CN107147677A - User authentication and document protection method based on asymmetric encryption - Google Patents

User authentication and document protection method based on asymmetric encryption Download PDF

Info

Publication number
CN107147677A
CN107147677A CN201710560821.4A CN201710560821A CN107147677A CN 107147677 A CN107147677 A CN 107147677A CN 201710560821 A CN201710560821 A CN 201710560821A CN 107147677 A CN107147677 A CN 107147677A
Authority
CN
China
Prior art keywords
content
public key
file
address
application software
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710560821.4A
Other languages
Chinese (zh)
Other versions
CN107147677B (en
Inventor
连接力
吴豪
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sichuan Wenxuan Education Science & Technology Co Ltd
Original Assignee
Sichuan Wenxuan Education Science & Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sichuan Wenxuan Education Science & Technology Co Ltd filed Critical Sichuan Wenxuan Education Science & Technology Co Ltd
Priority to CN201710560821.4A priority Critical patent/CN107147677B/en
Publication of CN107147677A publication Critical patent/CN107147677A/en
Application granted granted Critical
Publication of CN107147677B publication Critical patent/CN107147677B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/126Applying verification of the received information the source of the received data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]

Abstract

The invention discloses the user authentication based on asymmetric encryption and document protection method, comprise the following steps:Content providers provide public key in asymmetric encryption mode to the integrated side of content and store the public key;The integrated side of content is received after the inquiry content data request of application software, and the address of the corresponding content file download request address of institute's query context data, content-data, public key, content providers is supplied into application software in the way of public key is encrypted;Application software provides public key, content file download request address to ask the download of respective file in the form of ciphertext to the address of content providers;Content providers, which are received, to be extracted public key and verifies the public key after the request, if checking does not pass through, be not responding to;If being verified, content file download request address ciphertext is decrypted with private key, the file stream of application software corresponding address file is obtained and return to.Its not only content file it is safe, and communication link is short, server stress is small.

Description

User authentication and document protection method based on asymmetric encryption
Technical field
The present invention relates to resource file downloading method field, and in particular to a kind of user authentication based on asymmetric encryption with Document protection method.
Background technology
It is related to three different systems in the downloading process of existing resource file, is that the integrated side of content, content are carried respectively Supplier, application software.The content file that content providers are provided is output in any application software under progress by the integrated side of content Carry, to the data of the integrated side's offer content of content, to inquire about, and only, the user of the accreditation integrated side of content downloads content providers Use content file;Application software inquires about its integrated all the elements data to the integrated side of content, downloaded content file when Time is then to go to download to content providers.The integrated side of content will be literary to content is downloaded required for application software exposure in this process Part address, application software is taken directly goes to ask file download behind download file address to the file server of content providers. Exposed file address is easily scanned in transmitting procedure to intercept and capture.Therefore need during asking to download by application software The user profile for carrying the integrated side of content submits to content providers, and goes confirmation user from content providers to the integrated side of content The legitimacy of information.Often download once any file to be required for realizing above-mentioned flow, provided to the integrated side of content and content Fang Zaocheng very big server process pressure, and file address exposure is easily scanned and cause file security not obtain Ensure, finally also result in tripartite in information exchanging process be required for participate in and information transmission flow complexity is very long.
The content of the invention
In order to solve the above-mentioned technical problem the present invention provides a kind of user authentication based on asymmetric encryption and is protected with file Method.
The present invention is achieved through the following technical solutions:
User authentication and document protection method based on asymmetric encryption, comprise the following steps:
A, content providers provide public key in asymmetric encryption mode to the integrated side of content and store the public key;
The integrated side of B, content is received after the inquiry content data request of application software, and institute's query context data are corresponding Content file download request address, public key, the address of content providers are supplied to application software in the way of public key is encrypted;
C, application software provide public key, content file download request address in the form of ciphertext to the address of content providers To ask the download of respective file;
D, content providers, which are received, to be extracted public key and verifies the public key after the request, if checking does not pass through, be not responding to; If being verified, content file download request address ciphertext is decrypted with private key, obtains and returns to application software pair Answer the file stream of address file.
Using the method for scheme, content providers without after the request of application software is received the integrated side of whereabouts content it is true Recognize whether user is legal, as long as public key can be inquired in the database of public keys of preservation, it is legal to regard as user, and the public affairs Key is only used for encryption and is not useable for decryption, so even be trapped request can not also obtain address that file really downloads from And ensure content file safety.The user authentication that tripartite is participated in is reduced to two sides communication and can be certified, and reduces communication chain length Cancel the process of the subscriber confirming of the integrated side of content and content providers simultaneously so be reduced to service pressure that this brings with Server overhead.
It is advantageous in that public key is used to encrypt using asymmetric encryption mode, private key is used to decrypt and content in use Provider provides public key and gives Service Ticket of the integrated Fang Bingke of content as the integrated side of content.Private key is relative on the premise of not leaking Other symmetric cryptography modes are safer.
Preferably, the content providers include an api interface for being used to receive application software requested content files. As data communication mode, it carries data markers mode flexibly to api interface mode, carries data volume greatly, and visitor can be entered Row data verification.And Socket data communication modes need to set up connection, flexibility is poor.
Preferably, the verification process of the step D is:The public key of extraction is inquired about in the public key that content providers are stored Affiliated content is integrated.Content herein is integrated to refer to data and file being incorporated into the integrated side of content implicitly.Content set All integrated contents are combined into an entirety so that being carried using that above will not discover multiple contents when externally delivery into side Content-data and content file that supplier provides.
Preferably, in order to further improve in security, step A, public key timing updates.
The present invention compared with prior art, has the following advantages and advantages:
1st, method of the invention is when downloading, the integrated direction application software transmission content file download request address of content, Content-data, public key, the address of content providers are simultaneously supplied to application software in the way of public key is encrypted, application software with The form of ciphertext sends download request to the address of content providers, and content providers directly return to text after being verified to request Part stream, even if whole process intercepts request and can not also obtain the address that file is really downloaded, is not only ensured to application software Content file safety, and by the way of two sides communication certification, reduce communication chain length and cancel the integrated side of content simultaneously and interior Hold the process of the subscriber confirming of provider and then be reduced to this service pressure and server overhead for bringing.
Embodiment
For the object, technical solutions and advantages of the present invention are more clearly understood, with reference to embodiment, to present invention work Further to describe in detail, exemplary embodiment and its explanation of the invention is only used for explaining the present invention, is not intended as to this The restriction of invention.
Embodiment 1
User authentication and document protection method based on asymmetric encryption, comprise the following steps:
A, content providers provide public key in asymmetric encryption mode to the integrated side of content and store the public key;
The integrated side of B, content is received after the inquiry content data request of application software, and institute's query context data are corresponding Content file download request address, public key, the address of content providers are supplied to application software in the way of public key is encrypted;
C, application software provide public key, content file download request address in the form of ciphertext to the address of content providers To ask the download of respective file;
D, content providers, which are received, to be extracted public key and verifies the public key after the request, if checking does not pass through, be not responding to; If being verified, content file download request address ciphertext is decrypted with private key, obtains and returns to application software pair Answer the file stream of address file.
Embodiment 2
Son is described in detail the present embodiment as an example on the basis of above-described embodiment.
By taking existing educational resource file download as an example.
If a high school student wants to download some simulation examination question, the simulation test resource is stored in the A clothes of content providers company A It is engaged on device, the integrated side of content is the B servers of B companies.Side of the A servers in the asymmetric encryption mode arranged regularly to update Formula provides public key to B servers, and the public key is stored in A servers as one of authentication information to B servers.
The high school student is sent by mobile phone, flat board, computer or other smart machines that can install application software to B servers Content data request is inquired about, B servers are received after the request, by the corresponding content file download request of institute's query context data Address is encrypted with public key and is supplied to smart machine in the lump in company with the api interface address of content-data, public key, A servers, Content-data herein refers to resource file related data, and resource file project closes packet and contains filename, file type, text Part medium type;Smart machine directly provides public key, content file download request when file is downloaded to api interface address Address ciphertext asks the download of respective file.Ask what is extracted public key and preserved from oneself when the api interface of A servers is received Inquiry belongs to the integrated side of which content in public key, does not find, belongs to illegal request and do not respond, will be right if inquiring The file download request address ciphertext answered is decrypted using private key, by the file extraction document stream of corresponding address after decryption, File stream is directly returned into smart machine to download.
Above-described embodiment, has been carried out further to the purpose of the present invention, technical scheme and beneficial effect Describe in detail, should be understood that the embodiment that the foregoing is only the present invention, be not intended to limit the present invention Protection domain, within the spirit and principles of the invention, any modification, equivalent substitution and improvements done etc. all should be included Within protection scope of the present invention.

Claims (4)

1. user authentication and document protection method based on asymmetric encryption, it is characterised in that comprise the following steps:
A, content providers provide public key in asymmetric encryption mode to the integrated side of content and store the public key;
The integrated side of B, content is received after the inquiry content data request of application software, by the corresponding content of institute's query context data File download request address, public key, the address of content providers are supplied to application software in the way of public key is encrypted;C, should With software in the form of address from ciphertext to content providers provide public key, content file download request address with ask correspondence text The download of part;
D, content providers, which are received, to be extracted public key and verifies the public key after the request, if checking does not pass through, be not responding to;If testing Card passes through, then content file download request address ciphertext is decrypted with private key, obtains and return to application software accordingly The file stream of location file.
2. user authentication and document protection method according to claim 1 based on asymmetric encryption, it is characterised in that institute Stating content providers includes an api interface for being used to receive application software requested content files.
3. user authentication and document protection method according to claim 1 based on asymmetric encryption, it is characterised in that institute The verification process for stating step D is:The affiliated content of public key that extraction is inquired about in the public key that content providers are stored is integrated.
4. user authentication and document protection method according to claim 1 based on asymmetric encryption, it is characterised in that step In rapid A, public key timing updates.
CN201710560821.4A 2017-07-11 2017-07-11 User authentication and file protection method based on asymmetric encryption Active CN107147677B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710560821.4A CN107147677B (en) 2017-07-11 2017-07-11 User authentication and file protection method based on asymmetric encryption

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710560821.4A CN107147677B (en) 2017-07-11 2017-07-11 User authentication and file protection method based on asymmetric encryption

Publications (2)

Publication Number Publication Date
CN107147677A true CN107147677A (en) 2017-09-08
CN107147677B CN107147677B (en) 2020-06-16

Family

ID=59775913

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710560821.4A Active CN107147677B (en) 2017-07-11 2017-07-11 User authentication and file protection method based on asymmetric encryption

Country Status (1)

Country Link
CN (1) CN107147677B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1859108A (en) * 2006-01-13 2006-11-08 华为技术有限公司 Data downloading system and method for controlling downloading business effectiveness
US7308710B2 (en) * 2001-09-28 2007-12-11 Jp Morgan Chase Bank Secured FTP architecture
CN101118557A (en) * 2007-09-17 2008-02-06 腾讯科技(深圳)有限公司 Network information searching method and searching system thereof
CN102316378A (en) * 2011-09-23 2012-01-11 清华大学深圳研究生院 Digital copyright protection method based on set-top box and system
US9137222B2 (en) * 2012-10-31 2015-09-15 Vmware, Inc. Crypto proxy for cloud storage services
CN105491073A (en) * 2016-01-21 2016-04-13 腾讯科技(深圳)有限公司 Data downloading method, device and system

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7308710B2 (en) * 2001-09-28 2007-12-11 Jp Morgan Chase Bank Secured FTP architecture
CN1859108A (en) * 2006-01-13 2006-11-08 华为技术有限公司 Data downloading system and method for controlling downloading business effectiveness
CN101118557A (en) * 2007-09-17 2008-02-06 腾讯科技(深圳)有限公司 Network information searching method and searching system thereof
CN102316378A (en) * 2011-09-23 2012-01-11 清华大学深圳研究生院 Digital copyright protection method based on set-top box and system
US9137222B2 (en) * 2012-10-31 2015-09-15 Vmware, Inc. Crypto proxy for cloud storage services
CN105491073A (en) * 2016-01-21 2016-04-13 腾讯科技(深圳)有限公司 Data downloading method, device and system

Also Published As

Publication number Publication date
CN107147677B (en) 2020-06-16

Similar Documents

Publication Publication Date Title
US11128477B2 (en) Electronic certification system
CN111585749B (en) Data transmission method, device, system and equipment
CN107040922B (en) Wireless network connecting method, apparatus and system
EP2255507B1 (en) A system and method for securely issuing subscription credentials to communication devices
CN106304074B (en) Auth method and system towards mobile subscriber
CN106209726B (en) Mobile application single sign-on method and device
CN103546289B (en) USB (universal serial bus) Key based secure data transmission method and system
CN105306211B (en) A kind of identity identifying method of client software
CN103685138A (en) Method and system for authenticating application software of Android platform on mobile internet
KR20180095873A (en) Wireless network access method and apparatus, and storage medium
JP2008099267A (en) Method for securing session between wireless terminal and equipment in network
CN109729080A (en) Access attack guarding method and system based on block chain domain name system
CN103297403A (en) Method and system for achieving dynamic password authentication
CN109618341A (en) A kind of digital signature authentication method, system, device and storage medium
CN106060078A (en) User information encryption method, user registration method and user validation method applied to cloud platform
CN109672675A (en) A kind of WEB authentication method of the cryptographic service middleware based on OAuth2.0
CN106845986A (en) The signature method and system of a kind of digital certificate
CN110475249A (en) A kind of authentication method, relevant device and system
CN104243439A (en) File transfer processing method and system and terminals
CN103024735B (en) Method and equipment for service access of card-free terminal
JP2009118110A (en) Method and system for provisioning meta data of authentication system, its program and recording medium
CN102208980A (en) Communication method and system
CN110807210B (en) Information processing method, platform, system and computer storage medium
CN104901967A (en) Registration method for trusted device
CN111901287B (en) Method and device for providing encryption information for light application and intelligent equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant