CN106572076A - Web service access method, client side and server side - Google Patents

Web service access method, client side and server side Download PDF

Info

Publication number
CN106572076A
CN106572076A CN201610855041.8A CN201610855041A CN106572076A CN 106572076 A CN106572076 A CN 106572076A CN 201610855041 A CN201610855041 A CN 201610855041A CN 106572076 A CN106572076 A CN 106572076A
Authority
CN
China
Prior art keywords
public key
authentication information
ciphertext
key
characterizes
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201610855041.8A
Other languages
Chinese (zh)
Inventor
曾庆春
徐兵兵
王永军
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shandong Inspur Business System Co Ltd
Original Assignee
Shandong Inspur Business System Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shandong Inspur Business System Co Ltd filed Critical Shandong Inspur Business System Co Ltd
Priority to CN201610855041.8A priority Critical patent/CN106572076A/en
Publication of CN106572076A publication Critical patent/CN106572076A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0478Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a Web service access method, a client side and a server side. The method comprises the steps that a public key request is transmitted to the server side so that the server side is enabled to generate a public key according to the public key request; the public key transmitted by the server side is received; authentication information is encrypted by using the public key so that the ciphertext of the authentication information is generated; the ciphertext is transmitted to the server side so that the server side is enabled to determine permission of accessing according to the ciphertext; and when the server side permits accessing, accessing the server side is performed. The identity of the client side is effectively verified through the server side so that only the legal user is enabled to perform Web service accessing. Meanwhile, the identity authentication information is encrypted by using the public key provided by the serer side, and a decryption private key is saved at the server side so that the third party cannot decrypt the intercepted information even the authentication information of the client side is intercepted by the third party, and thus the security of the Web service can be enhanced.

Description

A kind of Web service access method, a kind of client, a kind of service end
Technical field
The present invention relates to network communication technology field, more particularly to a kind of Web service access method, a kind of client, one Plant service end.
Background technology
Web service, refers to without adding, special third party software or hardware, only need to pass through network, it is possible to Realize the data interaction between the different application on different machines.At present, show in weather and some lives such as digital map navigation are normal With in field, by accessing Web service, it is possible to which the weather for providing provider and Map Integration are in the data of oneself.
At present, client accesses Web service, is primarily referred to as accessing certain related API that Web service is included (Application Programming Interface, application programming interface), that is input into be visited connecing when accessing The corresponding URL (Uniform Resoure Locator, uniform resource locator) of mouth just can complete to access.But, due to API is disclosed, and that corresponding URL is also just easily found on network, that is to say, that anyone can be to carry out Web Service access, so as to may result in some lawless peoples the storage information of service end is revealed and changed, thus result in The insecurity of Web service.
The content of the invention
A kind of Web service access method, a kind of client, a kind of service end are embodiments provided, can be effective Improve the security of Web service.
A kind of Web service access method, including:
Public key request is sent to service end, so that the service end generates public key according to public key request;
Receive the public key that the service end is sent;
Authentication information is encrypted using the public key, generates the ciphertext of the authentication information;
The ciphertext is sent to into the service end, so that the service end is according to the ciphertext, it is determined whether allow to visit Ask;
When the service end allows to access, the service end is accessed.
Preferably, the public key includes:The length of random number and key;
It is described authentication information is encrypted using the public key, the ciphertext of the authentication information is generated, including:
According to computations formula (1), the ciphertext of the authentication information is generated, wherein, the computations formula is:
Y=XD mod M (1)
Wherein, Y characterizes the ciphertext of the authentication information;X characterizes the authentication information;D characterizes the random number of the public key; M characterizes the key length of the public key;Mod characterizes delivery.
A kind of Web service access method, including:
Receive the public key request that client is sent;
For public key request, public key and the corresponding private key of the public key are generated;
The public key is sent to into client, so that the client is encrypted place to authentication information using the public key Reason, generates the ciphertext of the authentication information;
Receive the ciphertext of the authentication information that the client is sent;
Process is decrypted to the ciphertext of the authentication information using the private key, the authentication information is obtained;
Judge in default standard authentication information with the presence or absence of the target criteria certification letter matched with the authentication information Breath, if it is, allowing the client to access, otherwise, does not allow the client to access.
Preferably, it is described to generate public key and the corresponding private key of the public key for public key request, including:
Generate the random number of the public key;
Determine a pair different the first prime numbers and the second prime number;
Using first prime number and the second prime number product as the public key key length;
According to the random number of the public key, using formula one, i.e., following computing formula (2), the public key is determined First decrypted value of the corresponding private key of the random number;
E=D﹣ 1mod[(p-1)(q-1)] (2)
Wherein, E characterizes the first decrypted value of the private key;D characterizes the random number of the public key;P and q are characterized respectively First prime number and second prime number;Mod characterizes delivery;
Using the key length of the public key as the private key the second decrypted value.
Preferably, it is described that process is decrypted to the ciphertext of the authentication information using the private key, obtain the certification Information, including:
Using formula two and the private key, the formula two is following decryption computing formula (3), generates the certification letter Breath;
X=YE mod N (3)
Wherein, X characterizes the authentication information;Y characterizes the ciphertext of the authentication information;E characterizes first decrypted value;N Characterize second decrypted value;Mod characterizes delivery.
A kind of client, including:First transmitting element, receiving unit, ciphering unit, the second transmitting element and access are single Unit, wherein,
First transmitting element, for sending public key request to service end, so that the service end is according to the public key Request generates public key;
The receiving unit, for receiving the public key that the service end is sent;
The ciphering unit, for being encrypted to authentication information using the public key, generates the authentication information Ciphertext;
Second transmitting element, for the ciphertext to be sent to into the service end, so that the service end is according to institute State ciphertext, it is determined whether allow to access;
The access unit, when the service end allows to access, accesses the service end.
Preferably, the public key includes:The length of random number and key;
The ciphering unit, specifically for:
According to computations formula (1), the ciphertext of the authentication information is generated, wherein, the computations formula is:
Y=XD mod M (1)
Wherein, Y characterizes the ciphertext of the authentication information;X characterizes the authentication information;D characterizes the random number of the public key; M characterizes the key length of the public key;Mod characterizes delivery.
A kind of service end, including:First receiving unit, signal generating unit, transmitting element, the second receiving unit, decryption unit And judging unit, wherein,
First receiving unit, for receiving the public key request that client is sent;
The signal generating unit, for for public key request, generating public key and the corresponding private key of the public key;
The transmitting element, for the public key to be sent to into client, so that the client utilizes the public key pair Authentication information is encrypted, and generates the ciphertext of the authentication information;
Second receiving unit, for receiving the ciphertext of the authentication information that the client is sent;
The decryption unit, for process to be decrypted to the ciphertext of the authentication information using the private key, obtains institute State authentication information;
The judging unit, for judging default standard authentication information in the presence or absence of matching with the authentication information Target criteria authentication information, if it is, run the client accessing, otherwise, do not allow the client to access.
Preferably, the signal generating unit, specifically for:
Generate the random number of the public key;
Determine a pair different the first prime numbers and the second prime number;
Using first prime number and the second prime number product as the public key key length;
According to the random number of the public key, using formula one, i.e., following computing formula (2), the public key is determined First decrypted value of the corresponding private key of the random number;
E=D﹣ 1mod[(p-1)(q-1)] (2)
Wherein, E characterizes the first decrypted value of the private key;D characterizes the random number of the public key;P and q are characterized respectively First prime number and second prime number;Mod characterizes delivery;
Using the key length of the public key as the private key the second decrypted value.
Preferably, the decryption unit, specifically for:
Using formula two and the private key, the formula two is following decryption computing formula (3), generates the certification letter Breath;
X=YE mod N (3)
Wherein, X characterizes the authentication information;Y characterizes the ciphertext of the authentication information;E characterizes first decrypted value;N Characterize second decrypted value;Mod characterizes delivery.
A kind of Web service access method, a kind of client, a kind of service end are embodiments provided, by service The identity to client is held effectively to be verified, such that it is able to guarantee that only validated user can just carry out Web service access, because This, it is to avoid anyone problem that can arbitrarily access, meanwhile, carry out authentication while, provided using service end Public key authentication information is encrypted, and decrypted private key is stored in service end, even if so authentication information of client Intercepted by third party, that third party also cannot be decrypted to the information for intercepting, so as to third party cannot be according to the certification for intercepting Information Access Service end, the information of that service end also would not compromised and change, therefore improve the security of Web service.
Description of the drawings
In order to be illustrated more clearly that the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing The accompanying drawing to be used needed for having technology description is briefly described, it should be apparent that, drawings in the following description are the present invention Some embodiments, for those of ordinary skill in the art, on the premise of not paying creative work, can be with basis These accompanying drawings obtain other accompanying drawings.
Fig. 1 is a kind of flow chart of Web service access method that one embodiment of the invention is provided;
Fig. 2 is a kind of flow chart of Web service access method that another embodiment of the present invention is provided;
Fig. 3 is a kind of structural representation of client that one embodiment of the invention is provided;
Fig. 4 is a kind of structural representation of service end that one embodiment of the invention is provided;
Fig. 5 is the structural representation of the system of a kind of Web service access method that one embodiment of the invention is provided and communication Figure;
Fig. 6 is a kind of flow chart of Web service access method that another embodiment of the invention is provided.
Specific embodiment
To make purpose, technical scheme and the advantage of the embodiment of the present invention clearer, below in conjunction with the embodiment of the present invention In accompanying drawing, the technical scheme in the embodiment of the present invention is clearly and completely described, it is clear that described embodiment is The a part of embodiment of the present invention, rather than the embodiment of whole, based on the embodiment in the present invention, those of ordinary skill in the art The every other embodiment obtained on the premise of creative work is not made, belongs to the scope of protection of the invention.
As shown in figure 1, embodiments providing a kind of Web service access method, the method can include following step Suddenly:
Step 101:Public key request is sent to service end, so that the service end generates public key according to public key request.
Step 102:Receive the public key that the service end is sent.
Step 103:Authentication information is encrypted using the public key, generates the ciphertext of the authentication information.
Step 104:The ciphertext is sent to into the service end, so that the service end is according to the ciphertext, it is determined that being It is no to allow to access.
Step 105:When the service end allows to access, the service end is accessed.
In embodiments of the present invention, the identity of client is effectively verified by service end, such that it is able to guarantee only There is the validated user just to carry out Web service access, therefore, it is to avoid anyone problem that can arbitrarily access, meanwhile, entering While row authentication, the public key provided using service end is encrypted to authentication information, and decrypted private key is stored in Service end, even if so the authentication information of client is intercepted by third party, that third party also cannot solve to the information for intercepting It is close, so as to third party cannot according to the authentication information access service end for intercepting, the information of that service end also would not it is compromised and Change, therefore improve the security of Web service.
In an embodiment of the invention, in the step 102, the public key includes:The length of random number and key, be Prevent the authentication information of client from being stolen by third party, then the specific embodiment of the step 103, including:According to encryption Computing formula (1), generates the ciphertext of the authentication information, wherein, the computations formula is:
Y=XD mod M (1)
Wherein, Y characterizes the ciphertext of the authentication information;X characterizes the authentication information;D characterizes the random number of the public key; M characterizes the key length of the public key;Mod characterizes delivery.
The explanation of value, using above-mentioned computations formula (1), when being encrypted to the authentication information of client, To ensure that authentication information can be encrypted, authentication information can be encoded according to default encoder dictionary, this is because certification It is possible to have character string in information, for example, user name is included in authentication information, and user name is typically all by character string group Into, such as " Zhang San ", or " Zhang San abc ", but such character style is to carry out by above-mentioned computations formula Encryption, therefore, in this process, it is necessary to accordingly changed, for example, by taking user name " Zhang San " as an example, can be according to volume Code word allusion quotation carries out the decimal system or the code conversion of other systems, for example, is converted into metric numerical value, the such as decimal system " 25 ", that client is after conversion is completed, it is possible to the public key sent using formula (1) and service end, and authentication information is turned " 25 " after changing are changed into ciphertext Y, it is assumed that the random number of public key is " 3 " and corresponding key length is 33, then ciphertext Y=(25)3 (mod 33)=15625 (mod 33)=16, that is to say, that authentication information " Zhang San " is obtained after the encryption of said process Ciphertext 16.
In embodiments of the present invention, in order to further increase the security of client authentication information, certification is believed above-mentioned After breath " Zhang San " encryption, also carry out using DES (Data Encryption Standard, data encryption standards) AES Secondary encryption a, that is to say, that des encryption is carried out again to ciphertext 16, wherein, the key of secondary encryption may be configured as 64 Binary system, and can be by being stored in advance in the program of validated user client and service end in, therefore, obtaining for the first time plus During close ciphertext, it is possible to carry out secondary encryption to ciphertext 16 by the key of 64, this is for the peace for improving authentication information Full property is significant.
It is encrypted by the authentication information to client, so that the security of client authentication information is protected Barrier, even if authentication information is stolen by third party in transmitting procedure, that third party also can not be to the certification after client encryption Information is decoded, therefore also ensure that the one-to-one relationship of legitimate client and authentication information, and then ensure that Web service The security of access.
As shown in Fig. 2 embodiments providing a kind of Web service access method, the method can include following step Suddenly:
Step 201:Receive the public key request that client is sent.
Step 202:For public key request, public key and the corresponding private key of the public key are generated.
Step 203:The public key is sent to into client, so that the client is entered using the public key to authentication information Row encryption, generates the ciphertext of the authentication information.
Step 204:Receive the ciphertext of the authentication information that the client is sent.
Step 205:Process is decrypted to the ciphertext of the authentication information using the private key, the certification letter is obtained Breath.
Step 206:Judge in default standard authentication information with the presence or absence of the target mark matched with the authentication information Quasi- authentication information, if it is, execution step 207, otherwise, execution step 208.
Step 207:The client is allowed to access.
Step 208:The client is not allowed to access.
In embodiments of the present invention, the identity of client is effectively verified by service end, such that it is able to guarantee only There is the validated user just to carry out Web service access, therefore, it is to avoid anyone problem that can arbitrarily access, meanwhile, entering While row authentication, the public key provided using service end is encrypted to authentication information, and decrypted private key is stored in Service end, even if so the authentication information of client is intercepted by third party, that third party also cannot solve to the information for intercepting It is close, so as to third party cannot according to the authentication information access service end for intercepting, the information of that service end also would not it is compromised and Change, therefore improve the security of Web service.
In an embodiment of the invention, in order to encrypt and decrypt to the authentication information of client, so as to ensure visitor The authentication information safety at family end, the specific embodiment of step 202, including:Generate the random number of the public key;Determine a pair not The first prime number together and the second prime number;First prime number and the second prime number product is long as the key of the public key Degree;According to the random number of the public key, using formula one, i.e., following computing formula (2), determine the public key it is described with First decrypted value of the corresponding private key of machine number;
E=D﹣ 1mod[(p-1)(q-1)] (2)
Wherein, E characterizes the first decrypted value of the private key;D characterizes the random number of the public key;P and q difference tables Levy first prime number and second prime number;Mod characterizes delivery;
Using the key length of the public key as the private key the second decrypted value.
In embodiments of the present invention, the public key and private key that service end is generated is indicated with (D, N) and (E, N), is led to first The Core Generator crossed in system generates the random number of public key, such as D=3, and generates a pair different, sufficiently large prime number p, q, To simplify amount of calculation, with p=3, as a example by q=11, then the key length M=p × q=3 × 11=33 of public key from the above, that Utilize above-mentioned (2), the first decrypted value E=3 of the corresponding private key of the public key can be calculated﹣ 1Mod [(3-1) (11-1)]=3﹣ 1Mod 20=7, the second decrypted value N of private key is equal with the value of the key length M of public key, as N=33, so as to pass through service The public key and the corresponding private key of public key that end generates be respectively (3,33) and (7,33), that following public key (3,33) visitor can be sent to Family end, so that client is encrypted using the public key to authentication information, so as to generate the ciphertext of authentication information, and private key (7, 33) then it is stored in the system of service end, so that service end is carried out when the ciphertext of client transmission is received by the private key Decryption.
Each Web service for each client is accessed, and service end all can at random generate public key and corresponding private key, Then public key is sent to into client, and the corresponding private key of the public key is then stored in this end system, so for the visitor of encryption Family end authentication information, only service end can be decrypted by private key, and other steal the information either party not Decryption can be realized, so as to the authentication information that also would not obtain validated user, therefore, for disabled user be can not be by using The authentication information of validated user carries out Web service access, so as to improve the security of Web service.
In another embodiment, in order to be decrypted to the ciphertext of client authentication information, to get visitor The authentication information at family end, and then judge whether the client can carry out web access, the then specific embodiment party of the step 205 Formula, including:Using formula two and the private key, the formula two is following decryption computing formula (3), generates the certification letter Breath;
X=YE mod N (3)
Wherein, X characterizes the authentication information;Y characterizes the ciphertext of the authentication information;E characterizes first decrypted value;N Characterize second decrypted value;Mod characterizes delivery.
For the ciphertext of the client authentication information for receiving, ciphertext is decrypted using the public key for preserving, with above-mentioned The corresponding private key of public key and public key mentioned be respectively (3,33) and (7,33), ciphertext be " 16 " as a example by, receiving ciphertext 16 Afterwards, using above-mentioned computing formula (3), it is possible to achieve decryption processing, authentication authorization and accounting information X=(16)7 (mod 20)= 268435456 (mod33)=25, are previously noted to be encrypted calculating, according to the encoder dictionary for prestoring to recognizing Card information has carried out decimal system conversion, so as to obtain ciphertext decryption after 25 after, should also be according to the encoder dictionary, by 25 turns Change corresponding character into, it is easy to find corresponding character, i.e. " Zhang San ".
If having carried out secondary encryption to authentication information mentioned above, should first by prestore the 64 of DES Position binary keys carry out first time decryption to ciphertext, at this moment can just obtain above-mentioned ciphertext 16, then again by appeal process, Realize the decryption processing of authentication information.
It is decrypted by the ciphertext of the authentication information sent to client, so as to get the authentication information of client, And then lay the foundation to judge whether the client legal, only when it is determined that authentication information is legal information, the client Can be allowed to carry out Web service access.
From the foregoing, realize that the side that the Web service in the embodiment of the present invention is accessed is client, as shown in figure 3, this Inventive embodiments provide a kind of client, including:First transmitting element 301, receiving unit 302, ciphering unit 303, second Transmitting element 304 and access unit 305, wherein,
First transmitting element 301, for sending public key request to service end, so that the service end is according to the public affairs Key request generates public key;
The receiving unit 302, for receiving the public key that the service end is sent;
The ciphering unit 303, for being encrypted to authentication information using the public key, generates the certification letter The ciphertext of breath;
Second transmitting element 304, for the ciphertext to be sent to into the service end so that the service end according to The ciphertext, it is determined whether allow to access;
The access unit 305, when the service end allows to access, accesses the service end.
In an embodiment of the invention, it is the encryption of realizing client authentication information, receives the public key that service end is sent, The public key includes:The length of random number and key;When being encrypted to authentication information, the ciphering unit 303 is concrete to use In:
According to computations formula (1), the ciphertext of the authentication information is generated, wherein, the computations formula is:
Y=XD mod M (1)
Wherein, Y characterizes the ciphertext of the authentication information;X characterizes the authentication information;D characterizes the random number of the public key; M characterizes the key length of the public key;Mod characterizes delivery.
From the foregoing, realize that the opposing party that Web service is accessed in the embodiment of the present invention is service end, as shown in figure 4, this Inventive embodiments provide a kind of service end, including:First receiving unit 401, signal generating unit 402, transmitting element 403, second Receiving unit 404, decryption unit 405 and judging unit 406, wherein,
First receiving unit 401, for receiving the public key request that client is sent;
The signal generating unit 402, for for public key request, generating public key and the corresponding private key of the public key;
The transmitting element 403, for the public key to be sent to into client, so that the client utilizes the public key Authentication information is encrypted, the ciphertext of the authentication information is generated;
Second receiving unit 404, for receiving the ciphertext of the authentication information that the client is sent;
The decryption unit 405, for process to be decrypted to the ciphertext of the authentication information using the private key, obtains The authentication information;
The judging unit 406, for judging default standard authentication information in whether there is and the authentication information phase The target criteria authentication information of matching, if it is, run the client accessing, otherwise, does not allow the client to access.
In an embodiment of the invention, the public key in response to client is asked, to enable the client to according to public key It is encrypted, and in order to service end is when the ciphertext that client is sent is received, the decryption to the ciphertext can be realized, it is described Signal generating unit 402, specifically for:
Generate the random number of the public key;
Determine a pair different the first prime numbers and the second prime number;
Using first prime number and the second prime number product as the public key key length;
According to the random number of the public key, using formula one, i.e., following computing formula (2), the public key is determined First decrypted value of the corresponding private key of the random number;
E=D﹣ 1mod[(p-1)(q-1)] (2)
Wherein, E characterizes the first decrypted value of the private key;D characterizes the random number of the public key;P and q are characterized respectively First prime number and second prime number;Mod characterizes delivery;
Using the key length of the public key as the private key the second decrypted value.
In another embodiment, it is to realize being decrypted in the ciphertext of the authentication information for sending client Afterwards, judge whether the client is legal, i.e., whether can carry out Web service access, the decryption unit 405, specifically for:
Using formula two and the private key, the formula two is following decryption computing formula (3), generates the certification letter Breath;
X=YE mod N (3)
Wherein, X characterizes the authentication information;Y characterizes the ciphertext of the authentication information;E characterizes first decrypted value;N Characterize second decrypted value;Mod characterizes delivery.
It is with a kind of Web service access shown in Fig. 5 and the system for communicating, with the authentication information of customer end A in Fig. 5 below As a example by the user name and password, a kind of Web service access method provided in an embodiment of the present invention is described in detail, such as Fig. 6 institutes Show, the method may comprise steps of:
Step 601:Standard User name and password are set in advance in service end B.
In embodiments of the present invention, Standard User name and password refer to the certification of the legitimate client that service end B502 is specified Information, wherein, also available client terminal device bill (Ticket) is represented standard challenge, equivalent to unique ID, each legal visitor There are different standard challenges at family end.
Step 602:Customer end A to service end B sends public key request.
As shown in figure 5, the system of the Web service and communication in the embodiment of the present invention is by customer end A 501 and service end B502 Two large divisions is constituted, and in addition, customer end A 501 and service end B502 are to realize that data are believed by network (being not drawn in figure) Breath transmission.When customer end A 501 needs to carry out Web service access, the first transmitting element 5011 is first passed through to service end The first receiving unit 5021 send public key request so that service end responds the request, public key is generated, for for customer end A 501 The user name and password be encrypted.
Step 603:Service end B receives the public key request that customer end A is sent.
When customer end A 501 sends public key asks, the first receiving unit 5021 of service end B502 is used for receiving the public affairs Key is asked.
Step 604:Service end B generates public key (3,33) and the corresponding private of public key for the public key request that customer end A is sent Key (7,33).
After the first receiving unit 5021 of service end B502 in Fig. 5 receives the public key request that customer end A is sent, clothes Business end B502 responds the request, and generates public key at random by signal generating unit 5022, while generating the corresponding private key of the public key, has The public key of body and the generating process of private key, it is identical with the principle for being described before, do not repeating herein, in the embodiment of the present invention In, be to simplify calculating, just with service end B502 generate public key and the corresponding private key of the public key be respectively (3,33) and (7,33) As a example by.
Step 605:Service end B by public key (3,33) be sent to customer end A, and by private key (7,33) be stored in local.
When the signal generating unit 5022 of service end B502 in Fig. 5 generates public key (3,33) and the corresponding private key of public key (7,33) Afterwards, can by transmitting element 5023 by public key (3, the receiving unit 5012 of customer end A 33) is sent to, so that customer end A 501 By public key (3,33) the user name and password is encrypted, the user name and password for preventing customer end A 501 is obtained by third party To after, the information in service end B502 is revealed and changed, in addition, service end B502 can by private key (7,33) protect For being decrypted to the ciphertext of the user name and password after encryption, and can be only that service end B502 can in existing locally Realize decryption, and other either party, due to the private key will not be got, can not all realize decryption processing.
Step 606:Customer end A receives the public key (3,33) that service end B is sent.
When the transmitting element 5023 of service end B502 is sent to customer end A 501, by the reception of customer end A in Fig. 5 501 Unit 5012 receives the public key (3,33) that transmitting element 5023 is sent.
Step 607:Customer end A using public key (3,33), the user name and password of customer end A is encrypted, it is raw Into the ciphertext of the user name and password.
When customer end A 501 receiving unit 5012 receive public key (3,33) after, by the ciphering unit of customer end A 501 5013 using public key (3, the computations formula 33) and in ciphering unit 5013, the user name and password to customer end A 501 Encryption.
The explanation of value, before be that ciphering process is elaborated with user name " Zhang San ", that is when client When authentication information includes much information, the authentication information of the customer end A 501 such as in the embodiment of the present invention includes the user name and password Two kinds, that is in encryption, it should which the user name and password of customer end A 501 is carried out into assembly, so as to unification is encrypted place Reason.By taking the assembled process of one of which the user name and password as an example, and " so-and-so " and password are named as with the use of customer end A 501 As a example by for " * * * * * * ", then specific embodiment can be as follows:First according to the encoder dictionary prestored in customer end A 501, will User name " so-and-so " and password " * * * * * * " carry out respectively scale coding, are to simplify calculating, and user name " so-and-so " is converted to 2, mouth Make " * * * * * * " to be converted to 5, that can then proceed in left and right assembly or other assembly forms, for example, carry out left and right assembly, then Result after assembly is 25, finally can just utilize formula (1), the user name " so-and-so " and password to customer end A 501 Result 25 after " * * * * * * " assembly is encrypted, and obtains ciphertext 16, and concrete calculating process is repeated no more.
For the security for further increasing authentication information, can also further to user name " so-and-so " and password " * * * * * * " Ciphertext carries out secondary encryption, by using the replacement rule in the DES in ciphering unit 5013, to it secondary encryption is carried out.
Step 608:The ciphertext of the user name and password is sent to service end B by customer end A.
After the completion of user name " so-and-so " and password " * * * * * * " unified encryption of the ciphering unit 5013 to customer end A 501, By the second transmitting element 5014 in customer end A 501, the ciphertext of the user name and password of A501 is sent to into service end B502 Second receiving unit 5024.
Step 609:Service end B receives the ciphertext of the user name and password that customer end A is sent.
Second receiving unit 5024 of service end B502 receives the second transmitting element 5014 in customer end A 501 in Fig. 5 Ciphertext after the user name " so-and-so " come and the unified encryption of password " * * * * * * ".
Step 610:Service end B using private key (7,33) be decrypted processs to the ciphertext of the user name and password, obtain objective The user name and password of family end A.
When the second receiving unit 5024 of service end B502 receives the user name " so-and-so " and password of customer end A 501 After ciphertext after " * * * * * * " unified encryption, process is decrypted to ciphertext by decryption unit 5025, if having carried out DES bis- times Encryption, that should carry out first DES decryption, get using public key (3, the ciphertext 16 after 33) encrypting for the first time, then according to solution Close computing formula (3), is decrypted to ciphertext 16, gets the user name " so-and-so " and password " * * * * * * " of customer end A 501.
Step 611:Service end B judge in default Standard User name and password with the presence or absence of customer end A user name and Password, if it is, execution step 612, otherwise, execution step 61.
When the decryption unit 5025 of service end B502 gets the user name " so-and-so " and password of customer end A 501 After " * * * * * * ", judged in default Standard User name and password with the presence or absence of use by the judging unit 5026 of service end B502 Name in an account book " so-and-so " and password " * * * * * * ", if it is, just explanation customer end A 501 is legitimate client, otherwise it is assumed that client A501 is illegal.
Step 612:Service end B to customer end A sends the notice that certification passes through, it is allowed to which customer end A carries out Web service visit Ask.
After the judging unit 5026 of service end B502 judges that customer end A 501 is legal client, show client The certification request of A501 passes through, and can pass through to send the notice being verified so that customer end A 501 carries out Web to service end B502 Service access.Wherein, in the notice being verified, the interim mouth that service end B502 sends to customer end A 501 is included Order, namely interim machine bill (Ticket), this interim Ticket calls connecing for service end B502 for customer end A 501 Mouthful, and the local of service end B502 can be stored in, after the completion of calling interface, this interim Ticket just fails, no longer for that It is useful, and when customer end A 501 recalls interface next time, service end B502 can generate a new interim Ticket again.
Step 613:The notice that the certification that customer end A reception service end B is sent passes through.
Customer end A 501 in Fig. 5 receives the notice that the certification of service end B502 passes through, and service end is included in the notice The interim Ticket that B502 is generated.
Step 614:Customer end A sends service request by calling the interface of service end B to service end B.
In embodiments of the present invention, after the certification request of customer end A 501 passes through, customer end A 501 obtains interface interchange in Fig. 5 Interim Ticket and the business datum of customer end A 501 can be carried out des encryption by unit 5016, generate interim Ticket and business The ciphertext of data, is revealed with the business datum for preventing customer end A 501, then and by interface interchange unit 5015 is sent to service The interface interchange processing unit 5027 of end B502, so that the service request of service end B502 customer in response end A501.
Step 615:Service end B receives the service request that customer end A is sent, and the service request is processed.
When customer end A 501 sends service data request, carried out by the interface interchange processing unit 5027 of service end B502 Receive, and interim Ticket be decrypted with the ciphertext of service data request by DES keys, get interim Ticket with And business datum, then the interim Ticket is compared with local interim Ticket is stored in before, when comparing successfully, ring The service data request of customer end A 501 is answered, the business data processing of customer end A 501 is realized.
Step 616:Service end B will be sent to customer end A to the business data processing result of customer end A, and terminate current Flow process.
Step 617:Do not allow customer end A that Web service access is carried out to service end B, and terminate current process.
To sum up, each embodiment of the invention at least has the advantages that:
1st, in embodiments of the present invention, the identity of client is effectively verified by service end, such that it is able to guarantee Only validated user can just carry out Web service access, therefore, it is to avoid anyone problem that can arbitrarily access, meanwhile, While carrying out authentication, the public key provided using service end is encrypted to authentication information, and decrypted private key is preserved In service end, even if so the authentication information of client is intercepted by third party, that third party also cannot be carried out to the information for intercepting Decryption, so as to third party cannot be according to the authentication information access service end for intercepting, the information of that service end also would not be compromised And change, therefore improve the security of Web service.
2nd, in embodiments of the present invention, it is encrypted by the authentication information to client, so that client certificate The security of information is protected, even if authentication information is stolen by third party in transmitting procedure, that third party also can not be right Authentication information after client encryption is decoded, therefore also ensure that legitimate client is closed with the one-to-one corresponding of authentication information System, and then ensure that the security that Web service is accessed.
3rd, in embodiments of the present invention, each Web service for each client is accessed, and service end all can be generated at random Public key and corresponding private key, are then sent to client by public key, and the corresponding private key of the public key is then stored in this end system In, so for the client authentication information of encryption, only service end can be decrypted by private key, and other steal this Information either party can not realize decryption, so as to the authentication information that also would not obtain validated user, therefore, for illegal User is can not to carry out Web service access by using the authentication information of validated user, so as to improve the safety of Web service Property.
4th, in embodiments of the present invention, it is decrypted by the ciphertext of the authentication information sent to client, so as to obtain To the authentication information of client, and then lay the foundation to judge whether the client is legal, only when it is determined that authentication information is to close During the information of method, the client can be allowed to carry out Web service access.
The contents such as the information exchange between each unit, implementation procedure in said apparatus, due to implementing with the inventive method Example is based on same design, and particular content can be found in the narration in the inventive method embodiment, and here is omitted.
It should be noted that herein, such as first and second etc relational terms are used merely to an entity Or operation makes a distinction with another entity or operation, and not necessarily require or imply presence between these entities or operation Any this actual relation or order.And, term " including ", "comprising" or its any other variant are intended to non- Exclusiveness is included, so that a series of process, method, article or equipment including key elements not only includes those key elements, But also including other key elements being not expressly set out, or also include solid by this process, method, article or equipment Some key elements.In the absence of more restrictions, the key element for being limited by sentence "including a ...", it is not excluded that including Also there is other identical factor in the process of the key element, method, article or equipment.
One of ordinary skill in the art will appreciate that:Realizing all or part of step of said method embodiment can pass through Completing, aforesaid program can be stored in the storage medium of embodied on computer readable the related hardware of programmed instruction, the program Upon execution, the step of including said method embodiment is performed;And aforesaid storage medium includes:ROM, RAM, magnetic disc or light Disk etc. is various can be with the medium of store program codes.
It is last it should be noted that:Presently preferred embodiments of the present invention is the foregoing is only, the skill of the present invention is merely to illustrate Art scheme, is not intended to limit protection scope of the present invention.All any modifications made within the spirit and principles in the present invention, Equivalent, improvement etc., are all contained in protection scope of the present invention.

Claims (10)

1. a kind of Web service access method, it is characterised in that include:
Public key request is sent to service end, so that the service end generates public key according to public key request;
Receive the public key that the service end is sent;
Authentication information is encrypted using the public key, generates the ciphertext of the authentication information;
The ciphertext is sent to into the service end, so that the service end is according to the ciphertext, it is determined whether allow to access;
When the service end allows to access, the service end is accessed.
2. method according to claim 1, it is characterised in that
The public key includes:The length of random number and key;
It is described authentication information is encrypted using the public key, the ciphertext of the authentication information is generated, including:
According to computations formula, the ciphertext of the authentication information is generated, wherein, the computations formula is:
Y=XD mod M
Wherein, Y characterizes the ciphertext of the authentication information;X characterizes the authentication information;D characterizes the random number of the public key;M tables Levy the key length of the public key;Mod characterizes delivery.
3. a kind of Web service access method, it is characterised in that include:
Receive the public key request that client is sent;
For public key request, public key and the corresponding private key of the public key are generated;
The public key is sent to into client, so that the client is encrypted using the public key to authentication information, Generate the ciphertext of the authentication information;
Receive the ciphertext of the authentication information that the client is sent;
Process is decrypted to the ciphertext of the authentication information using the private key, the authentication information is obtained;
Judge to whether there is in default standard authentication information the target criteria authentication information matched with the authentication information, such as Fruit is then to allow the client to access, and otherwise, does not allow the client to access.
4. method according to claim 3, it is characterised in that described for public key request, generates public key and described The corresponding private key of public key, including:
Generate the random number of the public key;
Determine a pair different the first prime numbers and the second prime number;
Using first prime number and the second prime number product as the public key key length;
According to the random number of the public key, using formula one, the corresponding private of the random number of the public key is determined First decrypted value of key;
E=D﹣ 1mod[(p-1)(q-1)]
Wherein, E characterizes the first decrypted value of the private key;D characterizes the random number of the public key;P and q characterize respectively described First prime number and second prime number;Mod characterizes delivery;
Using the key length of the public key as the private key the second decrypted value.
5. method according to claim 4, it is characterised in that the ciphertext using the private key to the authentication information Process is decrypted, the authentication information is obtained, including:
Using formula two and the private key, the authentication information is generated;
X=YE mod N
Wherein, X characterizes the authentication information;Y characterizes the ciphertext of the authentication information;E characterizes first decrypted value;N is characterized Second decrypted value;Mod characterizes delivery.
6. a kind of client, it is characterised in that include:First transmitting element, receiving unit, ciphering unit, the second transmitting element And access unit, wherein,
First transmitting element, for sending public key request to service end, so that the service end is asked according to the public key Generate public key;
The receiving unit, for receiving the public key that the service end is sent;
The ciphering unit, for being encrypted to authentication information using the public key, generates the close of the authentication information Text;
Second transmitting element, for the ciphertext to be sent to into the service end, so that the service end is according to described close Text, it is determined whether allow to access;
The access unit, when the service end allows to access, accesses the service end.
7. client according to claim 6, it is characterised in that
The public key includes:The length of random number and key;
The ciphering unit, specifically for:
According to computations formula, the ciphertext of the authentication information is generated, wherein, the computations formula is:
Y=XD mod M
Wherein, Y characterizes the ciphertext of the authentication information;X characterizes the authentication information;D characterizes the random number of the public key;M tables Levy the key length of the public key;Mod characterizes delivery.
8. a kind of service end, it is characterised in that include:First receiving unit, signal generating unit, transmitting element, the second receiving unit, Decryption unit and judging unit, wherein,
First receiving unit, for receiving the public key request that client is sent;
The signal generating unit, for for public key request, generating public key and the corresponding private key of the public key;
The transmitting element, for the public key to be sent to into client, so that the client utilizes the public key to certification Information is encrypted, and generates the ciphertext of the authentication information;
Second receiving unit, for receiving the ciphertext of the authentication information that the client is sent;
The decryption unit, for being decrypted process to the ciphertext of the authentication information using the private key, obtain described in recognize Card information;
The judging unit, for judging default standard authentication information in the presence or absence of the mesh that matches with the authentication information Mark standard authentication information, if it is, run the client accessing, otherwise, does not allow the client to access.
9. service end according to claim 8, it is characterised in that
The signal generating unit, specifically for:
Generate the random number of the public key;
Determine a pair different the first prime numbers and the second prime number;
Using first prime number and the second prime number product as the public key key length;
According to the random number of the public key, using formula one, the corresponding private of the random number of the public key is determined First decrypted value of key;
E=D﹣ 1mod[(p-1)(q-1)]
Wherein, E characterizes the first decrypted value of the private key;D characterizes the random number of the public key;P and q characterize respectively described First prime number and second prime number;Mod characterizes delivery;
Using the key length of the public key as the private key the second decrypted value.
10. service end according to claim 9, it is characterised in that
The decryption unit, specifically for:
Using formula two and the private key, the authentication information is generated;
X=YE mod N
Wherein, X characterizes the authentication information;Y characterizes the ciphertext of the authentication information;E characterizes first decrypted value;N is characterized Second decrypted value;Mod characterizes delivery.
CN201610855041.8A 2016-09-27 2016-09-27 Web service access method, client side and server side Pending CN106572076A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610855041.8A CN106572076A (en) 2016-09-27 2016-09-27 Web service access method, client side and server side

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610855041.8A CN106572076A (en) 2016-09-27 2016-09-27 Web service access method, client side and server side

Publications (1)

Publication Number Publication Date
CN106572076A true CN106572076A (en) 2017-04-19

Family

ID=58532551

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610855041.8A Pending CN106572076A (en) 2016-09-27 2016-09-27 Web service access method, client side and server side

Country Status (1)

Country Link
CN (1) CN106572076A (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107634946A (en) * 2017-09-12 2018-01-26 郑州云海信息技术有限公司 A kind of micro services node legitimacy verification method and device
CN109379345A (en) * 2018-09-28 2019-02-22 阿里巴巴集团控股有限公司 Sensitive information transmission method and system
CN111193743A (en) * 2019-12-31 2020-05-22 浪潮电子信息产业股份有限公司 Identity authentication method, system and related device of storage system
CN112257086A (en) * 2020-10-23 2021-01-22 华云数据控股集团有限公司 User privacy data protection method and electronic equipment
CN112291190A (en) * 2020-07-28 2021-01-29 国网思极网安科技(北京)有限公司 Identity authentication method, terminal and server
CN112351023A (en) * 2020-10-30 2021-02-09 杭州安恒信息技术股份有限公司 Data sharing and transmission method and system
CN112507357A (en) * 2020-12-09 2021-03-16 华南理工大学 Multi-level interface design method based on key generator
CN112926076A (en) * 2021-03-29 2021-06-08 建信金融科技有限责任公司 Data processing method, device and system
CN114531295A (en) * 2022-03-01 2022-05-24 中国光大银行股份有限公司 User behavior auditing system, method, equipment and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1547343A (en) * 2003-12-17 2004-11-17 上海市高级人民法院 A Single Sign On method based on digital certificate
CN101299667A (en) * 2008-06-05 2008-11-05 华为技术有限公司 Authentication method, system, client equipment and server
CN104394123A (en) * 2014-11-06 2015-03-04 成都卫士通信息产业股份有限公司 A data encryption transmission system and method based on an HTTP
CN104468115A (en) * 2013-10-28 2015-03-25 安信通科技(澳门)有限公司 Information system access authentication method and device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1547343A (en) * 2003-12-17 2004-11-17 上海市高级人民法院 A Single Sign On method based on digital certificate
CN101299667A (en) * 2008-06-05 2008-11-05 华为技术有限公司 Authentication method, system, client equipment and server
CN104468115A (en) * 2013-10-28 2015-03-25 安信通科技(澳门)有限公司 Information system access authentication method and device
CN104394123A (en) * 2014-11-06 2015-03-04 成都卫士通信息产业股份有限公司 A data encryption transmission system and method based on an HTTP

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107634946A (en) * 2017-09-12 2018-01-26 郑州云海信息技术有限公司 A kind of micro services node legitimacy verification method and device
CN109379345B (en) * 2018-09-28 2021-02-19 创新先进技术有限公司 Sensitive information transmission method and system
CN109379345A (en) * 2018-09-28 2019-02-22 阿里巴巴集团控股有限公司 Sensitive information transmission method and system
CN111193743A (en) * 2019-12-31 2020-05-22 浪潮电子信息产业股份有限公司 Identity authentication method, system and related device of storage system
CN112291190A (en) * 2020-07-28 2021-01-29 国网思极网安科技(北京)有限公司 Identity authentication method, terminal and server
CN112291190B (en) * 2020-07-28 2022-10-14 国网思极网安科技(北京)有限公司 Identity authentication method, terminal and server
CN112257086A (en) * 2020-10-23 2021-01-22 华云数据控股集团有限公司 User privacy data protection method and electronic equipment
CN112257086B (en) * 2020-10-23 2022-02-01 华云数据控股集团有限公司 User privacy data protection method and electronic equipment
CN112351023A (en) * 2020-10-30 2021-02-09 杭州安恒信息技术股份有限公司 Data sharing and transmission method and system
CN112507357A (en) * 2020-12-09 2021-03-16 华南理工大学 Multi-level interface design method based on key generator
CN112507357B (en) * 2020-12-09 2024-03-29 华南理工大学 Multi-stage interface design method based on key generator
CN112926076A (en) * 2021-03-29 2021-06-08 建信金融科技有限责任公司 Data processing method, device and system
CN112926076B (en) * 2021-03-29 2023-03-21 中国建设银行股份有限公司 Data processing method, device and system
CN114531295A (en) * 2022-03-01 2022-05-24 中国光大银行股份有限公司 User behavior auditing system, method, equipment and storage medium

Similar Documents

Publication Publication Date Title
CN106572076A (en) Web service access method, client side and server side
CN111783075B (en) Authority management method, device and medium based on secret key and electronic equipment
CN104065652B (en) A kind of auth method, device, system and relevant device
KR102055116B1 (en) Data security service
CN109416722B (en) Secure collection of sensitive data
US10915897B2 (en) Token management for enhanced omni-channel payments experience and analytics
US9325499B1 (en) Message encryption and decryption utilizing low-entropy keys
WO2013101358A1 (en) System and method for secure network login
CN101145911B (en) Identity authentication method with privacy protection and password retrieval function
CN102782694A (en) Transaction auditing for data security devices
CN109981665B (en) Resource providing method and device, and resource access method, device and system
CN109726578B (en) Dynamic two-dimensional code anti-counterfeiting solution
CN105187382A (en) Multi-factor identity authentication method for preventing library collision attacks
CN104125230A (en) Short message authentication service system and authentication method
CN108737390A (en) Protect the authentication method and system of user name privacy
CN110572392A (en) Identity authentication method based on HyperLegger network
CN201717885U (en) Code providing equipment and code identification system
CN105743883B (en) A kind of the identity attribute acquisition methods and device of network application
CN114553573A (en) Identity authentication method and device
CA2904646A1 (en) Secure authentication using dynamic passcode
TWI640928B (en) System for generating and decrypting two-dimensional codes and method thereof
CN115276991B (en) Secure chip dynamic key generation method, secure chip device, equipment and medium
Umar An Authentication of Significant security for accessing Password through Network System
CN114500031A (en) System, method, electronic device and medium for obtaining BI report form based on single sign-on
CN115622753A (en) Data processing method, device and equipment and computer readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20170419

RJ01 Rejection of invention patent application after publication