[go: up one dir, main page]

TWI784280B - Network communication method and network communication system - Google Patents

Network communication method and network communication system Download PDF

Info

Publication number
TWI784280B
TWI784280B TW109118335A TW109118335A TWI784280B TW I784280 B TWI784280 B TW I784280B TW 109118335 A TW109118335 A TW 109118335A TW 109118335 A TW109118335 A TW 109118335A TW I784280 B TWI784280 B TW I784280B
Authority
TW
Taiwan
Prior art keywords
address
terminal
request message
connection request
network communication
Prior art date
Application number
TW109118335A
Other languages
Chinese (zh)
Other versions
TW202147813A (en
Inventor
李忠憲
劉奕賢
劉川綱
吳謹瑞
賴佳俊
吳其哲
Original Assignee
國立成功大學
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 國立成功大學 filed Critical 國立成功大學
Priority to TW109118335A priority Critical patent/TWI784280B/en
Publication of TW202147813A publication Critical patent/TW202147813A/en
Application granted granted Critical
Publication of TWI784280B publication Critical patent/TWI784280B/en

Links

Images

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

A network communication method is disclosed. The network communication method includes: sending, by a first terminal, a connection request message with an address thereof; receiving, by a second terminal, the connection request message; determining, by the second terminal, whether the address included in the connection request message is a valid address accepted thereby; and sending, by the second terminal, a connection message to the first terminal in response to the connection request message if yes. The address of the first terminal and the valid address are generated dynamically.

Description

網路通訊方法及網路通訊系統Network communication method and network communication system

本發明是有關於網路通訊,且特別是指一種網路通訊方法及網路通訊系統。The present invention relates to network communication, and in particular to a network communication method and network communication system.

網路通訊一般使用通訊位址、通訊協定來完成終端的通訊連接。在以往終端進行通訊的過程中,為了確保不同終端彼此之間的安全通訊,通常由資訊加密方式進行,而所使用的通訊位址和通訊協定則為公開,但這種方式常常會因為加解密設計過於簡單而被破解,且惡意人士可對特定的網路終端進行網路攻擊,例如分散式阻斷服務攻擊(distributed denial-of-service attack;DDoS),導致系統癱瘓或不穩定。Network communication generally uses communication address and communication protocol to complete the communication connection of the terminal. In the process of terminal communication in the past, in order to ensure the secure communication between different terminals, information encryption is usually carried out, and the communication address and communication protocol used are public, but this method is often due to encryption and decryption. The design is too simple to be cracked, and malicious people can carry out network attacks on specific network terminals, such as distributed denial-of-service attack (DDoS), causing system paralysis or instability.

另一方面,近年來工業控制系統在各種場域被廣泛應用,而隨著工業控制系統部署數量增加,其受到的威脅也日愈頻繁,因此工業控制系統的資訊安全已成為非常重要的議題。舉例而言,若是關鍵基礎設施中的工業控制設備被惡意入侵或攻擊,則可能導致民生系統遭到破壞,甚至威脅到國家安全。On the other hand, in recent years, industrial control systems have been widely used in various fields. As the number of industrial control systems deployed increases, threats to them are becoming more frequent. Therefore, information security of industrial control systems has become a very important issue. For example, if the industrial control equipment in the critical infrastructure is maliciously invaded or attacked, it may cause damage to the people's livelihood system and even threaten national security.

本發明的目的是在於提供一種新的網路連線保護機制,其可在現有網路環境下,透過動態更新傳送端與接受端的通訊地址,以在進行網路通訊時,確保只有傳送端和接收端知道雙方的位址,而無法由第三方取得,避免相關的攻擊與資安風險。The purpose of the present invention is to provide a new network connection protection mechanism, which can dynamically update the communication addresses of the transmitting end and the receiving end in the existing network environment, so as to ensure that only the transmitting end and the receiving end are connected during network communication. The receiving end knows the addresses of both parties, but cannot be obtained by a third party, avoiding related attacks and information security risks.

本發明之一方面是在於提供一種網路通訊方法,其包含:由第一終端發送包含其位址的連接請求訊息;以及由第二終端接收連接請求訊息,並判別連接請求訊息包含的位址是否為其接受的有效位址,若是則發送對應連接請求訊息的同意連接訊息至第一終端。第一終端的位址及有效位址是動態產生。One aspect of the present invention is to provide a network communication method, which includes: sending a connection request message including its address by the first terminal; and receiving the connection request message by the second terminal, and judging the address included in the connection request message Whether it is a valid address accepted by it, and if so, send a connection approval message corresponding to the connection request message to the first terminal. The address and effective address of the first terminal are dynamically generated.

依據本發明的一實施例,上述第一終端的位址由第一終端依據初始化參數計算出,且上述有效位址由第二終端依據初始化參數計算出。According to an embodiment of the present invention, the address of the first terminal is calculated by the first terminal according to the initialization parameter, and the effective address is calculated by the second terminal according to the initialization parameter.

依據本發明的又一實施例,上述第一終端的位址及上述有效位址每隔預定週期更新。According to yet another embodiment of the present invention, the address of the first terminal and the effective address are updated every predetermined period.

依據本發明的又一實施例,上述網路通訊方法更包含:每隔上述預定週期更新上述有效位址中最久未被更新的有效位址。According to yet another embodiment of the present invention, the network communication method further includes: updating the valid address among the valid addresses that has not been updated for the longest time every the predetermined period.

依據本發明的又一實施例,上述第一終端的位址及上述有效位址為IP位址。According to yet another embodiment of the present invention, the address of the first terminal and the effective address are IP addresses.

依據本發明的一些實施例,上述第一終端的位址包含前導位元(prefix)和主機識別碼位元(host ID),且上述第一終端的位址每隔上述預定週期更新為上述第一終端之位址的主機識別碼位元動態更新。According to some embodiments of the present invention, the address of the first terminal includes a preamble (prefix) and a host identification code bit (host ID), and the address of the first terminal is updated to the first The host identification code bit of the address of a terminal is updated dynamically.

依據本發明的一些實施例,上述第一終端之位址的主機識別碼位元包含固定的設備識別碼部分和動態更新的其餘部分。According to some embodiments of the present invention, the host identification code bit of the address of the first terminal includes a fixed device identification code part and a dynamically updated remaining part.

依據本發明的一些實施例,上述有效位址包含前導位元和主機識別碼位元,且上述有效位址每隔上述預定週期更新為上述有效位址的主機識別碼位元動態更新。According to some embodiments of the present invention, the effective address includes a leading bit and a host identification code bit, and the effective address is updated dynamically with the host identification code bit of the effective address every predetermined period.

依據本發明的一些實施例,上述有效位址的主機識別碼位元包含固定的設備識別碼部分和動態更新的其餘部分。According to some embodiments of the present invention, the host ID bit of the effective address includes a fixed device ID part and a dynamically updated remaining part.

本發明的另一方面是在於提出一種網路通訊系統,其包含第一終端和第二終端。第一終端配置為動態產生其位址且發送包含其位址的連接請求訊息。第二終端配置為動態產生有效位址且接收連接請求訊息,並判別連接請求訊息包含之第一終端的位址是否為有效位址,若是則發送對應連接請求訊息的同意連接訊息至第一終端。Another aspect of the present invention is to provide a network communication system, which includes a first terminal and a second terminal. The first terminal is configured to dynamically generate its address and send a connection request message including its address. The second terminal is configured to dynamically generate a valid address and receive a connection request message, and determine whether the address of the first terminal included in the connection request message is a valid address, and if so, send a connection approval message corresponding to the connection request message to the first terminal .

以下仔細討論本發明的實施例。然而,可以理解的是,實施例提供許多可應用的概念,其可實施於各式各樣的特定內容中。所討論、揭示之實施例僅供說明,並非用以限定本發明之範圍。Embodiments of the invention are discussed in detail below. It should be appreciated, however, that the embodiments provide many applicable concepts that can be implemented in a wide variety of specific contexts. The discussed and disclosed embodiments are for illustration only, and are not intended to limit the scope of the present invention.

在本文中所使用的用語僅是為了描述特定實施例,非用以限制申請專利範圍。除非另有限制,否則單數形式的「一」或「該」用語也可用來表示複數形式。The terms used herein are only used to describe specific embodiments, and are not intended to limit the scope of patent applications. Unless otherwise limited, the terms "a" or "the" in the singular may also be used in the plural.

關於本文中所使用之「耦接」一詞,可指二或多個元件相互直接實體或電性接觸,或是相互間接實體或電性接觸。「耦接」還可指二或多個元件相互操作或動作。As used herein, the term "coupled" may refer to two or more elements in direct physical or electrical contact with each other, or in indirect physical or electrical contact with each other. "Coupled" may also mean that two or more elements interoperate or act.

可理解的是,雖然在本文中所使用之「第一」、「第二」等術語可用來描述不同的元件和/或實體,此些元件和/或實體應不受此些術語的限制。此些術語僅為了將一個元件和/或實體與其他元件和/或實體作區別。It can be understood that although terms such as "first" and "second" used herein may be used to describe different elements and/or entities, these elements and/or entities should not be limited by these terms. These terms are only used to distinguish one element and/or entity from other elements and/or entities.

為了簡化和明確說明,本文可能會在各種實施例中重複使用元件符號和/或字母,但這並不表示所討論的各種實施例及/或配置之間有因果關係。For the sake of simplicity and clear description, element symbols and/or letters may be used repeatedly in various embodiments herein, but this does not mean that there is a causal relationship between the various embodiments and/or configurations discussed.

圖1為本發明實施例之網路通訊系統100的示意圖。網路通訊系統100包含多個終端110和網路120。每一終端110可以是由單個或多個設備構成。網路120可以是例如全域網路(global area network)、蜂巢網路(cellular network)、廣域網路(wide area network)、都會網路(metropolitan area network)、區域網路(local area network)和/或個人區域網路(personal area network),但不限於此。終端110可透過有線和/或無線方式接取網路120。網路120可包含核心網路(core network)和例如存取點(access point)、存取點(access point),或其他。此外,終端110和網路120可依據其類型,透過網際網路(internet)、內部網路(intranet)、外部網路(extranet)或其他網路技術相互連接及通訊。應注意的是,圖1所示之網路通訊系統100僅以三個為例,依據使用需求,網路通訊系統100可包含兩個以上的終端,而不以三個為限。FIG. 1 is a schematic diagram of a network communication system 100 according to an embodiment of the present invention. The network communication system 100 includes a plurality of terminals 110 and a network 120 . Each terminal 110 may be composed of a single or multiple devices. The network 120 may be, for example, a global area network, a cellular network, a wide area network, a metropolitan area network, a local area network, and/or or personal area network (personal area network), but not limited to. The terminal 110 can access the network 120 through wired and/or wireless means. The network 120 may include a core network and, for example, access points, access points, or others. In addition, the terminal 110 and the network 120 can be connected and communicate with each other through the internet, intranet, extranet or other network technologies according to their types. It should be noted that the network communication system 100 shown in FIG. 1 only takes three as an example, and the network communication system 100 may include more than two terminals, but not limited to three, according to usage requirements.

每一終端110包含設備112和外掛裝置114。設備112具網路連接功能,且可以是例如電腦、智慧型手機、工業機台、車用電子、家用電器等,但不限於此。外掛裝置114耦接至設備112,其作為設備112通訊連接至網路120的媒介。在一些實施例中,設備112和外掛裝置114可整合為單一實體。Each terminal 110 includes a device 112 and a plug-in 114 . The device 112 has a network connection function, and may be, for example, a computer, a smart phone, an industrial machine, a car electronics, a household appliance, etc., but is not limited thereto. The plug-in device 114 is coupled to the device 112 and serves as a medium for the device 112 to communicate with the network 120 . In some embodiments, device 112 and add-on 114 may be integrated into a single entity.

