CN102624740A - Data interaction method, client and server - Google Patents

Data interaction method, client and server Download PDF

Info

Publication number
CN102624740A
CN102624740A CN2012100913256A CN201210091325A CN102624740A CN 102624740 A CN102624740 A CN 102624740A CN 2012100913256 A CN2012100913256 A CN 2012100913256A CN 201210091325 A CN201210091325 A CN 201210091325A CN 102624740 A CN102624740 A CN 102624740A
Authority
CN
China
Prior art keywords
data
timestamp
client
user
checking
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN2012100913256A
Other languages
Chinese (zh)
Other versions
CN102624740B (en
Inventor
吴浩
张鹏翼
任寰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Qihoo Technology Co Ltd
Original Assignee
Qizhi Software Beijing Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Qizhi Software Beijing Co Ltd filed Critical Qizhi Software Beijing Co Ltd
Priority to CN201210091325.6A priority Critical patent/CN102624740B/en
Publication of CN102624740A publication Critical patent/CN102624740A/en
Application granted granted Critical
Publication of CN102624740B publication Critical patent/CN102624740B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Storage Device Security (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention provides a data interaction method, a client and a server, so as to solve the problems of requested replaying and client computer safety that cannot be solved by adopting HTTPS (Hyper Text Transfer Protocol Secure) technique. The method comprises the following steps: obtaining a timestamp from a service terminal; sending the first identifying information of a user, the timestamp and verifying data generated according to the first identifying information of the user and the timestamp to the service terminal; obtaining certified data encrypted by the service terminal, wherein the certified data comprises the encrypted data generated for the timestamp and second identifying information of the user; and using the certified data to access the service terminal. According to the method provided by the invention, HTTPS encryption and improved MD5 are used together while the encryptions at the client and service terminal are adopted, so that the possibility of distorting and falsifying data at 'end' and 'path' is efficiently avoided. Besides, the timeliness control is performed on interface calling by using effective time through the timestamp, so that the data damage risk caused by recording and largely replaying a user request is efficiently avoided.

Description

A kind of data interactive method and client, server
Technical field
The application relates to network communications technology field, particularly relates to a kind of data interactive method and client, server based on data integrity and confidentiality.
Background technology
At present, a large amount of client-side program adopt the http protocol and the service end of standard to carry out communication.
HTTP is the abbreviation of Hyper Text Transfer Protocol (HTTP).Its development is w3c (World Wide Web Consortium) and Internet work group IETF (Internet Engineering Task Force) result of the joint efforts; They have finally issued a series of RFC (Request For Comments); RFC 1945 has defined the HTTP/1.0 version, and wherein foremost is exactly RFC 2616.RFC 2616 has defined a version---the HTTP1.1 that generally uses today.Http protocol is the transportation protocol that is used for from www server transmission hypertext to local browser, and it can make browser more efficient, and Network Transmission is reduced.It guarantees that not only computer correctly transmits hypertext document apace, also confirms which part in the transferring documents, and which partial content at first shows (like text prior to figure) etc.HTTP is an application layer protocol, constitutes by request and response, and be the client-server model of a standard.HTTP is a stateless agreement.
Client is generally carried out communication with mode as shown in Figure 1 and server: user end to server is initiated a HTTP request, and server returns a http response to this client after receiving this HTTP request again.
The possibility that all there is forgery in data in above-mentioned request and the response process, steals, resets and damages.In order to prevent that data are stolen in transmission course, generally adopt the HTTPS host-host protocol.HTTPS is the abbreviation of Hypertext Transfer Protocol Secure (combination of HTTP and SSL (Secure Sockets Layer secure transfer protocol)); Its main thought is on unsafe network, to create a safe lane; And when using suitable encryption external member and server certificate and can be trusted, reasonably protection is provided to eavesdropping and internuncial attack by checking.
The trust of HTTPS is inherited based on the certification authority (like VeriSign, Microsoft etc.) (meaning i.e. " my trusted certificate issuing organization let me know should be trusted ") that is installed in advance in the browser.Therefore, the HTTPS to certain website connects and can be trusted, and and if only if:
The user believes that their browser correctly realized HTTPS and correct certification authority has been installed;
The user believes that certification authority only trusts legal website;
The website of being visited provides an effective certificate, anticipates promptly, and it is (most of browser can give a warning to invalid certificate) of being signed and issued by the certification authority that a quilt is trusted;
This certificate has correctly been verified the website visited (like, visit https: //received the certificate of giving " Example Inc. " rather than other tissue during example);
Perhaps relevant node is credible on the Internet, and perhaps the user believes that the encryption layer (TLS or SSL) of this agreement can not be destroyed by the listener-in.
But, merely use the data communication between HTTPS technology secrecy client and the service end, though solved the safety problem on the data path, can not solve the playback and the client computer security problems of request.
Summary of the invention
The application provides a kind of data interactive method and client, server, uses the HTTPS technology can't solve the playback of request and the problem of client computer safety to solve.
In order to address the above problem, the application discloses a kind of data interactive method, comprising:
Obtain timestamp from service end;
User's first identification information, timestamp and the checking data that generates according to said user's first identification information, timestamp are sent to service end;
Obtain the verify data of encrypting through service end, said verify data comprises the enciphered data to this timestamp and the generation of user's second identification information;
Use said verify data access services end.
Preferably, the said verify data of encrypting through service end of obtaining comprises:
After the checking of service end to said checking data, obtain verify data from service end through encrypting, wherein said verify data comprises the enciphered data to this timestamp and the generation of user's second identification information.
Preferably, said according to user's first identification information and timestamp generation checking data, comprising:
User's first identification information, timestamp and timestamp subtracted 1 value and carry out information-digest calculations, and with result of calculation as checking data.
Preferably, said user's first identification information comprises the checking string of user profile and user profile.
Preferably, said user's first identification information sends to this client in client login back by service end.
Preferably, the said verify data access services of said use end comprises:
Said verify data is sent to the corresponding function interface of service end;
When through after the checking of service end to this verify data, call the corresponding function interface of service end.
Preferably, the said verify data access services of said use end also comprises:
The operating data that will transmit combines said timestamp to carry out information-digest calculations, and result of calculation is sent to the corresponding function interface of service end;
When through after the checking of service end to this result of calculation, call the corresponding function interface of service end and carry out data manipulation.
Preferably, said user's second identification information comprises ID.
The application also provides a kind of data interactive method, comprising:
Answer the client-requested transmitting time to stab client;
Receive the checking data comprise user's first identification information and timestamp from client, and said user first identification information and timestamp, and said checking data is verified;
After checking is passed through, generate the verify data through encrypting, said verify data comprises the enciphered data to this timestamp and the generation of user's second identification information, and said verify data is sent to client;
Receive the verify data that client is sent, and said verify data is verified.
Preferably, said said checking data is verified, being comprised:
User's first identification information, timestamp and the timestamp that receives from client subtracted 1 value and carry out information-digest calculations;
Result of calculation and said checking data are compared,, confirm that then this client is legal if identical; If different, confirm that then this client is illegal.
Preferably, if this client is legal, then said said checking data is verified also comprises:
Confirm that timestamp that client sends is whether in the effective time scope, if then checking is passed through; If overtime, then checking is not passed through.
Preferably, the verify data of said generation through encrypting comprises:
User's second identification information and said timestamp are carried out the computations first time, and the general's result of calculation first time is as first enciphered message;
User's second identification information, said timestamp and first enciphered message are carried out the computations second time, and incite somebody to action the verify data that the second time, result of calculation was encrypted as said process.
Preferably, the said computations use CRC first time is calculated;
Said computations use second time encrypted signature calculates, symmetric cryptography calculates or asymmetric encryption calculates.
Preferably, said said verify data is verified, being comprised:
Use corresponding deciphering to calculate the verify data that client is sent and decipher, the deciphering back obtains user's second identification information, said timestamp and said first enciphered message;
User's second identification information that deciphering is obtained and said timestamp carry out described first time of computations, and result of calculation and said first enciphered message that will encrypt for the first time compare, if identical, confirm that then said first enciphered message is not distorted; If different, confirm that then said first enciphered message is distorted.
Preferably, if do not distorted, then also comprise:
Confirm that timestamp that said deciphering obtains is whether in the effective time scope, if then checking is passed through; If overtime, then checking is not passed through.
Preferably, if the checking of verify data is passed through, then also comprise:
Operating data and said timestamp that client is transmitted carry out information-digest calculations;
Information-digest calculations result that result of calculation and client are transmitted compares, if identical, then said operating data is not distorted in transmission course; If different, then said operating data is distorted in transmission course.
The application also provides a kind of client of data interaction, comprising:
The timestamp acquisition module is used to obtain the timestamp from service end;
The checking data generation module is used for user's first identification information, timestamp and the checking data that generates according to said user's first identification information, timestamp are sent to service end;
The verify data acquisition module is used to obtain the verify data of encrypting through service end, and said verify data comprises the enciphered data to this timestamp and the generation of user's second identification information;
Function allocating module is used to use said verify data access services end.
Preferably, said verify data acquisition module obtains the verify data through encrypting when through after the checking of service end to checking data from service end.
Preferably, said checking data generation module subtracts 1 value to user's first identification information, timestamp and timestamp and carries out information-digest calculations, and with result of calculation as checking data.
Preferably, said user's first identification information comprises the checking string of user profile and user profile.
Preferably, said user's first identification information sends to this client in client login back by service end.
Preferably, said function allocating module sends to the corresponding function interface of service end with said verify data, when through after the checking of service end to this verify data, calls the corresponding function interface of service end and carries out data manipulation.
Preferably; The operating data that said function allocating module also is used for transmitting combines said timestamp to carry out information-digest calculations; And result of calculation sent to the corresponding function interface of service end; When through after the checking of service end to this result of calculation, call the corresponding function interface of service end and carry out data manipulation.
Preferably, said user's second identification information comprises ID.
The application also provides a kind of server of data interaction, comprising:
The timestamp sending module is used to answer the client-requested transmitting time to stab client;
The checking data authentication module is used for receiving the checking data that comprises user's first identification information and timestamp from client, and said user first identification information and timestamp, and said checking data is verified;
The verify data generation module after being used for checking and passing through, generates the verify data through encrypting, and said verify data comprises the enciphered data of this timestamp with the generation of user's second identification information, and said verify data is sent to client;
The verify data authentication module is used to receive the verify data that client is sent, and said verify data is verified.
