CN102647461A - Communication method, server and terminal based on HTTP (Hypertext Transfer Protocol) - Google Patents
Communication method, server and terminal based on HTTP (Hypertext Transfer Protocol) Download PDFInfo
- Publication number
- CN102647461A CN102647461A CN2012100897126A CN201210089712A CN102647461A CN 102647461 A CN102647461 A CN 102647461A CN 2012100897126 A CN2012100897126 A CN 2012100897126A CN 201210089712 A CN201210089712 A CN 201210089712A CN 102647461 A CN102647461 A CN 102647461A
- Authority
- CN
- China
- Prior art keywords
- ciphertext
- time stamp
- timestamp
- algorithm
- terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application provides a network communication method, a system, a server and a terminal based on HTTP (Hypertext Transfer Protocol), aiming at resisting replay attack in HTTP network communication. The network communication method comprises the steps of sending a first time stamp to the terminal according to a terminal request; receiving network request information sent by the terminal, wherein the network request information includes the first time stamp and corresponding time stamp ciphertext, and the time stamp ciphertext is generated by encrypting algorithm factor containing the first time stamp according to a preset encryption algorithm at the terminal; and verifying whether the time stamp ciphertext is in effect or not according to the preset encryption algorithm, if no, judging the network request information is an invalid request. By verifying the validity and effectiveness of the time stamp ciphertext containing time stamp information, the possibility that the time stamp information in the network request is tampered can be further prevented, and occurrence of network replay attack can be avoided.
Description
Technical field
The application relates to the network security technology field, particularly relates to a kind of communication means based on HTTP, server, terminal.
Background technology
At present along with the Internet more and more in depth influences people's routine work life, based on the fail safe of the data communication of the Internet just show particularly important.
In the various factors that influence Network Communicate Security, Replay Attack (Replay Attacks) is one of the most common attack pattern.Replay Attack is weighed again and is broadcast attack, replay attack or freshness attack (Freshness Attacks); Be meant that the assailant utilizes network monitoring or other modes to steal authentication authority; Again issuing server again, reach the purpose of fraud system afterwards through the packet of camouflage.It is used for the authentication process more, destroys the correctness of authentication.Continuous malice of this attack meeting or rogue ground repeat an active data transmission, and Replay Attack can also can be undertaken by the enemy who tackles and retransmit these data by the promoter.Explain to understand from this, be held as a hostage or distort though data encryption can effectively prevent network requests information because Replay Attack is that the intercepting effective information resends, even so data encryption also can't prevent Replay Attack.
In the present network communications technology framework, transmission control/interconnection protocol (TCP/IP, Transmission Control Protocol/Internet Protocol) is the basis of whole internet communication.ICP/IP protocol has adopted 4 layers hierarchical structure: the network that following one deck provided that network interface layer, network layer, transport layer and application layer, its each layer are all called out it is accomplished the demand of oneself.Wherein, in application layer, be the main communication mode of current many network applications based on the data communication of HTTP (HTTP, Hypertext Transfer Protocol), like most of websites, forum etc.But, http protocol do not have connection, stateless agreement because being one; Be that server is whenever handled terminal request and received and promptly break off to connect after replying; And this agreement is to the memoryless ability of transaction, so the HTTP network requests at every turn sent to server of terminal, is not contact between the front and back.
The ill-mannered state property of http protocol, no connectivity just determine at the beginning of this design of protocol.Because the purpose of http protocol is to support the transfer of data of hypertext; Browser sends request to http server at the terminal so; Then http server sends back to corresponding resource in the such process in terminal; No matter for terminal or server, all there is no need to write down this process, all is relatively independent because ask each time and respond.Generally speaking, a URL (URL, Universal Resource Locator) corresponding unique hypertext, and the request that http server sends any terminal, it all can return identical hypertext according to the URL request that receives.Exactly because such uniqueness makes the behavior state of recording user become meaningless, so http protocol is designed to stateless connection protocol.
For these reasons; In case terminal and server solicited message in the process of transfer of data is tackled; Because server does not write down the relevant informations such as state of any relevant request, therefore also just can't discern this request and whether tackled, reset, also just can't avoid the generation of Replay Attack.
In a word, need the urgent technical problem that solves of those skilled in the art to be exactly: the Replay Attack that how to prevent to be directed against in the existing network communication technology http protocol communication.
Summary of the invention
The application's technical problem to be solved provides a kind of network communication method based on HTTP, server, terminal, so as effectively to prevent because of the HTTP network requests by the Replay Attack that intercepting causes, improved the fail safe of HTTP network service.
In order to address the above problem, the application discloses a kind of network communication method based on HTTP, comprising: answer terminal request to send the very first time to the terminal and stab;
The network requests information that receiving terminal sends; Comprise said very first time stamp and time corresponding in the said network requests information and stab ciphertext; Said timestamp ciphertext is encrypted generation according to presetting AES to the algorithm factor that comprises said very first time stamp by the terminal;
Verify by the said AES that presets whether said timestamp ciphertext is effective, if invalid, then said network requests information is invalidation request.
Preferably, further comprise:
Verify very first time in the said network requests information stab with the interval of current time whether before the deadline, if exceed, then said network requests information is invalid.
Preferably, the said AES that presets is the encrypted signature algorithm,
Said terminal comprises the algorithm factor encryption rise time stamp ciphertext that comprises said very first time stamp according to presetting AES:
The terminal is encrypted the algorithm factor that comprises said very first time stamp according to said encrypted signature algorithm and is generated first digital signature makeup time stamp ciphertext;
Whether the said timestamp ciphertext of said checking effectively comprises:
By said encrypted signature algorithm the algorithm factor that comprises said very first time stamp is encrypted generation second digital signature;
Verify whether the first corresponding digital signature of said second digital signature and said timestamp ciphertext is consistent, if inconsistent, then said timestamp ciphertext is invalid.
Preferably, the said AES that presets is a symmetric encipherment algorithm,
Said terminal comprises the algorithm factor encryption rise time stamp ciphertext that comprises said very first time stamp according to presetting AES:
The terminal is used corresponding key that the algorithm factor that comprises said very first time stamp is encrypted between generation according to said symmetric encipherment algorithm and is stabbed ciphertext;
Whether the said timestamp ciphertext of said checking effectively comprises:
Use the corresponding key of said symmetric encipherment algorithm that said timestamp ciphertext is deciphered the timestamp information that obtains wherein as second timestamp; Judge whether the very first time stamp in said second timestamp and the network requests information is consistent; If inconsistent, then said timestamp ciphertext is invalid.
Preferably, the said AES that presets is a rivest, shamir, adelman,
Said terminal comprises the algorithm factor encryption rise time stamp ciphertext that comprises said very first time stamp according to presetting AES:
The terminal is used corresponding PKI that the algorithm factor that comprises said very first time stamp is encrypted between generation according to said rivest, shamir, adelman and is stabbed ciphertext;
Whether the said timestamp ciphertext of said checking effectively comprises:
Server uses the private key corresponding with said rivest, shamir, adelman that said timestamp ciphertext is deciphered the timestamp information that obtains wherein as second timestamp; Judge whether the very first time stamp in said second timestamp and the network requests information is consistent; If inconsistent, then said timestamp ciphertext is invalid.
Preferably, also comprise the voucher sign that generates by the terminal in the network requests information that send at said terminal; And
The said algorithm factor that comprises very first time stamp also comprises said voucher sign; Said algorithm factor was stabbed by the said very first time and said voucher sign is formed by preset rules.
Preferably, also comprise before the network requests information that said receiving terminal sends:
Receive the request for credentials information at terminal;
Generate the voucher sign corresponding with said request for credentials information;
Send said voucher sign to said terminal.
Preferably,
Also comprise said voucher sign in the networking solicited message of said reception;
The said algorithm factor that comprises very first time stamp also comprises said voucher sign; Said algorithm factor was stabbed by the said very first time and said voucher sign is formed by preset rules.
Preferably, said voucher sign is dynamically effective, and said method also comprises:
If comprise the voucher sign in the network requests information that send at said terminal, then whether this voucher sign of server authentication is effective, if invalid, then said network requests is an invalidation request.
For addressing the above problem, disclosed herein as well is a kind of network communication method based on HTTP, comprising:
Obtaining the very first time from server stabs;
Send network requests information to server; Comprise said very first time stamp and time corresponding in the said network requests information and stab ciphertext; Said timestamp ciphertext is according to presetting AES the algorithm factor that comprises said very first time stamp to be encrypted generation.
Preferably, the said AES that presets is the encrypted signature algorithm,
Said basis presets AES the algorithm factor encryption rise time stamp ciphertext that comprises said very first time stamp is comprised:
According to said encrypted signature algorithm the algorithm factor that comprises said very first time stamp is encrypted the generation first digital signature makeup time and stab ciphertext.
