[go: up one dir, main page]

CN111884796B - A method and system for carrying information based on random number field - Google Patents

A method and system for carrying information based on random number field Download PDF

Info

Publication number
CN111884796B
CN111884796B CN202010552295.9A CN202010552295A CN111884796B CN 111884796 B CN111884796 B CN 111884796B CN 202010552295 A CN202010552295 A CN 202010552295A CN 111884796 B CN111884796 B CN 111884796B
Authority
CN
China
Prior art keywords
information
random number
functional component
side functional
network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010552295.9A
Other languages
Chinese (zh)
Other versions
CN111884796A (en
Inventor
王俊
张力
许建明
田永春
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CETC 30 Research Institute
Original Assignee
CETC 30 Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CETC 30 Research Institute filed Critical CETC 30 Research Institute
Priority to CN202010552295.9A priority Critical patent/CN111884796B/en
Publication of CN111884796A publication Critical patent/CN111884796A/en
Application granted granted Critical
Publication of CN111884796B publication Critical patent/CN111884796B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

本发明公开了一种基于随机数字段携带信息的方法和系统,所述方法为通过终端侧功能组件和网络侧功能组件的端到端配合,利用随机数作为载体来交互及协商信息,同时利用对信息的加密来保证随机数自身的随机性,以达到在标准通信流程中嵌入专用安全机制的效果。本发明提供的一种基于随机数字段携带信息的方法和系统,可以基于标准协议参数中携带特定信息,也可以基于标准协议协商通道交互私有协商信息,使得终端侧和网络侧能够在不改变端到端协议格式及流程、中间传递信息网元前提下,利用随机数字段进行端到端地交互信息。

Figure 202010552295

The present invention discloses a method and system for carrying information based on random number field. The encryption of information ensures the randomness of the random number itself, so as to achieve the effect of embedding a special security mechanism in the standard communication process. The method and system for carrying information based on a random number field provided by the present invention can carry specific information based on standard protocol parameters, and can also exchange private negotiation information based on standard protocol negotiation channels, so that the terminal side and the network side can be Under the premise of the end-to-end protocol format and process, as well as the intermediate information transfer network elements, the random number field is used to exchange information end-to-end.

Figure 202010552295

Description

Method and system for carrying information based on random number field
Technical Field
The invention relates to the technical field of information system security, in particular to a method and a system for carrying information based on a random number field.
Background
The mobile communication system has evolved from 2G to 5G as the most standardized information communication system on the ground, and has now entered the pre-commercialization stage. Compared with the prior mobile communication system, the 5G mobile communication system not only has great improvement on communication capacity, but also has great change on business model. Particularly, in the business model, the mobile communication is changed from a 2C model for providing general services for general public users to a 2B model for providing differentiated services for vertical industry users. Therefore, a high-security private network, which is represented by 5G mobile communication including satellite, etc., and which constructs wide-area coverage based on public information infrastructure has become a mainstream technical approach in various industries.
In particular, there are some key industries with high security requirements in the vertical industry, which need to solve the problem of building a relatively secure information system based on an untrusted infrastructure, and often provide end-to-end security enhancement capability by performing security enhancement on the UE and the home network element respectively.
As shown in fig. 1, taking a mobile communication system as an example, an end-to-end enhanced security model of a key industry with high security requirements includes a mobile terminal device (high security device) -a service network domain-a trusted network domain-a high security application, where the service network domain includes an access network and a core network visited network, and is completely dependent on a public infrastructure of the mobile communication system; the trusted network domain is mainly a core network home network and consists of a general function and a customized function of a key industry; the high-safety equipment is used for carrying out safety enhancement based on a universal mobile communication terminal; high security applications are fully customized application functions for critical industries. The end-to-end security enhancement capability of a signaling plane and a service plane is realized by respectively performing security enhancement on the trusted network domains of the UE side and the home location, and meanwhile, the effect of embedding a special security mechanism in a standard communication flow is achieved.
However, the establishment of a high-security private network based on public information infrastructure needs to be established under the precondition that the public standards such as international, domestic and industry are strictly followed, and meanwhile, the standards and protocols are not changed, and on the basis of an end-to-end enhanced security model, negotiation information required by a security enhancement mechanism of a key industry per se needs to be transmitted through a protocol channel specified by the public standards. However, the protocol channels specified by the published standards often do not reserve redundant fields to provide space for the industry to transfer additional information, and therefore, the difficult problem of carrying additional information based on the protocol fields specified by the published standards so as to facilitate negotiation between the UE and the home-based customized network element is urgently solved.
Disclosure of Invention
The purpose of the invention is: the method and the system can carry information based on the protocol field specified by the open standard without changing the open standard or the protocol specified by the open standard by carrying the ciphertext information obtained by encrypting the specific information in the random number field, thereby achieving the effect of end-to-end negotiation information between the UE and the attribution customized network element and meeting the requirement of constructing a high-safety private network in the key industry.
The invention provides a method for carrying information based on a random number field, which is characterized in that the information is interacted and negotiated by using a random number as a carrier through end-to-end matching of a terminal side functional component and a network side functional component, and the randomness of the random number is ensured by encrypting the information, and the method comprises the following steps:
(1) when the random number is transferred from the network side function component to the terminal side function component: the network side functional component converts the specific entrainment information into ciphertext information meeting the requirement of the specified length of the random number through an encryption mechanism, performs integrity protection, ensures that the ciphertext information has the characteristics of the random number, fills the ciphertext information in a random number section and transmits the ciphertext information to the terminal side functional component; the terminal side functional assembly encryption mechanism judges whether the random number field carries specific entrainment information or not, and if not, the standard processing flow is executed according to the common random number; if the random number is carried, extracting the ciphertext information from the random number section through an encryption mechanism, recovering the ciphertext information into plaintext information of specific entrained information after integrity verification, and then executing a standard processing flow by taking the random number section as a common random number after executing a related processing flow of the specific entrained information;
(2) when the random number is transferred from the terminal side function component to the network side function component: the terminal side functional component converts the specific entrainment information into ciphertext information meeting the requirement of the specified length of the random number through an encryption mechanism, performs integrity protection, ensures that the ciphertext information has the characteristics of the random number, fills the ciphertext information in a random number section, and transmits the ciphertext information to the network side functional component; the network side functional assembly encryption mechanism judges whether the random number field carries specific entrainment information or not, and if not, the standard processing flow is executed according to the common random number; if the random number is carried, extracting the ciphertext information from the random number section through an encryption mechanism, recovering the ciphertext information into plaintext information of the specific entrained information after integrity verification, and then executing a standard processing flow by taking the random number section as a common random number after executing a related processing flow of the specific entrained information.
Further, when the random number is transmitted from the network side function component to the terminal side function component, the execution process of the network side function component includes the following steps:
step S101, a network side functional component encodes specific entrained information and converts the specific entrained information into encoded plaintext information with the required encryption length;
step S102, the network side functional component uses the coded plaintext information to generate summary data;
step S103, the network side functional component inserts random information into the coded plaintext information and the abstract data to generate plaintext information which meets the requirement of the specified length of the random number;
step S104, the network side functional component carries out encryption operation on plaintext information meeting the requirement of the specified length of the random number to generate ciphertext information meeting the requirement of the specified length of the random number;
step S105, the network side functional component fills the cipher text information meeting the requirement of the random number on the specified length in the random number field and transmits the cipher text information to the terminal side functional component.
Further, when the random number is transmitted from the network side function component to the terminal side function component, the execution process of the terminal side function component includes the following steps:
step S201, the terminal side functional assembly assumes that the random number field contains the ciphertext information meeting the requirement of the specified length of the random number, and performs decryption operation on the random number field to obtain the plaintext information meeting the requirement of the specified length of the random number;
step S202, the terminal side functional assembly eliminates random information from the plaintext information meeting the specified length requirement to obtain encoded plaintext information and summary data;
step S203, the terminal side functional component generates abstract data by using the encoded plaintext information, and performs comparison verification with the abstract data analyzed from the random number field, and the verification result is used as a basis for distinguishing whether the random number carries specific entrained information, and is also used as a basis for integrity verification of the carried information:
a1, if the verification result is consistent, indicating that the random number field carries specific entrainment information and the entrainment information is not tampered in the transmission process, the terminal side functional component performs inverse coding conversion on the coded plaintext information to obtain the specific entrainment information;
a2, the terminal side functional assembly executes the relevant processing flow of the specific carried information, and finally, the random number field is used as the common random number to execute the standard processing flow;
b. and if the verification result is inconsistent, the random number field is indicated to be not carried with specific entrained information or the carried entrained information is tampered in the transmission process, and the terminal side functional component executes a standard processing flow of the common random number.
Further, when the random number is transferred from the terminal-side function component to the network-side function component, the execution process of the terminal-side function component includes the following steps:
step S111, the terminal side functional assembly encodes the specific entrained information and converts the specific entrained information into encoded plaintext information with the required encryption length;
step S112, the terminal side functional component uses the coded plaintext information to generate summary data;
step S113, the terminal side functional assembly inserts random information into the coded plaintext information and the abstract data to generate plaintext information which meets the requirement of the specified length of the random number;
step S114, the terminal side functional assembly carries out encryption operation on plaintext information meeting the requirement of the specified length of the random number to generate ciphertext information meeting the requirement of the specified length of the random number;
and step S115, the terminal side functional component fills the ciphertext information meeting the requirement of the specified length of the random number in a random number field and transmits the ciphertext information to the network side functional component.
Further, when the random number is transferred from the terminal side function component to the network side function component, the execution process of the network side function component includes the following steps:
step S211, the network side functional assembly assumes that the random number field contains the ciphertext information meeting the requirement of the specified length of the random number, and performs decryption operation on the random number field to obtain the plaintext information meeting the requirement of the specified length of the random number;
step S212, the network side functional component eliminates random information from the plaintext information meeting the specified length requirement to obtain encoded plaintext information and summary data;
step S213, the network side functional component generates abstract data by using the encoded plaintext information, and compares the abstract data with the abstract data analyzed from the random number field to check, so that the check result is used as a basis for distinguishing whether the random number carries specific entrained information, and is also used as a basis for checking the integrity of the carried information:
a1, if the verification result is consistent, indicating that the random number field carries specific entrainment information and the entrainment information is not tampered in the transmission process, the network side functional component performs inverse coding conversion on the coded plaintext information to obtain the specific entrainment information;
a2, the network side functional module executes the relevant processing flow of the specific carried information, and finally, the random number section is used as the common random number to execute the standard processing flow;
b. and if the verification result is inconsistent, the random number field is indicated to be not carried with specific entrained information or the carried entrained information is tampered in the transmission process, and the network side functional component executes a standard processing flow of the common random number.
The invention also provides a system based on the random number field carried information, which comprises a terminal side functional component and a network side functional component; the terminal side functional component and the network side functional component are used for executing the method for carrying information based on the random number field.
In summary, due to the adoption of the technical scheme, the invention has the beneficial effects that:
1. the method and the system for carrying information based on the random number field can carry specific information based on standard protocol parameters and can also interact private negotiation information based on a standard protocol negotiation channel, so that a terminal side and a network side can utilize the random number field to carry out end-to-end information interaction on the premise of not changing an end-to-end protocol format and flow and an intermediate information transmission network element.
2. The method and the system for carrying information based on the random number field have wide application range, are not only suitable for a mobile communication system, but also are suitable for any information system in principle. Particularly, the method and the system can provide powerful technical support for constructing a high-safety private network based on public infrastructure and implementing the military and civil fusion strategy.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present invention and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings can be obtained according to the drawings without inventive efforts.
FIG. 1 is a schematic diagram of a prior art end-to-end enhanced security model for a key industry with high security requirements.
Fig. 2 is a schematic flow chart of the method for carrying information based on the random number field according to the present invention, when the random number is transmitted from the network-side functional component to the terminal-side functional component.
Fig. 3 is a schematic flow chart of the method for carrying information based on the random number field according to the present invention, when the random number is transferred from the terminal-side functional component to the network-side functional component.
Fig. 4 is a schematic diagram of a method for carrying information based on a nonce field according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the detailed description and specific examples, while indicating the preferred embodiment of the invention, are intended for purposes of illustration only and are not intended to limit the scope of the invention. The components of embodiments of the present invention generally described and illustrated in the figures herein may be arranged and designed in a wide variety of different configurations. Thus, the following detailed description of the embodiments of the present invention, presented in the figures, is not intended to limit the scope of the invention, as claimed, but is merely representative of selected embodiments of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments of the present invention without making any creative effort, shall fall within the protection scope of the present invention.
The invention relates to a system for carrying information based on a random number field, which comprises a terminal side functional component and a network side functional component; the terminal side functional component and the network side functional component are used for executing a method for carrying information based on a random number field as described below.
As shown in fig. 1, the method for carrying information based on a nonce field is to use a nonce as a carrier to interact and negotiate information through end-to-end cooperation between a terminal-side functional component and a network-side functional component, and to ensure randomness of the nonce itself by using encryption of the information, so as to achieve an effect of embedding a dedicated security mechanism in a standard communication flow, and includes:
(1) when the random number is transferred from the network side function component to the terminal side function component: the network side functional component converts the specific entrainment information into ciphertext information meeting the requirement of the specified length of the random number through an encryption mechanism, performs integrity protection, ensures that the ciphertext information has the characteristics of the random number, fills the ciphertext information in a random number section and transmits the ciphertext information to the terminal side functional component; the terminal side functional assembly encryption mechanism judges whether the random number field carries specific entrainment information or not, and if not, the standard processing flow is executed according to the common random number; if the random number is carried, extracting the ciphertext information from the random number section through an encryption mechanism, recovering the ciphertext information into plaintext information of specific entrained information after integrity verification, and then executing a standard processing flow by taking the random number section as a common random number after executing a related processing flow of the specific entrained information;
as shown in fig. 2, specifically:
A. the execution process of the network side functional component comprises the following steps:
step S101, a network side functional component encodes specific entrained information and converts the specific entrained information into encoded plaintext information with the required encryption length;
step S102, the network side functional component uses the coded plaintext information to generate summary data;
step S103, the network side functional component inserts random information into the coded plaintext information and the abstract data to generate plaintext information which meets the requirement of the specified length of the random number;
step S104, the network side functional component carries out encryption operation on plaintext information meeting the requirement of the specified length of the random number to generate ciphertext information meeting the requirement of the specified length of the random number;
step S105, the network side functional component fills the cipher text information meeting the requirement of the random number on the specified length in the random number field and transmits the cipher text information to the terminal side functional component.
B. The execution process of the terminal side functional component comprises the following steps:
step S201, the terminal side functional assembly assumes that the random number field contains the ciphertext information meeting the requirement of the specified length of the random number, and performs decryption operation on the random number field to obtain the plaintext information meeting the requirement of the specified length of the random number;
step S202, the terminal side functional assembly eliminates random information from the plaintext information meeting the specified length requirement to obtain encoded plaintext information and summary data;
step S203, the terminal side functional component generates abstract data by using the encoded plaintext information, and performs comparison verification with the abstract data analyzed from the random number field, and the verification result is used as a basis for distinguishing whether the random number carries specific entrained information, and is also used as a basis for integrity verification of the carried information:
a1, if the verification result is consistent, indicating that the random number field carries specific entrainment information and the entrainment information is not tampered in the transmission process, the terminal side functional component performs inverse coding conversion on the coded plaintext information to obtain the specific entrainment information;
a2, the terminal side functional assembly executes the relevant processing flow of the specific carried information, and finally, the random number field is used as the common random number to execute the standard processing flow;
b. and if the verification result is inconsistent, the random number field is indicated to be not carried with specific entrained information or the carried entrained information is tampered in the transmission process, and the terminal side functional component executes a standard processing flow of the common random number.
(2) When the random number is transferred from the terminal-side function module to the network-side function module, the functions of the terminal-side function module and the network-side function module are just opposite to the case when the random number is transferred from the network-side function module to the terminal-side function module: the terminal side functional component converts the specific entrainment information into ciphertext information meeting the requirement of the specified length of the random number through an encryption mechanism, performs integrity protection, ensures that the ciphertext information has the characteristics of the random number, fills the ciphertext information in a random number section, and transmits the ciphertext information to the network side functional component; the network side functional assembly encryption mechanism judges whether the random number field carries specific entrainment information or not, and if not, the standard processing flow is executed according to the common random number; if the random number is carried, extracting the ciphertext information from the random number section through an encryption mechanism, recovering the ciphertext information into plaintext information of the specific entrained information after integrity verification, and then executing a standard processing flow by taking the random number section as a common random number after executing a related processing flow of the specific entrained information.
As shown in fig. 3, specifically:
A. the execution process of the terminal side functional component comprises the following steps:
step S111, the terminal side functional assembly encodes the specific entrained information and converts the specific entrained information into encoded plaintext information with the required encryption length;
step S112, the terminal side functional component uses the coded plaintext information to generate summary data;
step S113, the terminal side functional assembly inserts random information into the coded plaintext information and the abstract data to generate plaintext information which meets the requirement of the specified length of the random number;
step S114, the terminal side functional assembly carries out encryption operation on plaintext information meeting the requirement of the specified length of the random number to generate ciphertext information meeting the requirement of the specified length of the random number;
and step S115, the terminal side functional component fills the ciphertext information meeting the requirement of the specified length of the random number in a random number field and transmits the ciphertext information to the network side functional component.
B. The execution process of the network side functional component comprises the following steps:
step S211, the network side functional assembly assumes that the random number field contains the ciphertext information meeting the requirement of the specified length of the random number, and performs decryption operation on the random number field to obtain the plaintext information meeting the requirement of the specified length of the random number;
step S212, the network side functional component eliminates random information from the plaintext information meeting the specified length requirement to obtain encoded plaintext information and summary data;
step S213, the network side functional component generates abstract data by using the encoded plaintext information, and compares the abstract data with the abstract data analyzed from the random number field to check, so that the check result is used as a basis for distinguishing whether the random number carries specific entrained information, and is also used as a basis for checking the integrity of the carried information:
a1, if the verification result is consistent, indicating that the random number field carries specific entrainment information and the entrainment information is not tampered in the transmission process, the network side functional component performs inverse coding conversion on the coded plaintext information to obtain the specific entrainment information;
a2, the network side functional module executes the relevant processing flow of the specific carried information, and finally, the random number section is used as the common random number to execute the standard processing flow;
b. and if the verification result is inconsistent, the random number field is indicated to be not carried with specific entrained information or the carried entrained information is tampered in the transmission process, and the network side functional component executes a standard processing flow of the common random number.
The features and properties of the present invention are described in further detail below with reference to examples.
In this embodiment, the terminal side functional component included in the system based on the random number segment carried information is a USIM card of a 5G UE (mobile terminal) and a functional component in the USIM card, and the network side functional component is a 5G UDM network function and a functional component in the UDM; the USIM card of the 5G UE communicates with a mobile communication base station through a mobile network; and the USIM card and the UDM network function perform authentication data interaction through a mobile communication core network data center. It should be noted that both the UDM network function and the USIM card need to be slightly customized to facilitate interaction with their respective functional components.
Fig. 2 is a schematic diagram of the embodiment that the RAND random number in the authentication AV vector is used to carry specific carried information in the mobile communication system, and specifically includes the following steps:
s01: UE initiates a network attachment request, the network attachment request reaches a mobile communication core network data center through a mobile communication base station, and the mobile communication core network data center acquires an authentication AV vector to a UDM network function;
s02: the authentication AV vector generated by the UDM network function comprises an RAND random number, and specific entrainment information is acquired from a functional component in the UDM at the moment;
s03: the functional component in the UDM processes the specific entrainment information according to the method, generates 128-bit ciphertext information RAND meeting the length requirement, and transmits the 128-bit ciphertext information RAND to the UDM network function;
s04: the UDM network function fills cipher text information RAND carrying specific carried information into an RAND field of the authentication AV vector and transmits the RAND field to a mobile communication core network data center;
s05: the data center of the mobile communication core network initiates a bidirectional authentication request to the UE by using the authentication AV vector;
s06: after receiving the bidirectional authentication request, the UE extracts an authentication AV vector and transmits an RAND field and an AUTN to the USIM card;
s07: the USIM card takes out the cipher text information RAND from the RAND field and transmits the cipher text information RAND to a functional component in the USIM card,
s08: after the functional component in the USIM card obtains the ciphertext information RAND, processing the ciphertext information according to the method, so as to analyze the specific entrainment information transmitted from the network side functional component (the 5G UDM network function and the functional component in the UDM), wherein if the specific entrainment information is successfully analyzed, the returned return value is successful; if the specific entrained information is found to be tampered due to factors such as error codes and the like in the transmission process, the returned return value is failure;
s09: and the USIM card continues the subsequent bidirectional authentication processing according to the return value of the functional component in the USIM card.
The beneficial effects of the invention are as follows:
1. the method and the system for carrying information based on the random number field can carry specific information based on standard protocol parameters and can also interact private negotiation information based on a standard protocol negotiation channel, so that a terminal side and a network side can utilize the random number field to carry out end-to-end information interaction on the premise of not changing an end-to-end protocol format and flow and an intermediate information transmission network element.
2. The method and the system for carrying information based on the random number field have wide application range, are not only suitable for a mobile communication system, but also are suitable for any information system in principle. Particularly, the method and the system can provide powerful technical support for constructing a high-safety private network based on public infrastructure and implementing the military and civil fusion strategy.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents and improvements made within the spirit and principle of the present invention are intended to be included within the scope of the present invention.

Claims (2)

1.一种基于随机数字段携带信息的方法,其特征在于,所述方法应用于移动通信系统领域;所述方法为通过终端侧功能组件和网络侧功能组件的端到端配合,利用随机数作为载体来交互及协商信息,同时利用对信息的加密来保证随机数自身的随机性,包括:1. a method for carrying information based on random number field, it is characterized in that, described method is applied in the field of mobile communication system; Described method is through the end-to-end cooperation of terminal side functional component and network side functional component, utilizes random number As a carrier to exchange and negotiate information, and at the same time use the encryption of the information to ensure the randomness of the random number itself, including: (1)当随机数是从网络侧功能组件传递给终端侧功能组件时:网络侧功能组件通过加密机制将特定夹带信息转化为符合随机数规定长度要求的密文信息,并进行完整性保护,确保该密文信息具备随机数特征,并将其填充在随机数字段传递给终端侧功能组件;终端侧功能组件加密机制判断随机数字段中是否携带有特定夹带信息,若没有携带,则按普通随机数执行标准处理流程;若有携带,则通过加密机制从随机数字段中将密文信息提取出来,并在完整性校验后,恢复成特定夹带信息的明文信息,然后在执行完特定夹带信息的相关处理流程后,再将该随机数字段作为普通随机数执行标准处理流程;(1) When the random number is transmitted from the network-side functional component to the terminal-side functional component: the network-side functional component converts the specific entrained information into ciphertext information that meets the length requirements of the random number through an encryption mechanism, and performs integrity protection, Ensure that the ciphertext information has the characteristics of random numbers, fill it in the random number field and pass it to the terminal-side functional component; the encryption mechanism of the terminal-side functional component determines whether the random number field carries specific entrained information, and if it does not carry it, the normal number is used. The random number executes the standard processing flow; if it is carried, the ciphertext information is extracted from the random number field through the encryption mechanism, and after the integrity check, the plaintext information of the specific entrainment information is restored, and then the specific entrainment information is executed. After the relevant processing flow of the information, the random number field is used as a normal random number to perform the standard processing flow; (2)当随机数是从终端侧功能组件传递给网络侧功能组件时:终端侧功能组件通过加密机制将特定夹带信息转化为符合随机数规定长度要求的密文信息,并进行完整性保护,确保该密文信息具备随机数特征,并将其填充在随机数字段传递给网络侧功能组件;网络侧功能组件加密机制判断随机数字段中是否携带有特定夹带信息,若没有携带,则按普通随机数执行标准处理流程;若有携带,则通过加密机制从随机数字段中将密文信息提取出来,并在完整性校验后,恢复成特定夹带信息的明文信息,然后在执行完特定夹带信息的相关处理流程后,再将该随机数字段作为普通随机数执行标准处理流程;(2) When the random number is transmitted from the terminal-side functional component to the network-side functional component: the terminal-side functional component converts the specific entrained information into ciphertext information that meets the length requirements of the random number through an encryption mechanism, and performs integrity protection, Ensure that the ciphertext information has random number characteristics, and fill it in the random number field and pass it to the network side functional component; the network side functional component encryption mechanism judges whether the random number field carries specific entrained information, if not, it is carried out as normal. The random number executes the standard processing flow; if it is carried, the ciphertext information is extracted from the random number field through the encryption mechanism, and after the integrity check, the plaintext information of the specific entrainment information is restored, and then the specific entrainment information is executed. After the relevant processing flow of the information, the random number field is used as a normal random number to perform the standard processing flow; 当随机数是从网络侧功能组件传递给终端侧功能组件时,网络侧功能组件的执行过程包括如下步骤:When the random number is passed from the network-side functional component to the terminal-side functional component, the execution process of the network-side functional component includes the following steps: 步骤S101,网络侧功能组件将特定夹带信息进行编码,转化为加密所需要长度要求的编码后的明文信息;Step S101, the network side functional component encodes the specific entrained information, and converts it into encoded plaintext information with a length required for encryption; 步骤S102,网络侧功能组件使用编码后的明文信息生成摘要数据;Step S102, the network-side functional component generates digest data using the encoded plaintext information; 步骤S103,网络侧功能组件在编码后的明文信息以及摘要数据中插入随机信息,生成符合随机数规定长度要求的明文信息;Step S103, the network-side functional component inserts random information into the encoded plaintext information and the digest data, and generates plaintext information that meets the length requirement of the random number; 步骤S104,网络侧功能组件将符合随机数规定长度要求的明文信息进行加密运算,生成符合随机数规定长度要求的密文信息;Step S104, the network-side functional component performs an encryption operation on the plaintext information that meets the requirement of the specified length of the random number, and generates ciphertext information that meets the requirement of the specified length of the random number; 步骤S105,网络侧功能组件将该符合随机数规定长度要求的密文信息填充在随机数字段传递给终端侧功能组件;Step S105, the network-side functional component fills the random number field with the ciphertext information that meets the specified length of the random number and transmits it to the terminal-side functional component; 当随机数是从网络侧功能组件传递给终端侧功能组件时,终端侧功能组件的执行过程包括如下步骤:When the random number is passed from the network-side functional component to the terminal-side functional component, the execution process of the terminal-side functional component includes the following steps: 步骤S201,终端侧功能组件假设随机数字段中包含符合随机数规定长度要求的密文信息,对随机数字段进行解密运算,得到符合随机数规定长度要求的明文信息;Step S201, the terminal-side functional component assumes that the random number field contains ciphertext information that meets the specified length of the random number, and performs a decryption operation on the random number field to obtain plaintext information that meets the specified length of the random number; 步骤S202,终端侧功能组件从符合规定长度要求的明文信息中剔除随机信息,得到编码后的明文信息以及摘要数据;Step S202, the terminal-side functional component removes random information from the plaintext information that meets the specified length requirement, and obtains encoded plaintext information and abstract data; 步骤S203,终端侧功能组件使用编码后的明文信息生成摘要数据,并与从随机数字段中解析出来的摘要数据进行比对校验,以此校验结果来作为区分该随机数是否携带了特定夹带信息的依据,同时也作为携带信息完整性校验的依据:Step S203, the terminal-side functional component uses the encoded plaintext information to generate digest data, and compares and checks with the digest data parsed from the random number field, and uses the check result as a way to distinguish whether the random number carries a specific data. The basis for the entrained information is also used as the basis for the integrity check of the carried information: a1、若校验结果为一致,表示该随机数字段携带了特定夹带信息,并且该夹带信息在传输过程中未被篡改,则终端侧功能组件将编码后的明文信息进行反编码转换,得到特定夹带信息;a1. If the verification result is consistent, it means that the random number field carries specific entrained information, and the entrained information has not been tampered with during the transmission process, then the terminal side functional component will perform inverse encoding conversion on the encoded plaintext information to obtain the specific entrainment information. entrainment information; a2、终端侧功能组件执行特定夹带信息的相关处理流程,最后再将该随机数字段作为普通随机数执行标准处理流程;a2. The terminal-side functional component executes the relevant processing flow of the specific entrained information, and finally the random number field is used as a normal random number to execute the standard processing flow; b、若校验结果为不一致,表示该随机数字段要么没有携带特定夹带信息,要么所携带的夹带信息在传输过程中被篡改,则终端侧功能组件执行普通随机数的标准处理流程;b. If the verification result is inconsistent, it means that the random number field either does not carry specific entrained information, or the entrained information carried is tampered with during the transmission process, then the terminal-side functional components execute the standard processing flow of ordinary random numbers; 当随机数是从终端侧功能组件传递给网络侧功能组件时,终端侧功能组件的执行过程包括如下步骤:When the random number is passed from the terminal-side functional component to the network-side functional component, the execution process of the terminal-side functional component includes the following steps: 步骤S111,终端侧功能组件将特定夹带信息进行编码,转化为加密所需要长度要求的编码后的明文信息;Step S111, the terminal-side functional component encodes the specific entrained information, and converts it into encoded plaintext information with a length required for encryption; 步骤S112,终端侧功能组件使用编码后的明文信息生成摘要数据;Step S112, the terminal-side functional component generates digest data using the encoded plaintext information; 步骤S113,终端侧功能组件在编码后的明文信息以及摘要数据中插入随机信息,生成符合随机数规定长度要求的明文信息;Step S113, the terminal-side functional component inserts random information into the encoded plaintext information and the digest data to generate plaintext information that meets the length requirement of the random number; 步骤S114,终端侧功能组件将符合随机数规定长度要求的明文信息进行加密运算,生成符合随机数规定长度要求的密文信息;Step S114, the terminal-side functional component performs an encryption operation on the plaintext information that meets the requirement of the specified length of the random number, and generates ciphertext information that meets the requirement of the specified length of the random number; 步骤S115,终端侧功能组件将该符合随机数规定长度要求的密文信息填充在随机数字段传递给网络侧功能组件;Step S115, the terminal-side functional component fills the random number field with the ciphertext information that meets the specified length of the random number and transmits it to the network-side functional component; 当随机数是从终端侧功能组件传递给网络侧功能组件时,网络侧功能组件的执行过程包括如下步骤:When the random number is passed from the terminal-side functional component to the network-side functional component, the execution process of the network-side functional component includes the following steps: 步骤S211,网络侧功能组件假设随机数字段中包含符合随机数规定长度要求的密文信息,对随机数字段进行解密运算,得到符合随机数规定长度要求的明文信息;Step S211, the network-side functional component assumes that the random number field contains ciphertext information that meets the specified length of the random number, and performs a decryption operation on the random number field to obtain plaintext information that meets the specified length of the random number; 步骤S212,网络侧功能组件从符合规定长度要求的明文信息中剔除随机信息,得到编码后的明文信息以及摘要数据;Step S212, the network-side functional component removes random information from the plaintext information that meets the specified length requirement, and obtains encoded plaintext information and abstract data; 步骤S213,网络侧功能组件使用编码后的明文信息生成摘要数据,并与从随机数字段中解析出来的摘要数据进行比对校验,以此校验结果来作为区分该随机数是否携带了特定夹带信息的依据,同时也作为携带信息完整性校验的依据:Step S213, the network-side functional component uses the encoded plaintext information to generate digest data, and compares and checks with the digest data parsed from the random number field, and uses the check result to distinguish whether the random number carries a specific data. The basis for the entrained information is also used as the basis for the integrity check of the carried information: a1、若校验结果为一致,表示该随机数字段携带了特定夹带信息,并且该夹带信息在传输过程中未被篡改,则网络侧功能组件将编码后的明文信息进行反编码转换,得到特定夹带信息;a1. If the verification result is consistent, it means that the random number field carries specific entrained information, and the entrained information has not been tampered with during the transmission process. entrainment information; a2、网络侧功能组件执行特定夹带信息的相关处理流程,最后再将该随机数字段作为普通随机数执行标准处理流程;a2. The network-side functional component executes the relevant processing flow of the specific entrained information, and finally the random number field is used as a common random number to execute the standard processing flow; b、若校验结果为不一致,表示该随机数字段要么没有携带特定夹带信息,要么所携带的夹带信息在传输过程中被篡改,则网络侧功能组件执行普通随机数的标准处理流程。b. If the verification result is inconsistent, it means that the random number field either does not carry specific entrained information, or the entrained information carried has been tampered with during the transmission process, and the network-side functional components execute the standard processing flow of ordinary random numbers. 2.一种基于随机数字段携带信息的系统,其特征在于,包括终端侧功能组件和网络侧功能组件;所述终端侧功能组件和网络侧功能组件用于执行如权利要求1所述的基于随机数字段携带信息的方法。2. A system for carrying information based on a random number field, comprising a terminal-side functional component and a network-side functional component; the terminal-side functional component and the network-side functional component are used to perform the The method by which the random number field carries information.
CN202010552295.9A 2020-06-17 2020-06-17 A method and system for carrying information based on random number field Active CN111884796B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010552295.9A CN111884796B (en) 2020-06-17 2020-06-17 A method and system for carrying information based on random number field

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010552295.9A CN111884796B (en) 2020-06-17 2020-06-17 A method and system for carrying information based on random number field

Publications (2)

Publication Number Publication Date
CN111884796A CN111884796A (en) 2020-11-03
CN111884796B true CN111884796B (en) 2022-03-18

Family

ID=73158371

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010552295.9A Active CN111884796B (en) 2020-06-17 2020-06-17 A method and system for carrying information based on random number field

Country Status (1)

Country Link
CN (1) CN111884796B (en)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101645883A (en) * 2008-08-08 2010-02-10 比亚迪股份有限公司 Data transmitting method, a data sending method and a data receiving method

Family Cites Families (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6957341B2 (en) * 1998-05-14 2005-10-18 Purdue Research Foundation Method and system for secure computational outsourcing and disguise
US20050259617A1 (en) * 2004-05-06 2005-11-24 Samsung Electronics Co., Ltd. System and method for channel time reservation in distributed wireless personal area network
JP5074823B2 (en) * 2007-05-29 2012-11-14 パナソニック株式会社 Data transmitting apparatus and data receiving apparatus
CN101159972B (en) * 2007-09-12 2011-04-20 华为技术有限公司 Traffic processing method and system and traffic control point
CN101217364B (en) * 2007-12-28 2012-03-21 中国科学院计算技术研究所 An organization structure and maintenance method of security context in media accessing control system
CN104038450B (en) * 2013-03-04 2017-09-19 华为技术有限公司 Message transmission method and device based on PCIE bus
CN105577738B (en) * 2014-11-10 2019-08-02 中国移动通信集团公司 A kind of method, apparatus and system of processing terminal information
CN104506500A (en) * 2014-12-11 2015-04-08 广东电网有限责任公司电力科学研究院 GOOSE message authentication method based on transformer substation
CN106385313A (en) * 2016-09-08 2017-02-08 四川长虹电器股份有限公司 Random cryptograph system based on grouping encryption algorithm and realization method thereof
CN110839283A (en) * 2018-08-15 2020-02-25 华为技术有限公司 A kind of air interface resource allocation method and wireless access point AP
CN111083091B (en) * 2018-10-19 2022-08-02 中兴通讯股份有限公司 A tunnel creation method, device and storage medium
CN110351015A (en) * 2019-08-21 2019-10-18 上海云丁微电子有限公司 A kind of data transmission method for uplink, method of reseptance and equipment
CN111002310A (en) * 2019-12-17 2020-04-14 上海嘉奥信息科技发展有限公司 Data communication method and system suitable for mechanical arm and PC

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101645883A (en) * 2008-08-08 2010-02-10 比亚迪股份有限公司 Data transmitting method, a data sending method and a data receiving method

Also Published As

Publication number Publication date
CN111884796A (en) 2020-11-03

Similar Documents

Publication Publication Date Title
CN110366175B (en) Security negotiation method, terminal device and network device
US20050188219A1 (en) Method and a system for communication between a terminal and at least one communication equipment
CN112423276B (en) Encryption communication system and method for Internet of things
CN115696314B (en) Device anonymous identification acquisition method, device, storage medium and computer equipment
CN113507358B (en) Communication system, authentication method, electronic device, and storage medium
CN105007163B (en) Transmission, acquisition methods and the transmission of wildcard, acquisition device
CN106162641B (en) A kind of safe public WiFi authentication method and system
CN110809892B (en) An authentication method, terminal and network device
CN111212425B (en) An access method, server and terminal
CN111869251A (en) Communication terminal, network device, communication method and concealment removal method
CN107294723A (en) The generation of message integrity authentication information and verification method, device and checking system
KR20120019507A (en) System and method for authentication for wireless emergency services
CN104579657A (en) Method and device for identity authentication
CN116419229A (en) Integrating Communication Methods for Trust Metrics
CN100550888C (en) The method and the computer installation that are used for message coding
US10097553B2 (en) Installation of a secure-element-related service application in a secure element in a communication device, system and telecommunications
CN115278676B (en) A WAPI certificate application method, wireless terminal, and certificate identifier
CN101977379A (en) Authentication method and device of mobile terminal
CN111884796B (en) A method and system for carrying information based on random number field
CN113302895B (en) Method and apparatus for authenticating a group of wireless communication devices
CN111356132B (en) Bluetooth access control method, system, electronic device and storage medium
CN114158047B (en) Method and device for realizing one-key login service
CN111935710B (en) Application program login method and device of mobile terminal and electronic equipment
CN103856932B (en) Method and system for obtaining arrearage state of user
CN112616148B (en) Authentication method, authentication platform and authentication system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant