CN104184580A - Network operating method and network operating system - Google Patents
Network operating method and network operating system Download PDFInfo
- Publication number
- CN104184580A CN104184580A CN201310190386.2A CN201310190386A CN104184580A CN 104184580 A CN104184580 A CN 104184580A CN 201310190386 A CN201310190386 A CN 201310190386A CN 104184580 A CN104184580 A CN 104184580A
- Authority
- CN
- China
- Prior art keywords
- client
- time
- service end
- communication key
- decrypted
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Computer And Data Communications (AREA)
Abstract
The invention discloses a network operating method and a network operating system, and relates to the technical field of internet communication security. The method comprises steps: a client initiates a communication request; current time is generated and stored by a server, and predetermined encryption algorithm is used to carry out encryption processing on the current time to obtain a time stamp communication key; the client uses decryption algorithm corresponding to the encryption algorithm to carry out decryption processing on the time stamp communication key; the server uses the stored current time to verify whether the received decryption result is legal, if not, the network operating request from the client is denied; if yes, the server verifies whether the client carries out decryption on the time stamp communication key within a preset time, if not, the network operating request from the client is denied; and if yes, the network operating request from the client is allowed. According to the embodiment of the invention, through a mode that a unique time stamp communication key before communication is generated and then communication is only allowed when the client is required to decrypt the time stamp communication key within the given time, high security of communication of the time can be ensured.
Description
Technical field
The present invention relates to internet communication safe practice field, particularly a kind of network operating method and network operating system.
Background technology
In recent years, in Internet communication technology field, safety problem more and more receives publicity, no matter individual or enterprise, while carrying out certain operation based on the Internet, safe and reliable legitimacy for network operation is more and more paid attention to, and relates in particular to the processing safety of the important behaviors such as fund, sensitive operation.At present, a lot of by the online software of network that most of network user used, as Alipay, Cai Futonghe Unionpay etc., not only can carry out shopping online by it, but also can carry out the paying of water power gas charge, housing loan payment, equity investment etc., in these softwares, communication security technology is widely used.
In network operation technology, information encryption is a key technology wherein, information encryption is a kind of Information Security Prevention measure of active, its principle is to utilize certain cryptographic algorithm, plaintext is converted into and seems insignificant ciphertext, stop disabled user to understand raw information, thereby guarantee the confidentiality of information.
Yet, in existing information encryption, after if that string ciphertext in Internet Transmission is obtained by undesirable and is used decoding tool to decrypt, undesirable just likely can pretend to send request to server end, from service end, obtain as responsible consumer information such as Bank Account Number property information, authorized, and then can carry out the operation of mandate, thus property of user etc. is caused to huge loss.
Summary of the invention
In view of the above problems, the embodiment of the present invention provides a kind of network operating method and network operating system, for proposing a kind of network operation solution based on the Internet, more safe and reliable.
The embodiment of the present invention has adopted following technical scheme:
One embodiment of the invention provides a kind of network operating method, and the method comprises:
Client is to the request of service end initiating communication;
Service end receives after described communication request, generate current time, store described current time, and utilize the cryptographic algorithm of making an appointment to be encrypted described current time, obtain timestamp communication key, described timestamp communication key is sent to described client;
The client utilization decipherment algorithm corresponding with described cryptographic algorithm is decrypted processing to described timestamp communication key, and decrypted result is sent to service end;
Service end utilizes the described current time of self storing to verify that whether the decrypted result receiving is legal, otherwise refusal client network operation requests; ,
Whether service end checking client is decrypted described timestamp communication key in Preset Time, otherwise refusal client network operation requests; ,
Allow client network operation requests.
Described service end utilizes the described current time of self storing to verify whether legal the comprising of decrypted result receiving:
Service end compares the described current time of the decrypted result receiving and self storage, if consistent legal to the checking of decrypted result, otherwise illegal.
Whether described service end checking client is decrypted and comprises described timestamp communication key in Preset Time:
Service end record receives the time of described client decrypted result, is designated as for the second time;
Calculate the time difference of described the second time and described current time;
Judging whether the described time difference be less than or equal to described Preset Time, is that checking client is in Preset Time, described timestamp communication key to be decrypted; Otherwise checking client fails in Preset Time, described timestamp communication key to be decrypted.
Described cryptographic algorithm of making an appointment comprises DEA DES.
Between client and service end, mutual information is to utilize information encryption, and by being expressly converted to, ciphertext transmits.
Another embodiment of the present invention provides a kind of network operating system, comprises service end and at least one client:
Described service end comprises:
Key generation unit, for receiving after the communication request of client transmission, generate current time, store described current time, and utilize the cryptographic algorithm of making an appointment to be encrypted described current time, obtain timestamp communication key, described timestamp communication key is sent to described client;
The first authentication unit, the decrypted result sending for receiving client, utilizes the described current time of self storing to verify that whether the decrypted result receiving is legal, otherwise refusal client network operation requests is to trigger the second authentication unit; With
Whether the second authentication unit, be decrypted described timestamp communication key for checking client in Preset Time, otherwise refusal client network operation requests is to allow client network operation requests;
Described client comprises:
Request initiating cell, for to the request of service end initiating communication;
Cipher key decryption unit, for after receiving the timestamp communication key of service end transmission, utilizes the decipherment algorithm corresponding with described cryptographic algorithm to be decrypted processing to described timestamp communication key, and decrypted result is sent to service end; With
Network operation unit, for allowing or refuse corresponding network operation according to the result of service end.
Described the first authentication unit specifically for:
Service end compares the described current time of the decrypted result receiving and self storage, if consistent legal to the checking of decrypted result, triggers the second authentication unit; Otherwise illegal, refusal client network operation requests.
Described the second authentication unit specifically comprises:
Time logging modle, for recording the time that receives described client decrypted result, was designated as for the second time;
Time difference computing module, for calculating the time difference of described the second time and described current time; With
Judge module, for judging whether the described time difference be less than or equal to described Preset Time, is to allow client network operation requests; Otherwise refusal client network operation requests.
Described cryptographic algorithm of making an appointment comprises DEA DES.
Between client and service end, mutual information is to utilize information encryption, and by being expressly converted to, ciphertext transmits.
The network operating method that the embodiment of the present invention provides and system, a kind of network operation solution based on the Internet, more safe and reliable has been proposed, by first generate a unique timestamp communication key in service end before communication, then require client to decrypt at the appointed time the mode that this timestamp communication key just allows communication, guarantee the fail safe of the height of this communication.
Accompanying drawing explanation
Fig. 1 is a kind of network operating method flow chart of one embodiment of the invention;
Fig. 2 is a kind of network operating system structured flowchart of another embodiment of the present invention.
Embodiment
For making the object, technical solutions and advantages of the present invention clearer, below in conjunction with accompanying drawing, embodiment of the present invention is described further in detail.
The embodiment of the present invention is introduced the concept of timestamp communication key, and communication period adopts and in the stipulated time, decrypts the fail safe that mode that this timestamp communication key just allows communication improves each communication.
A kind of network operating method that one embodiment of the invention provides, referring to Fig. 1, idiographic flow is as follows:
S1: client is to the request of service end initiating communication.
S2: service end receives after described communication request, generate current time, store described current time, and utilize the cryptographic algorithm of making an appointment to be encrypted current time, obtain timestamp communication key, described timestamp communication key is sent to described client.
Timestamp communication key is exactly when client sends communication request to service end, a string character string generating in service end.This character string use service end is current to be received the time (being accurate to millisecond) of the request of client transmission and uses encryption technology further to encrypt encapsulation generation, to guarantee that the character string of generation is all unique at every turn.
The cryptographic algorithm of making an appointment can be DEA DES(Data Encryption Standard) or other cipher mode of consulting of both sides all can.
S3: the client utilization decipherment algorithm corresponding with above-mentioned cryptographic algorithm is decrypted processing to timestamp communication key, and decrypted result is sent to service end.
It should be noted that, the client utilization decipherment algorithm corresponding with above-mentioned cryptographic algorithm is decrypted processing to timestamp communication key, and the decrypted result obtaining is exactly that service end receives the time that client sends request rear generation.
S4: service end utilizes the above-mentioned current time of self storing to verify that whether the decrypted result receiving is legal, otherwise carries out S7, is to carry out S5.
Concrete, service end utilizes the described current time of self storing to verify whether legal the comprising of decrypted result receiving:
Service end compares the described current time of the decrypted result receiving and self storage, if consistent legal to the checking of decrypted result, otherwise illegal.
S5: whether service end checking client is decrypted timestamp communication key in Preset Time, otherwise carry out S7; To carry out S6.
Concrete, whether service end checking client is decrypted and comprises described timestamp communication key in Preset Time:
Service end record receives the time of described client decrypted result, is designated as for the second time;
Calculate the time difference of described the second time and described current time;
Judging whether the described time difference be less than or equal to described Preset Time, is that checking client is in Preset Time, described timestamp communication key to be decrypted; Otherwise checking client fails in Preset Time, timestamp communication key to be decrypted.
S6: allow the network operation request of this client, finish.
S7: refuse the network operation request of this client.
Preferably, between client and service end, mutual information is to utilize information encryption, and by being expressly converted to, ciphertext transmits.Information encryption is a kind of Information Security Prevention measure of active, and its principle is to utilize certain cryptographic algorithm, and plaintext is converted into and seems insignificant ciphertext, stops disabled user to understand raw information, thereby guarantees the confidentiality of information.
First service end goes to go to mate with the time of self preserving after receiving the time after this deciphering that client sends.If coupling is consistent, the time that re-uses current service end deduct from client to this deciphering time, if result is to represent that at the appointed time this communication is safe, can go the important operation requests of comparison privacy of customer in response end transmission.If coupling is consistent, but the time of using current service end deduct from client to this deciphering the result of time be not at the appointed time, represent that this communication is probably the communication key that some undesirables such as hacker have cracked you, disguising oneself as, you send request to service end, and at this time server end can select not respond this request.If mate inconsistently, server end can select directly to ignore this request.
Because some lawless persons such as hacker cannot crack communication key after your encryption in a short period of time, so general hacker just likely cracks this timestamp communication key after exceeding schedule time, even if but cracked also and had no relations that kind, because this timestamp communication key only cracks just effective at the appointed time, this agreement that exceeds schedule time is cancelled automatically, this communication is invalid, service end by any request can not customer in response end sending, so just can be strengthened the fail safe of the important communication of those comparison privacies.
The embodiment of the present invention has proposed a kind of network operation solution based on the Internet, more safe and reliable, by first generate a unique timestamp communication key in service end before communication, then require client to decrypt at the appointed time the mode that this timestamp communication key just allows communication, guarantee the tight security of this communication.
After even that string ciphertext is obtained by undesirable and is used decoding tool to decrypt, undesirable disguises oneself as, and you send request to server end, and it is that then you determine whether to respond your request according to judged result that server end also can be identified the communication party who sends request.
Referring to Fig. 2, the embodiment of the present invention also provides a kind of network operating system, comprises service end 100 and at least one client 200;
Described service end 100 comprises:
Key generation unit 101, for receiving after the communication request of client transmission, generate current time, store described current time, and utilize the cryptographic algorithm of making an appointment to be encrypted described current time, obtain timestamp communication key, described timestamp communication key is sent to described client.
The first authentication unit 102, the decrypted result sending for receiving client, utilizes the described current time of self storing to verify that whether the decrypted result receiving is legal, otherwise refusal client network operation requests is to trigger the second authentication unit.
Whether the second authentication unit 103, be decrypted described timestamp communication key for checking client in Preset Time, otherwise refusal client network operation requests is to allow client network operation requests.
Described client 200 comprises:
Request initiating cell 201, for to the request of service end initiating communication.
Cipher key decryption unit 202, for after receiving the timestamp communication key of service end transmission, utilizes the decipherment algorithm corresponding with described cryptographic algorithm to be decrypted processing to described timestamp communication key, and decrypted result is sent to service end.
Network operation unit 203, for allowing or refuse corresponding network operation according to the result of service end.
Wherein, the first authentication unit 102 specifically for:
Service end compares the described current time of the decrypted result receiving and self storage, if consistent legal to the checking of decrypted result, triggers the second authentication unit; Otherwise illegal, refusal client network operation requests.
Preferably, the second authentication unit 103 specifically comprises:
Time logging modle, for recording the time that receives described client decrypted result, was designated as for the second time.
Time difference computing module, for calculating the time difference of described the second time and described current time.
With, judge module, for judging whether the described time difference be less than or equal to described Preset Time, be to allow client network operation requests; Otherwise refusal client network operation requests.
The cryptographic algorithm of making an appointment can be DEA DES(Data Encryption Standard) or other cipher mode of consulting of both sides all can.
Further, between client and service end, mutual information is to utilize information encryption, and by being expressly converted to, ciphertext transmits.
The embodiment of the present invention has proposed a kind of network operation solution based on the Internet, more safe and reliable, by first generate a unique timestamp communication key in service end before communication, then require client to decrypt at the appointed time the mode that this timestamp communication key just allows communication, guarantee the tight security of this communication.
In native system embodiment, the function of each unit, module specifically refers to embodiment of the method, repeats no more herein.
For the ease of the clear technical scheme of describing the embodiment of the present invention, in inventive embodiment, adopted the printed words such as " first ", " second " to distinguish the essentially identical identical entry of function and efficacy or similar item, it will be appreciated by those skilled in the art that the printed words such as " first ", " second " do not limit quantity and execution order.
The foregoing is only preferred embodiment of the present invention, be not intended to limit protection scope of the present invention.All any modifications of doing within the spirit and principles in the present invention, be equal to replacement, improvement etc., be all included in protection scope of the present invention.
Claims (10)
1. a network operating method, is characterized in that, described method comprises:
Client is to the request of service end initiating communication;
Service end receives after described communication request, generate current time, store described current time, and utilize the cryptographic algorithm of making an appointment to be encrypted described current time, obtain timestamp communication key, described timestamp communication key is sent to described client;
The client utilization decipherment algorithm corresponding with described cryptographic algorithm is decrypted processing to described timestamp communication key, and decrypted result is sent to service end;
Service end utilizes the described current time of self storing to verify that whether the decrypted result receiving is legal, otherwise refusal client network operation requests; ,
Whether service end checking client is decrypted described timestamp communication key in Preset Time, otherwise refusal client network operation requests; ,
Allow the network operation request of client.
2. method according to claim 1, is characterized in that, described service end utilizes the described current time of self storing to verify whether legal the comprising of decrypted result receiving:
Service end compares the described current time of the decrypted result receiving and self storage, if consistent legal to the checking of decrypted result, otherwise illegal.
3. method according to claim 1, is characterized in that, whether described service end checking client is decrypted and comprises described timestamp communication key in Preset Time:
Service end record receives the time of described client decrypted result, is designated as for the second time;
Calculate the time difference of described the second time and described current time;
Judging whether the described time difference be less than or equal to described Preset Time, is that checking client is in Preset Time, described timestamp communication key to be decrypted; Otherwise checking client fails in Preset Time, described timestamp communication key to be decrypted.
4. method according to claim 1, is characterized in that, described in the cryptographic algorithm of making an appointment comprise DEA DES.
5. method according to claim 1, is characterized in that, between client and service end, mutual information is to utilize information encryption, and by being expressly converted to, ciphertext transmits.
6. a network operating system, is characterized in that, comprises service end and at least one client;
Described service end comprises:
Key generation unit, for receiving after the communication request of client transmission, generate current time, store described current time, and utilize the cryptographic algorithm of making an appointment to be encrypted described current time, obtain timestamp communication key, described timestamp communication key is sent to described client;
The first authentication unit, the decrypted result sending for receiving client, utilizes the described current time of self storing to verify that whether the decrypted result receiving is legal, otherwise refusal client network operation requests is to trigger the second authentication unit; With
Whether the second authentication unit, be decrypted described timestamp communication key for checking client in Preset Time, otherwise refusal client network operation requests is to allow client network operation requests;
Described client comprises:
Request initiating cell, for to the request of service end initiating communication;
Cipher key decryption unit, for after receiving the timestamp communication key of service end transmission, utilizes the decipherment algorithm corresponding with described cryptographic algorithm to be decrypted processing to described timestamp communication key, and decrypted result is sent to service end; With
Network operation unit, for allowing or refuse corresponding network operation according to the result of service end.
7. system according to claim 6, is characterized in that, described the first authentication unit specifically for:
Service end compares the described current time of the decrypted result receiving and self storage, if consistent legal to the checking of decrypted result, triggers the second authentication unit; Otherwise illegal, refusal client network operation requests.
8. system according to claim 6, is characterized in that, described the second authentication unit specifically comprises:
Time logging modle, for recording the time that receives described client decrypted result, was designated as for the second time;
Time difference computing module, for calculating the time difference of described the second time and described current time; With
Judge module, for judging whether the described time difference be less than or equal to described Preset Time, is to allow client network operation requests; Otherwise refusal client network operation requests.
9. system according to claim 6, is characterized in that, described in the cryptographic algorithm of making an appointment comprise DEA DES.
10. system according to claim 6, is characterized in that, between client and service end, mutual information is to utilize information encryption, and by being expressly converted to, ciphertext transmits.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310190386.2A CN104184580A (en) | 2013-05-21 | 2013-05-21 | Network operating method and network operating system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310190386.2A CN104184580A (en) | 2013-05-21 | 2013-05-21 | Network operating method and network operating system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104184580A true CN104184580A (en) | 2014-12-03 |
Family
ID=51965346
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310190386.2A Pending CN104184580A (en) | 2013-05-21 | 2013-05-21 | Network operating method and network operating system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104184580A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106354401A (en) * | 2015-07-16 | 2017-01-25 | 奥多比公司 | Processing touch gestures in hybrid applications |
| CN111131200A (en) * | 2019-12-11 | 2020-05-08 | 新华三大数据技术有限公司 | Network security detection method and device |
| CN111640248A (en) * | 2020-04-07 | 2020-09-08 | 北京聚利科技有限公司 | Refueling processing method, device, equipment, storage medium and system |
| CN112583772A (en) * | 2019-09-30 | 2021-03-30 | 重庆傲雄在线信息技术有限公司 | Data acquisition and storage platform |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1889434A (en) * | 2006-07-21 | 2007-01-03 | 胡祥义 | Method for safety efficient network user identity discrimination |
| CN101764693A (en) * | 2009-12-24 | 2010-06-30 | 福建星网锐捷网络有限公司 | Authentication method, system, client and network equipment |
| US20120137081A1 (en) * | 2010-11-30 | 2012-05-31 | Shea James C | System and method for managing a cache using file system metadata |
