CN102208980A - Communication method and system - Google Patents
Communication method and system Download PDFInfo
- Publication number
- CN102208980A CN102208980A CN2010102631518A CN201010263151A CN102208980A CN 102208980 A CN102208980 A CN 102208980A CN 2010102631518 A CN2010102631518 A CN 2010102631518A CN 201010263151 A CN201010263151 A CN 201010263151A CN 102208980 A CN102208980 A CN 102208980A
- Authority
- CN
- China
- Prior art keywords
- token
- target side
- website
- information
- order
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Computer And Data Communications (AREA)
Abstract
The invention discloses a communication method and system. When communication is carried out between two communication parties, a safety token is produced by a target party or a third party, and a token requesting party firstly applies a token for a token issuing party, wherein the generated token comprises a token plaintext part and a ciphertext part. When communicating, the two parties only transmit the plaintext part. When the token requesting party obtains the token, the token plaintext part and related communication information are carried to the target party, the token plaintext part sent by the token requesting party is carried to the token issuing party again by the target part in order to verify whether the token is issued to the requesting party to access the target party, and the ciphertext part of the token is transmitted to the target party and then is destroyed. The information is encrypted by the target party according to the token ciphertext part, and then is sent to the requesting party, and the requesting party deciphers the information sent back by the target party according to the ciphertext part of the token. The safety of the communication process can be enhanced.
Description
Technical field
The invention belongs to the electronic communication technology field, relate to a kind of communication means, relate in particular to a kind of by obtaining the communication means of token increase fail safe; Simultaneously, the invention further relates to the communication system of above-mentioned communication means correspondence.
Background technology
Information security system under the network environment is the key that ensures information security, comprise computer security operating system, various security protocol, security mechanism (digital signature, authentification of message, data encryption etc.), until safety system, wherein any one security breaches just can threaten global safety.Information security service should comprise the basic theories of support information Network Security Service at least, and based on the Network Security Service architecture of generation information network architecture.
The mode of transmission information is a lot, and local area computer network, the Internet and distributed data base are arranged, and cellular radio is arranged, the packet switching formula is wireless, satellite television meeting, Email and other various transmission technologys.Information in storage, processing and exchange process, all exist divulge a secret or by intercept, the possibility eavesdropping, alter and forge.
The information of existing communication system transmissions is after being intercepted and captured, and the fail safe of information can't guarantee that usually the present invention can solve this type of problem.
Summary of the invention
Technical problem to be solved by this invention is: providing a kind of increases the communication means of fail safe, the fail safe that can improve communication process by obtaining token.
In addition, the present invention further provides the communication system of above-mentioned communication means correspondence, can improve the fail safe of communication process.
For solving the problems of the technologies described above, the present invention adopts following technical scheme:
A kind of communication means when communicating pair communicates, produces security token by target side or third party, and the target side of described generation security token or third party are the token issuer; The both sides that communicate are token request side, target side;
Token request side at first arrives token issuer application token, and the token of generation comprises token expressly part and ciphertext part; When both sides communicate, only transmitted the plaintext part of token between the both sides;
After the requesting party takes token, carry the plaintext part of this token and related communications to target side, target side carry again token that the requesting party sends expressly part go the token issuer, verify whether this token is the token of having provided to the supplicant access target side, by after the ciphertext of token partly is transferred to target side, token is destroyed thereupon;
Target side will carry out giving the requesting party after the encryption to information according to the token ciphertext part of receiving, the requesting party is decrypted according to the information that the ciphertext part of token is sent back to target side again, target side is again according to this information proper communication, and failure is then destroyed token and stopped communication.
As a preferred embodiment of the present invention, described token is part and all generations at random of ciphertext part expressly.
A kind of communication system, the both sides that communicate are the token request side of target side, request token;
When communicating pair communicates, produce security token by target side or third party, the target side of described generation security token or third party are the token issuer;
Token request side at first arrives token issuer application token, and the token of generation comprises token expressly part and ciphertext part; When both sides communicate, only transmitted the plaintext part of token between the both sides;
After the requesting party takes token, carry the plaintext part of this token and related communications to target side, target side carry again token that the requesting party sends expressly part go the token issuer, verify whether this token is the token of having provided to the supplicant access target side, by after the ciphertext of token partly is transferred to target side, token is destroyed thereupon;
Target side will carry out giving the requesting party after the encryption to information according to the token ciphertext part of receiving, the requesting party is decrypted according to the information that the ciphertext part of token is sent back to target side again, target side is again according to this information proper communication, and failure is then destroyed token and stopped communication.
As a preferred embodiment of the present invention, described token is part and all generations at random of ciphertext part expressly.
A kind of communication system, described system comprise administrative center, some server ends, some websites processing client;
Described administrative center connects each server end, and each server end connects its corresponding website and handles client;
Described website is handled client and is comprised:
-token application unit is in order to carry out the token application to server end when communicating by letter;
-token authentication unit in order to the token correctness is verified, guarantees the token legitimacy;
-service provides the unit, in order to be responsible for the functional interface of native system opening, the order that receives is handled, and handled by command process mechanism, after finishing dealing with, sends the request website back to;
-message queue unit is in order to be responsible for the packing and the encapsulation of content;
-message monitoring unit, in order to the order of being responsible for sending, the monitoring after the targeted sites processing is replied;
-cryptographic processing unit is in order to carry out the processing of encryption and decryption to all information that will communicate;
Server end comprises:
-token is provided the unit, in order to be responsible for each website is handled the distribution of client token; Described token comprises the user class token or/and system-level token; The user class token is assigned to respective user, and system-level token is assigned to corresponding system;
-token is destroyed the unit, targeted sites is verified token when the access services end after, the token of request website application is destroyed;
-token Buffer Pool unit is handled in order to be responsible for a plurality of tokens of same user's synchronization application, prevents that token is capped;
-unique identification apply for agency unit is applied for unique identification in order to responsible from administrative center, and the successful user data of application is stored into server end simultaneously;
-unique identification checking agent unit, in order to checking unique identification when binding, checking is duplicated user profile to server end by the back from administrative center;
Whether-checking user synchronous situation unit binds whole websites of alliance's website in order to verify same user, to reduce the pressure to server;
-user strides across the unit, under the situation of not thinking synchronous other website the user, whether the user is shown the prompt facility of binding list;
Administrative center comprises:
-unique identification is provided the unit, in order to be responsible for the uniquely identified granting of the whole network, guarantees its uniqueness;
-unique identification authentication unit is in order to the checking of the unique identification number of the account legitimacy of being responsible for the whole network;
When communicating pair communicates, produce security token by server end, described server end is the token issuer;
Token request side at first arrives token issuer application token, and the token of generation comprises token expressly part and ciphertext part; When both sides communicate, only transmitted the plaintext part of token between the both sides;
After the requesting party takes token, carry the plaintext part of this token and related communications to target side, target side carry again token that the requesting party sends expressly part go the token issuer, verify whether this token is the token of having provided to the supplicant access target side, by after the ciphertext of token partly is transferred to target side, token is destroyed thereupon;
Target side will carry out giving the requesting party after the encryption to information according to the token ciphertext part of receiving, the requesting party is decrypted according to the information that the ciphertext part of token is sent back to target side again, target side is again according to this information proper communication, and failure is then destroyed token and stopped communication.
A kind of communication means of above-mentioned communication system, described method comprises the steps:
Website is handled the client token procedure to apply, before communicating, at first by authorizing urlkey to encrypt xml after the checking of server end process, after server end is verified as legal website, provides disposable token by server end between system;
Website is handled the client token verification step, and the request website is when this website function of visit, and this website carries this token, to server end its legitimacy is verified;
Website is handled client service step is provided, native system receive the request website send request command the time, at first inquiry in the functional interface file of opening to the outside world to system, if successfully find this functional interface, system can resolve the order that receives, handle by command process mechanism, after finishing dealing with, send the request website back to;
Website is handled customer end contents packing and encapsulation step, and after website was handled request command, to information processings of packing, the information that can prevent was like this lost in transmission course, again the information after packing is encrypted encapsulation;
Website is handled client message and is monitored step, when the access destination website, send out order after, wait for that targeted sites is handled to reply, directly monitor and receive response message;
Website is handled the client encrypt treatment step, and information is before transmitting, and all information that will communicate are spared the processing that will carry out encryption and decryption;
Server end token issue step when asking website at the access destination website, at first can arrive server side de application token, and whether server end checking earlier it be the credit website, is then to provide token, otherwise the granting of refusal token; Described token comprises the user class token or/and system-level token; The user class token is assigned to respective user, and system-level token is assigned to corresponding system;
The server end token is destroyed step, targeted sites is after the command request of receiving the request website, can carry the correctness that the token that sends of request website removes server end checking token, no matter success or not system is even can destroy token, with guarantee token disposable effectively.
Server end unique identification apply for agency step, the user is not when having unique identification, can apply for unique identification, can send the application order to service centre this moment by the mode of order, and service centre then sends order according to the mode of order to administrative center equally, finishes real application, realize the granting of sign uniqueness, after applying for successfully, service centre can backup to a copy of service centre to request for data, and error message is then pointed out in failure;
Step is acted on behalf of in the checking of server end unique identification, when the user binds unique identification, client-side program can improve the checking request command to service centre, service centre examines its identity in the system of oneself earlier, examine by the back client and bind this number of the account again, after examining failure, service centre then goes checking in the mode of order to administrative center, after checking is passed through, service centre duplicates a user profile from administrative center and preserves as copy to service centre, carries out the error message prompting after the failure;
Administrative center's unique identification issue step, when the user in application during unique identification, can apply for to administrative center by each service centre, administrative center can be to the subscriber data of user's submission, carry out the uniqueness checking, after checking is passed through, information is registered to administrative center, the then relevant error message of prompting of failure;
Administrative center's unique identification verification step, when the user binds unique identification, if after service centre's checking is obstructed, carrying unique identification information by the mode of order verifies to administrative center, administrative center can compare to submitting data and existing subscriber's data of coming up to, then return after the match is successful and be proved to be successful, do not match and then return failure;
When communicating pair communicates, produce security token by server end, described server end is the token issuer;
Token request side at first arrives token issuer application token, and the token of generation comprises token expressly part and ciphertext part; When both sides communicate, only transmitted the plaintext part of token between the both sides;
After the requesting party takes token, carry the plaintext part of this token and related communications to target side, target side carry again token that the requesting party sends expressly part go the token issuer, verify whether this token is the token of having provided to the supplicant access target side, by after the ciphertext of token partly is transferred to target side, token is destroyed thereupon;
Target side will carry out giving the requesting party after the encryption to information according to the token ciphertext part of receiving, the requesting party is decrypted according to the information that the ciphertext part of token is sent back to target side again, target side is again according to this information proper communication, and failure is then destroyed token and stopped communication.
Beneficial effect of the present invention is: communication means and system that the present invention proposes, carry out mechanism in the high security transmission information by introducing disposable token, even guaranteed that information token in the process of transmission is intercepted and captured, the interceptor also can't obtain information by this token again.
Description of drawings
Fig. 1 is the composition schematic diagram of system of the present invention.
Fig. 2 is the composition schematic diagram of system of the present invention.
Fig. 3 is the composition schematic diagram of system of the present invention.
Embodiment
Describe the preferred embodiments of the present invention in detail below in conjunction with accompanying drawing.
Embodiment one
See also Fig. 1, the present invention has disclosed a kind of communication means, when communicating pair communicates, produce security token (claiming the side or the third party that produce security token to be the token issuer) here by a side or third party, the requesting party at first arrives token issuer application token, the token that produces comprises token expressly part and ciphertext part, and these two parts all are generations at random.After the requesting party takes token, carry the plaintext part of this token and other communication information to target side, target side carry again token that the requesting party sends expressly part go to provide token side, verify whether this token is the token of having provided to the supplicant access target side, by after the ciphertext of token partly is transferred to target side, token is destroyed thereupon, target side will carry out giving the requesting party after the encryption to information according to the token ciphertext part of receiving, the requesting party is decrypted according to the information that the ciphertext part of token is sent back to target side again, target side is again according to this information proper communication, failure is then destroyed token and is stopped communication, because when two communications, between only transmitted the plaintext part of token, so there is not the ciphertext part of information can't decipher even the interceptor obtains information yet.
The interceptor perhaps can be by token plaintext partly partly carry out decrypts information to the ciphertext that the token issuer removes to attempt to find token, the interceptor will face a problem again, one, the interceptor will simulate credit and can obtain token just now, even two interceptors have simulated credit side, but token is owing to destroyed when communication is finished, so the interceptor still can not obtain token ciphertext part, thus the interceptor also just can't be decrypted, thereby guaranteed the high security of message transmission.
More than introduced communication means of the present invention, the present invention has also disclosed a kind of communication system when disclosing said method; Described communication system comprises the both sides that communicate, i.e. the token request side of target side, request token.
When communicating pair communicates, produce security token by target side or third party, the target side of described generation security token or third party are the token issuer; Token request side at first arrives token issuer application token, and the token of generation comprises token expressly part and ciphertext part; When both sides communicate, only transmitted the plaintext part of token between the both sides; After the requesting party takes token, carry the plaintext part of this token and related communications to target side, target side carry again token that the requesting party sends expressly part go the token issuer, verify whether this token is the token of having provided to the supplicant access target side, by after the ciphertext of token partly is transferred to target side, token is destroyed thereupon; Target side will carry out giving the requesting party after the encryption to information according to the token ciphertext part of receiving, the requesting party is decrypted according to the information that the ciphertext part of token is sent back to target side again, target side is again according to this information proper communication, and failure is then destroyed token and stopped communication.
In sum, communication means and system that the present invention proposes carry out mechanism in the high security transmission information by introducing disposable token, even guaranteed that information token in the process of transmission is intercepted and captured, the interceptor also can't obtain information by this token again.
Embodiment two
Present embodiment discloses a kind of communication system, and this communication system is used to realize the integration of Internet resources.See also Fig. 2, described system comprises administrative center's (poly-easy identical platform among Fig. 2), some server ends (service centre among Fig. 2), some websites processing client.Described administrative center connects each server end, and each server end connects its corresponding website and handles client; Described website is handled client by corresponding with service device end connection management center, perhaps direct connection management center.Below introduce each part respectively.
[website processing client]
Described website is handled client and is comprised:
-token application unit is in order to carry out the token application to server end when communicating by letter.Before communicating, at first, after service centre is verified as legal website, provide disposable token between system by service centre by authorizing urlkey to encrypt xml after service centre's (being server end) process checking.
-token authentication unit in order to the token correctness is verified, guarantees the token legitimacy.The request website is when this website of visit function, and this website can carry this token, to service centre its legitimacy is verified.
-service provides the unit, in order to be responsible for the functional interface of native system opening, the order that receives is handled, and handled by command process mechanism, after finishing dealing with, sends the request website back to;
-message queue unit is in order to be responsible for the packing and the encapsulation of content;
-message monitoring unit, in order to the order of being responsible for sending, the monitoring after the targeted sites processing is replied;
-cryptographic processing unit is in order to carry out the processing of encryption and decryption to all information that will communicate.
[server end]
Server end comprises:
-token is provided the unit, in order to be responsible for each website is handled the distribution of client token; Described token comprises the user class token or/and system-level token; The user class token is assigned to respective user, and system-level token is assigned to corresponding system;
-token is destroyed the unit, targeted sites is verified token when the access services end after, the token of request website application is destroyed.
-unique identification apply for agency unit is applied for unique identification in order to responsible from administrative center, and user data is carried out back-up processing; Backup method can for: the application successful user data store the service end portion simultaneously into.
-unique identification checking agent unit, in order to checking unique identification when binding, checking is duplicated a user profile to service centre by the back from administrative center;
-token Buffer Pool unit is handled in order to be responsible for a plurality of tokens of same user's synchronization application, prevents that token is capped.Because the user may be at synchronization to the different target website, or same targeted sites conducts interviews, and token may be capped, and the notion in the token pond that system adopts is controlled depositing of token by pointer.
Whether-checking user synchronous situation unit binds whole websites of alliance's website in order to verify same user, to reduce the pressure to server;
-user strides across the unit, under the situation of not thinking synchronous other website the user, whether the user is shown the prompt facility of binding list.
[administrative center]
Administrative center comprises:
-unique identification is provided the unit, in order to be responsible for the uniquely identified granting of the whole network, guarantees its uniqueness;
-unique identification authentication unit is in order to the checking of the unique identification number of the account legitimacy of being responsible for the whole network.
-unique identification customer center in order to be responsible for the log-on message of the whole network, makes things convenient for the login shortcut of user from any to the whole network.
Described system produces security token by server end when communicating pair communicates, described server end is the token issuer.
Token request side at first arrives token issuer application token, and the token of generation comprises token expressly part and ciphertext part; When both sides communicate, only transmitted the plaintext part of token between the both sides.
After the requesting party takes token, carry the plaintext part of this token and related communications to target side, target side carry again token that the requesting party sends expressly part go the token issuer, verify whether this token is the token of having provided to the supplicant access target side, by after the ciphertext of token partly is transferred to target side, token is destroyed thereupon.
Target side will carry out giving the requesting party after the encryption to information according to the token ciphertext part of receiving, the requesting party is decrypted according to the information that the ciphertext part of token is sent back to target side again, target side is again according to this information proper communication, and failure is then destroyed token and stopped communication.
See also Fig. 3, Fig. 3 has disclosed a kind of communication means of above-mentioned communication system, and described method comprises the steps:
Website is handled the client token procedure to apply, before communicating, at first by authorizing urlkey to encrypt xml after the checking of server end process, after server end is verified as legal website, provides disposable token by server end between system;
Website is handled the client token verification step, and the request website is when this website function of visit, and this website carries this token, to server end its legitimacy is verified;
Website is handled client service step is provided, native system receive the request website send request command the time, at first inquiry in the functional interface file of opening to the outside world to system, if successfully find this functional interface, system can resolve the order that receives, handle by command process mechanism, after finishing dealing with, send the request website back to;
Website is handled customer end contents packing and encapsulation step, and after website was handled request command, to information processings of packing, the information that can prevent was like this lost in transmission course, again the information after packing is encrypted encapsulation;
Website is handled client message and is monitored step, when the access destination website, send out order after, wait for that targeted sites is handled to reply, directly monitor and receive response message;
Website is handled the client encrypt treatment step, and information is before transmitting, and all information that will communicate are spared the processing that will carry out encryption and decryption;
Server end token issue step when asking website at the access destination website, at first can arrive server side de application token, and whether server end checking earlier it be the credit website, is then to provide token, otherwise the granting of refusal token; Described token comprises the user class token or/and system-level token; The user class token is assigned to respective user, and system-level token is assigned to corresponding system;
The server end token is destroyed step, targeted sites is after the command request of receiving the request website, can carry the correctness that the token that sends of request website removes server end checking token, no matter success or not system is even can destroy token, with guarantee token disposable effectively.
Server end unique identification apply for agency step, the user is not when having unique identification, can apply for unique identification, can send the application order to service centre this moment by the mode of order, and service centre then sends order according to the mode of order to administrative center equally, finishes real application, realize the granting of sign uniqueness, after applying for successfully, service centre can backup to a copy of service centre to request for data, and error message is then pointed out in failure;
Step is acted on behalf of in the checking of server end unique identification, when the user binds unique identification, client-side program can improve the checking request command to service centre, service centre examines its identity in the system of oneself earlier, examine by the back client and bind this number of the account again, after examining failure, service centre then goes checking in the mode of order to administrative center, after checking is passed through, service centre duplicates a user profile from administrative center and preserves as copy to service centre, carries out the error message prompting after the failure;
Administrative center's unique identification issue step, when the user in application during unique identification, can apply for to administrative center by each service centre, administrative center can be to the subscriber data of user's submission, carry out the uniqueness checking, after checking is passed through, information is registered to administrative center, the then relevant error message of prompting of failure;
Administrative center's unique identification verification step, when the user binds unique identification, if after service centre's checking is obstructed, carrying unique identification information by the mode of order verifies to administrative center, administrative center can compare to submitting data and existing subscriber's data of coming up to, then return after the match is successful and be proved to be successful, do not match and then return failure.
When communicating pair communicates, produce security token by server end, described server end is the token issuer.
Token request side at first arrives token issuer application token, and the token of generation comprises token expressly part and ciphertext part; When both sides communicate, only transmitted the plaintext part of token between the both sides.
After the requesting party takes token, carry the plaintext part of this token and related communications to target side, target side carry again token that the requesting party sends expressly part go the token issuer, verify whether this token is the token of having provided to the supplicant access target side, by after the ciphertext of token partly is transferred to target side, token is destroyed thereupon.
Target side will carry out giving the requesting party after the encryption to information according to the token ciphertext part of receiving, the requesting party is decrypted according to the information that the ciphertext part of token is sent back to target side again, target side is again according to this information proper communication, and failure is then destroyed token and stopped communication.
Here description of the invention and application is illustrative, is not to want with scope restriction of the present invention in the above-described embodiments.Here the distortion of disclosed embodiment and change are possible, and the various parts of the replacement of embodiment and equivalence are known for those those of ordinary skill in the art.Those skilled in the art are noted that under the situation that does not break away from spirit of the present invention or substantive characteristics, and the present invention can be with other form, structure, layout, ratio, and realize with other assembly, material and parts.Under the situation that does not break away from the scope of the invention and spirit, can carry out other distortion and change here to disclosed embodiment.
Claims (6)
1. communication means is characterized in that:
When communicating pair communicates, produce security token by target side or third party, the target side of described generation security token or third party are the token issuer; The both sides that communicate are token request side, target side;
Token request side at first arrives token issuer application token, and the token of generation comprises token expressly part and ciphertext part; When both sides communicate, only transmitted the plaintext part of token between the both sides;
After the requesting party takes token, carry the plaintext part of this token and related communications to target side, target side carry again token that the requesting party sends expressly part go the token issuer, verify whether this token is the token of having provided to the supplicant access target side, by after the ciphertext of token partly is transferred to target side, token is destroyed thereupon;
Target side will carry out giving the requesting party after the encryption to information according to the token ciphertext part of receiving, the requesting party is decrypted according to the information that the ciphertext part of token is sent back to target side again, target side is again according to this information proper communication, and failure is then destroyed token and stopped communication.
2. communication means according to claim 1 is characterized in that:
Described token is part and all generations at random of ciphertext part expressly.
3. communication system is characterized in that: the both sides that communicate are the token request side of target side, request token;
When communicating pair communicates, produce security token by target side or third party, the target side of described generation security token or third party are the token issuer;
Token request side at first arrives token issuer application token, and the token of generation comprises token expressly part and ciphertext part; When both sides communicate, only transmitted the plaintext part of token between the both sides;
After the requesting party takes token, carry the plaintext part of this token and related communications to target side, target side carry again token that the requesting party sends expressly part go the token issuer, verify whether this token is the token of having provided to the supplicant access target side, by after the ciphertext of token partly is transferred to target side, token is destroyed thereupon;
Target side will carry out giving the requesting party after the encryption to information according to the token ciphertext part of receiving, the requesting party is decrypted according to the information that the ciphertext part of token is sent back to target side again, target is more earlier according to this information proper communication, and failure is then destroyed token and stopped communication.
4. communication system according to claim 3 is characterized in that:
Described token is part and all generations at random of ciphertext part expressly.
5. communication system, described system comprise that administrative center, some server ends, some websites handle client;
Described administrative center connects each server end, and each server end connects its corresponding website and handles client;
Described website is handled client and is comprised:
-token application unit is in order to carry out the token application to server end when communicating by letter;
-token authentication unit in order to the token correctness is verified, guarantees the token legitimacy;
-service provides the unit, in order to be responsible for the functional interface of native system opening, the order that receives is handled, and handled by command process mechanism, after finishing dealing with, sends the request website back to;
-message queue unit is in order to be responsible for the packing and the encapsulation of content;
-message monitoring unit, in order to the order of being responsible for sending, the monitoring after the targeted sites processing is replied;
-cryptographic processing unit is in order to carry out the processing of encryption and decryption to all information that will communicate;
Server end comprises:
-token is provided the unit, in order to be responsible for each website is handled the distribution of client token; Described token comprises the user class token or/and system-level token; The user class token is assigned to respective user, and system-level token is assigned to corresponding system;
-token is destroyed the unit, targeted sites is verified token when the access services end after, the token of request website application is destroyed;
-token Buffer Pool unit is handled in order to be responsible for a plurality of tokens of same user's synchronization application, prevents that token is capped;
-unique identification apply for agency unit is applied for unique identification in order to responsible from administrative center, and the successful user data of application is stored into server end simultaneously;
-unique identification checking agent unit, in order to checking unique identification when binding, checking is duplicated user profile to server end by the back from administrative center;
Whether-checking user synchronous situation unit binds whole websites of alliance's website in order to verify same user, to reduce the pressure to server;
-user strides across the unit, under the situation of not thinking synchronous other website the user, whether the user is shown the prompt facility of binding list;
Administrative center comprises:
-unique identification is provided the unit, in order to be responsible for the uniquely identified granting of the whole network, guarantees its uniqueness;
-unique identification authentication unit is in order to the checking of the unique identification number of the account legitimacy of being responsible for the whole network;
When communicating pair communicates, produce security token by server end, described server end is the token issuer;
Token request side at first arrives token issuer application token, and the token of generation comprises token expressly part and ciphertext part; When both sides communicate, only transmitted the plaintext part of token between the both sides;
After the requesting party takes token, carry the plaintext part of this token and related communications to target side, target side carry again token that the requesting party sends expressly part go the token issuer, verify whether this token is the token of having provided to the supplicant access target side, by after the ciphertext of token partly is transferred to target side, token is destroyed thereupon;
Target side will carry out giving the requesting party after the encryption to information according to the token ciphertext part of receiving, the requesting party is decrypted according to the information that the ciphertext part of token is sent back to target side again, target is more earlier according to this information proper communication, and failure is then destroyed token and stopped communication.
6. the communication means of the described communication system of claim 5 is characterized in that, described method comprises the steps:
Website is handled the client token procedure to apply, before communicating, at first by authorizing urlkey to encrypt xml after the checking of server end process, after server end is verified as legal website, provides disposable token by server end between system;
Website is handled the client token verification step, and the request website is when this website function of visit, and this website carries this token, to server end its legitimacy is verified;
Website is handled client service step is provided, native system receive the request website send request command the time, at first inquiry in the functional interface file of opening to the outside world to system, if successfully find this functional interface, system can resolve the order that receives, handle by command process mechanism, after finishing dealing with, send the request website back to;
Website is handled customer end contents packing and encapsulation step, and after website was handled request command, to information processings of packing, the information that can prevent was like this lost in transmission course, again the information after packing is encrypted encapsulation;
Website is handled client message and is monitored step, when the access destination website, send out order after, wait for that targeted sites is handled to reply, directly monitor and receive response message;
Website is handled the client encrypt treatment step, and information is before transmitting, and all information that will communicate are spared the processing that will carry out encryption and decryption;
Server end token issue step when asking website at the access destination website, at first can arrive server side de application token, and whether server end checking earlier it be the credit website, is then to provide token, otherwise the granting of refusal token; Described token comprises the user class token or/and system-level token; The user class token is assigned to respective user, and system-level token is assigned to corresponding system;
The server end token is destroyed step, targeted sites is after the command request of receiving the request website, can carry the correctness that the token that sends of request website removes server end checking token, no matter success or not system is even can destroy token, with guarantee token disposable effectively.
Server end unique identification apply for agency step, the user is not when having unique identification, can apply for unique identification, can send the application order to service centre this moment by the mode of order, and service centre then sends order according to the mode of order to administrative center equally, finishes real application, realize the granting of sign uniqueness, after applying for successfully, service centre can backup to a copy of service centre to request for data, and error message is then pointed out in failure;
Step is acted on behalf of in the checking of server end unique identification, when the user binds unique identification, client-side program can improve the checking request command to service centre, service centre examines its identity in the system of oneself earlier, examine by the back client and bind this number of the account again, after examining failure, service centre then goes checking in the mode of order to administrative center, after checking is passed through, service centre duplicates a user profile from administrative center and preserves as copy to service centre, carries out the error message prompting after the failure;
Administrative center's unique identification issue step, when the user in application during unique identification, can apply for to administrative center by each service centre, administrative center can be to the subscriber data of user's submission, carry out the uniqueness checking, after checking is passed through, information is registered to administrative center, the then relevant error message of prompting of failure;
Administrative center's unique identification verification step, when the user binds unique identification, if after service centre's checking is obstructed, carrying unique identification information by the mode of order verifies to administrative center, administrative center can compare to submitting data and existing subscriber's data of coming up to, then return after the match is successful and be proved to be successful, do not match and then return failure;
When communicating pair communicates, produce security token by server end, described server end is the token issuer;
Token request side at first arrives token issuer application token, and the token of generation comprises token expressly part and ciphertext part; When both sides communicate, only transmitted the plaintext part of token between the both sides;
After the requesting party takes token, carry the plaintext part of this token and related communications to target side, target side carry again token that the requesting party sends expressly part go the token issuer, verify whether this token is the token of having provided to the supplicant access target side, by after the ciphertext of token partly is transferred to target side, token is destroyed thereupon;
Target side will carry out giving the requesting party after the encryption to information according to the token ciphertext part of receiving, the requesting party is decrypted according to the information that the ciphertext part of token is sent back to target side again, target side is again according to this information proper communication, and failure is then destroyed token and stopped communication.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010102631518A CN102208980A (en) | 2010-08-24 | 2010-08-24 | Communication method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010102631518A CN102208980A (en) | 2010-08-24 | 2010-08-24 | Communication method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102208980A true CN102208980A (en) | 2011-10-05 |
Family
ID=44697654
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2010102631518A Pending CN102208980A (en) | 2010-08-24 | 2010-08-24 | Communication method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102208980A (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103023657A (en) * | 2012-12-26 | 2013-04-03 | 武汉天喻信息产业股份有限公司 | Security verification system based on distributed network transaction |
| CN103312686A (en) * | 2012-03-12 | 2013-09-18 | 索尼公司 | Digital rights management for live streaming based on trusted relationships |
| CN103491100A (en) * | 2013-09-30 | 2014-01-01 | 中国科学院计算技术研究所 | System for establishing token association relationship between multiple parties |
| CN105491001A (en) * | 2015-05-14 | 2016-04-13 | 瑞数信息技术(上海)有限公司 | Secure communication method and device |
| CN103491100B (en) * | 2013-09-30 | 2016-11-30 | 中国科学院计算技术研究所 | A kind of system building token association relationship between in many ways |
| CN108243188A (en) * | 2017-12-29 | 2018-07-03 | 中链科技有限公司 | A kind of interface access, interface calling and interface authentication processing method and device |
| US10142297B2 (en) | 2015-05-14 | 2018-11-27 | River Security Inc. | Secure communication method and apparatus |
-
2010
- 2010-08-24 CN CN2010102631518A patent/CN102208980A/en active Pending
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103312686A (en) * | 2012-03-12 | 2013-09-18 | 索尼公司 | Digital rights management for live streaming based on trusted relationships |
| CN103023657A (en) * | 2012-12-26 | 2013-04-03 | 武汉天喻信息产业股份有限公司 | Security verification system based on distributed network transaction |
| CN103023657B (en) * | 2012-12-26 | 2015-04-15 | 武汉天喻信息产业股份有限公司 | Security verification system based on distributed network transaction |
| CN103491100A (en) * | 2013-09-30 | 2014-01-01 | 中国科学院计算技术研究所 | System for establishing token association relationship between multiple parties |
| CN103491100B (en) * | 2013-09-30 | 2016-11-30 | 中国科学院计算技术研究所 | A kind of system building token association relationship between in many ways |
| CN105491001A (en) * | 2015-05-14 | 2016-04-13 | 瑞数信息技术(上海)有限公司 | Secure communication method and device |
| CN105491001B (en) * | 2015-05-14 | 2017-02-22 | 瑞数信息技术(上海)有限公司 | Secure communication method and device |
| US10142297B2 (en) | 2015-05-14 | 2018-11-27 | River Security Inc. | Secure communication method and apparatus |
| CN108243188A (en) * | 2017-12-29 | 2018-07-03 | 中链科技有限公司 | A kind of interface access, interface calling and interface authentication processing method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104767731B (en) | A kind of Restful move transactions system identity certification means of defence | |
| CN1701561B (en) | Authentication system based on address, device thereof, and program | |
| JP4674044B2 (en) | System and method for providing a key management protocol that allows a client to verify authorization | |
| CN100580657C (en) | Distributed single sign-on service | |
| CN101719250B (en) | Payment authentication method, platform and system | |
| CN109660485A (en) | A kind of authority control method and system based on the transaction of block chain | |
| CN102209046A (en) | Network resource integration system and method | |
| CN101772024B (en) | User identification method, device and system | |
| CN103229452A (en) | Mobile handset identification and communication authentication | |
| CN104506534A (en) | Safety communication secret key negotiation interaction scheme | |
| CN111049835B (en) | Unified identity management system of distributed public certificate service network | |
| CN101534192B (en) | System used for providing cross-domain token and method thereof | |
| JP2005505991A (en) | Method and system for providing client privacy when content is requested from a public server | |
| CN102098317A (en) | Data transmitting method and system applied to cloud system | |
| CN101090316A (en) | Identify authorization method between storage card and terminal equipment at off-line state | |
| CN112565294B (en) | Identity authentication method based on block chain electronic signature | |
| CN108769029A (en) | It is a kind of to application system authentication device, method and system | |
| CN102208980A (en) | Communication method and system | |
| CN114390524B (en) | Method and device for realizing one-key login service | |
| CN100450305C (en) | Safety service communication method based on general authentification frame | |
| CN100499453C (en) | Method of the authentication at client end | |
| EP3664363B1 (en) | Device and method for processing public key of user in communication system that includes a plurality of nodes | |
| CN108965266B (en) | User-to-User identity authentication system and method based on group key pool and Kerberos | |
| CN101437228B (en) | Method, apparatus and system for implementing wireless business based on smart card | |
| CN106453259A (en) | Internet finance safety link realization method based on block chaining encryption technology |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| DD01 | Delivery of document by public notice |
Addressee: Jinan Jooyea Information Technology Co.,Ltd. Fang Dongmei Document name: Notification of Publication of the Application for Invention |
|
| DD01 | Delivery of document by public notice |
Addressee: Jinan Jooyea Information Technology Co.,Ltd. Document name: Notification of before Expiration of Request of Examination as to Substance |
|
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20111005 |