves the efficiency of communication link establishment, thereby increasing the efficiency of dial test.
  • each functional unit in each embodiment of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.
  • the above integrated unit can be implemented in the form of hardware or software function unit.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Environmental & Geological Engineering (AREA)
  • Telephonic Communication Services (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The present application is applicable to the technical field of internet, and provides a method and system for establishing a communication link. The method comprises the following steps: if a preset starting condition for dial testing is satisfied, a task dispatch server determines a dial testing project and obtains a terminal identification of a task execution terminal matching with the dial testing project; the task dispatch server obtains a communication secret key associated with the terminal device, generates a first transmission control protocol (TCP) message on the basis of the communication secret key, and sends the first TCP message to the task execution terminal; the task execution terminal determines, according to the communication secret key in the first TCP message, an associated secret key corresponding to the communication secret key, generates a second TCP message on the basis of the associated secret key, and sends the second TCP message to the task dispatch server; the task dispatch server performs verification on the associated secret key of the second TCP message, and, generates a dial testing command on the basis of the dial testing project if the verification is successful; and the task dispatch server establishes a communication link with the task execution terminal. The present application improves the efficiency of establishing a communication link, thus improving the dial testing efficiency.

Description

一种通信链路的建立方法及系统Method and system for establishing communication link
本申请申明享有2018年10月18日递交的申请号为201811216811.X、名称为“一种通信链路的建立方法及系统”中国专利申请的优先权,该中国专利申请的整体内容以参考的方式结合在本申请中。This application declares that it enjoys the priority of the Chinese patent application with the application number 201811216811.X and the name "a communication link establishment method and system" filed on October 18, 2018. The entire content of the Chinese patent application is for reference. The method is incorporated in this application.
技术领域Technical field
本申请属于互联网技术领域,尤其涉及一种通信链路的建立方法及系统。This application belongs to the field of Internet technology, and particularly relates to a method and system for establishing a communication link.
背景技术Background technique
拨测,作为测试通信网络完备性的重要手段,如何快速有效地进行拨测测试,则直接影响着通信网络的建设效率。现有的拨测技术,当需要执行拨测测试时,需要通过任务调度服务器向各个任务执行终端下发拨测任务,为了提高拨测过程的安全性,任务调度服务器在下发拨测任务之前需要对任务执行终端进行合法性的检测。因此,在执行拨测测试之前,任务调度服务器与任务执行终端为了建立一条安全的通信链路需要经过:通信链接三次握手-网络认证-认证结果确认等多个过程,数据链接建立的时间较长,特别当拨测任务较多时,任务调度服务器需要频繁与任务执行终端建立通话,以进行测试项目内容,从而大大降低了拨测测试的效率。Dialing test, as an important means to test the completeness of the communication network, how to quickly and effectively conduct the dialing test will directly affect the efficiency of the construction of the communication network. Existing dialing test technology, when the dialing test needs to be performed, the task scheduling server needs to deliver the dialing test task to each task execution terminal. In order to improve the security of the dialing test process, the task scheduling server needs to Check the validity of the task execution terminal. Therefore, before performing the dial test, the task scheduling server and the task execution terminal need to go through multiple processes such as three-way communication link handshake-network authentication-authentication result confirmation, etc., and the data link establishment time is longer In particular, when there are many dialing and testing tasks, the task scheduling server needs to frequently establish a call with the task execution terminal to carry out the test project content, thereby greatly reducing the efficiency of dialing and testing.
技术问题technical problem
有鉴于此,本申请实施例提供了一种通信链路的建立方法及系统,以解决现有的拨测技术,数据链接建立的时间较长,特别当拨测任务较多时,任务调度服务器需要频繁与任务执行终端建立通话,以进行测试项目内容,从而大大降低了拨测测试的效率的问题。In view of this, the embodiments of the present application provide a method and system for establishing a communication link to solve the existing dialing and testing technology. The data link takes a long time to establish, especially when there are many dialing and testing tasks, the task scheduling server Frequently establish a call with the task execution terminal to carry out the test project content, thereby greatly reducing the efficiency of dialing test.
技术解决方案Technical solution
本申请实施例的第一方面提供了一种通信链路的建立方法,包括:A first aspect of an embodiment of the present application provides a method for establishing a communication link, including:
若满足预设的拨测启动条件,则所述任务调度服务器基于所述拨测启动条件确定拨测项目,并获取与所述拨测项目匹配的任务执行终端的终端标识;If the preset dial test start condition is satisfied, the task scheduling server determines the dial test item based on the dial test start condition, and obtains the terminal identification of the task execution terminal matching the dial test item;
所述任务调度服务器获取所述终端标识关联的通信密钥,基于所述通信密钥生成第一传输控制协议TCP报文,并将所述第一TCP报文发送给所述任务执行终端;The task scheduling server obtains a communication key associated with the terminal identifier, generates a first transmission control protocol TCP message based on the communication key, and sends the first TCP message to the task execution terminal;
所述任务执行终端根据所述第一TCP报文内的所述通信密钥,确定所述通信密钥对应的关联密钥,并基于所述关联密钥生成第二TCP报文,将所述第二TCP报文发送给所述任务调度服务器;The task execution terminal determines an association key corresponding to the communication key according to the communication key in the first TCP message, and generates a second TCP message based on the association key, and converts the Sending a second TCP message to the task scheduling server;
所述任务调度服务器对所述第二TCP报文的关联密钥进行校验,若校验结果为校验成功,则基于所述拨测项目生成拨测测试指令;The task scheduling server verifies the associated key of the second TCP packet, and if the verification result is a successful verification, generates a dial test command based on the dial test item;
所述任务调度服务器将携带有所述拨测测试指令的第三TCP报文发送给所述任务执行终端,并与所述任务执行终端建立通信链路。The task scheduling server sends a third TCP message carrying the dialing test instruction to the task execution terminal, and establishes a communication link with the task execution terminal.
有益效果Beneficial effect
本申请实施例通过在任务调度服务器与任务执行终端进行TCP三次握手以建立通信链路的过程中,将通信密钥添加到TCP报文中,从而TCP报文不仅能用于确保任务调度服务器与任务执行终端之间的通信链路是否连通,还能完成合法性鉴权的操作,将通信链路建立以及网络认证两个过程进行统一,减少了任务调度服务器与任务执行终端之间的数据交互次数,提高了通信链路的建立效率,从而提高了拨测测试的效率。In the embodiment of the present application, the communication key is added to the TCP message by the TCP three-way handshake between the task scheduling server and the task execution terminal to establish a communication link, so that the TCP message can not only be used to ensure that the task scheduling server and Whether the communication link between the task execution terminals is connected, and can also complete the operation of legality authentication, unifying the two processes of communication link establishment and network authentication, reducing the data interaction between the task scheduling server and the task execution terminal The number of times improves the efficiency of establishing a communication link, thereby improving the efficiency of dialing and testing.
附图说明BRIEF DESCRIPTION
图1是本申请第一实施例提供的一种通信链路的建立方法的交互流程图;FIG. 1 is an interaction flowchart of a method for establishing a communication link provided by the first embodiment of the present application;
图2是本申请第二实施例提供的一种通信链路的建立方法S102具体实现流程图;2 is a specific implementation flowchart of a communication link establishment method S102 provided in a second embodiment of the present application;
图3是本申请第三实施例提供的一种通信链路的建立方法S103具体实现流程图;3 is a flowchart of a specific implementation of a method S103 for establishing a communication link according to a third embodiment of the present application;
图4是本申请第四实施例提供的一种通信链路的建立方法S102的具体实现流程图;4 is a specific implementation flowchart of a method S102 for establishing a communication link according to a fourth embodiment of the present application;
图5是本申请第五实施例提供的一种通信链路的建立方法S101具体实现流程图;5 is a flowchart of a specific implementation of a method S101 for establishing a communication link according to a fifth embodiment of the present application;
图6是本申请一实施例提供的一种拨测任务调度系统的结构框图。6 is a structural block diagram of a dialing and testing task scheduling system provided by an embodiment of the present application.
本发明的实施方式Embodiments of the invention
在本申请实施例中,流程的执行主体为拨测任务调度系统,该拨测任务调度系统包括有任务调度服务器以及至少一个任务执行终端。该任务执行终端包括但不限于:计算机、智能手机以及平板电脑等能够与任务调度服务器进行通信链路的建立的设备,并执行任务调度服务器下发的调度任务。图1示出了本申请第一实施例提供的通信链路的建立方法的交互流程图,详述如下:In the embodiment of the present application, the execution subject of the process is a dialing test task scheduling system, and the dialing test task scheduling system includes a task scheduling server and at least one task execution terminal. The task execution terminal includes but is not limited to: a computer, a smart phone, a tablet computer, and other devices capable of establishing a communication link with the task scheduling server, and executes the scheduling task delivered by the task scheduling server. FIG. 1 shows an interactive flowchart of the communication link establishment method provided in the first embodiment of the present application, which is described in detail as follows:
在S101中,若满足预设的拨测启动条件,则所述任务调度服务器基于所述拨测启动条件确定拨测项目,并获取与所述拨测项目匹配的任务执行终端的终端标识。In S101, if a preset dial test start condition is satisfied, the task scheduling server determines a dial test item based on the dial test start condition, and acquires a terminal identifier of a task execution terminal that matches the dial test item.
在本实施例中,当通信网络出现异常或需要进行网络更新时,管理员可以通过拨测测试的手段对该通信网络进行测试,以确定异常原因,并在异常修复或网络更新后检测通信网络是否可用。而在执行拨测测试的过程中,需要任务调度服务器将所需测试的拨测测试任务发送给任务执行终端,并通过任务执行终端响应对应的拨测测试任务,并将该任务对应的测试结果反馈给任务调度服务器。即任务调度服务器与任务执行终端之间需要进行数据交互,为了避免拨测测试数据被偷取以及判断该任务执行终端是否为合法设备,任务调度服务器在执行拨测测试之前,需要对该任务执行终端进行网络认证的操作,从而能够提高拨测测试过程的安全性。基于此,为了提高拨测测试效率,任务调度服务器会将通信链路连接过程与网络认证过程进行结合,从而能够减少任务调度服务器与任务执行终端之间的数据交互次数。In this embodiment, when the communication network is abnormal or needs to be updated, the administrator can test the communication network by dialing the test to determine the cause of the abnormality, and detect the communication network after the abnormality is repaired or the network is updated it's usable or not. In the process of performing the dial test, the task scheduling server is required to send the dial test task for the required test to the task execution terminal, and respond to the corresponding dial test task through the task execution terminal, and the test result corresponding to the task Feedback to the task scheduling server. That is, data interaction is required between the task scheduling server and the task execution terminal. In order to prevent the dial test data from being stolen and to determine whether the task execution terminal is a legal device, the task scheduling server needs to execute the task before performing the dial test The terminal performs network authentication operations, which can improve the security of the dialing test process. Based on this, in order to improve the efficiency of dialing and testing, the task scheduling server will combine the communication link connection process with the network authentication process, thereby reducing the number of data interactions between the task scheduling server and the task execution terminal.
在本实施例中,任务调度服务器可以与多个任务执行终端相连,每个任务执行终端可以下联多个测试机,通过各个测试机执行任务调度服务器下发的拨测测试任务,并基于各个测试机的响应情况,生成该拨测测试终端的测试结果,并通过已建立的合法通信链路将该测试结果返回给任务调度服务器。同一测试机可以上联多个任务执行终端,即通过时分复用的方式响应不同任务执行终端发送的拨测测试任务。任务调度服务器可以为一基于Golang搭建节点服务器,通过预设的拨测触发规则,定期执行拨测测试操作,从而周期性地对通信网络的完备性进行检测。当该任务调度服务器通过解析测试结果时,检测到通信网络出现异常情况,则会向上位机服务器发送网络异常指令,以便上位机服务器对该异常情况进行处理。In this embodiment, the task scheduling server may be connected to multiple task execution terminals, and each task execution terminal may be connected to multiple test machines, and each test machine may execute a dial test task issued by the task scheduling server, and based on each test The response condition of the machine generates the test result of the dial test terminal, and returns the test result to the task scheduling server through the established legal communication link. The same test machine can be connected to multiple task execution terminals, that is, respond to dialing test tasks sent by different task execution terminals in a time-division multiplexing manner. The task scheduling server can be a node server based on Golang, and periodically perform dialing test operations through preset dialing test triggering rules, thereby periodically testing the completeness of the communication network. When the task scheduling server detects the abnormal situation in the communication network by parsing the test result, it sends a network abnormal instruction to the upper computer server so that the upper computer server can handle the abnormal situation.
在本实施例中,由于拨测测试过程的测试项目较多,不同的拨测项目所对应的拨测启动条件可能会不同。因此,任务调度服务器当检测到当前时刻满足预设的拨测启动条件时,会识别该拨测启动条件对应的拨测项目。需要说明的是,不同的拨测项目其对应的拨测启动条件可以相同,在该情况下,任务调度服务器则需要执行多个拨测项目,不同的拨测项目可以交由不同的任务执行终端进行并发处理。当然,若不同的拨测项目的关联度较大且依赖其他拨测项目的测试结果,则可以交由同一个任务执行终端处理多个拨测项目。In this embodiment, since there are many test items in the dial test process, different dial test items may have different dial test start conditions. Therefore, when detecting that the preset dialing test start condition is satisfied at the current moment, the task scheduling server will identify the dialing test item corresponding to the dialing test start condition. It should be noted that different dialing test items can have the same dialing test start conditions. In this case, the task scheduling server needs to execute multiple dialing test items, and different dialing test items can be handed over to different task execution terminals. Perform concurrent processing. Of course, if different dial-up test items have a high degree of relevance and depend on the test results of other dial-up test items, the same task execution terminal can be referred to the multiple dial-up test items.
在本实施例中,不同拨测项目可以交由对应的任务执行终端进行处理,即任务调度服务器可以存储有一拨测项目与任务执行终端的对应关系,任务调度服务器在获取了拨测项目后,可以基于该对应关系获取该拨测项目匹配的任务执行终端,从而得到对应的终端标识。需要说明的是,该终端标识可以为任务执行终端的物理地址、网络地址、在拨测任务调度系统内的设备编号等可以用于标示该设备身份的信息。In this embodiment, different dialing test items can be processed by the corresponding task execution terminal, that is, the task scheduling server can store a correspondence between a dialing test item and the task execution terminal. After the task scheduling server obtains the dialing test item, The task execution terminal matched with the dialing test item may be acquired based on the corresponding relationship, so as to obtain the corresponding terminal identifier. It should be noted that the terminal identifier may be the physical address, network address, device number in the dialing task scheduling system of the task execution terminal, and other information that can be used to mark the identity of the device.
在S102中,所述任务调度服务器获取所述终端标识关联的通信密钥,基于所述通信密钥生成第一传输控制协议TCP报文,并将所述第一TCP报文发送给所述任务执行终端。In S102, the task scheduling server obtains a communication key associated with the terminal identifier, generates a first transmission control protocol TCP message based on the communication key, and sends the first TCP message to the task Executive terminal.
在本实施例中,任务调度服务器会将网络认证与通信链路建立两个过程进行融合,因此,任务调度服务器会将通信密钥封装于传输控制协议TCP报文内,从而在进行TCP三次握手的过程中,通过识别TCP报文中的通信密钥判断任务执行终端是否为合法设备。具体地,终端设备会根据该任务执行终端的终端标识,确定与之关联的通信密钥。该通信密钥可以为一静态密钥,即任务执行终端与任务调度服务器之间约定了一对密钥,分别为存储于任务调度服务器上的通信密钥,以及存储于任务执行终端上的关联密钥,两个密钥是相互关联,例如通信密钥中的各个字符可以通过预设的转换关系进行转换,从而得到关联密钥。由此可见,若任务执行终端可以基于该通信密钥返回的关联密钥,则可以识别该任务调度服务器为合法设备。由于通信密钥可以在通信过程中进行窃取,因此在本次合法验证的过程中,并非直接反馈通信密钥,而是返回该通信密钥的关联密钥,而密钥转换算法只存储与任务调度服务器以及任务执行终端上,在通信传输过程中并不会将密钥转换算法进行传输,从而能够大大减低密钥泄露的概率,提高了通信链路建立的安全性。In this embodiment, the task scheduling server will integrate the two processes of network authentication and communication link establishment. Therefore, the task scheduling server will encapsulate the communication key in the TCP message of the transmission control protocol, so as to perform three TCP handshake During the process, it is determined whether the task execution terminal is a legal device by identifying the communication key in the TCP message. Specifically, the terminal device determines the communication key associated with the terminal ID of the terminal that executes the task. The communication key may be a static key, that is, a pair of keys is agreed between the task execution terminal and the task scheduling server, which are respectively the communication key stored on the task scheduling server and the association stored on the task execution terminal The key, the two keys are related to each other, for example, each character in the communication key can be converted by a preset conversion relationship to obtain the associated key. It can be seen that, if the task execution terminal can return the associated key based on the communication key, the task scheduling server can be identified as a legitimate device. Because the communication key can be stolen during the communication process, in this legal verification process, instead of directly feeding back the communication key, it returns the associated key of the communication key, and the key conversion algorithm only stores the task The scheduling server and the task execution terminal do not transmit the key conversion algorithm during communication transmission, which can greatly reduce the probability of key leakage and improve the security of communication link establishment.
可选地,在本实施例中,任务调度服务器与任务执行终端之间的密钥可以是动态分配的。在该情况下,任务调度服务器以及任务执行终端均与一上位服务器相连。该上位服务器会以预设的时间周期下发通信密钥以及关联密钥。其中,通信密钥以及关联密钥均会成对发送给任务调度服务器以及任务执行终端,且通信密钥以及关联密钥均在该时间周期内有效,到达下一时间周期,上位服务器会重新发送一对新的密钥,上一周期发送的通信密钥以及关联密钥将失效。因此,任务调度服务器会获取当前时间周期内有效的通信密钥,并发送给任务执行终端,任务执行终端在接收到该通信密钥时,由于上位服务器发送动态密钥时是成对发送的,因此可以基于该通信密钥查询与之配对的关联密钥,并发送给任务调度服务器,任务调度服务器同样检测该反馈的关联密钥是否与通信密钥相匹配,从而完成网络认证过程。Optionally, in this embodiment, the key between the task scheduling server and the task execution terminal may be dynamically allocated. In this case, both the task scheduling server and the task execution terminal are connected to a host server. The host server will issue the communication key and the associated key within a preset time period. Among them, the communication key and the associated key will be sent to the task scheduling server and the task execution terminal in pairs, and the communication key and the associated key will be valid within this time period. When the next time period is reached, the upper server will resend A new pair of keys, the communication key and associated key sent in the previous cycle will be invalid. Therefore, the task scheduling server will obtain the communication key valid in the current time period and send it to the task execution terminal. When the task execution terminal receives the communication key, since the host server sends the dynamic key in pairs, Therefore, the associated key paired with it can be queried based on the communication key and sent to the task scheduling server. The task scheduling server also detects whether the fed back associated key matches the communication key, thereby completing the network authentication process.
在S103中,所述任务执行终端根据所述第一TCP报文内的所述通信密钥,确定所述通信密钥对应的关联密钥,并基于所述关联密钥生成第二TCP报文,将所述第二TCP报文发送给所述任务调度服务器。In S103, the task execution terminal determines an association key corresponding to the communication key according to the communication key in the first TCP message, and generates a second TCP message based on the association key , Sending the second TCP packet to the task scheduling server.
在本实施例中,任务执行终端在接收到第一TCP报文时,则表示任务调度服务器与任务执行终端需要建立通信链路,并执行拨测测试流程,为了响应第一TCP报文,以告知任务调度服务器两者之间的链路连通,任务执行终端会基于该第一TCP报文生成第二TCP报文。In this embodiment, when the task execution terminal receives the first TCP message, it indicates that the task scheduling server and the task execution terminal need to establish a communication link and perform the dialing test process. In order to respond to the first TCP message, the Inform the task scheduling server that the link between the two is connected, and the task execution terminal will generate a second TCP message based on the first TCP message.
在本实施例汇总,任务执行终端会解析该第一TCP报文中包含的通信密钥,并查询与通信密钥匹配的关联密钥,继而将关联密钥封装于生成的TCP报文内,优选地,该关联密钥可以存储于TCP报文的保留字段内,并调整选项字段的位值,以便任务调度服务器在接收到该第二TCP报文时,可以确定保留字段中携带有有效数据,即关联密钥。In this embodiment, the task execution terminal will parse the communication key contained in the first TCP message, and query the associated key matching the communication key, and then encapsulate the associated key in the generated TCP message. Preferably, the associated key may be stored in a reserved field of the TCP message, and the bit value of the option field may be adjusted, so that when the task scheduling server receives the second TCP message, it can determine that the reserved field carries valid data , Which is the associated key.
可选地,由于任务执行终端可以与多个任务调度服务器相连,即任务执行终端内会存储有不同任务调度服务器的关联密钥。在该情况下,任务执行终端会基于第一TCP报文内的源地址,确定该任务调度服务器的服务器标识,从而获取与该服务器标识匹配的关联密钥,并封装于第二TCP报文内。Optionally, the task execution terminal may be connected to multiple task scheduling servers, that is, the task execution terminal may store associated keys of different task scheduling servers. In this case, the task execution terminal will determine the server ID of the task scheduling server based on the source address in the first TCP message, so as to obtain the associated key matching the server ID and encapsulate it in the second TCP message .
在S104中,所述任务调度服务器对所述第二TCP报文的关联密钥进行校验,若校验结果为校验成功,则基于所述拨测项目生成拨测测试指令。In S104, the task scheduling server verifies the associated key of the second TCP message. If the verification result is that the verification is successful, a dial test test instruction is generated based on the dial test item.
在本实施例中,任务调度服务器在接收到第二TCP报文后,会提取该第二TCP报文内包含的关联密钥,并识别该关联密钥是否与通信密钥相匹配。具体地,任务调度服务器可以存储有校验算法,任务调度服务器可以将通信密钥以及关联密钥均导入到该校验算法内,基于该校验算法的校验值识别两者是否匹配。可选地,该校验算法可以为一哈希函数,任务调度服务器可以将通信密钥导入到该哈希函数内,确定该通信密钥的哈希值,若关联密钥导入到该哈希函数内,输出的哈希值与通信密钥的哈希值相同,则识别两者相匹配,即校验成功;反之,若输出的哈希值与通信密钥的哈希值不同,则识别两者不匹配,即校验失败。In this embodiment, after receiving the second TCP message, the task scheduling server extracts the associated key contained in the second TCP message and identifies whether the associated key matches the communication key. Specifically, the task scheduling server may store a verification algorithm, and the task scheduling server may import both the communication key and the associated key into the verification algorithm, and identify whether the two match based on the verification value of the verification algorithm. Optionally, the verification algorithm may be a hash function, and the task scheduling server may import the communication key into the hash function to determine the hash value of the communication key, if the associated key is imported into the hash Within the function, if the output hash value is the same as the communication key hash value, the two match is recognized, that is, the verification is successful; otherwise, if the output hash value is different from the communication key hash value, then the recognition If the two do not match, the verification fails.
在本实施例中,任务调度服务器在识别到校验成功后,则表示任务执行终端为合法设备,可以向其下发拨测测试指令,以响应拨测项目。具体地,任务调度服务器会获取拨测项目的项目标识,并基于该项目标识确定测试参数,根据测试参数生成拨测测试指令。In this embodiment, after the task scheduling server recognizes that the verification is successful, it indicates that the task execution terminal is a legitimate device and can issue dial test instructions to it in response to the dial test item. Specifically, the task scheduling server will obtain the project identification of the dial test item, determine the test parameters based on the project identification, and generate the dial test command according to the test parameters.
在S105中,所述任务调度服务器将携带有所述拨测测试指令的第三TCP报文发送给所述任务执行终端,并与所述任务执行终端建立通信链路。In S105, the task scheduling server sends a third TCP message carrying the dialing test instruction to the task execution terminal, and establishes a communication link with the task execution terminal.
在本实施例中,任务调度服务器会将生成的拨测测试指令添加到第三TCP报文内,并将第三TCP报文发送给任务执行终端,在发送第三TCP报文后,任务调度服务器会识别该通信链路为合法的通信链路,且任务执行终端也为合法设备。当任务执行终端接收到第三TCP报文后,由于已完成三次握手操作,因此任务执行终端同样会识别该通信链路为合法的通信链路,并从第三TCP报文内提取拨测测试指令,并完成拨测项目对应的测试内容。In this embodiment, the task scheduling server will add the generated dial test instruction to the third TCP message, and send the third TCP message to the task execution terminal. After sending the third TCP message, the task scheduling The server recognizes that the communication link is a legal communication link, and the task execution terminal is also a legal device. After the task execution terminal receives the third TCP message, the task execution terminal will also recognize the communication link as a legitimate communication link since it has completed three handshake operations, and extract the dial test from the third TCP message Instruction, and complete the test content corresponding to the dial test item.
以上可以看出,本申请实施例提供的一种通信链路的建立方法通过在任务调度服务器与任务执行终端进行TCP三次握手以建立通信链路的过程中,将通信密钥添加到TCP报文中,从而TCP报文不仅能用于确保任务调度服务器与任务执行终端之间的通信链路是否连通,还能完成合法性鉴权的操作,将通信链路建立以及网络认证两个过程进行统一,减少了任务调度服务器与任务执行终端之间的数据交互次数,提高了通信链路的建立效率,从而提高了拨测测试的效率。As can be seen from the above, a method for establishing a communication link provided by an embodiment of the present application adds a communication key to a TCP message during a three-way TCP handshake between a task scheduling server and a task execution terminal to establish a communication link In this way, TCP packets can not only be used to ensure that the communication link between the task scheduling server and the task execution terminal is connected, but also complete the operation of legality authentication, unifying the two processes of communication link establishment and network authentication It reduces the number of data interactions between the task scheduling server and the task execution terminal, improves the efficiency of communication link establishment, and thus improves the efficiency of dial test.
图2示出了本申请第二实施例提供的一种通信链路的建立方法S102的具体实现流程图。在本实施例中,流程的执行主体为任务调度服务器,参见图2,相对于图1述实施例,本实施例提供的一种通信链路的建立方法S102包括: S1021~S1024,具体详述如下:FIG. 2 shows a specific implementation flowchart of a communication link establishment method S102 provided by the second embodiment of the present application. In this embodiment, the execution subject of the process is a task scheduling server. Referring to FIG. 2, compared with the embodiment described in FIG. 1, a communication link establishment method S102 provided in this embodiment includes: S1021 ~ S1024, specifically described as follows:
进一步地,所述任务调度服务器获取所述终端标识关联的通信密钥,基于所述通信密钥生成第一传输控制协议TCP报文,包括:Further, the task scheduling server acquiring the communication key associated with the terminal identifier, and generating a first transmission control protocol TCP message based on the communication key includes:
在S1021中,查询所述终端标识对应的随机密钥生成算法,并通过所述随机密钥生成算法得到混淆加密密钥。In S1021, a random key generation algorithm corresponding to the terminal identifier is queried, and a confusion encryption key is obtained through the random key generation algorithm.
在本实施例中,不同的任务执行终端对应的随机密钥生成算法可以不同,因此,任务调度服务器可以基于终端标识获取该与任务执行终端对应的随机密钥生成算法。具体地,各个任务执行终端的随机密钥算法可以存储与上位机服务器处,上位机服务器可以以预设的更新周期对各个任务执行终端的随机密钥生成算法进行更新。任务调度服务器可以与该上位机服务器进行通信,并通过该上位机服务器获取终端标识对应的随机密钥生成算法。需要说明的是,任务执行终端侧可以配置有密钥解析算法,该密钥解析算法与该随机密钥生成算法是互相对应的两个算法,即随机密钥生成算法是基于预设的密钥规则随机生成混淆加密密钥的,而密钥解析算法可以识别该混淆加密密钥是否满足该密钥规则,若该混淆加密密钥满足该密钥规则,则识别该混淆加密密钥为合法密钥;反之,则识别该密钥为非法密钥,与该任务执行终端不匹配。In this embodiment, the random key generation algorithm corresponding to different task execution terminals may be different. Therefore, the task scheduling server may acquire the random key generation algorithm corresponding to the task execution terminal based on the terminal identifier. Specifically, the random key algorithm of each task execution terminal may be stored at the host computer server, and the host computer server may update the random key generation algorithm of each task execution terminal at a preset update period. The task scheduling server can communicate with the host computer server, and obtain the random key generation algorithm corresponding to the terminal identifier through the host computer server. It should be noted that the task execution terminal side may be configured with a key analysis algorithm, and the key analysis algorithm and the random key generation algorithm are two algorithms corresponding to each other, that is, the random key generation algorithm is based on a preset key The rules randomly generate obfuscated encryption keys, and the key analysis algorithm can identify whether the obfuscated encryption keys meet the key rules. If the obfuscated encryption keys meet the key rules, the obfuscated encryption keys are recognized as legal. Key; otherwise, the key is recognized as an illegal key, which does not match the task execution terminal.
在本实施例中,任务调度服务器在确定了与任务执行终端匹配的随机密钥生成算法后,可以运行该随机密钥生成算法,通过该随机密钥生成算法生成本次通信链路过程所使用的混淆加密密钥。需要说明的是,该混淆加密密钥所包含的字符是随机的,且密钥长度也是随机。但该混淆加密密钥设置有最小密钥长度以及最大密钥长度,即混淆加密密钥的密钥长度有固定的范围。In this embodiment, after determining the random key generation algorithm matching the task execution terminal, the task scheduling server may run the random key generation algorithm, and use the random key generation algorithm to generate the communication link used in this process Obfuscated encryption key. It should be noted that the characters contained in the obfuscated encryption key are random, and the key length is also random. However, the obfuscation encryption key is set with a minimum key length and a maximum key length, that is, the key length of the obfuscation encryption key has a fixed range.
在S1022中,根据所述终端标识的字符长度,确定密钥分割次数,并基于所述分割次将所述混淆加密密钥分割为多个子密钥。In S1022, the number of key divisions is determined according to the character length of the terminal identification, and the obfuscated encryption key is divided into multiple subkeys based on the division times.
在本实施例中,任务调度服务器需要对终端标识进行混淆加密处理,从而将混淆加密后的终端标识作为通信密钥发送给任务执行终端。由于任务执行终端存储有自身的终端标识,即终端标识通过混淆加密处理后,若发送给合法的任务执行终端,该任务执行终端依然可以通过本地记录的终端标识解析出该通信密钥中的混淆加密密钥。而对于非法的任务执行终端,由于本地记录的终端标识与合法设备的终端标识不一致,从而无法通过通信密钥解析出混淆加密密钥,从而无法生成对应的关联密钥。基于上述原因,可以提高通信密钥的破解难度,从而提高了建立通信链路的安全性以及保密性。In this embodiment, the task scheduling server needs to perform obfuscation and encryption processing on the terminal identification, so that the obfuscated and encrypted terminal identification is sent as a communication key to the task execution terminal. Since the task execution terminal stores its own terminal identification, that is, after the terminal identification is processed through obfuscation encryption, if it is sent to a legitimate task execution terminal, the task execution terminal can still resolve the confusion in the communication key by using the locally recorded terminal identification Encryption key. For an illegal task execution terminal, because the terminal ID recorded locally is inconsistent with the terminal ID of the legal device, the obfuscated encryption key cannot be resolved through the communication key, and the corresponding associated key cannot be generated. Based on the above reasons, the difficulty of cracking the communication key can be increased, thereby improving the security and confidentiality of establishing the communication link.
在本实施例中,任务调度服务器会识别目标任务执行终端的终端标识的字符长度,基于该字符长度的大小,确定密钥分割次数。具体地,若该终端标识的长度越长,为了更好地隐藏原生的终端标识,则对应的密钥分割次数越多,从而能够配置更多的混淆插入点;而终端标识的长度越短,则对应的密钥分割次数越小。任务调度服务器在确定了密钥分割次数后,可以对生成的混淆加密密钥进行等额分割,生成多个子密钥。In this embodiment, the task scheduling server recognizes the character length of the terminal identifier of the target task execution terminal, and determines the number of key divisions based on the size of the character length. Specifically, if the length of the terminal logo is longer, in order to better hide the native terminal logo, the corresponding number of key splits is greater, so that more obfuscation insertion points can be configured; and the shorter the length of the terminal logo, The smaller the corresponding key division times. After determining the number of key divisions, the task scheduling server can divide the generated obfuscation encryption key into equal amounts to generate multiple subkeys.
可选地,在本实施例中,终端标识可以由任务执行终端的物理地址以及网络地址构成。任务调度服务器在查询到任务执行终端的物理地址后,可以在该物理地址的首部或尾部,甚至预设的插入点,将网络地址添加到该物理地址内,并将添加了网络地址的物理地址识别为该任务执行终端的终端标识。Optionally, in this embodiment, the terminal identifier may be composed of the physical address and network address of the task execution terminal. After querying the physical address of the task execution terminal, the task scheduling server can add the network address to the physical address at the head or tail of the physical address, or even a preset insertion point, and add the physical address of the network address Identify the terminal ID of the task execution terminal.
在S1023中,将多个所述子密钥插入到所述终端标识内预设的插入位置,并将插入所述子密钥后的终端标识识别为所述通信密钥。In S1023, a plurality of the subkeys are inserted into preset insertion positions in the terminal identification, and the terminal identification after inserting the subkey is identified as the communication key.
在本实施例中,任务调度服务器可以根据密钥分割次数,确定插入点的个数,并根据插入点的排布规则,从终端标识上识别得到多个插入位置,继而任务调度服务器可以将各个子密钥根据各个插入位置添加到该终端标识中,并将插入子密钥后的终端标识识别为通信密钥。优选地,任务调度服务器可以基于各个子密钥的分割次序,确定其对应的插入位置,即子密钥的分割次序与插入位置的序号是相匹配的。In this embodiment, the task scheduling server may determine the number of insertion points according to the number of key divisions, and identify multiple insertion positions from the terminal identification according to the arrangement rules of the insertion points, and then the task scheduling server may divide each The subkey is added to the terminal identification according to each insertion position, and the terminal identification after inserting the subkey is recognized as the communication key. Preferably, the task scheduling server may determine the corresponding insertion position based on the division order of each subkey, that is, the division order of the subkey matches the sequence number of the insertion position.
在S1024中,所述任务调度服务器基于所述通信密钥生成第一传输控制协议TCP报文。In S1024, the task scheduling server generates a first transmission control protocol TCP message based on the communication key.
在本实施例中,任务调度服务器将生成的通信密钥添加到原生的第一TCP报文内,以便任务执行终端可以从第一TCP报文中提取得到该通信密钥,并生成与之对应的关联密钥。In this embodiment, the task scheduling server adds the generated communication key to the native first TCP message, so that the task execution terminal can extract the communication key from the first TCP message and generate the corresponding Associated key.
在本申请实施例中,通过随机算法生成混淆加密密钥,并将混淆加密密钥进行分割并插入到终端标识中生成通信密钥,能够提高通信密钥的破解难度,从而提高通信链路建立的安全性。In the embodiment of the present application, the obfuscation encryption key is generated by a random algorithm, and the obfuscation encryption key is divided and inserted into the terminal identification to generate the communication key, which can increase the difficulty of cracking the communication key, thereby improving the establishment of the communication link Security.
图3示出了本申请第三实施例提供的一种通信链路的建立方法S103的具体实现流程图。在本实施例中,流程的执行主体为任务执行终端,参见图3,相对于图2所述的实施例,本实施例提供的一种通信链路的建立方法S103包括: S1031~S1032,具体详述如下:FIG. 3 shows a specific implementation flowchart of a communication link establishment method S103 provided in the third embodiment of the present application. In this embodiment, the execution subject of the process is a task execution terminal. Referring to FIG. 3, relative to the embodiment described in FIG. 2, a communication link establishment method S103 provided in this embodiment includes: S1031 ~ S1032, specific The details are as follows:
进一步地,所述任务执行终端根据所述第一TCP报文内的所述通信密钥,确定所述通信密钥对应的关联密钥,包括:Further, the task execution terminal determining the associated key corresponding to the communication key according to the communication key in the first TCP message includes:
在S1031中,基于所述终端标识以及所述插入位置,从所述通信密钥中提取各个所述子密钥,并基于所述子密钥的插入次序,还原所述混淆加密密钥。In S1031, each subkey is extracted from the communication key based on the terminal identification and the insertion position, and the obfuscated encryption key is restored based on the insertion order of the subkeys.
在本实施例中,任务执行终端在接收到第一TCP报文后,可以从该TCP报文中提取得到通信密钥。在确定了通信密钥后,任务执行终端会获取本地的终端标识,通过比对通信密钥以及终端标识,从通信密钥中获取混淆插入的子密钥。需要说明的是,由于任务调度服务器与合法的任务执行终端之间预先约定了密钥分割算法以及密钥插入算法,因此,任务执行终端可以基于本地的终端标识确定密钥分割次数,并基于密钥分割次数确定各个子密钥的插入位置,在接收到通信密钥后,则可以标记出插入位置,并基于本地的终端标识提取得到各个子密钥。In this embodiment, after receiving the first TCP message, the task execution terminal may extract the communication key from the TCP message. After the communication key is determined, the task execution terminal obtains the local terminal identification, and obtains the sub-key that is confusedly inserted from the communication key by comparing the communication key and the terminal identification. It should be noted that, since the key scheduling algorithm and the key insertion algorithm are pre-agreed between the task scheduling server and the legal task execution terminal, the task execution terminal can determine the number of key splits based on the local terminal identification and based on the secret The number of key divisions determines the insertion position of each subkey. After receiving the communication key, the insertion position can be marked and extracted based on the local terminal identification.
在本实施例中,任务执行终端可以根据各个子密钥在通信密钥中的插入次序,确定该子密钥在混淆加密密钥中的排列次序,并基于该排列次序对各个子密钥进行组合,还原得到分割前的混淆加密密钥。In this embodiment, the task execution terminal may determine the arrangement order of the subkeys in the obfuscated encryption key according to the insertion order of the respective subkeys in the communication key, and perform each subkey based on the arrangement order Combine and restore the obfuscated encryption key before splitting.
可选地,任务执行终端在还原得到混淆加密密钥后,可以通过预设的密钥识别算法确定该混淆加密密钥是否为合法密钥,若是,则执行S1032的相关操作;反之,若该密钥为非法密钥或无法通过密钥识别算法解析该混淆加密密钥,则识别该第一TCP报文为非法报文,不与任务调度服务器建立通信连接。Optionally, after recovering the obfuscated encryption key, the task execution terminal may determine whether the obfuscated encryption key is a legal key through a preset key recognition algorithm, and if so, perform the relevant operations of S1032; otherwise, if the If the key is an illegal key or the obfuscated encryption key cannot be parsed by the key identification algorithm, the first TCP message is identified as an illegal message, and no communication connection is established with the task scheduling server.
在S1032中,将所述混淆加密密钥导入关联密钥生成算法,生成所述混淆加密密钥对应的关联密钥。In S1032, the obfuscated encryption key is imported into an associated key generation algorithm to generate an associated key corresponding to the obfuscated encryption key.
在本实施例中,任务执行终端在获取了混淆加密密钥后,则会通过关联密钥生成算法输出该混淆加密密钥对应的关联密钥。具体地,该关联密钥生成算法可以为一哈希函数,将混淆加密密钥导入到该哈希函数后,可以确定该混淆加密密钥对应的哈希值,并识别该哈希值为关联密钥。对应地,任务调度服务器也配置有对应的关联密钥生成算法,任务调度服务器同样可以通过该关联密钥生成算法确定该混淆加密密钥对应的关联密钥,并在接收到任务执行终端反馈的第二TCP报文后,识别本地生成的关联密钥与第二TCP报文中携带的关联密钥是否一致,从而识别是否校验成功。In this embodiment, after acquiring the obfuscated encryption key, the task execution terminal outputs the associated key corresponding to the obfuscated encryption key through the associated key generation algorithm. Specifically, the associated key generation algorithm may be a hash function. After the obfuscated encryption key is imported into the hash function, the hash value corresponding to the obfuscated encryption key may be determined, and the hash value may be identified as associated Key. Correspondingly, the task scheduling server is also configured with a corresponding associated key generation algorithm. The task scheduling server can also determine the associated key corresponding to the obfuscated encryption key through the associated key generation algorithm, and upon receiving the feedback from the task execution terminal After the second TCP message, identify whether the locally generated association key is consistent with the association key carried in the second TCP message, thereby identifying whether the verification is successful.
在本申请实施例中,通过本地的终端标识还原混淆加密密钥,并生成对应的关联密钥,能够提高通信链路建立的安全性。In the embodiment of the present application, the obfuscated encryption key is restored through the local terminal identification, and the corresponding associated key is generated, which can improve the security of the communication link establishment.
图4示出了本申请第四实施例提供的一种通信链路的建立方法S102的具体实现流程图。在本实施例中,流程的执行主体为任务调度服务器,参见图4,相对于图1-图3所述实施例,本实施例提供的一种通信链路的建立方法中S102包括:S1025~S1027,具体详述如下:FIG. 4 shows a specific implementation flowchart of a communication link establishment method S102 provided by the fourth embodiment of the present application. In this embodiment, the execution subject of the process is a task scheduling server. Referring to FIG. 4, compared with the embodiments described in FIGS. 1-3, a communication link establishment method provided in this embodiment S102 includes: S1025 ~ S1027, detailed as follows:
进一步地,所述任务调度服务器获取所述终端标识关联的通信密钥,基于所述通信密钥生成第一传输控制协议TCP报文,包括:Further, the task scheduling server acquiring the communication key associated with the terminal identifier, and generating a first transmission control protocol TCP message based on the communication key includes:
在 S1025中,获取所述任务执行终端的网络地址,基于所述网络地址生成原生TCP报文。In S1025, the network address of the task execution terminal is obtained, and a native TCP message is generated based on the network address.
在本实施例中,任务调度服务器会基于该任务执行终端的终端标识,获取该终端标识对应的网络地址,并检测当前的各个通信接口中,是否已有接口与该通信地址建立通信链路,若是,则直接通过已建立的通信链路发送拨测测试指令;反之,若各个通信接口均未与该网络地址建立通信链路,则根据该网络地址以及本地的网络地址生成原生TCP报文。In this embodiment, the task scheduling server will obtain the network address corresponding to the terminal ID based on the terminal ID of the task execution terminal, and detect whether each of the current communication interfaces has established a communication link with the communication address. If it is, the dial test instruction is sent directly through the established communication link; otherwise, if each communication interface has not established a communication link with the network address, a native TCP message is generated according to the network address and the local network address.
在本实施例中,该原生TCP报文中选项字段的值为默认值,且保留字段内也填充有无效字符串。In this embodiment, the value of the option field in the native TCP packet is the default value, and the reserved field is also filled with invalid character strings.
在S1026中,将所述原生TCP报文中的选项字段设置为预设位值。In S1026, the option field in the native TCP message is set to a preset bit value.
本实施例中,任务调度服务器在生成了原生TCP报文后,由于需要将通信密钥封装于TCP报文内,为了让通信对端可以识别得到该TCP报文中携带有通信密钥,任务调度服务器会调整选项字段的位值,将选项字段设置为预设位值。举例地,该位值可以为“XX”,当通信对端识别选项字段的位值为非默认值且为“XX”时,则可以确定该TCP报文内携带有通信密钥。需要说明的是,该预设位值为任务调度服务器与任务执行终端预先规定的位值。In this embodiment, after generating a native TCP message, the task scheduling server needs to encapsulate the communication key in the TCP message. In order for the communication peer to recognize that the TCP message carries the communication key, the task The scheduling server adjusts the bit value of the option field and sets the option field to a preset bit value. For example, the bit value may be "XX". When the bit value of the communication peer identification option field is a non-default value and is "XX", it may be determined that the TCP packet carries the communication key. It should be noted that the preset bit value is a bit value predetermined by the task scheduling server and the task execution terminal.
在S1027中,将所述通信密钥添加到所述原生TCP报文中的保留字段,并将添加所述通信密钥以及设置预设位值后的所述原生TCP报文识别为第一TCP报文。In S1027, the communication key is added to a reserved field in the native TCP message, and the native TCP message after adding the communication key and setting a preset bit value is identified as the first TCP Message.
在本实施例中,任务调度服务器会将生成的通信密钥添加到原生的TCP报文的保留字段内,该保留字段以及上述的选项字段,均位于TCP报文的首部,并没有更改TCP报文的正文内容。至此,任务调度服务器已经将通信密钥添加到TCP报文内,因此可以识别添加了通信密钥且修改了选项字段后的原生TCP报文为第一TCP报文。In this embodiment, the task scheduling server adds the generated communication key to the reserved field of the native TCP packet. The reserved field and the above-mentioned option field are located in the header of the TCP packet, and the TCP report is not changed. The content of the text. At this point, the task scheduling server has added the communication key to the TCP message, so it can identify the native TCP message with the communication key added and the option field modified as the first TCP message.
在本申请实施例中,通过对原生TCP报文的首部进行修改,从而能够将通信密钥添加到TCP报文内,无需额外增加通信外销,减少了TCP报文的数据量,提高了传输效率。In the embodiment of the present application, by modifying the header of the native TCP message, the communication key can be added to the TCP message without additional communication export, reducing the amount of data in the TCP message and improving the transmission efficiency .
图5示出了本申请第五实施例提供的一种通信链路的建立方法的具体实现流程图。在本实施例中,流程的执行主体为任务调度服务器,参见图5,相对于图1-图3所述实施例,本实施例提供的一种通信链路的建立方法中S101包括:S1011~S1012,具体详述如下:FIG. 5 shows a specific implementation flowchart of a communication link establishment method provided in a fifth embodiment of the present application. In this embodiment, the execution subject of the process is a task scheduling server. Referring to FIG. 5, relative to the embodiment described in FIGS. 1-3, a communication link establishment method provided in this embodiment S101 includes: S1011 ~ S1012, detailed as follows:
进一步地,所述任务调度服务器基于所述拨测启动条件确定拨测项目,并获取与所述拨测项目匹配的任务执行终端的终端标识,包括:Further, the task scheduling server determines a dial test item based on the dial test start condition, and obtains a terminal identifier of a task execution terminal matching the dial test item, including:
在S1011中,获取关于任务执行终端的运行状态列表,并选取运行状态为空闲的任务执行终端为候选执行终端。In S1011, a list of operation states of the task execution terminal is obtained, and a task execution terminal whose operation state is idle is selected as a candidate execution terminal.
在本实施例中,任务调度服务器在确定了需要执行拨测测试,会获取运行状态列表,该运行状态列表中记录有该拨测调度系统内各个任务执行终端的运行状态,该运行状态包括占用状态、空闲状态以及故障状态。当任务执行终端的状态发生改变时,会同步更新至该运行状态列表内。因此,任务调度服务器可以根据该运行状态列表,确定各个任务执行终端当前时刻的运行状态。In this embodiment, when the task scheduling server determines that it needs to perform the dial test, it will obtain a running status list, which records the running status of each task execution terminal in the dial testing and scheduling system. The running status includes occupancy State, idle state and fault state. When the status of the task execution terminal changes, it will be updated to the running status list synchronously. Therefore, the task scheduling server can determine the current running state of each task execution terminal according to the running state list.
在本实施例中,任务调度终端会检测该运行状态列表中是否存在运行状态为空闲的任务执行终端,若存在,则识别该任务执行终端为候选中心终端。In this embodiment, the task scheduling terminal will detect whether there is a task execution terminal whose operation status is idle in the operation status list, and if so, identify the task execution terminal as a candidate central terminal.
在S1012中,查询各个所述候选执行终端的可执行项目信息,并将可执行项目信息中包含所述拨测项目的任一所述候选执行终端识别为与所述拨测项目匹配的任务执行终端。In S1012, query the executable item information of each of the candidate execution terminals, and identify any candidate execution terminal that contains the dialing test item in the executable item information as a task execution that matches the dialing test item terminal.
在本实施例中,任务调度服务器在检测到存在空闲状态的任务执行终端后,会获取各个候选执行终端的可执行项目信息,该可执行项目信息用于表示该任务执行终端能够响应的拨测项目,基于此,任务调度服务器会查询该可执行项目信息内是否包含识别得到拨测项目,若存在,则表示该候选执行终端具备相应的能力完成该拨测项目,因此,识别该候选执行终端为该拨测项目批评的任务执行终端。In this embodiment, after detecting that there is a task execution terminal in an idle state, the task scheduling server will obtain the executable item information of each candidate execution terminal, and the executable item information is used to indicate that the task execution terminal can respond to the dial test Project, based on this, the task scheduling server will query whether the executable project information contains the identified dial test item, if it exists, it means that the candidate execution terminal has the corresponding ability to complete the dial test item, therefore, identify the candidate execution terminal The task execution terminal criticized for the dialing test project.
在本申请实施例中,通过获取各个任务执行终端的运行状态以及可执行项目信息,选取出与拨测项目批评的任务执行终端,提高了拨测项目的响应效率。In the embodiment of the present application, by acquiring the running status and executable item information of each task execution terminal, the task execution terminal criticized and dialed for the test item is selected and the response efficiency of the dial test item is improved.
应理解,上述实施例中各步骤的序号的大小并不意味着执行顺序的先后,各过程的执行顺序应以其功能和内在逻辑确定,而不应对本申请实施例的实施过程构成任何限定。It should be understood that the size of the sequence numbers of the steps in the above embodiments does not mean the order of execution, and the execution order of each process should be determined by its function and internal logic, and should not constitute any limitation on the implementation process of the embodiments of the present application.
图6示出了本申请一实施例提供的一种拨测任务调度系统的结构框图,该终端设备包括的各单元用于执行图1对应的实施例中的各步骤。具体请参阅图1与图1所对应的实施例中的相关描述。为了便于说明,仅示出了与本实施例相关的部分。FIG. 6 shows a structural block diagram of a dialing and testing task scheduling system provided by an embodiment of the present application. Each unit included in the terminal device is used to execute each step in the embodiment corresponding to FIG. 1. For details, please refer to the related descriptions in the embodiments corresponding to FIG. 1 and FIG. 1. For ease of explanation, only parts related to this embodiment are shown.
参见图6,所述拨测任务调度系统包括:任务调度服务器61以及至少一个任务执行终端62;Referring to FIG. 6, the dialing test task scheduling system includes: a task scheduling server 61 and at least one task execution terminal 62;
所述任务调度服务器61,用于若满足预设的拨测启动条件,则基于所述拨测启动条件确定拨测项目,并获取与所述拨测项目匹配的任务执行终端62的终端标识;The task scheduling server 61 is configured to determine a dial test item based on the dial test start condition if a preset dial test start condition is satisfied, and obtain a terminal identifier of the task execution terminal 62 that matches the dial test item;
所述任务调度服务器61,用于获取所述终端标识关联的通信密钥,基于所述通信密钥生成第一传输控制协议TCP报文,并将所述第一TCP报文发送给所述任务执行终端62;The task scheduling server 61 is configured to obtain a communication key associated with the terminal identifier, generate a first transmission control protocol TCP message based on the communication key, and send the first TCP message to the task Executive terminal 62;
所述任务执行终端62,用于根据所述第一TCP报文内的所述通信密钥,确定所述通信密钥对应的关联密钥,并基于所述关联密钥生成第二TCP报文,将所述第二TCP报文发送给所述任务调度服务器61;The task execution terminal 62 is configured to determine an association key corresponding to the communication key according to the communication key in the first TCP message, and generate a second TCP message based on the association key , Sending the second TCP message to the task scheduling server 61;
所述任务调度服务器61,用于对所述第二TCP报文的关联密钥进行校验,若校验结果为校验成功,则基于所述拨测项目生成拨测测试指令;The task scheduling server 61 is configured to verify the associated key of the second TCP packet, and if the verification result is successful, generate a dial test command based on the dial test item;
所述任务调度服务器61,用于将携带有所述拨测测试指令的第三TCP报文发送给所述任务执行终端62,并与所述任务执行终端62建立通信链路。The task scheduling server 61 is configured to send a third TCP message carrying the dialing test instruction to the task execution terminal 62, and establish a communication link with the task execution terminal 62.
可选地,所述任务调度服务器61,用于获取所述终端标识关联的通信密钥,基于所述通信密钥生成第一传输控制协议TCP报文,包括:Optionally, the task scheduling server 61 is configured to obtain a communication key associated with the terminal identification, and generate a first transmission control protocol TCP packet based on the communication key, including:
所述任务调度服务器61,用于查询所述终端标识对应的随机密钥生成算法,并通过所述随机密钥生成算法得到混淆加密密钥;The task scheduling server 61 is configured to query a random key generation algorithm corresponding to the terminal identifier, and obtain a confusion encryption key through the random key generation algorithm;
所述任务调度服务器61,用于根据所述终端标识的字符长度,确定密钥分割次数,并基于所述分割次将所述混淆加密密钥分割为多个子密钥;The task scheduling server 61 is configured to determine the number of key divisions according to the character length of the terminal identification, and divide the obfuscation encryption key into multiple subkeys based on the division times;
所述任务调度服务器61,用于将多个所述子密钥插入到所述终端标识内预设的插入位置,并将插入所述子密钥后的终端标识识别为所述通信密钥;The task scheduling server 61 is configured to insert a plurality of the sub-keys into a preset insertion position in the terminal identification, and identify the terminal identification after inserting the sub-key as the communication key;
所述任务调度服务器61,用于基于所述通信密钥生成第一传输控制协议TCP报文。The task scheduling server 61 is configured to generate a first transmission control protocol TCP message based on the communication key.
可选地,所述任务执行终端62,用于根据所述第一TCP报文内的所述通信密钥,确定所述通信密钥对应的关联密钥,包括:Optionally, the task execution terminal 62 is configured to determine the associated key corresponding to the communication key according to the communication key in the first TCP message, including:
所述任务执行终端62,用于基于所述终端标识以及所述插入位置,从所述通信密钥中提取各个所述子密钥,并基于所述子密钥的插入次序,还原所述混淆加密密钥;The task execution terminal 62 is configured to extract each of the subkeys from the communication key based on the terminal identification and the insertion position, and restore the confusion based on the insertion order of the subkeys Encryption key
所述任务执行终端62,用于将所述混淆加密密钥导入关联密钥生成算法,生成所述混淆加密密钥对应的关联密钥。The task execution terminal 62 is configured to import the obfuscated encryption key into an associated key generation algorithm, and generate an associated key corresponding to the obfuscated encryption key.
可选地,所述任务调度服务器61,用于获取所述终端标识关联的通信密钥,基于所述通信密钥生成第一传输控制协议TCP报文,包括:Optionally, the task scheduling server 61 is configured to obtain a communication key associated with the terminal identification, and generate a first transmission control protocol TCP packet based on the communication key, including:
所述任务调度服务器61,用于获取所述任务执行终端62的网络地址,基于所述网络地址生成原生TCP报文;The task scheduling server 61 is configured to obtain a network address of the task execution terminal 62, and generate a native TCP message based on the network address;
所述任务调度服务器61,用于将所述原生TCP报文中的选项字段设置为预设位值;The task scheduling server 61 is configured to set the option field in the native TCP message to a preset bit value;
所述任务调度服务器61,用于将所述通信密钥添加到所述原生TCP报文中的保留字段,并将添加所述通信密钥以及设置预设位值后的所述原生TCP报文识别为第一TCP报文。The task scheduling server 61 is configured to add the communication key to a reserved field in the native TCP message, and add the communication key and the native TCP message after setting a preset bit value Recognized as the first TCP message.
可选地,所述任务调度服务器61,用于基于所述拨测启动条件确定拨测项目,并获取与所述拨测项目匹配的任务执行终端62的终端标识,包括:Optionally, the task scheduling server 61 is configured to determine a dial test item based on the dial test start condition and obtain a terminal identifier of the task execution terminal 62 that matches the dial test item, including:
所述任务调度服务器61,用于获取关于任务执行终端62的运行状态列表,并选取运行状态为空闲的任务执行终端为候选执行终端;The task scheduling server 61 is configured to obtain a list of operation states of the task execution terminal 62, and select a task execution terminal whose operation state is idle as a candidate execution terminal;
所述任务调度服务器61,用于查询各个所述候选执行终端的可执行项目信息,并将可执行项目信息中包含所述拨测项目的任一所述候选执行终端识别为与所述拨测项目匹配的任务执行终端。The task scheduling server 61 is configured to query the executable item information of each candidate execution terminal, and identify any candidate execution terminal that includes the dialing test item in the executable item information as being associated with the dialing test Task execution terminal for project matching.
因此,本申请实施例提供的拨测任务调度系统同样可以通过在任务调度服务器与任务执行终端进行TCP三次握手以建立通信链路的过程中,将通信密钥添加到TCP报文中,从而TCP报文不仅能用于确保任务调度服务器与任务执行终端之间的通信链路是否连通,还能完成合法性鉴权的操作,将通信链路建立以及网络认证两个过程进行统一,减少了任务调度服务器与任务执行终端之间的数据交互次数,提高了通信链路的建立效率,从而提高了拨测测试的效率。Therefore, the dialing test task scheduling system provided by the embodiment of the present application can also add the communication key to the TCP message by performing a three-way TCP handshake between the task scheduling server and the task execution terminal to establish a communication link. The message can not only be used to ensure that the communication link between the task scheduling server and the task execution terminal is connected, but also complete the operation of legality authentication, unify the two processes of communication link establishment and network authentication, reducing tasks The number of data interactions between the dispatch server and the task execution terminal improves the efficiency of communication link establishment, thereby increasing the efficiency of dial test.
另外,在本申请各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。上述集成的单元既可以采用硬件的形式实现,也可以采用软件功能单元的形式实现。In addition, each functional unit in each embodiment of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The above integrated unit can be implemented in the form of hardware or software function unit.
以上所述实施例仅用以说明本申请的技术方案,而非对其限制;尽管参照前述实施例对本申请进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本申请各实施例技术方案的精神和范围,均应包含在本申请的保护范围之内。The above-mentioned embodiments are only used to illustrate the technical solutions of the present application, not to limit them; although the present application has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art should understand that they can still implement the foregoing The technical solutions described in the examples are modified, or some of the technical features are equivalently replaced; and these modifications or replacements do not deviate from the spirit and scope of the technical solutions of the embodiments of the present application. Within the scope of protection of this application.

Claims (20)

  1. 一种通信链路的建立方法,应用于拨测任务调度系统,其特征在于,所述通信链路的建立方法,包括:A method for establishing a communication link is applied to a dialing and testing task scheduling system, which is characterized in that the method for establishing a communication link includes:
    若满足预设的拨测启动条件,则所述任务调度服务器基于所述拨测启动条件确定拨测项目,并获取与所述拨测项目匹配的任务执行终端的终端标识;If the preset dial test start condition is satisfied, the task scheduling server determines the dial test item based on the dial test start condition, and obtains the terminal identification of the task execution terminal matching the dial test item;
    所述任务调度服务器获取所述终端标识关联的通信密钥,基于所述通信密钥生成第一传输控制协议TCP报文,并将所述第一TCP报文发送给所述任务执行终端;The task scheduling server obtains a communication key associated with the terminal identifier, generates a first transmission control protocol TCP message based on the communication key, and sends the first TCP message to the task execution terminal;
    所述任务执行终端根据所述第一TCP报文内的所述通信密钥,确定所述通信密钥对应的关联密钥,并基于所述关联密钥生成第二TCP报文,将所述第二TCP报文发送给所述任务调度服务器;The task execution terminal determines an association key corresponding to the communication key according to the communication key in the first TCP message, and generates a second TCP message based on the association key, and converts the Sending a second TCP message to the task scheduling server;
    所述任务调度服务器对所述第二TCP报文的关联密钥进行校验,若校验结果为校验成功,则基于所述拨测项目生成拨测测试指令;The task scheduling server verifies the associated key of the second TCP packet, and if the verification result is a successful verification, generates a dial test command based on the dial test item;
    所述任务调度服务器将携带有所述拨测测试指令的第三TCP报文发送给所述任务执行终端,并与所述任务执行终端建立通信链路。The task scheduling server sends a third TCP message carrying the dialing test instruction to the task execution terminal, and establishes a communication link with the task execution terminal.
  2. 根据权利要求1所述的建立方法,其特征在于,所述任务调度服务器获取所述终端标识关联的通信密钥,基于所述通信密钥生成第一传输控制协议TCP报文,包括:The establishment method according to claim 1, wherein the task scheduling server obtains a communication key associated with the terminal identifier, and generates a first transmission control protocol TCP message based on the communication key, including:
    所述任务调度服务器查询所述终端标识对应的随机密钥生成算法,并通过所述随机密钥生成算法得到混淆加密密钥;The task scheduling server queries the random key generation algorithm corresponding to the terminal identifier, and obtains the confusion encryption key through the random key generation algorithm;
    所述任务调度服务器根据所述终端标识的字符长度,确定密钥分割次数,并基于所述分割次将所述混淆加密密钥分割为多个子密钥;The task scheduling server determines the number of key divisions according to the character length of the terminal identification, and divides the obfuscated encryption key into multiple subkeys based on the division times;
    所述任务调度服务器将多个所述子密钥插入到所述终端标识内预设的插入位置,并将插入所述子密钥后的终端标识识别为所述通信密钥;The task scheduling server inserts a plurality of the sub-keys into a preset insertion position in the terminal identifier, and recognizes the terminal identifier after inserting the sub-key as the communication key;
    所述任务调度服务器基于所述通信密钥生成第一传输控制协议TCP报文。The task scheduling server generates a first transmission control protocol TCP message based on the communication key.
  3. 根据权利要求2所述的建立方法,其特征在于,所述任务执行终端根据所述第一TCP报文内的所述通信密钥,确定所述通信密钥对应的关联密钥,包括:The establishment method according to claim 2, wherein the task execution terminal determines the associated key corresponding to the communication key according to the communication key in the first TCP message, including:
    所述任务执行终端基于所述终端标识以及所述插入位置,从所述通信密钥中提取各个所述子密钥,并基于所述子密钥的插入次序,还原所述混淆加密密钥;The task execution terminal extracts each subkey from the communication key based on the terminal identification and the insertion position, and restores the obfuscated encryption key based on the insertion order of the subkeys;
    所述任务执行终端将所述混淆加密密钥导入关联密钥生成算法,生成所述混淆加密密钥对应的关联密钥。The task execution terminal imports the obfuscated encryption key into an associated key generation algorithm to generate an associated key corresponding to the obfuscated encryption key.
  4. 根据权利要求1-3任一项所述的建立方法,其特征在于,所述任务调度服务器获取所述终端标识关联的通信密钥,基于所述通信密钥生成第一传输控制协议TCP报文,包括:The establishment method according to any one of claims 1 to 3, wherein the task scheduling server obtains a communication key associated with the terminal identifier, and generates a first transmission control protocol TCP packet based on the communication key ,include:
    所述任务调度服务器获取所述任务执行终端的网络地址,基于所述网络地址生成原生TCP报文;The task scheduling server obtains the network address of the task execution terminal, and generates a native TCP message based on the network address;
    所述任务调度服务器将所述原生TCP报文中的选项字段设置为预设位值;The task scheduling server sets the option field in the native TCP message to a preset bit value;
    所述任务调度服务器将所述通信密钥添加到所述原生TCP报文中的保留字段,并将添加所述通信密钥以及设置预设位值后的所述原生TCP报文识别为第一TCP报文。The task scheduling server adds the communication key to a reserved field in the native TCP message, and identifies the native TCP message after adding the communication key and setting a preset bit value as the first TCP message.
  5. 根据权利要求1-3任一项所述的建立方法,其特征在于,所述任务调度服务器基于所述拨测启动条件确定拨测项目,并获取与所述拨测项目匹配的任务执行终端的终端标识,包括:The establishment method according to any one of claims 1 to 3, wherein the task scheduling server determines a dial test item based on the dial test start condition and obtains a task execution terminal matching the dial test item Terminal identification, including:
    所述任务调度服务器获取关于任务执行终端的运行状态列表,并选取运行状态为空闲的任务执行终端为候选执行终端;The task scheduling server obtains a list of operation states of the task execution terminal, and selects the task execution terminal whose operation state is idle as a candidate execution terminal;
    所述任务调度服务器查询各个所述候选执行终端的可执行项目信息,并将可执行项目信息中包含所述拨测项目的任一所述候选执行终端识别为与所述拨测项目匹配的任务执行终端。The task scheduling server queries the executable item information of each candidate execution terminal, and identifies any candidate execution terminal containing the dialing test item in the executable item information as a task matching the dialing test item Executive terminal.
  6. 一种拨测任务调度系统,其特征在于,所述拨测任务调度系统包括:任务调度服务器以及至少一个任务执行终端;A dialing test task scheduling system, characterized in that the dialing test task scheduling system includes: a task scheduling server and at least one task execution terminal;
    所述任务调度服务器,用于若满足预设的拨测启动条件,则基于所述拨测启动条件确定拨测项目,并获取与所述拨测项目匹配的任务执行终端的终端标识;The task scheduling server is configured to determine a dial test item based on the dial test start condition if a preset dial test start condition is satisfied, and obtain a terminal identification of a task execution terminal matching the dial test item;
    所述任务调度服务器,用于获取所述终端标识关联的通信密钥,基于所述通信密钥生成第一传输控制协议TCP报文,并将所述第一TCP报文发送给所述任务执行终端;The task scheduling server is configured to obtain a communication key associated with the terminal identifier, generate a first transmission control protocol TCP message based on the communication key, and send the first TCP message to the task for execution terminal;
    所述任务执行终端,用于根据所述第一TCP报文内的所述通信密钥,确定所述通信密钥对应的关联密钥,并基于所述关联密钥生成第二TCP报文,将所述第二TCP报文发送给所述任务调度服务器;The task execution terminal is configured to determine an association key corresponding to the communication key according to the communication key in the first TCP message, and generate a second TCP message based on the association key, Sending the second TCP message to the task scheduling server;
    所述任务调度服务器,用于对所述第二TCP报文的关联密钥进行校验,若校验结果为校验成功,则基于所述拨测项目生成拨测测试指令;The task scheduling server is configured to verify the associated key of the second TCP message, and if the verification result is successful, generate a dial test command based on the dial test item;
    所述任务调度服务器,用于将携带有所述拨测测试指令的第三TCP报文发送给所述任务执行终端,并与所述任务执行终端建立通信链路。The task scheduling server is configured to send a third TCP message carrying the dialing test instruction to the task execution terminal, and establish a communication link with the task execution terminal.
  7. 根据权利要求6所述的拨测任务调度系统,其特征在于,所述任务调度服务器,用于获取所述终端标识关联的通信密钥,基于所述通信密钥生成第一传输控制协议TCP报文,包括:The dialing and testing task scheduling system according to claim 6, wherein the task scheduling server is configured to obtain a communication key associated with the terminal identification, and generate a first transmission control protocol TCP report based on the communication key Articles, including:
    所述任务调度服务器,用于查询所述终端标识对应的随机密钥生成算法,并通过所述随机密钥生成算法得到混淆加密密钥;The task scheduling server is used to query a random key generation algorithm corresponding to the terminal identifier, and obtain a confusion encryption key through the random key generation algorithm;
    所述任务调度服务器,用于根据所述终端标识的字符长度,确定密钥分割次数,并基于所述分割次将所述混淆加密密钥分割为多个子密钥;The task scheduling server is configured to determine the number of key divisions based on the character length of the terminal identification, and divide the obfuscated encryption key into multiple subkeys based on the division times;
    所述任务调度服务器,用于将多个所述子密钥插入到所述终端标识内预设的插入位置,并将插入所述子密钥后的终端标识识别为所述通信密钥。The task scheduling server is configured to insert a plurality of the sub-keys into a preset insertion position in the terminal identification, and recognize the terminal identification after inserting the sub-key as the communication key.
  8. 根据权利要求7所述的拨测任务调度系统,其特征在于,所述任务执行终端,用于根据所述第一TCP报文内的所述通信密钥,确定所述通信密钥对应的关联密钥,包括:The dialing and testing task scheduling system according to claim 7, wherein the task execution terminal is configured to determine an association corresponding to the communication key according to the communication key in the first TCP message Keys, including:
    所述任务执行终端,用于基于所述终端标识以及所述插入位置,从所述通信密钥中提取各个所述子密钥,并基于所述子密钥的插入次序,还原所述混淆加密密钥;The task execution terminal is configured to extract each of the subkeys from the communication key based on the terminal identification and the insertion position, and restore the obfuscated encryption based on the insertion order of the subkeys Key
    所述任务执行终端,用于将所述混淆加密密钥导入关联密钥生成算法,生成所述混淆加密密钥对应的关联密钥。The task execution terminal is configured to import the obfuscated encryption key into an associated key generation algorithm, and generate an associated key corresponding to the obfuscated encryption key.
  9. 根据权利要求6-8任一项所述的拨测任务调度系统,其特征在于,所述任务调度服务器,用于获取所述终端标识关联的通信密钥,基于所述通信密钥生成第一传输控制协议TCP报文,包括:The dialing and testing task scheduling system according to any one of claims 6-8, wherein the task scheduling server is configured to obtain a communication key associated with the terminal identification, and generate a first based on the communication key Transmission control protocol TCP packets, including:
    所述任务调度服务器,用于获取所述任务执行终端的网络地址,基于所述网络地址生成原生TCP报文;The task scheduling server is used to obtain the network address of the task execution terminal and generate a native TCP message based on the network address;
    所述任务调度服务器,用于将所述原生TCP报文中的选项字段设置为预设位值;The task scheduling server is configured to set the option field in the native TCP message to a preset bit value;
    所述任务调度服务器,用于将所述通信密钥添加到所述原生TCP报文中的保留字段,并将添加所述通信密钥以及设置预设位值后的所述原生TCP报文识别为第一TCP报文。The task scheduling server is configured to add the communication key to a reserved field in the native TCP message, and identify the native TCP message after adding the communication key and setting a preset bit value It is the first TCP message.
  10. 根据权利要求6-8任一项所述的拨测任务调度系统,其特征在于,所述任务调度服务器,用于基于所述拨测启动条件确定拨测项目,并获取与所述拨测项目匹配的任务执行终端的终端标识,包括:The dialing test task scheduling system according to any one of claims 6-8, wherein the task scheduling server is configured to determine a dialing test item based on the dialing test start condition and obtain the dialing test item The terminal identification of the matched task execution terminal includes:
    所述任务调度服务器,用于获取关于任务执行终端的运行状态列表,并选取运行状态为空闲的任务执行终端为候选执行终端;The task scheduling server is used to obtain a list of running states of task execution terminals, and select a task execution terminal whose running state is idle as a candidate execution terminal;
    所述任务调度服务器,用于查询各个所述候选执行终端的可执行项目信息,并将可执行项目信息中包含所述拨测项目的任一所述候选执行终端识别为与所述拨测项目匹配的任务执行终端。The task scheduling server is configured to query the executable item information of each candidate execution terminal, and identify any candidate execution terminal that includes the dialing test item in the executable item information as the dialing test item Matching task execution terminal.
  11. 一种拨测任务调度系统,其特征在于,所述拨测任务调度系统包括:任务调度服务器以及至少一个任务执行终端;所述任务调度服务器包括存储器、处理器以及存储在所述存储器中并可在所述处理器上运行的计算机可读指令,所述任务调度服务器的处理器执行所述计算机可读指令时实现如下步骤:A dialing test task scheduling system, characterized in that the dialing test task scheduling system includes: a task scheduling server and at least one task execution terminal; the task scheduling server includes a memory, a processor, and is stored in the memory and can Computer-readable instructions running on the processor, and the processor of the task scheduling server implements the following steps when executing the computer-readable instructions:
    所述任务调度服务器,用于若满足预设的拨测启动条件,则基于所述拨测启动条件确定拨测项目,并获取与所述拨测项目匹配的任务执行终端的终端标识;The task scheduling server is configured to determine a dial test item based on the dial test start condition if a preset dial test start condition is satisfied, and obtain a terminal identification of a task execution terminal matching the dial test item;
    所述任务调度服务器,用于获取所述终端标识关联的通信密钥,基于所述通信密钥生成第一传输控制协议TCP报文,并将所述第一TCP报文发送给所述任务执行终端;The task scheduling server is configured to obtain a communication key associated with the terminal identifier, generate a first transmission control protocol TCP message based on the communication key, and send the first TCP message to the task for execution terminal;
    所述任务调度服务器,用于对所述第二TCP报文的关联密钥进行校验,若校验结果为校验成功,则基于所述拨测项目生成拨测测试指令;The task scheduling server is configured to verify the associated key of the second TCP message, and if the verification result is successful, generate a dial test command based on the dial test item;
    所述任务调度服务器,用于将携带有所述拨测测试指令的第三TCP报文发送给所述任务执行终端,并与所述任务执行终端建立通信链路;The task scheduling server is configured to send a third TCP message carrying the dialing test instruction to the task execution terminal, and establish a communication link with the task execution terminal;
    所述任务执行终端包括存储器、处理器以及存储在所述存储器中并可在所述处理器上运行的计算机可读指令,所述任务执行终端的处理器执行所述计算机可读指令时实现如下步骤:The task execution terminal includes a memory, a processor, and computer-readable instructions stored in the memory and executable on the processor. The processor of the task execution terminal is implemented as follows when executing the computer-readable instructions step:
    所述任务执行终端,用于根据所述第一TCP报文内的所述通信密钥,确定所述通信密钥对应的关联密钥,并基于所述关联密钥生成第二TCP报文,将所述第二TCP报文发送给所述任务调度服务器。The task execution terminal is configured to determine an association key corresponding to the communication key according to the communication key in the first TCP message, and generate a second TCP message based on the association key, Sending the second TCP message to the task scheduling server.
  12. 根据权利要求11所述的拨测任务调度系统,其特征在于,所述任务调度服务器,用于获取所述终端标识关联的通信密钥,基于所述通信密钥生成第一传输控制协议TCP报文,包括:The dialing and testing task scheduling system according to claim 11, wherein the task scheduling server is configured to obtain a communication key associated with the terminal identifier, and generate a first transmission control protocol TCP report based on the communication key Articles, including:
    所述任务调度服务器,用于查询所述终端标识对应的随机密钥生成算法,并通过所述随机密钥生成算法得到混淆加密密钥;The task scheduling server is used to query a random key generation algorithm corresponding to the terminal identifier, and obtain a confusion encryption key through the random key generation algorithm;
    所述任务调度服务器,用于根据所述终端标识的字符长度,确定密钥分割次数,并基于所述分割次将所述混淆加密密钥分割为多个子密钥;The task scheduling server is configured to determine the number of key divisions based on the character length of the terminal identification, and divide the obfuscated encryption key into multiple subkeys based on the division times;
    所述任务调度服务器,用于将多个所述子密钥插入到所述终端标识内预设的插入位置,并将插入所述子密钥后的终端标识识别为所述通信密钥;The task scheduling server is configured to insert a plurality of the sub-keys into a preset insertion position in the terminal identification, and identify the terminal identification after inserting the sub-key as the communication key;
    所述任务调度服务器,用于基于所述通信密钥生成第一传输控制协议TCP报文。The task scheduling server is configured to generate a first transmission control protocol TCP message based on the communication key.
  13. 根据权利要求12所述的拨测任务调度系统,其特征在于,所述任务执行终端,用于根据所述第一TCP报文内的所述通信密钥,确定所述通信密钥对应的关联密钥,包括:The dialing and testing task scheduling system according to claim 12, wherein the task execution terminal is configured to determine an association corresponding to the communication key according to the communication key in the first TCP message Keys, including:
    所述任务执行终端,用于基于所述终端标识以及所述插入位置,从所述通信密钥中提取各个所述子密钥,并基于所述子密钥的插入次序,还原所述混淆加密密钥;The task execution terminal is configured to extract each of the subkeys from the communication key based on the terminal identification and the insertion position, and restore the obfuscated encryption based on the insertion order of the subkeys Key
    所述任务执行终端,用于将所述混淆加密密钥导入关联密钥生成算法,生成所述混淆加密密钥对应的关联密钥。The task execution terminal is configured to import the obfuscated encryption key into an associated key generation algorithm, and generate an associated key corresponding to the obfuscated encryption key.
  14. 根据权利要求11-13所述的拨测任务调度系统,其特征在于,所述任务调度服务器,用于获取所述终端标识关联的通信密钥,基于所述通信密钥生成第一传输控制协议TCP报文,包括:The dialing test task scheduling system according to claims 11-13, wherein the task scheduling server is configured to obtain a communication key associated with the terminal identification, and generate a first transmission control protocol based on the communication key TCP messages, including:
    所述任务调度服务器,用于获取所述任务执行终端的网络地址,基于所述网络地址生成原生TCP报文;The task scheduling server is used to obtain the network address of the task execution terminal and generate a native TCP message based on the network address;
    所述任务调度服务器,用于将所述原生TCP报文中的选项字段设置为预设位值;The task scheduling server is configured to set the option field in the native TCP message to a preset bit value;
    所述任务调度服务器,用于将所述通信密钥添加到所述原生TCP报文中的保留字段,并将添加所述通信密钥以及设置预设位值后的所述原生TCP报文识别为第一TCP报文。The task scheduling server is configured to add the communication key to a reserved field in the native TCP message, and identify the native TCP message after adding the communication key and setting a preset bit value It is the first TCP message.
  15. 根据权利要求11-13任一项所述的拨测任务调度系统,其特征在于,所述任务调度服务器,用于基于所述拨测启动条件确定拨测项目,并获取与所述拨测项目匹配的任务执行终端的终端标识,包括:The dialing test task scheduling system according to any one of claims 11-13, wherein the task scheduling server is configured to determine a dialing test item based on the dialing test start condition and obtain the dialing test item The terminal identification of the matched task execution terminal includes:
    所述任务调度服务器,用于获取关于任务执行终端的运行状态列表,并选取运行状态为空闲的任务执行终端为候选执行终端;The task scheduling server is used to obtain a list of running states of task execution terminals, and select a task execution terminal whose running state is idle as a candidate execution terminal;
    所述任务调度服务器,用于查询各个所述候选执行终端的可执行项目信息,并将可执行项目信息中包含所述拨测项目的任一所述候选执行终端识别为与所述拨测项目匹配的任务执行终端。The task scheduling server is configured to query the executable item information of each candidate execution terminal, and identify any candidate execution terminal that includes the dialing test item in the executable item information as the dialing test item Matching task execution terminal.
  16. 一种计算机非易失性可读存储介质,所述计算机非易失性可读存储介质存储有计算机可读指令,其特征在于,所述计算机可读指令被处理器执行时实现如下步骤:A computer non-volatile readable storage medium, the computer non-volatile readable storage medium stores computer readable instructions, characterized in that, when the computer readable instructions are executed by a processor, the following steps are implemented:
    若满足预设的拨测启动条件,则所述任务调度服务器基于所述拨测启动条件确定拨测项目,并获取与所述拨测项目匹配的任务执行终端的终端标识;If the preset dial test start condition is satisfied, the task scheduling server determines the dial test item based on the dial test start condition, and obtains the terminal identification of the task execution terminal matching the dial test item;
    所述任务调度服务器获取所述终端标识关联的通信密钥,基于所述通信密钥生成第一传输控制协议TCP报文,并将所述第一TCP报文发送给所述任务执行终端;The task scheduling server obtains a communication key associated with the terminal identifier, generates a first transmission control protocol TCP message based on the communication key, and sends the first TCP message to the task execution terminal;
    所述任务执行终端根据所述第一TCP报文内的所述通信密钥,确定所述通信密钥对应的关联密钥,并基于所述关联密钥生成第二TCP报文,将所述第二TCP报文发送给所述任务调度服务器;The task execution terminal determines an association key corresponding to the communication key according to the communication key in the first TCP message, and generates a second TCP message based on the association key, and converts the Sending a second TCP message to the task scheduling server;
    所述任务调度服务器对所述第二TCP报文的关联密钥进行校验,若校验结果为校验成功,则基于所述拨测项目生成拨测测试指令;The task scheduling server verifies the associated key of the second TCP packet, and if the verification result is a successful verification, generates a dial test command based on the dial test item;
    所述任务调度服务器将携带有所述拨测测试指令的第三TCP报文发送给所述任务执行终端,并与所述任务执行终端建立通信链路。The task scheduling server sends a third TCP message carrying the dialing test instruction to the task execution terminal, and establishes a communication link with the task execution terminal.
  17. 根据权利要求16所述的计算机非易失性可读存储介质,其特征在于,所述任务调度服务器获取所述终端标识关联的通信密钥,基于所述通信密钥生成第一传输控制协议TCP报文,包括:The computer non-volatile readable storage medium according to claim 16, wherein the task scheduling server obtains a communication key associated with the terminal identification, and generates a first transmission control protocol TCP based on the communication key Messages, including:
    所述任务调度服务器查询所述终端标识对应的随机密钥生成算法,并通过所述随机密钥生成算法得到混淆加密密钥;The task scheduling server queries the random key generation algorithm corresponding to the terminal identifier, and obtains the confusion encryption key through the random key generation algorithm;
    所述任务调度服务器根据所述终端标识的字符长度,确定密钥分割次数,并基于所述分割次将所述混淆加密密钥分割为多个子密钥;The task scheduling server determines the number of key divisions according to the character length of the terminal identification, and divides the obfuscated encryption key into multiple subkeys based on the division times;
    所述任务调度服务器将多个所述子密钥插入到所述终端标识内预设的插入位置,并将插入所述子密钥后的终端标识识别为所述通信密钥;The task scheduling server inserts a plurality of the sub-keys into a preset insertion position in the terminal identifier, and recognizes the terminal identifier after inserting the sub-key as the communication key;
    所述任务调度服务器基于所述通信密钥生成第一传输控制协议TCP报文。The task scheduling server generates a first transmission control protocol TCP message based on the communication key.
  18. 根据权利要求17所述的计算机非易失性可读存储介质,其特征在于,所述任务执行终端根据所述第一TCP报文内的所述通信密钥,确定所述通信密钥对应的关联密钥,包括:The non-volatile computer-readable storage medium according to claim 17, wherein the task execution terminal determines the corresponding communication key according to the communication key in the first TCP message Associated keys, including:
    所述任务执行终端基于所述终端标识以及所述插入位置,从所述通信密钥中提取各个所述子密钥,并基于所述子密钥的插入次序,还原所述混淆加密密钥;The task execution terminal extracts each subkey from the communication key based on the terminal identification and the insertion position, and restores the obfuscated encryption key based on the insertion order of the subkeys;
    所述任务执行终端将所述混淆加密密钥导入关联密钥生成算法,生成所述混淆加密密钥对应的关联密钥。The task execution terminal imports the obfuscated encryption key into an associated key generation algorithm to generate an associated key corresponding to the obfuscated encryption key.
  19. 根据权利要求16-18所述的计算机非易失性可读存储介质,其特征在于,所述任务调度服务器获取所述终端标识关联的通信密钥,基于所述通信密钥生成第一传输控制协议TCP报文,包括:The computer non-volatile storage medium according to claims 16-18, wherein the task scheduling server obtains a communication key associated with the terminal identification, and generates a first transmission control based on the communication key Protocol TCP packets, including:
    所述任务调度服务器获取所述任务执行终端的网络地址,基于所述网络地址生成原生TCP报文;The task scheduling server obtains the network address of the task execution terminal, and generates a native TCP message based on the network address;
    所述任务调度服务器将所述原生TCP报文中的选项字段设置为预设位值;The task scheduling server sets the option field in the native TCP message to a preset bit value;
    所述任务调度服务器将所述通信密钥添加到所述原生TCP报文中的保留字段,并将添加所述通信密钥以及设置预设位值后的所述原生TCP报文识别为第一TCP报文。The task scheduling server adds the communication key to a reserved field in the native TCP message, and identifies the native TCP message after adding the communication key and setting a preset bit value as the first TCP message.
  20. 根据权利要求16-18任一项所述的计算机非易失性可读存储介质,其特征在于,所述任务调度服务器基于所述拨测启动条件确定拨测项目,并获取与所述拨测项目匹配的任务执行终端的终端标识,包括:The computer non-volatile storage medium according to any one of claims 16 to 18, wherein the task scheduling server determines a dial test item based on the dial test start condition and obtains the dial test The terminal identification of the task execution terminal matched by the project includes:
    所述任务调度服务器获取关于任务执行终端的运行状态列表,并选取运行状态为空闲的任务执行终端为候选执行终端;The task scheduling server obtains a list of operation states of the task execution terminal, and selects the task execution terminal whose operation state is idle as a candidate execution terminal;
    所述任务调度服务器查询各个所述候选执行终端的可执行项目信息,并将可执行项目信息中包含所述拨测项目的任一所述候选执行终端识别为与所述拨测项目匹配的任务执行终端。The task scheduling server queries the executable item information of each candidate execution terminal, and identifies any candidate execution terminal containing the dialing test item in the executable item information as a task matching the dialing test item Executive terminal.
PCT/CN2018/124627 2018-10-18 2018-12-28 Method and system for establishing communication link WO2020077867A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201811216811.X 2018-10-18
CN201811216811.XA CN109391618B (en) 2018-10-18 2018-10-18 Method and system for establishing communication link

Publications (1)

Publication Number Publication Date
WO2020077867A1 true WO2020077867A1 (en) 2020-04-23

Family

ID=65426965

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/124627 WO2020077867A1 (en) 2018-10-18 2018-12-28 Method and system for establishing communication link

Country Status (2)

Country Link
CN (1) CN109391618B (en)
WO (1) WO2020077867A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112202638A (en) * 2020-09-29 2021-01-08 北京百度网讯科技有限公司 Data processing method, device, equipment and computer storage medium
CN113726830A (en) * 2020-05-25 2021-11-30 网联清算有限公司 Message identifier generation method and device

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113220562A (en) * 2020-02-06 2021-08-06 北京沃东天骏信息技术有限公司 Terminal testing method and device, computer storage medium and electronic equipment
CN112134757B (en) * 2020-09-21 2022-08-19 北京信而泰科技股份有限公司 Message generation method and device
CN114143067B (en) * 2021-11-26 2024-04-19 天翼视联科技有限公司 Instruction processing method and system of dial testing system
CN115514663B (en) * 2022-09-23 2023-10-27 北京奇艺世纪科技有限公司 Dial testing method, system, device, electronic equipment and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070067833A1 (en) * 2005-09-20 2007-03-22 Colnot Vincent C Methods and Apparatus for Enabling Secure Network-Based Transactions
CN101409620A (en) * 2007-10-12 2009-04-15 美国博通公司 Method and system for processing data in communication system
CN102710624A (en) * 2012-05-24 2012-10-03 广东电网公司电力科学研究院 Customizable network identity authentication method based on SM2 algorithm
US8640212B2 (en) * 2010-05-27 2014-01-28 Red Hat, Inc. Securing passwords with CAPTCHA based hash when used over the web
CN105721500A (en) * 2016-04-10 2016-06-29 北京工业大学 TPM-based Modbus/TCP security enhancement method

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7545810B2 (en) * 2005-07-01 2009-06-09 Cisco Technology, Inc. Approaches for switching transport protocol connection keys
US7921282B1 (en) * 2007-08-20 2011-04-05 F5 Networks, Inc. Using SYN-ACK cookies within a TCP/IP protocol
CN102355658B (en) * 2011-06-29 2013-12-25 中国电信股份有限公司 Authentication parameter updating method, apparatus thereof and system thereof
CN103905384B (en) * 2012-12-26 2017-11-24 北京握奇数据系统有限公司 The implementation method of session handshake between built-in terminal based on secure digital certificate

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070067833A1 (en) * 2005-09-20 2007-03-22 Colnot Vincent C Methods and Apparatus for Enabling Secure Network-Based Transactions
CN101409620A (en) * 2007-10-12 2009-04-15 美国博通公司 Method and system for processing data in communication system
US8640212B2 (en) * 2010-05-27 2014-01-28 Red Hat, Inc. Securing passwords with CAPTCHA based hash when used over the web
CN102710624A (en) * 2012-05-24 2012-10-03 广东电网公司电力科学研究院 Customizable network identity authentication method based on SM2 algorithm
CN105721500A (en) * 2016-04-10 2016-06-29 北京工业大学 TPM-based Modbus/TCP security enhancement method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
CHEN, RONGJUN: "Design of GPRS CQT Test System Based on ABM Platform", COMMUNICATIONS WORLD, 11 August 2008 (2008-08-11), pages 68 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113726830A (en) * 2020-05-25 2021-11-30 网联清算有限公司 Message identifier generation method and device
CN113726830B (en) * 2020-05-25 2023-09-12 网联清算有限公司 Message identifier generation method and device
CN112202638A (en) * 2020-09-29 2021-01-08 北京百度网讯科技有限公司 Data processing method, device, equipment and computer storage medium

Also Published As

Publication number Publication date
CN109391618B (en) 2021-09-03
CN109391618A (en) 2019-02-26

Similar Documents

Publication Publication Date Title
WO2020077867A1 (en) Method and system for establishing communication link
CN101465735B (en) Network user identification verification method, server and client terminal
US10681540B2 (en) Communication network system, transmission node, reception node, and message checking method
US10243829B2 (en) Communication protocol testing method, and tested device and testing platform thereof
CN107483383B (en) Data processing method, terminal, background server and storage medium
CN111107073B (en) Application automatic login method and device, computer equipment and storage medium
CN109981285B (en) Password protection method, password verification method and system
CN110781140B (en) Method, device, computer equipment and storage medium for signing data in blockchain
CN109614789B (en) Terminal equipment verification method and equipment
CN115603907A (en) Method, device, equipment and storage medium for encrypting storage data
CN111327561B (en) Authentication method, system, authentication server, and computer-readable storage medium
GB2488753A (en) Encrypted communication
US20100070770A1 (en) Systems and methods, apparatus, and computer readable media for intercepting and modifying hmac signed messages
CN111385258B (en) Data communication method, device, client, server and storage medium
CN110177116B (en) Secure data transmission method and device for intelligent identification network
US11943213B2 (en) Device and method for mediating configuration of authentication information
CN106537962B (en) Wireless network configuration, access and access method, device and equipment
WO2023160299A1 (en) Device physical identity authentication method and apparatus, and system and first platform
CN109088733B (en) Method and device for realizing application expansion of smart card
US11659384B2 (en) Data center 5G network encrypted multicast-based authority authentication method and system
CN111131455B (en) Data proxy method, device, equipment and storage medium
CN113505382A (en) Micro-service authentication method, electronic device and storage medium
CN113014613A (en) Data transmission system and method for realizing SSL unloading session multiplexing based on TLS1.3 protocol
CN112118108B (en) SIP anti-theft verification method and system
CN114531284B (en) Data encryption method, device, electronic equipment and storage medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18937521

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18937521

Country of ref document: EP

Kind code of ref document: A1