CN104580248A - Secured logon method for variable secret key encryption under HTTP - Google Patents

Secured logon method for variable secret key encryption under HTTP Download PDF

Info

Publication number
CN104580248A
CN104580248A CN201510041527.3A CN201510041527A CN104580248A CN 104580248 A CN104580248 A CN 104580248A CN 201510041527 A CN201510041527 A CN 201510041527A CN 104580248 A CN104580248 A CN 104580248A
Authority
CN
China
Prior art keywords
service end
client
login authentication
temporary key
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201510041527.3A
Other languages
Chinese (zh)
Inventor
傅志山
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Middle Complex Protects Co Ltd
Original Assignee
Middle Complex Protects Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Middle Complex Protects Co Ltd filed Critical Middle Complex Protects Co Ltd
Priority to CN201510041527.3A priority Critical patent/CN104580248A/en
Publication of CN104580248A publication Critical patent/CN104580248A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0457Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply dynamic encryption, e.g. stream encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The invention relates to a secured logon method for variable secret key encryption under an HTTP. The method includes the following steps that a server terminal generates a temporary secret key K according to a login authentication request of a client terminal, and the temporary secret key is sent back to the client terminal and cached at the client terminal; the client terminal generates user information abstract data Hp1 according to a clear-text password and the temporary secret key in an encryption mode; whether the temporary secret key K with the IP being a key value exists or not is inquired by the server terminal according to the login authentication request, and if not, it is judged that the login authentication fails; if yes, a user password of the server terminal is inquired, server terminal information abstract data Hp2 are generated according to the user password of the server terminal and the temporary secret key, the Hp2 is compared with the Hp1, and whether the login authentication fails or succeeds is judged. According to the secured logon method, the secret key and the data are both dynamic, an illegal third party cannot calculate the password data used by current login, and therefore the technical problem that the security is low due to the fact that the passwords are likely to be leaked or forged during login authentication in the prior art can be solved.

Description

The safe login method of changeable key encryption under http protocol
Technical field
The present invention relates to field of information security technology, be specifically related to the safe login method of changeable key encryption under http protocol.
Background technology
Http protocol transmission data are modes of a kind of plaintext, usually when handles user login, client passes to service end by some hash algorithms after information encryption high for the level of securitys such as password, and the data that service end receives encryption have been compared with the data of the same hash algorithm encryption of the process of preserving in database a login authentication.Although this mode is also encrypted password, be the same in client with the cryptographic algorithm of service end, be also expressly in transmitting procedure, worn part clothes just as to password, and this part clothes does not change when each login.So, the fail safe of login is also just made a discount.
Summary of the invention
In order to realize more safe and reliable login authentication, when solving prior art login authentication, password is easily revealed or is forged etc. and the low technical problem of fail safe, the invention provides the safe login method of changeable key encryption under http protocol, the method adopts the mode of changeable key encryption, key and data are all dynamic changes, illegal third party cannot extrapolate current login code data used, drastically increases fail safe.
The present invention adopts following technical scheme: the safe login method of changeable key encryption under http protocol of the present invention, comprises the following steps:
The login authentication request that S1, client are initiated;
S2, service end generate temporary key K according to login authentication request, pass temporary key back client, and using client ip address as key assignments buffer memory temporary key in service end buffer memory;
S3, client are according to the clear-text passwords of input and temporary key K, and encryption generating user information summary data Hp1, passes to service end Hp1;
S4, service end, according to login authentication request, are inquired about and whether be there is the temporary key K that IP is key assignments from service end buffer memory, if there is not temporary key, judge login authentication failure; If there is temporary key, then inquiry service end subscriber password, generates service end informative abstract data Hp2 according to service end user cipher and temporary key K, is compared by Hp2 and Hp1, judges login authentication failure or passes through.
Preferably, time stamp data Ts when described step S2 service end obtains the client ip address of login authentication queued session and initiates current login authentication request from login authentication request, temporary key K is generated by algorithm K=GetKey (IP, Ts).
Preferably, described step S2 service end is to the buffer setting term of validity Exp of temporary key K.
Preferably, first the clear-text passwords of input is encrypted to client user password P1 by described step S3 client, then according to client user password P1 and temporary key K generating user information summary data Hp1.
Preferably, described step S4 service end obtains the client ip address of login authentication request, user name and Profile Summary data Hp1 from login authentication request.
Preferably, described step S4 service end according to login authentication acquisition request user name, if there is temporary key in service end buffer memory, then according to user name inquiry service end subscriber password from database.
Compared with prior art, tool of the present invention has the following advantages and beneficial effect:
The dynamic key that the present invention generates in service end, is a validity sometimes, has the key of life cycle.If when there is some hijacking datas, data forgery in login process, hijacker (i.e. illegal third party) can only take random key or the data after encryption, because key and data are all dynamic changes, so hijacker pseudo-cannot produce consistent response, also just have no idea to extrapolate real code data, thus make the fail safe of login authentication obtain maximum guarantee.
Accompanying drawing explanation
Fig. 1 is the generative process of temporary key;
Fig. 2 is the flow process of client encrypt logon data;
Fig. 3 is the flow process that service end resolves checking logon data.
In figure, each parameter declaration is as follows:
K: during login authentication request, the temporary key that service end generates; IP: the client ip address of initiating login authentication request; Ts: initiate timestamp during login authentication request; Exp: the term of validity of temporary key buffer memory; P: user's clear-text passwords; P1: client is through the user cipher of md5 encryption; P2: the user cipher through md5 encryption that service end stores; Hp1: the Profile Summary data of Hash encryption; Hp2: the server info summary data of Hash encryption.
Embodiment
Below in conjunction with embodiment and accompanying drawing, the present invention is described in further detail, but embodiments of the present invention are not limited to this.
Embodiment
In the present embodiment, the safe login method of changeable key encryption under http protocol, comprises the following steps:
1) the login authentication request of client initiation, service end generates temporary key according to login authentication request, passes temporary key back client, and using client ip address as key assignments buffer memory temporary key in service end buffer memory.
See Fig. 1, when client initiates login authentication request, service end receives request, obtain the client ip address (IP) of initiating current login authentication queued session, as first parameter generating temporary key, obtain the time stamp data (Ts) when initiating current login authentication request simultaneously, as the second parameter generating temporary key, by key schedule K=GetKey (IP, Ts), obtain a temporary key K crossed through base64 coded treatment, then temporary key is returned client by response flow transmission, use IP as key assignments simultaneously, K is buffered in service end buffer memory (web cache), and the term of validity (Exp) of temporary key K buffer memory is set.
2) clear-text passwords of input is encrypted to client user password P1 by client, then encrypts generating user information summary data Hp1 according to client user password P1 and temporary key K, and Hp1 is passed to service end.
As shown in Figure 2, after client obtains the clear-text passwords P of user's input, clear-text passwords is processed through md5 encryption algorithm P1=MD5 (P), obtain the client user password P1 after md5 encryption as the message parameter generating client encrypt data, temporary key K is as the key parameter of algorithm, the Hash cryptographic algorithm of being correlated with by key generates final Hash encrypting user informative abstract data Hp1=HMAC (P1, K).Client, when submitting login authentication request to, passes to service end the Profile Summary data Hp1 encrypted through Hash.
3) service end is according to login authentication request, inquires about and whether there is the temporary key K that IP is key assignments from service end buffer memory, resolves login authentication request, judges login authentication failure or passes through.
After service end receives login authentication request, first client ip address, user name, the Profile Summary data Hp1 of login authentication request is obtained, and from service end buffer memory, inquire about whether there is the temporary key K that IP is key assignments, if there is no, explanation temporary key is expired, directly returns login authentication failure information.If there is this temporary key, from database, the service end user cipher P2 through md5 encryption of preservation is inquired according to user name, the Hash cryptographic algorithm of being correlated with by key generates final Hash cryptographic services client information summary data Hp2=HMAC (P2, K); Wherein service end user cipher P2 is that service end is formed and stored in the user cipher in database through md5 encryption when user registers account number.The summary data Hp1 that the informative abstract data Hp2 generate service end and client pass over compares.Inconsistent, then judge login authentication failure; Unanimously, then judge that login authentication is passed through.
Above-described embodiment is one embodiment of the present invention; but embodiments of the present invention do not limit therewith; be engaged in these those skilled in the art do not deviate from the present invention spirit and principle under make any amendment, replacement, improvement, be all included in protection scope of the present invention.

Claims (10)

  1. The safe login method of changeable key encryption under 1.HTTP agreement, is characterized in that, comprise the following steps:
    The login authentication request that S1, client are initiated;
    S2, service end generate temporary key K according to login authentication request, pass temporary key back client, and using client ip address as key assignments buffer memory temporary key in service end buffer memory;
    S3, client are according to the clear-text passwords of input and temporary key K, and encryption generating user information summary data Hp1, passes to service end Hp1;
    S4, service end, according to login authentication request, are inquired about and whether be there is the temporary key K that IP is key assignments from service end buffer memory, if there is not temporary key, judge login authentication failure; If there is temporary key, then inquiry service end subscriber password, generates service end informative abstract data Hp2 according to service end user cipher and temporary key K, is compared by Hp2 and Hp1, judges login authentication failure or passes through.
  2. 2. safe login method according to claim 1, it is characterized in that, time stamp data Ts when described step S2 service end obtains the client ip address of login authentication queued session and initiates current login authentication request from login authentication request, temporary key K is generated by algorithm K=GetKey (IP, Ts).
  3. 3. safe login method according to claim 1, is characterized in that, described step S2 service end is to the buffer setting term of validity Exp of temporary key K.
  4. 4. safe login method according to claim 1, it is characterized in that, first the clear-text passwords of input is encrypted to client user password P1 by described step S3 client, then according to client user password P1 and temporary key K generating user information summary data Hp1.
  5. 5. safe login method according to claim 4, is characterized in that, described client adopts md5 encryption algorithm that the clear-text passwords of input is encrypted to user cipher P1.
  6. 6. safe login method according to claim 4, is characterized in that, described client adopts Hash cryptographic algorithm generating user information summary data Hp1.
  7. 7. safe login method according to claim 1, is characterized in that, described step S4 service end obtains the client ip address of login authentication request, user name and Profile Summary data Hp1 from login authentication request.
  8. 8. safe login method according to claim 1, is characterized in that, described step S4 service end according to login authentication acquisition request user name, if there is temporary key in service end buffer memory, then according to user name inquiry service end subscriber password from database.
  9. 9. safe login method according to claim 1, is characterized in that, in described step S4, service end adopts Hash cryptographic algorithm to generate service end informative abstract data Hp2.
  10. 10. safe login method according to claim 1, is characterized in that, in described step S4 service end user cipher be user when registering account number service end be formed and stored in the user cipher in database through md5 encryption.
CN201510041527.3A 2015-01-27 2015-01-27 Secured logon method for variable secret key encryption under HTTP Pending CN104580248A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510041527.3A CN104580248A (en) 2015-01-27 2015-01-27 Secured logon method for variable secret key encryption under HTTP

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510041527.3A CN104580248A (en) 2015-01-27 2015-01-27 Secured logon method for variable secret key encryption under HTTP

Publications (1)

Publication Number Publication Date
CN104580248A true CN104580248A (en) 2015-04-29

Family

ID=53095428

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510041527.3A Pending CN104580248A (en) 2015-01-27 2015-01-27 Secured logon method for variable secret key encryption under HTTP

Country Status (1)

Country Link
CN (1) CN104580248A (en)

Cited By (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106850669A (en) * 2017-03-03 2017-06-13 重庆和航科技股份有限公司 Network monitoring system for things message safe transmission method and monitor terminal network registration method
CN107065750A (en) * 2017-05-15 2017-08-18 中国工程物理研究院计算机应用研究所 The industrial control network dynamic security method of interior raw safety
CN107171789A (en) * 2017-04-20 2017-09-15 努比亚技术有限公司 A kind of safe login method, client device and server
CN107483495A (en) * 2017-09-21 2017-12-15 浪潮软件股份有限公司 A kind of big data cluster Host Administration method, management system and service end
CN107612889A (en) * 2017-08-23 2018-01-19 四川长虹电器股份有限公司 The method for preventing user profile from revealing
CN108092937A (en) * 2016-11-23 2018-05-29 厦门雅迅网络股份有限公司 Prevent the method and system of Web system unauthorized access
CN109995700A (en) * 2017-12-29 2019-07-09 北京易安睿龙科技有限公司 A kind of safety protecting method of application program, applications client and ACR server
CN111107073A (en) * 2019-12-11 2020-05-05 数字广东网络建设有限公司 Application automatic login method and device, computer equipment and storage medium
CN112019535A (en) * 2020-08-26 2020-12-01 北京信安世纪科技股份有限公司 Password authentication method
CN112966286A (en) * 2021-03-30 2021-06-15 建信金融科技有限责任公司 Method, system, device and computer readable medium for user login
CN113037703A (en) * 2020-12-16 2021-06-25 重庆扬成大数据科技有限公司 Agricultural informatization work management method in big data environment
CN113037702A (en) * 2020-12-16 2021-06-25 重庆扬成大数据科技有限公司 Agricultural worker login system safe working method based on big data analysis
CN113271306A (en) * 2021-05-18 2021-08-17 上海星融汽车科技有限公司 Data request and transmission method, device and system
CN114221774A (en) * 2020-09-04 2022-03-22 中兴通讯股份有限公司 Authentication method, server, terminal device and storage medium
CN114679312A (en) * 2022-03-22 2022-06-28 通号智慧城市研究设计院有限公司 Encryption method, electronic device, and computer-readable storage medium
CN114817897A (en) * 2021-01-18 2022-07-29 千寻位置网络有限公司 Security reinforcement method for terminal equipment
CN115277166A (en) * 2022-07-25 2022-11-01 国网甘肃省电力公司 Cross-boundary user management system for engineering vector library

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101465735A (en) * 2008-12-19 2009-06-24 北京大学 Network user identification verification method, server and client terminal
CN103391292A (en) * 2013-07-18 2013-11-13 百度在线网络技术(北京)有限公司 Mobile-application-oriented safe login method, system and device
CN104219228A (en) * 2014-08-18 2014-12-17 四川长虹电器股份有限公司 User registration and user identification method and user registration and user identification system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101465735A (en) * 2008-12-19 2009-06-24 北京大学 Network user identification verification method, server and client terminal
CN103391292A (en) * 2013-07-18 2013-11-13 百度在线网络技术(北京)有限公司 Mobile-application-oriented safe login method, system and device
CN104219228A (en) * 2014-08-18 2014-12-17 四川长虹电器股份有限公司 User registration and user identification method and user registration and user identification system

Cited By (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108092937A (en) * 2016-11-23 2018-05-29 厦门雅迅网络股份有限公司 Prevent the method and system of Web system unauthorized access
CN108092937B (en) * 2016-11-23 2021-04-20 厦门雅迅网络股份有限公司 Method and system for preventing unauthorized access of Web system
CN106850669A (en) * 2017-03-03 2017-06-13 重庆和航科技股份有限公司 Network monitoring system for things message safe transmission method and monitor terminal network registration method
CN106850669B (en) * 2017-03-03 2020-10-23 重庆和航科技股份有限公司 Message security transmission method for Internet of things monitoring system
CN107171789A (en) * 2017-04-20 2017-09-15 努比亚技术有限公司 A kind of safe login method, client device and server
CN107065750A (en) * 2017-05-15 2017-08-18 中国工程物理研究院计算机应用研究所 The industrial control network dynamic security method of interior raw safety
CN107612889B (en) * 2017-08-23 2020-06-30 四川长虹电器股份有限公司 Method for preventing user information leakage
CN107612889A (en) * 2017-08-23 2018-01-19 四川长虹电器股份有限公司 The method for preventing user profile from revealing
CN107483495A (en) * 2017-09-21 2017-12-15 浪潮软件股份有限公司 A kind of big data cluster Host Administration method, management system and service end
CN109995700A (en) * 2017-12-29 2019-07-09 北京易安睿龙科技有限公司 A kind of safety protecting method of application program, applications client and ACR server
CN109995700B (en) * 2017-12-29 2021-10-15 北京易安睿龙科技有限公司 Security protection method of application program, application client and ACR server
CN111107073A (en) * 2019-12-11 2020-05-05 数字广东网络建设有限公司 Application automatic login method and device, computer equipment and storage medium
CN112019535A (en) * 2020-08-26 2020-12-01 北京信安世纪科技股份有限公司 Password authentication method
CN112019535B (en) * 2020-08-26 2023-03-07 北京信安世纪科技股份有限公司 Password authentication method
CN114221774A (en) * 2020-09-04 2022-03-22 中兴通讯股份有限公司 Authentication method, server, terminal device and storage medium
CN113037702A (en) * 2020-12-16 2021-06-25 重庆扬成大数据科技有限公司 Agricultural worker login system safe working method based on big data analysis
CN113037702B (en) * 2020-12-16 2021-11-09 重庆扬成大数据科技有限公司 Agricultural worker login system safe working method based on big data analysis
CN113037703A (en) * 2020-12-16 2021-06-25 重庆扬成大数据科技有限公司 Agricultural informatization work management method in big data environment
CN114817897A (en) * 2021-01-18 2022-07-29 千寻位置网络有限公司 Security reinforcement method for terminal equipment
CN112966286A (en) * 2021-03-30 2021-06-15 建信金融科技有限责任公司 Method, system, device and computer readable medium for user login
CN113271306A (en) * 2021-05-18 2021-08-17 上海星融汽车科技有限公司 Data request and transmission method, device and system
CN113271306B (en) * 2021-05-18 2023-03-24 上海星融汽车科技有限公司 Data request and transmission method, device and system
CN114679312A (en) * 2022-03-22 2022-06-28 通号智慧城市研究设计院有限公司 Encryption method, electronic device, and computer-readable storage medium
CN115277166A (en) * 2022-07-25 2022-11-01 国网甘肃省电力公司 Cross-boundary user management system for engineering vector library

Similar Documents

Publication Publication Date Title
CN104580248A (en) Secured logon method for variable secret key encryption under HTTP
CN108810029B (en) Authentication system and optimization method between micro-service architecture services
JP6612358B2 (en) Method, network access device, application server, and non-volatile computer readable storage medium for causing a network access device to access a wireless network access point
US11336641B2 (en) Security enhanced technique of authentication protocol based on trusted execution environment
CN103051628B (en) Obtain the method and system of authentication token based on server
WO2017084273A1 (en) Handshake method, device and system for client and server
EP2852118B1 (en) Method for an enhanced authentication and/or an enhanced identification of a secure element located in a communication device, especially a user equipment
CN107800675B (en) Data transmission method, terminal and server
CN113497778B (en) Data transmission method and device
CN105681470B (en) Communication means, server based on hypertext transfer protocol, terminal
JP2016096557A (en) Encryption key generation
WO2017185911A1 (en) Network user authentication method
CN108880995B (en) Block chain-based unfamiliar social network user information and message pushing encryption method
CN108243176B (en) Data transmission method and device
CN112543166B (en) Real name login method and device
CN105025019A (en) Data safety sharing method
CN101640682A (en) Method for improving safety of Web service
CN103701787A (en) User name password authentication method implemented on basis of public key algorithm
CN110035035B (en) Secondary authentication method and system for single sign-on
TWI652594B (en) Authentication method for login
CN103916372B (en) A kind of third party's log-on message trustship method and system
CN108848091A (en) A kind of mixed encryption method for instant messaging
KR20130085492A (en) Authentication system and method by use of non-fixed user id
CN104468607B (en) multi-server authentication method
CN106357659B (en) Cloud storage authentication system and method and data transmission method

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20150429