CN116094786A - Data processing method, system, device and storage medium based on double-factor protection - Google Patents
Data processing method, system, device and storage medium based on double-factor protection Download PDFInfo
- Publication number
- CN116094786A CN116094786A CN202211708701.1A CN202211708701A CN116094786A CN 116094786 A CN116094786 A CN 116094786A CN 202211708701 A CN202211708701 A CN 202211708701A CN 116094786 A CN116094786 A CN 116094786A
- Authority
- CN
- China
- Prior art keywords
- request
- request information
- check value
- verification
- factor
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a data processing method, a system, a device and a storage medium based on double-factor protection, which comprise the following steps: generating a check value by taking the request protocol packet as a request parameter according to a preset algorithm; sequencing the request parameters according to a preset rule to generate a parameter character string; generating an encryption abstract according to the parameter character string and the check value by using an encryption function, and generating a dynamic check factor according to the check value and the encryption abstract; the encryption function is an irreversible encryption function; and generating request information according to the dynamic verification factor, and sending the request information to a server side, so that the server side verifies the request information according to the verification value and the encryption abstract, and determines whether the request information plays back the attack. The embodiment of the invention can improve the effectiveness of preventing replay attack and can be widely applied to the technical field of computers.
Description
Technical Field
The present invention relates to the field of computer technologies, and in particular, to a data processing method, system, device, and storage medium based on dual-factor protection.
Background
Replay attack is also called replay attack, replay attack or freshness attack, which means that an attacker steals a previously operated protocol or a message fragment in a currently operated protocol for deception attack on the current protocol operation, thereby achieving the purposes of destroying network protocol security, blocking normal communication and consuming network resources, and the replay attack can occur in any network communication process, so that the replay attack is imperative. Replay attacks are typically prevented and freshness may be set at the request message to identify whether the message is a replay message. The method for setting the freshness of the request message is common: based on a timestamp, based on a sequence number. However, the freshness methods of the setting request message are all missed, and the effectiveness of preventing replay attack needs to be improved.
Disclosure of Invention
In view of the above, an object of the embodiments of the present invention is to provide a data processing method, system, device and storage medium based on dual-factor protection, which can improve the effectiveness of replay attack prevention.
In a first aspect, an embodiment of the present invention provides a data processing method based on dual-factor protection, which is applied to a client, and includes:
generating a check value by taking the request protocol packet as a request parameter according to a preset algorithm;
sequencing the request parameters according to a preset rule to generate a parameter character string;
generating an encryption abstract according to the parameter character string and the check value by using an encryption function, and generating a dynamic check factor according to the check value and the encryption abstract; the encryption function is an irreversible encryption function;
generating request information according to the dynamic verification factor, and sending the request information to a server, so that the server verifies the request information according to the verification value and the encryption abstract and determines whether the request information plays back an attack or not; and after the request is successful, storing the check value into a cache.
Optionally, the generating the check value by using the request protocol packet as the request parameter according to the preset algorithm specifically includes:
the Hash value is generated by taking the request protocol packet as a request parameter according to a Hash algorithm.
Optionally, the ordering the request parameters according to a preset rule specifically includes:
and ordering the request parameters according to the first letter order or the ASCII code order.
In a second aspect, an embodiment of the present invention provides a data processing method based on dual-factor protection, which is applied to a server, and includes:
receiving request information sent by a client, and determining a dynamic verification factor according to the request information; the dynamic verification factor comprises a verification value and an encryption abstract;
inquiring whether the check value exists in the cache;
if the check value exists in the cache, the request information is replay attack;
and if the check value does not exist in the cache, verifying the encrypted abstract, and determining whether the request information is a replay attack or not according to a verification result.
Optionally, the verifying the encrypted digest, and determining whether the request information is a replay attack according to a verification result, specifically includes:
determining a parameter character string and a check value according to the request information, and generating a verification abstract according to the parameter character string and the check value by an encryption algorithm;
comparing the verification digest with the encrypted digest;
if the verification digest is consistent with the encrypted digest, the request message is not a replay attack;
and if the verification digest is inconsistent with the encryption digest, the request information is replay attack.
In a third aspect, an embodiment of the present invention provides a data processing system based on dual-factor protection, applied to a client, including:
the first module is used for generating a check value by taking the request protocol packet as a request parameter according to a preset algorithm;
the second module is used for sequencing the request parameters according to a preset rule to generate a parameter character string;
the third module is used for generating an encryption abstract according to the parameter character string and the check value and generating a dynamic check factor according to the check value and the encryption abstract; the encryption function is an irreversible encryption function;
a fourth module, configured to generate request information according to the dynamic verification factor, and send the request information to a server, so that the server verifies the request information according to the verification value and the encrypted digest, and determines whether the request information is subjected to replay attack; and after the request is successful, storing the check value into a cache.
In a fourth aspect, an embodiment of the present invention provides a data processing system based on dual-factor protection, which is applied to a server, and includes:
a fifth module, configured to receive request information sent by a client, and determine a dynamic verification factor according to the request information; the dynamic verification factor comprises a verification value and an encryption abstract;
a sixth module, configured to query whether the check value exists in the cache;
a seventh module, configured to, if the check value exists in the cache, request the information to be a replay attack;
and an eighth module, configured to verify the encrypted digest if the check value does not exist in the cache, and determine whether the request information is a replay attack according to a verification result.
In a fifth aspect, an embodiment of the present invention provides a data processing apparatus based on dual-factor protection, including:
at least one processor;
at least one memory for storing at least one program;
the at least one program, when executed by the at least one processor, causes the at least one processor to implement the method described in the embodiments of the first aspect or the embodiments of the second aspect described above.
In a sixth aspect, embodiments of the present invention provide a computer readable storage medium, in which a processor executable program is stored, which when executed by a processor is configured to perform the method according to the embodiment of the first aspect or the embodiment of the second aspect described above.
In a seventh aspect, an embodiment of the present invention provides a data processing system based on dual-factor protection, including a client and a server, where the client is communicatively connected to the server,
the client is configured to implement the method described in the embodiment of the first aspect;
the server is configured to implement the method described in the embodiment of the second aspect.
The embodiment of the invention has the following beneficial effects: the client firstly generates a check value according to a preset algorithm, generates a parameter character string for the request parameter, then generates an encrypted abstract according to the parameter character string and the check value, generates a dynamic check factor according to the check value and the encrypted abstract, and adds the dynamic check factor into the request information to be sent to the server; after receiving the request information, the server analyzes the dynamic verification factors in the request information, and verifies the verification values and the encrypted abstracts in the dynamic verification factors respectively to determine whether the request information is replay attack; therefore, an interface verification method for forming double-factor protection between the client and the server through the check value and the encryption abstract is used for constructing a replay attack prevention defense mechanism, effectively preventing replay attack, improving interface communication safety and greatly improving the intelligent level of application safety protection.
Drawings
FIG. 1 is a block diagram of a data processing system based on dual factor protection according to an embodiment of the present invention;
fig. 2 is a schematic step flow diagram of a data processing method applied to a client according to an embodiment of the present invention;
FIG. 3 is a block diagram of a data processing system applied to a client according to an embodiment of the present invention;
fig. 4 is a schematic step flow diagram of a data processing method applied to a server according to an embodiment of the present invention;
FIG. 5 is a block diagram of a data processing system applied to a server according to an embodiment of the present invention;
FIG. 6 is a block diagram of a data processing apparatus based on dual factor protection according to an embodiment of the present invention;
fig. 7 is a flowchart of another data processing method based on dual factor protection according to an embodiment of the present invention.
Detailed Description
The invention will now be described in further detail with reference to the drawings and to specific examples. The step numbers in the following embodiments are set for convenience of illustration only, and the order between the steps is not limited in any way, and the execution order of the steps in the embodiments may be adaptively adjusted according to the understanding of those skilled in the art.
In the following description, reference is made to "some embodiments" which describe a subset of all possible embodiments, but it is to be understood that "some embodiments" can be the same subset or different subsets of all possible embodiments and can be combined with one another without conflict.
In the following description, the terms "first", "second", "third" and the like are merely used to distinguish similar objects and do not represent a specific ordering of the objects, it being understood that the "first", "second", "third" may be interchanged with a specific order or sequence, as permitted, to enable embodiments of the invention described herein to be practiced otherwise than as illustrated or described herein.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. The terminology used in the embodiments of the invention is for the purpose of describing embodiments of the invention only and is not intended to be limiting of the invention.
Before describing embodiments of the present invention in further detail, the terms and terminology involved in the embodiments of the present invention will be described, and the terms and terminology involved in the embodiments of the present invention will be used in the following explanation.
Referring to fig. 1, in the embodiment of the present invention, a client and a server communicate through an interface, where the communication manner may be wired communication or wireless communication, and the client sends request information to the server, and the server determines whether a replay attack is performed according to the request information, so as to determine the validity of the request information.
As shown in fig. 2, the embodiment of the invention provides a data processing method based on dual-factor protection, which is applied to a client, and includes steps S100 to S400.
S100, generating a check value by taking the request protocol packet as a request parameter according to a preset algorithm.
It should be noted that, the preset algorithm is determined according to the actual application, and the embodiment is not limited specifically. The check values are determined by the request parameters and the selected preset algorithm, and different preset algorithms correspond to different check values, for example, the Hash algorithm corresponds to a Hash value.
Optionally, the generating the check value by using the request protocol packet as the request parameter according to the preset algorithm specifically includes:
s110, generating a Hash value by taking the request protocol packet as a request parameter according to a Hash algorithm.
Specifically, when a preset algorithm selects a Hash algorithm, the client performs Hash algorithm calculation on the protocol packet requested each time to obtain a Hash value.
S200, sorting the request parameters according to a preset rule to generate a parameter character string.
It should be noted that, the preset rule is a certain agreed ordering rule, and the preset rule is determined according to practical application, and the embodiment is not limited specifically.
Optionally, the ordering the request parameters according to a preset rule specifically includes:
s210, ordering the request parameters according to the initial sequence or the ASCII code sequence.
Specifically, the request parameters are ordered in alphabetical order, ASCII code order, or a specific order of convention.
S300, generating an encryption abstract according to the parameter character string and the check value by using an encryption function, and generating a dynamic check factor according to the check value and the encryption abstract; the encryption function is an irreversible encryption function.
It should be noted that the encryption function is an irreversible encryption function commonly agreed by the client and the server, including, but not limited to, a common MD5 encryption function, and the like.
Specifically, when each request is made, the client uses an encryption function to encrypt the ordered character string of the client request parameter+hash value to generate an encrypted abstract, and generates a dynamic verification factor according to the verification value and the encrypted abstract.
S400, generating request information according to the dynamic verification factor, and sending the request information to a server, so that the server verifies the request information according to the verification value and the encryption abstract and determines whether the request information is subjected to replay attack or not; and after the request is successful, storing the check value into a cache.
Specifically, the dynamic verification factor includes, but is not limited to, the position of the request message header, the position of the request message body, and the like. The client adds the dynamic verification factor into the original request message to obtain request information, and sends the request information to the server; after receiving the request information, the server verifies the check value and the encrypted digest according to the dynamic check factor in the request information to determine whether the request information is replay-attacked.
It should be noted that, after each request is successful, the server side stores the Hash value to the dis cache. The Redis cache is used for storing the Hash value of the dynamic verification factor of the request information passing verification.
The embodiment of the invention has the following beneficial effects: in the embodiment, a client firstly generates a check value according to a preset algorithm, generates a parameter character string for the request parameter, then generates an encrypted abstract according to the parameter character string and the check value, generates a dynamic check factor according to the check value and the encrypted abstract, adds the dynamic check factor into request information and sends the request information to a server, so that the server verifies the dynamic check factor in the request information to determine whether the request information is replay attack; therefore, an interface verification method for forming double-factor protection between the client and the server through the check value and the encryption abstract is used for constructing a replay attack prevention defense mechanism, effectively preventing replay attack, improving interface communication safety and greatly improving the intelligent level of application safety protection.
Referring to fig. 3, an embodiment of the present invention provides a data processing system based on dual-factor protection, which is applied to a client, and includes:
the first module is used for generating a check value by taking the request protocol packet as a request parameter according to a preset algorithm;
the second module is used for sequencing the request parameters according to a preset rule to generate a parameter character string;
the third module is used for generating an encryption abstract according to the parameter character string and the check value and generating a dynamic check factor according to the check value and the encryption abstract; the encryption function is an irreversible encryption function;
a fourth module, configured to generate request information according to the dynamic verification factor, and send the request information to a server, so that the server verifies the request information according to the verification value and the encrypted digest, and determines whether the request information is subjected to replay attack; and after the request is successful, storing the check value into a cache.
It can be seen that, the above-mentioned content in the method embodiment applied to the client is applicable to the system embodiment, and the functions specifically implemented by the system embodiment are the same as those in the method embodiment applied to the client, and the beneficial effects achieved by the system embodiment are the same as those achieved by the method embodiment applied to the client.
Referring to fig. 4, an embodiment of the present invention provides a data processing method based on dual-factor protection, which is applied to a server, and includes steps S500 to S800.
S500, receiving request information sent by a client, and determining a dynamic verification factor according to the request information; the dynamic verification factor comprises a verification value and an encrypted digest.
Specifically, after receiving the request information sent by the client, the server extracts a dynamic verification factor from the request information, wherein the dynamic verification factor comprises a verification value and an encrypted abstract.
S600, inquiring whether the check value exists in the cache.
Specifically, the server side inquires whether the check value exists in the Redis cache, judges whether the request is a replay attack according to the existence condition of the check value in the Redis cache, and the inquiry mode can pass the matching verification.
And S700, if the check value exists in the cache, the request information is replay attack.
Specifically, if the check value exists in the Redis cache, the request information is replay attack, and the request information is invalid; if the check value does not exist in the Redis cache, the request information is a non-replay attack, which indicates that the request information is effective, and further verification of the encrypted abstract is needed.
And S800, if the check value does not exist in the cache, verifying the encrypted digest, and determining whether the request information is a replay attack or not according to a verification result.
Specifically, when it is unable to determine whether the request information is replay attack according to the check value, the server generates the encrypted digest of the server according to the encrypted digest generation rule of the client, then compares the encrypted digest with the encrypted digest sent by the client, and determines whether the request information is replay attack according to the comparison result.
Optionally, the verifying the encrypted digest, and determining whether the request information is a replay attack according to a verification result, specifically includes:
s810, determining a parameter character string and a check value according to the request information, and generating a verification abstract according to the parameter character string and the check value by an encryption algorithm;
s820, comparing the verification digest with the encryption digest;
s830, if the verification digest is consistent with the encryption digest, the request information is not replay attack;
and S840, if the verification digest is inconsistent with the encryption digest, the request information is replay attack.
Specifically, the server receives a Hash value and a request parameter in the dynamic verification factor; and the server side orders the parameters in the client side request according to an ordering rule to obtain an ordered parameter character string, then generates an encrypted abstract of the server side according to an encryption algorithm by the server side according to the parameter character string, a time stamp and a random number Hash value, compares the encrypted abstract with the encrypted abstract in a dynamic verification factor, if the encrypted abstract is inconsistent, the request is tampered, the request is judged to be an information tampering attack, if the encrypted abstract is consistent, the request is effective, the replay prevention verification is passed, and the server side can perform service processing.
It should be noted that, if the request passes the verification of the Hash value and the encrypted abstract, the server stores the Hash value in the dynamic verification factor into the dis cache. Hash value checking: and the server matches in the cache according to the Hash value, and if the Hash value does not match with the same value, the verification is passed. And (5) checking an encryption abstract: the server generates the encryption abstract of the server according to the encryption abstract generation rule of the client, compares the encryption abstract with the encryption abstract of the client, and if the encryption abstract is consistent with the client, checks to pass.
The embodiment of the invention has the following beneficial effects: the client firstly generates a check value according to a preset algorithm, generates a parameter character string for the request parameter, then generates an encrypted abstract according to the parameter character string and the check value, generates a dynamic check factor according to the check value and the encrypted abstract, and adds the dynamic check factor into the request information to be sent to the server; after receiving the request information, the server analyzes the dynamic verification factors in the request information, and verifies the verification values and the encrypted abstracts in the dynamic verification factors respectively to determine whether the request information is replay attack; therefore, an interface verification method for forming double-factor protection between the client and the server through the check value and the encryption abstract is used for constructing a replay attack prevention defense mechanism, effectively preventing replay attack, improving interface communication safety and greatly improving the intelligent level of application safety protection.
Referring to fig. 5, an embodiment of the present invention provides a data processing system based on dual-factor protection, which is applied to a server, and includes:
a fifth module, configured to receive request information sent by a client, and determine a dynamic verification factor according to the request information; the dynamic verification factor comprises a verification value and an encryption abstract;
a sixth module, configured to query whether the check value exists in the cache;
a seventh module, configured to, if the check value exists in the cache, request the information to be a replay attack;
and an eighth module, configured to verify the encrypted digest if the check value does not exist in the cache, and determine whether the request information is a replay attack according to a verification result.
It can be seen that the foregoing content in the method embodiment applied to the server is applicable to the system embodiment, and the functions specifically implemented by the system embodiment are the same as those in the method embodiment applied to the server, and the beneficial effects achieved by the system embodiment are the same as those achieved by the method embodiment applied to the server.
In a fifth aspect, an embodiment of the present invention provides a data processing apparatus based on dual-factor protection, including:
at least one processor;
at least one memory for storing at least one program;
the at least one program, when executed by the at least one processor, causes the at least one processor to implement the method for client application or the method for server application described above.
Wherein the memory is operable as a non-transitory computer readable storage medium storing a non-transitory software program and a non-transitory computer executable program. The memory may include high-speed random access memory, and may also include non-transitory memory, such as at least one magnetic disk storage device, flash memory device, or other non-transitory solid state storage device. In some embodiments, the memory optionally includes remote memory provided remotely from the processor, the remote memory being connectable to the processor through a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
It can be seen that the content in the above method embodiment is applicable to the embodiment of the present device, and the functions specifically implemented by the embodiment of the present device are the same as those of the embodiment of the above method, and the beneficial effects achieved by the embodiment of the above method are the same as those achieved by the embodiment of the above method.
Furthermore, embodiments of the present application disclose a computer program product or a computer program, which is stored in a computer readable storage medium. The computer program may be read from a computer readable storage medium by a processor of a computer device, the processor executing the computer program causing the computer device to perform the method as described above. Similarly, the content in the above method embodiment is applicable to the present storage medium embodiment, and the specific functions of the present storage medium embodiment are the same as those of the above method embodiment, and the achieved beneficial effects are the same as those of the above method embodiment.
The embodiment of the present invention also provides a computer-readable storage medium storing a program executable by a processor, which when executed by the processor is configured to implement the above-described method.
It is to be understood that all or some of the steps, systems, and methods disclosed above may be implemented in software, firmware, hardware, and suitable combinations thereof. Some or all of the physical components may be implemented as software executed by a processor, such as a central processing unit, digital signal processor, or microprocessor, or as hardware, or as an integrated circuit, such as an application specific integrated circuit. Such software may be distributed on computer readable media, which may include computer storage media (or non-transitory media) and communication media (or transitory media). The term computer storage media includes both volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data, as known to those skilled in the art. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital Versatile Disks (DVD) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can be accessed by a computer. Furthermore, as is well known to those of ordinary skill in the art, communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media.
Referring to fig. 1, an embodiment of the present invention provides a data processing system based on dual-factor protection, including a client and a server, where the client is communicatively connected to the server,
the client is configured to implement the method described in fig. 2;
the server is configured to implement the method described in fig. 4.
The data processing method based on the dual factor protection is described in a specific embodiment below. Referring to fig. 7, a specific data processing procedure is as follows:
the first step: the client generates a Hash value by taking the request protocol packet as a parameter through a Hash algorithm;
and a second step of: the client orders the request parameters according to the ASCII code sequence to generate a parameter character string;
and a third step of: the client generates an encryption abstract sign by using an encryption function MD5 (parameter character string+hash value);
fourth step: before a client initiates a request, a dynamic verification factor such as a Hash value, sign and the like is put into the head of a request parameter, and the request is initiated to a server;
fifth step: after receiving a client request, the server side takes out the dynamic verification factors of the request header one by one; firstly judging a Hash value, inquiring the obtained Hash value in a Redis cache by a server, if no result is inquired, indicating that the request is effective, and then carrying out encryption abstract verification, and if the result is inquired, indicating that the request is replay attack and that the request is ineffective;
sixth step: the server orders the received request parameters according to the ASCII code sequence, for example, if the request parameters are c= 3&b = 2&a =1, the ordered parameter character string is a= 1&b = 2&c =3;
seventh step: the server generates a cryptographic summary sign_server by using a cryptographic function: sign_server=md5 ('a= 1&b = 2&c =3' +hash value), and compares the encrypted digest sign_server of the server with the encrypted digest sign of the client, if the encrypted digest sign_server is consistent with the encrypted digest sign of the client, the request is valid, the replay prevention verification passes, the server can perform service processing, if the encrypted digest sign_server is inconsistent with the encrypted digest sign of the client, the request is tampered, and if the encrypted digest sign_server is not consistent with the encrypted digest sign of the client, the request is invalid;
eighth step: the anti-replay check passes, and the server stores the Hash value into the Redis cache.
The embodiment of the invention has the following specific beneficial effects: 1. the interface security method defense mechanism based on the double-factor protection can effectively defend against various Web application layer attacks such as replay attack, information tampering attack, man-in-the-middle attack and the like, and effectively ensure the stable operation of the system; 2. the cost of the storage space of the database at the server side is reduced, and only the memory at the server side is required to be accessed without accessing the database at the server side, so that the verification efficiency is effectively improved; the verification modes such as a hash algorithm, an encryption digest and the like are adopted, so that the method is suitable for most communication scenes in the technical field of network security, and the anti-replay defense capability of the system is greatly improved.
While the preferred embodiment of the present invention has been described in detail, the invention is not limited to the embodiment, and various equivalent modifications and substitutions can be made by those skilled in the art without departing from the spirit of the invention, and these modifications and substitutions are intended to be included in the scope of the present invention as defined in the appended claims.
Claims (10)
1. The data processing method based on the double-factor protection is characterized by being applied to a client and comprising the following steps of:
generating a check value by taking the request protocol packet as a request parameter according to a preset algorithm;
sequencing the request parameters according to a preset rule to generate a parameter character string;
generating an encryption abstract according to the parameter character string and the check value by using an encryption function, and generating a dynamic check factor according to the check value and the encryption abstract; the encryption function is an irreversible encryption function;
generating request information according to the dynamic verification factor, and sending the request information to a server, so that the server verifies the request information according to the verification value and the encryption abstract and determines whether the request information plays back an attack or not; and after the request is successful, storing the check value into a cache.
2. The method according to claim 1, wherein the generating the check value using the request protocol packet as the request parameter according to the preset algorithm specifically includes:
the Hash value is generated by taking the request protocol packet as a request parameter according to a Hash algorithm.
3. The method according to claim 1, wherein the ordering of the request parameters according to a preset rule specifically comprises:
and ordering the request parameters according to the first letter order or the ASCII code order.
4. The data processing method based on the double-factor protection is characterized by being applied to a server and comprising the following steps of:
receiving request information sent by a client, and determining a dynamic verification factor according to the request information; the dynamic verification factor comprises a verification value and an encryption abstract;
inquiring whether the check value exists in the cache;
if the check value exists in the cache, the request information is replay attack;
and if the check value does not exist in the cache, verifying the encrypted abstract, and determining whether the request information is a replay attack or not according to a verification result.
5. The method of claim 4, wherein the verifying the encrypted digest and determining whether the request message is a replay attack according to a verification result, specifically comprises:
determining a parameter character string and a check value according to the request information, and generating a verification abstract according to the parameter character string and the check value by an encryption algorithm;
comparing the verification digest with the encrypted digest;
if the verification digest is consistent with the encrypted digest, the request message is not a replay attack;
and if the verification digest is inconsistent with the encryption digest, the request information is replay attack.
6. A data processing system based on two-factor protection, applied to a client, comprising:
the first module is used for generating a check value by taking the request protocol packet as a request parameter according to a preset algorithm;
the second module is used for sequencing the request parameters according to a preset rule to generate a parameter character string;
the third module is used for generating an encryption abstract according to the parameter character string and the check value and generating a dynamic check factor according to the check value and the encryption abstract; the encryption function is an irreversible encryption function;
a fourth module, configured to generate request information according to the dynamic verification factor, and send the request information to a server, so that the server verifies the request information according to the verification value and the encrypted digest, and determines whether the request information is subjected to replay attack; and after the request is successful, storing the check value into a cache.
7. A data processing system based on dual factor protection, applied to a server, comprising:
a fifth module, configured to receive request information sent by a client, and determine a dynamic verification factor according to the request information; the dynamic verification factor comprises a verification value and an encryption abstract;
a sixth module, configured to query whether the check value exists in the cache;
a seventh module, configured to, if the check value exists in the cache, request the information to be a replay attack;
and an eighth module, configured to verify the encrypted digest if the check value does not exist in the cache, and determine whether the request information is a replay attack according to a verification result.
8. A data processing apparatus based on dual factor protection, comprising:
at least one processor;
at least one memory for storing at least one program;
the at least one program, when executed by the at least one processor, causes the at least one processor to implement the method of any one of claims 1-3 or 4-5.
9. A computer readable storage medium, in which a processor executable program is stored, characterized in that the processor executable program is for performing the method according to any of claims 1-3 or 4-5 when being executed by a processor.
10. A data processing system based on double-factor protection is characterized by comprising a client and a server, wherein the client is in communication connection with the server,
the client being configured to implement the method of any one of claims 1-3;
the server is configured to implement the method according to any one of claims 4 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211708701.1A CN116094786A (en) | 2022-12-29 | 2022-12-29 | Data processing method, system, device and storage medium based on double-factor protection |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211708701.1A CN116094786A (en) | 2022-12-29 | 2022-12-29 | Data processing method, system, device and storage medium based on double-factor protection |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116094786A true CN116094786A (en) | 2023-05-09 |
Family
ID=86213116
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211708701.1A Pending CN116094786A (en) | 2022-12-29 | 2022-12-29 | Data processing method, system, device and storage medium based on double-factor protection |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116094786A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116668193A (en) * | 2023-07-27 | 2023-08-29 | 高新兴智联科技股份有限公司 | Communication method of terminal equipment and server of Internet of things and computer readable storage medium |
-
2022
- 2022-12-29 CN CN202211708701.1A patent/CN116094786A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116668193A (en) * | 2023-07-27 | 2023-08-29 | 高新兴智联科技股份有限公司 | Communication method of terminal equipment and server of Internet of things and computer readable storage medium |
| CN116668193B (en) * | 2023-07-27 | 2023-10-03 | 高新兴智联科技股份有限公司 | Communication method of terminal equipment and server of Internet of things and computer readable storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107749848B (en) | Internet of things data processing method and device and Internet of things system | |
| CN107135073B (en) | Interface calling method and device | |
| KR101937220B1 (en) | Method for generating and verifying a digital signature or message authentication code based on a block chain that does not require key management | |
| US10348701B2 (en) | Protecting clients from open redirect security vulnerabilities in web applications | |
| CN112202705A (en) | Digital signature verification generation and verification method and system | |
| CN108737110B (en) | Data encryption transmission method and device for preventing replay attack | |
| CN110222085B (en) | Processing method and device for certificate storage data and storage medium | |
| CN112711759A (en) | Method and system for preventing replay attack vulnerability security protection | |
| CN110943840B (en) | Signature verification method | |
| CN109379338A (en) | A kind of recognition methods of Web application system SessionID attack | |
| US7490237B1 (en) | Systems and methods for caching in authentication systems | |
| CN112688919A (en) | APP interface-based crawler-resisting method, device and medium | |
| CN111901124B (en) | Communication safety protection method and device and electronic equipment | |
| CN113676452A (en) | Replay attack resisting method and system based on one-time secret key | |
| CN116094786A (en) | Data processing method, system, device and storage medium based on double-factor protection | |
| CN112968910B (en) | Replay attack prevention method and device | |
| US7739500B2 (en) | Method and system for consistent recognition of ongoing digital relationships | |
| US20190124111A1 (en) | Responding and processing method for dnssec negative response | |
| CN112566121B (en) | Method for preventing attack, server and storage medium | |
| CN113612616A (en) | Vehicle communication method and device based on block chain | |
| CN109145543B (en) | Identity authentication method | |
| CN112149068A (en) | Access-based authorization verification method, information generation method and device, and server | |
| CN114531246A (en) | Data downloading method and device | |
| CN115442132A (en) | Method, device and storage medium for client and server data encryption transmission | |
| CN110830465B (en) | Security protection method for accessing UKey, server and client |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |