CN105407102A - Http request data reliability verification method - Google Patents

Http request data reliability verification method Download PDF

Info

Publication number
CN105407102A
CN105407102A CN201510918630.1A CN201510918630A CN105407102A CN 105407102 A CN105407102 A CN 105407102A CN 201510918630 A CN201510918630 A CN 201510918630A CN 105407102 A CN105407102 A CN 105407102A
Authority
CN
China
Prior art keywords
http request
request data
data
authorization
http
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201510918630.1A
Other languages
Chinese (zh)
Other versions
CN105407102B (en
Inventor
魏劲超
刘韵宜
江涛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sichuan Changhong Electric Co Ltd
Original Assignee
Sichuan Changhong Electric Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sichuan Changhong Electric Co Ltd filed Critical Sichuan Changhong Electric Co Ltd
Priority to CN201510918630.1A priority Critical patent/CN105407102B/en
Publication of CN105407102A publication Critical patent/CN105407102A/en
Application granted granted Critical
Publication of CN105407102B publication Critical patent/CN105407102B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention relates to a data reliability verification technology, discloses an http request data reliability verification method, and aims to realize efficient verification of http user identity information and data integrity. According to the scheme, the http request data reliability verification method comprises the following steps: a, resolving a header of http request data by a server to find an authorization element and an expect element; b, verifying whether authorization is matched with a stored user token or not, if so, indicating that the user identity information is correct, and otherwise prompting a verification error; and c, verifying whether a transmitted expect parameter is matched with a signature of transmitted content or not, if so, indicating that data integrity verification is passed, and otherwise discarding a data packet. The http request data reliability verification method is suitable for verifying the reliability of http data.

Description

Http request data reliability verifying method
Technical field
The present invention relates to data reliability verification technique, be specifically related to a kind of http request data reliability verifying method.
Background technology
The use of cell-phone customer terminal occupies a very large proportion in present Mobile Development, what present cell-phone customer terminal used frequently also brings huge challenge to the safety issue of data, therefore how to verify that the reliability of the data received also becomes problem demanding prompt solution in the current network communications field.
Summary of the invention
Technical problem to be solved by this invention is: propose a kind of http request data reliability verifying method, realizes the efficient verification to http subscriber identity information and data integrity.
The present invention solves the problems of the technologies described above adopted technical scheme, and http request data reliability verifying method, comprises the following steps:
A. the head of server parses http request data finds out authorization element and expect element;
B. verify whether authorization mates with the user token stored, if coupling, shows that subscriber identity information is errorless, if do not mate, points out authentication error;
C. the expect parameter verifying transmission whether with the signatures match of transferring content, if coupling, then show that data integrity validation passes through, if do not mate, then abandon this packet.
Further, in step a, server, when resolving the head of http request data, if do not find authorization element, then adopts following processing mode:
Judge whether this http request comes from login interface and call, if, then generate user token at server end and return to client, authorization when client is using this token as subsequent calls, call if come from non-login interface, then judge that this http request is invalidation request, then abandon this request.
Further, in step c, whether mate with the signature of transferring content according to the client public key checking expect parameter that server end is deposited.
The invention has the beneficial effects as follows: the implementation employing overstepping one's bounds symmetric cryptography and the dynamic token of user verifies data security for http request and user information safety, avoid physical equipment expense and avoid the repeatedly transmission of user name password.
Embodiment
The present invention is intended to propose a kind of http request data reliability verifying method, realizes the efficient verification to http subscriber identity information and data integrity.The present invention utilizes MVC framework to complete before entering service logic the checking whether identity of user judges and be modified http message, finally utilizes technique to realize the service logic of Data Encryption Transmission and user rs authentication.
First brief introduction is done to http data format:
1.http encapsulation format: following data format is that mobile phone sends to the http head form of server end and the parameter of correspondence, we use such form to be different position in order to the parameter of difference in functionality be placed in request message, make service logic more clear like this.
1.1 data formats:
POSThttp://localhost:21815/api/NewLoginHTTP/1.1
Connection:Keep-Alive
Content-Length:467
Content-Type:application/json
Content-Encoding:utf-8
Accept:application/json
Expet:6e56e5ebeebad5bbf46c0a4d2bfcf852
Authorization:360539e753eff58a1cc5ad625358a27b
Host:localhost:21815
User-Agent:Apache-HttpClient/UNAVAILABLE(java1.4)
{
"newUserName":"yh7fdzzTwkt29rU9CSf+HTftTHyefKyJAZC7PjDR74bYb",
"newPassWord":"yh7fdzzTwkt29rU9CSf+HTftTHyefKyJAZC7PjDR74bYb"
}
1.2 data formats illustrate:
The signature verification of what 1.2.1Expect field passed over is body element content, for guaranteeing that data are not tampered;
1.2.2Authorization field deposits the mark (token) of user, and this mark does authentication for the password and login name substituting user;
1.2.3{ " newUserName ": " ", " newPassWord ": " " } body part, the data namely transmitted, username and password is the ciphertext using rivest, shamir, adelman encryption.
2. the generation of data format and storage:
2.1Expect field uses rivest, shamir, adelman or agreement cryptographic algorithm, by comparison ciphertext, server end and terminal, respectively to body content-encrypt, know whether that data are tampered.
2.2Authorization is user ID (token), is generated the client passing to and initiate logging request by server when logging in.Every log in after request necessarily bring this field, otherwise this request is invalid.This record is deposited in the internal memory of database or server and is associated with in corresponding user account information.
Based on above-mentioned data format, http request data reliability verifying method of the present invention comprises the following steps:
A. the head of server parses http request data finds out authorization element and expect element;
Server, when resolving the head of http request data, if do not find authorization element, then adopts following processing mode:
Judge whether this http request comes from login interface and call, if, then generate user token at server end and return to client, authorization when client is using this token as subsequent calls, call if come from non-login interface, then judge that this http request is invalidation request, then abandon this request.
B. verify whether authorization mates with the user token stored, if coupling, shows that subscriber identity information is errorless, if do not mate, points out authentication error;
C. the expect parameter verifying transmission whether with the signatures match of transferring content, if coupling, then show that data integrity validation passes through, if do not mate, then abandon this packet.
Whether the client public key checking expect parameter deposited according to server end in this step mates with the signature of transferring content.