| CN102546179A (en) * | 2011-12-31 | 2012-07-04 | 珠海市君天电子科技有限公司 | Identity authentication method applied between server side and client side |
| CN102624740A (en) * | 2012-03-30 | 2012-08-01 | 奇智软件(北京)有限公司 | Data interaction method, client and server |
| CN102724207A (en) * | 2012-06-28 | 2012-10-10 | 上海西本网络科技有限公司 | Method and device for transmitting/processing service request, client end and service end |
| CN103001976A (en) * | 2012-12-28 | 2013-03-27 | 中国科学院计算机网络信息中心 | Safe network information transmission method |
-
2013
- 2013-05-21 CN CN201310190386.2A patent/CN104184580A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1889434A (en) * | 2006-07-21 | 2007-01-03 | 胡祥义 | Method for safety efficient network user identity discrimination |
| CN101764693A (en) * | 2009-12-24 | 2010-06-30 | 福建星网锐捷网络有限公司 | Authentication method, system, client and network equipment |
| US20120137081A1 (en) * | 2010-11-30 | 2012-05-31 | Shea James C | System and method for managing a cache using file system metadata |
| CN102546179A (en) * | 2011-12-31 | 2012-07-04 | 珠海市君天电子科技有限公司 | Identity authentication method applied between server side and client side |
| CN102624740A (en) * | 2012-03-30 | 2012-08-01 | 奇智软件(北京)有限公司 | Data interaction method, client and server |
| CN102724207A (en) * | 2012-06-28 | 2012-10-10 | 上海西本网络科技有限公司 | Method and device for transmitting/processing service request, client end and service end |
| CN103001976A (en) * | 2012-12-28 | 2013-03-27 | 中国科学院计算机网络信息中心 | Safe network information transmission method |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106354401A (en) * | 2015-07-16 | 2017-01-25 | 奥多比公司 | Processing touch gestures in hybrid applications |
| CN112583772A (en) * | 2019-09-30 | 2021-03-30 | 重庆傲雄在线信息技术有限公司 | Data acquisition and storage platform |
| CN112583772B (en) * | 2019-09-30 | 2022-07-15 | 重庆傲雄在线信息技术有限公司 | Data acquisition and storage platform |
| CN111131200A (en) * | 2019-12-11 | 2020-05-08 | 新华三大数据技术有限公司 | Network security detection method and device |
| CN111131200B (en) * | 2019-12-11 | 2022-06-28 | 新华三大数据技术有限公司 | Network security detection method and device |
| CN111640248A (en) * | 2020-04-07 | 2020-09-08 | 北京聚利科技有限公司 | Refueling processing method, device, equipment, storage medium and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11470054B2 (en) | Key rotation techniques | |
| US11038673B2 (en) | Data processing method and apparatus | |
| KR101637863B1 (en) | Security system and method for transmitting a password | |
| KR101769282B1 (en) | Data security service | |
| CN102077213B (en) | Techniques for ensuring authentication and integrity of communications | |
| US20110161671A1 (en) | System and method for securing data | |
| CN102638459A (en) | Authentication information transmission system, authentication information transmission service platform and authentication information transmission method | |
| CN101771680B (en) | Method for writing data to smart card, system and remote writing-card terminal | |
| CN107070879A (en) | Data guard method and system | |
| CN107086911A (en) | A kind of proxy re-encryption method for entrusting checking of CCA safety | |
| CN112699353B (en) | Financial information transmission method and financial information transmission system | |
| CN103108028A (en) | Cloud computing processing system with security architecture | |
| CN102223354A (en) | Network payment authentication method, server and system | |
| US8990887B2 (en) | Secure mechanisms to enable mobile device communication with a security panel | |
| CN107070856A (en) | Encryption/decryption speed improvement method of encryption is applied compoundly | |
| CN115114658A (en) | Verifiable data transaction method, device, equipment and medium based on block chain | |
| CN104184580A (en) | Network operating method and network operating system | |
| CN103177225A (en) | Method and system of data management | |
| US10417448B2 (en) | Management of sensitive information access and use | |
| TW201504964A (en) | Secure mobile device shopping system and method | |
| US11436351B1 (en) | Homomorphic encryption of secure data | |
| CN100561913C (en) | A kind of method of access code equipment | |
| KR102053993B1 (en) | Method for Authenticating by using Certificate | |
| KR102055888B1 (en) | Encryption and decryption method for protecting information | |
| CN105184116A (en) | Intelligent equipment software encryption and personal authentication device and method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20141203 |
|
| RJ01 | Rejection of invention patent application after publication |