CN105119884A - Method for verifying authority of network communication user - Google Patents
Method for verifying authority of network communication user Download PDFInfo
- Publication number
- CN105119884A CN105119884A CN201510402811.9A CN201510402811A CN105119884A CN 105119884 A CN105119884 A CN 105119884A CN 201510402811 A CN201510402811 A CN 201510402811A CN 105119884 A CN105119884 A CN 105119884A
- Authority
- CN
- China
- Prior art keywords
- user
- client
- service end
- current
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/1066—Session management
- H04L65/1073—Registration or de-registration
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- General Business, Economics & Management (AREA)
- Multimedia (AREA)
- Power Engineering (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention belongs to the technical field of computer network communication, and discloses a method for verifying the authority of a network communication user. A client sends communication information of a functional protocol request to a server, and the functional protocol comprises user ID, sessionkey, current time stamp of the server and other business protocols. The step of obtaining the current time stamp of the server includes the client obtains the time stamp before the current functional protocol is sent, adding the user login time obtaining the client time stamp and subtracting the time stamp of the serve to obtain the time stamp difference. The server receives the communication information sent by the client, and determines whether the current communication is legal and whether the current protocol is legal. The validity of a service request sponsor and the requested protocol is completed, and the current communication is strictly protected against leakage.
Description
Technical field
The invention belongs to computer network communication technology field, be specifically related to a kind of method of calibration for network service user right.
Background technology
Constantly universal along with the development of network technology and various network application, shares by the mode of network service between people that specific file becomes people's routine work gradually, an indispensable part of living.Under the network communications environment of complexity, there is the possibility that vital document transferring content is divulged a secret, communication process is monitored, core technology is stolen, also may there is the malicious attack to terminal transmission equipment, therefore ensure that the fail safe of terminal network communication is most important.
Current most of terminal communication mode does not cause enough attention to the fail safe of communication.The account management of existing service end and control of authority major part all carry out managing and controlling for the direct called side of service, and for causing the original initiator of direct called side, are not then substantially differentiated.But also there are some systems to consider the difference of original initiator, but just specify the mode of original initiator to differentiate by direct called side, and whether legal to specified original initiator, then do not confirmed further.Therefore, these service systems existing lack perfect ID authentication mechanism, and revealing the communication information does not have corresponding prevention mechanism yet.
Summary of the invention
For the deficiency that above-mentioned prior art exists, the object of this invention is to provide a kind of method of calibration for network service user right, the method not only improves the legitimacy of the legitimacy of request service promoter and the agreement of request, but also carries out close protection to the leakage of present communications information.
Given this, the invention provides a kind of method of calibration for network service user right, the method comprises:
Client is to the communication information of service end sending function agreement request, described functional protocol comprises user ID, sessionkey, service end current time stamp and other service protocols, the concrete steps wherein obtaining described service end current time stamp are: client obtains the timestamp before current sending function agreement, add that user's landing time acquisition client time stabs the time tolerance deducting service end timestamp and obtain;
Service end receives the communication information that client sends, and judges to judge whether present communications whether be legitimate correspondence and Current protocol is legal agreement respectively successively.
As preferably, describedly judge present communications whether legal particular content is: according to receiving function agreement, obtain the timestamp that service end receives, then the timestamp timestamp that service end receives being deducted the current acquisition of service end calculates the absolute value of time tolerance, if when time tolerance is greater than given overtime threshold, then judge that present communications time-out is illegal and return client timeout information code; If when time tolerance is less than or equal to given overtime threshold, then judge that this communication is legitimate correspondence and continues the judgement whether Current protocol is legal agreement.
As preferably, describedly judge that whether Current protocol is the particular content of legal agreement and is: compare with the sessionkey that logs under user ID temporarily according to the sessionkey that client sends, if the same continue to operate according to other service protocols follow-up for legal agreement; If not identical, telex network agreement is illegal and return the illegal return code of client protocol.
As preferably, the communication information from described client to service end sending function agreement request before also comprise client Sign-On services end, concrete steps are as follows:
Client sends and logs in agreement to service end, and the wherein said agreement that logs in comprises active user ID and current phone mac address;
Service end obtains the logon information of active user according to active user ID and returns client user's logon information;
Client receives user's logon information, and when user's logon information user logon information is for upgrading local data base when logging in successful information, and record logs in successful information.
As preferred further, when service end logs in for active user ID according to the logon information that active user ID obtains active user, then judge that whether mac address is identical with registration mac address, if the same upgrade and log in data record and current login user is set to logon information, if not identical, return client reminding user and log in failure and ask user to utilize phone number to give user ID for change, to upgrade mac address.
As preferred further, when service end does not log in for active user No. ID according to the logon information that active user ID obtains active user, then continue to judge that whether mac address is that the mac address of registration is identical, if not identical, return client reminding user and log in failure and ask user to utilize phone number to give number for change, to upgrade mac address; If the same log in successfully, service end keeping records current time is stabbed, and upgrades and currently logs in successful information, return client and log in successful information.
As further preferred, described in return client the timestamp of user's logon information when comprising timestamp that user logs in and logged in by service end add the character string that the mac address unique value of active user's terminal is formed and change into the value Sessionkey of MD5 code.
As preferably, before client Sign-On services end, also comprise client registers service end, concrete steps are as follows:
Client sends log-in protocol to service end, and wherein said log-in protocol comprises active user's cell-phone number and mac address and user's name and user cipher;
Service end judges whether user is registered, if be judged as being registered, then return and re-registers; If judge not to be registered, then return client registers success, and return the unique identities user ID of this user in service end;
Client receives to succeed in registration after information and upgrades local data base, and current unique identities user ID write into Databasce is upgraded display interface.
The present invention compared with prior art has following beneficial effect: the present invention receives to the communication information of service end sending function agreement request and service end the communication information that client sends mainly through client and judges to judge successively respectively whether present communications whether be legitimate correspondence and Current protocol is legal agreement, not only improve the legitimacy of the legitimacy of request service promoter and the agreement of request, but also close protection is carried out to the leakage of present communications information.
Accompanying drawing explanation
Fig. 1 is the basic flow sheet of method described in the embodiment of the present invention.
Fig. 2 is the operating diagram of the service end of client registers described in the embodiment of the present invention.
Fig. 3 is the operating diagram of the Sign-On services of client described in embodiment of the present invention end.
Fig. 4 is communication work schematic diagram between client and service end described in the embodiment of the present invention.
Embodiment
Below in conjunction with accompanying drawing, the embodiment of the present invention is described in detail.
As shown in Figures 1 to 4, embodiments provide a kind of method of calibration for network service user right, the method comprises client registers service end, client Sign-On services end, client and receives to the communication information of service end sending function agreement request and service end the communication information that client sends and judge to judge successively respectively whether present communications whether be legitimate correspondence and Current protocol is legal agreement.Wherein, described functional protocol comprises user ID, sessionkey, service end current time stamp and other service protocols, the concrete steps wherein obtaining described service end current time stamp are: client obtains the timestamp before current sending function agreement, add that user's landing time acquisition client time stabs the time tolerance deducting service end timestamp and obtain.
Describedly judge present communications whether legal particular content is: according to receiving function agreement, obtain the timestamp that service end receives, then the timestamp timestamp that service end receives being deducted the current acquisition of service end calculates the absolute value of time tolerance, if when time tolerance is greater than given overtime threshold, then judge that present communications time-out is illegal and return client timeout information code; If when time tolerance is less than or equal to given overtime threshold, then judge that this communication is legitimate correspondence and continues the judgement whether Current protocol is legal agreement.In this law inventive embodiments, described given overtime threshold defines according to actual demand, such as 25 seconds.The benefit that the present invention sets given overtime threshold like this after this communication connection request 25 seconds afterwards just without any use, if third party has intercepted and captured communication connection, within 25 seconds, afterwards just without any effect, thus improved the prevention ability of the communication information.
Describedly judge that whether Current protocol is the particular content of legal agreement and is: compare with the sessionkey that logs under user ID temporarily according to the sessionkey that client sends, if the same continue to operate according to other service protocols follow-up for legal agreement; If not identical, telex network agreement is illegal and return the illegal return code of client protocol.
The concrete steps of described client registers service end are that client sends log-in protocol to service end, and wherein said log-in protocol comprises active user's cell-phone number and mac address and user's name and user cipher; Service end judges whether user is registered, if be judged as being registered, then return and re-registers; If judge not to be registered, then return client registers success, and return the unique identities user ID of this user in service end;
Client receives to succeed in registration after information and upgrades local data base, and current unique identities user ID write into Databasce is upgraded display interface.
The concrete steps of described client Sign-On services end are that client transmission logs in agreement to service end, and the wherein said agreement that logs in comprises active user ID and current phone mac address; Service end obtains the logon information of active user according to active user ID and returns client user's logon information; Client receives user's logon information, and when user's logon information user logon information is for upgrading local data base when logging in successful information, and record logs in successful information.
When service end logs in for active user ID according to the logon information that active user ID obtains active user, then judge that whether mac address is identical with registration mac address, if the same upgrade and log in data record and current login user is set to logon information, if not identical, return client reminding user and log in failure and ask user to utilize phone number to give user ID for change, to upgrade mac address.
When service end does not log in for active user No. ID according to the logon information that active user ID obtains active user, then continue to judge that whether mac address is that the mac address of registration is identical, if not identical, return client reminding user and log in failure and ask user to utilize phone number to give number for change, to upgrade mac address; If the same log in successfully, service end keeping records current time is stabbed, and upgrades and currently logs in successful information, return client and log in successful information.In embodiments of the present invention, described in log in successful information and comprise timestamp when logging in successfully and keeping records sessionkey value, wherein this value sessionkey is the interim MD5 code that character string that mac address and current service end timestamp form is changed.
Timestamp when the described user's logon information returning client comprises timestamp that user logs in and logged in by service end adds the character string that the mac address unique value of active user's terminal is formed and changes into the value Sessionkey of MD5 code.In embodiments of the present invention, timestamp is current point in time, in the millisecond time, such as: 1435723932 XX when being converted to XXXX XX month XX day XX divide XX second, concrete example as: during 1 day 12 July in 2015 12 points 12 seconds.Wherein Sessionkey is after client Sign-On services end, and service end is one of unique judgment value that client prepares temporarily, and only effective during this period of time at this user's Sign-On services end, as published, this value empties.
The MD5 code composition that the character string that timestamp when this value Sessionkey is service end login adds the mac unique value composition of current user terminal changes into, this value Sessionkey is used to be whether mac address in order to judge active user is the same, but in order to avoid by mac address-transparent, change into MD code again so combine with timestamp, each like this to log in this Sessionkey all different.
Above content is only preferred embodiment of the present invention, and for those of ordinary skill in the art, according to thought of the present invention, all will change in specific embodiments and applications, this description should not be construed as limitation of the present invention.
Claims (8)
1., for a method of calibration for network service user right, the method comprises:
Client is to the communication information of service end sending function agreement request, described functional protocol comprises user ID, sessionkey, service end current time stamp and other service protocols, the concrete steps wherein obtaining described service end current time stamp are: client obtains the timestamp before current sending function agreement, add that user's landing time acquisition client time stabs the time tolerance deducting service end timestamp and obtain;
Service end receives the communication information that client sends, and judges to judge whether present communications whether be legitimate correspondence and Current protocol is legal agreement respectively successively.
2. the method for calibration for network service user right according to claim 1, it is characterized in that, describedly judge present communications whether legal particular content is: according to receiving function agreement, obtain the timestamp that service end receives, then the timestamp timestamp that service end receives being deducted the current acquisition of service end calculates the absolute value of time tolerance, if when time tolerance is greater than given overtime threshold, then judge that present communications time-out is illegal and return client timeout information code; If when time tolerance is less than or equal to given overtime threshold, then judge that this communication is legitimate correspondence and continues the judgement whether Current protocol is legal agreement.
3. the method for calibration for network service user right according to claim 1, it is characterized in that, describedly judge that whether Current protocol is the particular content of legal agreement and is: compare with the sessionkey that logs under user ID temporarily according to the sessionkey that client sends, if the same continue to operate according to other service protocols follow-up for legal agreement; If not identical, telex network agreement is illegal and return the illegal return code of client protocol.
4. the method for calibration for network service user right according to claim 1, is characterized in that, the communication information from described client to service end sending function agreement request before also comprise client Sign-On services end, concrete steps are as follows:
Client sends and logs in agreement to service end, and the wherein said agreement that logs in comprises active user ID and current phone mac address;
Service end obtains the logon information of active user according to active user ID and returns client user's logon information;
Client receives user's logon information, and when user's logon information user logon information is for upgrading local data base when logging in successful information, and record logs in successful information.
5. the method for calibration for network service user right according to claim 4, it is characterized in that, when service end logs in for active user ID according to the logon information that active user ID obtains active user, then judge that whether mac address is identical with registration mac address, if the same upgrade and log in data record and current login user is set to logon information, if not identical, return client reminding user and log in failure and ask user to utilize phone number to give user ID for change, to upgrade mac address.
6. the method for calibration for network service user right according to claim 4, it is characterized in that, when service end does not log in for active user No. ID according to the logon information that active user ID obtains active user, then continue to judge that whether mac address is that the mac address of registration is identical, if not identical, return client reminding user and log in failure and ask user to utilize phone number to give number for change, to upgrade mac address; If the same log in successfully, service end keeping records current time is stabbed, and upgrades and currently logs in successful information, return client and log in successful information.
7. the method for calibration for network service user right according to claim 4, it is characterized in that, described in return client the timestamp of user's logon information when comprising timestamp that user logs in and logged in by service end add the character string that the mac address unique value of active user's terminal is formed and change into the value Sessionkey of MD5 code.
8. the method for calibration for network service user right according to claim 4, is characterized in that, before client Sign-On services end, also comprise client registers service end, concrete steps are as follows:
Client sends log-in protocol to service end, and wherein said log-in protocol comprises active user's cell-phone number and mac address and user's name and user cipher;
Service end judges whether user is registered, if be judged as being registered, then return and re-registers; If judge not to be registered, then return client registers success, and return the unique identities user ID of this user in service end;
Client receives to succeed in registration after information and upgrades local data base, and current unique identities user ID write into Databasce is upgraded display interface.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510402811.9A CN105119884A (en) | 2015-07-10 | 2015-07-10 | Method for verifying authority of network communication user |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510402811.9A CN105119884A (en) | 2015-07-10 | 2015-07-10 | Method for verifying authority of network communication user |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105119884A true CN105119884A (en) | 2015-12-02 |
Family
ID=54667776
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510402811.9A Pending CN105119884A (en) | 2015-07-10 | 2015-07-10 | Method for verifying authority of network communication user |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105119884A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105939485A (en) * | 2016-06-27 | 2016-09-14 | 武汉斗鱼网络科技有限公司 | System and method for monitoring bullet screen service availability based on user bullet screen behaviors |
| CN108881130A (en) * | 2017-05-16 | 2018-11-23 | 中国移动通信集团重庆有限公司 | The method of controlling security and device of session control information |
| CN110445809A (en) * | 2019-09-03 | 2019-11-12 | 深圳绿米联创科技有限公司 | Network attack detecting method, device, system, electronic equipment and storage medium |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101184204A (en) * | 2007-12-25 | 2008-05-21 | 天柏宽带网络科技(北京)有限公司 | Authentication method for interdynamic television service |
| US20080120719A1 (en) * | 2006-11-18 | 2008-05-22 | Friend Doug | Login security daemon |
| CN102651006A (en) * | 2011-02-25 | 2012-08-29 | 上海网环信息科技有限公司 | Database table record locking method and device |
| CN102739659A (en) * | 2012-06-16 | 2012-10-17 | 华南师范大学 | Authentication method for preventing replay attack |
| US20130067288A1 (en) * | 2011-09-09 | 2013-03-14 | Microsoft Corporation | Cooperative Client and Server Logging |
| CN103139200A (en) * | 2013-01-06 | 2013-06-05 | 深圳市元征科技股份有限公司 | Single sign-on method of web service |
| CN103179195A (en) * | 2013-02-28 | 2013-06-26 | 河南有线电视网络集团有限公司 | Authentication method and authentication system for page visiting |
| CN104410622A (en) * | 2014-11-25 | 2015-03-11 | 珠海格力电器股份有限公司 | Security Authentication Method, Client and System for Logging in Web System |
-
2015
- 2015-07-10 CN CN201510402811.9A patent/CN105119884A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080120719A1 (en) * | 2006-11-18 | 2008-05-22 | Friend Doug | Login security daemon |
| CN101184204A (en) * | 2007-12-25 | 2008-05-21 | 天柏宽带网络科技(北京)有限公司 | Authentication method for interdynamic television service |
| CN102651006A (en) * | 2011-02-25 | 2012-08-29 | 上海网环信息科技有限公司 | Database table record locking method and device |
| US20130067288A1 (en) * | 2011-09-09 | 2013-03-14 | Microsoft Corporation | Cooperative Client and Server Logging |
| CN102739659A (en) * | 2012-06-16 | 2012-10-17 | 华南师范大学 | Authentication method for preventing replay attack |
| CN103139200A (en) * | 2013-01-06 | 2013-06-05 | 深圳市元征科技股份有限公司 | Single sign-on method of web service |
| CN103179195A (en) * | 2013-02-28 | 2013-06-26 | 河南有线电视网络集团有限公司 | Authentication method and authentication system for page visiting |
| CN104410622A (en) * | 2014-11-25 | 2015-03-11 | 珠海格力电器股份有限公司 | Security Authentication Method, Client and System for Logging in Web System |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105939485A (en) * | 2016-06-27 | 2016-09-14 | 武汉斗鱼网络科技有限公司 | System and method for monitoring bullet screen service availability based on user bullet screen behaviors |
| CN105939485B (en) * | 2016-06-27 | 2018-11-06 | 武汉斗鱼网络科技有限公司 | System and method based on user's barrage behavior monitoring barrage service availability |
| CN108881130A (en) * | 2017-05-16 | 2018-11-23 | 中国移动通信集团重庆有限公司 | The method of controlling security and device of session control information |
| CN110445809A (en) * | 2019-09-03 | 2019-11-12 | 深圳绿米联创科技有限公司 | Network attack detecting method, device, system, electronic equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8869253B2 (en) | Electronic system for securing electronic services | |
| CN106664302B (en) | Method and system for revoking session using signaling | |
| CN108537046A (en) | A kind of online contract signature system and method based on block chain technology | |
| CN105516163B (en) | A kind of login method and terminal device and communication system | |
| CN110225050B (en) | JWT token management method | |
| CN105681470B (en) | Communication means, server based on hypertext transfer protocol, terminal | |
| CN102546648A (en) | Resource access authorization method | |
| CN108259502A (en) | For obtaining the identification method of interface access rights, server-side and storage medium | |
| CN110276197A (en) | The method to be come into force in real time based on shared blacklist revocation JWT token | |
| CN101873298A (en) | Registration method, terminal, server and system | |
| CN105681047B (en) | A kind of CA certificate signs and issues method and system | |
| CN101741860A (en) | Computer remote security control method | |
| US11165768B2 (en) | Technique for connecting to a service | |
| CN109274579A (en) | It is a kind of that user's uniform authentication method is applied based on wechat platform more | |
| CN104717063A (en) | Software security protection method of mobile terminal | |
| CN104753954A (en) | Method for using fortress machine to guarantee network security | |
| CN107113320B (en) | Method, related equipment and system for downloading signed file | |
| CN104717649A (en) | Method for remote control over wiping of software data of mobile terminal | |
| CN104657856A (en) | Position certification based intelligent mobile client payment method and server system | |
| CN105119884A (en) | Method for verifying authority of network communication user | |
| CN113839966A (en) | Security management system based on micro-service | |
| CN103957189A (en) | Application program interaction method and device | |
| CN104821951A (en) | Safety communication method and device | |
| CN108696538A (en) | A kind of safety communicating method of the IMS systems based on key file | |
| WO2007060016A2 (en) | Self provisioning token |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20151202 |
|
| WD01 | Invention patent application deemed withdrawn after publication |