CN107147677A - User authentication and document protection method based on asymmetric encryption - Google Patents
User authentication and document protection method based on asymmetric encryption Download PDFInfo
- Publication number
- CN107147677A CN107147677A CN201710560821.4A CN201710560821A CN107147677A CN 107147677 A CN107147677 A CN 107147677A CN 201710560821 A CN201710560821 A CN 201710560821A CN 107147677 A CN107147677 A CN 107147677A
- Authority
- CN
- China
- Prior art keywords
- content
- public key
- file
- address
- application software
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/126—Applying verification of the received information the source of the received data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/06—Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
Abstract
The invention discloses the user authentication based on asymmetric encryption and document protection method, comprise the following steps:Content providers provide public key in asymmetric encryption mode to the integrated side of content and store the public key;The integrated side of content is received after the inquiry content data request of application software, and the address of the corresponding content file download request address of institute's query context data, content-data, public key, content providers is supplied into application software in the way of public key is encrypted;Application software provides public key, content file download request address to ask the download of respective file in the form of ciphertext to the address of content providers;Content providers, which are received, to be extracted public key and verifies the public key after the request, if checking does not pass through, be not responding to;If being verified, content file download request address ciphertext is decrypted with private key, the file stream of application software corresponding address file is obtained and return to.Its not only content file it is safe, and communication link is short, server stress is small.
Description
Technical field
The present invention relates to resource file downloading method field, and in particular to a kind of user authentication based on asymmetric encryption with
Document protection method.
Background technology
It is related to three different systems in the downloading process of existing resource file, is that the integrated side of content, content are carried respectively
Supplier, application software.The content file that content providers are provided is output in any application software under progress by the integrated side of content
Carry, to the data of the integrated side's offer content of content, to inquire about, and only, the user of the accreditation integrated side of content downloads content providers
Use content file;Application software inquires about its integrated all the elements data to the integrated side of content, downloaded content file when
Time is then to go to download to content providers.The integrated side of content will be literary to content is downloaded required for application software exposure in this process
Part address, application software is taken directly goes to ask file download behind download file address to the file server of content providers.
Exposed file address is easily scanned in transmitting procedure to intercept and capture.Therefore need during asking to download by application software
The user profile for carrying the integrated side of content submits to content providers, and goes confirmation user from content providers to the integrated side of content
The legitimacy of information.Often download once any file to be required for realizing above-mentioned flow, provided to the integrated side of content and content
Fang Zaocheng very big server process pressure, and file address exposure is easily scanned and cause file security not obtain
Ensure, finally also result in tripartite in information exchanging process be required for participate in and information transmission flow complexity is very long.
The content of the invention
In order to solve the above-mentioned technical problem the present invention provides a kind of user authentication based on asymmetric encryption and is protected with file
Method.
The present invention is achieved through the following technical solutions:
User authentication and document protection method based on asymmetric encryption, comprise the following steps:
A, content providers provide public key in asymmetric encryption mode to the integrated side of content and store the public key;
The integrated side of B, content is received after the inquiry content data request of application software, and institute's query context data are corresponding
Content file download request address, public key, the address of content providers are supplied to application software in the way of public key is encrypted;
C, application software provide public key, content file download request address in the form of ciphertext to the address of content providers
To ask the download of respective file;
D, content providers, which are received, to be extracted public key and verifies the public key after the request, if checking does not pass through, be not responding to;
If being verified, content file download request address ciphertext is decrypted with private key, obtains and returns to application software pair
Answer the file stream of address file.
Using the method for scheme, content providers without after the request of application software is received the integrated side of whereabouts content it is true
Recognize whether user is legal, as long as public key can be inquired in the database of public keys of preservation, it is legal to regard as user, and the public affairs
Key is only used for encryption and is not useable for decryption, so even be trapped request can not also obtain address that file really downloads from
And ensure content file safety.The user authentication that tripartite is participated in is reduced to two sides communication and can be certified, and reduces communication chain length
Cancel the process of the subscriber confirming of the integrated side of content and content providers simultaneously so be reduced to service pressure that this brings with
Server overhead.
It is advantageous in that public key is used to encrypt using asymmetric encryption mode, private key is used to decrypt and content in use
Provider provides public key and gives Service Ticket of the integrated Fang Bingke of content as the integrated side of content.Private key is relative on the premise of not leaking
Other symmetric cryptography modes are safer.
Preferably, the content providers include an api interface for being used to receive application software requested content files.
As data communication mode, it carries data markers mode flexibly to api interface mode, carries data volume greatly, and visitor can be entered
Row data verification.And Socket data communication modes need to set up connection, flexibility is poor.
Preferably, the verification process of the step D is:The public key of extraction is inquired about in the public key that content providers are stored
Affiliated content is integrated.Content herein is integrated to refer to data and file being incorporated into the integrated side of content implicitly.Content set
All integrated contents are combined into an entirety so that being carried using that above will not discover multiple contents when externally delivery into side
Content-data and content file that supplier provides.
Preferably, in order to further improve in security, step A, public key timing updates.
The present invention compared with prior art, has the following advantages and advantages:
1st, method of the invention is when downloading, the integrated direction application software transmission content file download request address of content,
Content-data, public key, the address of content providers are simultaneously supplied to application software in the way of public key is encrypted, application software with
The form of ciphertext sends download request to the address of content providers, and content providers directly return to text after being verified to request
Part stream, even if whole process intercepts request and can not also obtain the address that file is really downloaded, is not only ensured to application software
Content file safety, and by the way of two sides communication certification, reduce communication chain length and cancel the integrated side of content simultaneously and interior
Hold the process of the subscriber confirming of provider and then be reduced to this service pressure and server overhead for bringing.
Embodiment
For the object, technical solutions and advantages of the present invention are more clearly understood, with reference to embodiment, to present invention work
Further to describe in detail, exemplary embodiment and its explanation of the invention is only used for explaining the present invention, is not intended as to this
The restriction of invention.
Embodiment 1
User authentication and document protection method based on asymmetric encryption, comprise the following steps:
A, content providers provide public key in asymmetric encryption mode to the integrated side of content and store the public key;
The integrated side of B, content is received after the inquiry content data request of application software, and institute's query context data are corresponding
Content file download request address, public key, the address of content providers are supplied to application software in the way of public key is encrypted;
C, application software provide public key, content file download request address in the form of ciphertext to the address of content providers
To ask the download of respective file;
D, content providers, which are received, to be extracted public key and verifies the public key after the request, if checking does not pass through, be not responding to;
If being verified, content file download request address ciphertext is decrypted with private key, obtains and returns to application software pair
Answer the file stream of address file.
Embodiment 2
Son is described in detail the present embodiment as an example on the basis of above-described embodiment.
By taking existing educational resource file download as an example.
If a high school student wants to download some simulation examination question, the simulation test resource is stored in the A clothes of content providers company A
It is engaged on device, the integrated side of content is the B servers of B companies.Side of the A servers in the asymmetric encryption mode arranged regularly to update
Formula provides public key to B servers, and the public key is stored in A servers as one of authentication information to B servers.
The high school student is sent by mobile phone, flat board, computer or other smart machines that can install application software to B servers
Content data request is inquired about, B servers are received after the request, by the corresponding content file download request of institute's query context data
Address is encrypted with public key and is supplied to smart machine in the lump in company with the api interface address of content-data, public key, A servers,
Content-data herein refers to resource file related data, and resource file project closes packet and contains filename, file type, text
Part medium type;Smart machine directly provides public key, content file download request when file is downloaded to api interface address
Address ciphertext asks the download of respective file.Ask what is extracted public key and preserved from oneself when the api interface of A servers is received
Inquiry belongs to the integrated side of which content in public key, does not find, belongs to illegal request and do not respond, will be right if inquiring
The file download request address ciphertext answered is decrypted using private key, by the file extraction document stream of corresponding address after decryption,
File stream is directly returned into smart machine to download.
Above-described embodiment, has been carried out further to the purpose of the present invention, technical scheme and beneficial effect
Describe in detail, should be understood that the embodiment that the foregoing is only the present invention, be not intended to limit the present invention
Protection domain, within the spirit and principles of the invention, any modification, equivalent substitution and improvements done etc. all should be included
Within protection scope of the present invention.
Claims (4)
1. user authentication and document protection method based on asymmetric encryption, it is characterised in that comprise the following steps:
A, content providers provide public key in asymmetric encryption mode to the integrated side of content and store the public key;
The integrated side of B, content is received after the inquiry content data request of application software, by the corresponding content of institute's query context data
File download request address, public key, the address of content providers are supplied to application software in the way of public key is encrypted;C, should
With software in the form of address from ciphertext to content providers provide public key, content file download request address with ask correspondence text
The download of part;
D, content providers, which are received, to be extracted public key and verifies the public key after the request, if checking does not pass through, be not responding to;If testing
Card passes through, then content file download request address ciphertext is decrypted with private key, obtains and return to application software accordingly
The file stream of location file.
2. user authentication and document protection method according to claim 1 based on asymmetric encryption, it is characterised in that institute
Stating content providers includes an api interface for being used to receive application software requested content files.
3. user authentication and document protection method according to claim 1 based on asymmetric encryption, it is characterised in that institute
The verification process for stating step D is:The affiliated content of public key that extraction is inquired about in the public key that content providers are stored is integrated.
4. user authentication and document protection method according to claim 1 based on asymmetric encryption, it is characterised in that step
In rapid A, public key timing updates.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710560821.4A CN107147677B (en) | 2017-07-11 | 2017-07-11 | User authentication and file protection method based on asymmetric encryption |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710560821.4A CN107147677B (en) | 2017-07-11 | 2017-07-11 | User authentication and file protection method based on asymmetric encryption |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107147677A true CN107147677A (en) | 2017-09-08 |
CN107147677B CN107147677B (en) | 2020-06-16 |
Family
ID=59775913
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710560821.4A Active CN107147677B (en) | 2017-07-11 | 2017-07-11 | User authentication and file protection method based on asymmetric encryption |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107147677B (en) |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1859108A (en) * | 2006-01-13 | 2006-11-08 | 华为技术有限公司 | Data downloading system and method for controlling downloading business effectiveness |
US7308710B2 (en) * | 2001-09-28 | 2007-12-11 | Jp Morgan Chase Bank | Secured FTP architecture |
CN101118557A (en) * | 2007-09-17 | 2008-02-06 | 腾讯科技(深圳)有限公司 | Network information searching method and searching system thereof |
CN102316378A (en) * | 2011-09-23 | 2012-01-11 | 清华大学深圳研究生院 | Digital copyright protection method based on set-top box and system |
US9137222B2 (en) * | 2012-10-31 | 2015-09-15 | Vmware, Inc. | Crypto proxy for cloud storage services |
CN105491073A (en) * | 2016-01-21 | 2016-04-13 | 腾讯科技(深圳)有限公司 | Data downloading method, device and system |
-
2017
- 2017-07-11 CN CN201710560821.4A patent/CN107147677B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7308710B2 (en) * | 2001-09-28 | 2007-12-11 | Jp Morgan Chase Bank | Secured FTP architecture |
CN1859108A (en) * | 2006-01-13 | 2006-11-08 | 华为技术有限公司 | Data downloading system and method for controlling downloading business effectiveness |
CN101118557A (en) * | 2007-09-17 | 2008-02-06 | 腾讯科技(深圳)有限公司 | Network information searching method and searching system thereof |
CN102316378A (en) * | 2011-09-23 | 2012-01-11 | 清华大学深圳研究生院 | Digital copyright protection method based on set-top box and system |
US9137222B2 (en) * | 2012-10-31 | 2015-09-15 | Vmware, Inc. | Crypto proxy for cloud storage services |
CN105491073A (en) * | 2016-01-21 | 2016-04-13 | 腾讯科技(深圳)有限公司 | Data downloading method, device and system |
Also Published As
Publication number | Publication date |
---|---|
CN107147677B (en) | 2020-06-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11128477B2 (en) | Electronic certification system | |
CN111585749B (en) | Data transmission method, device, system and equipment | |
CN107040922B (en) | Wireless network connecting method, apparatus and system | |
EP2255507B1 (en) | A system and method for securely issuing subscription credentials to communication devices | |
CN106304074B (en) | Auth method and system towards mobile subscriber | |
CN106209726B (en) | Mobile application single sign-on method and device | |
CN103546289B (en) | USB (universal serial bus) Key based secure data transmission method and system | |
CN105306211B (en) | A kind of identity identifying method of client software | |
CN103685138A (en) | Method and system for authenticating application software of Android platform on mobile internet | |
KR20180095873A (en) | Wireless network access method and apparatus, and storage medium | |
JP2008099267A (en) | Method for securing session between wireless terminal and equipment in network | |
CN109729080A (en) | Access attack guarding method and system based on block chain domain name system | |
CN103297403A (en) | Method and system for achieving dynamic password authentication | |
CN109618341A (en) | A kind of digital signature authentication method, system, device and storage medium | |
CN106060078A (en) | User information encryption method, user registration method and user validation method applied to cloud platform | |
CN109672675A (en) | A kind of WEB authentication method of the cryptographic service middleware based on OAuth2.0 | |
CN106845986A (en) | The signature method and system of a kind of digital certificate | |
CN110475249A (en) | A kind of authentication method, relevant device and system | |
CN104243439A (en) | File transfer processing method and system and terminals | |
CN103024735B (en) | Method and equipment for service access of card-free terminal | |
JP2009118110A (en) | Method and system for provisioning meta data of authentication system, its program and recording medium | |
CN102208980A (en) | Communication method and system | |
CN110807210B (en) | Information processing method, platform, system and computer storage medium | |
CN104901967A (en) | Registration method for trusted device | |
CN111901287B (en) | Method and device for providing encryption information for light application and intelligent equipment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |