[go: up one dir, main page]

CN110266477B - Dynamic encryption method for UDP communication - Google Patents

Dynamic encryption method for UDP communication Download PDF

Info

Publication number
CN110266477B
CN110266477B CN201910433826.XA CN201910433826A CN110266477B CN 110266477 B CN110266477 B CN 110266477B CN 201910433826 A CN201910433826 A CN 201910433826A CN 110266477 B CN110266477 B CN 110266477B
Authority
CN
China
Prior art keywords
udp
client
data
thread
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910433826.XA
Other languages
Chinese (zh)
Other versions
CN110266477A (en
Inventor
薛柯利
曾义
杜其昌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangzhou Hedong Technology Co ltd
Original Assignee
Guangzhou Hedong Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangzhou Hedong Technology Co ltd filed Critical Guangzhou Hedong Technology Co ltd
Priority to CN201910433826.XA priority Critical patent/CN110266477B/en
Publication of CN110266477A publication Critical patent/CN110266477A/en
Application granted granted Critical
Publication of CN110266477B publication Critical patent/CN110266477B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • H04L69/164Adaptation or special uses of UDP protocol
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Small-Scale Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention discloses a method for realizing dynamic encryption of UDP communication, which comprises a UDP server side design flow and a UDP client side design flow; the UDP server side design flow comprises a command port thread design flow and a data port thread design flow; firstly, a UDP server is started, and a command port thread and a data port thread are simultaneously established, wherein the command port thread mainly exchanges dynamic passwords with a UDP client, and the data port thread mainly takes charge of data communication with the UDP client. When the UDP client is started, a thread of a command port is firstly established, a password request message is sent to the server, when the server receives the password request message of the client, a password is returned to the client, the client receives a dynamic password of the server, and a data port and normal interactive data information of the server are established. The invention strengthens the safety of the whole system, effectively prevents illegal control and greatly improves the reliability and stability of the whole system.

Description

Method for realizing dynamic encryption of UDP communication
Technical Field
The invention relates to the technical field of smart home, in particular to a dynamic encryption method for UDP communication.
Background
Safety control is very important in industrial control applications, and many field controls are not encrypted and are easily damaged, such as MODBUS, bacnet and the like. The dynamic encryption method provided by the invention improves the safety of the whole system.
Disclosure of Invention
In view of the above, in order to solve the above problems in the prior art, the present invention provides a dynamic encryption method for UDP communication.
The invention solves the problems through the following technical means:
a UDP communication realizes the dynamic encryption method, including UDP server end design flow and UDP customer end design flow;
the UDP server side design flow comprises a command port thread design flow and a data port thread design flow;
the command port thread design flow comprises the following steps:
step S101: creating a thread of a UDP command port;
step S102: the command port monitors the client request, and if a request message exists, the step S103 is immediately jumped to;
step S103: decrypting with a public key KP;
step S104, judging whether the request of the client is correct, if so, jumping to step S105, otherwise, jumping to step S102;
step S105: dynamically generating a password K1 and returning to the client, and then jumping to the step S102;
the data port thread design flow comprises the following steps:
step S201, creating a thread of a UDP data port;
step S202: monitoring data of the client, and jumping to S203 if the data exists;
step S203: decrypting by using the password K1, and then jumping to S204;
step S204: verifying whether the data is correct, if so, jumping to the step S205, otherwise, jumping to the step S202;
step S205: processing the data, and then jumping to step S202;
the UDP client design flow comprises the following steps:
step S301, creating a thread of a UDP command port;
step S302, producing a random number SN;
step S303, encrypting the dynamic password of the request server by using a public password KP;
step S304, waiting for the server to request to return, and jumping to step S305 if returning and decrypting return data exist, and jumping to step S302 after overtime;
step S305, verifying whether the dynamic password is correct, if so, jumping to S306, otherwise, jumping to S302;
step S306: creating a thread of a UDP data port;
s307, encrypting data by using the dynamic password, and sending the data to a data port of a server through the data port;
step S308: and (5) exiting the connection.
Compared with the prior art, the invention has the beneficial effects that at least:
the invention enhances the safety of the whole system, effectively prevents illegal control and greatly improves the reliability and stability of the whole system.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
FIG. 1 is a flow chart of command port thread design in the UDP server design flow according to the present invention;
FIG. 2 is a flow chart of data port thread design in the UDP server design flow of the present invention;
fig. 3 is a flow chart of the UDP client design of the present invention.
Detailed Description
In order to make the aforementioned objects, features and advantages of the present invention comprehensible, embodiments accompanied with figures are described in detail below. It should be noted that the described embodiments are only a part of the embodiments of the present invention, and not all embodiments, and all other embodiments obtained by those skilled in the art without any inventive work based on the embodiments of the present invention belong to the protection scope of the present invention.
Examples
The invention discloses a dynamic encryption method for UDP communication, which comprises a UDP server side design flow and a UDP client side design flow;
the UDP server side design flow comprises a command port thread design flow and a data port thread design flow;
as shown in fig. 1, the command port thread design process includes the following steps:
step S101: creating a thread of a UDP command port;
step S102: the command port monitors the client request, and if a request message exists, the step S103 is immediately jumped to;
step S103: decrypting using a public key KP;
step S104, judging whether the request of the client is correct, if so, jumping to step S105, otherwise, jumping to step S102;
step S105: dynamically generating a password K1 and returning to the client, and then jumping to the step S102;
as shown in fig. 2, the data port thread design process includes the following steps:
step S201, creating a thread of a UDP data port;
step S202: monitoring data of the client, and jumping to S203 if the data exists;
step S203: decrypting by using the password K1, and then jumping to S204;
step S204: verifying whether the data is correct, if so, jumping to the step S205, otherwise, jumping to the step S202;
step S205: processing the data, and then jumping to step S202;
as shown in fig. 3, the UDP client design flow includes the following steps:
step S301, creating a thread of a UDP command port;
step S302, producing a random number SN;
step S303, encrypting the dynamic password of the request server by using a public password KP;
step S304, waiting for the server to request to return, and jumping to step S305 if returning and decrypting return data exist, and jumping to step S302 after overtime;
step S305, verifying whether the dynamic password is correct, if so, jumping to S306, otherwise, jumping to S302;
step S306: creating a thread of a UDP data port;
s307, encrypting data by using the dynamic password, and sending the data to a server data port through a data port;
step S308: and (5) exiting the connection.
After the intelligent home gateway is powered on, firstly, a UDP (user Datagram protocol) server is started, and meanwhile, a command port thread and a data port thread are established, wherein the command port thread mainly exchanges dynamic passwords with a UDP client, and the data port thread is mainly responsible for data communication with the UDP client. When the UDP client is started, a thread of a command port is firstly established, a password request message is sent to the server, when the server receives the password request message of the client, a password is returned to the client, the client receives the dynamic password of the server, and a data port and normal interactive data information of the server are established.
The invention enhances the safety of the whole system, effectively prevents illegal control and greatly improves the reliability and stability of the whole system.
The above-mentioned embodiments only express several embodiments of the present invention, and the description thereof is more specific and detailed, but not construed as limiting the scope of the present invention. It should be noted that various changes and modifications can be made by those skilled in the art without departing from the spirit of the invention, and these changes and modifications are all within the scope of the invention. Therefore, the protection scope of the present patent shall be subject to the appended claims.

Claims (1)

1. A dynamic encryption method for UDP communication is characterized in that after an intelligent home gateway is powered on, a UDP server is started, a command port thread and a data port thread are created at the same time, dynamic passwords are exchanged between the command port thread and a UDP client, and the data communication between the data port thread and the UDP client is realized; when the UDP client is started, a thread of a command port is established first, a password request message is sent to the server, when the server receives the password request message of the client, a password is returned to the client, the client receives a dynamic password of the server, and a data port and normal interactive data information of the server are established; the method is used for enhancing the system safety and preventing illegal control;
the method comprises a UDP server side design flow and a UDP client side design flow;
the UDP server side design flow consists of a command port thread design flow and a data port thread design flow;
the command port thread design process sequentially comprises the following steps:
step S101: creating a thread of a UDP command port;
step S102: the command port monitors the client request, and if a request message exists, the step S103 is immediately jumped to;
step S103: decrypting using a public key KP;
step S104, judging whether the request of the client is correct, if so, jumping to step S105, otherwise, jumping to step S102;
step S105: dynamically generating a password K1 and returning to the client, and then jumping to the step S102;
the data port thread design process sequentially comprises the following steps:
step S201, creating a thread of a UDP data port;
step S202: monitoring data of the client, and jumping to S203 if the data exists;
step S203: decrypting by using the password K1, and then jumping to S204;
step S204: verifying whether the data is correct, if so, jumping to the step S205, otherwise, jumping to the step S202;
step S205: processing the data, and then jumping to step S202;
the UDP client design flow sequentially comprises the following steps:
step S301, creating a thread of a UDP command port;
step S302, producing a random number SN;
step S303, encrypting the dynamic password of the request server by using a public password KP;
step S304, waiting for the server to request to return, and jumping to step S305 if returning and decrypting return data exist, and jumping to step S302 after overtime;
step S305, verifying whether the dynamic password is correct, if so, jumping to S306, otherwise, jumping to S302;
step S306: creating a thread of a UDP data port;
s307, encrypting data by using the dynamic password, and sending the data to a server data port through a data port;
step S308: and (5) exiting the connection.
CN201910433826.XA 2019-05-23 2019-05-23 Dynamic encryption method for UDP communication Active CN110266477B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910433826.XA CN110266477B (en) 2019-05-23 2019-05-23 Dynamic encryption method for UDP communication

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910433826.XA CN110266477B (en) 2019-05-23 2019-05-23 Dynamic encryption method for UDP communication

Publications (2)

Publication Number Publication Date
CN110266477A CN110266477A (en) 2019-09-20
CN110266477B true CN110266477B (en) 2023-03-24

Family

ID=67915125

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910433826.XA Active CN110266477B (en) 2019-05-23 2019-05-23 Dynamic encryption method for UDP communication

Country Status (1)

Country Link
CN (1) CN110266477B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114157707B (en) * 2021-11-25 2023-07-25 北京煜邦电力技术股份有限公司 Communication connection method, device and system

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CA2446304C (en) * 2001-05-01 2012-03-20 Vasco Data Security, Inc. Use and generation of a session key in a secure socket layer connection
CN102035904B (en) * 2010-12-10 2013-04-03 北京中科大洋科技发展股份有限公司 Method for converting TCP network communication server into client
CN102333093A (en) * 2011-09-28 2012-01-25 深圳市赛格导航科技股份有限公司 Data encryption transmission method and system
CN106027487B (en) * 2016-04-28 2019-07-23 广州广电运通金融电子股份有限公司 A kind of access management method and system of hardware device
CN107171799A (en) * 2016-11-29 2017-09-15 黄宗美 A kind of method of data transfer encryption
CN108243176B (en) * 2016-12-27 2020-08-11 腾讯科技(深圳)有限公司 Data transmission method and device
CN109286688A (en) * 2018-11-28 2019-01-29 深圳市元征科技股份有限公司 A kind of data download method and device

Also Published As

Publication number Publication date
CN110266477A (en) 2019-09-20

Similar Documents

Publication Publication Date Title
US20200322170A1 (en) Identity Authentication Method and System, and Computing Device
CN111770092B (en) A kind of numerical control system network security architecture and secure communication method and system
CN108964893B (en) Key processing method, device, equipment and medium
CN105376216A (en) Remote access method, agent server and client end
CN1448861A (en) Automatic re-authentication
CN111541776A (en) Safe communication device and system based on Internet of things equipment
CN102932453A (en) Method for achieving data center security system based on cloud computation
CN102710764A (en) A method and system for user remote control terminal equipment based on cloud computing
CN110213247A (en) A kind of method and system improving pushed information safety
CN114268643A (en) A power distribution IoT terminal and management method based on active identification technology
CN116488919B (en) Data processing method, communication node and storage medium
CN110266477B (en) Dynamic encryption method for UDP communication
CN102724205B (en) A kind of method to the encryption of industrial circle communication process and data acquisition equipment
CN114996671A (en) Server information processing method, device and medium
CN104883341A (en) Application management device, terminal and application management method
CN115333828A (en) Web access security encryption verification method and equipment based on UKEY hardware
CN117579254B (en) Encryption method, system and device for data transmission
CN103036879A (en) Method for auditing QQ chat contents
CN103581202B (en) The trade company of identity-based authentication platform makes board cross-certification method
CN117729008A (en) Data security protection method and device, electronic equipment and storage medium
CN110808943B (en) Client connection emergency management method, client and computer readable storage medium
CN104363307B (en) The method and system of user terminal telnet server-side
CN116015647A (en) Sensitive information security acquisition method, system, device and electronic equipment
CN210745178U (en) Identity authentication system
CN111865565B (en) Key management method, intelligent device, server and mobile terminal

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant