CN104767766A - Web Service interface verification method, Web Service server and client side - Google Patents
Web Service interface verification method, Web Service server and client side Download PDFInfo
- Publication number
- CN104767766A CN104767766A CN201510232820.8A CN201510232820A CN104767766A CN 104767766 A CN104767766 A CN 104767766A CN 201510232820 A CN201510232820 A CN 201510232820A CN 104767766 A CN104767766 A CN 104767766A
- Authority
- CN
- China
- Prior art keywords
- client
- data result
- result condition
- web service
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Abstract
The embodiment of the invention discloses a Web Service interface verification method, a Web Service server and a client side. Compared with the prior art, user names, passwords and access right contained in a user verification method are omitted, and the verification safety can be effectively enhanced. The Web Service interface verification method comprises the steps that firstly, the Web Service server generates a key pair including a public key and a private key, the private key is stored, the public key is sent to the client side, and when the client side has access to the Web Service server, a verification parameter request is sent to the client side, and verification parameters sent by the client side are received, wherein the verification parameters include client side information and encryption verification parameters; secondly, the private key is used for decrypting the encryption verification parameters, and decrypted verification parameters are obtained; finally, whether the verification parameters are consistent with the decrypted verification parameters or not is judged. According to the method, verification safety is improved through the key pair.
Description
Technical field
The present invention relates to communication technical field, particularly relate to a kind of Web Service interface verification method, Web Service server, client.
Background technology
Web Service be a platform independently, low coupling, self-contained, based on the application program of programmable web, open XML (extend markup language) standard can be used to describe, issue, find, coordinate and configure these application programs, for developing the application program of distributed interoperability.In brief, Web Service is a kind of far call technology across programming language and spanning operation system platform.
Current Web Service service interface verification mode is divided into two kinds, one is without the need to checking, and the Web Service service without the need to checking that everyone can access is applicable to open to the service of public's use, as data of weather forecast; Another kind is by user's credential verification mode, needs the Web Service service of checking to be applicable to provide privately owned service, is applicable to all situations needing data confidentiality.
In existing technical scheme, the Web Service interface shortcoming of user's credential verification mode is once user's voucher is intercepted, then likely cause service interface to be cracked, significant data is stolen.In addition, the verification mode of user's voucher needs in the list of server end user data, comprises user name, password, access rights etc., records, manages and use these data, implements comparatively complicated.
Summary of the invention
Embodiments provide a kind of Web Service interface verification method, Web Service server, client, can effectively strengthen security verified.
A kind of Web Service interface verification method in the present invention, comprising:
Generate double secret key, this double secret key comprises PKI and private key;
Store private key and PKI is sent to client;
When client visits, send to client and obtain certificate parameter request;
Receive the certificate parameter that client sends, this certificate parameter comprises client-side information and encrypted authentication parameter;
Deciphered by private key pair encryption certificate parameter, obtain decryption verification parameter;
Judge that whether certificate parameter is consistent with decryption verification parameter, if so, then by checking, if not, then interrupt processing.
Optionally, this encrypted authentication parameter comprises:
The checking string of encryption, it is for obtaining client-side information and acquisition data result condition encryption by PKI;
The acquisition data result condition of encryption, it is for obtaining acquisition data result condition encryption by PKI.
Optionally, by described private key, described encrypted authentication parameter is deciphered, obtains decryption verification parameter and specifically comprise:
Obtain the first client-side information and first by the checking string deciphering of private key pair encryption and obtain data result condition;
The second acquisition data result condition is obtained by the acquisition data result condition deciphering of private key pair encryption.
Optionally, judge that whether described certificate parameter is consistent with described decryption verification parameter, if so, then by checking, if not, then interrupt processing comprises:
Judge that whether described client-side information is consistent with the first client-side information, if not, then trigger abnormality processing, if, then judge that first obtains data result condition and second whether obtains data result condition consistent, if the first acquisition data result condition and the second acquisition data result condition inconsistent, then interrupt processing, if first obtains data result condition and second to obtain data result consistent, then send the data that meet and obtain data result condition to client.
Present invention also offers a kind of Web Service server, comprising:
Generation unit, for generating double secret key, this double secret key comprises PKI and private key;
Memory cell, for storing private key;
First transmitting element, for being sent to client by PKI;
Second transmitting element, for when client visits, sends to client and obtains certificate parameter request;
First receiving element, send certificate parameter for receiving client, this certificate parameter comprises client-side information and encrypted authentication parameter;
Decryption unit, for being deciphered by private key pair encryption certificate parameter, obtains decryption verification parameter;
Judging unit, for judging that whether certificate parameter is consistent with decryption verification parameter;
By authentication unit, verify for passing through when described certificate parameter is consistent with described decryption verification parameter;
Interrupt processing unit, for when described certificate parameter and described decryption verification parameter inconsistent time interrupt processing.
Optionally,
This decryption unit comprises:
First deciphering subelement, obtains data result condition for being obtained the first client-side information and first by the checking string deciphering of private key pair encryption;
Second deciphering subelement, obtains the second acquisition data result condition for the acquisition data result condition deciphering by private key pair encryption.
Optionally,
This judging unit comprises:
First judgment sub-unit, for judging that whether client-side information is consistent with the first client-side information;
Whether the second judgment sub-unit is consistent for judging that the first acquisition data result condition and second obtains data result condition.
Optionally,
This Web Service server also comprises:
3rd transmitting element, for sending the data of satisfied acquisition data result condition to client.
Present invention also offers a kind of client, comprising:
Second receiving element, for receiving the PKI that Web Service server sends;
3rd receiving element, for receiving the acquisition certificate parameter request that Web Service server sends;
First ciphering unit, for using public-key to client-side information and the checking string obtaining the encryption that data result condition encryption obtains;
Second ciphering unit, for using public-key to the acquisition data result condition obtaining the encryption that data result condition encryption obtains;
4th transmitting element, for sending client-side information, the checking string of encryption and the acquisition data result condition of encryption;
4th receiving element, for receiving the data meeting and obtain data result condition.
As can be seen from the above technical solutions, the embodiment of the present invention has the following advantages:
In the present invention, first Web Service server generates double secret key, this double secret key comprises PKI and private key, then, store private key and PKI is sent to client, when client visits, sending to client and obtain certificate parameter request, receive client again and send certificate parameter, this certificate parameter comprises client-side information and encrypted authentication parameter, then, is deciphered by private key pair encryption certificate parameter, obtain decryption verification parameter, finally judge that whether certificate parameter is consistent with decryption verification parameter, if so, then by checking, if not, then interrupt processing.Above-mentioned verification method does not need to be verified by user's voucher, is improve security verified by double secret key.
Accompanying drawing explanation
Fig. 1 is a kind of Web Service interface verification method embodiment flow chart in the present invention;
Fig. 2 is a kind of another embodiment flow chart of Web Service interface verification method in the present invention;
Fig. 3 is a kind of Web Service server example structural representation in the present invention;
Fig. 4 is a kind of client embodiment structural representation in the present invention;
Fig. 5 is a kind of Web Service interface verification system example structure schematic diagram in the present invention.
Embodiment
Embodiments provide a kind of Web Service interface verification method, Web Service server, client, compared with prior art exempt user name, password and access rights that user rs authentication mode comprises, can effectively strengthen security verified.
Refer to Fig. 1, a kind of Web Service interface verification method embodiment in the present invention, comprising:
101, generate double secret key, this double secret key comprises PKI and private key;
In the present embodiment, first Web Service server generates secret key pair, and secret key pair comprises PKI and private key, and this secret key pair can be more than 128.
It should be noted that, PKI and private key are the double secret key obtained by a kind of algorithm, and PKI is part disclosed in cipher key pair, and private key is then private part.PKI is generally used for encrypted session key, certifying digital signature, or encrypts the data can deciphered with corresponding private key.The double secret key obtained by this algorithm can ensure it is worldwide unique.When using this double secret key, if with one of them secret key encryption one piece of data, another secret key decryption must be used.Such as just must decipher with private key by public key encryption data, if also must use public key decryptions with encrypted private key, otherwise deciphering can not be successful.
Above-mentioned cryptographic algorithm can use safety shell protocol (SSH, Secure Shell), and SSH formulated by the network work group of IETF, and SSH is based upon the security protocol on application layer and transport layer basis.SSH agreement effectively can prevent the information leakage problem in remote management procedures.SSH is a program on unix system at first, can make up the leak in network when proper use of.Ssh client is applicable to kinds of platform, is almost suitable for all unix platforms.
102, store private key and PKI is sent to client;
In the present embodiment, private key is stored in this locality by Web Service server, and PKI is sent to client.
It should be noted that, PKI and key will be stored in different places, in order to avoid enciphered data is cracked.
103, when client visits, send to client and obtain certificate parameter request;
In the present embodiment, when client-access Web Service server, Web Service server will ask for certificate parameter to client, and sent by the form obtaining certificate parameter request, concrete certificate parameter content will describe in detail in subsequent embodiment.
104, receive the certificate parameter that client sends, this certificate parameter comprises client-side information and encrypted authentication parameter;
In the present embodiment, after Web Service server sends and obtains certificate parameter request, client will send certificate parameter according to above-mentioned request content, and Web Service server then receives above-mentioned certificate parameter, and this certificate parameter comprises client-side information and encrypted authentication parameter.
105, deciphered by private key pair encryption certificate parameter, obtain decryption verification parameter;
In the present embodiment, Web Service server is deciphered by private key pair encryption certificate parameter, obtains decryption verification parameter.
It should be noted that, the secret key pair initially generated due to Web Service server is unique, if the PKI that the client of therefore accessing uses does not mate with the private key of Web Service server, then decipher the decryption verification parameter that obtains and certificate parameter inconsistent.
106, judge that whether certificate parameter is consistent with decryption verification parameter, if then perform step 107, otherwise perform step 108;
107, by checking;
108, interrupt processing.
In the present embodiment, Web Service server carries out consistency desired result to the certificate parameter that the decryption verification parameter after deciphering and client send, if inconsistent, interrupt processing, if consistent, interface is proved to be successful, and can set out subsequent step.
Refer to Fig. 2 below, a kind of another embodiment of Web Service interface verification method in the present invention, comprising:
201, generate double secret key, this double secret key comprises PKI and private key;
202, store private key and PKI is sent to client;
203, when client visits, send to client and obtain certificate parameter request;
In the present embodiment, step 201 is identical to step 103 with step 101 to step 203, does not repeat.
204, receive the certificate parameter that client sends, this certificate parameter comprises client-side information and encrypted authentication parameter;
Wherein, encrypted authentication parameter comprises:
The checking string of encryption, it is for obtaining client-side information and acquisition data result condition encryption by PKI;
The acquisition data result condition of encryption, it is for obtaining acquisition data result condition encryption by PKI;
Wherein, obtain data result condition and comprise the feature of asking for data, such as, wish to obtain one with banana, can be described it for a kind of fruit, yellow, tubular, arc, and pointed at both ends.
In the present embodiment, Web Service server can receive client by PKI to client-side information and obtain the encryption that data result condition encryption obtains checking string, use public-key to acquisition data result condition and the client-side information obtaining the encryption that data result condition encryption obtains.
It should be noted that, client carries out two re-encryptions, can improve fail safe.
205, obtain the first client-side information and first by the checking string deciphering of private key pair encryption and obtain data result condition;
In the present embodiment, Web Service server uses the checking string deciphering of private key pair encryption can obtain the first client-side information and first and obtains data result condition, wherein, if the PKI that client uses does not mate with the secret key that Web Service server uses, then cannot decipher or decipher the first client-side information of obtaining and the first acquisition data result condition and former client-side information and obtain data result condition and be not inconsistent.
206, the second acquisition data result condition is obtained by the acquisition data result condition deciphering of private key pair encryption;
In the present embodiment, Web Service server uses the deciphering of the acquisition data result condition of private key pair encryption to obtain the second acquisition data result condition, herein with former acquisition data result condition with decipher the acquisition data result condition obtained and distinguish mutually.If the PKI that client uses does not mate with the secret key that Web Service server uses, then cannot decipher or decipher the first data result condition and second obtained and obtain data result condition and be not inconsistent.
207, judge that whether client-side information is consistent with the first client-side information, if then perform step 209, otherwise perform step 208;
208, abnormality processing is triggered;
209, whether unanimously judge that the first acquisition data result condition and second obtains data result condition, if then perform step 211, otherwise perform step 210;
210, interrupt processing;
211, the data of satisfied acquisition data result condition are sent to client.
In the present embodiment, Web Service server judges that whether client-side information is consistent with the first client-side information, inconsistent, carry out abnormality processing, consistent then continue to judge that first obtains data result condition and second whether obtain data result condition consistent, if inconsistent, interrupt, if consistent, the data of satisfied acquisition data result condition are issued client.
In the present embodiment, the basis of the first embodiment not only increases twin check step, and corresponding data can also be pushed according to acquisition data result condition, make proof procedure controlled.Finally, Web Service server can also upgrade double secret key, and client replaces new PKI, continues the circulation program.
Above a kind of Web Service interface verification method embodiment provided by the invention is described, refers to Fig. 3 below, present invention also offers a kind of Web Service server example, comprising:
Generation unit 301, for generating double secret key, this double secret key comprises PKI and private key;
Memory cell 302, for storing private key;
First transmitting element 303, for being sent to client by PKI;
Second transmitting element 304, for when client visits, sends to client and obtains certificate parameter request;
First receiving element 305, for receiving the certificate parameter that client sends, this certificate parameter comprises client-side information and encrypted authentication parameter;
Decryption unit 306, for being deciphered by private key pair encryption certificate parameter, obtains decryption verification parameter;
Judging unit 307, for judging that whether certificate parameter is consistent with decryption verification parameter;
By authentication unit 308, verify for passing through when described certificate parameter is consistent with described decryption verification parameter;
Interrupt processing unit 309, for when described certificate parameter and described decryption verification parameter inconsistent time interrupt processing.
Wherein, decryption unit 306 comprises:
First deciphering subelement 3061, obtains data result condition for being obtained the first client-side information and first by the checking string deciphering of private key pair encryption;
Second deciphering subelement 3062, obtains the second acquisition data result condition for the acquisition data result condition deciphering by private key pair encryption;
Judging unit 307 comprises:
First judgment sub-unit 3071, for judging that whether client-side information is consistent with the first client-side information;
Whether the second judgment sub-unit 3072 is consistent for judging that the first acquisition data result condition and second obtains data result condition.
This Web Service server comprises further:
3rd transmitting element 310, for sending the data of satisfied acquisition data result condition to client.
With the example in an application, the correspondence between said units is described below:
First, generation unit 301 generates double secret key, and this double secret key comprises PKI and private key;
Then, memory cell 302 stores private key, and PKI is sent to client by the first transmitting element 303;
When client visits, the second transmitting element 304 sends to client and obtains certificate parameter request;
In the present embodiment, this certificate parameter comprises: client-side information and encrypted authentication parameter;
This encrypted authentication parameter comprises:
The checking string of encryption, it is for obtaining client-side information and acquisition data result condition encryption by PKI;
The acquisition data result condition of encryption, it is for obtaining acquisition data result condition encryption by PKI.
Wherein, obtain data result condition and comprise the feature of asking for data, such as, wish to obtain one with banana, can be described it for a kind of fruit, yellow, tubular, arc, and pointed at both ends.
Again by the first receiving element 305 receive client by PKI to client-side information and obtain the encryption that data result condition encryption obtains checking string, use public-key to acquisition data result condition and the client-side information obtaining the encryption that data result condition encryption obtains.
In the present embodiment, Web Service server can receive client by PKI to client-side information and obtain the encryption that data result condition encryption obtains checking string, use public-key to acquisition data result condition and the client-side information obtaining the encryption that data result condition encryption obtains.
It should be noted that, client carries out two re-encryptions, can improve fail safe.
First deciphering subelement 3061 obtains the first client-side information and first by the checking string deciphering of private key pair encryption and obtains data result condition;
In the present embodiment, Web Service server uses the checking string deciphering of private key pair encryption can obtain the first client-side information and first and obtains data result condition, wherein, if the PKI that client uses does not mate with the secret key that Web Service server uses, then cannot decipher or decipher the first client-side information of obtaining and the first acquisition data result condition and former client-side information and obtain data result condition and be not inconsistent.
Second deciphering subelement 3062 obtains the second acquisition data result condition by the acquisition data result condition deciphering of private key pair encryption;
In the present embodiment, Web Service server uses the deciphering of the acquisition data result condition of private key pair encryption to obtain the second acquisition data result condition, herein with former acquisition data result condition with decipher the acquisition data result condition obtained and distinguish mutually.If the PKI that client uses does not mate with the secret key that Web Service server uses, then cannot decipher or decipher the first data result condition and second obtained and obtain data result condition and be not inconsistent.
First judgment sub-unit 3071 judges that whether client-side information is consistent with the first client-side information;
Whether the second judgment sub-unit 3072 judges that the first acquisition data result condition and second obtains data result condition consistent;
Finally, the 3rd transmitting element 310 sends the data of satisfied acquisition data result condition to client.
Refer to Fig. 4, a kind of client embodiment provided by the invention, specifically comprises:
Second receiving element 401, for receiving the PKI that Web Service server sends;
3rd receiving element 402, for receiving the acquisition certificate parameter request that Web Service server sends;
First ciphering unit 403, for using public-key to client-side information and the checking string obtaining the encryption that data result condition encryption obtains;
Second ciphering unit 404, for using public-key to the acquisition data result condition obtaining the encryption that data result condition encryption obtains;
4th transmitting element 405, for sending client-side information, the checking string of encryption and the acquisition data result condition of encryption;
4th receiving element 406, for receiving the data meeting and obtain data result condition.
With the example in a practical application, the correspondence between said units is described below:
First, the second receiving element 401 receives the PKI that Web Service server sends;
Then, the 3rd receiving element 402 receives the acquisition certificate parameter request that Web Service server sends;
Then, the first ciphering unit 403 uses public-key to client-side information and the checking string obtaining the encryption that data result condition encryption obtains; Second ciphering unit 404 uses public-key to the acquisition data result condition obtaining the encryption that data result condition encryption obtains;
By the 4th transmitting element 405, the acquisition data result condition of the checking string of above-mentioned family client information, encryption and encryption is issued web server again;
Finally, the 4th receiving element 406 receives the data meeting and obtain data result condition.
Refer to Fig. 5 below, a kind of Web Service interface verification system provided by the invention, specifically comprises:
Web Service server 501 and client 502;
Web Service server 501 is set up with client 502 and is communicated;
This Web Service server 501 comprises:
Generation unit 5011, for generating double secret key, double secret key comprises PKI and private key;
Memory cell 5012, for storing private key;
First transmitting element 5013, for being sent to client by PKI;
Second transmitting element 5014, for when client visits, sends to client and obtains certificate parameter request;
First receiving element 5015, for receiving the certificate parameter by public key encryption and the certificate parameter of client transmission;
Decryption unit 5016, for being deciphered described encrypted authentication parameter by private key, obtains decryption verification parameter;
Judging unit 5017, for judging that whether certificate parameter is consistent with decryption verification parameter;
By authentication unit 5018, verify for passing through when described certificate parameter is consistent with described decryption verification parameter;
Interrupt processing unit 5019, for when described certificate parameter and described decryption verification parameter inconsistent time interrupt processing.
Wherein, decryption unit 5016 comprises further
First deciphering subelement 50161, obtains data result condition for being obtained the first client-side information and first by the checking string deciphering of private key pair encryption;
Second deciphering subelement 50162, obtains the second acquisition data result condition for the acquisition data result condition deciphering by private key pair encryption;
Judging unit 5017 comprises:
First judgment sub-unit 50171, for judging that whether client-side information is consistent with the first client-side information;
Whether the second judgment sub-unit 50172 is consistent for judging that the first acquisition data result condition and second obtains data result condition;
3rd transmitting element 5010, for sending the data of satisfied acquisition data result condition to client.
This client 502 comprises:
Second receiving element 5021, for receiving the PKI that web server sends;
3rd receiving element 5022, for receiving the acquisition certificate parameter request that web server sends;
First ciphering unit 5023, for using public-key to client-side information and the checking string obtaining the encryption that data result condition encryption obtains;
Second ciphering unit 5024, for using public-key to the acquisition data result condition obtaining the encryption that data result condition encryption obtains;
4th transmitting element 5025, for sending client-side information, the checking string of encryption and the acquisition data result condition of encryption;
4th receiving element 5026, for receiving the data meeting and obtain data result condition.
Those skilled in the art can be well understood to, and for convenience and simplicity of description, the system of foregoing description, the specific works process of system and unit, with reference to the corresponding process in preceding method embodiment, can not repeat them here.
In several embodiments that the application provides, should be understood that, disclosed system, system and method, can realize by another way.Such as, system embodiment described above is only schematic, such as, the division of described unit, be only a kind of logic function to divide, actual can have other dividing mode when realizing, such as multiple unit or assembly can in conjunction with or another system can be integrated into, or some features can be ignored, or do not perform.Another point, shown or discussed coupling each other or direct-coupling or communication connection can be by some interfaces, and the indirect coupling of system or unit or communication connection can be electrical, machinery or other form.
The described unit illustrated as separating component or can may not be and physically separates, and the parts as unit display can be or may not be physical location, namely can be positioned at a place, or also can be distributed in multiple network element.Some or all of unit wherein can be selected according to the actual needs to realize the object of the present embodiment scheme.
In addition, each functional unit in each embodiment of the present invention can be integrated in a processing unit, also can be that the independent physics of unit exists, also can two or more unit in a unit integrated.Above-mentioned integrated unit both can adopt the form of hardware to realize, and the form of SFU software functional unit also can be adopted to realize.
If described integrated unit using the form of SFU software functional unit realize and as independently production marketing or use time, can be stored in a computer read/write memory medium.Based on such understanding, the part that technical scheme of the present invention contributes to prior art in essence in other words or all or part of of this technical scheme can embody with the form of software product, this computer software product is stored in a storage medium, comprising some instructions in order to make a computer equipment (can be personal computer, server, or the network equipment etc.) perform all or part of step of method described in each embodiment of the present invention.And aforesaid storage medium comprises: USB flash disk, portable hard drive, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic disc or CD etc. various can be program code stored medium.
Those skilled in the art can be well understood to, and for convenience and simplicity of description, the specific works process of the system of foregoing description, with reference to the corresponding process in preceding method embodiment, can not repeat them here.In several embodiments that the application provides, should be understood that, disclosed system can realize by another way.
Above embodiment only in order to technical scheme of the present invention to be described, is not intended to limit; Although with reference to previous embodiment to invention has been detailed description, those of ordinary skill in the art is to be understood that: it still can be modified to the technical scheme described in foregoing embodiments, or carries out equivalent replacement to wherein portion of techniques feature; And these amendments or replacement, do not make the essence of appropriate technical solution depart from the spirit and scope of various embodiments of the present invention technical scheme.
Claims (9)
1. a Web Service interface verification method, is characterized in that, comprising:
Generate double secret key, described double secret key comprises PKI and private key;
Store private key and PKI is sent to client;
When client visits, send the request obtaining certificate parameter to client;
Receive the described certificate parameter that client sends, described certificate parameter comprises client-side information and encrypted authentication parameter;
By described private key, described encrypted authentication parameter is deciphered, obtain decryption verification parameter;
Judge that whether described certificate parameter is consistent with described decryption verification parameter, if so, then by checking, if not, then interrupt processing.
2. Web Service interface verification method according to claim 1, is characterized in that,
Described encrypted authentication parameter comprises:
The checking string of encryption, it is for obtaining client-side information and acquisition data result condition encryption by PKI;
The acquisition data result condition of encryption, it is for obtaining acquisition data result condition encryption by PKI.
3. Web Service interface verification method according to claim 2, is characterized in that,
Describedly by described private key, described encrypted authentication parameter to be deciphered, obtains decryption verification parameter and specifically comprise:
Obtain the first client-side information and first by the checking string deciphering of private key pair encryption and obtain data result condition;
The second acquisition data result condition is obtained by the acquisition data result condition deciphering of private key pair encryption.
4. Web Service interface verification method according to claim 3, is characterized in that,
Describedly judge that whether described certificate parameter is consistent with described decryption verification parameter, if so, then by checking, if not, then interrupt processing comprises:
Judge that whether described client-side information is consistent with described first client-side information, if not, then trigger abnormality processing, if, whether unanimously then judge that described first acquisition data result condition and described second obtains data result condition, if it is inconsistent that described first acquisition data result condition and described second obtains data result condition, then interrupt processing, if described first obtains data result condition and described second to obtain data result consistent, then send meet described acquisition data result condition data to client.
5. a Web Service server, is characterized in that, comprising:
Generation unit, for generating double secret key, described double secret key comprises PKI and private key;
Memory cell, for storing described private key;
First transmitting element, for being sent to client by described PKI;
Second transmitting element, for when client visits, sends the request obtaining certificate parameter to client;
First receiving element, for receiving the described certificate parameter that client sends, described certificate parameter comprises client-side information and encrypted authentication parameter;
Decryption unit, for being deciphered described encrypted authentication parameter by described private key, obtains decryption verification parameter;
Judging unit, for judging that whether described certificate parameter is consistent with described decryption verification parameter;
By authentication unit, verify for passing through when described certificate parameter is consistent with described decryption verification parameter;
Interrupt processing unit, for when described certificate parameter and described decryption verification parameter inconsistent time interrupt processing.
6. Web Service server according to claim 5, is characterized in that,
Described decryption unit comprises:
First deciphering subelement, obtains data result condition for being obtained the first client-side information and first by the checking string deciphering of private key pair encryption;
Second deciphering subelement, obtains the second acquisition data result condition for the acquisition data result condition deciphering by private key pair encryption.
7. Web Service server according to claim 5, is characterized in that,
Described judging unit comprises:
First judgment sub-unit, for judging that whether described client-side information is consistent with the first client-side information;
Whether the second judgment sub-unit is consistent for judging that described first acquisition data result condition and described second obtains data result condition.
8. Web Service server according to claim 5, is characterized in that,
Described Web Service server also comprises:
3rd transmitting element, for send meet described acquisition data result condition data to client.
9. a client, is characterized in that, comprising:
Second receiving element, for receiving the PKI that Web Service server sends;
3rd receiving element, for receiving the acquisition certificate parameter request that Web Service server sends;
First ciphering unit, for using public-key to client-side information and the checking string obtaining the encryption that data result condition encryption obtains;
Second ciphering unit, for using public-key to the acquisition data result condition obtaining the encryption that data result condition encryption obtains;
4th transmitting element, for sending described client-side information, the checking string of encryption and the acquisition data result condition of encryption;
4th receiving element, for receiving the data meeting and obtain data result condition.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510232820.8A CN104767766B (en) | 2015-05-08 | 2015-05-08 | A kind of Web Service interfaces verification method, Web Service servers, client |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510232820.8A CN104767766B (en) | 2015-05-08 | 2015-05-08 | A kind of Web Service interfaces verification method, Web Service servers, client |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104767766A true CN104767766A (en) | 2015-07-08 |
| CN104767766B CN104767766B (en) | 2018-03-27 |
Family
ID=53649371
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510232820.8A Active CN104767766B (en) | 2015-05-08 | 2015-05-08 | A kind of Web Service interfaces verification method, Web Service servers, client |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104767766B (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105187449A (en) * | 2015-09-30 | 2015-12-23 | 北京恒华伟业科技股份有限公司 | Interface calling method and device |
| WO2017015797A1 (en) * | 2015-07-24 | 2017-02-02 | 程强 | Information security transmission method and system for ordering system |
| CN107911381A (en) * | 2017-12-01 | 2018-04-13 | 济南浪潮高新科技投资发展有限公司 | Access method, system, server-side and the client of application programming interface |
| CN109510816A (en) * | 2018-10-23 | 2019-03-22 | 武汉极意网络科技有限公司 | Service request validation verification method, client and server |
| CN105208024B (en) * | 2015-09-22 | 2019-08-20 | 深圳市金溢科技股份有限公司 | Without using the data safe transmission method and system of HTTPS, client and server-side |
| CN112383522A (en) * | 2020-11-02 | 2021-02-19 | 浙江苍南仪表集团股份有限公司 | Function parameter data transmission encryption method, system, device and readable storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102868533A (en) * | 2012-09-13 | 2013-01-09 | 中科华核电技术研究院有限公司 | Method and system for verifying resource access authorization |
| CN103001770A (en) * | 2012-10-24 | 2013-03-27 | 北京奇虎科技有限公司 | User verification method, user verification server and user verification system |
| CN103428221A (en) * | 2013-08-26 | 2013-12-04 | 百度在线网络技术(北京)有限公司 | Safety logging method, system and device of mobile application |
| CN103546891A (en) * | 2012-12-27 | 2014-01-29 | 哈尔滨安天科技股份有限公司 | Method for authenticating identities of wireless network access points and equipment |
-
2015
- 2015-05-08 CN CN201510232820.8A patent/CN104767766B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102868533A (en) * | 2012-09-13 | 2013-01-09 | 中科华核电技术研究院有限公司 | Method and system for verifying resource access authorization |
| CN103001770A (en) * | 2012-10-24 | 2013-03-27 | 北京奇虎科技有限公司 | User verification method, user verification server and user verification system |
| CN103546891A (en) * | 2012-12-27 | 2014-01-29 | 哈尔滨安天科技股份有限公司 | Method for authenticating identities of wireless network access points and equipment |
| CN103428221A (en) * | 2013-08-26 | 2013-12-04 | 百度在线网络技术(北京)有限公司 | Safety logging method, system and device of mobile application |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2017015797A1 (en) * | 2015-07-24 | 2017-02-02 | 程强 | Information security transmission method and system for ordering system |
| CN105208024B (en) * | 2015-09-22 | 2019-08-20 | 深圳市金溢科技股份有限公司 | Without using the data safe transmission method and system of HTTPS, client and server-side |
| CN105187449A (en) * | 2015-09-30 | 2015-12-23 | 北京恒华伟业科技股份有限公司 | Interface calling method and device |
| CN105187449B (en) * | 2015-09-30 | 2018-10-02 | 北京恒华伟业科技股份有限公司 | A kind of interface call method and device |
| CN107911381A (en) * | 2017-12-01 | 2018-04-13 | 济南浪潮高新科技投资发展有限公司 | Access method, system, server-side and the client of application programming interface |
| CN109510816A (en) * | 2018-10-23 | 2019-03-22 | 武汉极意网络科技有限公司 | Service request validation verification method, client and server |
| CN109510816B (en) * | 2018-10-23 | 2021-05-14 | 武汉极意网络科技有限公司 | Service request validity verification method, client and server |
| CN112383522A (en) * | 2020-11-02 | 2021-02-19 | 浙江苍南仪表集团股份有限公司 | Function parameter data transmission encryption method, system, device and readable storage medium |
| CN112383522B (en) * | 2020-11-02 | 2023-02-24 | 浙江苍南仪表集团股份有限公司 | Function parameter data transmission encryption method, system, device and readable storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104767766B (en) | 2018-03-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9847882B2 (en) | Multiple factor authentication in an identity certificate service | |
| EP3197123B1 (en) | Method, terminal, and network server for information encryption and decryption and key management | |
| CN103138939B (en) | Based on the key access times management method of credible platform module under cloud memory module | |
| CN104009989B (en) | A kind of anti-stealing link method of media file, system and server | |
| CN105471833A (en) | Safe communication method and device | |
| CN109495274A (en) | A kind of decentralization smart lock electron key distribution method and system | |
| CN104767766A (en) | Web Service interface verification method, Web Service server and client side | |
| CN108809633B (en) | Identity authentication method, device and system | |
| CN107612889B (en) | Method for preventing user information leakage | |
| US11831753B2 (en) | Secure distributed key management system | |
| CN109543434B (en) | Block chain information encryption method, decryption method, storage method and device | |
| CN111181723B (en) | Method and device for offline security authentication between Internet of things devices | |
| CN104836784A (en) | Information processing method, client, and server | |
| CN101325483B (en) | Method and apparatus for updating symmetrical cryptographic key, symmetrical ciphering method and symmetrical deciphering method | |
| CN111224958A (en) | Data transmission method and system | |
| CN103856938A (en) | Encryption and decryption method, system and device | |
| CN106257859A (en) | A kind of password using method | |
| CN111489462B (en) | Personal Bluetooth key system | |
| CN111563980B (en) | Bluetooth lock key generation and authentication method | |
| CN102404363B (en) | A kind of access method and device | |
| CN115242785B (en) | Secure communication method between desktop cloud server and terminal | |
| CN100561913C (en) | A kind of method of access code equipment | |
| CN105518696A (en) | Performing an operation on a data storage | |
| CN114679299B (en) | Communication protocol encryption method, device, computer equipment and storage medium | |
| KR101329789B1 (en) | Encryption Method of Database of Mobile Communication Device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| EXSB | Decision made by sipo to initiate substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |