CN106549757B - Data authenticity identification method of WEB service, server and client - Google Patents
Data authenticity identification method of WEB service, server and client Download PDFInfo
- Publication number
- CN106549757B CN106549757B CN201510605358.1A CN201510605358A CN106549757B CN 106549757 B CN106549757 B CN 106549757B CN 201510605358 A CN201510605358 A CN 201510605358A CN 106549757 B CN106549757 B CN 106549757B
- Authority
- CN
- China
- Prior art keywords
- content data
- service content
- sent
- service
- encrypted ciphertext
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000000034 method Methods 0.000 title claims abstract description 45
- 239000000344 soap Substances 0.000 claims abstract description 73
- 238000010586 diagram Methods 0.000 description 4
- 230000000694 effects Effects 0.000 description 4
- 238000011161 development Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention provides a method for identifying authenticity of data of WEB service, a server and a client, wherein the method comprises the following steps: receiving a WEB service calling request sent by a client of the WEB service, wherein the calling request carries identification information of the WEB service; acquiring service content data to be sent of the corresponding WEB service according to the identification information of the WEB service; generating a first encrypted ciphertext according to the random number and service content data to be sent, and adding the random number and the first encrypted ciphertext into SOAP header information; and sending the service content data to be sent added with the SOAP header information to the client of the WEB service so that the client of the WEB service generates a second encrypted ciphertext according to the random number in the SOAP header information and the received service content data to identify the authenticity of the received service content data. The method and the system realize the authenticity identification of the service content data transmitted between the WEB service terminal and the client terminal, and protect the system safety of the client terminal of the WEB service.
Description
Technical Field
The embodiment of the invention relates to the technical field of WEB services, in particular to a method for identifying authenticity of data of a WEB service, a server and a client.
Background
With the continuous development of computer technology and internet technology, a variety of WEB applications and desktop applications are in a variety of layers, which brings convenience to people, and meanwhile, due to the difference of development languages and operation platforms among different applications, a gap exists between different applications. The problem is solved by the appearance and development of the WEB service technology based on extensible markup language (XML).
However, when a WEB service is released at a service end of the WEB service and interaction is performed between the service end of the WEB service and a client, the WEB service is easily attacked by a network hacker, and the network hacker tampers with the data of the service content by intercepting the data of the service content of the WEB service, so that the client cannot acquire correct data of the service content, thereby threatening the system security of the client of the WEB service. Therefore, in order to solve the security problem of the service content data, a method for identifying the authenticity of the service content data transmitted between the WEB server and the client is needed.
Disclosure of Invention
The embodiment of the invention provides a method for identifying the authenticity of data of a WEB service, a server and a client, which realizes the authenticity identification of service content data transmitted between the WEB server and the client and protects the system safety of the client of the WEB service.
In a first aspect, an embodiment of the present invention provides a method for identifying authenticity of data of a WEB service, where the method includes:
receiving a calling request of the WEB service sent by a client of the WEB service, wherein the calling request carries identification information of the WEB service;
acquiring service content data to be sent of the corresponding WEB service according to the identification information of the WEB service;
generating a first encrypted ciphertext according to a random number and the service content data to be sent, and adding the random number and the first encrypted ciphertext into SOAP header information;
and sending the service content data to be sent added with the SOAP header information to the client of the WEB service so that the client of the WEB service generates a second encrypted ciphertext according to the random number in the SOAP header information and the received service content data to identify the authenticity of the received service content data.
In a second aspect, an embodiment of the present invention provides a method for identifying authenticity of data of a WEB service, including:
sending a calling request of the WEB service to a service end of the WEB service, wherein the calling request carries identification information of the WEB service;
receiving service content data to be sent, which is sent by a service end of the WEB service and added with SOAP header information, wherein the SOAP header information carries a random number and a first encrypted ciphertext, and the first encrypted ciphertext is generated according to the random number and the service content data to be sent;
generating a second encrypted ciphertext according to the random number in the SOAP header information and the received service content data;
and comparing the first encrypted ciphertext with the second encrypted ciphertext, and identifying the authenticity of the received service content data according to a comparison result.
In a third aspect, an embodiment of the present invention provides a service end of a WEB service, including:
the first receiving module is used for receiving a calling request of the WEB service sent by a client of the WEB service, wherein the calling request carries identification information of the WEB service;
the acquisition module is used for acquiring service content data to be sent of the corresponding WEB service according to the identification information of the WEB service;
the first generation module is used for generating a first encrypted ciphertext according to the random number and the service content data to be sent;
an adding module, configured to add the random number and the first encrypted ciphertext to SOAP header information;
and the first sending module is used for sending the service content data to be sent, which is added with the SOAP header information, to the client side of the WEB service so that the client side of the WEB service generates a second encrypted ciphertext according to the random number in the SOAP header information and the received service content data, so as to identify the authenticity of the received service content data.
In a fourth aspect, an embodiment of the present invention provides a WEB service client, including:
the second sending module is used for sending a calling request of the WEB service to a service end of the WEB service, wherein the calling request carries identification information of the WEB service;
a second receiving module, configured to receive service content data to be sent, which is sent by a service end of the WEB service and is added with SOAP header information, where the SOAP header information carries a random number and a first encrypted ciphertext, and the first encrypted ciphertext is generated according to the random number and the service content data to be sent;
a second generation module, configured to generate a second encrypted ciphertext according to the random number in the SOAP header information and the received service content data;
and the identification module is used for comparing the first encrypted ciphertext with the second encrypted ciphertext and identifying the authenticity of the received service content data according to a comparison result.
The embodiment of the invention provides a method for identifying authenticity of data of WEB service, a server and a client, wherein the method comprises the following steps: receiving a WEB service calling request sent by a client of the WEB service, wherein the calling request carries identification information of the WEB service; acquiring service content data to be sent of the corresponding WEB service according to the identification information of the WEB service; generating a first encrypted ciphertext according to the random number and service content data to be sent, and adding the random number and the first encrypted ciphertext into SOAP header information; and sending the service content data to be sent added with the SOAP header information to the client of the WEB service so that the client of the WEB service generates a second encrypted ciphertext according to the random number in the SOAP header information and the received service content data to identify the authenticity of the received service content data. The method and the system realize the authenticity identification of the service content data transmitted between the WEB service terminal and the client terminal, and protect the system safety of the client terminal of the WEB service.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
FIG. 1 is a flowchart of a first embodiment of a method for identifying authenticity of data of a WEB service according to the present invention;
FIG. 2 is a flowchart of a second embodiment of a method for identifying authenticity of data of a WEB service according to the present invention;
FIG. 3 is a flowchart of a third embodiment of a method for identifying authenticity of data of a WEB service according to the present invention;
FIG. 4 is a schematic structural diagram of a first embodiment of a server side of a WEB service according to the present invention;
FIG. 5 is a schematic structural diagram of a first exemplary embodiment of a WEB service client according to the invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Fig. 1 is a flowchart of a first embodiment of a method for identifying authenticity of data of a WEB service according to the present invention, and as shown in fig. 1, an execution subject of the present invention is a service end of the WEB service, and may be specifically installed on a computer, a server, or other devices. The data authenticity identification method for the WEB service provided by the embodiment comprises the following steps:
In this embodiment, if a client of a WEB service needs to obtain service content data from a server of the WEB service and needs to send a service invocation request to the server of the WEB service, the server of the WEB service receives the invocation request of the WEB service sent by the client of the WEB service, the invocation request carries identification information of the WEB service, and the identification information of the WEB service may be information that uniquely identifies the WEB service, such as a name of the WEB service or an access address of a WSDL file corresponding to the WEB service.
In this embodiment, communication between a server of a WEB service and a client of the WEB service complies with the SOAP protocol. During data transmission, the transmitted data is encapsulated into an XML format, and SOAP header information is added into the encapsulated data. Format information of data and the like may be included in the SOAP header information.
And 102, acquiring service content data to be sent of the corresponding WEB service according to the identification information of the WEB service.
In this embodiment, according to the identification information of the WEB service, the client service content data of the corresponding WEB service, which needs to be sent to the WEB service, is acquired at the corresponding storage location.
In this embodiment, a random number is randomly generated, and a first encryption ciphertext is generated by using an encryption algorithm according to the random number and service content data to be transmitted.
In this embodiment, the random number and the service content data to be sent are used as input data, and after being encrypted by the encryption algorithm, the first encrypted ciphertext is matched with the random number and the service content data to be sent, that is, for the encryption algorithm, if a plaintext to be encrypted is determined, the encrypted ciphertext is unique.
In this embodiment, after the first encrypted ciphertext is obtained, the random number and the first encrypted ciphertext are associated and added to the SOAP header information.
And 104, sending the service content data to be sent added with the SOAP header information to the client of the WEB service, so that the client of the WEB service generates a second encrypted ciphertext according to the random number in the SOAP header information and the received service content data, and identifying the authenticity of the received service content data.
Specifically, in this embodiment, the to-be-transmitted service content data added with the SOAP header information is transmitted to the client of the WEB service, so that the client of the WEB service generates a second encrypted ciphertext according to the random number in the SOAP header information and the received service content data by using the same encryption algorithm as that used for generating the first encrypted ciphertext, compares the first encrypted ciphertext with the second encrypted ciphertext, identifies whether the received service content data is the to-be-transmitted service content data according to a comparison result, if the received service content data is identified to be the same as the to-be-transmitted service content data, it is determined that the received service content data is real data, and if the received service content data is identified to be different from the to-be-transmitted service content data, it is determined that the received service content data is data tampered by an attacker.
In the data authenticity identification method for the WEB service provided by this embodiment, a call request of the WEB service sent by a client of the WEB service is received, and the call request carries identification information of the WEB service; acquiring service content data to be sent of the corresponding WEB service according to the identification information of the WEB service; generating a first encrypted ciphertext according to the random number and service content data to be sent, and adding the random number and the first encrypted ciphertext into SOAP header information; and sending the service content data to be sent added with the SOAP header information to the client of the WEB service so that the client of the WEB service generates a second encrypted ciphertext according to the random number in the SOAP header information and the received service content data to identify the authenticity of the received service content data, thereby realizing the authenticity identification of the service content data transmitted between the WEB service end and the client and protecting the system safety of the client of the WEB service.
Further, in the method for identifying data authenticity of a WEB service provided in this embodiment, in step 103, a first encryption ciphertext is generated according to the random number and the service content data to be sent, which specifically includes:
firstly, the random number and service content data to be sent are spliced according to a preset rule to generate a first encrypted plaintext.
In this embodiment, the preset rule may be that the random number is spliced at the front end of the service content data to be sent, or the random number is spliced at the rear end of the service content data to be sent, or the length of the service content data is calculated, and the random number is spliced at the middle part of the service content data to be sent, or the random number is spliced at a specific position in the service content data to be sent, or other preset rules, and the preset rule is not limited in this embodiment.
The first encrypted plaintext is then encrypted using the MD5 encryption algorithm to generate a first encrypted ciphertext.
In this embodiment, since the MD5 encryption algorithm is specific to the same encrypted plaintext, and the encrypted ciphertext is unique, the MD5 encryption algorithm is used to encrypt the first encrypted plaintext. If an attacker intercepts the service content data being sent and tampers the service content data being sent, the random number and the tampered service content data are spliced according to a preset rule, and an encrypted plaintext generated after being encrypted by the MD5 encryption algorithm is different from the first encrypted ciphertext so as to identify the authenticity of the service content data.
In this embodiment, when generating a first encrypted ciphertext according to a random number and service content data to be transmitted, the random number and the service content data to be transmitted are first spliced according to a preset rule to generate a first encrypted plaintext; and then, the MD5 encryption algorithm is adopted to encrypt the first encrypted plaintext to generate a first encrypted ciphertext, and as the preset rule for splicing the random number and the service content data to be sent cannot be acquired by an attacker, the difficulty of the attacker in tampering the service content data is increased, and the client of the WEB service can more accurately identify whether the received service content data is real data.
Preferably, before step 103, the method for identifying data authenticity for a WEB service provided in this embodiment further includes:
first, it is determined whether service content data to be transmitted is confidential data.
In this embodiment, in order to protect important service content data to be sent from being stolen by an attacker, it is necessary to determine whether the service content data to be sent is confidential data.
In this embodiment, whether the service content data to be sent is confidential data can be determined according to a predefined tag.
And then, if the service content data to be transmitted is confidential data, encrypting the service content data to be transmitted by adopting a symmetric encryption algorithm.
In this embodiment, the adopted symmetric encryption algorithm may be a DES algorithm, an enhanced DES algorithm, or the like. After the service content data to be sent is encrypted by adopting a symmetric encryption algorithm, the symmetric encryption algorithm and the key can be acquired by a client of the WEB service.
In this embodiment, after the service content data to be sent is encrypted by using the symmetric encryption algorithm, the service content data to be sent in step 103 and step 104 is the encrypted service content data to be sent. In step 103, a first encrypted ciphertext is generated from the random number and the encrypted service content data to be sent, and the random number and the first encrypted ciphertext are added to the SOAP header information. In step 104, the encrypted service content data to be sent added with the SOAP header information is sent to the WEB service client, so that the WEB service client generates a second encrypted ciphertext according to the random number in the SOAP header information and the received encrypted service content data, so as to identify the authenticity of the received service content data, and when the received encrypted service content data is identified as the encrypted service content data to be sent, the received encrypted service content data is decrypted by using a decryption algorithm corresponding to the symmetric encryption algorithm, so as to obtain the real decrypted service content data.
In this embodiment, before generating a first encrypted ciphertext according to the random number and the service content data to be sent, it is determined whether the service content data to be sent is confidential data; and if the service content data to be transmitted is confidential data, encrypting the service content data to be transmitted by adopting a symmetric encryption algorithm. Because the service content data is transmitted in the form of encrypted ciphertext, the transmitted service content data can be effectively protected.
Fig. 2 is a flowchart of a second embodiment of the data authenticity identification method for WEB services according to the present invention, and as shown in fig. 2, an execution subject of the present invention is a client of a WEB service, which may be specifically installed on a computer, a server or other devices. The data authenticity identification method for the WEB service provided by the embodiment comprises the following steps:
In this embodiment, the identification information of the WEB service may be information that uniquely identifies the WEB service, such as a name of the WEB service or an access address of a WSDL file corresponding to the WEB service.
In this embodiment, a request for invoking a WEB service is sent to a server of the WEB service, where the request carries identification information of the WEB service, so that the server of the WEB service obtains service content data to be sent of the corresponding WEB service according to the identification information of the WEB service, generates a first encryption ciphertext according to a random number and the service content data to be sent, and adds the random number and the first encryption ciphertext to SOAP header information.
In this embodiment, since the attacker only attacks the transmitted service content data, but does not attack the random number and the first encryption ciphertext in the SOAP header information, the random number and the first encryption ciphertext carried in the SOAP header information received by the client of the WEB service are the same as the random number and the first encryption ciphertext carried in the SOAP header information sent by the WEB service and the random number and the first encryption ciphertext carried in the SOAP header information sent by the WEB service.
Specifically, the first encrypted ciphertext is generated by encrypting according to the random number and the service content data to be sent by using an encryption algorithm.
In this embodiment, a second encrypted ciphertext is generated by using an encryption algorithm according to the random number in the SOAP header and the received service content data. In this embodiment, the encryption algorithm used for generating the second encrypted ciphertext is the same as the encryption algorithm used for generating the first encrypted ciphertext. After the encryption plaintext is determined, the encryption ciphertext is unique after encryption.
And step 204, comparing the first encrypted ciphertext with the second encrypted ciphertext, and identifying the authenticity of the received service content data according to the comparison result.
In this embodiment, since the random numbers input to generate the first encrypted ciphertext and the second encrypted ciphertext are the same, the encryption algorithms used are the same, therefore, if the service content data to be transmitted is the same as the received service content data, after comparing the first encrypted ciphertext with the second encrypted ciphertext, the first encrypted ciphertext and the second encrypted ciphertext are the same, the received service content data is determined to be the service content data to be sent, which indicates that the service content data is not falsified and is real service content data, if the service content data to be sent is different from the received service content data, and after the first encrypted ciphertext is compared with the second encrypted ciphertext, the first encrypted ciphertext is different from the second encrypted ciphertext, and the received service content data is determined to be the data obtained by tampering the service content data to be sent and is false service content data.
In the data authenticity identification method for the WEB service provided by this embodiment, a call request of the WEB service is sent to a service end of the WEB service, and the call request carries identification information of the WEB service; receiving service content data to be sent, which is added with SOAP header information and sent by a service end of the WEB service, wherein the SOAP header information carries a random number and a first encrypted ciphertext, and the first encrypted ciphertext is generated according to the random number and the service content data to be sent; generating a second encrypted ciphertext according to the random number in the SOAP header information and the received service content data; and comparing the first encrypted ciphertext with the second encrypted ciphertext, and identifying the authenticity of the received service content data according to the comparison result. The method and the system realize the authenticity identification of the service content data transmitted between the WEB service terminal and the client terminal, and protect the system safety of the client terminal of the WEB service.
Further, the method for identifying data authenticity of a WEB service provided in this embodiment generates, in step 203, a second encrypted ciphertext according to the random number in the SOAP header and the received service content data, and specifically includes:
firstly, the random number and the received service content data are spliced according to a preset rule to generate a second encrypted plaintext.
In this embodiment, the preset rule according to which the random number and the received service content data are spliced is the same as the preset rule according to which the random number and the service content data to be transmitted are spliced. For example, the preset rule may be to splice a random number at the front end of the received service content data, or splice a random number at the back end of the received service content data, or calculate the length of the received service content data, splice a random number at the middle of the received service content data, or splice a random number at a specific position in the received service content data, or other preset rules, which is not limited in this embodiment.
The second encrypted plaintext is then encrypted using the MD5 encryption algorithm to generate a second encrypted ciphertext.
In this embodiment, since the MD5 encryption algorithm is used for the first encrypted ciphertext, the MD5 encryption algorithm is also used to generate the second encrypted ciphertext when encrypting the second encrypted plaintext. In this embodiment, under the condition that the second encrypted plaintext is determined, the MD5 encryption algorithm is adopted to encrypt the second encrypted plaintext, and the obtained second encrypted ciphertext is unique.
In this embodiment, when a second encrypted ciphertext is generated according to the random number in the SOAP header information and the received service content data, the random number and the received service content data are first spliced according to a preset rule to generate a second encrypted plaintext; and then, the MD5 encryption algorithm is adopted to encrypt the second encrypted plaintext to generate a second encrypted ciphertext, and the preset rule for splicing the random number and the received service content data cannot be acquired by an attacker, so that the difficulty of the attacker in tampering the service content data is increased, and the client of the WEB service can more accurately identify whether the received service content data is real data.
Preferably, after step 204, the method for identifying data authenticity of a WEB service provided in this embodiment further includes:
first, if it is determined that the received service content data is service content data to be transmitted, it is determined whether the received service content data is confidential data.
In this embodiment, if it is determined that the received service content data is service content data to be sent, it indicates that the received service content data is not tampered with and is usable as real data. It is determined whether the received service content data is confidential data according to the tag of the received service content data. In this embodiment, the tag of the service content data may be searched in the SOAP header information.
Then, if the received service content data is confidential data, the received service content data is decrypted by using a decryption algorithm corresponding to the symmetric encryption algorithm.
In this embodiment, if it is determined that the received service content data is confidential data, the received service content data is decrypted by using a decryption algorithm corresponding to the symmetric encryption algorithm, and a key required in the decryption process and the decryption algorithm corresponding to the symmetric encryption algorithm are acquired from a service end of the WEB service in advance.
In this embodiment, after comparing the first encrypted ciphertext with the second encrypted ciphertext and identifying the authenticity of the received service content data according to the comparison result, if it is determined that the received service content data is service content data to be transmitted, it is determined whether the received service content data is confidential data; and if the received service content data is confidential data, decrypting the received service content data by adopting a decryption algorithm corresponding to the symmetric encryption algorithm. Since the service content data is transmitted in the form of encrypted ciphertext, the transmitted service content data can be effectively protected.
Fig. 3 is a flowchart of a third embodiment of the method for identifying data authenticity of a WEB service according to the present invention, and as shown in fig. 3, the method for identifying data authenticity of a WEB service according to the present embodiment includes:
step 301, the client of the WEB service sends a request for calling the WEB service to the server of the WEB service, and the calling request carries identification information of the WEB service.
In this embodiment, the client of the WEB service may be a client installed on a computer, a server, or other devices. Such as a WEB service client installed on a mall POS. The service end of the WEB service can be a service end installed on a computer, a server or other equipment, such as a service end of a WEB service installed on a bank server.
In this embodiment, a client of a WEB service sends a call request of the WEB service to a server of the WEB service, where the call request carries identification information of the WEB service, and for example, the identification information of the WEB service carried by the call request is identification information of a transfer service.
Step 302, the service end of the WEB service acquires the service content data to be sent of the corresponding WEB service according to the identification information of the WEB service.
In this embodiment, according to the identification information of the WEB service, the client service content data of the corresponding WEB service, which needs to be sent to the WEB service, is acquired at the corresponding storage location.
In step 303, the service end of the WEB service determines whether the service content data to be sent is confidential data, if so, step 304 is executed, otherwise, step 305 is executed.
In this embodiment, the service end of the WEB service may determine whether the service content data is confidential data according to a preset tag of the service content data.
And step 304, the service end of the WEB service encrypts the service content data to be sent by adopting a symmetric encryption algorithm.
In this embodiment, the adopted symmetric encryption algorithm may be a DES algorithm, an enhanced DES algorithm, and the like, which is not limited in this embodiment.
In this embodiment, step 305 is performed after step 304 is performed.
In this embodiment, if the service content data to be sent is confidential data, the random number and the encrypted service content data to be sent are spliced according to a preset rule to generate a first encrypted plaintext. And if the service content data to be sent is not confidential data, directly splicing the random number and the unencrypted service content data to be sent according to a preset rule to generate a first encrypted plaintext.
In this embodiment, a tag indicating whether the service content data to be transmitted is confidential data may also be added to the SOAP header information.
Step 307, the server of the WEB service sends the encrypted or unencrypted service content data to be sent, added with the SOAP header information, to the client of the WEB service.
In this embodiment, the preset rule according to which the random number in the SOAP header information is spliced with the received encrypted or unencrypted service content data is the same as the preset rule according to which the first encrypted plaintext is generated.
In step 309, the client of the WEB service encrypts the second encrypted plaintext by using the MD5 encryption algorithm to generate a second encrypted ciphertext.
And step 310, the client of the WEB service compares the first encrypted ciphertext with the second encrypted ciphertext, and identifies the authenticity of the received service content data according to the comparison result.
In this embodiment, the first encrypted ciphertext and the second encrypted ciphertext are compared, and if the comparison result is that the first encrypted ciphertext is the same as the second encrypted ciphertext, the received service content data is determined to be service content data to be sent; and if the comparison result shows that the first encrypted ciphertext is different from the second encrypted ciphertext, determining the received service content data as data obtained by tampering the service content data to be sent.
In step 311, if the client of the WEB service determines that the received service content data is the service content data to be transmitted, it determines whether the received service content data is confidential data, and if so, executes step 312. If not, the process is ended.
In this embodiment, the client of the WEB service may determine whether the received service content data is confidential data according to a tag indicating whether the service content data is confidential data in the SOAP header information.
In step 312, the client of the WEB service decrypts the received service content data by using the decryption algorithm corresponding to the symmetric encryption algorithm.
In this embodiment, the client of the WEB service obtains the symmetric encryption algorithm and the encryption key in advance, and decrypts the received service content data by using the decryption algorithm corresponding to the symmetric encryption algorithm.
Fig. 4 is a schematic structural diagram of a first service end of the WEB service according to the present invention, and as shown in fig. 4, the service end of the WEB service provided in this embodiment includes: a first receiving module 401, an obtaining module 402, a first generating module 403, an adding module 404 and a first sending module 405.
The first receiving module 401 is configured to receive a call request of a WEB service sent by a client of the WEB service, where the call request carries identification information of the WEB service. An obtaining module 402, configured to obtain, according to the identification information of the WEB service, service content data to be sent of the corresponding WEB service. A first generating module 403, configured to generate a first encrypted ciphertext according to the random number and the service content data to be sent. An adding module 404, configured to add the random number and the first encrypted ciphertext to a SOAP header. A first sending module 405, configured to send the service content data to be sent, which is added with the SOAP header information, to the client of the WEB service, so that the client of the WEB service generates a second encrypted ciphertext according to the random number in the SOAP header information and the received service content data, so as to identify whether the received service content data is true or false.
The server of the WEB service provided in this embodiment may execute the technical solution of the method embodiment shown in fig. 1, and the implementation principle and the technical effect are similar, which are not described herein again.
Further, the first generating module 403 is specifically configured to: splicing the random number and the service content data to be sent according to a preset rule to generate a first encrypted plaintext; and encrypting the first encrypted plaintext by using an MD5 encryption algorithm to generate a first encrypted ciphertext.
Preferably, as shown in fig. 4, the service end of the WEB service provided in this embodiment further includes: a first judgment module 406 and an encryption module 407.
The first determining module 406 is configured to determine whether the service content data to be sent is confidential data before the first generating module 403 generates a first encrypted ciphertext according to the random number and the service content data to be sent; the encryption module 407 is configured to encrypt the service content data to be sent by using a symmetric encryption algorithm if the service content data to be sent is confidential data.
Further, the service end of the WEB service provided in this embodiment may execute the technical solution of the method embodiment shown in fig. 3, and the implementation principle and the technical effect are similar, which are not described herein again.
Fig. 5 is a schematic structural diagram of a first embodiment of a WEB service client according to the present invention, and as shown in fig. 5, the WEB service client provided in this embodiment includes: a second sending module 501, a second receiving module 502, a second generating module 503 and an identifying module 504.
The second sending module 501 is configured to send a request for invoking a WEB service to a service end of the WEB service, where the request carries identification information of the WEB service. A second receiving module 502, configured to receive service content data to be sent, which is sent by a service end of the WEB service and is added with SOAP header information, where the SOAP header information carries a random number and a first encrypted ciphertext, and the first encrypted ciphertext is generated according to the random number and the service content data to be sent. A second generating module 503, configured to generate a second encrypted ciphertext according to the random number in the SOAP header and the received service content data. An identifying module 504, configured to compare the first encrypted ciphertext with the second encrypted ciphertext, and identify whether the received service content data is true or false according to a comparison result.
The client of the WEB service provided in this embodiment may execute the technical solution of the method embodiment shown in fig. 2, and the implementation principle and the technical effect are similar, which are not described herein again.
Further, the second generating module 503 is specifically configured to: splicing the random number and the received service content data according to a preset rule to generate a second encrypted plaintext; and encrypting the second encrypted plaintext by using an MD5 encryption algorithm to generate a second encrypted ciphertext.
Further, the identifying module 504 is specifically configured to: comparing the first encrypted ciphertext with the second encrypted ciphertext, and if the comparison result shows that the first encrypted ciphertext is the same as the second encrypted ciphertext, determining that the received service content data is service content data to be sent; and if the comparison result shows that the first encrypted ciphertext is different from the second encrypted ciphertext, determining the received service content data as data obtained by tampering the service content data to be sent.
Preferably, as shown in fig. 5, the client of the WEB service provided in this embodiment further includes: a second determination module 505 and a decryption module 506.
The second determining module 505 is configured to compare the first encrypted ciphertext with the second encrypted ciphertext, identify whether the received service content data is to-be-sent service content data according to a comparison result, and determine whether the received service content data is confidential data if it is determined that the received service content data is to-be-sent service content data. A decryption module 506, configured to decrypt the received service content data by using a decryption algorithm corresponding to a symmetric encryption algorithm if the received service content data is confidential data.
Further, the client of the WEB service provided in this embodiment may execute the technical solution of the method embodiment shown in fig. 3, and the implementation principle and the technical effect are similar, which are not described herein again.
Those of ordinary skill in the art will understand that: all or a portion of the steps of implementing the above-described method embodiments may be performed by hardware associated with program instructions. The program may be stored in a computer-readable storage medium. When executed, the program performs steps comprising the method embodiments described above; and the aforementioned storage medium includes: various media that can store program codes, such as ROM, RAM, magnetic or optical disks.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present invention.
Claims (10)
1. A data true and false identification method for WEB service is characterized by comprising the following steps:
receiving a calling request of the WEB service sent by a client of the WEB service, wherein the calling request carries identification information of the WEB service;
acquiring service content data to be sent of the corresponding WEB service according to the identification information of the WEB service;
generating a first encrypted ciphertext according to a random number and the service content data to be sent, and adding the random number and the first encrypted ciphertext into SOAP header information;
sending service content data to be sent added with SOAP header information to the client side of the WEB service, so that the client side of the WEB service generates a second encrypted ciphertext according to the random number in the SOAP header information and the received service content data, and the authenticity of the received service content data is identified;
wherein,
the generating of the first encrypted ciphertext according to the random number and the service content data to be sent specifically includes:
splicing the random number and the service content data to be sent according to a preset rule to generate a first encrypted plaintext;
and encrypting the first encrypted plaintext by using an MD5 encryption algorithm to generate a first encrypted ciphertext.
2. The method according to claim 1, wherein before generating the first encrypted ciphertext according to the random number and the service content data to be transmitted, the method further comprises:
judging whether the service content data to be sent is confidential data;
and if the service content data to be sent is confidential data, encrypting the service content data to be sent by adopting a symmetric encryption algorithm.
3. A data true and false identification method for WEB service is characterized by comprising the following steps:
sending a calling request of the WEB service to a service end of the WEB service, wherein the calling request carries identification information of the WEB service;
receiving service content data to be sent, which is sent by a service end of the WEB service and added with SOAP header information, wherein the SOAP header information carries a random number and a first encrypted ciphertext, and the first encrypted ciphertext is generated according to the random number and the service content data to be sent;
generating a second encrypted ciphertext according to the random number in the SOAP header information and the received service content data;
comparing the first encrypted ciphertext with the second encrypted ciphertext, and identifying the authenticity of the received service content data according to a comparison result;
wherein,
the generating a second encrypted ciphertext according to the random number in the SOAP header and the received service content data specifically includes:
splicing the random number and the received service content data according to a preset rule to generate a second encrypted plaintext;
and encrypting the second encrypted plaintext by using an MD5 encryption algorithm to generate a second encrypted ciphertext.
4. The method of claim 3, wherein comparing the first encrypted ciphertext with the second encrypted ciphertext, and identifying the authenticity of the received service content data according to the comparison result specifically comprises:
comparing the first encrypted ciphertext with the second encrypted ciphertext, and if the comparison result is that the first encrypted ciphertext is the same as the second encrypted ciphertext, determining that the received service content data is the service content data to be sent; and if the comparison result shows that the first encrypted ciphertext is different from the second encrypted ciphertext, determining the received service content data as data obtained by tampering the service content data to be sent.
5. The method according to claim 4, wherein after comparing the first encrypted ciphertext with the second encrypted ciphertext and identifying the authenticity of the received service content data according to the comparison result, the method further comprises:
if the received service content data is determined to be the service content data to be sent, judging whether the received service content data is confidential data;
and if the received service content data is confidential data, decrypting the received service content data by adopting a decryption algorithm corresponding to the symmetric encryption algorithm.
6. A server for WEB services, comprising:
the first receiving module is used for receiving a calling request of the WEB service sent by a client of the WEB service, wherein the calling request carries identification information of the WEB service;
the acquisition module is used for acquiring service content data to be sent of the corresponding WEB service according to the identification information of the WEB service;
the first generation module is used for generating a first encrypted ciphertext according to the random number and the service content data to be sent;
an adding module, configured to add the random number and the first encrypted ciphertext to SOAP header information;
the first sending module is used for sending the service content data to be sent, which is added with the SOAP header information, to the client side of the WEB service so that the client side of the WEB service generates a second encrypted ciphertext according to the random number in the SOAP header information and the received service content data to identify the authenticity of the received service content data;
wherein,
the first generation module is specifically configured to:
splicing the random number and the service content data to be sent according to a preset rule to generate a first encrypted plaintext; and encrypting the first encrypted plaintext by using an MD5 encryption algorithm to generate a first encrypted ciphertext.
7. The server of the WEB service according to claim 6, further comprising:
the first judgment module is used for judging whether the service content data to be sent is confidential data or not before the first generation module generates a first encrypted ciphertext according to the random number and the service content data to be sent;
and the encryption module is used for encrypting the service content data to be sent by adopting a symmetric encryption algorithm if the service content data to be sent is confidential data.
8. A client for a WEB service, comprising:
the second sending module is used for sending a calling request of the WEB service to a service end of the WEB service, wherein the calling request carries identification information of the WEB service;
a second receiving module, configured to receive service content data to be sent, which is sent by a service end of the WEB service and is added with SOAP header information, where the SOAP header information carries a random number and a first encrypted ciphertext, and the first encrypted ciphertext is generated according to the random number and the service content data to be sent;
a second generation module, configured to generate a second encrypted ciphertext according to the random number in the SOAP header information and the received service content data;
the identification module is used for comparing the first encrypted ciphertext with the second encrypted ciphertext and identifying the authenticity of the received service content data according to a comparison result;
wherein,
the second generation module is specifically configured to:
splicing the random number and the received service content data according to a preset rule to generate a second encrypted plaintext; and encrypting the second encrypted plaintext by using an MD5 encryption algorithm to generate a second encrypted ciphertext.
9. The WEB service client according to claim 8, wherein the identification module is specifically configured to:
comparing the first encrypted ciphertext with the second encrypted ciphertext, and if the comparison result is that the first encrypted ciphertext is the same as the second encrypted ciphertext, determining that the received service content data is the service content data to be sent; and if the comparison result shows that the first encrypted ciphertext is different from the second encrypted ciphertext, determining the received service content data as data obtained by tampering the service content data to be sent.
10. The client of the WEB service of claim 9, further comprising:
a second judgment module, configured to compare the first encrypted ciphertext with the second encrypted ciphertext, and after identifying the authenticity of the received service content data according to a comparison result, if it is determined that the received service content data is the service content data to be sent, judge whether the received service content data is confidential data;
and the decryption module is used for decrypting the received service content data by adopting a decryption algorithm corresponding to the symmetric encryption algorithm if the received service content data is confidential data.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510605358.1A CN106549757B (en) | 2015-09-21 | 2015-09-21 | Data authenticity identification method of WEB service, server and client |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510605358.1A CN106549757B (en) | 2015-09-21 | 2015-09-21 | Data authenticity identification method of WEB service, server and client |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106549757A CN106549757A (en) | 2017-03-29 |
| CN106549757B true CN106549757B (en) | 2020-03-06 |
Family
ID=58364482
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510605358.1A Expired - Fee Related CN106549757B (en) | 2015-09-21 | 2015-09-21 | Data authenticity identification method of WEB service, server and client |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106549757B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107888627A (en) * | 2017-12-26 | 2018-04-06 | 北京车联天下信息技术有限公司 | The method, apparatus and server that service security accesses |
| CN109151015B (en) * | 2018-08-13 | 2021-10-08 | 南京敞视信息科技有限公司 | Transaction information secure pushing method |
| CN108924161A (en) * | 2018-08-13 | 2018-11-30 | 南京敞视信息科技有限公司 | A kind of encrypted transaction data communication means and system |
| CN109819138B (en) * | 2019-01-28 | 2020-11-06 | 中国环境监测总站 | Method and system for monitoring field sampling |
| CN111740831B (en) * | 2020-08-13 | 2020-11-06 | 国网浙江省电力有限公司 | Electric power data encryption transmission method, system and readable medium for multiplex and production detection |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101247407A (en) * | 2008-03-17 | 2008-08-20 | 华为技术有限公司 | Network authentication service system and method |
| CN101465735A (en) * | 2008-12-19 | 2009-06-24 | 北京大学 | Network user identification verification method, server and client terminal |
| CN101594226A (en) * | 2009-06-17 | 2009-12-02 | 中兴通讯股份有限公司 | The data guard method and the system that are used for file transfer |
| CN103053131A (en) * | 2010-08-03 | 2013-04-17 | 西门子公司 | Method and system for transmitting control data in manner that is secured against manipulation |
| JP2013255157A (en) * | 2012-06-08 | 2013-12-19 | Renesas Electronics Corp | Data processing device and verification processing program |
-
2015
- 2015-09-21 CN CN201510605358.1A patent/CN106549757B/en not_active Expired - Fee Related
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101247407A (en) * | 2008-03-17 | 2008-08-20 | 华为技术有限公司 | Network authentication service system and method |
| CN101465735A (en) * | 2008-12-19 | 2009-06-24 | 北京大学 | Network user identification verification method, server and client terminal |
| CN101594226A (en) * | 2009-06-17 | 2009-12-02 | 中兴通讯股份有限公司 | The data guard method and the system that are used for file transfer |
| CN103053131A (en) * | 2010-08-03 | 2013-04-17 | 西门子公司 | Method and system for transmitting control data in manner that is secured against manipulation |
| JP2013255157A (en) * | 2012-06-08 | 2013-12-19 | Renesas Electronics Corp | Data processing device and verification processing program |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106549757A (en) | 2017-03-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107294937B (en) | Data transmission method based on network communication, client and server | |
| CN102891843B (en) | Method for authorizing application program at android client side through local service unit | |
| CN110519309B (en) | Data transmission method, device, terminal, server and storage medium | |
| CN106549757B (en) | Data authenticity identification method of WEB service, server and client | |
| CN108111497B (en) | Mutual authentication method and device for camera and server | |
| CN107613316B (en) | Live network push stream verification method and system | |
| CN111130799B (en) | Method and system for HTTPS protocol transmission based on TEE | |
| CN113806772A (en) | Information encryption transmission method and device based on block chain | |
| CN105871805A (en) | Anti-stealing-link method and device | |
| KR101531662B1 (en) | Method and system for mutual authentication between client and server | |
| CN107483388A (en) | A kind of safety communicating method and its terminal and high in the clouds | |
| CN116633582A (en) | Secure communication method, apparatus, electronic device and storage medium | |
| CN115314313A (en) | Information encryption method and device, storage medium and computer equipment | |
| CN116743470A (en) | Service data encryption processing method and device | |
| CN105191332B (en) | For the method and apparatus of the embedded watermark in unpressed video data | |
| CN113630412B (en) | Resource downloading method, resource downloading device, electronic equipment and storage medium | |
| CN104811421A (en) | Secure communication method and secure communication device based on digital rights management | |
| CN114615087B (en) | Data sharing method, device, equipment and medium | |
| JP2018032907A (en) | Content creation device, content creation method, and program | |
| CN114640524B (en) | Method, apparatus, device and medium for processing transaction replay attack | |
| KR20140071775A (en) | Cryptography key management system and method thereof | |
| CN114554485B (en) | Asynchronous session key negotiation and application method, system, electronic equipment and medium | |
| CN108242997B (en) | Method and apparatus for secure communication | |
| CN112769759B (en) | Information processing method, information gateway, server and medium | |
| CN113592484A (en) | Account cubing method, system and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20220616 Address after: 3007, Hengqin international financial center building, No. 58, Huajin street, Hengqin new area, Zhuhai, Guangdong 519031 Patentee after: New founder holdings development Co.,Ltd. Patentee after: BEIJING FOUNDER ELECTRONICS Co.,Ltd. Address before: 100871, Beijing, Haidian District, Cheng Fu Road, No. 298, Zhongguancun Fangzheng building, 9 floor Patentee before: PEKING UNIVERSITY FOUNDER GROUP Co.,Ltd. Patentee before: BEIJING FOUNDER ELECTRONICS Co.,Ltd. |
|
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20200306 |