CN105681470B - Communication means, server based on hypertext transfer protocol, terminal - Google Patents
Communication means, server based on hypertext transfer protocol, terminal Download PDFInfo
- Publication number
- CN105681470B CN105681470B CN201610169962.9A CN201610169962A CN105681470B CN 105681470 B CN105681470 B CN 105681470B CN 201610169962 A CN201610169962 A CN 201610169962A CN 105681470 B CN105681470 B CN 105681470B
- Authority
- CN
- China
- Prior art keywords
- algorithm
- timestamp
- ciphertext
- time
- terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 230000006854 communication Effects 0.000 title claims abstract description 37
- 238000004891 communication Methods 0.000 title claims abstract description 36
- 238000012546 transfer Methods 0.000 title claims abstract description 26
- 238000000034 method Methods 0.000 claims abstract description 64
- 238000012795 verification Methods 0.000 claims description 41
- 230000005540 biological transmission Effects 0.000 claims description 38
- 238000012937 correction Methods 0.000 claims description 21
- 238000004364 calculation method Methods 0.000 claims description 5
- 230000000694 effects Effects 0.000 claims description 5
- 230000004044 response Effects 0.000 description 8
- 230000008569 process Effects 0.000 description 6
- 238000010586 diagram Methods 0.000 description 3
- 230000009471 action Effects 0.000 description 2
- 238000009826 distribution Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000003860 storage Methods 0.000 description 2
- 230000008859 change Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000005520 cutting process Methods 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 238000003825 pressing Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 230000001568 sexual effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3297—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
This application provides a kind of network communication method based on hypertext transfer protocol and system, server, terminals, to resist the Replay Attack in http network communication.It answers terminal request to send to terminal to stab at the first time;Receive the network request information that terminal is sent;Include first time stamp and corresponding timestamp ciphertext in the network request information;The timestamp ciphertext generates the algorithm factor encryption stabbed comprising the first time according to preset Encryption Algorithm by terminal;It is whether effective that the timestamp ciphertext is verified by the preset Encryption Algorithm, if in vain, the network request information is invalidation request.By verifying the legitimacy and validity of the timestamp ciphertext comprising timestamp information, and then the possibility that timestamp information is tampered in network request is prevented, avoids the generation of network Replay Attack.
Description
Technical field
This application involves technical field of network security, more particularly to a kind of communication party based on hypertext transfer protocol
Method, server, terminal.
Background technique
People's daily work life is more and more in depth influenced now with internet, data communication Internet-based
Safety just shows particularly important.
In the various factors for influencing Network Communicate Security, Replay Attack (Replay Attacks) is most commonly seen attacks
Hit one of mode.Replay Attack is also known as replay attack, replay attack or fresh sexual assault (Freshness Attacks), refers to
Attacker steals certification authority using network monitoring or other modes, and the data packet through pretending is issued service again again later
Device, to achieve the purpose that fraud system.It is chiefly used in authentication procedures, destroys the correctness of certification.This attack can be continuous
It repeats effective data to malice or fraudulent to transmit, Replay Attack can be by promoter, can also be by intercepting and retransmitting
The enemy of the data carries out.Understand from this explanation, though data encryption can be effectively prevented network request information be held as a hostage or
It distorts, but since Replay Attack is that interception effective information retransmits, Replay Attack can not be prevented data encryption.
In current network communication technology framework, control/interconnection protocol (TCP/IP, Transmission is transmitted
Control Protocol/Internet Protocol) be entire internet communication basis.ICP/IP protocol uses 4 layers
Hierarchical structure: network interface layer, network layer, transport layer and application layer, each layer all call provided by its next layer
Network completes oneself demand.Wherein, in application layer, it is based on hypertext transfer protocol (HTTP, Hypertext Transfer
Protocol data communication) is the Primary communication mode of current many network applications, such as most of websites, forum.But by
It is a connectionless, stateless agreement in http protocol, i.e., server is every has handled terminal request and broken after receiving response
Open connection, and the agreement is to the memoryless ability of issued transaction, therefore terminal is requested to the http network that server issues every time, it is preceding
It is not in contact between afterwards.
The statelessness of http protocol, connectionless property have just determined at the beginning of the Protocol Design.Because http protocol
Purpose is to support the data transmission of hypertext, request then sending in terminal browser to HTTP server, then HTTP takes
Business device by corresponding resource send back to terminal it is such a during, no matter for terminal or server, all It is not necessary to remember
This process is recorded, because requesting and responding all to be relatively independent each time.In general, a uniform resource locator
(URL, Universal Resource Locator) corresponds to unique hypertext, and HTTP server sends any terminal
Request, it all can return to identical hypertext according to the URL request that receives.Exactly because such uniqueness, so that note
The behavior state for employing family becomes meaningless, so, http protocol is designed to stateless connection protocol.
For these reasons, once terminal and server solicited message during data are transmitted are intercepted, due to clothes
Business device does not record the relevant informations such as any state in relation to request, therefore can not just identify whether the request is intercepted, again yet
It puts, also just not can avoid the generation of Replay Attack.
In short, a technical problem that is urgently needed by the technical personnel in the field at present is that: how to prevent existing network logical
For the Replay Attack of http protocol communication in letter technology.
Summary of the invention
The technical problem to be solved by the application is to provide a kind of network communication methods based on hypertext transfer protocol, clothes
Business device, terminal improve http network communication to effectively prevent Replay Attack caused by due to http network requests to be intercepted
Safety.
To solve the above-mentioned problems, this application discloses a kind of network communication method based on hypertext transfer protocol, packets
It includes: answering terminal request to send to terminal and stab at the first time;
Receive the network request information that terminal is sent;It stabs and corresponds to comprising the first time in the network request information
Timestamp ciphertext;The timestamp ciphertext by terminal according to preset Encryption Algorithm to the algorithm stabbed comprising the first time because
Son encryption generates;
It is whether effective that the timestamp ciphertext is verified by the preset Encryption Algorithm, if in vain, the network request letter
Breath is invalidation request.
Preferably, further comprise:
It verifies the first time in the network request information whether before the deadline to stab with the interval of current time, if super
Out, then the network request information is invalid.
Preferably, the preset Encryption Algorithm is Signcryption Algorithm,
The terminal generates timestamp to the algorithm factor encryption stabbed comprising the first time according to preset Encryption Algorithm
Ciphertext includes:
Terminal generates the first number to the algorithm factor encryption stabbed comprising the first time according to the Signcryption Algorithm
Word signature composition timestamp ciphertext;
The verifying timestamp ciphertext whether effectively include:
The second digital signature is generated to the algorithm factor encryption stabbed comprising the first time by the Signcryption Algorithm;
Whether consistent second digital signature the first digital signature corresponding with the timestamp ciphertext is verified, if different
It causes, then the timestamp ciphertext is invalid.
Preferably, the preset Encryption Algorithm is symmetric encipherment algorithm,
The terminal generates timestamp to the algorithm factor encryption stabbed comprising the first time according to preset Encryption Algorithm
Ciphertext includes:
Terminal includes the algorithm factor stabbed the first time using corresponding key pair according to the symmetric encipherment algorithm
Encryption stabs ciphertext between generating;
The verifying timestamp ciphertext whether effectively include:
It is decrypted using timestamp ciphertext described in the corresponding key pair of the symmetric encipherment algorithm and obtains the time therein
Information is stabbed as the second timestamp, judges whether second timestamp and the first time stamp in network request information are consistent,
If inconsistent, the timestamp ciphertext is invalid.
Preferably, the preset Encryption Algorithm is rivest, shamir, adelman,
The terminal generates timestamp to the algorithm factor encryption stabbed comprising the first time according to preset Encryption Algorithm
Ciphertext includes:
Terminal according to the rivest, shamir, adelman using corresponding public key to the algorithm stabbed comprising the first time because
Son encryption stabs ciphertext between generating;
The verifying timestamp ciphertext whether effectively include:
Acquisition is decrypted to the timestamp ciphertext in server use private key corresponding with the rivest, shamir, adelman
Timestamp information therein judges that the first time in second timestamp and network request information stabs as the second timestamp
Whether consistent, if inconsistent, the timestamp ciphertext is invalid.
It preferably, further include the voucher identification generated by terminal in the network request information that the terminal is sent;And
The algorithm factor comprising stamp at the first time further includes the voucher identification;The algorithm factor is by described first
Timestamp and the voucher identification are formed by preset rules.
Preferably, before the network request information for receiving terminal transmission further include:
Receive the credential request information of terminal;
Generate voucher identification corresponding with the credential request information;
The voucher identification is sent to the terminal.
Preferably,
It further include the voucher identification in the received network solicited message;
The algorithm factor comprising stamp at the first time further includes the voucher identification;The algorithm factor is by described first
Timestamp and the voucher identification are formed by preset rules.
Preferably, the voucher identification dynamic is effective, the method also includes:
If in the network request information that the terminal is sent including voucher identification, whether the server authentication voucher identification
Effectively, if in vain, the network request is invalidation request.
To solve the above problems, disclosed herein as well is a kind of network communication method based on hypertext transfer protocol, packet
It includes:
It obtains from server and stabs at the first time;
Network request information is sent to server;In the network request information comprising the first time stamp and it is corresponding
Timestamp ciphertext;The timestamp ciphertext is to be encrypted according to preset Encryption Algorithm to the algorithm factor stabbed comprising the first time
It generates.
Preferably, the preset Encryption Algorithm is Signcryption Algorithm,
It is described that timestamp ciphertext is generated to the algorithm factor encryption stabbed comprising the first time according to preset Encryption Algorithm
Include:
The first number is generated to the algorithm factor encryption stabbed comprising the first time according to the Signcryption Algorithm to sign
Name makeup time stabs ciphertext.
Preferably, the preset Encryption Algorithm is symmetric encipherment algorithm,
It is described that timestamp ciphertext is generated to the algorithm factor encryption stabbed comprising the first time according to preset Encryption Algorithm
Include:
Life is encrypted using the algorithm factor that key pair corresponding with the symmetric encipherment algorithm includes first time stamp
At a stamp ciphertext.
Preferably, the preset Encryption Algorithm is rivest, shamir, adelman,
It is described that timestamp ciphertext is generated to the algorithm factor encryption stabbed comprising the first time according to preset Encryption Algorithm
Include:
The algorithm factor stabbed comprising the first time is encrypted using public key corresponding with the rivest, shamir, adelman
Ciphertext is stabbed between generation.
It preferably, further include voucher identification in the network request information;And
The algorithm factor comprising stamp at the first time further includes the voucher identification;The algorithm factor is by described first
Timestamp and the voucher identification are formed by preset rules.
Preferably, before the transmission network request information to server further include:
Credential request information is sent to server;
Receive the voucher identification that server is sent.
To solve the above problems, disclosed herein as well is a kind of servers based on hypertext transfer protocol, comprising:
Receiving module, sending module, timestamp generation module and ciphertext correction verification module;
Wherein the receiving module includes:
First receiving unit stabs solicited message for receiving time;
Second receiving unit, for receiving network request information;In the network request information comprising at the first time stamp and
Corresponding timestamp ciphertext;The timestamp ciphertext be according to preset Encryption Algorithm to the algorithm stabbed comprising the first time because
Son encryption generates;
The wherein timestamp generation module stabs at the first time for answering the timestamp solicited message to generate;
Wherein the sending module includes:
First transmission unit, for sending time stamp generation module first time stamp generated;
The wherein ciphertext correction verification module, for verifying whether the timestamp ciphertext has by the preset Encryption Algorithm
Effect, if in vain, the network request information is invalidation request.
Preferably,
The server further include:
Timestamp verification module, for verify the first time in the received network request information of the second receiving unit stamp with
Before the deadline whether, if exceeding, the network request information is invalid at the interval of current time.
Preferably, the preset Encryption Algorithm is Signcryption Algorithm,
The ciphertext correction verification module further include:
Signature generation unit, for being encrypted by the Signcryption Algorithm to the algorithm factor stabbed comprising the first time
Generate the second signature;
First verification unit receives list with second for verifying signature generation unit second digital signature generated
Whether corresponding first digital signature of the received timestamp ciphertext of member institute is consistent, if inconsistent, the timestamp ciphertext is invalid.
Preferably, the preset Encryption Algorithm is symmetric encipherment algorithm,
The ciphertext correction verification module further include:
Second verification unit, for received using corresponding the second receiving unit of key pair of the symmetric encipherment algorithm
Timestamp ciphertext, which is decrypted, obtains timestamp information therein as the second timestamp, judges second timestamp and second
Receiving unit first time stamp in received network request information it is whether consistent, if inconsistent, the timestamp ciphertext
In vain.
Preferably, the preset Encryption Algorithm is rivest, shamir, adelman,
The ciphertext correction verification module further include:
Third verification unit, for using private key corresponding with the rivest, shamir, adelman to connect the second receiving unit
The timestamp ciphertext of receipts, which is decrypted, obtains timestamp information therein as the second timestamp, judge second timestamp and
Whether the first time stamp in network request information is consistent, if inconsistent, the timestamp ciphertext is invalid.
Preferably, the receiving module further include:
Third receiving unit, for receiving the request for credentials of terminal;
The server further include:
Voucher identification generation unit, for generating voucher identification according to the received request for credentials of third receiving unit institute;
The sending module further include:
Second transmission unit, for sending voucher identification generation unit voucher identification generated.
It preferably, further include voucher identification in the received network request information of the second receiving unit institute;
The algorithm factor comprising stamp at the first time further includes the voucher identification;The algorithm factor is by described first
Timestamp and the voucher identification are formed by preset rules.
Preferably, the voucher identification dynamic is effective;
The server further include:
Credential verification module, for whether verifying in the received network request information of the second receiving unit institute including voucher mark
Know, if including and the voucher identification is invalid, the network request information is invalid.
To solve the above problems, disclosed herein as well is a kind of terminals based on hypertext transfer protocol, comprising:
Sending module, receiving module and ciphertext module;
Wherein the sending module includes:
First transmission unit, for sending stamp acquisition request at the first time;
Second transmission unit, for sending network request information;It include the receiving module in the network request information
Received first time stamp and the corresponding timestamp ciphertext generated by the ciphertext module;
Wherein the receiving module includes:
First receiving unit stabs at the first time for receiving;
Wherein the ciphertext module is used for the calculation according to preset Encryption Algorithm to including the received first time stamp
The encryption of the method factor generates timestamp ciphertext.
Preferably, the preset Encryption Algorithm is Signcryption Algorithm;
The ciphertext module further include:
First encryption unit, for generating the first digital signature group to the algorithm factor encryption stabbed comprising the first time
At timestamp ciphertext.
Preferably, the preset Encryption Algorithm is symmetric encipherment algorithm;
The ciphertext module further include:
Second encryption unit is stabbed for use key pair corresponding with the symmetric encipherment algorithm comprising the first time
Algorithm factor encryption generate between stab ciphertext.
Preferably, the preset Encryption Algorithm is rivest, shamir, adelman;
The ciphertext module further include:
Third encryption unit, for use public key corresponding with the rivest, shamir, adelman to including the first time
The algorithm factor encryption of stamp stabs ciphertext between generating.
Preferably, further includes:
Voucher identification generation module, for generating voucher identification;
The algorithm factor comprising stamp at the first time further includes the voucher identification that the voucher identification module generates;
The algorithm factor is made of first time stamp and the voucher identification by preset rules.
Preferably,
The transmission unit further include:
Third transmission unit, for sending credential request information;
The receiving module further include:
Second receiving unit, for receiving voucher identification;
It further include the received voucher of third receiving unit institute in network request information transmitted by second transmission unit
Mark;
The algorithm factor comprising stamp at the first time further includes the voucher identification;The algorithm factor is by described first
Timestamp and the voucher identification are formed by preset rules.
Compared with prior art, the application has the following advantages:
In view of it is existing based on the network communication of http protocol there are connectionless, stateless characteristic, solicited message is blocked
This problem can not be identified by cutting server after resetting, it is proposed that the time is added in the solicited message that terminal to server is sent
Stamp, server pass through the time interval of timestamp and current time in verifying network request information whether within its validity period,
If the time interval exceeds validity period, then it is assumed that current network request is intercepted to reset, and is an invalidation request, therefore can be with
Effectively avoid the generation for http communication Replay Attack.
Further, in scheme provided by the present application, terminal is stabbed from server acquisition time, and to including the timestamp
Character string by agreement signature algorithm rule generate digital signature, and by the digital signature be put into server send network
In solicited message.Server generates digital signature, and the number label that authentication server generates according to identical signature algorithm rule
Whether name and institute's band digital signature in network request information are consistent, if inconsistent, then it is assumed that include in current network solicited message
The character string of timestamp is tampered, it is believed that the network request is invalidation request.So, attempt is avoided by distorting network
Timestamp pretends the possibility of effective information spoofing server in solicited message, thus further avoids the hair of Replay Attack
It is raw.
Detailed description of the invention
Fig. 1 is a kind of flow chart of the network communication method based on http protocol described in the embodiment of the present application one;
Fig. 2 is a kind of flow chart of the network communication method based on http protocol described in application embodiment two;
Fig. 3 is a kind of flow chart of the network communication method based on http protocol described in the embodiment of the present application three;
Fig. 4 is a kind of structural schematic diagram based on hypertext transfer protocol HTTP server described in the embodiment of the present application;
Fig. 5 is a kind of structural schematic diagram based on hypertext transfer protocol HTTP terminal described in the embodiment of the present application;
Fig. 6 is a kind of structural representation based on hypertext transfer protocol http network communication system described in the embodiment of the present application
Figure.
Specific embodiment
In order to make the above objects, features, and advantages of the present application more apparent, with reference to the accompanying drawing and it is specific real
Applying mode, the present application will be further described in detail.
Referring to Fig.1, the process for showing a kind of communication means embodiment one based on http protocol provided by the present application is shown
Be intended to, the communication means based on http protocol of the present embodiment the following steps are included:
Step 101, terminal to server sending time stamp request.
Step 102, server generates stabs at the first time.
Server can be generated according to international standard Rule current time and be stabbed at the first time.
Step 103, first time stamp is sent to terminal by server.
Step 104, the network request information that server receiving terminal is sent;Include described the in the network request information
One timestamp and corresponding timestamp ciphertext;The timestamp ciphertext is by terminal according to preset Encryption Algorithm to including described first
The algorithm factor of timestamp, which encrypts, to be generated.
Step 105, whether server is effective by the preset Encryption Algorithm verifying timestamp ciphertext, if in vain,
The network request information is invalidation request.
Step 106, whether the interval of the first time stamp in network request information described in server authentication and current time
Before the deadline, if exceeding, the network request information is invalid.The step is optional step.
Timestamp ciphertext is generated to the algorithm factor encryption comprising first time stamp, server adds according to what terminal was arranged
The close proof of algorithm ciphertext is effective, if in vain, it is believed that timestamp ciphertext may be intercepted or distort in transmission process,
It thus can further assert that the first time stamp and corresponding network request are invalid.
For ease of description, the timestamp for answering terminal request to generate server herein, and in network request information directly
It connects the timestamp for including to be known as stabbing at the first time, the timestamp in the algorithm factor for generating timestamp ciphertext was known as the second time
Stamp.
Since timestamp is generated by server is unified, it is ensured that the timestamp has stringent accuracy.Server can root
The validity period of the corresponding timestamp of the terminal is set according to network application environment locating for different terminals.Timestamp validity period is usually
One time span, such as 0.5 second mean that terminal is stabbed from server acquisition time, and the network containing the timestamp are asked
Ask be sent to server this process spent time should be in 0.5 second, if exceeding, then it is assumed that the network request is sent out in transmission process
Delay has been given birth to, Replay Attack may be intercepted or have occurred, has been invalid network request.
It should be readily apparent to one skilled in the art that can according to locating for terminal region, using complexity, the Terminal Type pair is set
The timestamp validity period answered.
Step 107, server returns to the response message of network request to terminal.
If verified network request information is effective, the response message that server is returned to terminal just should include that the network is asked
Corresponding effective information, such as web page resources are asked, otherwise, the notice in the response message just containing network request failure is believed
Breath.
Referring to Fig. 2, the process for showing a kind of communication means embodiment two based on http protocol provided by the present application is shown
Be intended to, the communication means based on http protocol of the present embodiment the following steps are included:
Step 201, terminal generates voucher identification.
Terminal can select the building form of voucher identification according to practical application, can such as obtain IP address and the port of terminal
Number, network card identification and current time composition voucher identification etc., as long as guarantee different terminals network request or same terminal it is more
Taking turns voucher identification used in network request has uniqueness.
Step 202, terminal to server sending time stamp request;Comprising the terminal in the timestamp solicited message
Voucher identification.
Since the existing network communication based on http protocol is connectionless, stateless communication, terminal to server is sent
Multiple requests between be not in contact with.Therefore, unification is added in we in multiple network requests that terminal to server is sent
Associated network request in the multiple contents in front and back can be set up connection by the voucher identification, facilitate terminal by voucher identification
With the associated network request of the multiple contents of server admin.
Step 203, server generates stabs at the first time;Storage configuration information, the configuration information are stored with current network
The corresponding voucher identification of solicited message, at the first time stamp and corresponding first time stab validity period.
Server often receives the timestamp acquisition request of terminal, just stores the second new timestamp of present credential mark and has
The effect phase, while the second timestamp validity period record before the voucher identification can also be emptied.
Step 204, first time stamp is sent to terminal by server.
Step 205, the network request information that server receiving terminal is sent;Include described the in the network request information
One timestamp and corresponding timestamp ciphertext;The timestamp ciphertext is by terminal according to preset Encryption Algorithm to including described first
The encryption of the algorithm factor of timestamp and voucher identification generates.
Step 206, whether server authentication timestamp ciphertext is effective, if in vain, the network request information is invalid.
Step 207, whether the first time stamp in server authentication network request is effective, if in vain, the network is asked
Ask information invalid.
Server is obtained from the configuration information of storage and is somebody's turn to do by voucher identification, the first time stamp in current network request
Corresponding effective period is stabbed at the first time, then judges the time of the timestamp and server current time in current network request
Whether interval is within its corresponding validity period, if exceeding validity period, then it is assumed that the timestamp failure of current network request, the network
Request is illegal request.
Preferably, the voucher identification dynamic is effective.Server can judge whether the voucher identification has according to certain condition
Effect, for example, the corresponding terminal of the voucher identification whether have been off, break or it is unresponsive for a long time, beyond effective period etc., if
Meet invalid condition, which can be set to invalid state by server, and interrupt the subsequent processing of current network request
And to terminal return request failure response message, so even if the voucher identification be stolen by others or using can not close
Method communication, effectively increases the safety of communication process.
Step 208, server returns to response message to terminal.
In example 1, server can only judge its network request time using fixed validity period to a certain Terminal Type
Whether stamp is effective, and in above-described embodiment two, server passes through configuration information and stores the corresponding timestamp of terminal voucher identification
With the effective period of the timestamp, since voucher identification has uniqueness to the different users of different terminals or using terminal, because
This, configuration and judgement to timestamp validity period can be improved specific to each terminal and using the different user of the terminal
The fineness of server authentication timestamp validity.
Referring to Fig. 3, the process for showing a kind of communication means embodiment three based on http protocol provided by the present application is shown
Be intended to, the communication means based on http protocol of the present embodiment the following steps are included:
Step 301, terminal to server sends request for credentials.
Step 302, server responds request for credentials, generates voucher identification by rule;Voucher identification is sent to terminal.
Although voucher identification can voluntarily be generated by terminal, when terminal quantity, concurrent request are excessive, it is generated with
Card mark not can guarantee absolutely unique.Voucher mark is uniformly generated by preset rules according to the request for credentials of each terminal by server
Knowledge then efficiently avoids the above problem, such as can generate by the IP address, port numbers and time for including in terminal request information
The currently the only sequence number of the terminal is as voucher identification.
Step 303, terminal to server sending time stamp request.
Step 304, server generates stabs at the first time.
Step 305, first time stamp is sent to terminal by server.
Step 306, terminal is close to the algorithm factor encryption generation timestamp comprising first time stamp by preset Encryption Algorithm
Text.
Step 307, the network request information that server receiving terminal is sent;Include described the in the network request information
One timestamp, voucher identification and corresponding timestamp ciphertext.
Timestamp ciphertext is by preset Encryption Algorithm to the algorithm factor encryption life comprising first time stamp, voucher identification
At.
Preferably, whether the voucher identification in server authentication current network solicited message is effective, if in vain, executing step
308。
If present terminal offline, broken string or for a long time be in inactive state, the corresponding voucher identification of the terminal can quilt
Server is only invalid.
Step 308, whether server is effective by the preset Encryption Algorithm verifying timestamp ciphertext, if in vain, executing step
Rapid 310.
The preset Encryption Algorithm is the terminal Encryption Algorithm rule good with server commitment.
Optionally, the Encryption Algorithm is Signcryption Algorithm.Terminal is according to the Signcryption Algorithm to comprising described
The algorithm factor encryption of stamp generates the first digital signature makeup time and stabs ciphertext at the first time;Server is calculated by the encrypted signature
Method generates the second digital signature to the algorithm factor encryption stabbed comprising the first time;Verify second digital signature and institute
Whether consistent state corresponding first digital signature of timestamp ciphertext, if inconsistent, the timestamp ciphertext is invalid.
The Signcryption Algorithm rule can comprise the following steps that first by presetting rule tissue algorithm factor;Then right
Digital signature is calculated by signature algorithm in the algorithm factor.For example, the organization regulation of algorithm factor can be the ' time in this example
Stamp+voucher identification+other ', it might even be possible to using entire request message as algorithm factor;Used signature algorithm, which can be, to disappear
Cease digest algorithm (MD5, Message Digest Algorithm5) or other signature algorithms.
MD5 algorithm is a kind of widely used hash function of computer safety field, and the integrality to provide message is protected
Shield.The algorithm can generate unique MD5 informative abstract, i.e. digital signature to any file or a segment information.If any
People has done any change to file or information, and changes will occur for MD5 value.
Optionally, the preset Encryption Algorithm is symmetric encipherment algorithm;Terminal is according to symmetric encipherment algorithm use pair
The key pair answered includes to stab ciphertext between the algorithm factor encryption of first time stamp generates;Server uses the symmetric cryptography
Timestamp ciphertext described in the corresponding key pair of algorithm, which is decrypted, obtains timestamp information therein as the second timestamp, judgement
Whether second timestamp and the first time stamp in network request information are consistent, if inconsistent, the timestamp ciphertext
In vain.
From signature algorithm be the informative abstract of algorithm factor is carried out encryption obtain signature it is different, use symmetric encipherment algorithm
It is to carry out encryption to entire algorithm factor character string to obtain timestamp ciphertext;Server uses identical key or corresponding solution
Close program is decrypted timestamp ciphertext and obtains algorithm factor original text.Common algorithm such as Advanced Encryption Standard (Advanced
Encryption Standard, AES) Encryption Algorithm.
Optionally, the preset Encryption Algorithm is rivest, shamir, adelman;Terminal makes according to the rivest, shamir, adelman
Ciphertext is stabbed being generated with corresponding public key between the algorithm factor encryption stabbed comprising the first time;Server use with it is described non-
When acquisition timestamp information therein is decrypted as second to the timestamp ciphertext in the corresponding private key of symmetric encipherment algorithm
Between stab, judge second timestamp and in network request information first time stamp it is whether consistent, if inconsistent, when described
Between stamp ciphertext it is invalid.Common rivest, shamir, adelman such as RSA cryptographic algorithms.
If verified timestamp ciphertext is invalid, illustrate in network request information character string corresponding with algorithm factor by
It distorts, current network request is no longer trusted and is illegal request.
Preferably, the application uses the character string comprising timestamp and voucher identification as Encryption Algorithm by preset rules
Algorithm factor.Since the voucher identification that server is terminal distribution has uniqueness, the algorithm factor being made from it is also
It is unique unduplicated.Since timestamp is mostly plain code in HTTP request message, and voucher identification is server by presetting rule
It generates, therefore unless voucher identification generation rule is revealed, then the voucher identification is very low a possibility that being tampered;Moreover algorithm because
The composition rule of son is arranged by terminal and server, not external disclosure, though know used in algorithm factor timestamp and
Voucher identification, it is also difficult to the frequency and permutation and combination method that it occurs are known, if therefore the time in terminal network solicited message
It is invalid to stab ciphertext, it may be considered that the timestamp in the character string is tampered, which is illegal request.
It should be appreciated by those skilled in the art that when implementing the application, can determine timestamp and voucher as the case may be
The sequence and number that the preset rules and timestamp and voucher identification of mark composition algorithm factor occur in algorithm factor,
Such as can be timestamp+voucher identification, it is also possible to voucher identification+timestamp+timestamp+voucher identification etc..
Step 309, whether the first time stamp in server authentication network request is with the time interval of current time at it
In effective period, if exceeding validity period, current network request is invalidation request.
Step 310, server returns to response message to terminal.
In above-described embodiment, terminal to server send network request information in comprising by server distribute unitedly with
Card mark, whether server can first verify the voucher identification to the network request information containing the voucher identification effective, if voucher
It is identified as invalid state, then server can interrupt subsequent operation, directly return terminal invalidation request, save server section behaviour
It instructs, therefore has saved server resource to a certain degree, reduce server load.Secondly, being added in network request information
Digital signature can effectively prevent network request information to be tampered, and avoid the generation of Replay Attack.Especially, the application uses
By the voucher identification and timestamp of server unified distribution as the signature algorithm factor, the unique of the signature algorithm factor ensure that
Property, a possibility that different terminals generate same signature and timestamp a possibility that being tampered are avoided, network weight is effectively prevented
Put attack.
A kind of communication means based on http protocol provided by the present application is described in conjunction with several embodiments above.Under
Face combines specific application environment to be described further the method:
In the following embodiments, it is assumed that user uses one user name of oneself, password login net by a terminal
It stands, if server is proved to be successful logging request, server returns to dynamic password Key and uses to terminal.The server of the website
Including login service device, encryption server.
Step S01, user log in, and obtain voucher identification.
In the terminal, user inputs username and password and sends logging request to login service device.If logining successfully, log in
Server returns to voucher identification to the terminal.The voucher identification be login service device according to the user name of the user to it is other related
The unique authentication bit string that information generates.
Step S02, terminal are stabbed from encryption server acquisition time.
Terminal calls PostDownloadTimeStamp method to send an acquisition timestamp request to encryption server,
Newest timestamp is obtained from encryption server, timestamp is that encryption server is obtained from global time synchronization server
Current Perfect Time.
Step S03, terminal generates the first signature composition timestamp ciphertext, and organizes checking request data packet.
If timestamp obtains successfully, terminal is called RequestHeader_Stamp method to generate signature and form verifying and is asked
Seek data packet.
Terminal stabs ciphertext, specific algorithm are as follows: first by the time using timestamp, voucher identification calculate the signature makeup time
Stamp+timestamp+voucher identification+timestamp forms algorithm factor character string;Then MD5 generation is carried out to the algorithm factor character string
One signature character string makeup time stabs ciphertext.
Step S04, terminal send checking request to encryption server using HTTPS mode
Terminal is sent checking request on encryption server using PostDownloadTimeStamp method.
Step S05, encryption server, which generates the second signature to timestamp, voucher identification using rule identical with terminal, to be come
The checking request that verifying terminal is sent, if the second signature the first signature corresponding with timestamp ciphertext is consistent, timestamp is close
Text is legal effectively.
Whether step S06, the first time verified in network request information stab with the time interval of current time corresponding
Validity period in, if exceeding, the network request is invalid.
Step S07, encryption server return to response message to terminal.
If being verified, encryption server returns to correct dynamic password key to terminal, otherwise, returns and requests to terminal
The notification information of failure.
The dynamic password Key that terminal is obtained can be used for the subsequent operation of the user, such as dynamic password input.
It should be noted that for the various method embodiments described above, for simple description, therefore, it is stated as a series of
Combination of actions, but those skilled in the art should understand that, the application is not limited by the described action sequence because
According to the application, some steps may be performed in other sequences or simultaneously.Secondly, those skilled in the art should also know
It knows, the embodiments described in the specification are all preferred embodiments, and related movement not necessarily the application institute is necessary
's.
It is a kind of structural representation based on hypertext transfer protocol HTTP server described in the embodiment of the present application referring to Fig. 4
Figure.
The HTTP server specifically includes:
Receiving module 410, sending module 420, timestamp generation module 460 and ciphertext correction verification module 430;
Wherein the receiving module 410 includes:
First receiving unit 411 stabs solicited message for receiving time;
Second receiving unit 412, for receiving network request information;Comprising stabbing at the first time in the network request information
With corresponding timestamp ciphertext;The timestamp ciphertext is according to preset Encryption Algorithm to the algorithm stabbed comprising the first time
Factor encryption generates;
The wherein timestamp generation module 460 stabs at the first time for answering the timestamp solicited message to generate;
Wherein the sending module 420 includes:
First transmission unit 421, for sending time stamp generation module first time stamp generated;
The wherein ciphertext correction verification module 430, for whether verifying the timestamp ciphertext by the preset Encryption Algorithm
Effectively, if in vain, the network request information is invalidation request.
Preferably,
The server further include:
Timestamp verification module 470, when for verifying first in the received network request information of the second receiving unit 412
Between stamp with the interval of current time whether before the deadline, if exceeding, the network request information is invalid.
Optionally, the preset Encryption Algorithm is Signcryption Algorithm,
The ciphertext correction verification module 430 further include:
Signature generation unit 431, for pressing the Signcryption Algorithm to the algorithm factor stabbed comprising the first time
Encryption generates the second signature;
First verification unit 432, for verifying the signature generation unit 431 second digital signature generated and second
Whether corresponding first digital signature of the 412 received timestamp ciphertext of institute of receiving unit is consistent, if inconsistent, the timestamp
Ciphertext is invalid.
Optionally, the preset Encryption Algorithm is symmetric encipherment algorithm,
The ciphertext correction verification module 430 further include:
Second verification unit 433, for using corresponding 412 institute of the second receiving unit of key pair of the symmetric encipherment algorithm
Received timestamp ciphertext, which is decrypted, obtains timestamp information therein as the second timestamp, judges second timestamp
With the second receiving unit first time stamp in received network request information it is whether consistent, if inconsistent, the time
It is invalid to stab ciphertext.
Optionally, the preset Encryption Algorithm is rivest, shamir, adelman,
The ciphertext correction verification module 430 further include:
Third verification unit 434 receives single 412 to second for use private key corresponding with the rivest, shamir, adelman
First received timestamp ciphertext of institute, which is decrypted, obtains timestamp information therein as the second timestamp, when judging described second
Between stamp in network request information first time stab it is whether consistent, if inconsistent, the timestamp ciphertext is invalid.
Further, the receiving module 410 further include:
Third receiving unit 413, for receiving the request for credentials of terminal;
The server further include:
Voucher identification generation unit 440, for generating voucher mark according to the 413 received request for credentials of institute of third receiving unit
Know;
The sending module 420 further include:
Second transmission unit 422, for sending the voucher identification generated of voucher identification generation unit 440.
