CN111934876A - Token verification method, device, equipment and storage medium - Google Patents
Token verification method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN111934876A CN111934876A CN202010572707.5A CN202010572707A CN111934876A CN 111934876 A CN111934876 A CN 111934876A CN 202010572707 A CN202010572707 A CN 202010572707A CN 111934876 A CN111934876 A CN 111934876A
- Authority
- CN
- China
- Prior art keywords
- token
- verified
- checked
- identifier
- time
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
- H04L9/3213—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3297—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a token checking method, which comprises the following steps: responding to a service request sent by a client, and acquiring a token to be checked in the service request; acquiring an identifier in the token to be checked; determining whether the token to be checked has been used based on the identifier; when the token to be verified is not used, judging whether the token to be verified meets a preset token compliance condition; the token compliance condition comprises that the generation time of the token to be checked is earlier than the preset request delivery time; if yes, judging that the token to be verified is successfully verified; if not, the token to be verified fails to be verified. The invention also discloses a token checking device, token checking equipment and a computer readable storage medium. By adopting the embodiment of the invention, the security of the network access process can be improved.
Description
Technical Field
The present invention relates to the field of network access control technologies, and in particular, to a token checking method, apparatus, device, and storage medium.
Background
Token (Tokens) is a concept for security of smart terminals, and as network data security is continuously developed, Tokens are used by more and more industries as one of the most secure authentication technologies. When a client needs to access the server, the server creates an access token, and the token can be used for identity authentication, can effectively improve the security of the identity authentication, and is widely applied to the application fields of internet banking, telecom operators, e-government affairs and the like. The common token verification method in the prior art is as follows: the client applies for a token from the server in advance, the server generates the token, the token is stored in the database and is returned to the client, the client requests the server to check the token, and the server extracts the detailed token information from the database to check the token. The existing token verification process is simple, when a token provided by a client corresponds to a token stored in a server, verification is passed, and a more rigorous verification process is not performed on the token, so that the reliability of the token is not high, and the security of network access is influenced.
Disclosure of Invention
The embodiment of the invention aims to provide a token checking method, a token checking device, token checking equipment and a storage medium, which can improve the security of a network access process.
In order to achieve the above object, an embodiment of the present invention provides a token checking method, including:
responding to a service request sent by a client, and acquiring a token to be checked in the service request;
acquiring an identifier in the token to be checked;
determining whether the token to be checked has been used based on the identifier;
when the token to be verified is not used, judging whether the token to be verified meets a preset token compliance condition; the token compliance condition comprises that the generation time of the token to be checked is earlier than the preset request delivery time;
if yes, judging that the token to be verified is successfully verified; if not, the token to be verified fails to be verified.
As an improvement of the above scheme, the token compliance condition further includes:
the token to be checked does not exceed the effective use time of the token; and obtaining the effective use time according to the generation time and preset error time.
As an improvement of the above scheme, the token compliance condition further includes:
the identifier is an identifier pre-assigned to the client.
As an improvement of the above scheme, before acquiring the identifier in the token to be checked, the method further includes:
acquiring a first real-time key corresponding to the token to be verified in a key bank; the client encrypts the token to be verified by adopting a second real-time key in advance, wherein the key seed of the second real-time key is the same as the key seed of the first real-time key;
judging whether the token to be verified can be decrypted by using the first real-time key;
if yes, the identifier in the token to be checked is obtained; if not, the token to be verified fails to be verified.
As an improvement of the above scheme, before the obtaining of the first real-time key corresponding to the token to be verified in the key store, the method further includes:
judging whether the components of the token to be verified are complete;
if so, executing the step of obtaining a first real-time key corresponding to the token to be verified in the key database; if not, the token to be verified fails to be verified.
As an improvement of the above solution, the determining whether the token to be verified has been used based on the identifier includes:
inquiring whether a recorded identifier identical to the identifier of the token to be checked exists in a token record table;
if yes, judging that the token to be verified is used; if not, the token to be checked is judged not to be used.
In order to achieve the above object, an embodiment of the present invention further provides a token verifying apparatus, including:
the system comprises a to-be-verified token acquisition module, a verification module and a verification module, wherein the to-be-verified token acquisition module is used for responding to a service request sent by a client and acquiring a to-be-verified token in the service request;
the identifier acquisition module is used for acquiring the identifier in the token to be checked;
the token reuse judging module is used for judging whether the token to be checked is used or not based on the identifier;
the token compliance judging module is used for judging whether the token to be verified meets a preset token compliance condition when the token to be verified is not used; the token compliance condition comprises that the generation time of the token to be checked is earlier than the preset request delivery time; if yes, judging that the token to be verified is successfully verified; if not, the token to be verified fails to be verified.
As an improvement of the above scheme, the token compliance condition further includes at least one of:
the token to be checked does not exceed the effective use time of the token; the effective using time is obtained according to the generating time and preset error time;
the identifier is an identifier pre-assigned to the client.
To achieve the above object, an embodiment of the present invention further provides a token checking apparatus, including a processor, a memory, and a computer program stored in the memory and configured to be executed by the processor, where the processor implements the token checking method according to any one of the above embodiments when executing the computer program.
In order to achieve the above object, an embodiment of the present invention further provides a computer-readable storage medium, where the computer-readable storage medium includes a stored computer program, where when the computer program runs, the apparatus where the computer-readable storage medium is located is controlled to execute the token verification method according to any one of the above embodiments.
Compared with the prior art, the token verification method, the device, the equipment and the storage medium disclosed by the embodiment of the invention firstly verify the integrity of the token to be verified, can eliminate the incomplete token and ensure the integrity of the token; secondly, the token to be verified is decrypted by adopting a real-time key mode, and whether the token is sent by a trusted end or not can be distinguished; meanwhile, the repeated token is removed by using the identifier, so that replay attack can be avoided; and finally, judging whether the token to be verified meets the token compliance condition or not, and effectively preventing the token from being abused after being leaked. In the process of token inspection, token integrity judgment, matching judgment, reuse judgment and compliance judgment are fully considered, and compared with the existing verification process, the method is more complex and strict, so that the security of the network access process can be improved.
Drawings
Fig. 1 is a flowchart of a token checking method according to an embodiment of the present invention;
FIG. 2 is an information interaction flow between an enterprise service bus platform and a service consumer according to an embodiment of the present invention;
FIG. 3 is a flow chart of another token checking method provided by the embodiment of the invention;
fig. 4 is a schematic structural diagram of a token verification apparatus according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of another token checking apparatus according to an embodiment of the present invention;
fig. 6 is a schematic structural diagram of a token verification apparatus according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1, fig. 1 is a flowchart of a token checking method according to an embodiment of the present invention; the token checking method comprises the following steps:
s11, responding to a service request sent by a client, and acquiring a token to be checked in the service request;
s12, acquiring the identifier in the token to be checked;
s13, judging whether the token to be checked is used or not based on the identifier;
s14, when the token to be verified is not used, judging whether the token to be verified meets a preset token compliance condition;
s15, if yes, judging that the token to be verified is verified successfully; if not, the token to be verified fails to be verified.
It should be noted that the token verification method according to the embodiment of the present invention is implemented by an Enterprise Service Bus platform (ESB), where the ESB may be a server, and the ESB packages part of functions of an Enterprise-level application system into a specific Service, and issues a call link to the outside to allow a Service consumer (client) with a Service requirement to call in an http(s) form, so as to achieve the purposes of Service sharing and data intercommunication. Before the service consumer calls the service, the service consumer needs to self-verify that the service consumer has the authority of calling the service, namely the enterprise service bus platform needs to authenticate the service consumer. The information interaction process of the enterprise service bus platform and the service consumer can refer to fig. 2.
Specifically, in step S11, the enterprise service bus platform obtains a token to be checked in a service request sent by a client in response to the service request. The service consumer (client) calls the request of the enterprise service bus platform service in an HTTP (S) mode, and performs a specific authentication process based on a token mode to ensure that the service is not called anonymously and maliciously, so that the data security and the platform stability are improved.
Specifically, after the token to be verified is obtained, integrity verification is performed on the token to be verified, and the integrity verification process is as follows:
s101, judging whether the components of the token to be verified are complete or not;
s102, if yes, executing a step 103; if not, the token to be verified fails to be verified.
For example, the enterprise service bus platform and the service consumer subscribe components of a token in advance, for example, the components of the token to be verified include a token header, a token load, and a token signature, and when the enterprise service bus platform acquires the token to be verified, the enterprise service bus platform first confirms whether the token to be verified includes three structures of the token header, the token load, and the token signature. In the JWT (Json web token) standard specification, the integrity check of the token is not limited, a malicious service consumer can bypass a check mechanism by transmitting an incomplete token, and the forged token can be removed by forcibly checking each component of the token in the embodiment of the invention.
Specifically, after the integrity of the token to be verified is verified, the token to be verified needs to be matched and verified by using a real-time key, and the matching and verifying process includes:
s103, acquiring a first real-time key corresponding to the token to be verified in a key bank;
s104, judging whether the token to be verified can be decrypted by using the first real-time key;
s105, if yes, executing step S12; if not, the token to be verified fails to be verified.
It is worth to be noted that, the enterprise service bus platform and the service consumer both have a key store in advance, and both regularly replace keys and synchronize key information in the key store. And the client (service consumer) encrypts the token to be verified by adopting a second real-time key in advance, wherein the key seed of the second real-time key is the same as that of the first real-time key.
It can be understood that the key seeds are used for generating real-time keys, and the real-time keys generated by the same key seeds are the same, so in the embodiment of the present invention, the same key seeds are owned by both the enterprise service bus platform and the service consumer, and the token to be verified can be decrypted by the real-time keys generated by the key seeds, so that it can be determined whether the token to be verified matches with the corresponding client. The keystore of the service consumer may refer to table 1, the keystore of the enterprise service bus platform may refer to table 2, the service consumer or the enterprise service bus platform may occasionally replace its own key seed, and at this time, the corresponding service consumer or the enterprise service bus platform may also correspondingly replace the same key seed, so that the same first real-time key and the same second real-time key may be generated through the same key seed.
Table 1 key repository for service consumers
| Serial number | Key seed | Real-time key |
| 1 | e58e2565d381cd12 | 1807d121e09156dea62925394c7dfbfd |
| ... | ... | ... |
TABLE 2 keystore for Enterprise service bus platform
| Serial number | Service consumer | Key seed | Real-time key |
| 1 | A | e58e2565d381cd12 | 1807d121e09156dea62925394c7dfbfd |
| 2 | B | dbD12d494e309a4e | B0bd8251fdbf2e66be75d1dba89b1376 |
| ... | ... | ... | ... |
Specifically, in step S12, the identifier in the token to be verified is obtained.
Specifically, in step S13, it is determined whether the token to be checked has been used based on the identifier. The enterprise service bus platform is provided with a token record table, and the token record table is used for recording used tokens. The token record table may refer to table 3. In the JWT standard, issued tokens cannot be revoked, and if not limited, the tokens can be uncontrollably reused, which is not favorable for the safe, stable and efficient operation of the platform. Therefore, in the embodiment of the invention, the enterprise service bus platform screens the identifiers of the tokens to be checked processed each time, does not respond to the existing token requests, and can avoid replay attack.
Table 3 token record table
| Serial number | Identifier | Request time | Service consumer |
| 1 | 0784c2cc-0aca-498a-8a96-cf705953d2fa | 2020-04-27 17:09:54 | A |
| 2 | e724b90c-5cef-49a8-a968-d85067374d84 | 2020-04-20 12:21:53 | B |
| ... | ... | ... | ... |
Illustratively, the enterprise service bus platform queries whether a recorded identifier identical to the identifier of the token to be verified exists in a token record table; if yes, judging that the token to be verified is used; if not, the token to be checked is judged not to be used.
Specifically, in step S14, when the token to be verified is not used, it is further determined whether the token to be verified satisfies a preset token compliance condition. Wherein the token compliance condition comprises:
a. the generation time of the token to be checked is earlier than the preset request delivery time;
b. the token to be checked does not exceed the effective use time of the token; the effective using time is obtained according to the generating time and preset error time; the error time may be a user-defined time, which is not specifically limited herein, for example, when the generation time is: 2020-04-20, 12:21:53, and if the error time is 1s, the effective use time is as follows: 2020-04-20, 12:21:54.
c. The identifier is an identifier pre-assigned to the client.
For example, if the generation time of the token to be verified is later than the request arrival time of the request arrival at the enterprise service bus platform, the token to be verified may be intercepted when the token to be verified arrives at the enterprise service bus platform, and the token to be verified arriving at the enterprise service bus platform is a forged token regenerated by a third party. If the token to be verified exceeds the effective use time of the token after being sent to the enterprise service bus platform, the token to be verified may be a forged token regenerated by a third party, and the setting of the effective use time can limit the operable space of the enterprise service bus platform to be continuously sent after the token to be verified is tampered by the third party. If the identifier of the token to be checked is not the identifier pre-allocated by the enterprise service bus platform, the token to be checked may also be a fake token, and the identifier is determined so as to prevent the non-authentication system from falsifying the identity of another person.
Specifically, in step S15, when the token to be verified satisfies the token compliance condition, it is determined that the token to be verified is successfully verified, and at this time, the enterprise service bus platform may respond to the subsequent step of the service consumer; and when the token to be verified does not meet the token compliance condition, judging that the token to be verified fails to verify.
Further, the process of the above steps S11-S15, S101-S105 can refer to FIG. 3.
Compared with the prior art, the token verification method disclosed by the embodiment of the invention firstly verifies the integrity of the token to be verified, can eliminate the incomplete token and ensure the integrity of the token; secondly, the token to be verified is decrypted by adopting a real-time key mode, and whether the token is sent by a trusted end or not can be distinguished; meanwhile, the repeated token is removed by using the identifier, so that replay attack can be avoided; and finally, judging whether the token to be verified meets the token compliance condition or not, and effectively preventing the token from being abused after being leaked. In the process of token inspection, token integrity judgment, matching judgment, reuse judgment and compliance judgment are fully considered, and compared with the existing verification process, the method is more complex and strict, so that the security of the network access process can be improved.
Referring to fig. 4, fig. 4 is a schematic structural diagram of a token verification apparatus 100 according to an embodiment of the present invention; the token verifying apparatus 100 includes:
a to-be-verified token obtaining module 10, configured to respond to a service request sent by a client, and obtain a to-be-verified token in the service request;
an identifier obtaining module 20, configured to obtain an identifier in the token to be checked;
a token reuse judging module 30, configured to judge whether the token to be verified has been used based on the identifier;
the token compliance judging module 40 is configured to, when the token to be verified is not used, judge whether the token to be verified meets a preset token compliance condition; the token compliance condition comprises that the generation time of the token to be checked is earlier than the preset request delivery time; if yes, judging that the token to be verified is successfully verified; if not, the token to be verified fails to be verified.
Optionally, the token compliance condition further comprises at least one of:
the token to be checked does not exceed the effective use time of the token; the effective using time is obtained according to the generating time and preset error time;
the identifier is an identifier pre-assigned to the client.
Further, referring to fig. 5, fig. 5 is a schematic structural diagram of another token checking apparatus 100 according to an embodiment of the present invention; the token verifying apparatus 100 further includes:
an integrity judgment module 50, configured to judge whether components of the token to be verified are complete; if the verification result is not complete, the token to be verified fails to be verified;
a real-time key obtaining module 60, configured to obtain a first real-time key corresponding to the token to be verified in a key store; the client encrypts the token to be verified by adopting a second real-time key in advance, wherein the key seed of the second real-time key is the same as the key seed of the first real-time key;
a decryption judgment module 70, configured to judge whether the token to be verified can be decrypted by using the first real-time key; and if the verification fails, judging that the verification of the token to be verified fails.
It should be noted that, for a specific working process of each module in the token verification apparatus 100, reference may be made to the working process of the token verification method described in the foregoing embodiment, and details are not repeated here.
Compared with the prior art, the token verification device 100 disclosed by the embodiment of the invention firstly verifies the integrity of the token to be verified, can remove the incomplete token and ensure the integrity of the token; secondly, the token to be verified is decrypted by adopting a real-time key mode, and whether the token is sent by a trusted end or not can be distinguished; meanwhile, the repeated token is removed by using the identifier, so that replay attack can be avoided; and finally, judging whether the token to be verified meets the token compliance condition or not, and effectively preventing the token from being abused after being leaked. In the process of token inspection, token integrity judgment, matching judgment, reuse judgment and compliance judgment are fully considered, and compared with the existing verification process, the method is more complex and strict, so that the security of the network access process can be improved.
Referring to fig. 6, fig. 6 is a schematic structural diagram of a token verification apparatus 200 according to an embodiment of the present invention; the token verifying apparatus 200 includes: a processor 21, a memory 22 and a computer program, such as a driving control program, stored in said memory and executable on said processor. The processor 21, when executing the computer program, implements the steps in the above embodiment of the token checking method, such as the steps S11 to S15 shown in fig. 1. Alternatively, the processor, when executing the computer program, implements the functions of the modules in the foregoing device embodiments, such as the to-be-verified token obtaining module 10.
Illustratively, the computer program may be divided into one or more modules, which are stored in the memory 22 and executed by the processor 21 to accomplish the present invention. The one or more modules may be a series of computer program instruction segments capable of performing certain functions, which are used to describe the execution of the computer program in the token verification device 200. For example, the computer program may be divided into a to-be-verified token obtaining module 10, an identifier obtaining module 20, a token reuse judging module 30, a token compliance judging module 40, an integrity judging module 50, a real-time key obtaining module 60, and a decryption judging module 70, and specific working processes of the respective modules may refer to the working process of the token verifying apparatus 100 described in the foregoing embodiment, and are not described herein again.
The token verification device 200 may be a desktop computer, a notebook, a palm computer, a cloud server, or other computing devices. The token verifying apparatus 200 may include, but is not limited to, a processor 21 and a memory 22. It will be appreciated by those skilled in the art that the schematic diagram is merely an example of an image enhancement device and does not constitute a limitation of the token verification device 200, and may include more or less components than those shown, or some components may be combined, or different components, for example, the token verification device 200 may further include an input-output device, a network access device, a bus, etc.
The Processor 21 may be a Central Processing Unit (CPU), other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic, discrete hardware components, etc. The general purpose processor may be a microprocessor or the processor may be any conventional processor or the like, and the processor 21 is the control center of the token verification apparatus 200 and connects the various parts of the entire token verification apparatus 200 using various interfaces and lines.
The memory 22 may be used for storing the computer programs and/or modules, and the processor 21 implements various functions of the token verifying apparatus 200 by executing or executing the computer programs and/or modules stored in the memory 22 and calling data stored in the memory 22. The memory 22 may mainly include a program storage area and a data storage area, wherein the program storage area may store an operating system, an application program required by at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area may store data (such as audio data, a phonebook, etc.) created according to the use of the cellular phone, and the like. In addition, the memory 22 may include high speed random access memory, and may also include non-volatile memory, such as a hard disk, a memory, a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), at least one magnetic disk storage device, a Flash memory device, or other volatile solid state storage device.
The module integrated with the token verifying apparatus 200 may be stored in a computer-readable storage medium if it is implemented in the form of a software functional unit and sold or used as a separate product. Based on such understanding, all or part of the flow of the method according to the embodiments of the present invention may also be implemented by a computer program, which may be stored in a computer-readable storage medium, and when the computer program is executed by a processor, the steps of the method embodiments may be implemented. Wherein the computer program comprises computer program code, which may be in the form of source code, object code, an executable file or some intermediate form, etc. The computer-readable medium may include: any entity or device capable of carrying the computer program code, recording medium, usb disk, removable hard disk, magnetic disk, optical disk, computer Memory, Read-Only Memory (ROM), Random Access Memory (RAM), electrical carrier wave signals, telecommunications signals, software distribution medium, and the like.
While the foregoing is directed to the preferred embodiment of the present invention, it will be understood by those skilled in the art that various changes and modifications may be made without departing from the spirit and scope of the invention.
Claims (10)
1. A token checking method, comprising:
responding to a service request sent by a client, and acquiring a token to be checked in the service request;
acquiring an identifier in the token to be checked;
determining whether the token to be checked has been used based on the identifier;
when the token to be verified is not used, judging whether the token to be verified meets a preset token compliance condition; the token compliance condition comprises that the generation time of the token to be checked is earlier than the preset request delivery time;
if yes, judging that the token to be verified is successfully verified; if not, the token to be verified fails to be verified.
2. The token validation method of claim 1, wherein the token compliance condition further comprises:
the token to be checked does not exceed the effective use time of the token; and obtaining the effective use time according to the generation time and preset error time.
3. The token validation method of claim 1, wherein the token compliance condition further comprises:
the identifier is an identifier pre-assigned to the client.
4. The token checking method of claim 1, wherein before obtaining the identifier in the token to be checked, the method further comprises:
acquiring a first real-time key corresponding to the token to be verified in a key bank; the client encrypts the token to be verified by adopting a second real-time key in advance, wherein the key seed of the second real-time key is the same as the key seed of the first real-time key;
judging whether the token to be verified can be decrypted by using the first real-time key;
if yes, the identifier in the token to be checked is obtained; if not, the token to be verified fails to be verified.
5. The token verifying method of claim 4, wherein before obtaining the first real-time key corresponding to the token to be verified in the key repository, the method further comprises:
judging whether the components of the token to be verified are complete;
if so, executing the step of obtaining a first real-time key corresponding to the token to be verified in the key database; if not, the token to be verified fails to be verified.
6. The token checking method of claim 1, wherein the determining whether the token to be checked has been used based on the identifier comprises:
inquiring whether a recorded identifier identical to the identifier of the token to be checked exists in a token record table;
if yes, judging that the token to be verified is used; if not, the token to be checked is judged not to be used.
7. A token verifying apparatus, comprising:
the system comprises a to-be-verified token acquisition module, a verification module and a verification module, wherein the to-be-verified token acquisition module is used for responding to a service request sent by a client and acquiring a to-be-verified token in the service request;
the identifier acquisition module is used for acquiring the identifier in the token to be checked;
the token reuse judging module is used for judging whether the token to be checked is used or not based on the identifier;
the token compliance judging module is used for judging whether the token to be verified meets a preset token compliance condition when the token to be verified is not used; the token compliance condition comprises that the generation time of the token to be checked is earlier than the preset request delivery time; if yes, judging that the token to be verified is successfully verified; if not, the token to be verified fails to be verified.
8. The token validation apparatus of claim 7, wherein the token compliance condition further comprises at least one of:
the token to be checked does not exceed the effective use time of the token; the effective using time is obtained according to the generating time and preset error time;
the identifier is an identifier pre-assigned to the client.
9. A token checking apparatus comprising a processor, a memory and a computer program stored in the memory and configured to be executed by the processor, the processor implementing the token checking method of any one of claims 1 to 6 when executing the computer program.
10. A computer-readable storage medium, comprising a stored computer program, wherein the computer program, when executed, controls an apparatus in which the computer-readable storage medium is located to perform the token checking method according to any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010572707.5A CN111934876A (en) | 2020-06-22 | 2020-06-22 | Token verification method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010572707.5A CN111934876A (en) | 2020-06-22 | 2020-06-22 | Token verification method, device, equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111934876A true CN111934876A (en) | 2020-11-13 |
Family
ID=73316638
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010572707.5A Pending CN111934876A (en) | 2020-06-22 | 2020-06-22 | Token verification method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111934876A (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8775810B1 (en) * | 2009-09-30 | 2014-07-08 | Amazon Technologies, Inc. | Self-validating authentication token |
| CN108737326A (en) * | 2017-04-14 | 2018-11-02 | 北京京东尚科信息技术有限公司 | Method, system, device and electronic equipment for carrying out token authentication |
| CN109862009A (en) * | 2019-02-01 | 2019-06-07 | 武汉思普崚技术有限公司 | A kind of client identity method of calibration and device |
-
2020
- 2020-06-22 CN CN202010572707.5A patent/CN111934876A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8775810B1 (en) * | 2009-09-30 | 2014-07-08 | Amazon Technologies, Inc. | Self-validating authentication token |
| CN108737326A (en) * | 2017-04-14 | 2018-11-02 | 北京京东尚科信息技术有限公司 | Method, system, device and electronic equipment for carrying out token authentication |
| CN109862009A (en) * | 2019-02-01 | 2019-06-07 | 武汉思普崚技术有限公司 | A kind of client identity method of calibration and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11757641B2 (en) | Decentralized data authentication | |
| EP3933624B1 (en) | Blockchain-based identity verification method and related hardware | |
| US20140026196A1 (en) | Anti-cloning system and method | |
| US20050235150A1 (en) | Bi-directionally verifying measurable aspects associated with modules, pre-computing solutions to configuration challenges, and using configuration challenges along with other authentication mechanisms | |
| CN109981680B (en) | Access control implementation method and device, computer equipment and storage medium | |
| CN106549919B (en) | Information registration and authentication method and device | |
| CN111191212B (en) | Block chain-based digital certificate processing method, device, equipment and storage medium | |
| WO2020173019A1 (en) | Access certificate verification method and device, computer equipment and storage medium | |
| CN111314172A (en) | Data processing method, device and equipment based on block chain and storage medium | |
| CN111880919A (en) | Data scheduling method, system and computer equipment | |
| CN112950201A (en) | Node management method and related device applied to block chain system | |
| CN111062059A (en) | Method and device for service processing | |
| CN106656507A (en) | Method and device for electronic authentication based on mobile terminal | |
| CN113328854A (en) | Service processing method and system based on block chain | |
| CN115964733B (en) | Block chain-based data sharing method and device, electronic equipment and storage medium | |
| CN110602051B (en) | Information processing method based on consensus protocol and related device | |
| CN116881936A (en) | Trusted computing method and related equipment | |
| CN116996305A (en) | Multi-level security authentication method, system, equipment, storage medium and entry gateway | |
| CN111628863A (en) | Data signature method and device, electronic equipment and storage medium | |
| CN112738005A (en) | Access processing method, device, system, first authentication server and storage medium | |
| US7743145B2 (en) | Verifying measurable aspects associated with a module | |
| CN111934876A (en) | Token verification method, device, equipment and storage medium | |
| CN115482132A (en) | Data processing method and device for electronic contract based on block chain and server | |
| CN115114657A (en) | Data protection method, electronic device and computer storage medium | |
| CN113890751A (en) | Method, apparatus and readable storage medium for controlling voting of alliance link authority |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20201113 |