CN102111411A - Method for switching encryption safety data among peer-to-peer user nodes in P2P network - Google Patents
Method for switching encryption safety data among peer-to-peer user nodes in P2P network Download PDFInfo
- Publication number
- CN102111411A CN102111411A CN201110023152XA CN201110023152A CN102111411A CN 102111411 A CN102111411 A CN 102111411A CN 201110023152X A CN201110023152X A CN 201110023152XA CN 201110023152 A CN201110023152 A CN 201110023152A CN 102111411 A CN102111411 A CN 102111411A
- Authority
- CN
- China
- Prior art keywords
- user node
- public key
- user
- node
- random number
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 32
- 231100000279 safety data Toxicity 0.000 title 1
- 230000005540 biological transmission Effects 0.000 claims abstract description 10
- 238000012795 verification Methods 0.000 claims description 2
- 238000004891 communication Methods 0.000 abstract description 21
- 230000003993 interaction Effects 0.000 abstract description 2
- 241000700605 Viruses Species 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000003111 delayed effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Images
Landscapes
- Computer And Data Communications (AREA)
Abstract
本发明提供一种P2P网络中对等用户结点间的加密安全数据交换方法,网络中任意两个对等用户结点A、B分别通过认证服务器登录网络获取公钥证书,通过交换操作,用户结点A拥有自身的随机数NA和用户结点B发来的随机数NB,用户结点B拥有自身的随机数NB和用户结点A发来的随机数NA;然后应用加密算法,使用户结点A和用户结点B形成加密通道,进行数据加密传输。本发明安全通信建立过程简单,交互次数少,除第一次发送证书是明文,其余都在密文情况下进行信息交互,具有较好的安全性。
The invention provides a method for encrypted secure data exchange between peer user nodes in a P2P network. Any two peer user nodes A and B in the network respectively log in to the network through an authentication server to obtain a public key certificate. Through the exchange operation, the user Node A has its own random number N A and the random number N B sent by user node B, and user node B has its own random number N B and the random number N A sent by user node A ; then apply encryption The algorithm enables user node A and user node B to form an encrypted channel for encrypted data transmission. The invention has simple process of establishing secure communication and few times of interaction, except that the certificate sent for the first time is in plain text, and the rest of the information is exchanged in cipher text, which has better security.
Description
技术领域technical field
本发明涉及一种互联网的数据交换方法,特别是P2P网络中对等用户结点间安全的加密通信方法。The present invention relates to an Internet data exchange method, in particular to a secure encrypted communication method between peer user nodes in a P2P network.
背景技术Background technique
P2P(Peer to Peer,点对点)网络也被称为对等网络,与当前互联网上常见的S/C(服务器/客户端)模式相比,网络中每个结点可以自由地加入或退出网络,结点之间的关系都是对等的,各个结点间可以更好地共享资源。P2P网络在用户间的直接通信、文件交换以及分布计算方面都有广泛的应用前景。P2P (Peer to Peer, peer-to-peer) network is also called a peer-to-peer network. Compared with the current S/C (server/client) mode common on the Internet, each node in the network can freely join or exit the network. The relationship between nodes is equal, and resources can be better shared between nodes. P2P network has broad application prospects in direct communication between users, file exchange and distributed computing.
然而,P2P网络是非中心化网络,结点之间数据交换方便,资源分享频繁,各个结点可以自由地加入或退出,病毒、木马很容易通过网络传播,所以用户数据在传输过程中遭遇窃听、篡改、重放、中间人等多种攻击。为了避免上述问题,需要一种安全的信息通信机制实现对P2P通信的安全保护。However, the P2P network is a decentralized network, data exchange between nodes is convenient, resource sharing is frequent, each node can join or exit freely, viruses and Trojan horses are easy to spread through the network, so user data encounters eavesdropping, Tampering, replay, man-in-the-middle and other attacks. In order to avoid the above problems, a secure information communication mechanism is needed to protect the security of P2P communication.
在现有技术中,P2P的通信往往是数据明文传输,缺乏对数据的安全保护。已有的加密通信方法如SSL/TLS和IKE应用在P2P网络传输上过于庞大复杂,并且SSL/TLS和IKE本身又有安全缺陷,容易遭到中间人攻击。具体来说,SSL/TLS协议证书完全是明文传输,各户节点的身份很容易被窃听,IKE的nonce随机数也是明文发送,容易被中间人截获,因而迫切需要一套解决方案来保护端对端的数据传输。In the prior art, P2P communication is often data transmission in plain text, which lacks data security protection. Existing encrypted communication methods such as SSL/TLS and IKE are too large and complex for P2P network transmission, and SSL/TLS and IKE themselves have security flaws and are vulnerable to man-in-the-middle attacks. Specifically, SSL/TLS protocol certificates are completely transmitted in plain text, and the identity of each household node is easily eavesdropped. The nonce random number of IKE is also sent in plain text, which is easy to be intercepted by an intermediary. Therefore, a solution is urgently needed to protect end-to-end data transmission.
目前对于P2P网络用户节点的认证已经提出了切实可行的方法,通过认证服务器对用户颁发数字证书,认证时交换证书实现认证,可是没有考虑认证后数据的安全传输。网络用户的认证归根结底是为了实现数据的安全交换,所以非常需要一种能够从认证开始,到数据的传输都能保障P2P网络中对等用户结点间的安全通信的方法。At present, practical methods have been proposed for the authentication of P2P network user nodes. The authentication server issues digital certificates to users, and exchanges certificates to achieve authentication during authentication. However, the secure transmission of authenticated data has not been considered. In the final analysis, the authentication of network users is to realize the secure exchange of data, so a method that can guarantee the secure communication between peer user nodes in the P2P network from authentication to data transmission is very much needed.
发明内容Contents of the invention
本发明所要解决的技术问题是为了克服P2P网络中对等用户结点通信中的安全问题,而设计出从认证开始到数据传输的安全通信方法。The technical problem to be solved by the present invention is to design a safe communication method from authentication to data transmission in order to overcome the security problem in peer-to-peer user node communication in the P2P network.
本发明为解决上述技术问题,采用如下技术方案:In order to solve the problems of the technologies described above, the present invention adopts the following technical solutions:
一种P2P网络中对等用户结点间的加密安全数据交换方法,包括如下步骤:A method for exchanging encrypted and secure data between peer user nodes in a P2P network, comprising the following steps:
步骤1:网络中任意两个对等用户结点A、B通过认证服务器登录网络获取公钥证书,证书由认证服务器的私钥对用户结点公钥的数字签名产生;Step 1: Any two peer user nodes A and B in the network log in to the network through the authentication server to obtain a public key certificate, and the certificate is generated by the digital signature of the user node public key with the private key of the authentication server;
步骤2:用户节点A向用户节点 B发送用户结点A的公钥证书,结点B验证结点A的公钥证书获得结点A的公钥;Step 2: User node A sends the public key certificate of user node A to user node B, and node B verifies the public key certificate of node A to obtain the public key of node A;
步骤3:用户结点B向用户结点A发送结点B的公钥证书和随机数NB用结点A的公钥加密,用户结点A用自身私钥解密用户结点B发来公钥证书和随机数NB,验证结点B的证书获得结点B的公钥;Step 3: User node B sends node B's public key certificate and random number N to user node A. B encrypts with node A's public key, and user node A decrypts the public key sent by user node B with its own private key. Key certificate and random number N B , verify the certificate of node B to obtain the public key of node B;
步骤4:用户结点A向用户结点B发送自身的随机NA,用B的公钥加密,用户结点B用自身的私钥解密用户结点A发来的随机数NA。Step 4: User node A sends its own random number NA to user node B, encrypts it with B's public key, and user node B decrypts the random number NA sent by user node A with its own private key.
步骤5:结点A拥有自身的随机数NA和结点B发来的随机数NB,结点B拥有自身的随机数NB和结点A发来的随机数NA,应用加密算法用户结点A和用户结点B形成加密通道,进行数据加密传输。Step 5: Node A has its own random number N A and the random number N B sent by node B, and node B has its own random number N B and the random number N A sent by node A , and the encryption algorithm is applied User node A and user node B form an encrypted channel for encrypted data transmission.
所述的步骤1中,P2P网络中对等用户结点间的公钥证书产生包括如下步骤:In the described step 1, the generation of the public key certificate between peer user nodes in the P2P network includes the following steps:
步骤1-1:对于信任域的任意用户结点先下载有认证服务器的公钥,然后用户结点在登录时生成自身的公、私密钥对,将其中的公钥与登录时所输入的用户名、密码一起用认证服务器的公钥加密,发送到认证服务器; Step 1-1: For any user node in the trust domain, first download the public key of the authentication server, and then the user node generates its own public and private key pair when logging in, and compares the public key with the input The user name and password are encrypted with the public key of the authentication server and sent to the authentication server;
步骤1-2:认证服务器用自身的私钥解密所接收到的加密的用户名、密码信息后,核对登录用户结点的用户名、密码,核对成功则该用户结点登录成功;Step 1-2: After the authentication server decrypts the received encrypted user name and password information with its own private key, it checks the user name and password of the login user node, and if the verification is successful, the user node login is successful;
步骤1-3:认证服务器用自身的私钥对用户结点的公钥进行数字签名,得到该用户结点的公钥证书;Step 1-3: The authentication server digitally signs the public key of the user node with its own private key, and obtains the public key certificate of the user node;
步骤1-4:用户结点的公钥证书采用该用户结点的公钥加密后发送给该用户结点,该用户结点利用私钥解密后保存所得到的公钥证书。Steps 1-4: The public key certificate of the user node is encrypted with the public key of the user node and sent to the user node, and the user node decrypts with the private key and saves the obtained public key certificate.
所述步骤1-1中用户结点在各次登录时所生成的自身的公、私密钥对互不相同。In the step 1-1, the user node generates its own public and private key pairs at each login, which are different from each other.
所述的P2P网络中对等用户结点间的加密安全数据交换方法,其特征在于:所述步骤5所述加密算法为DH加密算法。The encryption security data exchange method between peer user nodes in the P2P network is characterized in that: the encryption algorithm in the step 5 is a DH encryption algorithm.
本发明实现了下列有益效果The present invention has realized following beneficial effect
1、本发明提出了对等用户建立安全通信的方法,不仅仅建立互相的认证,还考虑了通信过程中的加密传输。1. The present invention proposes a method for peer-to-peer users to establish secure communication, which not only establishes mutual authentication, but also considers encrypted transmission during communication.
2、将认证和加密通信的建立紧密地结合起来,通过认证获得的对方公钥,立即用于加密通道的建立。2. The establishment of authentication and encrypted communication is closely combined, and the other party's public key obtained through authentication is immediately used to establish an encrypted channel.
3、用户每次登录都产生新的公私密钥对,应用新的证书,每次交换随机数都用不同的公钥对其进行加密,极大地减少了DH密钥被破解实施中间人攻击的可能性。3. Every time the user logs in, a new public-private key pair is generated, a new certificate is applied, and each time the random number is exchanged, it is encrypted with a different public key, which greatly reduces the possibility of the DH key being cracked and implementing man-in-the-middle attacks sex.
4、每一次建立加密通道,所交互的随机数不同,加密通道不易被破解。4. Every time an encrypted channel is established, the random numbers exchanged are different, and the encrypted channel is not easy to be cracked.
5、安全通信建立过程简单,交互次数少,除第一次发送证书是明文,其余都在密文情况下进行信息交互,具有较好的安全性。5. The establishment process of secure communication is simple, and the number of interactions is small. Except for the certificate sent for the first time in plain text, the rest of the information is exchanged in cipher text, which has better security.
the
附图说明Description of drawings
图1为本发明在两个结点间建立安全通信的示意图;Fig. 1 is the schematic diagram that the present invention establishes secure communication between two nodes;
图2为本发明认证服务器获取证书的流程图;Fig. 2 is the flowchart of obtaining certificate by authentication server of the present invention;
图3为本发明中利用证书建立安全通信的流程图。Fig. 3 is a flow chart of establishing secure communication using certificates in the present invention.
the
具体实施方式Detailed ways
下面结合附图,对本发明做进一步的说明。Below in conjunction with accompanying drawing, the present invention will be further described.
为了方便理解,以一个简单的P2P网络为例,对本发明的实现方法加以说明。如图1所示,在这一P2P网络中,有两个用户结点,分别为用户结点A和用户结点B,还有一个认证服务器通过网络连接。网络中的用户结点在登录过程中会得到各自的证书,利用这一证书,应用公钥算法可实现加密环境中随机数的交换,建立加密安全通信。参考图2,首先对用户结点证书的获取过程进行说明。For the convenience of understanding, a simple P2P network is taken as an example to illustrate the implementation method of the present invention. As shown in Figure 1, in this P2P network, there are two user nodes, user node A and user node B respectively, and an authentication server connected through the network. User nodes in the network will get their own certificates during the login process. Using this certificate, the public key algorithm can be used to realize the exchange of random numbers in an encrypted environment and establish encrypted and secure communication. Referring to FIG. 2 , firstly, the process of obtaining the user node certificate is described.
一个用户结点,假设为用户结点A,首先从认证服务器下载认证服务器公钥,然后输入用户名和密码登录网络。在登录过程中,根据用户结点A终端的非对称加密算法会自动生成一对公私密钥对,其中的私钥以安全方式予以保存,而公钥则会与用户结点所输入的用户名、密钥一起采用认证服务器的公钥加密,然后将加密结果通过网络发送给认证服务器。需要说明的是,用户结点每次登录所生成的公私密钥对是不同的,此次登录所生成的公私密钥对不能用于下次登录的过程中。A user node, assuming user node A, first downloads the public key of the authentication server from the authentication server, and then enters the user name and password to log in to the network. During the login process, a pair of public-private key pairs will be automatically generated according to the asymmetric encryption algorithm of the user node A terminal. , and the key are encrypted with the public key of the authentication server, and then the encrypted result is sent to the authentication server through the network. It should be noted that the public-private key pair generated by each login of the user node is different, and the public-private key pair generated by this login cannot be used in the next login process.
当认证服务器收到用户结点A所发送的加密结果后,采用自身的密钥对加密结果进行解密,并对解密所得的用户名和密码进行检查,如果用户名和密码正确,则表示用户结点A登录成功。在用户结点A登录成功后,When the authentication server receives the encrypted result sent by user node A, it uses its own key to decrypt the encrypted result, and checks the decrypted user name and password. If the user name and password are correct, it means that user node A login successful. After user node A successfully logs in,
认证服务器将用户结点A所发送的用户结点A公钥用自己的私钥进行数字签名,形成用于身份认证的证书。认证服务器采用用户结点A的公钥将该证书加密后,返还给用户结点A。用户结点A收到后用自己的私钥予以解密,保存所得到的证书。The authentication server digitally signs the public key of user node A sent by user node A with its own private key to form a certificate for identity authentication. The authentication server encrypts the certificate with the public key of user node A, and returns it to user node A. User node A decrypts it with its own private key after receiving it, and saves the obtained certificate.
在上述登录过程中,用户结点A经过与认证服务器的交互后得到用于身份认证的证书,该证书包括由认证服务器私钥签名的用户结点A公钥。上述过程对于用户结点B而言,同样如此。用户结点B在成功登录到网络中后,也能够从认证服务器得到一个用于身份认证的证书,只是该证书中所包括的是由认证服务器私钥签名的用户结点B公钥。In the above login process, user node A obtains a certificate for identity authentication after interacting with the authentication server, and the certificate includes the public key of user node A signed by the private key of the authentication server. The above process is also the same for user node B. After successfully logging in to the network, user node B can also obtain a certificate for identity authentication from the authentication server, but the certificate includes the public key of user node B signed by the private key of the authentication server.
当用户结点在登录网络后,根据实际应用的需要,一个用户结点需要与网络中的其它用户结点建立连接安全通信,实现数据的加密交换。首先要做的就是证书交换,在公钥保护下进行随机数的交换,建立DH加密通道。下面仍以用户结点A、B为例,参考图3,对两个用户结点间建立加密通道加以说明。When a user node logs into the network, according to the needs of practical applications, a user node needs to establish a connection and secure communication with other user nodes in the network to realize encrypted data exchange. The first thing to do is to exchange certificates, exchange random numbers under the protection of the public key, and establish a DH encrypted channel. Still taking user nodes A and B as examples below, referring to FIG. 3 , the establishment of an encrypted channel between two user nodes will be explained.
假设数据连接的建立过程由用户结点A发起,则用户结点A需要向用户结点B发送自己的证书,用户结点B收到后,用认证服务器公钥对证书A予以解密,获得用户A的公钥。用户结点B向用户结点A发送结点B的证书和随机数NB用结点A的公钥加密,用户结点A用自身私钥解密用户结点B发来证书和随机数NB,验证结点B的证书获得结点B的公钥。用户结点A向用户结点B发送自身的随机NA,用B的公钥加密,用户结点B用自身的私钥解密用户结点A发来的随机数NA。结点A拥有自身的随机数NA和结点B发来的随机数NB,结点B拥有自身的随机数NB和结点A发来的随机数NA,应用DH加密算法用户结点A和用户结点B形成加密通道。Assuming that the establishment process of the data connection is initiated by user node A, then user node A needs to send its own certificate to user node B, and user node B will decrypt the certificate A with the public key of the authentication server after receiving it, and obtain the user's certificate. A's public key. User node B sends node B's certificate and random number N B to user node A to encrypt with node A's public key, user node A decrypts the certificate and random number N B sent by user node B with its own private key , verify the certificate of node B to obtain the public key of node B. User node A sends its own random number NA to user node B, and encrypts it with B's public key, and user node B uses its own private key to decrypt the random number NA sent by user node A. Node A has its own random number N A and the random number N B sent by node B, and node B has its own random number N B and the random number N A sent by node A. Point A and user node B form an encrypted channel.
上述加密通信建立的过程,若在认证过程中有一个用户结点C对用户结点B所返回的消息进行拦截,由于它不具有用户结点A的私钥,因此不能对拦截结果进行解密,也就无法伪装成用户结点B与用户结点A建立连接,从而造成安全通信建立的失败。同样如果该结点拦截A发来的随机数,由于它不具有用户结点A的私钥,因此不能对拦截结果进行解密,如此建立的DH加密通道是安全的,可以防止中间人攻击。In the process of establishing encrypted communication above, if a user node C intercepts the message returned by user node B during the authentication process, since it does not have the private key of user node A, it cannot decrypt the interception result. It is also impossible to pretend to be user node B to establish a connection with user node A, thereby causing the failure of secure communication establishment. Similarly, if the node intercepts the random number sent by A, it cannot decrypt the intercepted result because it does not have the private key of user node A. The DH encrypted channel thus established is safe and can prevent man-in-the-middle attacks.
在上述加密通信建立的过程中;用户结点A、B之间的身份认证过程并不涉及到认证服务器。认证服务器只在用户登录过程中为该用户结点授予此次登录时的身份认证证书,以后这一用户结点在此次登录中无论与多少个用户结点建立连接,都和认证服务器无关,大大降低了认证服务器的负载,也就不会因为认证服务器负载过重而延缓两个用户结点间的数据连接过程。In the establishment process of the above-mentioned encrypted communication; the identity authentication process between the user nodes A and B does not involve the authentication server. The authentication server only grants the user node the identity authentication certificate for this login during the user login process. In the future, no matter how many user nodes the user node establishes connections with during this login, it has nothing to do with the authentication server. The load of the authentication server is greatly reduced, and the data connection process between two user nodes will not be delayed due to the overload of the authentication server.
最后所应说明的是,以上实施例仅用以说明本发明的技术方案而非限制。尽管参照实施例对本发明进行了详细说明,本领域的普通技术人员应当理解,对本发明的技术方案进行修改或者等同替换,都不脱离本发明技术方案的精神和范围,其均应涵盖在本发明的权利要求范围当中。Finally, it should be noted that the above embodiments are only used to illustrate the technical solutions of the present invention rather than limit them. Although the present invention has been described in detail with reference to the embodiments, those skilled in the art should understand that modifications or equivalent replacements to the technical solutions of the present invention do not depart from the spirit and scope of the technical solutions of the present invention, and all of them should be included in the scope of the present invention. within the scope of the claims.
Claims (4)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110023152XA CN102111411A (en) | 2011-01-21 | 2011-01-21 | Method for switching encryption safety data among peer-to-peer user nodes in P2P network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110023152XA CN102111411A (en) | 2011-01-21 | 2011-01-21 | Method for switching encryption safety data among peer-to-peer user nodes in P2P network |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102111411A true CN102111411A (en) | 2011-06-29 |
Family
ID=44175441
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110023152XA Pending CN102111411A (en) | 2011-01-21 | 2011-01-21 | Method for switching encryption safety data among peer-to-peer user nodes in P2P network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102111411A (en) |
Cited By (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103647695A (en) * | 2013-10-31 | 2014-03-19 | 北京奇虎科技有限公司 | Client application program user registration method, mobile terminal and server |
| CN105049434A (en) * | 2015-07-21 | 2015-11-11 | 中国科学院软件研究所 | Identity authentication method and encryption communication method under peer-to-peer network environment |
| CN105578457A (en) * | 2015-05-06 | 2016-05-11 | 宇龙计算机通信科技(深圳)有限公司 | A terminal authentication method, management terminal and application terminal |
| CN106576041A (en) * | 2014-06-27 | 2017-04-19 | 林建华 | Method of mutual verification between a client and a server |
| CN106789092A (en) * | 2017-02-28 | 2017-05-31 | 河源弘稼农业科技有限公司 | Cipher key transmission methods, cipher key delivery device, server and communication equipment |
| CN106934630A (en) * | 2015-12-31 | 2017-07-07 | 济南大陆机电股份有限公司 | A kind of measurement instrument magnitude tracing method |
| CN107094156A (en) * | 2017-06-21 | 2017-08-25 | 北京明朝万达科技股份有限公司 | A kind of safety communicating method and system based on P2P patterns |
| CN107409048A (en) * | 2015-02-26 | 2017-11-28 | 瑞典爱立信有限公司 | public key based network |
| CN108055131A (en) * | 2013-01-18 | 2018-05-18 | 苹果公司 | For the system and method for key chain synchronization |
| CN108076003A (en) * | 2016-11-07 | 2018-05-25 | 阿里巴巴集团控股有限公司 | The detection method and device of Session Hijack |
| CN108259486A (en) * | 2018-01-10 | 2018-07-06 | 芯盾网安(北京)科技发展有限公司 | End-to-end key exchange method based on certificate |
| WO2018223777A1 (en) * | 2017-06-06 | 2018-12-13 | 北京京东尚科信息技术有限公司 | Data exchange system, method, and device |
| CN109639412A (en) * | 2018-12-05 | 2019-04-16 | 成都卫士通信息产业股份有限公司 | A kind of communication means, system and electronic equipment and storage medium |
| CN115150091A (en) * | 2022-05-16 | 2022-10-04 | 腾讯科技(深圳)有限公司 | A data transmission method, related apparatus, equipment and storage medium |
| US11647056B1 (en) * | 2019-06-25 | 2023-05-09 | Amazon Technologies, Inc. | Hybrid videoconferencing architecture for telemedicine |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1456993A (en) * | 2003-05-30 | 2003-11-19 | 武汉理工大学 | Method for exchanging pins between users' computers |
| CN101159549A (en) * | 2007-11-08 | 2008-04-09 | 西安西电捷通无线网络通信有限公司 | Bidirectional access authentication method |
| CN101442411A (en) * | 2008-12-23 | 2009-05-27 | 中国科学院计算技术研究所 | Identification authentication method between peer-to-peer user nodes in P2P network |
| US20090210712A1 (en) * | 2008-02-19 | 2009-08-20 | Nicolas Fort | Method for server-side detection of man-in-the-middle attacks |
| CN101902476A (en) * | 2010-07-27 | 2010-12-01 | 浙江大学 | Mobile P2P User Identity Authentication Method |
-
2011
- 2011-01-21 CN CN201110023152XA patent/CN102111411A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1456993A (en) * | 2003-05-30 | 2003-11-19 | 武汉理工大学 | Method for exchanging pins between users' computers |
| CN101159549A (en) * | 2007-11-08 | 2008-04-09 | 西安西电捷通无线网络通信有限公司 | Bidirectional access authentication method |
| US20090210712A1 (en) * | 2008-02-19 | 2009-08-20 | Nicolas Fort | Method for server-side detection of man-in-the-middle attacks |
| CN101442411A (en) * | 2008-12-23 | 2009-05-27 | 中国科学院计算技术研究所 | Identification authentication method between peer-to-peer user nodes in P2P network |
| CN101902476A (en) * | 2010-07-27 | 2010-12-01 | 浙江大学 | Mobile P2P User Identity Authentication Method |
Non-Patent Citations (2)
| Title |
|---|
| 李天目: "《SSL/TLS协议的安全分析和改进》", 《信息网络安全》 * |
| 魏达等: "《基于Diffie-Hellman密钥交换的Web安全传输》", 《吉林大学学报(信息科学版)》 * |
Cited By (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108055131B (en) * | 2013-01-18 | 2021-03-02 | 苹果公司 | System and method for keychain synchronization |
| US10771545B2 (en) | 2013-01-18 | 2020-09-08 | Apple Inc. | Keychain syncing |
| CN108055131A (en) * | 2013-01-18 | 2018-05-18 | 苹果公司 | For the system and method for key chain synchronization |
| CN103647695A (en) * | 2013-10-31 | 2014-03-19 | 北京奇虎科技有限公司 | Client application program user registration method, mobile terminal and server |
| CN106576041A (en) * | 2014-06-27 | 2017-04-19 | 林建华 | Method of mutual verification between a client and a server |
| CN107409048A (en) * | 2015-02-26 | 2017-11-28 | 瑞典爱立信有限公司 | public key based network |
| CN105578457A (en) * | 2015-05-06 | 2016-05-11 | 宇龙计算机通信科技(深圳)有限公司 | A terminal authentication method, management terminal and application terminal |
| CN105049434B (en) * | 2015-07-21 | 2019-02-22 | 中国科学院软件研究所 | An identity authentication method and encrypted communication method in a peer-to-peer network environment |
| CN105049434A (en) * | 2015-07-21 | 2015-11-11 | 中国科学院软件研究所 | Identity authentication method and encryption communication method under peer-to-peer network environment |
| CN106934630A (en) * | 2015-12-31 | 2017-07-07 | 济南大陆机电股份有限公司 | A kind of measurement instrument magnitude tracing method |
| CN108076003A (en) * | 2016-11-07 | 2018-05-25 | 阿里巴巴集团控股有限公司 | The detection method and device of Session Hijack |
| CN106789092A (en) * | 2017-02-28 | 2017-05-31 | 河源弘稼农业科技有限公司 | Cipher key transmission methods, cipher key delivery device, server and communication equipment |
| WO2018223777A1 (en) * | 2017-06-06 | 2018-12-13 | 北京京东尚科信息技术有限公司 | Data exchange system, method, and device |
| US11283778B2 (en) | 2017-06-06 | 2022-03-22 | Beijing Jingdong Shangke Information Technology Co., Ltd. | Data exchange system, method and device |
| CN107094156A (en) * | 2017-06-21 | 2017-08-25 | 北京明朝万达科技股份有限公司 | A kind of safety communicating method and system based on P2P patterns |
| CN108259486A (en) * | 2018-01-10 | 2018-07-06 | 芯盾网安(北京)科技发展有限公司 | End-to-end key exchange method based on certificate |
| CN109639412A (en) * | 2018-12-05 | 2019-04-16 | 成都卫士通信息产业股份有限公司 | A kind of communication means, system and electronic equipment and storage medium |
| US11647056B1 (en) * | 2019-06-25 | 2023-05-09 | Amazon Technologies, Inc. | Hybrid videoconferencing architecture for telemedicine |
| CN115150091A (en) * | 2022-05-16 | 2022-10-04 | 腾讯科技(深圳)有限公司 | A data transmission method, related apparatus, equipment and storage medium |
| CN115150091B (en) * | 2022-05-16 | 2024-08-30 | 腾讯科技(深圳)有限公司 | Data transmission method, related device, equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102111411A (en) | Method for switching encryption safety data among peer-to-peer user nodes in P2P network | |
| US11621945B2 (en) | Method and system for secure communications | |
| Hummen et al. | Towards viable certificate-based authentication for the internet of things | |
| US9043598B2 (en) | Systems and methods for providing secure multicast intra-cluster communication | |
| CN106788989B (en) | A method and device for establishing a secure encrypted channel | |
| CN104219217B (en) | Security association negotiation method, device and system | |
| US20170201382A1 (en) | Secure Endpoint Devices | |
| CN114221765B (en) | Quantum key distribution method for fusion of QKD network and classical cryptographic algorithm | |
| WO2017185999A1 (en) | Method, apparatus and system for encryption key distribution and authentication | |
| CN101459506A (en) | Cipher key negotiation method, system, customer terminal and server for cipher key negotiation | |
| CN101860546A (en) | A Method of Improving SSL Handshake Protocol | |
| CN110493367B (en) | Address-free IPv6 non-public server, client and communication method | |
| Lam et al. | Securing SDN southbound and data plane communication with IBC | |
| CN104301107A (en) | Method and system for verifying privacy of WebRTC media channel via corresponding WebRTC data channel | |
| US9866383B2 (en) | Key management for privacy-ensured conferencing | |
| JP7389754B2 (en) | Apparatus, methods and articles of manufacture for messaging using message level security | |
| CN101815294B (en) | Access authentication method, equipment and system of P2P (peer-to-peer) network | |
| CN104486325A (en) | Safe login certification method based on RESTful | |
| CN101282208B (en) | Method for updating safety connection association master key as well as server and network system | |
| CN106534050A (en) | Method and device for realizing key agreement of virtual private network (VPN) | |
| CN115484038A (en) | A data processing method and device thereof | |
| CN114386054B (en) | Control method, system and medium for message storage processing and security authentication | |
| CN114386020A (en) | Method and system for fast secondary identity authentication based on quantum security | |
| CN105591748B (en) | A kind of authentication method and device | |
| CN116938441A (en) | Quantum cryptography in the Internet key exchange process |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20110629 |