It preferably, further include voucher identification in the 412 received network request information of institute of the second receiving unit;
The algorithm factor comprising stamp at the first time further includes the voucher identification;The algorithm factor is by described first
Timestamp and the voucher identification are formed by preset rules.
Preferably, the voucher identification dynamic is effective;
The server further include:
Credential verification module 450, for verify in the received network request information of the institute of the second receiving unit 412 whether include
Voucher identification, if including and the voucher identification is invalid, the network request information is invalid.
It is a kind of structural schematic diagram based on hypertext transfer protocol HTTP terminal described in the embodiment of the present application referring to Fig. 5.
The HTTP terminal includes:
Sending module 510, receiving module 520 and ciphertext module 530;
Wherein the sending module 510 includes:
First transmission unit 511, for sending stamp acquisition request at the first time;
Second transmission unit 512, for sending network request information;It include the reception mould in the network request information
The received first time stamp of block and the corresponding timestamp ciphertext generated by the ciphertext module;
Wherein the receiving module 520 includes:
First receiving unit 521 stabs at the first time for receiving;
Wherein the ciphertext module is used for the calculation according to preset Encryption Algorithm to including the received first time stamp
The encryption of the method factor generates timestamp ciphertext.
Optionally, the preset Encryption Algorithm is Signcryption Algorithm;
The ciphertext module 530 further include:
First encryption unit 531 is signed for generating the first number to the algorithm factor encryption stabbed comprising the first time
Name makeup time stabs ciphertext.
Optionally, the preset Encryption Algorithm is symmetric encipherment algorithm;
The ciphertext module 530 further include:
Second encryption unit 532, when including described first for use key pair corresponding with the symmetric encipherment algorithm
Between stab algorithm factor encryption generate between stab ciphertext.
Optionally, the preset Encryption Algorithm is rivest, shamir, adelman;
The ciphertext module 530 further include:
Third encryption unit 533, for use public key corresponding with the rivest, shamir, adelman to including described first
The algorithm factor encryption of timestamp stabs ciphertext between generating.
Optionally, the terminal further include:
Voucher identification generation module 540, for generating voucher identification;
The algorithm factor comprising stamp at the first time further includes the voucher identification that the voucher identification module generates;
The algorithm factor is made of first time stamp and the voucher identification by preset rules.
Preferably,
The transmission unit 510 further include:
Third transmission unit 513, for sending credential request information;
The receiving module 520 further include:
Second receiving unit 522, for receiving voucher identification;
It further include that the second receiving unit 522 is received in network request information transmitted by second transmission unit 512
Voucher identification;
The algorithm factor comprising stamp at the first time further includes the voucher identification;The algorithm factor is by described first
Timestamp and the voucher identification are formed by preset rules.
It is a kind of structural representation of the system based on hypertext transfer protocol HTTP described in the embodiment of the present application referring to Fig. 6
Figure.
Specifically, the system comprises HTTP terminals 6100, HTTP server 6200;
The HTTP terminal 6100 includes:
Terminal sending module 6110, terminal receiving module 6120 and ciphertext module 6130;
Wherein the terminal sending module 6110 includes:
First transmission unit 6111, for sending stamp acquisition request at the first time;
Second transmission unit 6112, for sending network request information;It include the reception in the network request information
The received first time stamp of module and the corresponding timestamp ciphertext generated by the ciphertext module;
Wherein the terminal receiving module 6120 includes:
First receiving unit 6121 stabs at the first time for receiving;
Wherein the ciphertext module 6130 is used for according to preset Encryption Algorithm to including to stab received first time
Algorithm factor encryption generate timestamp ciphertext.
The HTTP server 6200 includes:
Server receiving module 6210, server sending module 6220, timestamp generation module 6230 and ciphertext calibration mode
Block 6240;
Wherein the server receiving module 6210 includes:
First receiving unit 6211 stabs solicited message for receiving time;
Second receiving unit 6212, for receiving network request information;Comprising at the first time in the network request information
Stamp and corresponding timestamp ciphertext;The timestamp ciphertext is the calculation according to preset Encryption Algorithm to stabbing comprising the first time
The encryption of the method factor generates;
The wherein timestamp generation module 6230 stabs at the first time for answering the timestamp solicited message to generate;
Wherein the server sending module 6220 includes:
First transmission unit 6221, for sending time stamp generation module first time stamp generated;
The wherein ciphertext correction verification module 6240, for whether verifying the timestamp ciphertext by the preset Encryption Algorithm
Effectively, if in vain, the network request information is invalidation request.
The detailed construction of above system refers to the above HTTP terminal, HTTP server and embodiment of the method dependent part
The explanation divided.
All the embodiments in this specification are described in a progressive manner, the highlights of each of the examples are with
The difference of other embodiments, the same or similar parts between the embodiments can be referred to each other.For system and/or dress
For setting embodiment, since it is basically similar to the method embodiment, so being described relatively simple, related place is referring to method reality
Apply the part explanation of example.
Finally, it is to be noted that, herein, relational terms such as first and second and the like be used merely to by
One entity or operation are distinguished with another entity or operation, without necessarily requiring or implying these entities or operation
Between there are any actual relationship or orders.
Moreover, "and/or" expression above had both contained the relationship of "and" herein, the relationship of "or" is also contained,
In: if option A and option b are the relationships of "and", then it represents that can simultaneously include option A and option b in certain embodiment;If
Option A and option b are the relationships of "or", then it represents that can individually include option A in certain embodiment, or individually include option b.
Above to a kind of network communication method based on hypertext transfer protocol HTTP provided herein, server,
Terminal is described in detail, and specific examples are used herein to illustrate the principle and implementation manner of the present application, with
The explanation of upper embodiment is merely used to help understand the present processes and its core concept;Meanwhile for the general of this field
Technical staff, according to the thought of the application, there will be changes in the specific implementation manner and application range, in conclusion
The contents of this specification should not be construed as limiting the present application.
The embodiment of the present invention discloses A1, a kind of network communication method based on hypertext transfer protocol, which is characterized in that
Include:
It answers terminal request to send to terminal to stab at the first time;
Receive the network request information that terminal is sent;It stabs and corresponds to comprising the first time in the network request information
Timestamp ciphertext;The timestamp ciphertext by terminal according to preset Encryption Algorithm to the algorithm stabbed comprising the first time because
Son encryption generates;
It is whether effective that the timestamp ciphertext is verified by the preset Encryption Algorithm, if in vain, the network request letter
Breath is invalidation request.
A2, method as described in a1, which is characterized in that further comprise:
It verifies the first time in the network request information whether before the deadline to stab with the interval of current time, if super
Out, then the network request information is invalid.
A3, method as described in a1, which is characterized in that the preset Encryption Algorithm is Signcryption Algorithm,
The terminal generates timestamp to the algorithm factor encryption stabbed comprising the first time according to preset Encryption Algorithm
Ciphertext includes:
Terminal generates the first number to the algorithm factor encryption stabbed comprising the first time according to the Signcryption Algorithm
Word signature composition timestamp ciphertext;
The verifying timestamp ciphertext whether effectively include:
The second digital signature is generated to the algorithm factor encryption stabbed comprising the first time by the Signcryption Algorithm;
Whether consistent second digital signature the first digital signature corresponding with the timestamp ciphertext is verified, if different
It causes, then the timestamp ciphertext is invalid.
A4, method as described in a1, which is characterized in that the preset Encryption Algorithm is symmetric encipherment algorithm,
The terminal generates timestamp to the algorithm factor encryption stabbed comprising the first time according to preset Encryption Algorithm
Ciphertext includes:
Terminal includes the algorithm factor stabbed the first time using corresponding key pair according to the symmetric encipherment algorithm
Encryption stabs ciphertext between generating;
The verifying timestamp ciphertext whether effectively include:
It is decrypted using timestamp ciphertext described in the corresponding key pair of the symmetric encipherment algorithm and obtains the time therein
Information is stabbed as the second timestamp, judges whether second timestamp and the first time stamp in network request information are consistent,
If inconsistent, the timestamp ciphertext is invalid.
A5, method as described in a1, which is characterized in that the preset Encryption Algorithm is rivest, shamir, adelman,
The terminal generates timestamp to the algorithm factor encryption stabbed comprising the first time according to preset Encryption Algorithm
Ciphertext includes:
Terminal according to the rivest, shamir, adelman using corresponding public key to the algorithm stabbed comprising the first time because
Son encryption stabs ciphertext between generating;
The verifying timestamp ciphertext whether effectively include:
Acquisition is decrypted to the timestamp ciphertext in server use private key corresponding with the rivest, shamir, adelman
Timestamp information therein judges that the first time in second timestamp and network request information stabs as the second timestamp
Whether consistent, if inconsistent, the timestamp ciphertext is invalid.
A6, method as described in a1, which is characterized in that further include by terminal in the network request information that the terminal is sent
The voucher identification of generation;And
The algorithm factor comprising stamp at the first time further includes the voucher identification;The algorithm factor is by described first
Timestamp and the voucher identification are formed by preset rules.
A7, method as described in a1, which is characterized in that also wrapped before the network request information for receiving terminal transmission
It includes:
Receive the credential request information of terminal;
Generate voucher identification corresponding with the credential request information;
The voucher identification is sent to the terminal.
A8, the method as described in A7, which is characterized in that
It further include the voucher identification in the received network solicited message;
The algorithm factor comprising stamp at the first time further includes the voucher identification;The algorithm factor is by described first
Timestamp and the voucher identification are formed by preset rules.
A9, the method as described in any in A6-A8, which is characterized in that the voucher identification dynamic is effective, and the method is also
Include:
If in the network request information that the terminal is sent including voucher identification, whether the server authentication voucher identification
Effectively, if in vain, the network request is invalidation request.
The embodiment of the present invention further discloses B10, a kind of network communication method based on hypertext transfer protocol, and feature exists
In, comprising:
It obtains from server and stabs at the first time;
Network request information is sent to server;In the network request information comprising the first time stamp and it is corresponding
Timestamp ciphertext;The timestamp ciphertext is to be encrypted according to preset Encryption Algorithm to the algorithm factor stabbed comprising the first time
It generates.
B11, the method as described in B10, which is characterized in that the preset Encryption Algorithm is Signcryption Algorithm,
It is described that timestamp ciphertext is generated to the algorithm factor encryption stabbed comprising the first time according to preset Encryption Algorithm
Include:
The first number is generated to the algorithm factor encryption stabbed comprising the first time according to the Signcryption Algorithm to sign
Name makeup time stabs ciphertext.
B12, the method as described in B10, which is characterized in that the preset Encryption Algorithm is symmetric encipherment algorithm,
It is described that timestamp ciphertext is generated to the algorithm factor encryption stabbed comprising the first time according to preset Encryption Algorithm
Include:
Life is encrypted using the algorithm factor that key pair corresponding with the symmetric encipherment algorithm includes first time stamp
At a stamp ciphertext.
B13, the method as described in B10, which is characterized in that the preset Encryption Algorithm is rivest, shamir, adelman,
It is described that timestamp ciphertext is generated to the algorithm factor encryption stabbed comprising the first time according to preset Encryption Algorithm
Include:
The algorithm factor stabbed comprising the first time is encrypted using public key corresponding with the rivest, shamir, adelman
Ciphertext is stabbed between generation.
B14, the method as described in B10, which is characterized in that further include voucher identification in the network request information;And
The algorithm factor comprising stamp at the first time further includes the voucher identification;The algorithm factor is by described first
Timestamp and the voucher identification are formed by preset rules.
B15, the method as described in B10, which is characterized in that also wrapped before the transmission network request information to server
It includes:
Credential request information is sent to server;
Receive the voucher identification that server is sent.
The embodiment of the present invention further discloses C16, a kind of server based on hypertext transfer protocol, which is characterized in that packet
It includes: receiving module, sending module, timestamp generation module and ciphertext correction verification module;
Wherein the receiving module includes:
First receiving unit stabs solicited message for receiving time;
Second receiving unit, for receiving network request information;In the network request information comprising at the first time stamp and
Corresponding timestamp ciphertext;The timestamp ciphertext be according to preset Encryption Algorithm to the algorithm stabbed comprising the first time because
Son encryption generates;
The wherein timestamp generation module stabs at the first time for answering the timestamp solicited message to generate;
Wherein the sending module includes:
First transmission unit, for sending time stamp generation module first time stamp generated;
The wherein ciphertext correction verification module, for verifying whether the timestamp ciphertext has by the preset Encryption Algorithm
Effect, if in vain, the network request information is invalidation request.
C17, the server as described in C16, which is characterized in that
The server further include:
Timestamp verification module, for verify the first time in the received network request information of the second receiving unit stamp with
Before the deadline whether, if exceeding, the network request information is invalid at the interval of current time.
C18, the server as described in C16, which is characterized in that the preset Encryption Algorithm is Signcryption Algorithm,
The ciphertext correction verification module further include:
Signature generation unit, for being encrypted by the Signcryption Algorithm to the algorithm factor stabbed comprising the first time
Generate the second signature;
First verification unit receives list with second for verifying signature generation unit second digital signature generated
Whether corresponding first digital signature of the received timestamp ciphertext of member institute is consistent, if inconsistent, the timestamp ciphertext is invalid.
C19, the server as described in C16, which is characterized in that the preset Encryption Algorithm is symmetric encipherment algorithm,
The ciphertext correction verification module further include:
Second verification unit, for received using corresponding the second receiving unit of key pair of the symmetric encipherment algorithm
Timestamp ciphertext, which is decrypted, obtains timestamp information therein as the second timestamp, judges second timestamp and second
Receiving unit first time stamp in received network request information it is whether consistent, if inconsistent, the timestamp ciphertext
In vain.
C20, the server as described in C16, which is characterized in that the preset Encryption Algorithm is rivest, shamir, adelman,
The ciphertext correction verification module further include:
Third verification unit, for using private key corresponding with the rivest, shamir, adelman to connect the second receiving unit
The timestamp ciphertext of receipts, which is decrypted, obtains timestamp information therein as the second timestamp, judge second timestamp and
Whether the first time stamp in network request information is consistent, if inconsistent, the timestamp ciphertext is invalid.
C21, the server as described in C16, which is characterized in that the receiving module further include:
Third receiving unit, for receiving the request for credentials of terminal;
The server further include:
Voucher identification generation unit, for generating voucher identification according to the received request for credentials of third receiving unit institute;
The sending module further include:
Second transmission unit, for sending voucher identification generation unit voucher identification generated.
C22, the server as described in C21, which is characterized in that the received network request information of the second receiving unit institute
In further include voucher identification;
The algorithm factor comprising stamp at the first time further includes the voucher identification;The algorithm factor is by described first
Timestamp and the voucher identification are formed by preset rules.
C23, the server as described in C21, C22, which is characterized in that the voucher identification dynamic is effective;
The server further include:
Credential verification module, for whether verifying in the received network request information of the second receiving unit institute including voucher mark
Know, if including and the voucher identification is invalid, the network request information is invalid.
The embodiment of the present invention further discloses D24, a kind of terminal based on hypertext transfer protocol characterized by comprising
Sending module, receiving module and ciphertext module;
Wherein the sending module includes:
First transmission unit, for sending stamp acquisition request at the first time;
Second transmission unit, for sending network request information;It include the receiving module in the network request information
Received first time stamp and the corresponding timestamp ciphertext generated by the ciphertext module;
Wherein the receiving module includes:
First receiving unit stabs at the first time for receiving;
Wherein the ciphertext module is used for the calculation according to preset Encryption Algorithm to including the received first time stamp
The encryption of the method factor generates timestamp ciphertext.
D25, the terminal as described in D24, which is characterized in that the preset Encryption Algorithm is Signcryption Algorithm;
The ciphertext module further include:
First encryption unit, for generating the first digital signature group to the algorithm factor encryption stabbed comprising the first time
At timestamp ciphertext.
D26, the terminal as described in D24, which is characterized in that the preset Encryption Algorithm is symmetric encipherment algorithm;
The ciphertext module further include:
Second encryption unit is stabbed for use key pair corresponding with the symmetric encipherment algorithm comprising the first time
Algorithm factor encryption generate between stab ciphertext.
D27, the terminal as described in D24, which is characterized in that the preset Encryption Algorithm is rivest, shamir, adelman;
The ciphertext module further include:
Third encryption unit, for use public key corresponding with the rivest, shamir, adelman to including the first time
The algorithm factor encryption of stamp stabs ciphertext between generating.
D28, the terminal as described in D24, which is characterized in that further include:
Voucher identification generation module, for generating voucher identification;
The algorithm factor comprising stamp at the first time further includes the voucher identification that the voucher identification module generates;
The algorithm factor is made of first time stamp and the voucher identification by preset rules.
D29, the terminal as described in D24, which is characterized in that
The transmission unit further include:
Third transmission unit, for sending credential request information;
The receiving module further include:
Second receiving unit, for receiving voucher identification;
It further include the received voucher of third receiving unit institute in network request information transmitted by second transmission unit
Mark;
The algorithm factor comprising stamp at the first time further includes the voucher identification;The algorithm factor is by described first
Timestamp and the voucher identification are formed by preset rules.
Claims (26)
1. a kind of network communication method based on hypertext transfer protocol characterized by comprising
Receive the credential request information of terminal;
Generate voucher identification corresponding with the credential request information;
The voucher identification is sent to the terminal;
It answers terminal request to send to terminal to stab at the first time;
Receive the network request information that terminal is sent;When stabbing comprising the first time in the network request information and be corresponding
Between stab ciphertext;The timestamp ciphertext adds the algorithm factor stabbed comprising the first time according to preset Encryption Algorithm by terminal
It is dense at;Wherein, the algorithm factor comprising stamp at the first time further includes the voucher identification;The algorithm factor is by described
Stamp and the voucher identification are formed by preset rules at the first time;
It is whether effective by the preset Encryption Algorithm verifying timestamp ciphertext, if in vain, the network request information is
Invalidation request.
2. the method as described in claim 1, which is characterized in that further comprise:
The first time in the network request information is verified whether before the deadline to stab with the interval of current time, if exceeding,
Then the network request information is invalid.
3. the method as described in claim 1, which is characterized in that the preset Encryption Algorithm is Signcryption Algorithm,
The terminal generates timestamp ciphertext to the algorithm factor encryption stabbed comprising the first time according to preset Encryption Algorithm
Include:
Terminal generates the first number to the algorithm factor encryption stabbed comprising the first time according to the Signcryption Algorithm and signs
Name makeup time stabs ciphertext;
The verifying timestamp ciphertext whether effectively include:
The second digital signature is generated to the algorithm factor encryption stabbed comprising the first time by the Signcryption Algorithm;
Whether consistent verify second digital signature the first digital signature corresponding with the timestamp ciphertext, if inconsistent,
Then the timestamp ciphertext is invalid.
4. the method as described in claim 1, which is characterized in that the preset Encryption Algorithm is symmetric encipherment algorithm,
The terminal generates timestamp ciphertext to the algorithm factor encryption stabbed comprising the first time according to preset Encryption Algorithm
Include:
Terminal is encrypted according to the symmetric encipherment algorithm using the algorithm factor that corresponding key pair includes first time stamp
Generate timestamp ciphertext;
The verifying timestamp ciphertext whether effectively include:
It is decrypted using timestamp ciphertext described in the corresponding key pair of the symmetric encipherment algorithm and obtains timestamp letter therein
Breath is used as the second timestamp, judges whether second timestamp and the first time stamp in network request information are consistent, if not
Unanimously, then the timestamp ciphertext is invalid.
5. the method as described in claim 1, which is characterized in that the preset Encryption Algorithm is rivest, shamir, adelman,
The terminal generates timestamp ciphertext to the algorithm factor encryption stabbed comprising the first time according to preset Encryption Algorithm
Include:
Terminal adds the algorithm factor stabbed comprising the first time using corresponding public key according to the rivest, shamir, adelman
It is dense at timestamp ciphertext;
The verifying timestamp ciphertext whether effectively include:
Acquisition is decrypted wherein to the timestamp ciphertext in server use private key corresponding with the rivest, shamir, adelman
Timestamp information as the second timestamp, judge first time stamp in second timestamp and network request information is whether
Unanimously, if inconsistent, the timestamp ciphertext is invalid.
6. the method as described in claim 1, which is characterized in that further include by end in the network request information that the terminal is sent
Hold the voucher identification generated;And
The algorithm factor comprising stamp at the first time further includes the voucher identification;The algorithm factor is by the first time
Stamp and the voucher identification are formed by preset rules.
7. the method as described in claim 1, which is characterized in that
It further include the voucher identification in the received network request information.
8. the method as described in any claim in claim 6-7, which is characterized in that the voucher identification dynamic is effective,
The method also includes:
If including voucher identification in the network request information that the terminal is sent, whether the server authentication voucher identification has
Effect, if in vain, the network request is invalidation request.
9. a kind of network communication method based on hypertext transfer protocol characterized by comprising
Credential request information is sent to server;
Receive the voucher identification that server is sent;
It obtains from server and stabs at the first time;
Network request information is sent to server;Include first time stamp and corresponding time in the network request information
Stab ciphertext;The timestamp ciphertext is the algorithm factor encryption life according to preset Encryption Algorithm to stabbing comprising the first time
At;Wherein, the algorithm factor comprising stamp at the first time further includes the voucher identification;The algorithm factor is by described first
Timestamp and the voucher identification are formed by preset rules.
10. method as claimed in claim 9, which is characterized in that the preset Encryption Algorithm is Signcryption Algorithm,
It is described to include: to the algorithm factor encryption generation timestamp ciphertext stabbed comprising the first time according to preset Encryption Algorithm
The first digital signature group is generated to the algorithm factor encryption stabbed comprising the first time according to the Signcryption Algorithm
At timestamp ciphertext.
11. method as claimed in claim 9, which is characterized in that the preset Encryption Algorithm is symmetric encipherment algorithm,
It is described to include: to the algorithm factor encryption generation timestamp ciphertext stabbed comprising the first time according to preset Encryption Algorithm
When encrypting generation using the algorithm factor that key pair corresponding with the symmetric encipherment algorithm includes first time stamp
Between stab ciphertext.
12. method as claimed in claim 9, which is characterized in that the preset Encryption Algorithm is rivest, shamir, adelman,
It is described to include: to the algorithm factor encryption generation timestamp ciphertext stabbed comprising the first time according to preset Encryption Algorithm
The algorithm factor encryption stabbed comprising the first time is generated using public key corresponding with the rivest, shamir, adelman
Timestamp ciphertext.
13. method as claimed in claim 9, which is characterized in that further include voucher identification in the network request information.
14. a kind of server based on hypertext transfer protocol characterized by comprising receiving module, sending module, time
Stab generation module and ciphertext correction verification module;
Wherein the receiving module includes:
First receiving unit stabs solicited message for receiving time;
Second receiving unit, for receiving network request information;Comprising stabbing and corresponding at the first time in the network request information
Timestamp ciphertext;The timestamp ciphertext is to be added according to preset Encryption Algorithm to the algorithm factor stabbed comprising the first time
It is dense at;The algorithm factor comprising stamp at the first time further includes voucher identification;The algorithm factor is by the first time
Stamp and the voucher identification are formed by preset rules;
Third receiving unit, for receiving the request for credentials of terminal;
The wherein timestamp generation module stabs at the first time for answering the timestamp solicited message to generate;
Wherein the sending module includes:
Second transmission unit, for sending voucher identification generation unit voucher identification generated;
First transmission unit, for sending time stamp generation module first time stamp generated;
The wherein ciphertext correction verification module, for whether effective by the preset Encryption Algorithm verifying timestamp ciphertext, if
In vain, then the network request information is invalidation request;
The server further include:
Voucher identification generation unit, for generating voucher identification according to the received request for credentials of third receiving unit institute.
15. server as claimed in claim 14, which is characterized in that
The server further include:
Timestamp verification module, for verify the stamp of the first time in the received network request information of the second receiving unit with it is current
Before the deadline whether, if exceeding, the network request information is invalid at the interval of time.
16. server as claimed in claim 14, which is characterized in that the preset Encryption Algorithm is Signcryption Algorithm,
The ciphertext correction verification module further include:
Signature generation unit, for being generated by the Signcryption Algorithm to the algorithm factor encryption stabbed comprising the first time
Second signature;
First verification unit, for verifying signature generation unit second digital signature generated and the second receiving unit institute
Whether corresponding first digital signature of received timestamp ciphertext is consistent, if inconsistent, the timestamp ciphertext is invalid.
17. server as claimed in claim 14, which is characterized in that the preset Encryption Algorithm is symmetric encipherment algorithm,
The ciphertext correction verification module further include:
Second verification unit, for using the symmetric encipherment algorithm corresponding the second receiving unit of key pair received time
Stamp ciphertext, which is decrypted, obtains timestamp information therein as the second timestamp, judges that second timestamp and second receives
Unit first time stamp in received network request information it is whether consistent, if inconsistent, the timestamp ciphertext is invalid.
18. server as claimed in claim 14, which is characterized in that the preset Encryption Algorithm is rivest, shamir, adelman,
The ciphertext correction verification module further include:
Third verification unit, it is received to the second receiving unit for use private key corresponding with the rivest, shamir, adelman
Timestamp ciphertext, which is decrypted, obtains timestamp information therein as the second timestamp, judges second timestamp and network
Whether the first time stamp in solicited message is consistent, if inconsistent, the timestamp ciphertext is invalid.
19. server as claimed in claim 14, which is characterized in that the received network request letter of the second receiving unit institute
It further include voucher identification in breath.
20. the server as described in claim 18 or 19, which is characterized in that the voucher identification dynamic is effective;
The server further include:
Credential verification module, for whether including voucher identification in the received network request information of the second receiving unit of verifying institute,
If including and the voucher identification it is invalid, the network request information is invalid.
21. a kind of terminal based on hypertext transfer protocol characterized by comprising
Sending module, receiving module and ciphertext module;
Wherein the sending module includes:
First transmission unit, for sending stamp acquisition request at the first time;
Second transmission unit, for sending network request information;It is received in the network request information comprising the receiving module
First time stamp and it is corresponding by the ciphertext module generate timestamp ciphertext;
Third transmission unit, for sending credential request information;
Wherein the receiving module includes:
First receiving unit stabs at the first time for receiving;
Second receiving unit, for receiving voucher identification;
Wherein the ciphertext module be used for according to preset Encryption Algorithm to include received first time stamp algorithm because
Son encryption generates timestamp ciphertext;The algorithm factor comprising stamp at the first time further includes the voucher identification;The algorithm
The factor is made of first time stamp and the voucher identification by preset rules.
22. terminal as claimed in claim 21, which is characterized in that the preset Encryption Algorithm is Signcryption Algorithm;
The ciphertext module further include:
First encryption unit, when for generating the first digital signature composition to the algorithm factor encryption stabbed comprising the first time
Between stab ciphertext.
23. terminal as claimed in claim 21, which is characterized in that the preset Encryption Algorithm is symmetric encipherment algorithm;
The ciphertext module further include:
Second encryption unit includes the calculation of first time stamp for using key pair corresponding with the symmetric encipherment algorithm
The encryption of the method factor generates timestamp ciphertext.
24. terminal as claimed in claim 21, which is characterized in that the preset Encryption Algorithm is rivest, shamir, adelman;
The ciphertext module further include:
Third encryption unit, for using public key corresponding with the rivest, shamir, adelman to stabbing comprising the first time
Algorithm factor encryption generates timestamp ciphertext.
25. terminal as claimed in claim 21, which is characterized in that further include:
Voucher identification generation module, for generating voucher identification;
The algorithm factor comprising stamp at the first time further includes the voucher identification that the voucher identification generation module generates;
The algorithm factor is made of first time stamp and the voucher identification by preset rules.
26. terminal as claimed in claim 21, which is characterized in that
It further include the received voucher identification of the second receiving unit institute in network request information transmitted by second transmission unit.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610169962.9A CN105681470B (en) | 2012-03-29 | 2012-03-29 | Communication means, server based on hypertext transfer protocol, terminal |
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210089712.6A CN102647461B (en) | 2012-03-29 | 2012-03-29 | Communication means based on HTTP, server, terminal |
| CN201610169962.9A CN105681470B (en) | 2012-03-29 | 2012-03-29 | Communication means, server based on hypertext transfer protocol, terminal |
Related Parent Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210089712.6A Division CN102647461B (en) | 2012-03-29 | 2012-03-29 | Communication means based on HTTP, server, terminal |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105681470A CN105681470A (en) | 2016-06-15 |
| CN105681470B true CN105681470B (en) | 2018-12-28 |
Family
ID=56311536
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610169962.9A Active CN105681470B (en) | 2012-03-29 | 2012-03-29 | Communication means, server based on hypertext transfer protocol, terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105681470B (en) |
Families Citing this family (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107888548A (en) * | 2016-09-30 | 2018-04-06 | 北京金山云网络技术有限公司 | A kind of Information Authentication method and device |
| CN106572105A (en) * | 2016-10-31 | 2017-04-19 | 中国银联股份有限公司 | URL (Uniform Resource Locator) verification method and device |
| CN106911684B (en) * | 2017-02-17 | 2020-06-16 | 武汉斗鱼网络科技有限公司 | Authentication method and system |
| CN107360139A (en) * | 2017-06-19 | 2017-11-17 | 努比亚技术有限公司 | A kind of mobile terminal, data ciphering method and computer-readable recording medium |
| CN109309655B (en) * | 2017-07-28 | 2020-12-04 | 深圳光峰科技股份有限公司 | Stateless communication security signature method, terminal and server |
| CN107454115B (en) * | 2017-10-10 | 2020-01-31 | 北京奇艺世纪科技有限公司 | digest authentication method and digest authentication system |
| CN109756460B (en) * | 2017-11-06 | 2021-07-09 | 中移(杭州)信息技术有限公司 | Replay attack prevention method and device |
| CN107733635B (en) * | 2017-11-29 | 2020-10-09 | 四川长虹电器股份有限公司 | Data security transmission method based on gateway |
| CN108055286B (en) * | 2018-01-22 | 2021-06-15 | 武汉斗鱼网络科技有限公司 | Method, client, computer-readable storage medium and computer device for generating user identity information |
| CN107959691B (en) * | 2018-01-22 | 2021-03-16 | 武汉斗鱼网络科技有限公司 | Method for detecting user identity information, server, computer-readable storage medium and computer equipment |
| CN108306739B (en) * | 2018-01-22 | 2021-03-12 | 武汉斗鱼网络科技有限公司 | Method for detecting user identity information, server, computer-readable storage medium and computer equipment |
| CN108521393A (en) * | 2018-01-31 | 2018-09-11 | 世纪龙信息网络有限责任公司 | Data interactive method, device, system, computer equipment and storage medium |
| CN109543457B (en) * | 2018-11-07 | 2021-07-09 | 泰康保险集团股份有限公司 | Method and device for controlling calling between intelligent contracts |
| CN112491904B (en) * | 2020-12-01 | 2022-05-20 | 德州职业技术学院(德州市技师学院) | Big data privacy protection sharing method and system |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6915423B2 (en) * | 2000-11-20 | 2005-07-05 | Korea Telecom | Method of providing time stamping service for setting client's system clock |
| CN101309293A (en) * | 2008-06-27 | 2008-11-19 | 中国网络通信集团公司 | Authentication method and system based on hypertext transmission protocol |
| CN101534196A (en) * | 2008-03-12 | 2009-09-16 | 因特伟特公司 | Method and apparatus for securely invoking a rest api |
| CN101594226A (en) * | 2009-06-17 | 2009-12-02 | 中兴通讯股份有限公司 | The data guard method and the system that are used for file transfer |
| CN102073953A (en) * | 2009-11-24 | 2011-05-25 | 阿里巴巴集团控股有限公司 | On-line payment method and system |
| CN102299930A (en) * | 2011-09-19 | 2011-12-28 | 北京无限新锐网络科技有限公司 | Method for ensuring security of client software |
-
2012
- 2012-03-29 CN CN201610169962.9A patent/CN105681470B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6915423B2 (en) * | 2000-11-20 | 2005-07-05 | Korea Telecom | Method of providing time stamping service for setting client's system clock |
| CN101534196A (en) * | 2008-03-12 | 2009-09-16 | 因特伟特公司 | Method and apparatus for securely invoking a rest api |
| CN101309293A (en) * | 2008-06-27 | 2008-11-19 | 中国网络通信集团公司 | Authentication method and system based on hypertext transmission protocol |
| CN101594226A (en) * | 2009-06-17 | 2009-12-02 | 中兴通讯股份有限公司 | The data guard method and the system that are used for file transfer |
| CN102073953A (en) * | 2009-11-24 | 2011-05-25 | 阿里巴巴集团控股有限公司 | On-line payment method and system |
| CN102299930A (en) * | 2011-09-19 | 2011-12-28 | 北京无限新锐网络科技有限公司 | Method for ensuring security of client software |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105681470A (en) | 2016-06-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105681470B (en) | Communication means, server based on hypertext transfer protocol, terminal | |
| CN102647461B (en) | Communication means based on HTTP, server, terminal | |
| CN109522726B (en) | Authentication method for applet, server and computer readable storage medium | |
| JP6625211B2 (en) | Key exchange through partially trusted third parties | |
| CN103220303B (en) | The login method of server and server, authenticating device | |
| US11924332B2 (en) | Cryptographic systems and methods using distributed ledgers | |
| US8856525B2 (en) | Authentication of email servers and personal computers | |
| CN112187466B (en) | Identity management method, device, equipment and storage medium | |
| CN110430065B (en) | Application service calling method, device and system | |
| US10735188B2 (en) | System and method for secure electronic communications through security hardware based on threshold cryptography | |
| CN102624740A (en) | Data interaction method, client and server | |
| CN113626802B (en) | Login verification system and method for equipment password | |
| CN109600226A (en) | TLS protocol session key recovery method based on random number implicit negotiation | |
| CN110267270A (en) | A kind of substation's inner sensor terminal access Border Gateway authentication intelligence contract | |
| Liu et al. | A secure cookie protocol | |
| CN111080299B (en) | Anti-repudiation method for transaction information, client and server | |
| Bates et al. | Forced perspectives: Evaluating an SSL trust enhancement at scale | |
| CN106657002A (en) | Novel crash-proof base correlation time multi-password identity authentication method | |
| US20230299973A1 (en) | Service registration method and device | |
| Li et al. | Pistis: Issuing trusted and authorized certificates with distributed ledger and TEE | |
| Jordan et al. | Viceroy: Gdpr-/ccpa-compliant enforcement of verifiable accountless consumer requests | |
| Benton et al. | Signaturecheck: a protocol to detect man-in-the-middle attack in ssl | |
| EP2267976A1 (en) | Method and system for secure communication between computers | |
| CN110532741B (en) | Personal information authorization method, authentication center and service provider | |
| CN109951432A (en) | Authorization and authentication method, user terminal, device, server and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20220715 Address after: Room 801, 8th floor, No. 104, floors 1-19, building 2, yard 6, Jiuxianqiao Road, Chaoyang District, Beijing 100015 Patentee after: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Address before: 100088 room 112, block D, 28 new street, new street, Xicheng District, Beijing (Desheng Park) Patentee before: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Patentee before: Qizhi software (Beijing) Co.,Ltd. |
|
| TR01 | Transfer of patent right |