CN105407102A - Http request data reliability verification method - Google Patents
Http request data reliability verification method Download PDFInfo
- Publication number
- CN105407102A CN105407102A CN201510918630.1A CN201510918630A CN105407102A CN 105407102 A CN105407102 A CN 105407102A CN 201510918630 A CN201510918630 A CN 201510918630A CN 105407102 A CN105407102 A CN 105407102A
- Authority
- CN
- China
- Prior art keywords
- http request
- request data
- data
- authorization
- http
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention relates to a data reliability verification technology, discloses an http request data reliability verification method, and aims to realize efficient verification of http user identity information and data integrity. According to the scheme, the http request data reliability verification method comprises the following steps: a, resolving a header of http request data by a server to find an authorization element and an expect element; b, verifying whether authorization is matched with a stored user token or not, if so, indicating that the user identity information is correct, and otherwise prompting a verification error; and c, verifying whether a transmitted expect parameter is matched with a signature of transmitted content or not, if so, indicating that data integrity verification is passed, and otherwise discarding a data packet. The http request data reliability verification method is suitable for verifying the reliability of http data.
Description
Technical field
The present invention relates to data reliability verification technique, be specifically related to a kind of http request data reliability verifying method.
Background technology
The use of cell-phone customer terminal occupies a very large proportion in present Mobile Development, what present cell-phone customer terminal used frequently also brings huge challenge to the safety issue of data, therefore how to verify that the reliability of the data received also becomes problem demanding prompt solution in the current network communications field.
Summary of the invention
Technical problem to be solved by this invention is: propose a kind of http request data reliability verifying method, realizes the efficient verification to http subscriber identity information and data integrity.
The present invention solves the problems of the technologies described above adopted technical scheme, and http request data reliability verifying method, comprises the following steps:
A. the head of server parses http request data finds out authorization element and expect element;
B. verify whether authorization mates with the user token stored, if coupling, shows that subscriber identity information is errorless, if do not mate, points out authentication error;
C. the expect parameter verifying transmission whether with the signatures match of transferring content, if coupling, then show that data integrity validation passes through, if do not mate, then abandon this packet.
Further, in step a, server, when resolving the head of http request data, if do not find authorization element, then adopts following processing mode:
Judge whether this http request comes from login interface and call, if, then generate user token at server end and return to client, authorization when client is using this token as subsequent calls, call if come from non-login interface, then judge that this http request is invalidation request, then abandon this request.
Further, in step c, whether mate with the signature of transferring content according to the client public key checking expect parameter that server end is deposited.
The invention has the beneficial effects as follows: the implementation employing overstepping one's bounds symmetric cryptography and the dynamic token of user verifies data security for http request and user information safety, avoid physical equipment expense and avoid the repeatedly transmission of user name password.
Embodiment
The present invention is intended to propose a kind of http request data reliability verifying method, realizes the efficient verification to http subscriber identity information and data integrity.The present invention utilizes MVC framework to complete before entering service logic the checking whether identity of user judges and be modified http message, finally utilizes technique to realize the service logic of Data Encryption Transmission and user rs authentication.
First brief introduction is done to http data format:
1.http encapsulation format: following data format is that mobile phone sends to the http head form of server end and the parameter of correspondence, we use such form to be different position in order to the parameter of difference in functionality be placed in request message, make service logic more clear like this.
1.1 data formats:
POSThttp://localhost:21815/api/NewLoginHTTP/1.1
Connection:Keep-Alive
Content-Length:467
Content-Type:application/json
Content-Encoding:utf-8
Accept:application/json
Expet:6e56e5ebeebad5bbf46c0a4d2bfcf852
Authorization:360539e753eff58a1cc5ad625358a27b
Host:localhost:21815
User-Agent:Apache-HttpClient/UNAVAILABLE(java1.4)
{
"newUserName":"yh7fdzzTwkt29rU9CSf+HTftTHyefKyJAZC7PjDR74bYb",
"newPassWord":"yh7fdzzTwkt29rU9CSf+HTftTHyefKyJAZC7PjDR74bYb"
}
1.2 data formats illustrate:
The signature verification of what 1.2.1Expect field passed over is body element content, for guaranteeing that data are not tampered;
1.2.2Authorization field deposits the mark (token) of user, and this mark does authentication for the password and login name substituting user;
1.2.3{ " newUserName ": " ", " newPassWord ": " " } body part, the data namely transmitted, username and password is the ciphertext using rivest, shamir, adelman encryption.
2. the generation of data format and storage:
2.1Expect field uses rivest, shamir, adelman or agreement cryptographic algorithm, by comparison ciphertext, server end and terminal, respectively to body content-encrypt, know whether that data are tampered.
2.2Authorization is user ID (token), is generated the client passing to and initiate logging request by server when logging in.Every log in after request necessarily bring this field, otherwise this request is invalid.This record is deposited in the internal memory of database or server and is associated with in corresponding user account information.
Based on above-mentioned data format, http request data reliability verifying method of the present invention comprises the following steps:
A. the head of server parses http request data finds out authorization element and expect element;
Server, when resolving the head of http request data, if do not find authorization element, then adopts following processing mode:
Judge whether this http request comes from login interface and call, if, then generate user token at server end and return to client, authorization when client is using this token as subsequent calls, call if come from non-login interface, then judge that this http request is invalidation request, then abandon this request.
B. verify whether authorization mates with the user token stored, if coupling, shows that subscriber identity information is errorless, if do not mate, points out authentication error;
C. the expect parameter verifying transmission whether with the signatures match of transferring content, if coupling, then show that data integrity validation passes through, if do not mate, then abandon this packet.
Whether the client public key checking expect parameter deposited according to server end in this step mates with the signature of transferring content.
Claims (3)
1.http request msg reliability verification method, is characterized in that, comprise the following steps:
A. the head of server parses http request data finds out authorization element and expect element;
B. verify whether authorization mates with the user token stored, if coupling, shows that subscriber identity information is errorless, if do not mate, points out authentication error;
C. the expect parameter verifying transmission whether with the signatures match of transferring content, if coupling, then show that data integrity validation passes through, if do not mate, then abandon this packet.
2. http request data reliability verifying method as claimed in claim 1, is characterized in that, in step a, server, when resolving the head of http request data, if do not find authorization element, then adopts following processing mode:
Judge whether this http request comes from login interface and call, if, then generate user token at server end and return to client, authorization when client is using this token as subsequent calls, call if come from non-login interface, then judge that this http request is invalidation request, then abandon this request.
3. whether http request data reliability verifying method as claimed in claim 1, is characterized in that, in step c, mate with the signature of transferring content according to the client public key checking expect parameter that server end is deposited.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510918630.1A CN105407102B (en) | 2015-12-10 | 2015-12-10 | Http request data reliability verifying method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510918630.1A CN105407102B (en) | 2015-12-10 | 2015-12-10 | Http request data reliability verifying method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105407102A true CN105407102A (en) | 2016-03-16 |
CN105407102B CN105407102B (en) | 2019-05-17 |
Family
ID=55472355
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510918630.1A Active CN105407102B (en) | 2015-12-10 | 2015-12-10 | Http request data reliability verifying method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105407102B (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106911684A (en) * | 2017-02-17 | 2017-06-30 | 武汉斗鱼网络科技有限公司 | A kind of method for authenticating and system |
CN107911376A (en) * | 2017-11-29 | 2018-04-13 | 南京莱斯信息技术股份有限公司 | The WEB systems single-sign-on and access control implementation method of a kind of non-invasive |
CN108011889A (en) * | 2017-12-15 | 2018-05-08 | 四川长虹电器股份有限公司 | Body contents entirety encrypted transmission method in http request |
CN108243172A (en) * | 2016-12-27 | 2018-07-03 | 武汉斗鱼网络科技有限公司 | A kind of method and system for sending verification information |
US10911581B2 (en) | 2016-04-28 | 2021-02-02 | Huawei Technologies Co., Ltd. | Packet parsing method and device |
Citations (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101478755A (en) * | 2009-01-21 | 2009-07-08 | 中兴通讯股份有限公司 | Network security HTTP negotiation method and related apparatus |
CN102143134A (en) * | 2010-08-05 | 2011-08-03 | 华为技术有限公司 | Method, device and system for distributed identity authentication |
CN102387354A (en) * | 2011-11-25 | 2012-03-21 | 中山大学 | Video monitoring system based on embedded web server |
CN102404392A (en) * | 2011-11-10 | 2012-04-04 | 山东浪潮齐鲁软件产业股份有限公司 | Integration type registering method for web application or website |
CN102422593A (en) * | 2009-05-14 | 2012-04-18 | 微软公司 | HTTP-based authentication |
CN102638454A (en) * | 2012-03-14 | 2012-08-15 | 武汉理工大学 | Plug-in type SSO (single signon) integration method oriented to HTTP (hypertext transfer protocol) identity authentication protocol |
US20120246312A1 (en) * | 2011-03-25 | 2012-09-27 | International Business Machines Corporation | Transforming HTTP Requests Into Web Services Trust Messages For Security Processing |
CN103188248A (en) * | 2011-12-31 | 2013-07-03 | 卓望数码技术(深圳)有限公司 | Identity authentication system and method based on single sign-on |
CN103188295A (en) * | 2011-12-28 | 2013-07-03 | 上海格尔软件股份有限公司 | WEB single sign-on method completely transparent to user and application |
CN103368963A (en) * | 2013-07-15 | 2013-10-23 | 网宿科技股份有限公司 | HTTP message tamper-proofing method in content distribution network |
CN103475477A (en) * | 2013-09-03 | 2013-12-25 | 深圳市共进电子股份有限公司 | Safe authorized access method |
CN103607284A (en) * | 2013-12-05 | 2014-02-26 | 潘志彪 | Identity authentication method and equipment and server |
CN103944900A (en) * | 2014-04-18 | 2014-07-23 | 中国科学院计算技术研究所 | Cross-station request attack defense method and device based on encryption |
CN103973695A (en) * | 2014-05-16 | 2014-08-06 | 浪潮电子信息产业股份有限公司 | Signature algorithm for server validation |
CN104486325A (en) * | 2014-12-10 | 2015-04-01 | 上海爱数软件有限公司 | Safe login certification method based on RESTful |
CN104767731A (en) * | 2015-03-12 | 2015-07-08 | 江苏中天科技软件技术有限公司 | Identity authentication protection method of Restful mobile transaction system |
-
2015
- 2015-12-10 CN CN201510918630.1A patent/CN105407102B/en active Active
Patent Citations (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101478755A (en) * | 2009-01-21 | 2009-07-08 | 中兴通讯股份有限公司 | Network security HTTP negotiation method and related apparatus |
CN102422593A (en) * | 2009-05-14 | 2012-04-18 | 微软公司 | HTTP-based authentication |
CN102143134A (en) * | 2010-08-05 | 2011-08-03 | 华为技术有限公司 | Method, device and system for distributed identity authentication |
US20120246312A1 (en) * | 2011-03-25 | 2012-09-27 | International Business Machines Corporation | Transforming HTTP Requests Into Web Services Trust Messages For Security Processing |
CN102404392A (en) * | 2011-11-10 | 2012-04-04 | 山东浪潮齐鲁软件产业股份有限公司 | Integration type registering method for web application or website |
CN102387354A (en) * | 2011-11-25 | 2012-03-21 | 中山大学 | Video monitoring system based on embedded web server |
CN103188295A (en) * | 2011-12-28 | 2013-07-03 | 上海格尔软件股份有限公司 | WEB single sign-on method completely transparent to user and application |
CN103188248A (en) * | 2011-12-31 | 2013-07-03 | 卓望数码技术(深圳)有限公司 | Identity authentication system and method based on single sign-on |
CN102638454A (en) * | 2012-03-14 | 2012-08-15 | 武汉理工大学 | Plug-in type SSO (single signon) integration method oriented to HTTP (hypertext transfer protocol) identity authentication protocol |
CN103368963A (en) * | 2013-07-15 | 2013-10-23 | 网宿科技股份有限公司 | HTTP message tamper-proofing method in content distribution network |
CN103475477A (en) * | 2013-09-03 | 2013-12-25 | 深圳市共进电子股份有限公司 | Safe authorized access method |
CN103607284A (en) * | 2013-12-05 | 2014-02-26 | 潘志彪 | Identity authentication method and equipment and server |
CN103944900A (en) * | 2014-04-18 | 2014-07-23 | 中国科学院计算技术研究所 | Cross-station request attack defense method and device based on encryption |
CN103973695A (en) * | 2014-05-16 | 2014-08-06 | 浪潮电子信息产业股份有限公司 | Signature algorithm for server validation |
CN104486325A (en) * | 2014-12-10 | 2015-04-01 | 上海爱数软件有限公司 | Safe login certification method based on RESTful |
CN104767731A (en) * | 2015-03-12 | 2015-07-08 | 江苏中天科技软件技术有限公司 | Identity authentication protection method of Restful mobile transaction system |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10911581B2 (en) | 2016-04-28 | 2021-02-02 | Huawei Technologies Co., Ltd. | Packet parsing method and device |
CN108243172A (en) * | 2016-12-27 | 2018-07-03 | 武汉斗鱼网络科技有限公司 | A kind of method and system for sending verification information |
CN108243172B (en) * | 2016-12-27 | 2020-08-04 | 武汉斗鱼网络科技有限公司 | Method and system for sending verification information |
CN106911684A (en) * | 2017-02-17 | 2017-06-30 | 武汉斗鱼网络科技有限公司 | A kind of method for authenticating and system |
CN106911684B (en) * | 2017-02-17 | 2020-06-16 | 武汉斗鱼网络科技有限公司 | Authentication method and system |
CN107911376A (en) * | 2017-11-29 | 2018-04-13 | 南京莱斯信息技术股份有限公司 | The WEB systems single-sign-on and access control implementation method of a kind of non-invasive |
CN108011889A (en) * | 2017-12-15 | 2018-05-08 | 四川长虹电器股份有限公司 | Body contents entirety encrypted transmission method in http request |
Also Published As
Publication number | Publication date |
---|---|
CN105407102B (en) | 2019-05-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111835752B (en) | Lightweight authentication method based on equipment identity and gateway | |
CN109246053B (en) | Data communication method, device, equipment and storage medium | |
CN104618120B (en) | A kind of mobile terminal key escrow digital signature method | |
CN109905405B (en) | Security method for lawful interception | |
CN1697552B (en) | Techniques for performing server user proxy authentication using SIP (session initiation protocol) messages | |
CN104168267B (en) | A kind of identity identifying method of access SIP security protection video monitoring systems | |
US8307202B2 (en) | Methods and systems for using PKCS registration on mobile environment | |
CN110267270B (en) | Identity authentication method for sensor terminal access edge gateway in transformer substation | |
CN105407102A (en) | Http request data reliability verification method | |
RU2015143914A (en) | METHOD AND DEVICE FOR COMMUNICATION AUTHENTICATION OF SUBSCRIBER AND AUTHENTICATION OF THE DEVICE IN COMMUNICATION SYSTEMS | |
CN102026195A (en) | One-time password (OTP) based mobile terminal identity authentication method and system | |
CN106878324B (en) | Short message authentication method, short message authentication server and terminal | |
US9648650B2 (en) | Pairing of devices through separate networks | |
US8284935B2 (en) | Method, devices and computer program product for encoding and decoding media data | |
CN104753937A (en) | SIP (System In Package)-based security certificate registering method | |
CN114765534A (en) | Private key distribution system based on national password identification cryptographic algorithm | |
CN111767531B (en) | Authentication system and method based on biological characteristics | |
CN103986716B (en) | Establishing method for SSL connection and communication method and device based on SSL connection | |
CN108353259B (en) | Method and apparatus for charging record authentication for anonymized network service utilization | |
KR101431214B1 (en) | Mutual authentication method and system with network in machine type communication, key distribution method and system, and uicc and device pair authentication method and system in machine type communication | |
CN213938340U (en) | 5G application access authentication network architecture | |
US20230007481A1 (en) | Enhancement of authentication | |
CN113810391A (en) | Cross-machine-room communication bidirectional authentication and encryption method | |
CN106487741B (en) | Authentication method, authentication terminal and authentication system based on IMS network | |
KR101532117B1 (en) | System and method for supporting emergency call after the access fail |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |