CN104580248A - Secured logon method for variable secret key encryption under HTTP - Google Patents
Secured logon method for variable secret key encryption under HTTP Download PDFInfo
- Publication number
- CN104580248A CN104580248A CN201510041527.3A CN201510041527A CN104580248A CN 104580248 A CN104580248 A CN 104580248A CN 201510041527 A CN201510041527 A CN 201510041527A CN 104580248 A CN104580248 A CN 104580248A
- Authority
- CN
- China
- Prior art keywords
- service end
- client
- login authentication
- temporary key
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0457—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply dynamic encryption, e.g. stream encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention relates to a secured logon method for variable secret key encryption under an HTTP. The method includes the following steps that a server terminal generates a temporary secret key K according to a login authentication request of a client terminal, and the temporary secret key is sent back to the client terminal and cached at the client terminal; the client terminal generates user information abstract data Hp1 according to a clear-text password and the temporary secret key in an encryption mode; whether the temporary secret key K with the IP being a key value exists or not is inquired by the server terminal according to the login authentication request, and if not, it is judged that the login authentication fails; if yes, a user password of the server terminal is inquired, server terminal information abstract data Hp2 are generated according to the user password of the server terminal and the temporary secret key, the Hp2 is compared with the Hp1, and whether the login authentication fails or succeeds is judged. According to the secured logon method, the secret key and the data are both dynamic, an illegal third party cannot calculate the password data used by current login, and therefore the technical problem that the security is low due to the fact that the passwords are likely to be leaked or forged during login authentication in the prior art can be solved.
Description
Technical field
The present invention relates to field of information security technology, be specifically related to the safe login method of changeable key encryption under http protocol.
Background technology
Http protocol transmission data are modes of a kind of plaintext, usually when handles user login, client passes to service end by some hash algorithms after information encryption high for the level of securitys such as password, and the data that service end receives encryption have been compared with the data of the same hash algorithm encryption of the process of preserving in database a login authentication.Although this mode is also encrypted password, be the same in client with the cryptographic algorithm of service end, be also expressly in transmitting procedure, worn part clothes just as to password, and this part clothes does not change when each login.So, the fail safe of login is also just made a discount.
Summary of the invention
In order to realize more safe and reliable login authentication, when solving prior art login authentication, password is easily revealed or is forged etc. and the low technical problem of fail safe, the invention provides the safe login method of changeable key encryption under http protocol, the method adopts the mode of changeable key encryption, key and data are all dynamic changes, illegal third party cannot extrapolate current login code data used, drastically increases fail safe.
The present invention adopts following technical scheme: the safe login method of changeable key encryption under http protocol of the present invention, comprises the following steps:
The login authentication request that S1, client are initiated;
S2, service end generate temporary key K according to login authentication request, pass temporary key back client, and using client ip address as key assignments buffer memory temporary key in service end buffer memory;
S3, client are according to the clear-text passwords of input and temporary key K, and encryption generating user information summary data Hp1, passes to service end Hp1;
S4, service end, according to login authentication request, are inquired about and whether be there is the temporary key K that IP is key assignments from service end buffer memory, if there is not temporary key, judge login authentication failure; If there is temporary key, then inquiry service end subscriber password, generates service end informative abstract data Hp2 according to service end user cipher and temporary key K, is compared by Hp2 and Hp1, judges login authentication failure or passes through.
Preferably, time stamp data Ts when described step S2 service end obtains the client ip address of login authentication queued session and initiates current login authentication request from login authentication request, temporary key K is generated by algorithm K=GetKey (IP, Ts).
Preferably, described step S2 service end is to the buffer setting term of validity Exp of temporary key K.
Preferably, first the clear-text passwords of input is encrypted to client user password P1 by described step S3 client, then according to client user password P1 and temporary key K generating user information summary data Hp1.
Preferably, described step S4 service end obtains the client ip address of login authentication request, user name and Profile Summary data Hp1 from login authentication request.
Preferably, described step S4 service end according to login authentication acquisition request user name, if there is temporary key in service end buffer memory, then according to user name inquiry service end subscriber password from database.
Compared with prior art, tool of the present invention has the following advantages and beneficial effect:
The dynamic key that the present invention generates in service end, is a validity sometimes, has the key of life cycle.If when there is some hijacking datas, data forgery in login process, hijacker (i.e. illegal third party) can only take random key or the data after encryption, because key and data are all dynamic changes, so hijacker pseudo-cannot produce consistent response, also just have no idea to extrapolate real code data, thus make the fail safe of login authentication obtain maximum guarantee.
Accompanying drawing explanation
Fig. 1 is the generative process of temporary key;
Fig. 2 is the flow process of client encrypt logon data;
Fig. 3 is the flow process that service end resolves checking logon data.
In figure, each parameter declaration is as follows:
K: during login authentication request, the temporary key that service end generates; IP: the client ip address of initiating login authentication request; Ts: initiate timestamp during login authentication request; Exp: the term of validity of temporary key buffer memory; P: user's clear-text passwords; P1: client is through the user cipher of md5 encryption; P2: the user cipher through md5 encryption that service end stores; Hp1: the Profile Summary data of Hash encryption; Hp2: the server info summary data of Hash encryption.
Embodiment
Below in conjunction with embodiment and accompanying drawing, the present invention is described in further detail, but embodiments of the present invention are not limited to this.
Embodiment
In the present embodiment, the safe login method of changeable key encryption under http protocol, comprises the following steps:
1) the login authentication request of client initiation, service end generates temporary key according to login authentication request, passes temporary key back client, and using client ip address as key assignments buffer memory temporary key in service end buffer memory.
See Fig. 1, when client initiates login authentication request, service end receives request, obtain the client ip address (IP) of initiating current login authentication queued session, as first parameter generating temporary key, obtain the time stamp data (Ts) when initiating current login authentication request simultaneously, as the second parameter generating temporary key, by key schedule K=GetKey (IP, Ts), obtain a temporary key K crossed through base64 coded treatment, then temporary key is returned client by response flow transmission, use IP as key assignments simultaneously, K is buffered in service end buffer memory (web cache), and the term of validity (Exp) of temporary key K buffer memory is set.
2) clear-text passwords of input is encrypted to client user password P1 by client, then encrypts generating user information summary data Hp1 according to client user password P1 and temporary key K, and Hp1 is passed to service end.
As shown in Figure 2, after client obtains the clear-text passwords P of user's input, clear-text passwords is processed through md5 encryption algorithm P1=MD5 (P), obtain the client user password P1 after md5 encryption as the message parameter generating client encrypt data, temporary key K is as the key parameter of algorithm, the Hash cryptographic algorithm of being correlated with by key generates final Hash encrypting user informative abstract data Hp1=HMAC (P1, K).Client, when submitting login authentication request to, passes to service end the Profile Summary data Hp1 encrypted through Hash.
3) service end is according to login authentication request, inquires about and whether there is the temporary key K that IP is key assignments from service end buffer memory, resolves login authentication request, judges login authentication failure or passes through.
After service end receives login authentication request, first client ip address, user name, the Profile Summary data Hp1 of login authentication request is obtained, and from service end buffer memory, inquire about whether there is the temporary key K that IP is key assignments, if there is no, explanation temporary key is expired, directly returns login authentication failure information.If there is this temporary key, from database, the service end user cipher P2 through md5 encryption of preservation is inquired according to user name, the Hash cryptographic algorithm of being correlated with by key generates final Hash cryptographic services client information summary data Hp2=HMAC (P2, K); Wherein service end user cipher P2 is that service end is formed and stored in the user cipher in database through md5 encryption when user registers account number.The summary data Hp1 that the informative abstract data Hp2 generate service end and client pass over compares.Inconsistent, then judge login authentication failure; Unanimously, then judge that login authentication is passed through.
Above-described embodiment is one embodiment of the present invention; but embodiments of the present invention do not limit therewith; be engaged in these those skilled in the art do not deviate from the present invention spirit and principle under make any amendment, replacement, improvement, be all included in protection scope of the present invention.
Claims (10)
- The safe login method of changeable key encryption under 1.HTTP agreement, is characterized in that, comprise the following steps:The login authentication request that S1, client are initiated;S2, service end generate temporary key K according to login authentication request, pass temporary key back client, and using client ip address as key assignments buffer memory temporary key in service end buffer memory;S3, client are according to the clear-text passwords of input and temporary key K, and encryption generating user information summary data Hp1, passes to service end Hp1;S4, service end, according to login authentication request, are inquired about and whether be there is the temporary key K that IP is key assignments from service end buffer memory, if there is not temporary key, judge login authentication failure; If there is temporary key, then inquiry service end subscriber password, generates service end informative abstract data Hp2 according to service end user cipher and temporary key K, is compared by Hp2 and Hp1, judges login authentication failure or passes through.
- 2. safe login method according to claim 1, it is characterized in that, time stamp data Ts when described step S2 service end obtains the client ip address of login authentication queued session and initiates current login authentication request from login authentication request, temporary key K is generated by algorithm K=GetKey (IP, Ts).
- 3. safe login method according to claim 1, is characterized in that, described step S2 service end is to the buffer setting term of validity Exp of temporary key K.
- 4. safe login method according to claim 1, it is characterized in that, first the clear-text passwords of input is encrypted to client user password P1 by described step S3 client, then according to client user password P1 and temporary key K generating user information summary data Hp1.
- 5. safe login method according to claim 4, is characterized in that, described client adopts md5 encryption algorithm that the clear-text passwords of input is encrypted to user cipher P1.
- 6. safe login method according to claim 4, is characterized in that, described client adopts Hash cryptographic algorithm generating user information summary data Hp1.
- 7. safe login method according to claim 1, is characterized in that, described step S4 service end obtains the client ip address of login authentication request, user name and Profile Summary data Hp1 from login authentication request.
- 8. safe login method according to claim 1, is characterized in that, described step S4 service end according to login authentication acquisition request user name, if there is temporary key in service end buffer memory, then according to user name inquiry service end subscriber password from database.
- 9. safe login method according to claim 1, is characterized in that, in described step S4, service end adopts Hash cryptographic algorithm to generate service end informative abstract data Hp2.
- 10. safe login method according to claim 1, is characterized in that, in described step S4 service end user cipher be user when registering account number service end be formed and stored in the user cipher in database through md5 encryption.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510041527.3A CN104580248A (en) | 2015-01-27 | 2015-01-27 | Secured logon method for variable secret key encryption under HTTP |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510041527.3A CN104580248A (en) | 2015-01-27 | 2015-01-27 | Secured logon method for variable secret key encryption under HTTP |
Publications (1)
Publication Number | Publication Date |
---|---|
CN104580248A true CN104580248A (en) | 2015-04-29 |
Family
ID=53095428
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510041527.3A Pending CN104580248A (en) | 2015-01-27 | 2015-01-27 | Secured logon method for variable secret key encryption under HTTP |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104580248A (en) |
Cited By (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106850669A (en) * | 2017-03-03 | 2017-06-13 | 重庆和航科技股份有限公司 | Network monitoring system for things message safe transmission method and monitor terminal network registration method |
CN107065750A (en) * | 2017-05-15 | 2017-08-18 | 中国工程物理研究院计算机应用研究所 | The industrial control network dynamic security method of interior raw safety |