圖2為圖1之外掛裝置114的功能方塊示意圖。如圖2所示,外掛裝置114包含第一接口202、定址模組204、位址轉換模組206、加密解密模組208和第二接口210。第一接口202耦接至與外掛裝置114屬於同一終端110的設備112,其用於接收設備112之包含尚未經過動態更新的位址的訊息,且/或用於將包含還原後的位址的訊息傳送至設備112。定址模組204進行動態位址計算,以決定傳送端和接收端的動態位址,並且提供通訊轉傳模組通訊雙方的資料。在一些實施例中,定址模組204可使用包含例如MD5訊息摘要演算法或安全雜湊演算法(secure hash algorithm)等演算法的雜湊函式(hash function),計算出傳送端和接收端的動態位址,但不以此為限。在另一些實施例中,定址模組204可藉由參照查找表的方式得到傳送端和接收端的動態位址。位址轉換模組206可儲存傳送端和/或接收端的動態位址,並在進行訊息傳輸時,依據定址模組204產生的動態位址,判別設備112的位址可否使用,且/或在接收另一終端的訊息時,依據定址模組204產生的動態位址,判別接收到的訊息中的位址是否包含在其接受的有效動態位址中。加密/解密模組208提供位址和資料的加密/解密功能。第二接口210耦接至網路120,其用於將包含的動態位址的訊息傳送至網路120,且/或用於從網路120接收訊息。定址模組204產生的動態位址可以是IP位址或其他適用的位址。FIG. 2 is a functional block diagram of the external device 114 in FIG. 1 . As shown in FIG. 2 , the plug-in device 114 includes a first interface 202 , an addressing module 204 , an address conversion module 206 , an encryption and decryption module 208 and a second interface 210 . The first interface 202 is coupled to the device 112 that belongs to the same terminal 110 as the plug-in device 114, and is used for receiving the message of the device 112 that includes the address that has not been dynamically updated, and/or for sending the message that includes the restored address The message is sent to device 112 . The addressing module 204 calculates the dynamic address to determine the dynamic addresses of the transmitting end and the receiving end, and provides information of both communication parties of the communication transfer module. In some embodiments, the addressing module 204 can use a hash function including algorithms such as MD5 message digest algorithm or secure hash algorithm (secure hash algorithm) to calculate the dynamic bits of the transmitting end and the receiving end address, but not limited to. In some other embodiments, the addressing module 204 can obtain the dynamic addresses of the transmitting end and the receiving end by referring to a lookup table. The address conversion module 206 can store the dynamic address of the transmitting end and/or the receiving end, and when transmitting a message, according to the dynamic address generated by the addressing module 204, determine whether the address of the device 112 can be used, and/or When receiving a message from another terminal, according to the dynamic address generated by the addressing module 204, it is judged whether the address in the received message is included in the valid dynamic address it accepts. The encryption/decryption module 208 provides the encryption/decryption function of addresses and data. The second interface 210 is coupled to the network 120 and is used for transmitting the message including the dynamic address to the network 120 and/or for receiving the message from the network 120 . The dynamic address generated by the addressing module 204 may be an IP address or other applicable addresses.

在一些實施例中,定址模組204產生的動態位址具有N個位元,其中前M個位元為前導位元(prefix),而後(N-M)個位元為介面識別碼位元。介面識別碼位元包含主機識別碼位元(host ID)和擴展識別碼位元,其中主機識別碼位元的內容對映特定的設備,而擴展識別碼位元的內容可依據時間或其他因素動態改變。前導位元、主機識別碼位元和擴展識別碼位元的位元數可依據實際應用對應調整。In some embodiments, the dynamic address generated by the addressing module 204 has N bits, wherein the first M bits are leading bits (prefix), and the last (N-M) bits are interface identification code bits. The interface identification code bit includes the host identification code bit (host ID) and the extended identification code bit. The content of the host identification code bit corresponds to a specific device, and the content of the extended identification code bit can be based on time or other factors change dynamically. The number of bits of the leading bit, the host identification code bit and the extended identification code bit can be correspondingly adjusted according to actual applications.

圖3為本發明實施例之傳送端進行網路通訊方法的流程圖。傳送端可以是圖1中的任一個或是特定終端110。圖3之傳送端進行網路通訊方法可由傳送端之終端110中的外掛裝置114進行,其說明如下。首先,進行步驟S302,產生傳送端的位址。具體而言,設備112將連接請求訊息傳送至屬於同一終端110的外掛裝置114,接著再由外掛裝置114將設備112提供的連接請求訊息中的位址轉換為動態位址作為傳送端位址。接著,進行步驟S304,確認轉換處理後的動態位址是否可使用。若可使用,進入到步驟S306,計算出接收端的目標位址,且接著進行步驟S308,依據所計算出的接收端目標位址,發送連接請求訊息至接收端;反之,則進行步驟S310,更新動態位址,並重複進行步驟S304。FIG. 3 is a flowchart of a method for network communication at a transmitting end according to an embodiment of the present invention. The transmitting end may be any one in FIG. 1 or a specific terminal 110 . The network communication method at the sending end in FIG. 3 can be performed by the plug-in device 114 in the terminal 110 at the sending end, which is described as follows. First, proceed to step S302 to generate the address of the transmitting end. Specifically, the device 112 transmits the connection request message to the plug-in device 114 belonging to the same terminal 110, and then the plug-in device 114 converts the address in the connection request message provided by the device 112 into a dynamic address as the sending end address. Next, step S304 is performed to confirm whether the converted dynamic address can be used. If available, go to step S306 to calculate the target address of the receiving end, and then proceed to step S308, send a connection request message to the receiving end according to the calculated target address of the receiving end; otherwise, proceed to step S310, update dynamic address, and repeat step S304.

步驟S312為在送出連接請求訊息後,判斷是否在預定時間內收到來自接收端的回應。若是在預定時間內收到來自接收端的回應,即收到對應所發出之連接請求訊息的同意連接訊息,則進行步驟S314,完成與接收端的通訊連接;反之,則進行步驟S310,更新動態位址,並重複進行步驟S304。Step S312 is to determine whether a response from the receiving end is received within a predetermined time after sending the connection request message. If a response from the receiving end is received within the predetermined time, that is, a connection approval message corresponding to the sent connection request message is received, then proceed to step S314 to complete the communication connection with the receiving end; otherwise, proceed to step S310 to update the dynamic address , and repeat step S304.

圖4為本發明實施例之接收端進行網路通訊方法的流程圖。接收端可以是圖1中除了作為傳送端以外之終端110以外的任一個或是特定終端110。圖4之傳送端進行網路通訊方法可由接收端之終端110中的外掛裝置114進行,其說明如下。首先,進行步驟S402,接收到來自傳送端的連接請求訊息。接著,進行步驟S404,判別連接請求訊息包含的傳送端位址是否為接收端所接受的有效位址。若是,則進行步驟S406,發送對應連接請求訊息的同意連接訊息至該第一終端;反之,則進行步驟S408,忽略接收到的連接請求訊息,例如將接收到的連接請求訊息視為無效。FIG. 4 is a flowchart of a method for network communication at a receiving end according to an embodiment of the present invention. The receiving end may be any terminal 110 or a specific terminal 110 in FIG. 1 except the transmitting end. The network communication method at the transmitting end in FIG. 4 can be performed by the plug-in device 114 in the terminal 110 at the receiving end, which is described as follows. Firstly, proceed to step S402, and receive a connection request message from the transmitting end. Next, proceed to step S404 to determine whether the sending end address included in the connection request message is a valid address accepted by the receiving end. If yes, go to step S406, send a connection approval message corresponding to the connection request message to the first terminal; otherwise, go to step S408, ignore the received connection request message, for example, treat the received connection request message as invalid.

應注意的是,傳送端和接收端雙方均使用相同的方式得到動態位址,以確保判別位址是否為有效位址的正確性。舉例而言,若是使用雜湊函式,則傳送端和接收端所使用的雜湊函式的種類和內容均相同。此外,在一些實施例中,每次傳送端和接收端之間的通訊完成後,傳送端和接收端均動態改變下次通訊使用的位址。It should be noted that both the transmitting end and the receiving end use the same method to obtain the dynamic address, so as to ensure the correctness of judging whether the address is a valid address. For example, if a hash function is used, the type and content of the hash function used by the transmitting end and the receiving end are the same. In addition, in some embodiments, each time the communication between the transmitting end and the receiving end is completed, both the transmitting end and the receiving end dynamically change the address used for the next communication.

另外,由於傳送端和接收端的位址均會動態改變,在訊息傳送的期間可能會經過位址改變。有鑑於此,本發明之網路通訊方法可利用三個位址作為是否可完成通訊連接的判別依據,其分別為在當前時槽所使用的位址、前一時槽所使用的位址、以及次一時槽所使用的位址。若網路通訊方法是使用具有前導位元和主機識別碼位元的位址進行,則這三個位址的前導位元和主機識別碼位元的內容相同但擴展識別碼位元的內容不同。In addition, since the addresses of both the transmitting end and the receiving end will change dynamically, the address may change during the message transmission. In view of this, the network communication method of the present invention can use three addresses as the basis for judging whether the communication connection can be completed, which are respectively the address used in the current time slot, the address used in the previous time slot, and the address used in the previous time slot. The address to use for the next slot. If the network communication method uses an address with a leading bit and a host identification code bit, the content of the leading bit and the host identification code bit of these three addresses is the same but the content of the extended identification code bit is different .

圖5為傳送端發送連接請求訊息至接收端的一示例。傳送端在時槽1-5時分別使用位址Addr1-Addr5。在圖5中,傳送端在時槽2中發送包含位址Addr2的連接請求訊息至接收端,且接收端在時槽2中接收到連接請求訊息。接收端在時槽2中產生Addr1-Addr3等有效位址,且由於接收到的連接請求訊息中的位址Addr2包含在Addr1-Addr3等有效位址中,故接收端判別連接請求訊息為有效訊息,接著可發送對應的同意連接訊息至傳送端。FIG. 5 is an example of sending a connection request message from the sender to the receiver. The sender uses addresses Addr1-Addr5 in time slots 1-5 respectively. In FIG. 5 , the transmitting end sends a connection request message including the address Addr2 to the receiving end in time slot 2, and the receiving end receives the connection request message in time slot 2. The receiving end generates effective addresses such as Addr1-Addr3 in time slot 2, and since the address Addr2 in the received connection request message is included in the effective addresses such as Addr1-Addr3, the receiving end judges that the connection request message is a valid message , and then a corresponding connection approval message can be sent to the sender.

圖6為傳送端發送連接請求訊息至接收端的另一示例。傳送端在時槽1-5時分別使用位址Addr1-Addr5。在圖6中,傳送端在時槽2中發送包含位址Addr2的連接請求訊息至接收端,而接收端在時槽3中接收到連接請求訊息。接收端在時槽3中產生Addr2-Addr4等有效位址,且由於接收到的連接請求訊息中的位址Addr2包含在Addr2-Addr4等有效位址中,故接收端判別連接請求訊息為有效訊息,接著可發送對應的同意連接訊息至傳送端。FIG. 6 is another example of the sender sending a connection request message to the receiver. The sender uses addresses Addr1-Addr5 in time slots 1-5 respectively. In FIG. 6 , the transmitting end sends a connection request message including the address Addr2 to the receiving end in time slot 2 , and the receiving end receives the connection request message in time slot 3 . The receiving end generates effective addresses such as Addr2-Addr4 in time slot 3, and since the address Addr2 in the received connection request message is included in the effective addresses such as Addr2-Addr4, the receiving end judges that the connection request message is a valid message , and then a corresponding connection approval message can be sent to the sender.

雖然本發明已以實施例揭露如上,然其並非用以限定本發明,任何所屬技術領域中具有通常知識者,在不脫離本發明的精神和範圍內,當可作些許的更動與潤飾,故本發明的保護範圍當視後附的申請專利範圍所界定者為準。Although the present invention has been disclosed above with the embodiments, it is not intended to limit the present invention. Anyone with ordinary knowledge in the technical field may make some changes and modifications without departing from the spirit and scope of the present invention. The scope of protection of the present invention should be defined by the scope of the appended patent application.

100:網路通訊系統 110:終端 112:設備 114:外掛裝置 120:網路 202:第一接口 204:定址模組 206:位址轉換模組 208:加密/解密模組 210:第二接口 S302:步驟 S304:步驟 S306:步驟 S308:步驟 S310:步驟 S312:步驟 S314:步驟 S402:步驟 S404:步驟 S406:步驟 S408:步驟100: Network communication system 110: terminal 112: Equipment 114: External device 120: Network 202: The first interface 204: addressing module 206:Address conversion module 208: Encryption/decryption module 210: the second interface S302: step S304: step S306: step S308: step S310: step S312: step S314: step S402: step S404: step S406: step S408: step

為了更完整了解實施例及其優點,現參照結合所附圖式所做之下列描述,其中: [圖1]為本發明實施例之網路通訊系統的示意圖; [圖2]為[圖1]之外掛裝置的功能方塊示意圖; [圖3]為本發明實施例之傳送端進行網路通訊方法的流程圖; [圖4]為本發明實施例之接收端進行網路通訊方法的流程圖; [圖5]為傳送端發送連接請求訊息至接收端的一示例;以及 [圖6]為傳送端發送連接請求訊息至接收端的另一示例。For a more complete understanding of the embodiments and advantages thereof, reference is now made to the following description taken in conjunction with the accompanying drawings, in which: [Fig. 1] is a schematic diagram of a network communication system according to an embodiment of the present invention; [Figure 2] is a functional block diagram of the external device in [Figure 1]; [ FIG. 3 ] is a flowchart of a method for network communication at a transmitting end according to an embodiment of the present invention; [ FIG. 4 ] is a flowchart of a method for network communication at a receiving end according to an embodiment of the present invention; [FIG. 5] is an example of sending a connection request message from the transmitting end to the receiving end; and [FIG. 6] is another example of sending a connection request message from the transmitter to the receiver.

