[go: up one dir, main page]

CN101741823B - Cross-validation safety communication method and system - Google Patents

Cross-validation safety communication method and system Download PDF

Info

Publication number
CN101741823B
CN101741823B CN 200810226281 CN200810226281A CN101741823B CN 101741823 B CN101741823 B CN 101741823B CN 200810226281 CN200810226281 CN 200810226281 CN 200810226281 A CN200810226281 A CN 200810226281A CN 101741823 B CN101741823 B CN 101741823B
Authority
CN
China
Prior art keywords
communication
bag
identifying code
party
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN 200810226281
Other languages
Chinese (zh)
Other versions
CN101741823A (en
Inventor
李平立
龚健
王保华
高超霖
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Peking University
Founder International Beijing Co Ltd
Original Assignee
Peking University
Founder International Beijing Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Peking University, Founder International Beijing Co Ltd filed Critical Peking University
Priority to CN 200810226281 priority Critical patent/CN101741823B/en
Publication of CN101741823A publication Critical patent/CN101741823A/en
Application granted granted Critical
Publication of CN101741823B publication Critical patent/CN101741823B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Storage Device Security (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

本发明涉及一种交叉验证的安全通讯方法及系统,该方法在通讯双方建立通讯连接后的通讯过程中,通讯一方将其生成并保存的验证码和需发送的数据放在通讯包数据段,将最近一次收到的验证码放在通讯包标识段或对通讯包加密并将最近一次收到的验证码作为加密后的通讯包的密钥,将通讯包发给对方。对方收到后,用最近一次保存的验证码去验证收到的通讯包,如验证正确,则接受数据并用对方发送通讯包的方法向对方发送通讯包;否则拒绝处理。通讯双方重复上述互动过程直到通讯结束。本发明从通讯对话的完整性方面考虑,生成具有随机特征的验证码,通过交叉验证,将通讯双方的对话串成链,以保证双方通讯形成闭合的对话链,从而使数据通讯既安全又简便。

The present invention relates to a cross-verification secure communication method and system. In the method, during the communication process after the two communication parties establish a communication connection, the communication party puts the generated and saved verification code and the data to be sent in the data section of the communication packet. Put the last received verification code in the identification section of the communication package or encrypt the communication package and use the last received verification code as the key of the encrypted communication package, and send the communication package to the other party. After the other party receives it, use the last saved verification code to verify the received communication packet. If the verification is correct, then accept the data and send the communication packet to the other party in the same way as the other party sends the communication packet; otherwise, refuse to process. The communication parties repeat the above interaction process until the communication ends. Considering the integrity of the communication dialogue, the present invention generates a verification code with random characteristics, and through cross-validation, the dialogues of the two communication parties are chained to ensure that the communication between the two parties forms a closed dialogue chain, so that the data communication is safe and convenient .

Description

一种交叉验证的安全通讯方法及系统A cross-verified secure communication method and system

技术领域 technical field

本发明属于信息安全领域,具体涉及一种交叉验证的安全通讯方法及系统。The invention belongs to the field of information security, and in particular relates to a cross-validation security communication method and system.

背景技术 Background technique

通讯安全是一项应用广泛的技术,目前大多采用两种方式。一种方式为安全隧道加密传输数据的方式。该方法由于数据加密复杂度的提高,将造成加密数据量的急剧增长,因此加密方式受到一定限制,并且一旦加密密钥被破译,侵入者很容易伪造应答数据,从而给通讯带来安全漏洞。另一种方式就是通过建立可靠的通讯连接来保证通讯双方数据交换的安全,其中专利号为US7,424,736的美国专利“Method for establishing directed circuits between partieswith limited mutual trust”就是使用这种方法。第二种方法不能及时发现通讯双方在通讯期间第三方非法侵入、截获通讯信息、对通讯数据进行改动这种现象,因而也就难以保证通讯双方在通讯期间的通讯安全。Communication security is a widely used technology, and most of them use two methods at present. One way is a way of encrypting data transmission through a secure tunnel. Due to the increase in the complexity of data encryption, this method will cause a sharp increase in the amount of encrypted data, so the encryption method is limited, and once the encryption key is deciphered, it is easy for intruders to forge the response data, thereby bringing security holes to the communication. Another way is to ensure the security of data exchange between the two parties by establishing a reliable communication connection. The US Patent No. US7,424,736 "Method for establishing directed circuits between parties with limited mutual trust" uses this method. The second method cannot detect in time the phenomenon of illegal intrusion, interception of communication information, and modification of communication data by the third party during the communication period of the communication parties, so it is difficult to ensure the communication security of the communication parties during the communication period.

发明内容 Contents of the invention

本发明目的在于提供一种数据通讯既安全又简便的交叉验证的安全通讯方法及其系统,以克服现有技术的不足。The object of the present invention is to provide a safe and convenient cross-verification secure communication method and system for data communication, so as to overcome the deficiencies of the prior art.

为了实现上述发明目的,本发明采用的技术方案是,一种交叉验证的安全通讯方法,该方法包含如下步骤:In order to achieve the purpose of the above invention, the technical solution adopted by the present invention is a cross-verified secure communication method, which includes the following steps:

(1)在通讯双方之间建立通讯连接,通讯一方生成一个验证码和通讯要约并将二者保存在本地后发送给通讯另一方;(1) Establish a communication connection between the communication parties, and the communication party generates a verification code and communication offer and saves them locally and then sends them to the other communication party;

(2)通讯另一方按照其接收到的通讯要约的格式要求,生成一个新验证码并保存,将新验证码和需发送的数据放在通讯包的数据段,将最近一次所接收到的对方的验证码放在通讯包的标识段或对通讯包加密并将最近一次所接收到的对方的验证码作为加密后的通讯包的密钥,再将整个通讯包发送给对方;(2) The other party of the communication generates a new verification code and saves it according to the format requirements of the communication offer it received, puts the new verification code and the data to be sent in the data segment of the communication packet, and puts the last received Put the verification code in the identification section of the communication package or encrypt the communication package and use the verification code received last time as the key of the encrypted communication package, and then send the entire communication package to the other party;

(3)通讯双方重复下述操作直到通讯结束:(3) The communication parties repeat the following operations until the communication ends:

在接收到对方发送的通讯包后,用自己最近一次所保存的验证码去验证所接收到的通讯包,如果验证不正确,则结束处理;否则按照步骤(2)中通讯方的方法,生成一个新验证码并保存,然后形成通讯包并将其发送给对方。After receiving the communication packet sent by the other party, use the verification code saved last time to verify the received communication packet. If the verification is not correct, end the processing; otherwise follow the method of the communication party in step (2) to generate A new verification code and save it, then form a communication package and send it to the other party.

进一步,所述的验证码为随机特征的字符编码,其具体形式为对象标识码、随机字符串、顺序号和时间戳组成的所有组合中的一种,但其至少包含随机字符串或时间戳,其中所述的对象标识码为通讯双方标识自身的字符串,随机字符串是按照通讯要约中规定随机生成的定长字符串,顺序号为通讯过程中记录的连续数字,时间戳为当前时间按照通讯要约转换为规定格式的字符串。Further, the verification code is character encoding of random features, and its specific form is one of all combinations of object identification code, random character string, sequence number and time stamp, but it at least contains random character string or time stamp , where the object identification code is a character string used by both communication parties to identify themselves, the random character string is a fixed-length character string randomly generated according to the provisions of the communication offer, the sequence number is a continuous number recorded during the communication process, and the time stamp is the current time Converted to a string in the specified format according to the communication offer.

更进一步,所述通讯双方每次通讯时均生成不同的验证码。Furthermore, the two communicating parties generate different verification codes each time they communicate.

进一步,所述验证码的格式仅本地可识别处理,无需要通讯双方一致。Further, the format of the verification code can only be recognized and processed locally, and does not need to be consistent between the two communicating parties.

更进一步,所述的通讯要约包含验证码的组成格式要求及整个通讯包的格式要求,具体包括数据段的开始标记、数据长度、数据验证方法及数据加密方法。Furthermore, the communication offer includes the composition format requirements of the verification code and the format requirements of the entire communication package, specifically including the start tag of the data segment, data length, data verification method and data encryption method.

进一步,对包含标识段的通讯包按通讯双方约定的加密方法加密后再发送给对方,对方接收到后需对通讯包进行解密。Further, the communication packet containing the identification segment is encrypted according to the encryption method agreed by the communication parties and then sent to the other party, and the other party needs to decrypt the communication package after receiving it.

更进一步,如果接收到的通讯包中有标识段,步骤(3)中所述的验证是指判断所接收到的通讯包标识段中的验证码与验证方最近一次所保存的验证码是否一致;否则步骤(3)中所述的验证是指验证方用最近一次所保存的验证码能否对所接收到的通讯包解密。Furthermore, if there is an identification segment in the received communication packet, the verification described in step (3) refers to judging whether the verification code in the identification segment of the received communication packet is consistent with the verification code saved last time by the verifier ; Otherwise, the verification described in step (3) refers to whether the verifier can decrypt the received communication packet with the verification code saved last time.

进一步,步骤(3)中,通讯一方通过数据缓冲设备,将接收到的无序数据包按照验证码排序处理。Further, in step (3), the communication party sorts and processes the received out-of-order data packets according to the verification code through the data buffer device.

本发明还提供一种交叉验证的安全通讯系统,该系统包含如下装置:The present invention also provides a cross-verified secure communication system, which includes the following devices:

通讯连接建立装置:用于在通讯双方之间建立通讯连接;Communication connection establishment device: used to establish a communication connection between the communication parties;

通讯要约生成装置:用于生成并保存通讯要约;Communication offer generation device: used to generate and save communication offers;

验证码生成装置:用于生成并保存验证码,触发通讯包生成装置;Verification code generating device: used to generate and save the verification code, and trigger the communication packet generation device;

通讯包生成装置:用于将验证码生成装置按照接收到的通讯要约的格式要求生成的新验证码和需发送的数据放在通讯包数据段并将最近一次所接收到的对方的验证码放在通讯包标识段形成包含标识段的通讯包或者将验证码生成装置按照接收到的通讯要约的格式要求生成的新验证码和需发送的数据放在通讯包数据段形成只有数据段的通讯包,并触发通讯发送和接收装置;Communication packet generation device: used to put the new verification code generated by the verification code generation device according to the format requirements of the received communication offer and the data to be sent in the communication packet data segment and place the verification code of the other party received last time in the The identification segment of the communication packet forms a communication packet containing the identification segment or puts the new verification code generated by the verification code generating device according to the format requirements of the received communication offer and the data to be sent in the data segment of the communication packet to form a communication packet with only the data segment, And trigger the communication sending and receiving device;

通讯接收和发送装置:用于通讯双方接收和发送通讯包,接收完通讯包后触发验证装置;Communication receiving and sending device: used for both communication parties to receive and send communication packets, and trigger the verification device after receiving the communication packets;

验证装置:用于通讯一方在接收到对方发送的通讯包后,用自己最近一次所保存的验证码去验证所接收到的通讯包,如果验证不正确,则结束处理;否则触发验证码生成装置;Verification device: used by the communication party to verify the received communication packet with the verification code it saved last time after receiving the communication packet sent by the other party. If the verification is incorrect, the processing ends; otherwise, the verification code generation device is triggered ;

通讯结束判断装置:用于判断通讯是否结束,如果是,则结束处理,否则继续通讯双方之间的通讯;Communication end judging device: used to judge whether the communication is over, if so, then end the processing, otherwise continue the communication between the communication parties;

加密装置:用于对通讯包进行加密,将最近一次所接收到的对方的验证码作为加密后的通讯包的密钥,再将整个通讯包发送给对方。Encryption device: used to encrypt the communication package, use the last received verification code of the other party as the key of the encrypted communication package, and then send the entire communication package to the other party.

进一步,所述系统还包括一个数据缓冲设备,该设备用于将接收到的无序数据包按照验证码排序处理。Further, the system also includes a data buffering device, which is used to sort and process the received out-of-order data packets according to the verification code.

本发明的效果在于:由于本技术方案从通讯对话的完整性方面考虑,依据生成具有随机特征的验证码,通过交叉验证,将通讯双方的对话串成链,以保证双方通讯形成闭合的对话链,从而保证数据通讯既安全又简便,以实现本发明目的。The effect of the present invention is: because the technical solution considers the integrity of the communication dialogue, according to the generated verification code with random characteristics, through cross-validation, the dialogues of the two communication parties are chained to ensure that the two parties communicate to form a closed dialogue chain , so as to ensure that the data communication is both safe and convenient, so as to realize the object of the present invention.

附图说明 Description of drawings

图1是本发明所述一种交叉验证的安全通讯方法的流程图;Fig. 1 is a flow chart of a cross-verified secure communication method according to the present invention;

图2是本发明实施例中一种通讯包结构示意图;Fig. 2 is a schematic structural diagram of a communication packet in an embodiment of the present invention;

图3是本发明实施例中另一种通讯包结构示意图。Fig. 3 is a schematic structural diagram of another communication packet in the embodiment of the present invention.

具体实施方式 Detailed ways

下面结合说明书附图和具体实施方式对本发明作进一步的描述。The present invention will be further described below in conjunction with the accompanying drawings and specific embodiments.

一种交叉验证的安全通讯系统,该系统包含如下装置:A cross-verified secure communication system, the system includes the following devices:

(1)通讯连接建立装置:用于在通讯双方之间建立通讯连接;(1) Communication connection establishment device: used to establish a communication connection between the communication parties;

(2)通讯要约生成装置:用于生成并保存通讯要约;(2) Communication offer generation device: used to generate and save communication offers;

(3)验证码生成装置:用于生成并保存验证码,触发通讯包生成装置;(3) Verification code generation device: used to generate and save the verification code, and trigger the communication packet generation device;

(4)通讯包生成装置:用于将新验证码和需发送的数据放在通讯包数据段并将最近一次所接收到的对方的验证码放在通讯包标识段形成包含标识段的通讯包或者将新验证码和需发送的数据放在通讯包数据段形成只有数据段的通讯包,并触发通讯发送和接收装置;(4) Communication packet generation device: used to put the new verification code and the data to be sent in the data segment of the communication packet and place the verification code of the other party received last time in the identification segment of the communication packet to form a communication packet containing the identification segment or Put the new verification code and the data to be sent in the data segment of the communication packet to form a communication packet with only the data segment, and trigger the communication sending and receiving device;

(5)通讯接收和发送装置:用于通讯双方接收和发送通讯包,接收完通讯包后触发验证装置;(5) Communication receiving and sending device: used for both parties to receive and send communication packets, and trigger the verification device after receiving the communication packets;

(6)验证装置:用于通讯一方在接收到对方发送通讯包后,用自己最近一次所保存的验证码去验证所接收到的通讯包,如果验证不正确,则结束处理;否则触发验证码生成装置;(6) Verification device: It is used by the communication party to verify the received communication packet with the verification code saved last time after receiving the communication packet sent by the other party. If the verification is incorrect, the processing ends; otherwise, the verification code is triggered generating device;

(7)通讯结束判断装置:用于判断通讯是否结束,如果是,则结束处理,否则继续通讯双方之间的通讯;(7) Communication end judging device: used to judge whether the communication is over, if so, end the processing, otherwise continue the communication between the two parties;

如果通讯包没有标识段,上述系统还包括加密装置,该装置用于对通讯包进行加密。同时上述系统还可包括一个数据缓冲设备,该设备用于将接收到的无序数据包按照验证码排序处理。If the communication packet has no identification segment, the above system also includes an encryption device, which is used to encrypt the communication packet. At the same time, the above system may also include a data buffering device, which is used to sort and process the received out-of-order data packets according to the verification code.

如图1所示,一种交叉验证的安全通讯方法,包括如下步骤:As shown in Figure 1, a cross-verification secure communication method includes the following steps:

步骤S11:在通讯双方之间建立通讯连接。Step S11: Establish a communication connection between the communication parties.

此步骤中依据FTP、HTTP、POP3等数据传输协议在通讯双方之间建立通讯连接。In this step, a communication connection is established between the communication parties based on data transmission protocols such as FTP, HTTP, and POP3.

步骤S12:通。讯一方生成验证码和通讯要约,保存后将他们发送。Step S12: pass. The messaging party generates verification codes and newsletter offers, saves them and sends them.

在通讯双方之间的通讯连接建立好后,通讯一方生成一个验证码和通讯要约,将所生成的验证码和通讯要约保存并将二者发送给对方。在本实施例中,通讯双方分别为接收方和发送方,且接收方先生成一个验证码和通讯要约,将所生成的验证码和通讯要约保存并将二者发送给发送方。接收方可以只有一个,也可为多个,本实施例中接收方只有一个。这里的验证码为随机特征的字符编码,其具体形式为对象标识码、随机字符串、顺序号和时间戳组成的所有组合中的一种,但其至少包含随机字符串或时间戳,其中对象标识码为通讯双方标识自身的字符串,随机字符串是按照通讯要约中规定随机生成的定长字符串,顺序号为通讯过程中记录的连续数字,时间戳为当前时间按照通讯要约转换为规定格式的字符串。所述的通讯要约主要包含验证码的组成格式要求,以及整个通讯包的格式要求,包括数据段的开始标记、数据长度、数据验证方法,以及数据加密方法。在本实施中接收方生成的通讯要约如下所示:After the communication connection between the communication parties is established, the communication party generates a verification code and communication offer, saves the generated verification code and communication offer, and sends them to the other party. In this embodiment, the communication parties are the receiver and the sender respectively, and the receiver first generates a verification code and communication offer, saves the generated verification code and communication offer, and sends them to the sender. There may be only one receiver, or there may be multiple receivers. In this embodiment, there is only one receiver. The verification code here is a character encoding of random features, and its specific form is one of all combinations of object identification code, random character string, sequence number and time stamp, but it contains at least random character string or time stamp, where the object The identification code is a character string used by both communication parties to identify themselves, the random character string is a fixed-length character string randomly generated according to the provisions in the communication offer, the sequence number is a continuous number recorded during the communication process, and the timestamp is the current time converted to the specified time according to the communication offer format string. The communication offer mainly includes the composition format requirements of the verification code, and the format requirements of the entire communication package, including the start tag of the data segment, data length, data verification method, and data encryption method. The communication offer generated by the receiver in this implementation looks like this:

上述要约表明接收方标识码为7973AE9B81E74632B38F677A8DFB6C83,通讯包只有数据段,应采用最近一次所接收到的对方验证码对通讯包加密,验证码由GUID标识码、随机字符串、时间戳三部分组成。此步骤接收方生成的验证码为D167FB39F53849f7ADB1522339D73E4DAUmo82390810221625231,其中D167FB39F53849f7ADB1522339D73E4D为GUID标识码,表明与其通讯的对方为D167FB39F53849f7ADB1522339D73E4D;AUmo8239为随机字符串;0810221625231为时间戳。The above offer indicates that the recipient’s identification code is 7973AE9B81E74632B38F677A8DFB6C83, and the communication packet only has data segments. The communication packet should be encrypted with the verification code received last time. The verification code consists of three parts: GUID identification code, random string, and time stamp.此步骤接收方生成的验证码为D167FB39F53849f7ADB1522339D73E4DAUmo82390810221625231,其中D167FB39F53849f7ADB1522339D73E4D为GUID标识码,表明与其通讯的对方为D167FB39F53849f7ADB1522339D73E4D;AUmo8239为随机字符串;0810221625231为时间戳。

步骤S13:通讯另一方生成验证码和通讯包,并发送通讯包。Step S13: The other party in the communication generates a verification code and a communication packet, and sends the communication packet.

此步骤为通讯另一方按照其接收到的通讯要约的格式要求,生成一个新验证码并保存,将新验证码和需发送的数据放在通讯包数据段,将最近一次所接收到的对方的验证码放在通讯包标识段或对通讯包加密并将最近一次所接收到的对方的验证码作为加密后的通讯包的密钥,并将整个通讯包发送给对方。这里的通讯包有两种形式,一种通讯包由标识段和数据段组成,其中数据段又由验证码和数据组成,其具体结构如图2所示;另一种通讯包没有标识段,只有数据段,其数据段由验证码和数据组成,其具体结构如图3所示。因为本实施例中的通讯要约要求通讯包只有数据段,应采用最近一次所接收到的对方验证码对通讯包加密,所以本实施例我们采用图3所示的通讯包。本实施例中,此步骤的通讯另一方为发送方,即此步骤可表达为:发送方生成验证码和通讯包,并发送通讯包。即发送方需根据接收方发过来的通讯要约的格式要求所生成的新验证码(7973AE9B81E74632B38F677A8DFB6C83BUmo02120810221628221)并保存,将新验证码和所需发送的数据“王××,你的第一个任务完成了没有?”放在通讯包的数据段,对通讯包加密并将最近一次所接收到的对方的验证码(D167FB39F53849f7ADB1522339D73E4DAUmo82390810221625231)作为加密后的通讯包的密钥,并将整个通讯包发送给对方,即此步骤中加密后的通讯包的解密码为D167FB39F53849f7ADB1522339D73E4DAUmo82390810221625231。This step is for the other party to generate a new verification code and save it according to the format requirements of the communication offer it received, put the new verification code and the data to be sent in the data segment of the communication packet, and put the last received The verification code is placed in the identification section of the communication package or the communication package is encrypted, and the verification code received last time from the other party is used as the key of the encrypted communication package, and the entire communication package is sent to the other party. There are two types of communication packets here. One type of communication packet is composed of identification segment and data segment, and the data segment is composed of verification code and data. Its specific structure is shown in Figure 2; the other type of communication packet has no identification segment. There is only a data segment, and its data segment is composed of a verification code and data, and its specific structure is shown in FIG. 3 . Because the communication offer in this embodiment requires that the communication packet has only data segments, the communication packet should be encrypted with the verification code received last time, so we use the communication packet shown in FIG. 3 in this embodiment. In this embodiment, the other communication party in this step is the sender, that is, this step can be expressed as: the sender generates a verification code and a communication packet, and sends the communication packet. That is, the sender needs to generate and save the new verification code (7973AE9B81E74632B38F677A8DFB6C83BUmo02120810221628221) according to the format requirements of the communication offer sent by the receiver, and send the new verification code and the required data "Wang ××, your first task is completed No?" in the data section of the communication package, encrypt the communication package and use the verification code (D167FB39F53849f7ADB1522339D73E4DAUmo82390810221625231) received last time as the key of the encrypted communication package, and send the entire communication package to the other party, that is The decryption code of the encrypted communication packet in this step is D167FB39F53849f7ADB1522339D73E4DAUmo82390810221625231.

步骤S14:进行验证。Step S14: Verify.

此步骤为通讯双方中的一方接收到对方的通讯包后用自己最近一次保存的验证码对其所接收到的通讯包进行验证,如果验证正确,则执行步骤S15,否则结束通讯。这里的通讯双方中的一方所进行验证根据通讯要约的要求不同而不同,即如果通讯要约不需加密,验证方所接收到的通讯包有标识段时所进行的验证为判断所接收到的通讯包的标识段中验证码与验证方最近一次所保存的验证码是否一致;如果通讯要约需加密,验证方所接收到的通讯包没有标识段时所进行的验证为验证方最近一次所保存的验证码能否对所接收到的通讯包解密。在本实例中,此步骤可表述为接收方对其所接收到的通讯包进行验证。由于本实施例中通讯要约需加密,验证方所接收到的通讯包没有标识段,因而此步骤接收方应用自己最近一次所保存的验证码167FB39F53849f7ADB1522339D73E4DAUmo82390810221625231对所接收到的通讯包进行解密,如果能解密,则执行步骤S15;否则,说明所接收的通讯包中的内容被第三方非法改动过,接收方拒绝对通讯包进行处理,通讯结束。在此实施例中此步骤所收到的通讯包没有被第三方非法改动过,因而能解密,所以执行本步骤后,执行步骤S15。In this step, one of the communication parties uses the verification code saved last time to verify the received communication packet after receiving the other party's communication packet. If the verification is correct, execute step S15, otherwise end the communication. The verification performed by one of the communication parties here is different according to the requirements of the communication offer. That is, if the communication offer does not need to be encrypted, the verification performed when the communication packet received by the verification party has an identification segment is to judge the received communication. Whether the verification code in the identification section of the package is consistent with the verification code saved last time by the authenticator; if the communication offer needs to be encrypted, the verification performed when the communication packet received by the authenticator does not have an identification section is the last saved verification code by the authenticator Whether the verification code can decrypt the received communication packet. In this example, this step can be described as the receiver verifying the received communication packet. Since the communication offer needs to be encrypted in this embodiment, the communication packet received by the verifier does not have an identification segment, so in this step the receiver applies the verification code 167FB39F53849f7ADB1522339D73E4DAUmo82390810221625231 saved last time to decrypt the received communication packet. If it is decrypted, step S15 is executed; otherwise, it means that the content in the received communication packet has been illegally altered by a third party, the receiver refuses to process the communication packet, and the communication ends. In this embodiment, the communication packet received in this step has not been illegally altered by a third party, so it can be decrypted, so after this step is executed, step S15 is executed.

步骤S15:判断通讯是否结束Step S15: Determine whether the communication is over

在此步骤中,如果通讯需结束,则通讯双方的整个通讯结束;反之则执行步骤17。在本实施例中,此时是接收方进行此步骤操作,因接收方接到的数据为“王××,你的第一个任务完成了没有?”接收方应对此做出回应,所以此步骤执行完后执行步骤S16。In this step, if the communication needs to end, the entire communication between the two communicating parties ends; otherwise, step 17 is executed. In this embodiment, it is the receiving party who performs this step at this time, because the data received by the receiving party is "Wang ××, have you completed your first task?" The receiving party should respond to this, so here Step S16 is executed after the steps are executed.

步骤S16:处理完数据后生成验证码和通讯包,发送通讯包。Step S16: After the data is processed, a verification code and a communication packet are generated, and the communication packet is sent.

此步骤中通讯双方中的一方对其所接收到的通讯包中的数据进行处理后需进行的操作与步骤S13中通讯一方所执行的操作相同。执行完此步骤后转入步骤S14,通讯双方根据具体情况重复执行步骤S14至步骤S16,直到通讯结束为止。本实施例中,接收方对所接收到的通讯包中的数据进行处理后需进行的操作与发送方在步骤S13中所执行的操作相同,接收方按照通讯要约的格式要求生成一个新验证码并保存,其生成的验证码为D167FB39F53849f7ADB1522339D73E4DAUmo82400840681629082,将需发送的数据“我已完成第一个任务,下一步应做什么?”和新验证码放在通讯包中并根据通讯要约中的加密方法对通讯包加密后将其发送给发送方,此步骤所发送的通讯包的解密码为所接收到的验证码——7973AE9B81E74632B38F677A8DFB6C83BUmo02120810221628221。在本实施中,接收方执行本步骤后,进入步骤S14,即需发送方执行步骤S14。In this step, the operations to be performed by one of the communicating parties after processing the data in the received communication packet are the same as the operations performed by the communicating party in step S13. After this step is executed, turn to step S14, and the communication parties repeatedly execute step S14 to step S16 according to specific conditions until the communication ends. In this embodiment, the operations that the receiver needs to perform after processing the data in the received communication packet are the same as those performed by the sender in step S13, and the receiver generates a new verification code according to the format requirements of the communication offer And save it, the generated verification code is D167FB39F53849f7ADB1522339D73E4DAUmo82400840681629082, put the data to be sent "I have completed the first task, what should I do next?" and the new verification code in the communication package and encrypt the communication according to the encryption method in the communication offer After the packet is encrypted, it is sent to the sender. The decryption code of the communication packet sent in this step is the received verification code—7973AE9B81E74632B38F677A8DFB6C83BUmo02120810221628221. In this implementation, after the receiver executes this step, it enters step S14, that is, the sender needs to execute step S14.

发送方执行步骤S14时,发送方先用自己最近一次所保存的在验证码——7973AE9B81E74632B38F677A8DFB6C83BUmo02120810221628221对所接收到的通讯包进行解密。在本实施中,假设发送方在本步骤中所接收的数据没有被第三方非法改动过,所以发送方能用其最近一次所保存的验证码对所接收到的通讯包解密,需执行步骤S15。When the sender executes step S14, the sender first decrypts the received communication packet with the verification code 7973AE9B81E74632B38F677A8DFB6C83BUmo02120810221628221 saved last time. In this implementation, it is assumed that the data received by the sender in this step has not been illegally altered by a third party, so the sender can decrypt the received communication packet with the verification code saved last time, and step S15 needs to be performed .

发送方在执行步骤S15时,因其此次所接收到的数据为“我已完成第一个任务,下一步应做什么?”所以需对此做出反应,所以发送方需要接着执行步骤S16。When the sender executes step S15, because the data received this time is "I have completed the first task, what should I do next?", so it needs to respond to this, so the sender needs to proceed to step S16 .

发送方执行步骤S16时,根据通讯要约的格式要求生成并保存新验证码7973AE9B81E74632B38F677A8DFB6C83BUmo02130246521623628,将新验证码和需发送的数据“请接着执行第二个任务,我没的事了。”放在通讯包中并按通讯要约的要求对通讯包加密后发送给接收方,此次所发送的通讯包的解密码为发送方所接收到的验证码:D167FB39F53849f7ADB1522339D73E4DAUmo82400840681629082。发送方执行完步骤S16后,接收方又需执行步骤S14。When executing step S16, the sender generates and saves a new verification code 7973AE9B81E74632B38F677A8DFB6C83BUmo02130246521623628 according to the format requirements of the communication offer, and puts the new verification code and the data to be sent "Please proceed to the second task, I am fine." in the communication package According to the requirements of the communication offer, the communication package is encrypted and sent to the receiver. The decryption code of the communication package sent this time is the verification code received by the sender: D167FB39F53849f7ADB1522339D73E4DAUmo82400840681629082. After the sender executes step S16, the receiver needs to execute step S14 again.

接收方执行步骤S14时,接收方用自己最近一次所保存的验证码D167FB39F53849f7ADB1522339D73E4DAUmo82400840681629082对其接收到的通讯包进行解密验证,假设步骤发送方所接收的通讯包没有被第三方非法改动过,因而接收方能解密,验证正确,需执行步骤S15。When the receiver executes step S14, the receiver uses the verification code D167FB39F53849f7ADB1522339D73E4DAUmo82400840681629082 saved last time to decrypt and verify the received communication packet. Assuming that the communication packet received by the sender has not been illegally modified by a third party, the receiver If it can be decrypted and the verification is correct, step S15 needs to be performed.

接收方执行步骤S15时,因接收到的数据为“请接着执行第二个任务,我没别的事了。”所以不需对此做出回应,通讯结束,即整个通话结束。When the receiving party executes step S15, because the received data is "please continue to perform the second task, I have nothing else to do." So there is no need to respond to this, and the communication ends, that is, the entire call ends.

本发明所述的方法并不限于具体实施方式中所述的实施例,本领域技术人员根据本发明的技术方案得出其他的实施方式,同样属于本发明的技术创新范围。The method described in the present invention is not limited to the examples described in the specific implementation manners, and those skilled in the art can obtain other implementation manners according to the technical solutions of the present invention, which also belong to the technical innovation scope of the present invention.

Claims (10)

1. the safe communication method of a cross validation, the method comprises following steps:
(1) set up communication between communication two party and connect, communication one side sends to communication the opposing party after generating an identifying code and communication offer and the two being kept at this locality;
(2) communication the opposing party is according to the call format of its communication offer that receives, generate a new identifying code and preservation, new identifying code and the data that need to send are placed on the data segment of communication bag, the other side's that the last time is received identifying code is placed on the identification section of communication bag or to communication packet encryption and the other side's that the last time is the received identifying code key as the communication bag after encrypting, more whole communication bag is sent to the other side;
(3) communication two party repeats following operation until communication finishes:
After receiving the communication bag that the other side sends, go to verify received communication bag with the own the last identifying code of preserving, if verify incorrect, end process then; Otherwise according to the method for communication side in the step (2), generate a new identifying code and preservation, then form the communication bag and send it to the other side.
2. the safe communication method of a kind of cross validation as claimed in claim 1, it is characterized in that: described identifying code is the character code of random character, its concrete form is the object identity code, random string, a kind of in all combinations that serial number and timestamp form, but it comprises random string or timestamp at least, wherein said object identity code is the character string of communication two party sign self, random string is according to the random CHAR that generates of regulation in the communication offer, serial number is the continuous number that records in the communication process, and timestamp is the character string that the current time is converted to prescribed form according to the communication offer.
3. the safe communication method of a kind of cross validation as claimed in claim 1 is characterized in that: all generate different identifying codes during the each communication of described communication two party.
4. the safe communication method of a kind of cross validation as claimed in claim 1 is characterized in that: but the form of described identifying code this locality identifying processing only is need not communication two party consistent.
5. the safe communication method of a kind of cross validation as claimed in claim 1, it is characterized in that: described communication offer comprises the composition call format of identifying code and the call format of whole communication bag, specifically comprises beginning label, data length, data verification method and the data ciphering method of data segment.
6. the safe communication method of a kind of cross validation as claimed in claim 1 is characterized in that: send to the other side after the communication bag that comprises identification section is encrypted by the encryption method of communication two party agreement again, need after the other side receives the communication bag is decrypted.
7. such as the safe communication method of the described a kind of cross validation of one of claim 1 to 6, it is characterized in that: if in the communication bag that receives identification section is arranged, the checking described in the step (3) refers to judge whether the identifying code that identifying code and the authentication the last time in the received communication bag identification section preserve is consistent; Otherwise the checking described in the step (3) refers to that can authentication to received communication bag deciphering with the last identifying code of preserving.
8. the safe communication method of a kind of cross validation as claimed in claim 7, it is characterized in that: in the step (3), communication one square tube is crossed data buffering equipment, and the non-ordered data bag that receives is processed according to the identifying code ordering.
9. the safety communication system of a cross validation, this system comprises such as lower device:
Communication connects apparatus for establishing: be used for setting up communication and connect between communication two party;
Communication offer generating apparatus: be used for generating and preserving the communication offer;
Identifying code generating apparatus: be used for generating and preserving identifying code, trigger communication bag generating apparatus;
Communication bag generating apparatus: be used for the new identifying code that the identifying code generating apparatus is generated according to the call format of the communication offer that receives and identifying code that the data that need to send are placed on communication bag data segment and the other side that the last time is received is placed on that communication bag identification section forms the communication bag that comprises identification section or new identifying code that the identifying code generating apparatus is generated according to the call format of the communication offer that receives and needing sends data are placed on communication bag data segment and form the communication bag that only has data segment, and trigger the communication sending and receiving device;
Communication reception and dispensing device: be used for communication two party and receive and send the communication bag, trigger demo plant after receiving the communication bag;
Demo plant: be used for communication one side after receiving the communication bag that the other side sends, go to verify received communication bag with the own the last identifying code of preserving, if verify incorrect, end process then; Otherwise trigger the identifying code generating apparatus;
Communication finishes judgment means: be used for judging whether communication finishes, if so, end process then, otherwise the communication between the continuation communication two party;
Encryption device: be used for the communication bag is encrypted, the other side's that the last time is received identifying code sends to the other side with whole communication bag again as the key of the communication bag after encrypting.
10. the safety communication system of a kind of cross validation as claimed in claim 9, it is characterized in that: described system also comprises a data buffer device, the non-ordered data bag that this equipment is used for receiving is processed according to the identifying code ordering.
CN 200810226281 2008-11-12 2008-11-12 Cross-validation safety communication method and system Expired - Fee Related CN101741823B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 200810226281 CN101741823B (en) 2008-11-12 2008-11-12 Cross-validation safety communication method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 200810226281 CN101741823B (en) 2008-11-12 2008-11-12 Cross-validation safety communication method and system

Publications (2)

Publication Number Publication Date
CN101741823A CN101741823A (en) 2010-06-16
CN101741823B true CN101741823B (en) 2013-01-16

Family

ID=42464715

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 200810226281 Expired - Fee Related CN101741823B (en) 2008-11-12 2008-11-12 Cross-validation safety communication method and system

Country Status (1)

Country Link
CN (1) CN101741823B (en)

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104333562B (en) * 2014-11-27 2017-11-03 沈文策 Data pack transmission method and device
CN106815734B (en) * 2015-11-27 2022-02-08 方正国际软件(北京)有限公司 An information transmission method and device
CN106502505B (en) * 2016-10-31 2020-07-17 维沃移动通信有限公司 Information notification display method and mobile terminal
CN106713328A (en) * 2016-12-29 2017-05-24 北京奇虎科技有限公司 Information processing method and apparatus based on long connection
CN106936594B (en) * 2017-05-17 2020-03-17 浪潮天元通信信息系统有限公司 Chain type self-authentication security interaction method
CN109033801B (en) * 2018-07-25 2022-07-08 河北千和电子商务有限公司 Method for verifying user identity by application program, mobile terminal and storage medium
CN109359937B (en) * 2018-09-14 2022-02-08 厦门天锐科技股份有限公司 Offline approval method
CN109639719B (en) * 2019-01-07 2020-01-24 武汉稀云科技有限公司 Identity verification method and device based on temporary identifier
CN210067709U (en) * 2019-01-28 2020-02-14 赵晶磊 Electronic locks and electronic packaging devices

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1455341A (en) * 2002-04-30 2003-11-12 微软公司 Method for long-distance changing of communication cipher code
CN101141278A (en) * 2007-10-17 2008-03-12 北大方正集团有限公司 Data transmission system, data sending method, data processing method and corresponding device
US7424736B2 (en) * 2004-03-10 2008-09-09 Combrio, Inc. Method for establishing directed circuits between parties with limited mutual trust

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1455341A (en) * 2002-04-30 2003-11-12 微软公司 Method for long-distance changing of communication cipher code
US7424736B2 (en) * 2004-03-10 2008-09-09 Combrio, Inc. Method for establishing directed circuits between parties with limited mutual trust
CN101141278A (en) * 2007-10-17 2008-03-12 北大方正集团有限公司 Data transmission system, data sending method, data processing method and corresponding device

Also Published As

Publication number Publication date
CN101741823A (en) 2010-06-16

Similar Documents

Publication Publication Date Title
CN101741823B (en) Cross-validation safety communication method and system
CN102317904B (en) System and methods for encryption with authentication integrity
CN103546289B (en) USB (universal serial bus) Key based secure data transmission method and system
CN105162599B (en) A kind of data transmission system and its transmission method
CN101917270A (en) A Weak Authentication and Key Agreement Method Based on Symmetric Cryptography
JP2008500755A5 (en)
WO2016058404A1 (en) Entity authentication method and device based on pre-shared key
CN102026180A (en) M2M transmission control method, device and system
CN103179086A (en) Method and system for remote storing processing of data
CN101631305B (en) Encryption method and system
CN106412862A (en) Short message reinforcement method, apparatus and system
CN101621794A (en) Method for realizing safe authentication of wireless application service system
CN101163044A (en) Remote updating method and system for information safety equipment
CN101753308B (en) Integrity authentication method
CN109474419A (en) A kind of living body portrait photo encryption and decryption method and encrypting and deciphering system
CN107005577A (en) The processing method and processing unit of finger print data
WO2015003512A1 (en) Concentrator, ammeter, and message processing method therefor
CN102970676A (en) Method for processing original data, internet of thing system and terminal
CN106357404A (en) Data encryption method based on NFC chip security authentication
CN105791258A (en) A data transmission method, terminal and open platform
KR101284155B1 (en) authentication process using of one time password
CN112487380B (en) Data interaction method, device, equipment and medium
CN103312678B (en) A kind of client security login, Apparatus and system
CN1532726A (en) Method for obtaining digital siguature and realizing data safety
CN113591109B (en) Method and system for communication between trusted execution environment and cloud

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20130116

Termination date: 20141112

EXPY Termination of patent right or utility model