Claims (3)

1.http request msg reliability verification method, is characterized in that, comprise the following steps:
A. the head of server parses http request data finds out authorization element and expect element;
B. verify whether authorization mates with the user token stored, if coupling, shows that subscriber identity information is errorless, if do not mate, points out authentication error;
C. the expect parameter verifying transmission whether with the signatures match of transferring content, if coupling, then show that data integrity validation passes through, if do not mate, then abandon this packet.
2. http request data reliability verifying method as claimed in claim 1, is characterized in that, in step a, server, when resolving the head of http request data, if do not find authorization element, then adopts following processing mode:
Judge whether this http request comes from login interface and call, if, then generate user token at server end and return to client, authorization when client is using this token as subsequent calls, call if come from non-login interface, then judge that this http request is invalidation request, then abandon this request.
3. whether http request data reliability verifying method as claimed in claim 1, is characterized in that, in step c, mate with the signature of transferring content according to the client public key checking expect parameter that server end is deposited.
CN201510918630.1A 2015-12-10 2015-12-10 Http request data reliability verifying method Active CN105407102B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510918630.1A CN105407102B (en) 2015-12-10 2015-12-10 Http request data reliability verifying method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510918630.1A CN105407102B (en) 2015-12-10 2015-12-10 Http request data reliability verifying method

Publications (2)

Publication Number Publication Date
CN105407102A true CN105407102A (en) 2016-03-16
CN105407102B CN105407102B (en) 2019-05-17

Family

ID=55472355

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510918630.1A Active CN105407102B (en) 2015-12-10 2015-12-10 Http request data reliability verifying method

Country Status (1)

Country Link
CN (1) CN105407102B (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106911684A (en) * 2017-02-17 2017-06-30 武汉斗鱼网络科技有限公司 A kind of method for authenticating and system
CN107911376A (en) * 2017-11-29 2018-04-13 南京莱斯信息技术股份有限公司 The WEB systems single-sign-on and access control implementation method of a kind of non-invasive
CN108011889A (en) * 2017-12-15 2018-05-08 四川长虹电器股份有限公司 Body contents entirety encrypted transmission method in http request
CN108243172A (en) * 2016-12-27 2018-07-03 武汉斗鱼网络科技有限公司 A kind of method and system for sending verification information
US10911581B2 (en) 2016-04-28 2021-02-02 Huawei Technologies Co., Ltd. Packet parsing method and device

Citations (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101478755A (en) * 2009-01-21 2009-07-08 中兴通讯股份有限公司 Network security HTTP negotiation method and related apparatus
CN102143134A (en) * 2010-08-05 2011-08-03 华为技术有限公司 Method, device and system for distributed identity authentication
CN102387354A (en) * 2011-11-25 2012-03-21 中山大学 Video monitoring system based on embedded web server
CN102404392A (en) * 2011-11-10 2012-04-04 山东浪潮齐鲁软件产业股份有限公司 Integration type registering method for web application or website
CN102422593A (en) * 2009-05-14 2012-04-18 微软公司 HTTP-based authentication
CN102638454A (en) * 2012-03-14 2012-08-15 武汉理工大学 Plug-in type SSO (single signon) integration method oriented to HTTP (hypertext transfer protocol) identity authentication protocol
US20120246312A1 (en) * 2011-03-25 2012-09-27 International Business Machines Corporation Transforming HTTP Requests Into Web Services Trust Messages For Security Processing
CN103188248A (en) * 2011-12-31 2013-07-03 卓望数码技术(深圳)有限公司 Identity authentication system and method based on single sign-on
CN103188295A (en) * 2011-12-28 2013-07-03 上海格尔软件股份有限公司 WEB single sign-on method completely transparent to user and application
CN103368963A (en) * 2013-07-15 2013-10-23 网宿科技股份有限公司 HTTP message tamper-proofing method in content distribution network
CN103475477A (en) * 2013-09-03 2013-12-25 深圳市共进电子股份有限公司 Safe authorized access method
CN103607284A (en) * 2013-12-05 2014-02-26 潘志彪 Identity authentication method and equipment and server
CN103944900A (en) * 2014-04-18 2014-07-23 中国科学院计算技术研究所 Cross-station request attack defense method and device based on encryption
CN103973695A (en) * 2014-05-16 2014-08-06 浪潮电子信息产业股份有限公司 Signature algorithm for server validation
CN104486325A (en) * 2014-12-10 2015-04-01 上海爱数软件有限公司 Safe login certification method based on RESTful
CN104767731A (en) * 2015-03-12 2015-07-08 江苏中天科技软件技术有限公司 Identity authentication protection method of Restful mobile transaction system

Patent Citations (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101478755A (en) * 2009-01-21 2009-07-08 中兴通讯股份有限公司 Network security HTTP negotiation method and related apparatus
CN102422593A (en) * 2009-05-14 2012-04-18 微软公司 HTTP-based authentication
CN102143134A (en) * 2010-08-05 2011-08-03 华为技术有限公司 Method, device and system for distributed identity authentication
US20120246312A1 (en) * 2011-03-25 2012-09-27 International Business Machines Corporation Transforming HTTP Requests Into Web Services Trust Messages For Security Processing
CN102404392A (en) * 2011-11-10 2012-04-04 山东浪潮齐鲁软件产业股份有限公司 Integration type registering method for web application or website
CN102387354A (en) * 2011-11-25 2012-03-21 中山大学 Video monitoring system based on embedded web server
CN103188295A (en) * 2011-12-28 2013-07-03 上海格尔软件股份有限公司 WEB single sign-on method completely transparent to user and application
CN103188248A (en) * 2011-12-31 2013-07-03 卓望数码技术(深圳)有限公司 Identity authentication system and method based on single sign-on
CN102638454A (en) * 2012-03-14 2012-08-15 武汉理工大学 Plug-in type SSO (single signon) integration method oriented to HTTP (hypertext transfer protocol) identity authentication protocol
CN103368963A (en) * 2013-07-15 2013-10-23 网宿科技股份有限公司 HTTP message tamper-proofing method in content distribution network
CN103475477A (en) * 2013-09-03 2013-12-25 深圳市共进电子股份有限公司 Safe authorized access method
CN103607284A (en) * 2013-12-05 2014-02-26 潘志彪 Identity authentication method and equipment and server
CN103944900A (en) * 2014-04-18 2014-07-23 中国科学院计算技术研究所 Cross-station request attack defense method and device based on encryption
CN103973695A (en) * 2014-05-16 2014-08-06 浪潮电子信息产业股份有限公司 Signature algorithm for server validation
CN104486325A (en) * 2014-12-10 2015-04-01 上海爱数软件有限公司 Safe login certification method based on RESTful
CN104767731A (en) * 2015-03-12 2015-07-08 江苏中天科技软件技术有限公司 Identity authentication protection method of Restful mobile transaction system

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10911581B2 (en) 2016-04-28 2021-02-02 Huawei Technologies Co., Ltd. Packet parsing method and device
CN108243172A (en) * 2016-12-27 2018-07-03 武汉斗鱼网络科技有限公司 A kind of method and system for sending verification information
CN108243172B (en) * 2016-12-27 2020-08-04 武汉斗鱼网络科技有限公司 Method and system for sending verification information
CN106911684A (en) * 2017-02-17 2017-06-30 武汉斗鱼网络科技有限公司 A kind of method for authenticating and system
CN106911684B (en) * 2017-02-17 2020-06-16 武汉斗鱼网络科技有限公司 Authentication method and system
CN107911376A (en) * 2017-11-29 2018-04-13 南京莱斯信息技术股份有限公司 The WEB systems single-sign-on and access control implementation method of a kind of non-invasive
CN108011889A (en) * 2017-12-15 2018-05-08 四川长虹电器股份有限公司 Body contents entirety encrypted transmission method in http request

Also Published As

Publication number Publication date
CN105407102B (en) 2019-05-17

Similar Documents

Publication Publication Date Title
CN111835752B (en) Lightweight authentication method based on equipment identity and gateway
CN109246053B (en) Data communication method, device, equipment and storage medium
CN104618120B (en) A kind of mobile terminal key escrow digital signature method
CN109905405B (en) Security method for lawful interception
CN1697552B (en) Techniques for performing server user proxy authentication using SIP (session initiation protocol) messages
CN104168267B (en) A kind of identity identifying method of access SIP security protection video monitoring systems
US8307202B2 (en) Methods and systems for using PKCS registration on mobile environment
CN110267270B (en) Identity authentication method for sensor terminal access edge gateway in transformer substation
CN105407102A (en) Http request data reliability verification method
RU2015143914A (en) METHOD AND DEVICE FOR COMMUNICATION AUTHENTICATION OF SUBSCRIBER AND AUTHENTICATION OF THE DEVICE IN COMMUNICATION SYSTEMS
CN102026195A (en) One-time password (OTP) based mobile terminal identity authentication method and system
CN106878324B (en) Short message authentication method, short message authentication server and terminal
US9648650B2 (en) Pairing of devices through separate networks
US8284935B2 (en) Method, devices and computer program product for encoding and decoding media data
CN104753937A (en) SIP (System In Package)-based security certificate registering method
CN114765534A (en) Private key distribution system based on national password identification cryptographic algorithm
CN111767531B (en) Authentication system and method based on biological characteristics
CN103986716B (en) Establishing method for SSL connection and communication method and device based on SSL connection
CN108353259B (en) Method and apparatus for charging record authentication for anonymized network service utilization
KR101431214B1 (en) Mutual authentication method and system with network in machine type communication, key distribution method and system, and uicc and device pair authentication method and system in machine type communication
CN213938340U (en) 5G application access authentication network architecture
US20230007481A1 (en) Enhancement of authentication
CN113810391A (en) Cross-machine-room communication bidirectional authentication and encryption method
CN106487741B (en) Authentication method, authentication terminal and authentication system based on IMS network
KR101532117B1 (en) System and method for supporting emergency call after the access fail

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant