[go: up one dir, main page]

CN104158816A - Authentication method and device as well as server - Google Patents

Authentication method and device as well as server Download PDF

Info

Publication number
CN104158816A
CN104158816A CN201410421329.5A CN201410421329A CN104158816A CN 104158816 A CN104158816 A CN 104158816A CN 201410421329 A CN201410421329 A CN 201410421329A CN 104158816 A CN104158816 A CN 104158816A
Authority
CN
China
Prior art keywords
message
server
digital signature
digest
issuer
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201410421329.5A
Other languages
Chinese (zh)
Inventor
姜妮
张宇
赵志军
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Institute of Acoustics CAS
Original Assignee
Institute of Acoustics CAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Institute of Acoustics CAS filed Critical Institute of Acoustics CAS
Priority to CN201410421329.5A priority Critical patent/CN104158816A/en
Publication of CN104158816A publication Critical patent/CN104158816A/en
Pending legal-status Critical Current

Links

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

本发明涉及一种认证方法、装置和服务器,所述方法包括:服务器接收消息发布端发送的指令,所述指令用于指示所述服务器生成密钥对,以使所述消息发布端根据所述密钥对中的私钥生成数字签名;所述服务器接收消息发布端发送的第一消息,所述第一消息包括所述密钥对中的公钥、数字签名、报文和消息发布端IP;所述服务器根据所述消息发布端IP,将所述消息发布端IP与预设的白名单进行匹配;当匹配成功后,所述服务器根据所述公钥和数字签名,对所述报文进行验证,当验证成功后,对所述报文进行推送。

The present invention relates to an authentication method, device, and server. The method includes: the server receives an instruction sent by a message issuer, and the instruction is used to instruct the server to generate a key pair, so that the message issuer can generate a key pair according to the The private key in the key pair generates a digital signature; the server receives the first message sent by the message issuer, and the first message includes the public key in the key pair, digital signature, message and message issuer IP ; According to the IP of the message issuing end, the server matches the IP of the information issuing end with the preset white list; when the matching is successful, the server matches the message according to the public key and digital signature Verification is performed, and when the verification is successful, the message is pushed.

Description

认证方法、装置和服务器Authentication method, device and server

技术领域technical field

本发明涉及通信技术领域,尤其涉及消息推送系统的认证方法、装置和服务器。The invention relates to the technical field of communication, in particular to an authentication method, device and server of a message push system.

背景技术Background technique

随着物联网技术的发展,人们更加迫切希望能够随时随地地从互联网获取信息和服务。然而越来越多的内容正不断地充斥着网络,人们已经很难通过简单的主动搜索来发现自己所感兴趣的资源。为了保证这些信息能够及时有效的被用户看到,相比于传统的拉取方式,消息推送方式更满足实际应用中的需要。对于分布式的消息推送系统应用来说,发布或者订阅的消息是否能够安全及时的到达,对通信双方都具有非常重要的作用。消息推送系统需要保证消息的完整性和可靠性,确保消息在传输过程中不丢失、不重复、不篡改。With the development of Internet of Things technology, people are more eager to obtain information and services from the Internet anytime, anywhere. However, more and more content is constantly flooding the Internet, and it is difficult for people to find the resources they are interested in through simple active search. In order to ensure that this information can be seen by users in a timely and effective manner, compared with the traditional pull method, the message push method meets the needs of practical applications. For distributed message push system applications, whether the published or subscribed messages can arrive in a safe and timely manner plays a very important role for both parties in the communication. The message push system needs to ensure the integrity and reliability of the message, and ensure that the message is not lost, repeated, or tampered with during transmission.

然而,在现有的消息推送系统的设计中,由于计算机软件的非法复制,通信的泄密,数据安全受到威胁,但缺乏安全认证机制,造成了消息推送系统中的安全漏洞。However, in the design of the existing message push system, due to the illegal copying of computer software, the leakage of communication, the data security is threatened, but the lack of security authentication mechanism has caused a security hole in the message push system.

发明内容Contents of the invention

本发明的目的是保证消息推送系统的安全性,避免个别用户非法连接侵入破坏数据,影响网络安全。The purpose of the present invention is to ensure the security of the message push system, to prevent individual users from illegally connecting, intruding, destroying data, and affecting network security.

第一方面,本发明实施例提供了一种认证方法,所述方法包括:In a first aspect, an embodiment of the present invention provides an authentication method, the method comprising:

服务器接收消息发布端发送的指令,所述指令用于指示所述服务器生成密钥对,以使所述消息发布端根据所述密钥对中的私钥生成数字签名;The server receives an instruction sent by the message issuer, where the instruction is used to instruct the server to generate a key pair, so that the message issuer generates a digital signature according to the private key in the key pair;

所述服务器接收消息发布端发送的第一消息,所述第一消息包括所述密钥对中的公钥、数字签名、报文和消息发布端IP;The server receives the first message sent by the message issuer, the first message includes the public key in the key pair, the digital signature, the message, and the IP of the message issuer;

所述服务器根据所述消息发布端IP,将所述消息发布端IP与本地预设的白名单进行匹配;The server matches the IP of the message publishing end with a locally preset whitelist according to the IP of the message publishing end;

当匹配成功后,所述服务器根据所述公钥和数字签名,对所述报文进行验证,当验证成功后,对所述报文进行推送。When the matching is successful, the server verifies the message according to the public key and the digital signature, and pushes the message when the verification is successful.

优选地,所述服务器根据所述公钥和数字签名,对所述报文进行验证具体包括:Preferably, the server verifying the message according to the public key and the digital signature specifically includes:

所述服务器采用哈希算法获取所述报文的报文摘要;The server obtains the message digest of the message by using a hash algorithm;

所述服务器采用公钥对所述报文的数字签名进行解密,获取到解密报文摘要;The server uses the public key to decrypt the digital signature of the message, and obtains the digest of the decrypted message;

当所述报文摘要和所述解密报文摘要相同时,验证成功。When the message digest is the same as the decrypted message digest, the verification is successful.

优选地,所述哈希算法具体为MD2、MD4、MD5或SHA-1中的任意一种。Preferably, the hash algorithm is specifically any one of MD2, MD4, MD5 or SHA-1.

优选地,所述服务器是MQTT代理服务器。Preferably, the server is an MQTT proxy server.

第二方面,本发明实施例提供了一种认证装置,所述装置包括:第一接收单元,第二接收单元,第一匹配单元,第二匹配单元;In a second aspect, an embodiment of the present invention provides an authentication device, the device comprising: a first receiving unit, a second receiving unit, a first matching unit, and a second matching unit;

所述第一接收单元,用于服务器接收消息发布端发送的指令,所述指令用于指示所述服务器生成密钥对,以使所述消息发布端根据所述密钥对中的私钥生成数字签名;The first receiving unit is configured for the server to receive an instruction sent by the message issuer, the instruction is used to instruct the server to generate a key pair, so that the message issuer can generate a key pair according to the private key in the key pair digital signature;

所述第二接收单元,用于接收消息发布端发送的第一消息,所述第一消息包括所述密钥对中的公钥、数字签名、报文和消息发布端IP;The second receiving unit is configured to receive a first message sent by a message issuer, where the first message includes the public key in the key pair, a digital signature, a message, and the IP of the message issuer;

所述第一匹配单元,用于根据所述消息发布端IP,将所述消息发布端IP与本地预设的白名单进行匹配;The first matching unit is configured to match the IP of the message publishing end with a locally preset whitelist according to the IP of the message publishing end;

所述第二匹配单元,用于根据所述公钥和数字签名,对所述报文进行验证,当验证成功后,对所述报文进行推送。The second matching unit is configured to verify the message according to the public key and the digital signature, and push the message when the verification is successful.

优选地,所述第二匹配单元具体用于:Preferably, the second matching unit is specifically used for:

所述服务器采用哈希算法获取所述报文的报文摘要;The server obtains the message digest of the message by using a hash algorithm;

所述服务器采用公钥对所述报文的数字签名进行解密,获取到解密报文摘要;The server uses the public key to decrypt the digital signature of the message, and obtains the digest of the decrypted message;

当所述报文摘要和所述解密报文摘要相同时,验证成功。When the message digest is the same as the decrypted message digest, the verification is successful.

优选地,所述哈希算法具体为MD2、MD4、MD5或SHA-1中的任意一种。Preferably, the hash algorithm is specifically any one of MD2, MD4, MD5 or SHA-1.

优选地,所述服务器是MQTT代理服务器。Preferably, the server is an MQTT proxy server.

第三方面,本发明实施例提供了一种服务器,所述服务器包括:In a third aspect, an embodiment of the present invention provides a server, and the server includes:

接收器,接收消息发布端发送的指令,所述指令用于指示处理器生成密钥对,以使所述消息发布端根据所述密钥对中的私钥生成数字签名;The receiver receives an instruction sent by the message issuing end, the instruction is used to instruct the processor to generate a key pair, so that the message issuing end generates a digital signature according to the private key in the key pair;

所述接收器还用于,接收消息发布端发送的第一消息,所述第一消息包括所述密钥对中的公钥、数字签名、报文和消息发布端IP;The receiver is further configured to receive a first message sent by the message issuer, where the first message includes the public key in the key pair, the digital signature, the message, and the IP of the message issuer;

处理器,根据所述消息发布端IP,将所述消息发布端IP与存储器中预设的白名单进行匹配;The processor, according to the IP of the message publishing end, matches the IP of the message publishing end with a preset white list in the memory;

所述处理器还用于,当匹配成功后,根据所述公钥和数字签名,对所述报文进行验证。The processor is further configured to, when the matching is successful, verify the message according to the public key and the digital signature.

发送器,当验证成功后,对所述报文进行推送。The sender pushes the message after the verification is successful.

优选地,所述处理器具体用于:Preferably, the processor is specifically used for:

所述处理器采用哈希算法获取所述报文的报文摘要;The processor obtains the message digest of the message by using a hash algorithm;

所述处理器采用公钥对所述报文的数字签名进行解密,获取到解密报文摘要;The processor uses the public key to decrypt the digital signature of the message, and obtains the digest of the decrypted message;

当所述报文摘要和所述解密报文摘要相同时,验证成功。When the message digest is the same as the decrypted message digest, the verification is successful.

通过应用本发明实施例提供的认证方法、装置和服务器,当匹配成功后,所述服务器根据公钥和数字签名,对报文进行验证,当成功后,将报文推送给消息订阅端,保证了消息发布端到消息订阅端的报文的安全性,完整性,可靠性和不可抵赖性,避免了报文在传输过程中遭到篡改或非法攻击,满足了企业级应用的安全需求,部署简单,节约成本,可扩展性强,同样能够应用到其它系统中。By applying the authentication method, device and server provided by the embodiments of the present invention, when the matching is successful, the server verifies the message according to the public key and digital signature, and when successful, pushes the message to the message subscriber to ensure Ensures the security, integrity, reliability and non-repudiation of messages from the message publisher to the message subscriber, avoids tampering or illegal attacks on messages during transmission, meets the security requirements of enterprise-level applications, and is easy to deploy , cost saving, strong scalability, and can also be applied to other systems.

附图说明Description of drawings

图1为本发明实施例一提供的基于MQTT发布/订阅机制消息推送系统架构图;FIG. 1 is an architecture diagram of a message push system based on the MQTT publish/subscribe mechanism provided by Embodiment 1 of the present invention;

图2为本发明实施例一提供的认证方法流程图;FIG. 2 is a flowchart of an authentication method provided by Embodiment 1 of the present invention;

图3为本发明实施例一提供的基于主题的发布/订阅机制;FIG. 3 is a topic-based publish/subscribe mechanism provided by Embodiment 1 of the present invention;

图4为本发明实施例二提供的认证装置示意图;FIG. 4 is a schematic diagram of an authentication device provided in Embodiment 2 of the present invention;

图5为本发明实施例三提供的服务器示意图。FIG. 5 is a schematic diagram of a server provided by Embodiment 3 of the present invention.

具体实施方式Detailed ways

为使本发明实施例的目的、技术方案和优点更加清楚,下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。In order to make the purpose, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the drawings in the embodiments of the present invention. Obviously, the described embodiments It is a part of embodiments of the present invention, but not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

为便于对本发明实施例的理解,下面将结合附图以具体实施例做进一步的解释说明,实施例并不构成对本发明实施例的限定。In order to facilitate the understanding of the embodiments of the present invention, further explanations will be given below with specific embodiments in conjunction with the accompanying drawings, which are not intended to limit the embodiments of the present invention.

本申请实施例提供的认证方法、装置及服务器,适用于对消息推送进行安全认证的场景,尤其适用于对消息队列遥测传输(Message Queuing TelemetryTransport,MQTT)发布/订阅机制系统的安全认证的场景。The authentication method, device, and server provided in the embodiments of the present application are applicable to the scenario of security authentication for message push, especially applicable to the scenario of security authentication of the Message Queuing Telemetry Transport (MQTT) publish/subscribe mechanism system.

为了保证消息推送系统的安全性,避免个别用户非法连接侵入破坏数据,影响网络安全,本申请可以通过IP认证和数字签名机制,保证消息推送操作时的安全。In order to ensure the security of the message push system and prevent individual users from illegally connecting and intruding to destroy data and affect network security, this application can pass IP authentication and digital signature mechanisms to ensure the security of message push operations.

图1为本发明实施例一提供的基于MQTT发布/订阅机制消息推送系统架构图。FIG. 1 is an architecture diagram of a message push system based on the MQTT publish/subscribe mechanism provided by Embodiment 1 of the present invention.

消息推送系统主要包括三大部分:消息发布端110,消息服务器120(在下文中也可以简称服务器),消息订阅端130。消息发布端110相当于消息的生产者,应用程序每生产一条消息,并不直接交给消息接收者,而是交给服务器,由服务器120决定将消息发送给哪些接收端。消息订阅端130相当于消息的消费者,消息订阅端130向服务器120订阅消息或者取消订阅消息,消息订阅端130有自己的消息接收队列,并可以根据需要对消息进行解包、解压缩和解密处理。服务器120是整个消息推送系统的灵魂所在,对于接收到的消息进行相关处理,推送到相应的消息订阅端130。The message push system mainly includes three parts: a message publishing terminal 110, a message server 120 (hereinafter also referred to as a server), and a message subscribing terminal 130. The message publisher 110 is equivalent to the producer of the message. Every time the application program produces a message, it is not directly delivered to the receiver of the message, but to the server, and the server 120 decides which receivers to send the message to. The message subscriber 130 is equivalent to the consumer of the message. The message subscriber 130 subscribes to the server 120 or unsubscribes the message. The message subscriber 130 has its own message receiving queue, and can unpack, decompress and decrypt the message as required deal with. The server 120 is the soul of the entire message push system, which performs relevant processing on the received messages and pushes them to the corresponding message subscribers 130 .

下面以图2为例详细说明本发明实施例提供的认证方法,图2为本发明实施例一提供的认证方法流程图,在本发明实施例中实施主体为具有处理能力的设备:服务器或者装置,例如:MQTT代理服务器。如图2所示,该实施例具体包括以下步骤:The authentication method provided by the embodiment of the present invention is described in detail below by taking FIG. 2 as an example. FIG. 2 is a flowchart of the authentication method provided by Embodiment 1 of the present invention. In the embodiment of the present invention, the subject of implementation is a device with processing capabilities: a server or a device , for example: MQTT proxy server. As shown in Figure 2, this embodiment specifically includes the following steps:

S210,服务器接收消息发布端发送的指令,所述指令用于指示所述服务器生成密钥对,以使所述消息发布端根据所述密钥对中的私钥生成数字签名。S210. The server receives an instruction sent by the message issuer, where the instruction is used to instruct the server to generate a key pair, so that the message issuer generates a digital signature according to the private key in the key pair.

消息发布端可以但不限于物联网平台中的网页服务器。服务器包括但不限于MQTT代理服务器。The message publishing end can be but not limited to the web server in the IoT platform. Servers include but are not limited to MQTT proxy servers.

服务器接收消息发布端发送的指令,该指令用于调用服务器中的数字签名认证模块,服务器根据所述指令,生成密钥对。其中,数字签名认证模块是服务器中的子程序,可以看成是相对独立的模块,当消息订阅端需要进行相应某个处理时,调用对应的模块(处理子程序)即可,例如需要生成密钥对时,调用数字签名认证模块。为了更详细地说明本发明的实施过程,在本发明实施例中涉及到的软件模块,都处于服务器中。The server receives the instruction sent by the message issuer, and the instruction is used to call the digital signature authentication module in the server, and the server generates a key pair according to the instruction. Among them, the digital signature authentication module is a subroutine in the server, which can be regarded as a relatively independent module. When the message subscriber needs to perform corresponding processing, it only needs to call the corresponding module (processing subroutine). When using a key pair, call the digital signature authentication module. In order to describe the implementation process of the present invention in more detail, the software modules involved in the embodiments of the present invention are all located in the server.

密钥对包括公钥和私钥,消息发布端采用哈希算法,将要发送的报文生生成报文摘要,采用私钥对报文摘要进行加密,加密后的摘要即为报文的数字签名。The key pair includes a public key and a private key. The message publisher uses a hash algorithm to generate a message digest for the message to be sent. The private key is used to encrypt the message digest. The encrypted digest is the digital signature of the message .

哈希算法包括但不限于消息摘要算法(Message-Digest Algorithm2,MD2)、MD4、MD5或安全散列算法(Secure Hash Algorithm,SHA-1)。Hash algorithms include but are not limited to Message-Digest Algorithm2 (MD2), MD4, MD5 or Secure Hash Algorithm (SHA-1).

S220,服务器接收消息发布端发送的第一消息,所述第一消息包括所述密钥对中的公钥、数字签名、报文和消息发布端IP。S220. The server receives the first message sent by the message issuer, where the first message includes the public key in the key pair, the digital signature, the message, and the IP of the message issuer.

消息发布端IP为网页服务器的IP地址。The message publishing end IP is the IP address of the web server.

报文为消息发布端所要发布的数据信息。The message is the data information to be released by the message publisher.

S230,根据消息发布端IP,将所述消息发布端IP与预设的白名单进行匹配。S230. Match the IP of the message issuing end with a preset whitelist according to the IP of the information issuing end.

服务器中预先设置有白名单,白名单即为服务器授权的消息发布端IP。服务器可以调用其IP验证模块,将消息发布端IP与白名单进行匹配,其中,IP验证模块和数字签名认证模块一样,为服务器中的处理子程序。A white list is preset in the server, and the white list is the IP of the message publishing end authorized by the server. The server can call its IP verification module to match the message issuer IP with the white list, wherein the IP verification module, like the digital signature verification module, is a processing subroutine in the server.

当消息发布端IP与白名单匹配成功时,说明消息发布端合法,此时进入步骤S240。When the IP of the message issuing end matches the white list successfully, it means that the message issuing end is legal, and at this time, go to step S240.

当消息发布端IP与白名单匹配失败时,说明消息发布端非法,此时服务器向消息发布端返回错误提示。When the IP of the message publisher fails to match the white list, it means that the message publisher is illegal, and the server returns an error message to the message publisher.

S240,当匹配成功后,所述服务器根据所述公钥和数字签名,对所述报文进行验证,当验证成功后,对所述报文进行推送。S240, when the matching is successful, the server verifies the message according to the public key and the digital signature, and pushes the message when the verification is successful.

服务器调用其数字签名认证模块,对报文进行验证。The server invokes its digital signature authentication module to verify the message.

优选地,所述服务器根据所述公钥和数字签名,对所述报文进行验证具体包括:Preferably, the server verifying the message according to the public key and the digital signature specifically includes:

所述服务器采用哈希算法获取所述报文的报文摘要;The server obtains the message digest of the message by using a hash algorithm;

所述服务器采用公钥对所述报文的数字签名进行解密,获取到解密报文摘要;The server uses the public key to decrypt the digital signature of the message, and obtains the digest of the decrypted message;

当所述报文摘要和所述解密报文摘要相同时,验证成功。此时,服务器将报文推送给消息订阅端,并向消息发布端返回成功提示。When the message digest is the same as the decrypted message digest, the verification is successful. At this point, the server pushes the message to the message subscriber, and returns a success prompt to the message publisher.

当所述报文摘要和所述解密报文摘要不同时,验证失败。此时,服务器不向消息订阅端推送该报文,并向消息发布端返回错误提示。When the message digest is different from the decrypted message digest, verification fails. At this time, the server does not push the message to the message subscriber, and returns an error prompt to the message publisher.

其中,消息订阅端为终端,包括但不限于手机、平板电脑、笔记本电脑、台式电脑。Wherein, the message subscribing end is a terminal, including but not limited to a mobile phone, a tablet computer, a notebook computer, and a desktop computer.

可以理解的是,服务器获取报文摘要时采用的哈希算法和消息发布端提取报文摘要时的哈希算法为同一算法。It can be understood that the hash algorithm used by the server to obtain the message digest and the hash algorithm used by the message publisher to extract the message digest are the same algorithm.

进一步地,所述报文包括报文主题;Further, the message includes a message subject;

当验证成功后,消息服务器将所述报文主题与消息订阅端的主题进行匹配,并将报文主题所对应的报文推送给相应的消息订阅端。After the verification is successful, the message server matches the subject of the message with the subject of the message subscriber, and pushes the message corresponding to the subject of the message to the corresponding message subscriber.

具体地,如图3所示,图3为本发明实施例一提供的基于主题的发布/订阅机制。图3中,服务器可以将接收到的消息发布端发送的合法的报文进行排列,示例而非限定,服务器可以将报文按照报文主题排列,构成主题队列,比如,可以将报文分类为含有主题X,主题Y的报文等。消息订阅端连接到服务器,完成注册获得注册账号,订阅或者取消自己的主题。消息订阅端可以包括一个终端,也可以包括多个终端,所述一个或多个终端订阅不同或者相同主题的报文,服务器根据本地的报文主题和消息订阅端所订阅的报文的主题将报文推送到相应的终端,比如终端A和终端C订阅了主题X,服务器则将主题X的报文推送给终端A和终端C,终端B订阅了主题Y,服务器则将主题Y的报文推送给终端B。Specifically, as shown in FIG. 3 , FIG. 3 is a topic-based publish/subscribe mechanism provided by Embodiment 1 of the present invention. In Figure 3, the server can arrange the legal messages sent by the received message publisher. The example is not limited. The server can arrange the messages according to the message topics to form a topic queue. For example, the messages can be classified into Messages containing topic X, topic Y, etc. The message subscriber connects to the server, completes the registration to obtain a registered account, and subscribes or cancels its own topic. The message subscriber may include one terminal or multiple terminals. The one or more terminals subscribe to messages of different or the same subject, and the server will The message is pushed to the corresponding terminal. For example, terminal A and terminal C subscribe to topic X, and the server pushes the message of topic X to terminal A and terminal C. Terminal B subscribes to topic Y, and the server sends the message of topic Y Push to terminal B.

采用本发明实施例提供的认证方法,服务器根据消息发布端IP,将消息发布端IP与预设的白名单进行匹配;当匹配成功后,服务器根据所述公钥和数字签名,对报文进行验证,当验证成功后,将报文推送给消息订阅端,保证了消息发布端到消息订阅端的报文的安全性,完整性,可靠性和不可抵赖性,避免了报文在传输过程中遭到篡改或非法攻击,满足了企业级应用的安全需求,部署简单,节约成本,可扩展性强,同样能够应用到其它系统中。Using the authentication method provided by the embodiment of the present invention, the server matches the IP of the message issuing end with the preset white list according to the IP of the message issuing end; Verification, when the verification is successful, the message is pushed to the message subscriber, which ensures the security, integrity, reliability and non-repudiation of the message from the message publisher to the message subscriber, and avoids the message being damaged during transmission. From tampering or illegal attacks, it meets the security requirements of enterprise-level applications. It is easy to deploy, saves costs, and has strong scalability. It can also be applied to other systems.

图4是本发明实施例二提供的认证装置示意图。如图4所示,本实施例中,包括:第一接收单元410,第二接收单元420,第一匹配单元430,第二匹配单元440;Fig. 4 is a schematic diagram of an authentication device provided by Embodiment 2 of the present invention. As shown in FIG. 4, in this embodiment, it includes: a first receiving unit 410, a second receiving unit 420, a first matching unit 430, and a second matching unit 440;

所述第一接收单元410,用于服务器接收消息发布端发送的指令,所述指令用于指示所述服务器生成密钥对,以使所述消息发布端根据所述密钥对中的私钥生成数字签名;The first receiving unit 410 is used for the server to receive an instruction sent by the message issuer, the instruction is used to instruct the server to generate a key pair, so that the message issuer can use the private key in the key pair to generate a digital signature;

所述第二接收单元420,用于接收消息发布端发送的第一消息,所述第一消息包括所述密钥对中的公钥、数字签名、报文和消息发布端IP;The second receiving unit 420 is configured to receive a first message sent by a message issuer, where the first message includes the public key in the key pair, a digital signature, a message, and the IP of the message issuer;

所述第一匹配单元430,用于根据所述消息发布端IP,将所述消息发布端IP与预设的白名单进行匹配;The first matching unit 430 is configured to match the message publisher IP with a preset whitelist according to the message publisher IP;

所述第二匹配单元440,用于根据所述公钥和数字签名,对所述报文进行验证,当验证成功后,对所述报文进行推送。The second matching unit 440 is configured to verify the message according to the public key and the digital signature, and push the message when the verification is successful.

可选地,所述第二匹配单元440具体用于:Optionally, the second matching unit 440 is specifically configured to:

所述服务器采用哈希算法获取所述报文的报文摘要;The server obtains the message digest of the message by using a hash algorithm;

所述服务器采用公钥对所述报文的数字签名进行解密,获取到解密报文摘要;The server uses the public key to decrypt the digital signature of the message, and obtains the digest of the decrypted message;

当所述报文摘要和所述解密报文摘要相同时,验证成功。When the message digest is the same as the decrypted message digest, the verification is successful.

可选地,所述哈希算法具体为MD2、MD4、MD5或SHA-1中的任意一种。Optionally, the hash algorithm is specifically any one of MD2, MD4, MD5 or SHA-1.

可选地,所述服务器是MQTT代理服务器。Optionally, the server is an MQTT proxy server.

采用本发明实施例提供的认证装置,服务器根据所述消息发布端IP,将所述消息发布端IP与预设的白名单进行匹配;当匹配成功后,所述服务器根据所述公钥和数字签名,对所述报文进行验证,当验证成功后,将所述报文推送给消息订阅端,保证了消息发布端到消息订阅端的报文的安全性,完整性,可靠性和不可抵赖性,避免了报文在传输过程中遭到篡改或非法攻击,满足了企业级应用的安全需求,部署简单,节约成本,可扩展性强,同样能够应用到其它系统中。Using the authentication device provided by the embodiment of the present invention, the server matches the message issuing end IP with the preset white list according to the message issuing end IP; Signature to verify the message, and when the verification is successful, push the message to the message subscriber, ensuring the security, integrity, reliability and non-repudiation of the message from the message publisher to the message subscriber , which avoids tampering or illegal attacks on messages during transmission, meets the security requirements of enterprise-level applications, is simple to deploy, saves costs, and has strong scalability. It can also be applied to other systems.

图5为本发明实施例三提供的服务器示意图。如图5所示,本实施例包括:接收器510,处理器520,存储器530,发送器540。其中接收器510,处理器520,存储器530和发送器540通过系统总线(图5中未示出)相连接。FIG. 5 is a schematic diagram of a server provided by Embodiment 3 of the present invention. As shown in FIG. 5 , this embodiment includes: a receiver 510 , a processor 520 , a memory 530 , and a transmitter 540 . The receiver 510, the processor 520, the memory 530 and the transmitter 540 are connected through a system bus (not shown in FIG. 5 ).

接收器510,接收消息发布端发送的指令,所述指令用于指示所述处理器生成密钥对,以使所述消息发布端根据所述密钥对中的私钥生成数字签名;The receiver 510 receives an instruction sent by the message issuer, where the instruction is used to instruct the processor to generate a key pair, so that the message issuer generates a digital signature according to the private key in the key pair;

所述接收器510还用于,接收消息发布端发送的第一消息,所述第一消息包括所述密钥对中的公钥、数字签名、报文和消息发布端IP;The receiver 510 is further configured to receive a first message sent by the message issuer, where the first message includes the public key in the key pair, the digital signature, the message, and the IP of the message issuer;

处理器520,根据所述消息发布端IP,将所述消息发布端IP与存储器530中预设的白名单进行匹配;The processor 520, according to the IP of the message issuing end, matches the IP of the information issuing end with the preset white list in the memory 530;

所述处理器520还用于,当匹配成功后,根据所述公钥和数字签名,对所述报文进行验证。The processor 520 is further configured to, when the matching is successful, verify the message according to the public key and the digital signature.

发送器540,当验证成功后,对所述报文进行推送。The sender 540 pushes the message after the verification is successful.

可选地,所述处理器520具体用于:Optionally, the processor 520 is specifically configured to:

所述处理器采用哈希算法获取所述报文的报文摘要;The processor obtains the message digest of the message by using a hash algorithm;

所述处理器采用公钥对所述报文的数字签名进行解密,获取到解密报文摘要;The processor uses the public key to decrypt the digital signature of the message, and obtains the digest of the decrypted message;

当所述报文摘要和所述解密报文摘要相同时,验证成功。When the message digest is the same as the decrypted message digest, the verification is successful.

服务器可以采用和图3的方法,将报文推送给消息订阅端,此处不再赘述。The server can use the method shown in Figure 3 to push the message to the message subscriber, which will not be repeated here.

专业人员应该还可以进一步意识到,结合本文中所公开的实施例描述的各示例的单元及算法步骤,能够以电子硬件、计算机软件或者二者的结合来实现,为了清楚地说明硬件和软件的可互换性,在上述说明中已经按照功能一般性地描述了各示例的组成及步骤。这些功能究竟以硬件还是软件方式来执行,取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能,但是这种实现不应认为超出本发明的范围。Professionals should further realize that the units and algorithm steps described in conjunction with the embodiments disclosed herein can be implemented by electronic hardware, computer software, or a combination of the two. In order to clearly illustrate the relationship between hardware and software Interchangeability. In the above description, the composition and steps of each example have been generally described according to their functions. Whether these functions are executed by hardware or software depends on the specific application and design constraints of the technical solution. Those skilled in the art may use different methods to implement the described functions for each specific application, but such implementation should not be regarded as exceeding the scope of the present invention.

结合本文中所公开的实施例描述的方法或算法的步骤可以用硬件、处理器执行的软件模块,或者二者的结合来实施。软件模块可以置于随机存储器(RAM)、内存、只读存储器(ROM)、电可编程ROM、电可擦除可编程ROM、寄存器、硬盘、可移动磁盘、CD-ROM、或技术领域内所公知的任意其它形式的存储介质中。The steps of the methods or algorithms described in connection with the embodiments disclosed herein may be implemented by hardware, software modules executed by a processor, or a combination of both. Software modules can be placed in random access memory (RAM), internal memory, read-only memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, removable disk, CD-ROM, or any other Any other known storage medium.

以上所述的具体实施方式,对本发明的目的、技术方案和有益效果进行了进一步详细说明,所应理解的是,以上所述仅为本发明的具体实施方式而已,并不用于限定本发明的保护范围,凡在本发明的精神和原则之内,所做的任何修改、等同替换、改进等,均应包含在本发明的保护范围之内。The specific embodiments described above have further described the purpose, technical solutions and beneficial effects of the present invention in detail. It should be understood that the above descriptions are only specific embodiments of the present invention and are not intended to limit the scope of the present invention. Protection scope, within the spirit and principles of the present invention, any modification, equivalent replacement, improvement, etc., shall be included in the protection scope of the present invention.

Claims (10)

1.一种认证方法,其特征在于,所述方法包括:1. An authentication method, characterized in that the method comprises: 服务器接收消息发布端发送的指令,所述指令用于指示所述服务器生成密钥对,以使所述消息发布端根据所述密钥对中的私钥生成数字签名;The server receives an instruction sent by the message issuer, where the instruction is used to instruct the server to generate a key pair, so that the message issuer generates a digital signature according to the private key in the key pair; 所述服务器接收消息发布端发送的第一消息,所述第一消息包括所述密钥对中的公钥、数字签名、报文和消息发布端IP;The server receives the first message sent by the message issuer, the first message includes the public key in the key pair, the digital signature, the message, and the IP of the message issuer; 所述服务器根据所述消息发布端IP,将所述消息发布端IP与本地预设的白名单进行匹配;The server matches the IP of the message publishing end with a locally preset whitelist according to the IP of the message publishing end; 当匹配成功后,所述服务器根据所述公钥和数字签名,对所述报文进行验证,当验证成功后,对所述报文进行推送。When the matching is successful, the server verifies the message according to the public key and the digital signature, and pushes the message when the verification is successful. 2.根据权利要求1所述的方法,其特征在于,所述服务器根据所述公钥和数字签名,对所述报文进行验证具体包括:2. The method according to claim 1, wherein the server verifying the message according to the public key and the digital signature specifically includes: 所述服务器采用哈希算法获取所述报文的报文摘要;The server obtains the message digest of the message by using a hash algorithm; 所述服务器采用公钥对所述报文的数字签名进行解密,获取到解密报文摘要;The server uses the public key to decrypt the digital signature of the message, and obtains the digest of the decrypted message; 当所述报文摘要和所述解密报文摘要相同时,验证成功。When the message digest is the same as the decrypted message digest, the verification is successful. 3.根据权利要求1或2所述的方法,其特征在于,所述哈希算法具体为消息摘要算法MD2、MD4、MD5和安全散列算法SHA-1中的任意一种。3. The method according to claim 1 or 2, wherein the hash algorithm is specifically any one of message digest algorithms MD2, MD4, MD5 and secure hash algorithm SHA-1. 4.根据权利要求1所述的方法,其特征在于,所述服务器是消息队列遥测传输MQTT代理服务器。4. The method of claim 1, wherein the server is a Message Queuing Telemetry Transport (MQTT) proxy server. 5.一种认证装置,其特征在于,所述装置包括:第一接收单元,第二接收单元,第一匹配单元,第二匹配单元;5. An authentication device, characterized in that the device comprises: a first receiving unit, a second receiving unit, a first matching unit, and a second matching unit; 所述第一接收单元,用于服务器接收消息发布端发送的指令,所述指令用于指示所述服务器生成密钥对,以使所述消息发布端根据所述密钥对中的私钥生成数字签名;The first receiving unit is configured for the server to receive an instruction sent by the message issuer, the instruction is used to instruct the server to generate a key pair, so that the message issuer can generate a key pair according to the private key in the key pair digital signature; 所述第二接收单元,用于接收消息发布端发送的第一消息,所述第一消息包括所述密钥对中的公钥、数字签名、报文和消息发布端IP;The second receiving unit is configured to receive a first message sent by a message issuer, where the first message includes the public key in the key pair, a digital signature, a message, and the IP of the message issuer; 所述第一匹配单元,用于根据所述消息发布端IP,将所述消息发布端IP与本地预设的白名单进行匹配;The first matching unit is configured to match the IP of the message publishing end with a locally preset whitelist according to the IP of the message publishing end; 所述第二匹配单元,用于根据所述公钥和数字签名,对所述报文进行验证,当验证成功后,对所述报文进行推送。The second matching unit is configured to verify the message according to the public key and the digital signature, and push the message when the verification is successful. 6.根据权利要求5所述的装置,其特征在于,所述第二匹配单元具体用于:6. The device according to claim 5, wherein the second matching unit is specifically used for: 所述服务器采用哈希算法获取所述报文的报文摘要;The server obtains the message digest of the message by using a hash algorithm; 所述服务器采用公钥对所述报文的数字签名进行解密,获取到解密报文摘要;The server uses the public key to decrypt the digital signature of the message, and obtains the digest of the decrypted message; 当所述报文摘要和所述解密报文摘要相同时,验证成功。When the message digest is the same as the decrypted message digest, the verification is successful. 7.根据权利要求5或6所述的装置,其特征在于,所述哈希算法具体为MD2、MD4、MD5或SHA-1中的任意一种。7. The device according to claim 5 or 6, wherein the hash algorithm is specifically any one of MD2, MD4, MD5 or SHA-1. 8.根据权利要求5所述的装置,其特征在于,所述服务器是MQTT代理服务器。8. The device according to claim 5, wherein the server is an MQTT proxy server. 9.一种服务器,其特征在于,所述服务器包括:9. A server, characterized in that the server comprises: 接收器,接收消息发布端发送的指令,所述指令用于指示处理器生成密钥对,以使所述消息发布端根据所述密钥对中的私钥生成数字签名;The receiver receives an instruction sent by the message issuing end, the instruction is used to instruct the processor to generate a key pair, so that the message issuing end generates a digital signature according to the private key in the key pair; 所述接收器还用于,接收消息发布端发送的第一消息,所述第一消息包括所述密钥对中的公钥、数字签名、报文和消息发布端IP;The receiver is further configured to receive a first message sent by the message issuer, where the first message includes the public key in the key pair, the digital signature, the message, and the IP of the message issuer; 处理器,根据所述消息发布端IP,将所述消息发布端IP与存储器中预设的白名单进行匹配;The processor, according to the IP of the message publishing end, matches the IP of the message publishing end with a preset white list in the memory; 所述处理器还用于,当匹配成功后,根据所述公钥和数字签名,对所述报文进行验证。The processor is further configured to, when the matching is successful, verify the message according to the public key and the digital signature. 发送器,当验证成功后,对所述报文进行推送。The sender pushes the message after the verification is successful. 10.根据权利要求9所述的服务器,其特征在于,所述处理器具体用于:10. The server according to claim 9, wherein the processor is specifically configured to: 所述处理器采用哈希算法获取所述报文的报文摘要;The processor obtains the message digest of the message by using a hash algorithm; 所述处理器采用公钥对所述报文的数字签名进行解密,获取到解密报文摘要;The processor uses the public key to decrypt the digital signature of the message, and obtains the digest of the decrypted message; 当所述报文摘要和所述解密报文摘要相同时,验证成功。When the message digest is the same as the decrypted message digest, the verification is successful.
CN201410421329.5A 2014-08-25 2014-08-25 Authentication method and device as well as server Pending CN104158816A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410421329.5A CN104158816A (en) 2014-08-25 2014-08-25 Authentication method and device as well as server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410421329.5A CN104158816A (en) 2014-08-25 2014-08-25 Authentication method and device as well as server

Publications (1)

Publication Number Publication Date
CN104158816A true CN104158816A (en) 2014-11-19

Family

ID=51884221

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410421329.5A Pending CN104158816A (en) 2014-08-25 2014-08-25 Authentication method and device as well as server

Country Status (1)

Country Link
CN (1) CN104158816A (en)

Cited By (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105141636A (en) * 2015-09-24 2015-12-09 网宿科技股份有限公司 HTTP safety communication method and system applicable for CDN value added service platform
CN105245621A (en) * 2015-10-30 2016-01-13 大连大学 MQTT-based enterprise message push system and message push method
CN105282143A (en) * 2015-09-09 2016-01-27 民航局空管局技术中心 Message access control method, device and system
CN106385491A (en) * 2016-09-05 2017-02-08 努比亚技术有限公司 System and method for controlling push information, mobile terminal and push server
CN106452721A (en) * 2016-10-14 2017-02-22 牛毅 Method and system for instruction identification of intelligent device based on identification public key
WO2017152767A1 (en) * 2016-03-08 2017-09-14 阿里巴巴集团控股有限公司 Published information processing method and device, and information publishing system
CN107809426A (en) * 2017-10-26 2018-03-16 珠海优特物联科技有限公司 Method and system for verifying data information
CN108173860A (en) * 2017-12-29 2018-06-15 深圳市泛海三江科技发展有限公司 A kind of MQTT connection methods, system, terminal and the server of low side constrained devices
CN108494733A (en) * 2018-02-11 2018-09-04 上海万达全程健康服务有限公司 A kind of message queue method for subscribing of health management system arranged communication
CN109002705A (en) * 2018-06-20 2018-12-14 苏州科达科技股份有限公司 process authentication method, device and server
CN109413040A (en) * 2018-09-21 2019-03-01 深圳前海微众银行股份有限公司 Message authentication method, equipment, system and computer readable storage medium
CN109474916A (en) * 2018-11-19 2019-03-15 海信集团有限公司 Device authentication method, apparatus and machine-readable medium
CN109644185A (en) * 2016-08-18 2019-04-16 西门子移动有限公司 Method and apparatus for carrying out secure electronic data communication
WO2019127241A1 (en) * 2017-12-28 2019-07-04 Siemens Aktiengesellschaft Message queuing telemetry transport (mqtt) data transmission method, apparatus, and system
CN110383313A (en) * 2017-03-07 2019-10-25 万事达卡国际公司 Method and system for recording peer-to-peer transaction processing
CN111801926A (en) * 2018-01-26 2020-10-20 西门子股份公司 Method and system for disclosing at least one cryptographic key
CN112511564A (en) * 2021-01-28 2021-03-16 浙江岩华文化科技有限公司 Message pushing method, system, electronic device and storage medium
CN113098969A (en) * 2021-04-09 2021-07-09 薪得付信息技术(上海)有限公司 Data distribution method, device and system and electronic equipment
CN113285934A (en) * 2021-05-14 2021-08-20 鼎铉商用密码测评技术(深圳)有限公司 Server cipher machine client IP detection method and device based on digital signature
CN114785603A (en) * 2022-04-26 2022-07-22 英赛克科技(北京)有限公司 MQTT protocol-based security protection method, device, equipment and storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050122932A1 (en) * 2003-12-06 2005-06-09 Walter Robert C. System for interactive queuing through public communication networks
US7379921B1 (en) * 2004-11-08 2008-05-27 Pisafe, Inc. Method and apparatus for providing authentication
CN103051448A (en) * 2011-10-12 2013-04-17 中兴通讯股份有限公司 Authentication method, device and system for pairing code of business terminal attached to home gateway
CN103079176A (en) * 2012-12-31 2013-05-01 Tcl集团股份有限公司 Method and system for remotely controlling electronic equipment, mobile terminal and electronic equipment
CN103490895A (en) * 2013-09-12 2014-01-01 北京斯庄格科技有限公司 Industrial control identity authentication method and device with state cryptographic algorithms
US20140040628A1 (en) * 2012-08-03 2014-02-06 Vasco Data Security, Inc. User-convenient authentication method and apparatus using a mobile authentication application

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050122932A1 (en) * 2003-12-06 2005-06-09 Walter Robert C. System for interactive queuing through public communication networks
US7379921B1 (en) * 2004-11-08 2008-05-27 Pisafe, Inc. Method and apparatus for providing authentication
CN103051448A (en) * 2011-10-12 2013-04-17 中兴通讯股份有限公司 Authentication method, device and system for pairing code of business terminal attached to home gateway
US20140040628A1 (en) * 2012-08-03 2014-02-06 Vasco Data Security, Inc. User-convenient authentication method and apparatus using a mobile authentication application
CN103079176A (en) * 2012-12-31 2013-05-01 Tcl集团股份有限公司 Method and system for remotely controlling electronic equipment, mobile terminal and electronic equipment
CN103490895A (en) * 2013-09-12 2014-01-01 北京斯庄格科技有限公司 Industrial control identity authentication method and device with state cryptographic algorithms

Cited By (36)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105282143A (en) * 2015-09-09 2016-01-27 民航局空管局技术中心 Message access control method, device and system
CN105282143B (en) * 2015-09-09 2018-06-01 北京航空航天大学 message access control method, device and system
CN105141636B (en) * 2015-09-24 2018-04-17 网宿科技股份有限公司 Suitable for the HTTP safety communicating methods and system of CDN value-added service platforms
CN105141636A (en) * 2015-09-24 2015-12-09 网宿科技股份有限公司 HTTP safety communication method and system applicable for CDN value added service platform
CN105245621A (en) * 2015-10-30 2016-01-13 大连大学 MQTT-based enterprise message push system and message push method
CN105245621B (en) * 2015-10-30 2018-05-22 大连大学 MQTT-based enterprise message push system and message push method
WO2017152767A1 (en) * 2016-03-08 2017-09-14 阿里巴巴集团控股有限公司 Published information processing method and device, and information publishing system
US10693846B2 (en) 2016-03-08 2020-06-23 Alibaba Group Holding Limited Published information processing method and device, and information publishing system
RU2723916C2 (en) * 2016-03-08 2020-06-18 Алибаба Груп Холдинг Лимитед Apparatus and method of processing published information and an information publishing system
CN109644185A (en) * 2016-08-18 2019-04-16 西门子移动有限公司 Method and apparatus for carrying out secure electronic data communication
CN106385491A (en) * 2016-09-05 2017-02-08 努比亚技术有限公司 System and method for controlling push information, mobile terminal and push server
CN106452721A (en) * 2016-10-14 2017-02-22 牛毅 Method and system for instruction identification of intelligent device based on identification public key
CN110383317A (en) * 2017-03-07 2019-10-25 万事达卡国际公司 For recording the method and system of point-to-point trading processing
CN110383313A (en) * 2017-03-07 2019-10-25 万事达卡国际公司 Method and system for recording peer-to-peer transaction processing
US12175458B2 (en) 2017-03-07 2024-12-24 Mastercard International Incorporated Method and system for recording point to point transaction processing
US11456868B2 (en) 2017-03-07 2022-09-27 Mastercard International Incorporated Method and system for recording point to point transaction processing
CN110383313B (en) * 2017-03-07 2023-08-29 万事达卡国际公司 Method and system for recording point-to-point transaction processing
CN107809426A (en) * 2017-10-26 2018-03-16 珠海优特物联科技有限公司 Method and system for verifying data information
CN107809426B (en) * 2017-10-26 2020-07-24 珠海优特智厨科技有限公司 Data information verification method and system
CN111183619A (en) * 2017-12-28 2020-05-19 西门子股份公司 Message queue telemetry transmission MQTT data transmission method, device and system
US11297107B2 (en) 2017-12-28 2022-04-05 Siemens Aktiengesellschaft Message queuing telemetry transport (MQTT) data transmission method, apparatus, and system
WO2019127241A1 (en) * 2017-12-28 2019-07-04 Siemens Aktiengesellschaft Message queuing telemetry transport (mqtt) data transmission method, apparatus, and system
CN108173860A (en) * 2017-12-29 2018-06-15 深圳市泛海三江科技发展有限公司 A kind of MQTT connection methods, system, terminal and the server of low side constrained devices
CN111801926A (en) * 2018-01-26 2020-10-20 西门子股份公司 Method and system for disclosing at least one cryptographic key
CN111801926B (en) * 2018-01-26 2023-04-28 西门子股份公司 Method and system for disclosing at least one cryptographic key
CN108494733A (en) * 2018-02-11 2018-09-04 上海万达全程健康服务有限公司 A kind of message queue method for subscribing of health management system arranged communication
CN109002705A (en) * 2018-06-20 2018-12-14 苏州科达科技股份有限公司 process authentication method, device and server
CN109413040A (en) * 2018-09-21 2019-03-01 深圳前海微众银行股份有限公司 Message authentication method, equipment, system and computer readable storage medium
CN109413040B (en) * 2018-09-21 2020-12-18 深圳前海微众银行股份有限公司 Message authentication method, device, system, and computer-readable storage medium
CN109474916B (en) * 2018-11-19 2020-09-18 海信集团有限公司 Equipment authentication method, device and machine readable medium
CN109474916A (en) * 2018-11-19 2019-03-15 海信集团有限公司 Device authentication method, apparatus and machine-readable medium
CN112511564A (en) * 2021-01-28 2021-03-16 浙江岩华文化科技有限公司 Message pushing method, system, electronic device and storage medium
CN113098969B (en) * 2021-04-09 2022-12-20 薪得付信息技术(上海)有限公司 Data distribution method, device and system and electronic equipment
CN113098969A (en) * 2021-04-09 2021-07-09 薪得付信息技术(上海)有限公司 Data distribution method, device and system and electronic equipment
CN113285934A (en) * 2021-05-14 2021-08-20 鼎铉商用密码测评技术(深圳)有限公司 Server cipher machine client IP detection method and device based on digital signature
CN114785603A (en) * 2022-04-26 2022-07-22 英赛克科技(北京)有限公司 MQTT protocol-based security protection method, device, equipment and storage medium

Similar Documents

Publication Publication Date Title
CN104158816A (en) Authentication method and device as well as server
US11343098B2 (en) Systems and methods of securing digital conversations for its life cycle at source, during transit and at destination
JP6138791B2 (en) Stateless application notification
CN108537046A (en) A kind of online contract signature system and method based on block chain technology
US7949138B2 (en) Secure instant messaging
CN102365841A (en) Push notification service
CN101385034A (en) application test
US7949873B2 (en) Secure instant messaging
US10129229B1 (en) Peer validation
CN107517194B (en) Return source authentication method and device of content distribution network
GB2533279A (en) Secure media player
US20200092264A1 (en) End-point assisted gateway decryption without man-in-the-middle
CN101667999A (en) Method and system for transmitting peer-to-peer broadcast stream, data signature device and client
CN112699391B (en) Target data sending method and privacy computing platform
CN109951291A (en) Content sharing method and device based on trusted execution environment, and multimedia equipment
CN112753031B (en) Media content control
US9825942B2 (en) System and method of authenticating a live video stream
JP2022533874A (en) Prevent data manipulation and protect user privacy in telecom network measurements
CN114595465A (en) Data encryption processing method and device and electronic equipment
CN109150919B (en) Network attack prevention method and network equipment
CN102006567A (en) Push-message processing method and system and equipment for implementing push-message processing method
CN117177237B (en) Encryption transmission method for railway 5G private network MCX file service
CN114765595B (en) Chat message display method, chat message sending device, electronic equipment and media
JP2006270669A (en) Policy distribution method, system, program, policy distribution server, and client terminal
CN120979748A (en) Data transmission methods and systems

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20141119

RJ01 Rejection of invention patent application after publication