Preferably, the said AES that presets is a symmetric encipherment algorithm,
Said basis presets AES the algorithm factor encryption rise time stamp ciphertext that comprises said very first time stamp is comprised:
Use the key corresponding that the algorithm factor that comprises said very first time stamp is encrypted between generation and stab ciphertext with said symmetric encipherment algorithm.
Preferably, the said AES that presets is a rivest, shamir, adelman,
Said basis presets AES the algorithm factor encryption rise time stamp ciphertext that comprises said very first time stamp is comprised:
Use the PKI corresponding that the algorithm factor that comprises said very first time stamp is encrypted between generation and stab ciphertext with said rivest, shamir, adelman.
Preferably, also comprise the voucher sign in the said network requests information; And
The said algorithm factor that comprises very first time stamp also comprises said voucher sign; Said algorithm factor was stabbed by the said very first time and said voucher sign is formed by preset rules.
Preferably, saidly, server also comprises before sending network requests information:
Send request for credentials information to server;
The voucher sign that reception server sends.
For addressing the above problem, disclosed herein as well is a kind of server based on HTTP, comprising:
Receiver module, sending module, timestamp generation module and ciphertext verification module;
Wherein said receiver module comprises:
First receiving element is used for time of reception and stabs solicited message;
Second receiving element is used to receive network requests information; Comprise very first time stamp and time corresponding in the said network requests information and stab ciphertext; Said timestamp ciphertext is according to presetting AES the algorithm factor that comprises said very first time stamp to be encrypted generation;
Wherein said timestamp generation module is used for and should said timestamp solicited message generates very first time stamp;
Wherein said sending module comprises:
First transmitting element is used for transmitting time and stabs the very first time stamp that generation module generated;
Wherein said ciphertext verification module is used for verifying by the said AES that presets whether said timestamp ciphertext is effective, if invalid, then said network requests information is invalidation request.
Preferably,
Said server also comprises:
Timestamp verification module, the very first time that is used for verifying the network requests information that second receiving element receives stab with the interval of current time whether before the deadline, if exceed, then said network requests information is invalid.
Preferably, the said AES that presets is the encrypted signature algorithm,
Said ciphertext verification module also comprises:
The signature generation unit is used for by said encrypted signature algorithm the algorithm factor that comprises said very first time stamp being encrypted generation second signature;
First verification unit is used to verify whether the first corresponding digital signature of timestamp ciphertext that second digital signature that said signature generation unit generated and second receiving element received is consistent, if inconsistent, then said timestamp ciphertext is invalid.
Preferably, the said AES that presets is a symmetric encipherment algorithm,
Said ciphertext verification module also comprises:
Second verification unit; The timestamp ciphertext that is used to use the corresponding key of said symmetric encipherment algorithm that second receiving element is received is deciphered the timestamp information that obtains wherein as second timestamp; Judge whether consistent said second timestamp and the very first time in the network requests information that second receiving element is received stab; If inconsistent, then said timestamp ciphertext is invalid.
Preferably, the said AES that presets is a rivest, shamir, adelman,
Said ciphertext verification module also comprises:
The 3rd verification unit; The timestamp ciphertext that is used to use the private key corresponding with said rivest, shamir, adelman that second receiving element is received is deciphered the timestamp information that obtains wherein as second timestamp; Judge whether the very first time stamp in said second timestamp and the network requests information is consistent; If inconsistent, then said timestamp ciphertext is invalid.
Preferably, said receiver module also comprises:
The 3rd receiving element is used for the request for credentials of receiving terminal;
Said server also comprises:
Voucher sign generation unit, the request for credentials that is used for being received according to the 3rd receiving element generates the voucher sign;
Said sending module also comprises:
Second transmitting element is used to send the voucher sign voucher that generation unit generated sign.
Preferably, also comprise the voucher sign in the network requests information that said second receiving element is received;
The said algorithm factor that comprises very first time stamp also comprises said voucher sign; Said algorithm factor was stabbed by the said very first time and said voucher sign is formed by preset rules.
Preferably, said voucher sign dynamically effectively;
Said server also comprises:
Voucher verification module is used for verifying whether the network requests information that second receiving element is received comprises the voucher sign, if comprise and this voucher sign invalid, then said network requests information is invalid.
For addressing the above problem, disclosed herein as well is a kind of terminal based on HTTP, comprising:
Sending module, receiver module and ciphertext module;
Wherein said sending module comprises:
First transmitting element is used to send very first time stamp and obtains request;
Second transmitting element is used to send network requests information; The very first time that comprises said receiver module reception in the said network requests information stabs and the corresponding timestamp ciphertext by said ciphertext module generation;
Wherein said receiver module comprises:
First receiving element is used to receive very first time stamp;
Wherein said ciphertext module is used for according to presetting the algorithm factor encryption rise time stamp ciphertext that AES stabbed the very first time that includes said reception.
Preferably, the said AES that presets is the encrypted signature algorithm;
Said ciphertext module also comprises:
First ciphering unit is used for that the algorithm factor that comprises said very first time stamp is encrypted the generation first digital signature makeup time and stabs ciphertext.
Preferably, the said AES that presets is a symmetric encipherment algorithm;
Said ciphertext module also comprises:
Second ciphering unit is used to use the key corresponding with said symmetric encipherment algorithm that the algorithm factor that comprises said very first time stamp is encrypted between generation and stabs ciphertext.
Preferably, the said AES that presets is a rivest, shamir, adelman;
Said ciphertext module also comprises:
The 3rd ciphering unit is used to use the PKI corresponding with said rivest, shamir, adelman that the algorithm factor that comprises said very first time stamp is encrypted between generation and stabs ciphertext.
Preferably, also comprise:
Voucher sign generation module is used to generate the voucher sign;
The said algorithm factor that comprises very first time stamp also comprises the voucher sign that said voucher identification module generates;
Said algorithm factor was stabbed by the said very first time and said voucher sign is formed by preset rules.
Preferably,
Said transmitting element also comprises:
The 3rd transmitting element is used to send request for credentials information;
Said receiver module also comprises:
Second receiving element is used to receive the voucher sign;
Also comprise the voucher sign that the 3rd receiving element is received in the network requests information that said second transmitting element is sent;
The said algorithm factor that comprises very first time stamp also comprises said voucher sign; Said algorithm factor was stabbed by the said very first time and said voucher sign is formed by preset rules.
Compared with prior art, the application has the following advantages:
Consider that existing network service based on http protocol exists nothing connection, stateless characteristic; Solicited message is tackled the back server of resetting can't discern this problem; We propose joining day stamp in the solicited message that terminal to server sends; Server through the timestamp in the checking network requests information and the time interval of current time whether in its term of validity, exceed the term of validity as if the said time interval, think that then the current network request tackled playback; Be an invalidation request, therefore can effectively avoid generation to the http communication Replay Attack.
Further, in the scheme that the application provides, stab from the server acquisition time at the terminal, and the character string that comprises this timestamp is generated digital signature by the signature algorithm rule of arranging, and this digital signature is put the people in the network requests information that server sends.Server generates digital signature according to identical signature algorithm rule; And in the digital signature that generates of authentication server and the network requests information the digital signature of being with whether consistent; If it is inconsistent; Think that then the character string that comprises timestamp in the current network solicited message is distorted, think that this network requests is an invalidation request.So, timestamp pretends the possibility of effective information spoofs services device in the network requests information through distorting to have avoided attempt, thereby has further avoided the generation of Replay Attack.
Description of drawings
Fig. 1 is the flow chart of the said a kind of network communication method based on http protocol of the application embodiment one;
Fig. 2 is the flow chart of the said a kind of network communication method based on http protocol of application embodiment two;
Fig. 3 is the flow chart of the said a kind of network communication method based on http protocol of the application embodiment three;
Fig. 4 is the said a kind of structural representation based on the HTTP http server of the application embodiment;
Fig. 5 is the said a kind of structural representation based on HTTP HTTP terminal of the application embodiment;
Fig. 6 is the said a kind of structural representation based on HTTP HTTP network communicating system of the application embodiment.
Embodiment
For above-mentioned purpose, the feature and advantage that make the application can be more obviously understandable, the application is done further detailed explanation below in conjunction with accompanying drawing and embodiment.
With reference to Fig. 1, the schematic flow sheet of a kind of communication means embodiment one based on http protocol that shows that the application provides, the communication means based on http protocol of present embodiment may further comprise the steps:
Server can obtain generation very first time current time according to the international standard rule and stab.
The algorithm factor that comprises very first time stamp is encrypted the rise time stab ciphertext; Server is effective according to this ciphertext of AES checking with the terminal agreement; If it is invalid; Can think that then the timestamp ciphertext possibly tackled or distort in transmission course, thereby can assert further that said very first time stamp is invalid with corresponding network requests.
For ease of describing, the timestamp that this paper answers terminal request to generate server, and the timestamp that in network requests information, directly comprises is called the very first time and stabs, the timestamp that will stab the rise time in the algorithm factor of ciphertext is called second timestamp.
Because timestamp generates by server is unified, can guarantee that this timestamp has strict accuracy.Server can be provided with the term of validity that this terminal time corresponding is stabbed according to the residing network application environment of different terminals.The timestamp term of validity is a time span normally; As 0.5 second, to be the terminal stabbed from the server acquisition time meaning, and the network requests that will contain this timestamp be sent to this process institute time-consuming of server should be in 0.5 second; If exceed; Think that then this network requests in transmission course delay has taken place, possibly or Replay Attack take place, be invalid network requests by interception.
One of ordinary skill in the art will readily recognize that can this Terminal Type time corresponding be set according to residing region, terminal, application complexity stabs the term of validity.
If empirical tests network requests information is effective, then the response message that returns to the terminal of server just should comprise the effective information that this network requests is corresponding, like web page resources etc., otherwise, just contain the announcement information that network requests is failed in the said response message.
With reference to Fig. 2, the schematic flow sheet of a kind of communication means embodiment two based on http protocol that shows that the application provides, the communication means based on http protocol of present embodiment may further comprise the steps:
The terminal can be selected the composition mode of voucher sign according to practical application; As can obtain IP address and port numbers, network interface card sign and the current time composition voucher sign etc. at terminal, have uniqueness as long as guarantee the network requests of different terminals or the employed voucher sign of many wheels network requests at same terminal.
Because existing network service based on http protocol is not have connection, stateless communication, not contact between a plurality of requests that terminal to server sends.Therefore; We add unified voucher sign in a plurality of network requests that terminal to server sends; Can network requests related on a plurality of contents in front and back be set up contact through this voucher sign, make things convenient for the network requests of terminal and a plurality of relevances of server admin.
Server receives that whenever the timestamp at terminal obtains request, just stores new second timestamp and the term of validity of current voucher sign, also can empty this voucher sign second timestamp term of validity record before simultaneously.
Server stabbed the effective period of from stored configuration information, obtaining this very first time stamp correspondence through the sign of the voucher in the current network request, the very first time; Whether the time interval of judging timestamp and server current time in the current network request then is in its corresponding term of validity; If exceed the term of validity; Think that then the timestamp of current network request lost efficacy, this network requests is an illegal request.
Preferably, said voucher sign dynamically effectively.Server can judge whether this voucher sign is effective according to certain condition; For example the corresponding terminal of this voucher sign whether off-line, broken string or long-time no response, exceed effective period etc.; If satisfy invalid condition; Server can be changed to disarmed state with this voucher sign; And interrupt the subsequent treatment of current network request and return the response message of request failure to the terminal, even so this voucher sign stolen by other people or utilize also can't legitimate correspondence, the fail safe that has effectively improved communication process.
In embodiment one; Server can only use the fixing term of validity to judge whether its network requests timestamp is effective to a certain Terminal Type; And in the foregoing description two; Server passes through the effective period of configuration information storage terminal voucher sign time corresponding stamp and this timestamp, because the different user that voucher identifies different terminals or use terminal has uniqueness, therefore; Configuration and judgement to the timestamp term of validity can improve the fineness of server authentication timestamp validity specific to each terminal and the different user that uses this terminal.
With reference to Fig. 3, the schematic flow sheet of a kind of communication means embodiment three based on http protocol that shows that the application provides, the communication means based on http protocol of present embodiment may further comprise the steps:
Though the voucher sign can be produced by the terminal voluntarily, when terminal quantity, when concurrent request is too much, the voucher sign that is generated can't guarantee definitely unique.Then effectively avoided the problems referred to above according to the request for credentials at each terminal by the unified voucher sign that generates of preset rules by server, for example can generate the current unique sequence number in this terminal and identify as voucher by the IP address that comprises in the terminal request information, port numbers and time.
Step 304, server generate very first time stamp.
The timestamp ciphertext is to encrypt generation by presetting AES to comprising the algorithm factor that the very first time stabs, voucher identifies.
Preferably, whether the voucher sign in the server authentication current network solicited message is effective, if invalid, execution in step 308.
If current terminal is off-line, broken string or be in inactive state for a long time, the corresponding voucher sign in this terminal can only be invalid by server.
The said AES that presets is the good AES rule of terminal and server commitment.
Optional, said AES is the encrypted signature algorithm.The terminal is encrypted the algorithm factor that comprises said very first time stamp according to said encrypted signature algorithm and is generated first digital signature makeup time stamp ciphertext; Server is encrypted the algorithm factor that comprises said very first time stamp by said encrypted signature algorithm and is generated second digital signature; Verify whether the first corresponding digital signature of said second digital signature and said timestamp ciphertext is consistent, if inconsistent, then said timestamp ciphertext is invalid.
Said encrypted signature algorithmic rule can may further comprise the steps: at first organize algorithm factor by presetting rule; Then this algorithm factor is calculated digital signature by signature algorithm.For example, the organization regulation of algorithm factor can be ' a timestamp+voucher sign+other ' in this example, even can be with whole request message as algorithm factor; Employed signature algorithm can be Message Digest 5 (MD5, Message Digest Algorithm5) or other signature algorithms.
The MD5 algorithm is the widely used a kind of hash function of computer safety field, in order to the integrity protection that gives information.This algorithm can generate unique MD5 informative abstract, i.e. digital signature to an any file or a segment information.If anyone has done any change to file or information, its MD5 value all can change.
Optional, the said AES that presets is a symmetric encipherment algorithm; The terminal is used corresponding key that the algorithm factor that comprises said very first time stamp is encrypted between generation according to said symmetric encipherment algorithm and is stabbed ciphertext; Server uses the corresponding key of said symmetric encipherment algorithm that said timestamp ciphertext is deciphered the timestamp information that obtains wherein as second timestamp; Judge whether the very first time stamp in said second timestamp and the network requests information is consistent; If inconsistent, then said timestamp ciphertext is invalid.
With signature algorithm is the informative abstract of algorithm factor to be encrypted to obtain signature different, and using symmetric encipherment algorithm is whole algorithm factor character string to be encrypted obtain the timestamp ciphertext; Server uses identical key or corresponding decrypted program that the timestamp ciphertext is deciphered and obtains the algorithm factor original text.Algorithm such as Advanced Encryption Standard (Advanced Encryption Standard, AES) AES commonly used.
Optional, the said AES that presets is a rivest, shamir, adelman; The terminal is used corresponding PKI that the algorithm factor that comprises said very first time stamp is encrypted between generation according to said rivest, shamir, adelman and is stabbed ciphertext; Server uses the private key corresponding with said rivest, shamir, adelman that said timestamp ciphertext is deciphered the timestamp information that obtains wherein as second timestamp; Judge whether the very first time stamp in said second timestamp and the network requests information is consistent; If inconsistent, then said timestamp ciphertext is invalid.Rivest, shamir, adelman such as RSA cryptographic algorithms commonly used.
If empirical tests timestamp ciphertext is invalid, explain then in the network requests information and distorted that the current network request is no longer trusted and is illegal request with algorithm factor corresponding characters string.
Preferably, the application comprises the algorithm factor of the character string of timestamp and voucher sign as AES by the preset rules use.Because being the voucher sign of terminal distribution, server has uniqueness, therefore just unique unduplicated by its algorithm factor of forming.Because mostly timestamp is plain code in the HTTP request message, and the voucher sign is that server generates by presetting rule, only if therefore voucher sign generation rule is revealed, this voucher sign possibility of being distorted is very low so; Moreover the composition rule of algorithm factor is by terminal and server commitment; Externally not open; Even know and used timestamp and voucher sign in the algorithm factor, also be difficult to know the frequency and the permutation and combination method of its appearance, therefore if the timestamp ciphertext in the terminal network solicited message is invalid; Can think that then the timestamp in this character string is distorted, this request is illegal request.
Those skilled in the art should understand that; When implementing the application; Can determine timestamp to become the preset rules of algorithm factor with the voucher identified group as the case may be; And timestamp and voucher be identified at order and the number of times that occurs in the algorithm factor, for example can be timestamp+voucher sign, also can be voucher sign+timestamp+timestamp+voucher sign etc.
In the foregoing description, comprise the voucher sign by the server unified distribution in the network requests information that terminal to server sends, server can verify earlier to the network requests information that contains this voucher sign whether this voucher sign is effective; If voucher is designated disarmed state; Then server can interrupt subsequent operation, directly returns the terminal invalidation request, has practiced thrift the server section operational order; Therefore to a certain degree practice thrift server resource, reduced server load.Secondly, add digital signature, can prevent effectively that network requests information from being distorted, and avoided the generation of Replay Attack in network requests information.Especially; The application uses by the voucher sign of server unified distribution and timestamp as the signature algorithm factor; Guarantee the uniqueness of the signature algorithm factor, avoided different terminals to produce the possibility of same signature and the possibility that timestamp is distorted, effectively prevented the network Replay Attack.
More than combine several embodiment that a kind of communication means based on http protocol that the application provides is described.Below in conjunction with concrete applied environment said method is done and to be further described:
Among the embodiment below, suppose the user, use user name, the website of password login of oneself, if server verifies successfully that to logging request server returns dynamic password Key and uses to the terminal through a terminal.The server of this website comprises logon server, encryption server.
Step S01, the voucher sign is obtained in user's login.
In the terminal, the user imports username and password and sends logging request to logon server.If login successfully, logon server returns the voucher sign to this terminal.This voucher sign is that logon server is according to this user's user name and unique authentication information string of other relevant information generation.
Step S02, stab from the encryption server acquisition time at the terminal.
The terminal is called the PostDownloadTimeStamp method and is sent the request of an acquisition timestamp to encryption server; Obtain up-to-date timestamp from encryption server, timestamp is an encryption server from the current accurate time that the full time synchronization server obtains.
Step S03, the terminal generates first signature and forms the timestamp ciphertext, and tissue checking request data package.
If timestamp obtains success, the terminal is called the RequestHeader_Stamp method and is generated signature and form the checking request data package.
Terminal stamp service time, voucher sign compute signature makeup time stab ciphertext, and its specific algorithm is: at first timestamp+timestamp+voucher sign+timestamp is formed the algorithm factor character string; Then this algorithm factor character string is carried out MD5 and generate a signature character string makeup time stamp ciphertext.
Step S04, the terminal uses the HTTPS mode to send the checking request to encryption server
The terminal uses the PostDownloadTimeStamp method will verify that request sends on the encryption server.
Step S05, encryption server use the rule identical with the terminal that timestamp, voucher sign are generated the checking request that second signature comes verification terminal to send, and consistent as if first signature that second signature and timestamp ciphertext are corresponding, then the timestamp ciphertext is legal effectively.
Step S06, the very first time in the checking network requests information stab with time interval of current time whether in the corresponding term of validity, as if exceeding, then said network requests is invalid.
Step S07, encryption server is to terminal echo reply information.
If checking is passed through, encryption server returns correct dynamic password key and gives the terminal, otherwise, return the announcement information that request is failed to the terminal.
The dynamic password Key that the terminal is obtained can be used for this user's subsequent operation, like dynamic password input etc.
Need to prove; For aforesaid each method embodiment, for simple description, so it all is expressed as a series of combination of actions; But those skilled in the art should know; The application does not receive the restriction of described sequence of movement, because according to the application, some step can adopt other orders or carry out simultaneously.Secondly, those skilled in the art also should know, the embodiment described in the specification all belongs to preferred embodiment, and related action might not be that the application is necessary.
With reference to Fig. 4, be the said a kind of structural representation of the application embodiment based on the HTTP http server.
Said http server specifically comprises:
Receiver module 410, sending module 420, timestamp generation module 460 and ciphertext verification module 430;
Wherein said receiver module 410 comprises:
First receiving element 411 is used for time of reception and stabs solicited message;
Second receiving element 412 is used to receive network requests information; Comprise very first time stamp and time corresponding in the said network requests information and stab ciphertext; Said timestamp ciphertext is according to presetting AES the algorithm factor that comprises said very first time stamp to be encrypted generation;
Wherein said timestamp generation module 460 is used for and should said timestamp solicited message generates very first time stamp;
Wherein said sending module 420 comprises:
First transmitting element 421 is used for transmitting time and stabs the very first time stamp that generation module generated;
Wherein said ciphertext verification module 430 is used for verifying by the said AES that presets whether said timestamp ciphertext is effective, if invalid, then said network requests information is invalidation request.
Preferably,
Said server also comprises:
Timestamp verification module 470, the very first time that is used for verifying the network requests information that second receiving element 412 receives stab with the interval of current time whether before the deadline, if exceed, then said network requests information is invalid.
Optional, the said AES that presets is the encrypted signature algorithm,
Said ciphertext verification module 430 also comprises:
Signature generation unit 431 is used for by said encrypted signature algorithm the algorithm factor that comprises said very first time stamp being encrypted generation second signature;
First verification unit 432 is used to verify whether the first corresponding digital signature of timestamp ciphertext that second digital signature that said signature generation unit 431 generated and second receiving element 412 received is consistent, if inconsistent, then said timestamp ciphertext is invalid.
Optional, the said AES that presets is a symmetric encipherment algorithm,
Said ciphertext verification module 430 also comprises:
Second verification unit 433; The timestamp ciphertext that is used to use the corresponding key of said symmetric encipherment algorithm that second receiving element 412 is received is deciphered the timestamp information that obtains wherein as second timestamp; Judge whether consistent said second timestamp and the very first time in the network requests information that second receiving element is received stab; If inconsistent, then said timestamp ciphertext is invalid.
Optional, the said AES that presets is a rivest, shamir, adelman,
Said ciphertext verification module 430 also comprises:
The 3rd verification unit 434; Be used to use the private key corresponding to receive single 412 yuan of timestamp ciphertexts that received and decipher the timestamp information that obtains wherein as second timestamp to second with said rivest, shamir, adelman; Judge whether the very first time stamp in said second timestamp and the network requests information is consistent; If inconsistent, then said timestamp ciphertext is invalid.
Further, said receiver module 410 also comprises:
The 3rd receiving element 413 is used for the request for credentials of receiving terminal;
Said server also comprises:
Voucher sign generation unit 440, the request for credentials that is used for being received according to the 3rd receiving element 413 generates the voucher sign;
Said sending module 420 also comprises:
Second transmitting element 422 is used to send the voucher sign that voucher sign generation unit 440 is generated.
Preferably, also comprise the voucher sign in the network requests information that said second receiving element 412 is received;
The said algorithm factor that comprises very first time stamp also comprises said voucher sign; Said algorithm factor was stabbed by the said very first time and said voucher sign is formed by preset rules.
Preferably, said voucher sign dynamically effectively;
Said server also comprises:
Voucher verification module 450 is used for verifying whether the network requests information that second receiving element 412 is received comprises the voucher sign, if comprise and this voucher sign invalid, then said network requests information is invalid.
With reference to Fig. 5, be the said a kind of structural representation of the application embodiment based on HTTP HTTP terminal.
Said HTTP terminal comprises:
Sending module 510, receiver module 520 and ciphertext module 530;
Wherein said sending module 510 comprises:
First transmitting element 511 is used to send very first time stamp and obtains request;
Second transmitting element 512 is used to send network requests information; The very first time that comprises said receiver module reception in the said network requests information stabs and the corresponding timestamp ciphertext by said ciphertext module generation;
Wherein said receiver module 520 comprises:
First receiving element 521 is used to receive very first time stamp;
Wherein said ciphertext module is used for according to presetting the algorithm factor encryption rise time stamp ciphertext that AES stabbed the very first time that includes said reception.
Optional, the said AES that presets is the encrypted signature algorithm;
Said ciphertext module 530 also comprises:
First ciphering unit 531 is used for that the algorithm factor that comprises said very first time stamp is encrypted the generation first digital signature makeup time and stabs ciphertext.
Optional, the said AES that presets is a symmetric encipherment algorithm;
Said ciphertext module 530 also comprises:
Second ciphering unit 532 is used to use the key corresponding with said symmetric encipherment algorithm that the algorithm factor that comprises said very first time stamp is encrypted between generation and stabs ciphertext.
Optional, the said AES that presets is a rivest, shamir, adelman;
Said ciphertext module 530 also comprises:
The 3rd ciphering unit 533 is used to use the PKI corresponding with said rivest, shamir, adelman that the algorithm factor that comprises said very first time stamp is encrypted between generation and stabs ciphertext.
Optional, said terminal also comprises:
Voucher sign generation module 540 is used to generate the voucher sign;
The said algorithm factor that comprises very first time stamp also comprises the voucher sign that said voucher identification module generates;
Said algorithm factor was stabbed by the said very first time and said voucher sign is formed by preset rules.
Preferably,
Said transmitting element 510 also comprises:
The 3rd transmitting element 513 is used to send request for credentials information;
Said receiver module 520 also comprises:
Second receiving element 522 is used to receive the voucher sign;
Also comprise the voucher sign that second receiving element 522 is received in the network requests information that said second transmitting element 512 is sent;
The said algorithm factor that comprises very first time stamp also comprises said voucher sign; Said algorithm factor was stabbed by the said very first time and said voucher sign is formed by preset rules.
With reference to Fig. 6, be the structural representation of the said a kind of system based on HTTP HTTP of the application embodiment.
Concrete, said system comprises HTTP terminal 6100, http server 6200;
Said HTTP terminal 6100 comprises:
Terminal sending module 6110, terminal receiver module 6120 and ciphertext module 6130;
Wherein said terminal sending module 6110 comprises:
First transmitting element 6111 is used to send very first time stamp and obtains request;
Second transmitting element 6112 is used to send network requests information; The very first time that comprises said receiver module reception in the said network requests information stabs and the corresponding timestamp ciphertext by said ciphertext module generation;
Wherein said terminal receiver module 6120 comprises:
First receiving element 6121 is used to receive very first time stamp;
Wherein said ciphertext module 6130 is used for according to presetting the algorithm factor encryption rise time stamp ciphertext that AES stabbed the very first time that includes said reception.
Said http server 6200 comprises:
Server receiver module 6210, server sending module 6220, timestamp generation module 6230 and ciphertext verification module 6240;
Wherein said server receiver module 6210 comprises:
First receiving element 6211 is used for time of reception and stabs solicited message;
Second receiving element 6212 is used to receive network requests information; Comprise very first time stamp and time corresponding in the said network requests information and stab ciphertext; Said timestamp ciphertext is according to presetting AES the algorithm factor that comprises said very first time stamp to be encrypted generation;
Wherein said timestamp generation module 6230 is used for and should said timestamp solicited message generates very first time stamp;
Wherein said server sending module 6220 comprises:
First transmitting element 6221 is used for transmitting time and stabs the very first time stamp that generation module generated;
Wherein said ciphertext verification module 6240 is used for verifying by the said AES that presets whether said timestamp ciphertext is effective that if invalid, then said network requests information is invalidation request.
The detailed structure of said system sees also above HTTP terminal, http server, and the explanation of method embodiment relevant portion.
Each embodiment in this specification all adopts the mode of going forward one by one to describe, and what each embodiment stressed all is and the difference of other embodiment that identical similar part is mutually referring to getting final product between each embodiment.For system and/or device embodiment, because it is similar basically with method embodiment, so description is fairly simple, relevant part gets final product referring to the part explanation of method embodiment.
At last; Also need to prove; In this article; Relational terms such as first and second grades only is used for an entity or operation are made a distinction with another entity or operation, and not necessarily requires or hint relation or the order that has any this reality between these entities or the operation.
And, in the preceding text " and/or " expression this paper both comprised " with " relation, also comprised " or " relation, wherein: if option A and option b be " with " relation, then represent can to comprise option A and option b simultaneously among certain embodiment; If option A and option b be " or " relation, then represent can comprise option A separately among certain embodiment, perhaps comprise option b separately.
More than to a kind of network communication method, server, terminal that the application provided based on HTTP HTTP; Carried out detailed introduction; Used concrete example among this paper the application's principle and execution mode are set forth, the explanation of above embodiment just is used to help to understand the application's method and core concept thereof; Simultaneously, for one of ordinary skill in the art, according to the application's thought, the part that on embodiment and range of application, all can change, in sum, this description should not be construed as the restriction to the application.
Claims (29)
1. the network communication method based on HTTP is characterized in that, comprising:
Answering terminal request to send the very first time to the terminal stabs;
The network requests information that receiving terminal sends; Comprise said very first time stamp and time corresponding in the said network requests information and stab ciphertext; Said timestamp ciphertext is encrypted generation according to presetting AES to the algorithm factor that comprises said very first time stamp by the terminal;
Verify by the said AES that presets whether said timestamp ciphertext is effective, if invalid, then said network requests information is invalidation request.
2. the method for claim 1 is characterized in that, further comprises:
Verify very first time in the said network requests information stab with the interval of current time whether before the deadline, if exceed, then said network requests information is invalid.
3. the method for claim 1 is characterized in that, the said AES that presets is the encrypted signature algorithm,
Said terminal comprises the algorithm factor encryption rise time stamp ciphertext that comprises said very first time stamp according to presetting AES:
The terminal is encrypted the algorithm factor that comprises said very first time stamp according to said encrypted signature algorithm and is generated first digital signature makeup time stamp ciphertext;
Whether the said timestamp ciphertext of said checking effectively comprises:
By said encrypted signature algorithm the algorithm factor that comprises said very first time stamp is encrypted generation second digital signature;
Verify whether the first corresponding digital signature of said second digital signature and said timestamp ciphertext is consistent, if inconsistent, then said timestamp ciphertext is invalid.
4. the method for claim 1 is characterized in that, the said AES that presets is a symmetric encipherment algorithm,
Said terminal comprises the algorithm factor encryption rise time stamp ciphertext that comprises said very first time stamp according to presetting AES:
The terminal is used corresponding key that the algorithm factor that comprises said very first time stamp is encrypted between generation according to said symmetric encipherment algorithm and is stabbed ciphertext;
Whether the said timestamp ciphertext of said checking effectively comprises:
Use the corresponding key of said symmetric encipherment algorithm that said timestamp ciphertext is deciphered the timestamp information that obtains wherein as second timestamp; Judge whether the very first time stamp in said second timestamp and the network requests information is consistent; If inconsistent, then said timestamp ciphertext is invalid.
5. the method for claim 1 is characterized in that, the said AES that presets is a rivest, shamir, adelman,
Said terminal comprises the algorithm factor encryption rise time stamp ciphertext that comprises said very first time stamp according to presetting AES:
The terminal is used corresponding PKI that the algorithm factor that comprises said very first time stamp is encrypted between generation according to said rivest, shamir, adelman and is stabbed ciphertext;
Whether the said timestamp ciphertext of said checking effectively comprises:
Server uses the private key corresponding with said rivest, shamir, adelman that said timestamp ciphertext is deciphered the timestamp information that obtains wherein as second timestamp; Judge whether the very first time stamp in said second timestamp and the network requests information is consistent; If inconsistent, then said timestamp ciphertext is invalid.
6. the method for claim 1 is characterized in that, also comprises the voucher sign that is generated by the terminal in the network requests information that send at said terminal; And
The said algorithm factor that comprises very first time stamp also comprises said voucher sign; Said algorithm factor was stabbed by the said very first time and said voucher sign is formed by preset rules.
7. the method for claim 1 is characterized in that, also comprises before the network requests information that said receiving terminal sends:
Receive the request for credentials information at terminal;
Generate the voucher sign corresponding with said request for credentials information;
Send said voucher sign to said terminal.
8. method as claimed in claim 7 is characterized in that,
Also comprise said voucher sign in the networking solicited message of said reception;
The said algorithm factor that comprises very first time stamp also comprises said voucher sign; Said algorithm factor was stabbed by the said very first time and said voucher sign is formed by preset rules.
9. like the described method of arbitrary claim among the claim 6-8, it is characterized in that said voucher sign is dynamically effective, said method also comprises:
If comprise the voucher sign in the network requests information that send at said terminal, then whether this voucher sign of server authentication is effective, if invalid, then said network requests is an invalidation request.
10. the network communication method based on HTTP is characterized in that, comprising:
Obtaining the very first time from server stabs;
Send network requests information to server; Comprise said very first time stamp and time corresponding in the said network requests information and stab ciphertext; Said timestamp ciphertext is according to presetting AES the algorithm factor that comprises said very first time stamp to be encrypted generation.
11. method as claimed in claim 10 is characterized in that, the said AES that presets is the encrypted signature algorithm,
Said basis presets AES the algorithm factor encryption rise time stamp ciphertext that comprises said very first time stamp is comprised:
According to said encrypted signature algorithm the algorithm factor that comprises said very first time stamp is encrypted the generation first digital signature makeup time and stab ciphertext.
12. method as claimed in claim 10 is characterized in that, the said AES that presets is a symmetric encipherment algorithm,
Said basis presets AES the algorithm factor encryption rise time stamp ciphertext that comprises said very first time stamp is comprised:
Use the key corresponding that the algorithm factor that comprises said very first time stamp is encrypted between generation and stab ciphertext with said symmetric encipherment algorithm.
13. method as claimed in claim 10 is characterized in that, the said AES that presets is a rivest, shamir, adelman,
Said basis presets AES the algorithm factor encryption rise time stamp ciphertext that comprises said very first time stamp is comprised:
Use the PKI corresponding that the algorithm factor that comprises said very first time stamp is encrypted between generation and stab ciphertext with said rivest, shamir, adelman.
14. method as claimed in claim 10 is characterized in that, also comprises the voucher sign in the said network requests information; And
The said algorithm factor that comprises very first time stamp also comprises said voucher sign; Said algorithm factor was stabbed by the said very first time and said voucher sign is formed by preset rules.
15. method as claimed in claim 10 is characterized in that, saidly before server sends network requests information, also comprises:
Send request for credentials information to server;
The voucher sign that reception server sends.
16. the server based on HTTP is characterized in that, comprising: receiver module, sending module, timestamp generation module and ciphertext verification module;
Wherein said receiver module comprises:
First receiving element is used for time of reception and stabs solicited message;
Second receiving element is used to receive network requests information; Comprise very first time stamp and time corresponding in the said network requests information and stab ciphertext; Said timestamp ciphertext is according to presetting AES the algorithm factor that comprises said very first time stamp to be encrypted generation;
Wherein said timestamp generation module is used for and should said timestamp solicited message generates very first time stamp;
Wherein said sending module comprises:
First transmitting element is used for transmitting time and stabs the very first time stamp that generation module generated;
Wherein said ciphertext verification module is used for verifying by the said AES that presets whether said timestamp ciphertext is effective, if invalid, then said network requests information is invalidation request.
17. server as claimed in claim 16 is characterized in that,
Said server also comprises:
Timestamp verification module, the very first time that is used for verifying the network requests information that second receiving element receives stab with the interval of current time whether before the deadline, if exceed, then said network requests information is invalid.
18. server as claimed in claim 16 is characterized in that, the said AES that presets is the encrypted signature algorithm,
Said ciphertext verification module also comprises:
The signature generation unit is used for by said encrypted signature algorithm the algorithm factor that comprises said very first time stamp being encrypted generation second signature;
First verification unit is used to verify whether the first corresponding digital signature of timestamp ciphertext that second digital signature that said signature generation unit generated and second receiving element received is consistent, if inconsistent, then said timestamp ciphertext is invalid.
19. server as claimed in claim 16 is characterized in that, the said AES that presets is a symmetric encipherment algorithm,
Said ciphertext verification module also comprises:
Second verification unit; The timestamp ciphertext that is used to use the corresponding key of said symmetric encipherment algorithm that second receiving element is received is deciphered the timestamp information that obtains wherein as second timestamp; Judge whether consistent said second timestamp and the very first time in the network requests information that second receiving element is received stab; If inconsistent, then said timestamp ciphertext is invalid.
20. server as claimed in claim 16 is characterized in that, the said AES that presets is a rivest, shamir, adelman,
Said ciphertext verification module also comprises:
The 3rd verification unit; The timestamp ciphertext that is used to use the private key corresponding with said rivest, shamir, adelman that second receiving element is received is deciphered the timestamp information that obtains wherein as second timestamp; Judge whether the very first time stamp in said second timestamp and the network requests information is consistent; If inconsistent, then said timestamp ciphertext is invalid.
21. server as claimed in claim 16 is characterized in that, said receiver module also comprises:
The 3rd receiving element is used for the request for credentials of receiving terminal;
Said server also comprises:
Voucher sign generation unit, the request for credentials that is used for being received according to the 3rd receiving element generates the voucher sign;
Said sending module also comprises:
Second transmitting element is used to send the voucher sign voucher that generation unit generated sign.
22. server as claimed in claim 21 is characterized in that, also comprises the voucher sign in the network requests information that said second receiving element is received;
The said algorithm factor that comprises very first time stamp also comprises said voucher sign; Said algorithm factor was stabbed by the said very first time and said voucher sign is formed by preset rules.
23., it is characterized in that said voucher sign dynamically effectively like claim 21,22 described servers;
Said server also comprises:
Voucher verification module is used for verifying whether the network requests information that second receiving element is received comprises the voucher sign, if comprise and this voucher sign invalid, then said network requests information is invalid.
24. the terminal based on HTTP is characterized in that, comprising:
Sending module, receiver module and ciphertext module;
Wherein said sending module comprises:
First transmitting element is used to send very first time stamp and obtains request;
Second transmitting element is used to send network requests information; The very first time that comprises said receiver module reception in the said network requests information stabs and the corresponding timestamp ciphertext by said ciphertext module generation;
Wherein said receiver module comprises:
First receiving element is used to receive very first time stamp;
Wherein said ciphertext module is used for according to presetting the algorithm factor encryption rise time stamp ciphertext that AES stabbed the very first time that includes said reception.
25. terminal as claimed in claim 24 is characterized in that, the said AES that presets is the encrypted signature algorithm;
Said ciphertext module also comprises:
First ciphering unit is used for that the algorithm factor that comprises said very first time stamp is encrypted the generation first digital signature makeup time and stabs ciphertext.
26. terminal as claimed in claim 24 is characterized in that, the said AES that presets is a symmetric encipherment algorithm;
Said ciphertext module also comprises:
Second ciphering unit is used to use the key corresponding with said symmetric encipherment algorithm that the algorithm factor that comprises said very first time stamp is encrypted between generation and stabs ciphertext.
27. terminal as claimed in claim 24 is characterized in that, the said AES that presets is a rivest, shamir, adelman;
Said ciphertext module also comprises:
The 3rd ciphering unit is used to use the PKI corresponding with said rivest, shamir, adelman that the algorithm factor that comprises said very first time stamp is encrypted between generation and stabs ciphertext.
28. terminal as claimed in claim 24 is characterized in that, also comprises:
Voucher sign generation module is used to generate the voucher sign;
The said algorithm factor that comprises very first time stamp also comprises the voucher sign that said voucher identification module generates;
Said algorithm factor was stabbed by the said very first time and said voucher sign is formed by preset rules.
29. terminal as claimed in claim 24 is characterized in that,
Said transmitting element also comprises:
The 3rd transmitting element is used to send request for credentials information;
Said receiver module also comprises:
Second receiving element is used to receive the voucher sign;
Also comprise the voucher sign that the 3rd receiving element is received in the network requests information that said second transmitting element is sent;
The said algorithm factor that comprises very first time stamp also comprises said voucher sign; Said algorithm factor was stabbed by the said very first time and said voucher sign is formed by preset rules.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610169962.9A CN105681470B (en) | 2012-03-29 | 2012-03-29 | Communication means, server based on hypertext transfer protocol, terminal |
| CN201210089712.6A CN102647461B (en) | 2012-03-29 | 2012-03-29 | Communication means based on HTTP, server, terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210089712.6A CN102647461B (en) | 2012-03-29 | 2012-03-29 | Communication means based on HTTP, server, terminal |
Related Child Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610169962.9A Division CN105681470B (en) | 2012-03-29 | 2012-03-29 | Communication means, server based on hypertext transfer protocol, terminal |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102647461A true CN102647461A (en) | 2012-08-22 |
| CN102647461B CN102647461B (en) | 2016-05-04 |
Family
ID=46660034
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210089712.6A Active CN102647461B (en) | 2012-03-29 | 2012-03-29 | Communication means based on HTTP, server, terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102647461B (en) |
Cited By (34)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103051722A (en) * | 2012-12-26 | 2013-04-17 | 新浪网技术(中国)有限公司 | Method and related equipment for determining whether page is hijacked or not |
| CN103973703A (en) * | 2014-05-23 | 2014-08-06 | 杭州智屏科技有限公司 | Request method for safety of data exchange between application program and server |
| CN104852800A (en) * | 2015-05-25 | 2015-08-19 | 小米科技有限责任公司 | Data transmission method and device |
| CN105099676A (en) * | 2014-04-18 | 2015-11-25 | 阿里巴巴集团控股有限公司 | User login method, user terminal and server |
| CN105141636A (en) * | 2015-09-24 | 2015-12-09 | 网宿科技股份有限公司 | HTTP safety communication method and system applicable for CDN value added service platform |
| CN105516186A (en) * | 2015-12-31 | 2016-04-20 | 华为技术有限公司 | Method for preventing replay attack and server |
| CN105765941A (en) * | 2015-10-23 | 2016-07-13 | 深圳还是威健康科技有限公司 | Illegal access server prevention method and device |
| CN105791339A (en) * | 2014-12-18 | 2016-07-20 | 中兴通讯股份有限公司 | Method and device for processing resource operation request |
| CN106130720A (en) * | 2016-08-12 | 2016-11-16 | 福建中金在线信息科技有限公司 | A kind of method that internet information required parameter is encrypted safely and deciphered |
| CN106254327A (en) * | 2016-07-28 | 2016-12-21 | 努比亚技术有限公司 | Information processor and method |
| CN106330437A (en) * | 2016-10-20 | 2017-01-11 | 武汉斗鱼网络科技有限公司 | Password resetting method and device |
| CN106470103A (en) * | 2015-08-17 | 2017-03-01 | 苏宁云商集团股份有限公司 | A kind of client sends the method and system of encryption URL request |
| CN106936578A (en) * | 2015-12-30 | 2017-07-07 | 航天信息股份有限公司 | Timestamp system and the method for signing and issuing timestamp |
| CN107959691A (en) * | 2018-01-22 | 2018-04-24 | 武汉斗鱼网络科技有限公司 | A kind of method, server and computer equipment for being used to detect subscriber identity information |
| WO2018082391A1 (en) * | 2016-11-07 | 2018-05-11 | 天地融科技股份有限公司 | Circuit delay self-measurement method, device, and system |
| CN108055286A (en) * | 2018-01-22 | 2018-05-18 | 武汉斗鱼网络科技有限公司 | A kind of method, client and computer equipment for being used to generate subscriber identity information |
| CN108243176A (en) * | 2016-12-27 | 2018-07-03 | 腾讯科技(深圳)有限公司 | Data transmission method and device |
| CN108306739A (en) * | 2018-01-22 | 2018-07-20 | 武汉斗鱼网络科技有限公司 | A kind of method, server and computer equipment for detecting subscriber identity information |
| CN108322470A (en) * | 2018-02-07 | 2018-07-24 | 链家网(北京)科技有限公司 | A kind of network request processing method and processing device |
| CN108400979A (en) * | 2018-02-06 | 2018-08-14 | 武汉斗鱼网络科技有限公司 | Communication means and electronic equipment applied to client and server |
| CN108646584A (en) * | 2018-07-12 | 2018-10-12 | 合肥数理电子信息科技有限公司 | A kind of intelligent home control system |
| CN108712408A (en) * | 2018-05-08 | 2018-10-26 | 百度在线网络技术(北京)有限公司 | A kind of anti-cheat method and device of user behavior verification |
| CN108777601A (en) * | 2018-08-06 | 2018-11-09 | 深圳信息职业技术学院 | A kind of clock synchronizing method, device and the network equipment |
| CN109088731A (en) * | 2018-09-04 | 2018-12-25 | 杭州涂鸦信息技术有限公司 | A kind of Internet of Things cloud communication means and its device |
| CN109335906A (en) * | 2018-08-01 | 2019-02-15 | 苏州汇川技术有限公司 | Method of calibration, elevator control aggregate and elevator peripheral equipment |
| CN109347869A (en) * | 2018-11-28 | 2019-02-15 | 北京京东金融科技控股有限公司 | Generation method, device, medium and the electronic equipment of inter-cluster communication factor of safety |
| CN110445809A (en) * | 2019-09-03 | 2019-11-12 | 深圳绿米联创科技有限公司 | Network attack detecting method, device, system, electronic equipment and storage medium |
| CN111131200A (en) * | 2019-12-11 | 2020-05-08 | 新华三大数据技术有限公司 | Network security detection method and device |
| CN111162899A (en) * | 2020-01-13 | 2020-05-15 | 成都安联云防保安服务有限公司 | Encryption transmission method for potential safety risk data |
| CN112149100A (en) * | 2020-09-01 | 2020-12-29 | 长沙市到家悠享网络科技有限公司 | Verification method, verification device, electronic equipment and storage medium |
| CN112217835A (en) * | 2020-10-23 | 2021-01-12 | 中国工商银行股份有限公司 | Message data processing method and device, server and terminal equipment |
| CN112465502A (en) * | 2020-11-11 | 2021-03-09 | 中国农业银行股份有限公司上海市分行 | Method for deploying digital time stamp offline |
| CN112511565A (en) * | 2021-01-29 | 2021-03-16 | 腾讯科技(深圳)有限公司 | Request response method and device, computer readable storage medium and electronic equipment |
| CN113395282A (en) * | 2021-06-15 | 2021-09-14 | 济南浪潮智投智能科技有限公司 | Method and system for preventing third party from accessing server resources |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101453328A (en) * | 2007-12-06 | 2009-06-10 | 中国移动通信集团公司 | Identity management system and identity authentication system |
| CN101534196A (en) * | 2008-03-12 | 2009-09-16 | 因特伟特公司 | Method and apparatus for securely invoking a rest api |
| CN101594226A (en) * | 2009-06-17 | 2009-12-02 | 中兴通讯股份有限公司 | The data guard method and the system that are used for file transfer |
| CN102025748A (en) * | 2011-01-04 | 2011-04-20 | 深信服网络科技(深圳)有限公司 | Method, device and system for acquiring user name of Kerberos authentication mode |
| CN102073953A (en) * | 2009-11-24 | 2011-05-25 | 阿里巴巴集团控股有限公司 | On-line payment method and system |
-
2012
- 2012-03-29 CN CN201210089712.6A patent/CN102647461B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101453328A (en) * | 2007-12-06 | 2009-06-10 | 中国移动通信集团公司 | Identity management system and identity authentication system |
| CN101534196A (en) * | 2008-03-12 | 2009-09-16 | 因特伟特公司 | Method and apparatus for securely invoking a rest api |
| CN101594226A (en) * | 2009-06-17 | 2009-12-02 | 中兴通讯股份有限公司 | The data guard method and the system that are used for file transfer |
| CN102073953A (en) * | 2009-11-24 | 2011-05-25 | 阿里巴巴集团控股有限公司 | On-line payment method and system |
| CN102025748A (en) * | 2011-01-04 | 2011-04-20 | 深信服网络科技(深圳)有限公司 | Method, device and system for acquiring user name of Kerberos authentication mode |
Cited By (49)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103051722A (en) * | 2012-12-26 | 2013-04-17 | 新浪网技术(中国)有限公司 | Method and related equipment for determining whether page is hijacked or not |
| CN105099676A (en) * | 2014-04-18 | 2015-11-25 | 阿里巴巴集团控股有限公司 | User login method, user terminal and server |
| CN105099676B (en) * | 2014-04-18 | 2018-10-02 | 阿里巴巴集团控股有限公司 | A kind of user login method, user terminal and server |
| CN103973703A (en) * | 2014-05-23 | 2014-08-06 | 杭州智屏科技有限公司 | Request method for safety of data exchange between application program and server |
| CN105791339A (en) * | 2014-12-18 | 2016-07-20 | 中兴通讯股份有限公司 | Method and device for processing resource operation request |
| CN105791339B (en) * | 2014-12-18 | 2020-03-31 | 中兴通讯股份有限公司 | Method and device for processing resource operation request |
| CN104852800A (en) * | 2015-05-25 | 2015-08-19 | 小米科技有限责任公司 | Data transmission method and device |
| CN106470103A (en) * | 2015-08-17 | 2017-03-01 | 苏宁云商集团股份有限公司 | A kind of client sends the method and system of encryption URL request |
| CN105141636A (en) * | 2015-09-24 | 2015-12-09 | 网宿科技股份有限公司 | HTTP safety communication method and system applicable for CDN value added service platform |
| CN105141636B (en) * | 2015-09-24 | 2018-04-17 | 网宿科技股份有限公司 | Suitable for the HTTP safety communicating methods and system of CDN value-added service platforms |
| CN105765941A (en) * | 2015-10-23 | 2016-07-13 | 深圳还是威健康科技有限公司 | Illegal access server prevention method and device |
| CN106936578A (en) * | 2015-12-30 | 2017-07-07 | 航天信息股份有限公司 | Timestamp system and the method for signing and issuing timestamp |
| CN106936578B (en) * | 2015-12-30 | 2020-02-18 | 航天信息股份有限公司 | Time stamp system and method for issuing time stamp |
| CN105516186A (en) * | 2015-12-31 | 2016-04-20 | 华为技术有限公司 | Method for preventing replay attack and server |
| CN105516186B (en) * | 2015-12-31 | 2019-07-23 | 华为技术有限公司 | A kind of method preventing Replay Attack and server |
| CN106254327A (en) * | 2016-07-28 | 2016-12-21 | 努比亚技术有限公司 | Information processor and method |
| CN106130720A (en) * | 2016-08-12 | 2016-11-16 | 福建中金在线信息科技有限公司 | A kind of method that internet information required parameter is encrypted safely and deciphered |
| CN106330437A (en) * | 2016-10-20 | 2017-01-11 | 武汉斗鱼网络科技有限公司 | Password resetting method and device |
| US10659180B2 (en) | 2016-11-07 | 2020-05-19 | Tendyron Corporation | Circuit delay self-measurement method, device and system |
| WO2018082391A1 (en) * | 2016-11-07 | 2018-05-11 | 天地融科技股份有限公司 | Circuit delay self-measurement method, device, and system |
| CN108243176B (en) * | 2016-12-27 | 2020-08-11 | 腾讯科技(深圳)有限公司 | Data transmission method and device |
| CN108243176A (en) * | 2016-12-27 | 2018-07-03 | 腾讯科技(深圳)有限公司 | Data transmission method and device |
| CN108055286B (en) * | 2018-01-22 | 2021-06-15 | 武汉斗鱼网络科技有限公司 | Method, client, computer-readable storage medium and computer device for generating user identity information |
| CN107959691A (en) * | 2018-01-22 | 2018-04-24 | 武汉斗鱼网络科技有限公司 | A kind of method, server and computer equipment for being used to detect subscriber identity information |
| CN108055286A (en) * | 2018-01-22 | 2018-05-18 | 武汉斗鱼网络科技有限公司 | A kind of method, client and computer equipment for being used to generate subscriber identity information |
| CN108306739A (en) * | 2018-01-22 | 2018-07-20 | 武汉斗鱼网络科技有限公司 | A kind of method, server and computer equipment for detecting subscriber identity information |
| CN108400979A (en) * | 2018-02-06 | 2018-08-14 | 武汉斗鱼网络科技有限公司 | Communication means and electronic equipment applied to client and server |
| CN108400979B (en) * | 2018-02-06 | 2021-07-30 | 武汉斗鱼网络科技有限公司 | Communication method applied to client and server and electronic equipment |
| CN108322470A (en) * | 2018-02-07 | 2018-07-24 | 链家网(北京)科技有限公司 | A kind of network request processing method and processing device |
| CN108712408A (en) * | 2018-05-08 | 2018-10-26 | 百度在线网络技术(北京)有限公司 | A kind of anti-cheat method and device of user behavior verification |
| CN108712408B (en) * | 2018-05-08 | 2021-03-23 | 百度在线网络技术(北京)有限公司 | Anti-cheating method and device for user behavior verification |
| CN108646584A (en) * | 2018-07-12 | 2018-10-12 | 合肥数理电子信息科技有限公司 | A kind of intelligent home control system |
| CN109335906A (en) * | 2018-08-01 | 2019-02-15 | 苏州汇川技术有限公司 | Method of calibration, elevator control aggregate and elevator peripheral equipment |
| CN109335906B (en) * | 2018-08-01 | 2020-09-11 | 苏州汇川技术有限公司 | Verification method, elevator control device and elevator peripheral device |
| CN108777601A (en) * | 2018-08-06 | 2018-11-09 | 深圳信息职业技术学院 | A kind of clock synchronizing method, device and the network equipment |
| CN108777601B (en) * | 2018-08-06 | 2020-01-17 | 深圳信息职业技术学院 | Clock synchronization method, device and network equipment |
| CN109088731A (en) * | 2018-09-04 | 2018-12-25 | 杭州涂鸦信息技术有限公司 | A kind of Internet of Things cloud communication means and its device |
| CN109347869B (en) * | 2018-11-28 | 2021-07-06 | 京东数字科技控股有限公司 | Method, device, medium and electronic equipment for generating inter-cluster communication security factor |
| CN109347869A (en) * | 2018-11-28 | 2019-02-15 | 北京京东金融科技控股有限公司 | Generation method, device, medium and the electronic equipment of inter-cluster communication factor of safety |
| CN110445809A (en) * | 2019-09-03 | 2019-11-12 | 深圳绿米联创科技有限公司 | Network attack detecting method, device, system, electronic equipment and storage medium |
| CN111131200B (en) * | 2019-12-11 | 2022-06-28 | 新华三大数据技术有限公司 | Network security detection method and device |
| CN111131200A (en) * | 2019-12-11 | 2020-05-08 | 新华三大数据技术有限公司 | Network security detection method and device |
| CN111162899A (en) * | 2020-01-13 | 2020-05-15 | 成都安联云防保安服务有限公司 | Encryption transmission method for potential safety risk data |
| CN112149100A (en) * | 2020-09-01 | 2020-12-29 | 长沙市到家悠享网络科技有限公司 | Verification method, verification device, electronic equipment and storage medium |
| CN112217835A (en) * | 2020-10-23 | 2021-01-12 | 中国工商银行股份有限公司 | Message data processing method and device, server and terminal equipment |
| CN112217835B (en) * | 2020-10-23 | 2022-11-04 | 中国工商银行股份有限公司 | Message data processing method and device, server and terminal equipment |
| CN112465502A (en) * | 2020-11-11 | 2021-03-09 | 中国农业银行股份有限公司上海市分行 | Method for deploying digital time stamp offline |
| CN112511565A (en) * | 2021-01-29 | 2021-03-16 | 腾讯科技(深圳)有限公司 | Request response method and device, computer readable storage medium and electronic equipment |
| CN113395282A (en) * | 2021-06-15 | 2021-09-14 | 济南浪潮智投智能科技有限公司 | Method and system for preventing third party from accessing server resources |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102647461B (en) | 2016-05-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102647461A (en) | Communication method, server and terminal based on HTTP (Hypertext Transfer Protocol) | |
| CN106878318B (en) | Block chain real-time polling cloud system | |
| Tsai et al. | New dynamic ID authentication scheme using smart cards | |
| CN105681470B (en) | Communication means, server based on hypertext transfer protocol, terminal | |
| Lai et al. | Applying semigroup property of enhanced Chebyshev polynomials to anonymous authentication protocol | |
| CN103944900A (en) | Cross-station request attack defense method and device based on encryption | |
| CN103297437A (en) | Safety server access method for mobile intelligent terminal | |
| CN104767731A (en) | Identity authentication protection method of Restful mobile transaction system | |
| Kumari et al. | Design of a user anonymous password authentication scheme without smart card | |
| Liu et al. | A secure cookie protocol | |
| US20180302217A1 (en) | System and method for secure electronic communications by means of security hardware based on threshold cryptography | |
| Chen et al. | Security analysis and improvement of user authentication framework for cloud computing | |
| Malik et al. | Federated identity management (FIM): Challenges and opportunities | |
| WO2008020991A2 (en) | Notarized federated identity management | |
| Gouda et al. | SPP: An anti-phishing single password protocol | |
| Sood et al. | Inverse Cookie-based Virtual Password Authentication Protocol. | |
| CN109726578B (en) | Dynamic two-dimensional code anti-counterfeiting solution | |
| US20230299973A1 (en) | Service registration method and device | |
| Li et al. | Pistis: Issuing trusted and authorized certificates with distributed ledger and TEE | |
| CN109495458A (en) | A kind of method, system and the associated component of data transmission | |
| Chu et al. | Ticket transparency: Accountable single sign-on with privacy-preserving public logs | |
| CN101437228B (en) | Method, apparatus and system for implementing wireless business based on smart card | |
| Varshney et al. | A new secure authentication scheme for web login using BLE smart devices | |
| Chang et al. | A secure improvement on the user-friendly remote authentication scheme with no time concurrency mechanism | |
| Boonkrong | Authentication and Access Control |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| ASS | Succession or assignment of patent right |
Owner name: QIZHI SOFTWARE (BEIJING) CO., LTD. Effective date: 20121025 Owner name: BEIJING QIHU TECHNOLOGY CO., LTD. Free format text: FORMER OWNER: QIZHI SOFTWARE (BEIJING) CO., LTD. Effective date: 20121025 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| COR | Change of bibliographic data |
Free format text: CORRECT: ADDRESS; FROM: 100016 CHAOYANG, BEIJING TO: 100088 XICHENG, BEIJING |
|
| TA01 | Transfer of patent application right |
Effective date of registration: 20121025 Address after: 100088 Beijing city Xicheng District xinjiekouwai Street 28, block D room 112 (Desheng Park) Applicant after: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Applicant after: Qizhi software (Beijing) Co.,Ltd. Address before: The 4 layer 100016 unit of Beijing city Chaoyang District Jiuxianqiao Road No. 14 Building C Applicant before: Qizhi software (Beijing) Co.,Ltd. |
|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20220718 Address after: Room 801, 8th floor, No. 104, floors 1-19, building 2, yard 6, Jiuxianqiao Road, Chaoyang District, Beijing 100015 Patentee after: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Address before: 100088 room 112, block D, 28 new street, new street, Xicheng District, Beijing (Desheng Park) Patentee before: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Patentee before: Qizhi software (Beijing) Co.,Ltd. |
|
| TR01 | Transfer of patent right |