CN107171789A (en) * | 2017-04-20 | 2017-09-15 | 努比亚技术有限公司 | A kind of safe login method, client device and server |
CN107483495A (en) * | 2017-09-21 | 2017-12-15 | 浪潮软件股份有限公司 | A kind of big data cluster Host Administration method, management system and service end |
CN107612889A (en) * | 2017-08-23 | 2018-01-19 | 四川长虹电器股份有限公司 | The method for preventing user profile from revealing |
CN108092937A (en) * | 2016-11-23 | 2018-05-29 | 厦门雅迅网络股份有限公司 | Prevent the method and system of Web system unauthorized access |
CN109995700A (en) * | 2017-12-29 | 2019-07-09 | 北京易安睿龙科技有限公司 | A kind of safety protecting method of application program, applications client and ACR server |
CN111107073A (en) * | 2019-12-11 | 2020-05-05 | 数字广东网络建设有限公司 | Application automatic login method and device, computer equipment and storage medium |
CN112019535A (en) * | 2020-08-26 | 2020-12-01 | 北京信安世纪科技股份有限公司 | Password authentication method |
CN112966286A (en) * | 2021-03-30 | 2021-06-15 | 建信金融科技有限责任公司 | Method, system, device and computer readable medium for user login |
CN113037703A (en) * | 2020-12-16 | 2021-06-25 | 重庆扬成大数据科技有限公司 | Agricultural informatization work management method in big data environment |
CN113037702A (en) * | 2020-12-16 | 2021-06-25 | 重庆扬成大数据科技有限公司 | Agricultural worker login system safe working method based on big data analysis |
CN113271306A (en) * | 2021-05-18 | 2021-08-17 | 上海星融汽车科技有限公司 | Data request and transmission method, device and system |
CN114221774A (en) * | 2020-09-04 | 2022-03-22 | 中兴通讯股份有限公司 | Authentication method, server, terminal device and storage medium |
CN114679312A (en) * | 2022-03-22 | 2022-06-28 | 通号智慧城市研究设计院有限公司 | Encryption method, electronic device, and computer-readable storage medium |
CN114817897A (en) * | 2021-01-18 | 2022-07-29 | 千寻位置网络有限公司 | Security reinforcement method for terminal equipment |
CN115277166A (en) * | 2022-07-25 | 2022-11-01 | 国网甘肃省电力公司 | Cross-boundary user management system for engineering vector library |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101465735A (en) * | 2008-12-19 | 2009-06-24 | 北京大学 | Network user identification verification method, server and client terminal |
CN103391292A (en) * | 2013-07-18 | 2013-11-13 | 百度在线网络技术(北京)有限公司 | Mobile-application-oriented safe login method, system and device |
CN104219228A (en) * | 2014-08-18 | 2014-12-17 | 四川长虹电器股份有限公司 | User registration and user identification method and user registration and user identification system |
-
2015
- 2015-01-27 CN CN201510041527.3A patent/CN104580248A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101465735A (en) * | 2008-12-19 | 2009-06-24 | 北京大学 | Network user identification verification method, server and client terminal |
CN103391292A (en) * | 2013-07-18 | 2013-11-13 | 百度在线网络技术(北京)有限公司 | Mobile-application-oriented safe login method, system and device |
CN104219228A (en) * | 2014-08-18 | 2014-12-17 | 四川长虹电器股份有限公司 | User registration and user identification method and user registration and user identification system |
Cited By (24)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108092937A (en) * | 2016-11-23 | 2018-05-29 | 厦门雅迅网络股份有限公司 | Prevent the method and system of Web system unauthorized access |
CN108092937B (en) * | 2016-11-23 | 2021-04-20 | 厦门雅迅网络股份有限公司 | Method and system for preventing unauthorized access of Web system |
CN106850669A (en) * | 2017-03-03 | 2017-06-13 | 重庆和航科技股份有限公司 | Network monitoring system for things message safe transmission method and monitor terminal network registration method |
CN106850669B (en) * | 2017-03-03 | 2020-10-23 | 重庆和航科技股份有限公司 | Message security transmission method for Internet of things monitoring system |
CN107171789A (en) * | 2017-04-20 | 2017-09-15 | 努比亚技术有限公司 | A kind of safe login method, client device and server |
CN107065750A (en) * | 2017-05-15 | 2017-08-18 | 中国工程物理研究院计算机应用研究所 | The industrial control network dynamic security method of interior raw safety |
CN107612889B (en) * | 2017-08-23 | 2020-06-30 | 四川长虹电器股份有限公司 | Method for preventing user information leakage |
CN107612889A (en) * | 2017-08-23 | 2018-01-19 | 四川长虹电器股份有限公司 | The method for preventing user profile from revealing |
CN107483495A (en) * | 2017-09-21 | 2017-12-15 | 浪潮软件股份有限公司 | A kind of big data cluster Host Administration method, management system and service end |
CN109995700A (en) * | 2017-12-29 | 2019-07-09 | 北京易安睿龙科技有限公司 | A kind of safety protecting method of application program, applications client and ACR server |
CN109995700B (en) * | 2017-12-29 | 2021-10-15 | 北京易安睿龙科技有限公司 | Security protection method of application program, application client and ACR server |
CN111107073A (en) * | 2019-12-11 | 2020-05-05 | 数字广东网络建设有限公司 | Application automatic login method and device, computer equipment and storage medium |
CN112019535A (en) * | 2020-08-26 | 2020-12-01 | 北京信安世纪科技股份有限公司 | Password authentication method |
CN112019535B (en) * | 2020-08-26 | 2023-03-07 | 北京信安世纪科技股份有限公司 | Password authentication method |
CN114221774A (en) * | 2020-09-04 | 2022-03-22 | 中兴通讯股份有限公司 | Authentication method, server, terminal device and storage medium |
CN113037702A (en) * | 2020-12-16 | 2021-06-25 | 重庆扬成大数据科技有限公司 | Agricultural worker login system safe working method based on big data analysis |
CN113037702B (en) * | 2020-12-16 | 2021-11-09 | 重庆扬成大数据科技有限公司 | Agricultural worker login system safe working method based on big data analysis |
CN113037703A (en) * | 2020-12-16 | 2021-06-25 | 重庆扬成大数据科技有限公司 | Agricultural informatization work management method in big data environment |
CN114817897A (en) * | 2021-01-18 | 2022-07-29 | 千寻位置网络有限公司 | Security reinforcement method for terminal equipment |
CN112966286A (en) * | 2021-03-30 | 2021-06-15 | 建信金融科技有限责任公司 | Method, system, device and computer readable medium for user login |
CN113271306A (en) * | 2021-05-18 | 2021-08-17 | 上海星融汽车科技有限公司 | Data request and transmission method, device and system |
CN113271306B (en) * | 2021-05-18 | 2023-03-24 | 上海星融汽车科技有限公司 | Data request and transmission method, device and system |
CN114679312A (en) * | 2022-03-22 | 2022-06-28 | 通号智慧城市研究设计院有限公司 | Encryption method, electronic device, and computer-readable storage medium |
CN115277166A (en) * | 2022-07-25 | 2022-11-01 | 国网甘肃省电力公司 | Cross-boundary user management system for engineering vector library |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104580248A (en) | Secured logon method for variable secret key encryption under HTTP | |
CN108810029B (en) | Authentication system and optimization method between micro-service architecture services | |
JP6612358B2 (en) | Method, network access device, application server, and non-volatile computer readable storage medium for causing a network access device to access a wireless network access point | |
US11336641B2 (en) | Security enhanced technique of authentication protocol based on trusted execution environment | |
CN103051628B (en) | Obtain the method and system of authentication token based on server | |
WO2017084273A1 (en) | Handshake method, device and system for client and server | |
EP2852118B1 (en) | Method for an enhanced authentication and/or an enhanced identification of a secure element located in a communication device, especially a user equipment | |
CN107800675B (en) | Data transmission method, terminal and server | |
CN113497778B (en) | Data transmission method and device | |
CN105681470B (en) | Communication means, server based on hypertext transfer protocol, terminal | |
JP2016096557A (en) | Encryption key generation | |
WO2017185911A1 (en) | Network user authentication method | |
CN108880995B (en) | Block chain-based unfamiliar social network user information and message pushing encryption method | |
CN108243176B (en) | Data transmission method and device | |
CN112543166B (en) | Real name login method and device | |
CN105025019A (en) | Data safety sharing method | |
CN101640682A (en) | Method for improving safety of Web service | |
CN103701787A (en) | User name password authentication method implemented on basis of public key algorithm | |
CN110035035B (en) | Secondary authentication method and system for single sign-on | |
TWI652594B (en) | Authentication method for login | |
CN103916372B (en) | A kind of third party's log-on message trustship method and system | |
CN108848091A (en) | A kind of mixed encryption method for instant messaging | |
KR20130085492A (en) | Authentication system and method by use of non-fixed user id | |
CN104468607B (en) | multi-server authentication method | |
CN106357659B (en) | Cloud storage authentication system and method and data transmission method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20150429 |