Preferably, said checking data authentication module comprises:
Information-digest calculations submodule is used for that user's first identification information, timestamp and the timestamp that receives from client subtracted 1 value and carries out information-digest calculations;
The comparer module is used for result of calculation and said checking data are compared, if identical, confirms that then this client is legal; If different, confirm that then this client is illegal.
Preferably, if this client is legal, then said checking data authentication module also comprises:
Overtime decision sub-module is used to confirm that timestamp that client sends is whether in the effective time scope, if then checking is passed through; If overtime, then checking is not passed through.
Preferably, said verify data generation module comprises:
The first computations submodule is used for user's second identification information and said timestamp are carried out the computations first time, and the general's result of calculation first time is as first enciphered message;
The second computations submodule is used for user's second identification information, said timestamp and first enciphered message are carried out the computations second time, and incites somebody to action the verify data that the second time, result of calculation was encrypted as said process.
Preferably, the said computations use CRC first time is calculated;
Said computations use second time encrypted signature calculates, symmetric cryptography calculates or asymmetric encryption calculates.
Preferably, said verify data authentication module comprises:
The deciphering submodule is used to use corresponding deciphering to calculate the verify data that client is sent and carries out corresponding deciphering, and the deciphering back obtains user's second identification information, said timestamp and said first enciphered message;
Computations submodule, user's second identification information that is used for deciphering is obtained and said timestamp carry out described first time of computations;
The comparer module is used for the result of calculation and said first enciphered message of encrypting are for the first time compared, if identical, confirms that then said first enciphered message is not distorted; If different, confirm that then said first enciphered message is distorted.
Preferably, if do not distorted, then said verify data authentication module also comprises:
Overtime decision sub-module is used to confirm that timestamp that said deciphering obtains is whether in the effective time scope, if then checking is passed through; If overtime, then checking is not passed through.
Preferably, if the checking of verify data is passed through, then also comprise:
The data integrity authentication module; The operating data and the said timestamp that are used for client is transmitted carry out information-digest calculations; And information-digest calculations result that result of calculation and client transmit compared, if identical, then said operating data is not distorted in transmission course; If different, then said operating data is distorted in transmission course.
Compared with prior art, the application comprises following advantage:
At first; The application has been used in combination HTTPS and has encrypted and improved MD5 (Message-Digest Algorithm v5; Md5-challenge the 5th edition); Adopted client and service end two places to encrypt simultaneously, evaded at " end " reaching the possibility of distorting on " path " effectively with data falsification.
Secondly, use the effective time docking port to call and carry out ageing control, evaded effectively user's request recorded and reset in a large number and cause the danger of data corruption through timestamp.
Once more, in the process of transmission data the data binding time is stabbed generation MD5, when guaranteeing data integrity, guarantee that data are not forged.
Certainly, arbitrary product of enforcement the application not necessarily need reach above-described all advantages simultaneously.
Description of drawings
Fig. 1 is the sketch map of client and server communication in the prior art;
Fig. 2 is a typical HTTPS communication process sketch map in the prior art;
Fig. 3 is the said a kind of exchange method sketch map based on data integrity and confidentiality of the application embodiment;
Fig. 4 is the process chart of the said client of the application embodiment in reciprocal process;
Fig. 5 is the process chart of the said service end of the application embodiment in reciprocal process;
Fig. 6 is that the application embodiment is said a kind of based on data integrity and the mutual client terminal structure figure of confidentiality;
Fig. 7 is that the application embodiment is said a kind of based on data integrity and the mutual server architecture figure of confidentiality.
Embodiment
For above-mentioned purpose, the feature and advantage that make the application can be more obviously understandable, the application is done further detailed explanation below in conjunction with accompanying drawing and embodiment.
In the prior art, a typical HTTPS communication process is as shown in Figure 2:
Wherein, Client representes client, and Server representes server, and the communication step between client and the server is following:
1, client is sent handshake request;
2, service end obtains the SSL encryption key, comprises PKI and private key;
3, service end is returned the SSL encrypted public key;
4, client inspection PKI validity if PKI is effective, generates KEY at random, and uses public-key and encrypt this KEY at random; If PKI is invalid, warning then;
5, client is sent and is encrypted KEY to service end;
6, service end uses private key to decipher encrypting KEY, obtains KEY at random, and uses KEY that return data is encrypted;
7, service end is returned data encrypted;
8, client uses the KEY at random that oneself generates that data are deciphered.
Based on above process, client and the service end data in communication are encrypted, avoided data in transmission course, to be stolen.
But, merely use the data communication between HTTPS technology secrecy client and the service end, can not solve the playback and the client computer security problems of request.
For example, if the stealer uses the correlation technique of similar " wooden horse " on the computer of client place, still can and obtain the data decryption between client and service end.Reason is following:
HTTPS is in carrying out encrypted process, and client needs to generate " random Key " (random key), and uses the certificate (PKI) of service end response to encrypt.This process is transparent to client itself, therefore uses the wooden horse technology to implant client, and the acquisition process of complete monitoring certificate before data are sent or after receiving, uses the certificate of intercepting and capturing (PKI) that data are carried out encryption and decryption.In other words, simulant-client is next mutual with service end fully for the wooden horse of implantation client.
Again for example, if the assailant records and a large amount of playback client request, possibly cause the service end user data to damage.Reason is following:
For each request of client, think all and accomplished a particular functionality that like " writing down a URL ", " uploading a database " etc., these functions and user's operation is closely bound up.Though having used HTTPS data itself is encrypted; Make that data can not be stolen on link; But the assailant of malice may record same data; And repeat in large quantities same data to be sent to service end, service end receives under unwitting situation and has handled " request ", caused data redundancy, lose even destroy.In like manner, the assailant of malice can also record the service end response, sends to client, thereby client is impacted.
Based on above analysis to prior art, the application proposes a kind of exchange method based on data integrity and confidentiality, has been used in combination the HTTPS encryption technology, and adopts improved MD5 to generate verification, guarantees whole data transmission procedure safety, stable; Also use service end encrypting and authenticating string, avoid client directly to kidnap the wooden horse of data, thereby greatly reduce the possibility of forging altered data, guaranteed correctness, the integrality of transfer of data simultaneously.
Through embodiment the realization flow of the said method of the application is elaborated below.
With reference to Fig. 3, be the said a kind of exchange method sketch map of the application embodiment based on data integrity and confidentiality.
Step 301, client is stabbed the request of obtaining to service end timestamp interface transmitting time;
Step 302, service end timestamp interface stabs to the client return time;
Step 303, client generates the MD5 check strings with customer data QT polyphone with timestamp together, and QT string, timestamp, MD5 check strings are sent to the server side authentication interface;
Step 304, server side authentication interface verify said MD5 check strings, and confirm that timestamp that client sends in the effective time scope, generates the authentication string of encrypting then and returns to client;
Step 305, client use said authentication string to call each functional interface of service end, like the service end functional interface 1 among the figure, service end functional interface 2, service end functional interface 3 etc.
Simultaneously, client also will be transmitted data and carry out together sending after MD5 calculates.
Wherein, timestamp interface, authentication interface and the functional interface of service end can be arranged on the same server, also can be arranged on the different server, but all belong to the interface of service end.
Below through Fig. 4 and Fig. 5, respectively from the handling process of client and two aspects of service end illustrated in detail Fig. 3.
For client:
With reference to shown in Figure 4, be the process chart of the said client of the application embodiment in reciprocal process.
Step 401, client are obtained the timestamp from service end;
The mode that the client acquisition time stabs can have multiple, like following three kinds of enumerating:
(1) request NTP network standard time stamp server;
NTP is the abbreviation of Network Time Protocol, the expression NTP.
This NTP network standard time stamp server provides the standard time accurately, can get access to the standard time from this server.Details can be referring to following network address:
http://support.ntp.org/bin/view/Servers/WebHome
(2), and obtain Windows system time after the calibration as timestamp with step calibration Windows system time;
(3) special purpose interface provides Linux timestamp.
For example, the service end timestamp interface among Fig. 3 is a special purpose interface, and client can be stabbed from this service end timestamp interface acquisition time.
In order to reduce the difficulty that acquisition time stabs, present embodiment preferably adopts above-mentioned (3) kind mode.
Step 402 generates checking data with user's first identification information and said timestamp, and said user's first identification information, timestamp and checking data is sent to service end;
Above-mentioned user's first identification information comprises the checking string of user profile and user profile, and user's first identification information can be expressed as QT string shown in Figure 3.QT string is the one section text data of checking string that has attached user's information and user profile, generally sends to this client in client login back by service end.Wherein, user profile comprises information such as user name that the user logins, password, and the checking string of user profile is to generate according to user profile such as user name, passwords.Service end is logined the back the user and is generated the QT string, and issues the user.
The QT that use has attached user profile and user profile checking string goes here and there and representes user's first identification information, can make user's first identification information more complicated, has increased the difficulty that malicious attacker is stolen.Certainly, except that showing with the QT string list user's first identification information, above-mentioned user's first identification information also can have other representations.
Client generates checking data with user's first identification information and said timestamp after having obtained timestamp, this generating mode can have multiple, if adopt the md5 algorithm, the checking data that then generates is the MD5 check strings:
MD5 check strings=md5 (timestamp+user's first identification information+(timestamp-1))
If shown in user's first identification information be expressed as QT string, then:
MD5 check strings=md5 (timestamp+QT string+(timestamp-1))
The implication of aforementioned calculation formulate is: user's first identification information (like QT string), timestamp and timestamp are subtracted 1 value and carry out information-summary (md5) calculating, and with result of calculation (MD5 check strings) as checking data.
Md5 is a kind of Hash hashing algorithm to data, and when change took place data, this md5 value necessarily changed thereupon, does not promptly have two parts of different data in theory but the consistent situation of its md5.Therefore use md5 to data to verify to guarantee data in transmission course, can not damage.
And md5 is a public algorithm, so directly additional md5 to data is easy to be cracked; Behind assailant's altered data,, generate an additional verification equally, cause the service end verification to lose meaning according to disclosed algorithm.
Therefore, the application embodiment is that " timestamp+QT string+(timestamp-1) " carried out md5 when selecting the md5 algorithm, adopts the md5 algorithm even the assailant knows, but is difficult to know to which concrete The data md5.So present embodiment is a kind of preferred mode, has increased the difficulty that the assailant steals, forges greatly.Certainly, except that the md5 algorithm, also can adopt other AESs that user's first identification information (QT string) and timestamp are carried out encryption.
Then, client sends to the server side authentication interface with this checking data (MD5 check strings), user's first identification information (QT string) and timestamp, to obtain the verify data through encrypting.
Step 403 is obtained the verify data of encrypting through service end, and said verify data comprises the enciphered data to this timestamp and the generation of user's second identification information;
Wherein, the said verify data of obtaining through encrypting specifically comprises:
After this client is passed through the checking of service end to checking data, obtain verify data through encrypting from service end.
Service end comprises the checking of client checking data: the first, to the checking of client legitimacy; The second, the checking whether overtime to timestamp.Concrete proof procedure can be referring to the service end explanation of Fig. 5, at this slightly.
The verify data that client is obtained from service end comprises said timestamp and anti-tamper enciphered message, and wherein, said anti-tamper enciphered message is that user's second identification information and said timestamp are obtained promptly above-mentioned enciphered data through computations.Wherein, user's second identification information can be the unique ID of user.The process of concrete generation verify data can be referring to the service end explanation of Fig. 5, at this slightly.
Step 404, client are used said verify data access services end, as call each functional interface of service end.
Concrete; When client is called the functional interface of certain service end at needs; Said verify data is sent to the corresponding function interface of service end, and when through after the checking of service end to this verify data, this client just can be called the corresponding function interface of service end and carry out data manipulation.Concrete data manipulation is as being operations such as user record collection, addresses of items of mail.Service end can be referring to the service end explanation of Fig. 5, at this slightly to the concrete checking of verify data.
In addition; Preferably, in the funcall process, in order to guarantee the integrality of data in the transfer of data; Guarantee that data are not forged; Client uses said verify data to call each functional interface of service end, can also comprise: the operating data that client will be transmitted combines said timestamp to carry out information-summary (md5) calculating, and result of calculation is sent to the corresponding function interface of service end; After passing through the checking of service end to this result of calculation, the corresponding function interface of this client call service end is carried out data manipulation.
Concrete, client also can be carried out md5 according to following formula to the operating data that will transmit and calculated generation MD5 data check string:
MD5 data check string=md5 (timestamp+operating data+(timestamp-1))
Then, client is issued service end together with said MD5 data check string, operating data, timestamp, carries out the checking of data integrity by service end, and concrete proof procedure can be referring to the service end explanation of Fig. 5, at this slightly.
For service end:
With reference to shown in Figure 5, be the process chart of the said service end of the application embodiment in reciprocal process.
Step 501 answers the client-requested transmitting time to stab client;
The treatment step 401 of corresponding client can adopt three kinds of modes to stab to the client return time, but preferably, can stab through special purpose interface (the service end timestamp interface) transmitting time that service end provides.
Step 502, service end receives the checking data that comprises user's first identification information and timestamp from client, and said user first identification information and timestamp, and said checking data is verified;
As previously mentioned, said user's first identification information can be expressed as the QT string, if client adopts md5 to calculate to user's first identification information and timestamp, the checking data of the then said user's of comprising first identification information and timestamp is the MD5 check strings.
Service end is verified said checking data (MD5 check strings), is specifically comprised following substep:
Service end adopts and the same mode of client; User's first identification information (QT string), timestamp and the timestamp that client is sent subtracts 1 value and carries out information-summary (md5) and calculate; And the checking data (MD5 check strings) that result of calculation and said client are sent compared; If both are identical, confirm that then this client is legal; If both are different, confirm that then this client is illegal.
Further, if this client is legal, then service end also comprises the checking that said checking data carries out:
Service end confirms that timestamp that client sends is whether in the effective time scope, if then checking is passed through; If overtime, then checking is not passed through.
Wherein, whether said acknowledging time stabs in the effective time scope, specifically is meant: confirm that whether timestamp that client is sent and service end current time differ in the effective time scope.
Said timestamp is used to the playback that prevents that docking port from calling, has exceeded scope effective time if timestamp that client is sent and service end current time differ, the possibility that expression exists request to reset, and therefore checking is not passed through.
When service end confirms that client is legal, and confirm timestamp that client sends in the effective time scope, then said checking to checking data (MD5 check strings) is passed through; If any one does not pass through among both, then final checking can not passed through yet.
Step 503 after checking is passed through, generates the verify data through encrypting, and said verify data is sent to client, and said verify data comprises the enciphered data to said timestamp and the generation of user's second identification information;
Service end generates through the verify data of encrypting, and specifically comprises following substep:
Substep 1, service end is carried out the computations first time with user's second identification information and said timestamp, and the general's result of calculation first time is as first enciphered message;
Wherein, Said user's second identification information can be ID, and ID is numeral or the character that system distributes for identifying user, because ID is brief; Amount of calculation is little during computations; Calculate simply, but user's second identification information also can use the information that other can the unique identification user identity, logins the information such as user name of use like the user.In addition, user's second identification information can also be above-mentioned user first identification information, and like the QT string, but the QT string is longer, calculates complicated during encryption.
Said first enciphered message promptly refers to anti-tamper enciphered message.
Substep 2, service end is carried out the computations second time with user's second identification information, said timestamp and said first enciphered message, and incites somebody to action the verify data that the second time, result of calculation was encrypted as process.
Wherein, said first time, computations can be calculated (CRC32) for CRC;
Said second time, computations can be that the RSA asymmetric encryption calculates, and perhaps be other asymmetric encryption calculating, perhaps was encrypted signature calculating, symmetric cryptography calculating etc.
Accordingly, the calculating of above-mentioned two sub-steps can be passed through following formulate:
Authentication string=rsa encryption (the unique ID+ timestamp+CRC32 of user (the unique ID+ timestamp of user))
Wherein, the unique ID of user is a kind of information of identifying user, but is not the unique information of identifying user, promptly also can come identifying user through other information.What process CRC32 calculated is anti-tamper enciphered message, and the authentication string that obtains through rsa encryption promptly refers to above-mentioned verify data.
Certainly, the above-mentioned computations first time is not limited to CRC32, and computations also is not limited to RSA for the second time.
Further preferably, for the ease of carrying out the plain text transmission, service end converts the authentication string into corresponding 16 system HEX text strings again, and then returns to client.
Step 504 receives the verify data that client is sent, and said verify data is verified.
When the functional interface of service end during by client call, the verify data that service end is sent client is carried out verification, and confirming that verify data is not changed, and the timestamp in the verify data is carried out correlation function then in the effective time scope.
Service end specifically can comprise following substep to the checking of verify data:
The verify data that substep 1, service end use corresponding deciphering calculating that client is sent is carried out corresponding deciphering, and the deciphering back obtains user's second identification information, said timestamp and said first enciphered message;
Substep 2; Service end will be deciphered user's second identification information of obtaining and said timestamp and carried out described first time of computations; And incite somebody to action the result of calculation and said first enciphered message of encrypting for the first time and compare, if identical, confirm that then said first enciphered message is not distorted; If different, confirm that then said first enciphered message is distorted.
If do not distorted, then service end is verified and can also be comprised said verify data:
Service end confirms that timestamp that said deciphering obtains is whether in the effective time scope, if then checking is passed through; If overtime, then checking is not passed through.
As previously mentioned, if the following computing formula of customer end adopted:
Authentication string=rsa encryption (the unique ID+ timestamp+CRC32 of user (the unique ID+ timestamp of user))
So, server at first uses RSA decrypted authentication string to obtain the unique ID of user, timestamp and CRC32 enciphered message.Then, use the CRC32 of CRC32 unique ID of algorithm computation user and timestamp,, prove that then data are not distorted if result of calculation is identical with the CRC32 that deciphering obtains.
If data are not distorted, then service end continue to judge that timestamp and the gap scope of server current time are whether in the effective time scope.
The judgement of above-mentioned timestamp is passed through, and then the request of client is legal, and service end can use the unique ID of user as the user actual service to be provided, like record collection, addresses of items of mail etc.
In addition, as previously mentioned, in the funcall process; In order to guarantee the integrality of data in the transfer of data; Guarantee that data are not forged, the operating data that client can also will be transmitted combines said timestamp to carry out information-summary (md5) calculating, and result of calculation is sended over.Simultaneously, client still sends over manipulation data and timestamp.
To this,, then can also comprise following treatment step if service end is passed through the checking of verify data:
Service end is carried out information-summary (md5) calculating to operating data and the said timestamp that client transmits; And information-digest calculations result that result of calculation and client transmit compared; If identical, then said operating data is not distorted in transmission course; If different, then said operating data is distorted in transmission course.
In sum, the application embodiment has been used in combination HTTPS and has encrypted and improved MD5, has adopted client and service end two places to encrypt simultaneously, has evaded at " end " reaching the possibility of distorting on " path " with data falsification effectively.
And, use the effective time docking port to call and carry out ageing control through timestamp, evaded effectively user's request recorded and reset in a large number and caused the danger of data corruption.
And, in the process of transmission data the data binding time is stabbed generation MD5, when guaranteeing data integrity, guarantee that data are not forged.
Need to prove; For aforesaid method embodiment, for simple description, so it all is expressed as a series of combination of actions; But those skilled in the art should know; The application does not receive the restriction of described sequence of movement, because according to the application, some step can adopt other orders or carry out simultaneously.Secondly, those skilled in the art also should know, the embodiment described in the specification all belongs to preferred embodiment, and related action might not be that the application is necessary.
Based on the explanation of said method embodiment, it is a kind of based on data integrity and mutual client implementation example and the server embodiment of confidentiality that the application also provides, and describes through Fig. 6 and Fig. 7 respectively below.
With reference to Fig. 6, be that the application embodiment is said a kind of based on data integrity and the mutual client terminal structure figure of confidentiality.
Said client can comprise with lower module:
Timestamp acquisition module 10 is used to obtain the timestamp from service end;
Checking data generation module 20 is used for user's first identification information, timestamp and the checking data that generates according to said user's first identification information, timestamp are sent to service end;
Verify data acquisition module 30 is used to obtain the verify data of service end through encrypting, and said verify data comprises the enciphered data to this timestamp and the generation of user's second identification information;
Function allocating module 40 is used to use said verify data access services end.
Wherein, said verify data acquisition module 30 obtains the verify data through encrypting when through after the checking of service end to checking data from service end.
Preferably, said checking data generation module 20 pairs of user's first identification informations, timestamp and timestamps subtract 1 value and carry out information-digest calculations, and with result of calculation as checking data.
Preferably, said user's first identification information comprises the checking string of user profile and user profile.
Preferably, said user's first identification information sends to this client in client login back by service end.
Preferably, said enciphered data is that user's second identification information and said timestamp are obtained through computations.
Wherein, said user's second identification information can be the unique ID of user.
Preferably, said function allocating module 40 sends to the corresponding function interface of service end with said verify data, when through after the checking of service end to this verify data, calls the corresponding function interface of service end and carries out data manipulation.
Preferably; In order to guarantee the integrality of data in the data transmission procedure; The operating data that said function allocating module 40 also is used for transmitting combines said timestamp to carry out information-digest calculations; And result of calculation sent to the corresponding function interface of service end, when through after the checking of service end to this result of calculation, the corresponding function interface of this client call service end is carried out data manipulation.
Preferably, obtain difficulty in order to reduce, said timestamp acquisition module 10 obtains said timestamp from service end timestamp interface.Wherein, said service end timestamp interface is the special purpose interface that service end provides.
With reference to Fig. 7, be that the application embodiment is said a kind of based on data integrity and the mutual server architecture figure of confidentiality.
Said server can comprise with lower module:
Timestamp sending module 11 is used to answer the client-requested transmitting time to stab client;
Checking data authentication module 21 is used for receiving the checking data that comprises user's first identification information and timestamp from client, and said user first identification information and timestamp, and said checking data is verified;
Verify data generation module 31 after being used for checking and passing through, generates the verify data through encrypting, and said verify data comprises the enciphered data of this timestamp with the generation of user's second identification information, and said verify data is sent to client;
Verify data authentication module 41 is used to receive the verify data that client is sent, and said verify data is verified.
Preferably, said checking data authentication module 21 can comprise following submodule:
Information-digest calculations submodule is used for that user's first identification information, timestamp and timestamp are subtracted 1 value and carries out information-digest calculations;
The comparer module is used for result of calculation and said checking data are compared, if identical, confirms that then this client is legal; If different, confirm that then this client is illegal.
Preferably, if this client is legal, then said checking data authentication module 21 can also comprise:
Overtime decision sub-module is used to confirm that timestamp that client sends is whether in the effective time scope, if then checking is passed through; If overtime, then checking is not passed through.
Preferably, said verify data generation module 31 can comprise:
The first computations submodule is used for user's second identification information and said timestamp are carried out the computations first time, and the general's result of calculation first time is as first enciphered message;
The second computations submodule is used for user's second identification information, said timestamp and first enciphered message are carried out the computations second time, and incites somebody to action the verify data that the second time, result of calculation was encrypted as process.
Preferably, said first time, computations can be calculated for CRC; Said second time, computations can be that the RSA asymmetric encryption calculates.
Preferably, said verify data authentication module 41 can comprise following submodule:
The deciphering submodule is used to use corresponding deciphering to calculate the verify data that client is sent and carries out corresponding deciphering, and the deciphering back obtains user's second identification information, said timestamp and said first enciphered message;
Computations submodule, user's second identification information that is used for deciphering is obtained and said timestamp carry out described first time of computations;
The comparer module is used for result of calculation and said first enciphered message are compared, if identical, confirms that then said first enciphered message is not distorted; If different, confirm that then said first enciphered message is distorted.
Preferably, if do not distorted, then said verify data authentication module 41 can also comprise:
Overtime decision sub-module is used to confirm that timestamp that said deciphering obtains is whether in the effective time scope, if then checking is passed through; If overtime, then checking is not passed through.
Preferably, if the checking of verify data is passed through, then said server can also comprise:
Data integrity authentication module 51; The operating data and the said timestamp that are used for client is transmitted carry out information-digest calculations; And information-digest calculations result that result of calculation and client transmit compared, if identical, then said operating data is not distorted in transmission course; If different, then said operating data is distorted in transmission course.
For the embodiment of above-mentioned client and server, because it is similar basically with method embodiment, so description is fairly simple, relevant part gets final product referring to the part explanation of Fig. 4 and method embodiment shown in Figure 5.
Each embodiment in this specification all adopts the mode of going forward one by one to describe, and what each embodiment stressed all is and the difference of other embodiment that identical similar part is mutually referring to getting final product between each embodiment.
On the device (or multiple arrangement) that the application embodiment can be embodied in any support graphics process, internet content captures and play up.These devices include but not limited to personal computer, cluster server, mobile phone, work station, embedded system, game machine, TV, STB, or any other supported the calculation element that computer graphical and content show.These devices can include but not limited to have to be carried out and the one or more processors of save command and the device of memory.These devices can comprise software, firmware and hardware.Software can comprise one or more application programs and operating system.Hardware can include but not limited to processor, memory and display.
At last; Also need to prove; In this article; Relational terms such as first and second grades only is used for an entity or operation are made a distinction with another entity or operation, and not necessarily requires or hint relation or the order that has any this reality between these entities or the operation.
More than to the application provided a kind of exchange method and client, server based on data integrity and confidentiality; Carried out detailed introduction; Used concrete example among this paper the application's principle and execution mode are set forth, the explanation of above embodiment just is used to help to understand the application's method and core concept thereof; Simultaneously, for one of ordinary skill in the art, according to the application's thought, the part that on embodiment and range of application, all can change, in sum, this description should not be construed as the restriction to the application.

Claims (32)

1. a data interactive method is characterized in that, comprising:
Obtain timestamp from service end;
User's first identification information, timestamp and the checking data that generates according to said user's first identification information, timestamp are sent to service end;
Obtain the verify data of encrypting through service end, said verify data comprises the enciphered data to this timestamp and the generation of user's second identification information;
Use said verify data access services end.
2. method according to claim 1 is characterized in that, the said verify data of encrypting through service end of obtaining comprises:
After the checking of service end to said checking data, obtain verify data from service end through encrypting, wherein said verify data comprises the enciphered data to this timestamp and the generation of user's second identification information.
3. method according to claim 1 is characterized in that, and is said according to user's first identification information and timestamp generation checking data, comprising:
User's first identification information, timestamp and timestamp subtracted 1 value and carry out information-digest calculations, and with result of calculation as checking data.
4. according to claim 1 or 3 described methods, it is characterized in that:
Said user's first identification information comprises the checking string of user profile and user profile.
5. according to claim 1 or 3 described methods, it is characterized in that:
Said user's first identification information sends to this client in client login back by service end.
6. method according to claim 1 is characterized in that, the said verify data access services of said use end comprises:
Said verify data is sent to the corresponding function interface of service end;
When through after the checking of service end to this verify data, call the corresponding function interface of service end.
7. method according to claim 6 is characterized in that, the said verify data access services of said use end also comprises:
The operating data that will transmit combines said timestamp to carry out information-digest calculations, and result of calculation is sent to the corresponding function interface of service end;
When through after the checking of service end to this result of calculation, call the corresponding function interface of service end and carry out data manipulation.
8. method according to claim 1 is characterized in that: said user's second identification information comprises ID.
9. a data interactive method is characterized in that, comprising:
Answer the client-requested transmitting time to stab client;
Receive the checking data comprise user's first identification information and timestamp from client, and said user first identification information and timestamp, and said checking data is verified;
After checking is passed through, generate the verify data through encrypting, said verify data comprises the enciphered data to this timestamp and the generation of user's second identification information, and said verify data is sent to client;
Receive the verify data that client is sent, and said verify data is verified.
10. method according to claim 9 is characterized in that, said said checking data is verified, comprising:
User's first identification information, timestamp and the timestamp that receives from client subtracted 1 value and carry out information-digest calculations;
Result of calculation and said checking data are compared,, confirm that then this client is legal if identical; If different, confirm that then this client is illegal.
11. method according to claim 10 is characterized in that, if this client is legal, then said said checking data is verified also comprises:
Confirm that timestamp that client sends is whether in the effective time scope, if then checking is passed through; If overtime, then checking is not passed through.
12. method according to claim 9 is characterized in that, the verify data of said generation through encrypting comprises:
User's second identification information and said timestamp are carried out the computations first time, and the general's result of calculation first time is as first enciphered message;
User's second identification information, said timestamp and first enciphered message are carried out the computations second time, and incite somebody to action the verify data that the second time, result of calculation was encrypted as said process.
13. method according to claim 12 is characterized in that:
The said computations use CRC first time is calculated;
Said computations use second time encrypted signature calculates, symmetric cryptography calculates or asymmetric encryption calculates.
14. method according to claim 12 is characterized in that, said said verify data is verified, comprising:
Use corresponding deciphering to calculate the verify data that client is sent and decipher, the deciphering back obtains user's second identification information, said timestamp and said first enciphered message;
User's second identification information that deciphering is obtained and said timestamp carry out described first time of computations, and result of calculation and said first enciphered message that will encrypt for the first time compare, if identical, confirm that then said first enciphered message is not distorted; If different, confirm that then said first enciphered message is distorted.
15. method according to claim 14 is characterized in that, if do not distorted, then also comprises:
Confirm that timestamp that said deciphering obtains is whether in the effective time scope, if then checking is passed through; If overtime, then checking is not passed through.
16. according to claim 9 or 15 described methods, it is characterized in that,, then also comprise if the checking of verify data is passed through:
Operating data and said timestamp that client is transmitted carry out information-digest calculations;
Information-digest calculations result that result of calculation and client are transmitted compares, if identical, then said operating data is not distorted in transmission course; If different, then said operating data is distorted in transmission course.
17. the client of a data interaction is characterized in that, comprising:
The timestamp acquisition module is used to obtain the timestamp from service end;
The checking data generation module is used for user's first identification information, timestamp and the checking data that generates according to said user's first identification information, timestamp are sent to service end;
The verify data acquisition module is used to obtain the verify data of encrypting through service end, and said verify data comprises the enciphered data to this timestamp and the generation of user's second identification information;
Function allocating module is used to use said verify data access services end.
18. client according to claim 17 is characterized in that:
Said verify data acquisition module obtains the verify data through encrypting when through after the checking of service end to checking data from service end.
19. client according to claim 17 is characterized in that:
Said checking data generation module subtracts 1 value to user's first identification information, timestamp and timestamp and carries out information-digest calculations, and with result of calculation as checking data.
20., it is characterized in that according to claim 17 or 19 described clients:
Said user's first identification information comprises the checking string of user profile and user profile.
21., it is characterized in that according to claim 17 or 19 described clients:
Said user's first identification information sends to this client in client login back by service end.
22. client according to claim 17 is characterized in that:
Said function allocating module sends to the corresponding function interface of service end with said verify data, when through after the checking of service end to this verify data, calls the corresponding function interface of service end and carries out data manipulation.
23. client according to claim 22 is characterized in that:
The operating data that said function allocating module also is used for transmitting combines said timestamp to carry out information-digest calculations; And result of calculation sent to the corresponding function interface of service end; When through after the checking of service end to this result of calculation, call the corresponding function interface of service end and carry out data manipulation.
24. client according to claim 17 is characterized in that:
Said user's second identification information comprises ID.
25. the server of a data interaction is characterized in that, comprising:
The timestamp sending module is used to answer the client-requested transmitting time to stab client;
The checking data authentication module is used for receiving the checking data that comprises user's first identification information and timestamp from client, and said user first identification information and timestamp, and said checking data is verified;
The verify data generation module after being used for checking and passing through, generates the verify data through encrypting, and said verify data comprises the enciphered data of this timestamp with the generation of user's second identification information, and said verify data is sent to client;
The verify data authentication module is used to receive the verify data that client is sent, and said verify data is verified.
26. server according to claim 25 is characterized in that, said checking data authentication module comprises:
Information-digest calculations submodule is used for that user's first identification information, timestamp and the timestamp that receives from client subtracted 1 value and carries out information-digest calculations;
The comparer module is used for result of calculation and said checking data are compared, if identical, confirms that then this client is legal; If different, confirm that then this client is illegal.
27. server according to claim 26 is characterized in that, if this client is legal, then said checking data authentication module also comprises:
Overtime decision sub-module is used to confirm that timestamp that client sends is whether in the effective time scope, if then checking is passed through; If overtime, then checking is not passed through.
28. server according to claim 25 is characterized in that, said verify data generation module comprises:
The first computations submodule is used for user's second identification information and said timestamp are carried out the computations first time, and the general's result of calculation first time is as first enciphered message;
The second computations submodule is used for user's second identification information, said timestamp and first enciphered message are carried out the computations second time, and incites somebody to action the verify data that the second time, result of calculation was encrypted as said process.
29. server according to claim 28 is characterized in that:
The said computations use CRC first time is calculated;
Said computations use second time encrypted signature calculates, symmetric cryptography calculates or asymmetric encryption calculates.
30. server according to claim 28 is characterized in that, said verify data authentication module comprises:
The deciphering submodule is used to use corresponding deciphering to calculate the verify data that client is sent and carries out corresponding deciphering, and the deciphering back obtains user's second identification information, said timestamp and said first enciphered message;
Computations submodule, user's second identification information that is used for deciphering is obtained and said timestamp carry out described first time of computations;
The comparer module is used for the result of calculation and said first enciphered message of encrypting are for the first time compared, if identical, confirms that then said first enciphered message is not distorted; If different, confirm that then said first enciphered message is distorted.
31. server according to claim 30 is characterized in that, if do not distorted, then said verify data authentication module also comprises:
Overtime decision sub-module is used to confirm that timestamp that said deciphering obtains is whether in the effective time scope, if then checking is passed through; If overtime, then checking is not passed through.
32. according to claim 25 or 31 described servers, it is characterized in that,, then also comprise if the checking of verify data is passed through:
The data integrity authentication module; The operating data and the said timestamp that are used for client is transmitted carry out information-digest calculations; And information-digest calculations result that result of calculation and client transmit compared, if identical, then said operating data is not distorted in transmission course; If different, then said operating data is distorted in transmission course.
CN201210091325.6A 2012-03-30 2012-03-30 A kind of data interactive method and client, server Active CN102624740B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201210091325.6A CN102624740B (en) 2012-03-30 2012-03-30 A kind of data interactive method and client, server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201210091325.6A CN102624740B (en) 2012-03-30 2012-03-30 A kind of data interactive method and client, server

Publications (2)

Publication Number Publication Date
CN102624740A true CN102624740A (en) 2012-08-01
CN102624740B CN102624740B (en) 2016-05-11

Family

ID=46564424

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201210091325.6A Active CN102624740B (en) 2012-03-30 2012-03-30 A kind of data interactive method and client, server

Country Status (1)

Country Link
CN (1) CN102624740B (en)

Cited By (40)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102932345A (en) * 2012-10-26 2013-02-13 山东中创软件商用中间件股份有限公司 Method, device and system for information transmission
CN103139200A (en) * 2013-01-06 2013-06-05 深圳市元征科技股份有限公司 Single sign-on method of web service
CN103199996A (en) * 2013-03-27 2013-07-10 四川长虹电器股份有限公司 Data interface authentication method
CN103701819A (en) * 2013-12-30 2014-04-02 北京网康科技有限公司 Hypertext transfer protocol decoding processing method and device
CN104184580A (en) * 2013-05-21 2014-12-03 北京神州泰岳软件股份有限公司 Network operating method and network operating system
CN104486325A (en) * 2014-12-10 2015-04-01 上海爱数软件有限公司 Safe login certification method based on RESTful
CN104852800A (en) * 2015-05-25 2015-08-19 小米科技有限责任公司 Data transmission method and device
CN105340213A (en) * 2013-02-27 2016-02-17 希佩尔图斯公司 Method and apparatus for secure data transmissions
CN105405035A (en) * 2015-10-26 2016-03-16 北京红马传媒文化发展有限公司 Method of determining two-dimension-code electronic ticket authenticity based on external standard time
WO2016054905A1 (en) * 2014-10-11 2016-04-14 上海众人网络安全技术有限公司 Method for processing data
CN105657699A (en) * 2016-02-22 2016-06-08 成都北纬航信网络科技有限责任公司 Safe data transmission method
WO2016188402A1 (en) * 2015-05-25 2016-12-01 邵通 Network anti-phishing apparatus, method and system
CN106713298A (en) * 2016-12-16 2017-05-24 迈普通信技术股份有限公司 Communication method and device
CN107154920A (en) * 2016-03-04 2017-09-12 神讯电脑(昆山)有限公司 Encryption method, decryption method and the reception device to receive security information of security information
CN107241308A (en) * 2017-04-27 2017-10-10 努比亚技术有限公司 A kind of method, device and mobile terminal for realizing safety check
CN107483563A (en) * 2017-07-31 2017-12-15 九次方大数据信息集团有限公司 The data query method and apparatus and client and server of anti-reptile
CN107613316A (en) * 2017-09-07 2018-01-19 武汉斗鱼网络科技有限公司 A kind of network direct broadcasting plug-flow verification method and system
CN107888548A (en) * 2016-09-30 2018-04-06 北京金山云网络技术有限公司 A kind of Information Authentication method and device
CN108270502A (en) * 2017-01-03 2018-07-10 中兴通讯股份有限公司 A kind of transmission time stamp processing method and processing device based on NTP
CN108809991A (en) * 2018-06-15 2018-11-13 北京云枢网络科技有限公司 A method of the client side verification based on SDK dynamic watermarks
CN108833080A (en) * 2018-06-05 2018-11-16 中国联合网络通信集团有限公司 A kind of data transmission method, device and network system
CN108848094A (en) * 2018-06-22 2018-11-20 平安科技(深圳)有限公司 Data security validation method, device, system, computer equipment and storage medium
US10182041B2 (en) 2013-02-27 2019-01-15 CipherTooth, Inc. Method and apparatus for secure data transmissions
CN109272410A (en) * 2018-08-31 2019-01-25 平安科技(深圳)有限公司 Collaboration backup method, system, computer equipment and the storage medium of product data
CN109413105A (en) * 2018-12-12 2019-03-01 深圳市丰巢科技有限公司 A kind of network request processing method, device, computer equipment and storage medium
CN109698806A (en) * 2017-10-20 2019-04-30 福建省天奕网络科技有限公司 A kind of user data method of calibration and system
CN110061949A (en) * 2018-01-18 2019-07-26 北京京东尚科信息技术有限公司 For obtaining the method and device of information
CN110070300A (en) * 2019-04-29 2019-07-30 百度在线网络技术(北京)有限公司 Data audit and acquisition methods, device, system, equipment and medium
CN110149354A (en) * 2018-02-12 2019-08-20 北京京东尚科信息技术有限公司 A kind of encryption and authentication method and device based on https agreement
CN110300109A (en) * 2019-06-28 2019-10-01 合肥高维数据技术有限公司 A kind of management method of server-side to client
CN110891065A (en) * 2019-12-03 2020-03-17 西安博达软件股份有限公司 Token-based user identity auxiliary encryption method
CN111241523A (en) * 2020-01-08 2020-06-05 中国联合网络通信集团有限公司 Authentication processing method, device, equipment and storage medium
CN111510455A (en) * 2020-04-16 2020-08-07 神州数码融信软件有限公司 Request message authentication and data transmission method
CN111740985A (en) * 2020-06-19 2020-10-02 国动物联网有限公司 TCP long connection security verification encryption method
CN111931159A (en) * 2020-08-11 2020-11-13 福建天晴在线互动科技有限公司 Method and system for verifying validity of webpage data interface
CN112042152A (en) * 2017-12-28 2020-12-04 索博客科技有限公司 Method and system for securing communication between a primary device and a secondary device
WO2021098272A1 (en) * 2019-11-20 2021-05-27 支付宝(杭州)信息技术有限公司 Data reading method and apparatus, metering device, and server
CN113407880A (en) * 2021-05-06 2021-09-17 中南大学 Access behavior identification method suitable for encrypted HTTP/2 webpage
CN113596839A (en) * 2021-07-30 2021-11-02 联通沃音乐文化有限公司 Safe and reliable flow authentication method free of directional access flow
CN114626030A (en) * 2020-12-11 2022-06-14 航天信息股份有限公司 Method, device, equipment and storage medium for storing and sharing data

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040202329A1 (en) * 2003-04-11 2004-10-14 Samsung Electronics Co., Ltd. Method and system for providing broadcast service using encryption in a mobile communication system
CN101005359A (en) * 2006-01-18 2007-07-25 华为技术有限公司 Method and device for realizing safety communication between terminal devices
CN101170413A (en) * 2007-12-06 2008-04-30 华为技术有限公司 A digital certificate and private key acquisition, distribution method and device
CN101404575A (en) * 2008-11-06 2009-04-08 阿里巴巴集团控股有限公司 Method and system for updating indorsement algorithm
CN101605137A (en) * 2009-07-10 2009-12-16 中国科学技术大学 Safe distribution file system
CN101873298A (en) * 2009-04-21 2010-10-27 华为软件技术有限公司 Registration method, terminal, server and system

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040202329A1 (en) * 2003-04-11 2004-10-14 Samsung Electronics Co., Ltd. Method and system for providing broadcast service using encryption in a mobile communication system
CN101005359A (en) * 2006-01-18 2007-07-25 华为技术有限公司 Method and device for realizing safety communication between terminal devices
CN101170413A (en) * 2007-12-06 2008-04-30 华为技术有限公司 A digital certificate and private key acquisition, distribution method and device
CN101404575A (en) * 2008-11-06 2009-04-08 阿里巴巴集团控股有限公司 Method and system for updating indorsement algorithm
CN101873298A (en) * 2009-04-21 2010-10-27 华为软件技术有限公司 Registration method, terminal, server and system
CN101605137A (en) * 2009-07-10 2009-12-16 中国科学技术大学 Safe distribution file system

Cited By (56)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102932345B (en) * 2012-10-26 2015-11-18 山东中创软件商用中间件股份有限公司 A kind of information transferring method, Apparatus and system
CN102932345A (en) * 2012-10-26 2013-02-13 山东中创软件商用中间件股份有限公司 Method, device and system for information transmission
CN103139200B (en) * 2013-01-06 2016-06-15 深圳市元征科技股份有限公司 A kind of method of Web service single-sign-on
CN103139200A (en) * 2013-01-06 2013-06-05 深圳市元征科技股份有限公司 Single sign-on method of web service
CN105340213B (en) * 2013-02-27 2020-04-24 希佩尔图斯公司 Method and device for secure data transmission
US10182041B2 (en) 2013-02-27 2019-01-15 CipherTooth, Inc. Method and apparatus for secure data transmissions
CN105340213A (en) * 2013-02-27 2016-02-17 希佩尔图斯公司 Method and apparatus for secure data transmissions
CN103199996A (en) * 2013-03-27 2013-07-10 四川长虹电器股份有限公司 Data interface authentication method
CN104184580A (en) * 2013-05-21 2014-12-03 北京神州泰岳软件股份有限公司 Network operating method and network operating system
CN103701819A (en) * 2013-12-30 2014-04-02 北京网康科技有限公司 Hypertext transfer protocol decoding processing method and device
WO2016054905A1 (en) * 2014-10-11 2016-04-14 上海众人网络安全技术有限公司 Method for processing data
CN104486325A (en) * 2014-12-10 2015-04-01 上海爱数软件有限公司 Safe login certification method based on RESTful
WO2016188402A1 (en) * 2015-05-25 2016-12-01 邵通 Network anti-phishing apparatus, method and system
CN104852800A (en) * 2015-05-25 2015-08-19 小米科技有限责任公司 Data transmission method and device
CN107615797A (en) * 2015-05-25 2018-01-19 邵通 A kind of device, method and system of hiding subscriber identity data
CN107615704A (en) * 2015-05-25 2018-01-19 邵通 A kind of device, method and system of the anti-fishing of network
CN107615797B (en) * 2015-05-25 2021-01-26 邵通 Device, method and system for hiding user identification data
CN105405035A (en) * 2015-10-26 2016-03-16 北京红马传媒文化发展有限公司 Method of determining two-dimension-code electronic ticket authenticity based on external standard time
CN105405035B (en) * 2015-10-26 2020-03-31 北京红马传媒文化发展有限公司 Method for judging authenticity of two-dimensional code electronic ticket based on external standard time
CN105657699A (en) * 2016-02-22 2016-06-08 成都北纬航信网络科技有限责任公司 Safe data transmission method
CN105657699B (en) * 2016-02-22 2019-03-05 成都北纬航信网络科技有限责任公司 Data safe transmission method
CN107154920A (en) * 2016-03-04 2017-09-12 神讯电脑(昆山)有限公司 Encryption method, decryption method and the reception device to receive security information of security information
CN107154920B (en) * 2016-03-04 2021-07-13 神讯电脑(昆山)有限公司 Encryption method and decryption method for security information and receiving device for receiving security information
CN107888548A (en) * 2016-09-30 2018-04-06 北京金山云网络技术有限公司 A kind of Information Authentication method and device
CN106713298A (en) * 2016-12-16 2017-05-24 迈普通信技术股份有限公司 Communication method and device
CN106713298B (en) * 2016-12-16 2019-06-18 迈普通信技术股份有限公司 A kind of communication means and equipment
CN108270502A (en) * 2017-01-03 2018-07-10 中兴通讯股份有限公司 A kind of transmission time stamp processing method and processing device based on NTP
CN107241308A (en) * 2017-04-27 2017-10-10 努比亚技术有限公司 A kind of method, device and mobile terminal for realizing safety check
CN107483563A (en) * 2017-07-31 2017-12-15 九次方大数据信息集团有限公司 The data query method and apparatus and client and server of anti-reptile
CN107613316A (en) * 2017-09-07 2018-01-19 武汉斗鱼网络科技有限公司 A kind of network direct broadcasting plug-flow verification method and system
CN107613316B (en) * 2017-09-07 2020-01-03 武汉斗鱼网络科技有限公司 Live network push stream verification method and system
CN109698806A (en) * 2017-10-20 2019-04-30 福建省天奕网络科技有限公司 A kind of user data method of calibration and system
CN109698806B (en) * 2017-10-20 2021-12-28 福建省天奕网络科技有限公司 User data verification method and system
CN112042152A (en) * 2017-12-28 2020-12-04 索博客科技有限公司 Method and system for securing communication between a primary device and a secondary device
CN110061949B (en) * 2018-01-18 2023-04-18 北京京东尚科信息技术有限公司 Method and device for acquiring information
CN110061949A (en) * 2018-01-18 2019-07-26 北京京东尚科信息技术有限公司 For obtaining the method and device of information
CN110149354A (en) * 2018-02-12 2019-08-20 北京京东尚科信息技术有限公司 A kind of encryption and authentication method and device based on https agreement
CN108833080A (en) * 2018-06-05 2018-11-16 中国联合网络通信集团有限公司 A kind of data transmission method, device and network system
CN108809991A (en) * 2018-06-15 2018-11-13 北京云枢网络科技有限公司 A method of the client side verification based on SDK dynamic watermarks
CN108848094A (en) * 2018-06-22 2018-11-20 平安科技(深圳)有限公司 Data security validation method, device, system, computer equipment and storage medium
CN109272410A (en) * 2018-08-31 2019-01-25 平安科技(深圳)有限公司 Collaboration backup method, system, computer equipment and the storage medium of product data
CN109413105A (en) * 2018-12-12 2019-03-01 深圳市丰巢科技有限公司 A kind of network request processing method, device, computer equipment and storage medium
CN110070300A (en) * 2019-04-29 2019-07-30 百度在线网络技术(北京)有限公司 Data audit and acquisition methods, device, system, equipment and medium
CN110300109A (en) * 2019-06-28 2019-10-01 合肥高维数据技术有限公司 A kind of management method of server-side to client
WO2021098272A1 (en) * 2019-11-20 2021-05-27 支付宝(杭州)信息技术有限公司 Data reading method and apparatus, metering device, and server
CN110891065A (en) * 2019-12-03 2020-03-17 西安博达软件股份有限公司 Token-based user identity auxiliary encryption method
CN111241523A (en) * 2020-01-08 2020-06-05 中国联合网络通信集团有限公司 Authentication processing method, device, equipment and storage medium
CN111241523B (en) * 2020-01-08 2022-07-26 中国联合网络通信集团有限公司 Authentication processing method, device, equipment and storage medium
CN111510455A (en) * 2020-04-16 2020-08-07 神州数码融信软件有限公司 Request message authentication and data transmission method
CN111510455B (en) * 2020-04-16 2022-06-10 神州数码融信软件有限公司 Request message authentication and data transmission method
CN111740985A (en) * 2020-06-19 2020-10-02 国动物联网有限公司 TCP long connection security verification encryption method
CN111931159A (en) * 2020-08-11 2020-11-13 福建天晴在线互动科技有限公司 Method and system for verifying validity of webpage data interface
CN111931159B (en) * 2020-08-11 2023-04-07 福建天晴在线互动科技有限公司 Method and system for verifying validity of webpage data interface
CN114626030A (en) * 2020-12-11 2022-06-14 航天信息股份有限公司 Method, device, equipment and storage medium for storing and sharing data
CN113407880A (en) * 2021-05-06 2021-09-17 中南大学 Access behavior identification method suitable for encrypted HTTP/2 webpage
CN113596839A (en) * 2021-07-30 2021-11-02 联通沃音乐文化有限公司 Safe and reliable flow authentication method free of directional access flow

Also Published As

Publication number Publication date
CN102624740B (en) 2016-05-11

Similar Documents

Publication Publication Date Title
CN102624740B (en) A kind of data interactive method and client, server
US11165757B2 (en) Method and apparatus for securing communications using multiple encryption keys
EP3673435B1 (en) Improving integrity of communications between blockchain networks and external data sources
CN102647461B (en) Communication means based on HTTP, server, terminal
Dacosta et al. Trust no one else: Detecting MITM attacks against SSL/TLS without third-parties
US8407477B2 (en) Information distribution system and program for the same
WO2019020051A1 (en) Method and apparatus for security authentication
US20090307486A1 (en) System and method for secured network access utilizing a client .net software component
CN103763356A (en) Establishment method, device and system for connection of secure sockets layers
CN114329529A (en) Asset data management method and system based on block chain
WO2020186822A1 (en) Blockchain-based data querying method, device and apparatus, and readable storage medium
JP2008250931A (en) System for restoring distributed information, information utilizing device, and verification device
CN114866323B (en) User-controllable privacy data authorization sharing system and method
CN111884811B (en) Block chain-based data evidence storing method and data evidence storing platform
CN105681470A (en) Communication method, server and terminal based on hypertext transfer protocol
TWI526871B (en) Server, user device, and user device and server interaction method
JP2001186122A (en) Authentication system and authentication method
CN114513339A (en) Security authentication method, system and device
CN114629713A (en) Identity verification method, device and system
CN107104804A (en) A kind of platform integrity verification method and device
KR102118556B1 (en) Method for providing private blockchain based privacy information management service
Tan et al. A universal decentralized authentication and authorization protocol based on blockchain
KR20170111809A (en) Bidirectional authentication method using security token based on symmetric key
Silva et al. Data security and trustworthiness in online public services: An assessment of portuguese institutions
Chang et al. A dependable storage service system in cloud environment

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
ASS Succession or assignment of patent right

Owner name: QIZHI SOFTWARE (BEIJING) CO., LTD.

Effective date: 20121029

Owner name: BEIJING QIHU TECHNOLOGY CO., LTD.

Free format text: FORMER OWNER: QIZHI SOFTWARE (BEIJING) CO., LTD.

Effective date: 20121029

C41 Transfer of patent application or patent right or utility model
COR Change of bibliographic data

Free format text: CORRECT: ADDRESS; FROM: 100016 CHAOYANG, BEIJING TO: 100088 XICHENG, BEIJING

TA01 Transfer of patent application right

Effective date of registration: 20121029

Address after: 100088 Beijing city Xicheng District xinjiekouwai Street 28, block D room 112 (Desheng Park)

Applicant after: BEIJING QIHOO TECHNOLOGY Co.,Ltd.

Applicant after: Qizhi software (Beijing) Co.,Ltd.

Address before: The 4 layer 100016 unit of Beijing city Chaoyang District Jiuxianqiao Road No. 14 Building C

Applicant before: Qizhi software (Beijing) Co.,Ltd.

C14 Grant of patent or utility model
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20220715

Address after: Room 801, 8th floor, No. 104, floors 1-19, building 2, yard 6, Jiuxianqiao Road, Chaoyang District, Beijing 100015

Patentee after: BEIJING QIHOO TECHNOLOGY Co.,Ltd.

Address before: 100088 room 112, block D, 28 new street, new street, Xicheng District, Beijing (Desheng Park)

Patentee before: BEIJING QIHOO TECHNOLOGY Co.,Ltd.

Patentee before: Qizhi software (Beijing) Co.,Ltd.

TR01 Transfer of patent right