國內寄存資訊(請依寄存機構、日期、號碼順序註記) 無 國外寄存資訊(請依寄存國家、機構、日期、號碼順序註記) 無Domestic deposit information (please note in order of depositor, date, and number) none Overseas storage information (please note in order of storage country, institution, date, and number) none

100:網路通訊系統100: Network communication system

110:終端110: terminal

112:設備112: Equipment

114:外掛裝置114: External device

120:網路120: Network

Claims (9)

一種網路通訊方法,包含:由一第一終端發送一連接請求訊息,該連接請求訊息包含該第一終端之位址;以及由一第二終端接收該連接請求訊息,並判別該連接請求訊息包含之該第一終端之位址是否為其接受之至少一有效位址中之一者,若是則發送對應該連接請求訊息之一同意連接訊息至該第一終端,反之則忽略該連接請求訊息;其中,該第一終端之位址及該至少一有效位址係動態產生,該第一終端之位址由該第一終端依據一初始化參數計算出,且該至少一有效位址由該第二終端依據該初始化參數計算出。 A network communication method, comprising: sending a connection request message by a first terminal, the connection request message including the address of the first terminal; and receiving the connection request message by a second terminal, and distinguishing the connection request message Whether the included address of the first terminal is one of at least one valid address accepted by it, if so, send a connection approval message corresponding to the connection request message to the first terminal, otherwise ignore the connection request message ; Wherein, the address of the first terminal and the at least one effective address are dynamically generated, the address of the first terminal is calculated by the first terminal according to an initialization parameter, and the at least one effective address is calculated by the first terminal The second terminal is calculated according to the initialization parameters. 如請求項1所述之網路通訊方法,其中該第一終端之位址及該至少一有效位址每隔一預定週期更新。 The network communication method as described in Claim 1, wherein the address of the first terminal and the at least one valid address are updated every predetermined period. 如請求項2所述之網路通訊方法,其中該至少一有效位址係複數個有效位址,且該網路通訊方法更包含:每隔該預定週期更新該些有效位址中最久未被更新者。 The network communication method as described in claim 2, wherein the at least one valid address is a plurality of valid addresses, and the network communication method further includes: updating the longest among the valid addresses every predetermined period updater. 如請求項1所述之網路通訊方法,其中該第一終端之位址及該至少一有效位址係IP位址。 The network communication method as described in Claim 1, wherein the address of the first terminal and the at least one effective address are IP addresses. 如請求項1所述之網路通訊方法,其中該第一終端之位址包含前導位元(prefix)和主機識別碼位元(host ID),且該第一終端之位址每隔該預定週期更新係該第一終端之位址之主機識別碼位元動態更新。 The network communication method as described in claim 1, wherein the address of the first terminal includes a preamble (prefix) and a host identification code bit (host ID), and the address of the first terminal is The periodic update is the dynamic update of the host identification code bits of the address of the first terminal. 如請求項5所述之網路通訊方法,其中該第一終端之位址之主機識別碼位元包含設備識別碼部分,該設備識別碼部分為固定,而該主機識別碼位元的其餘部分為動態更新。 The network communication method as described in claim 5, wherein the host identification code bits of the address of the first terminal include a device identification code part, the device identification code part is fixed, and the rest of the host identification code bits for dynamic updates. 如請求項1所述之網路通訊方法,其中該至少一有效位址中之每一者包含前導位元和主機識別碼位元,且該至少一有效位址中之每一者之位址每隔該預定週期更新係該至少一有效位址中之每一者之主機識別碼位元動態更新。 The network communication method as described in claim 1, wherein each of the at least one effective address includes a leading bit and a host identification code bit, and the address of each of the at least one effective address Updating every predetermined period is a dynamic update of the host identification code bits of each of the at least one valid address. 如請求項7所述之網路通訊方法,其中該至少一有效位址中之每一者之主機識別碼位元包含設備識別碼部分,該設備識別碼部分為固定,而該主機識別碼位元的其餘部分為動態更新。 The network communication method as described in claim 7, wherein the host identification code bits of each of the at least one effective address include a device identification code part, the device identification code part is fixed, and the host identification code bits The remainder of the meta is dynamically updated. 一種網路通訊系統,包含:一第一終端,配置為動態產生一位址且發送一連接請求訊息,該連接請求訊息包含該第一終端之位址,且該第一 終端之位址由該第一終端依據一初始化參數計算出;以及一第二終端,配置為動態產生至少一有效位址且接收該連接請求訊息,並判別該連接請求訊息包含之該第一終端之位址是否為該至少一有效位址中之一者,若是則發送對應該連接請求訊息之一同意連接訊息至該第一終端,反之則忽略該連接請求訊息,其中該至少一有效位址由該第二終端依據該初始化參數計算出。 A network communication system, comprising: a first terminal configured to dynamically generate an address and send a connection request message, the connection request message includes the address of the first terminal, and the first The address of the terminal is calculated by the first terminal according to an initialization parameter; and a second terminal configured to dynamically generate at least one effective address and receive the connection request message, and determine the first terminal included in the connection request message Whether the address of the address is one of the at least one valid address, if so, send a connection approval message corresponding to the connection request message to the first terminal, otherwise ignore the connection request message, wherein the at least one valid address Calculated by the second terminal according to the initialization parameter.
TW109118335A 2020-06-01 2020-06-01 Network communication method and network communication system TWI784280B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW109118335A TWI784280B (en) 2020-06-01 2020-06-01 Network communication method and network communication system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW109118335A TWI784280B (en) 2020-06-01 2020-06-01 Network communication method and network communication system

Publications (2)

Publication Number Publication Date
TW202147813A TW202147813A (en) 2021-12-16
TWI784280B true TWI784280B (en) 2022-11-21

Family

ID=80783802

Family Applications (1)

Application Number Title Priority Date Filing Date
TW109118335A TWI784280B (en) 2020-06-01 2020-06-01 Network communication method and network communication system

Country Status (1)

Country Link
TW (1) TWI784280B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150124586A1 (en) * 2013-11-05 2015-05-07 Cisco Technology, Inc. N-way virtual port channels using dynamic addressing and modified routing
US20160112286A1 (en) * 2014-10-17 2016-04-21 Aruba Networks, Inc. Method and system for detecting use of wrong internet protocol address

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150124586A1 (en) * 2013-11-05 2015-05-07 Cisco Technology, Inc. N-way virtual port channels using dynamic addressing and modified routing
US20160112286A1 (en) * 2014-10-17 2016-04-21 Aruba Networks, Inc. Method and system for detecting use of wrong internet protocol address

Also Published As

Publication number Publication date
TW202147813A (en) 2021-12-16

Similar Documents

Publication Publication Date Title
US11140161B2 (en) Uncloneable registration of an internet of things (IoT) device in a network
CN100474851C (en) Safety foundation structure of coordinate network name analytical agreement (PNRP) and method thereof
JP5291725B2 (en) IP address delegation
US6766453B1 (en) Authenticated diffie-hellman key agreement protocol where the communicating parties share a secret key with a third party
US20040193875A1 (en) Methods and systems for authenticating messages
US20120308012A1 (en) Identity-based encryption method and apparatus
Jakobsson et al. Stealth attacks on ad-hoc wireless networks
Thubert et al. Address protected neighbor discovery for low-power and lossy networks
EP1897266A2 (en) Human input security codes
CN1846398A (en) Authenticated key exchange based on pairwise master key
JP2010050958A (en) Transmitting terminal, receiving terminal, communicating terminal, and information distributing system
RU2006103355A (en) SYSTEM AND METHOD FOR INSTALLING THAT THE SERVER AND THE CORRESPONDENT HAVE AN AGREED PROTECTED MAIL
Aura RFC 3972: Cryptographically generated addresses (CGA)
CN103220174A (en) Method of configuring a node, related node and configuration server
Vučinić et al. Constrained join protocol (CoJP) for 6TiSCH
TWI784280B (en) Network communication method and network communication system
CN111404659B (en) Privacy protection communication method, server and communication system based on chaotic system
KR100953068B1 (en) How to Explore Secure Neighborhoods in the Internet Environment
KR100684965B1 (en) How to automatically generate Internet Protocol version 6 addresses using Internet Protocol version 6 identifiers
Aura et al. Strengthening short hash values
Vučinić et al. Rfc9031: Constrained join protocol (cojp) for 6tisch
CN219918945U (en) Encryption signature terminal
CN109451501B (en) A Secure Transmission Method of IPv6 Industrial Wireless Network Data Based on Broadcast Signcryption
Sarikaya et al. RFC 8928: Address-Protected Neighbor Discovery for Low-Power and Lossy Networks
Simon et al. RFC 9031: Constrained Join Protocol (CoJP) for 6TiSCH