CN107231237A - A kind of safe credit method and system - Google Patents
A kind of safe credit method and system Download PDFInfo
- Publication number
- CN107231237A CN107231237A CN201710407013.4A CN201710407013A CN107231237A CN 107231237 A CN107231237 A CN 107231237A CN 201710407013 A CN201710407013 A CN 201710407013A CN 107231237 A CN107231237 A CN 107231237A
- Authority
- CN
- China
- Prior art keywords
- user
- credit
- request
- information
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3239—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/108—Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3228—One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Storage Device Security (AREA)
Abstract
The invention belongs to communication technical field, it is related to a kind of safe credit method and system.The credit voucher of each user request of client it is all different and with ask every time in have close association.Even if malicious third parties obtain the credit voucher of user on open network, it can not also be used for pretending the request of oneself, it is safe and reliable.
Description
Technical field
The invention belongs to communication technical field, it is related to a kind of safe credit method and system.
Background technology
Present seemingly most of website user's certifications mainly include two ways:
User authentication of one, based on SESSION
After the authentication that user passes through server, the related SESSION data of user are generated in server end, and will hair
It is stored in client SESSION_ID in COOKIE.When client is needed to server for services, sending to service
SESSION_ID is taken in user's request of device.Server just can according to SESSION_ID authentication servers end with the presence or absence of pair
The SESSION data answered, user authentication is completed with this.
User authentication of two, based on TOKEN
User authentication based on TOKEN is a kind of stateless authentication mode of server end, and server end is without storage
TOKEN data.After the authentication that user passes through server, generating a TOKEN by server, (Hash or Encrypt, that is, breathe out
Uncommon or encryption) issue client.Client can be put into COOKIE or LOCALSTORAGE, and client is being sent to server
Each user request in enclose TOKEN as credit voucher, service end carries out credit credential verification after TOKEN is received,
By the way that the identity of user can be confirmed after checking.
Above two authentication mode, client, each user request of client are issued mainly by unique credit voucher
SESSION or TOKEN is all incidentally gone up to keep, recognize credit voucher.Although SESSION or TOKEN in each client
It is unique, but SESSION or TOKEN are also changeless within a certain period of time.On open network, SESSION or
TOKEN is likely to be usurped by malicious third parties interception, and is attached in the malicious requests of oneself so that malicious third parties can emit
Fill and really send malicious requests with user orientation server, server is difficult to, and menace network is complete.
Then in the prior art, server every time first give client distribute a random number, by client according to this with
Machine number is encrypted or conversion SESSION or TOKEN information, to cause the credit voucher of each user's request of client different.But
It is, in the implementation of this technical scheme, it is necessary first to which server produces and keeps this random number and by the random number
Send client to.Therefore, if dangerous for the Transfer pipe for transmitting this random number, then this random number still has
It may be usurped by third party's interception of malice.
The content of the invention
In order to solve the above-mentioned technical problem the present invention, proposes a kind of safe credit method, it is characterised in that including:
Step S1, client sends user and asked to server, and user's request includes request content and credit voucher,
The credit voucher includes encrypting the ciphertext of generation according to the request content;
Step S2, the server receives user's request, decrypts the ciphertext and obtains first information summary, according to institute
State request content and generate the second informative abstract;
Step S3, if first information summary and second message digest matches, the server respond institute
State user's request;If the first information summary is mismatched with second informative abstract, the server refusal is described
User asks.
Preferably, the credit voucher includes user name;In the step S1, using the corresponding user of the user name
Password is encrypted;The step S2 is decrypted using the corresponding user cipher of the user name.
Preferably, the step S1 includes:
Step S1-1, carries out summary computing by the request content and generates the first information summary;
Step S1-2, first information summary is encrypted with the corresponding user cipher of the user name, institute is obtained
State ciphertext;
Step S1-3, by the ciphertext and the user name together as the credit voucher;
Step S1-4, transmission includes the request content and the user of the credit voucher is asked to the service
Device.
Preferably, the step S2 includes:
Step S2-1, in the corresponding user cipher of user name described in the whois lookup;
Step S2-2, decrypts the ciphertext with the user cipher and obtains the first information summary;By in the request
Hold and carry out the summary computing generation second informative abstract;
In the step S3, the first information summary refers to that the first information is plucked with second message digest matches
The request content wanted is identical with the request content of second informative abstract;The first information summary is plucked with second information
Mismatch and refer to that the request content of the first information summary is different from the request content of second informative abstract.
Preferably, the step S1 includes:
Step S1-1, carries out summary computing by the request content and generates the first information summary;
Step S1-2, the first pooling information is merged into by first information summary with request time;
Step S1-3, is encrypted with the corresponding user cipher of the user name to first pooling information, obtains institute
State ciphertext;
Step S1-4, by the ciphertext and the user name together as the credit voucher;
Step S1-5, transmission includes the request content and the user of the credit voucher is asked to the service
Device.
Preferably, the step S2 includes:
Step S2-1, in the corresponding user cipher of user name described in the whois lookup;
Step S2-2, decrypts the ciphertext with the user cipher and obtains first pooling information and extract described the
First information summary in one pooling information;The request content is subjected to the summary computing and generates second information
Summary;
In the step S3, the first information summary refers to that the first information is plucked with second message digest matches
The request content wanted is identical with the request content of second informative abstract, and the reception time and the request time it
Between time difference without departing from the credit voucher the timeliness phase;Otherwise, the first information summary is plucked with second information
Mismatch.
Present invention also offers a kind of safe credit system, including client and server, including client and server,
The user that the client sends with credit voucher asks to the server to ask the server providing services;It is described
Server by the client of credit credential verification to providing service;It is characterized in that:User's request includes request
Content and credit voucher;
The client includes client memory module and credit voucher generation module;The client memory module storage
User name and its corresponding user cipher of the user name, the credit voucher generation module generation are included according in the request
Hold the credit voucher of the ciphertext of encryption;The credit voucher generation module includes first information summarization generation unit, ciphering unit,
The first information summarization generation unit generates first information summary according to the request content, and the ciphering unit is to described the
The one informative abstract encryption generation ciphertext;
The server is including the server storage module for storing user name and user cipher corresponding relation, for testing
Demonstrate,prove the credit credential validation module of the credit voucher of user's request;The credit credential validation module include decryption unit,
Second informative abstract generation unit, matching unit, the decryption unit decrypt the ciphertext and extract the first information summary;
The second informative abstract generation unit generates the second informative abstract according to the request content;The matching unit is more described
The first information is made a summary and whether second informative abstract matches.
Preferably, the credit voucher generation module generation includes the ciphertext encrypted according to the request content and described
The credit voucher of user name;
The ciphering unit is using the corresponding user cipher of the user name to first information summary encryption generation institute
State ciphertext;
The decryption unit is decrypted to the ciphertext using the corresponding user cipher of the user name and extracts described first
Informative abstract.
Preferably, the ciphering unit is made a summary and the request time encryption generation ciphertext to the first information;
The decryption unit decrypts the ciphertext and extracts the first information summary and the request time;
Credit credential validation module includes ageing authentication unit, and the ageing authentication unit judges the credit voucher
The time difference received between time and the request time whether exceed timeliness phase of the credit voucher.
Preferably, the credit voucher generation module generation includes the ciphertext encrypted according to the request content and described
The credit voucher of user name;
The ciphering unit is made a summary and request time using the corresponding user cipher of the user name to the first information
The encryption generation ciphertext;
The decryption unit decrypts the ciphertext using the corresponding user cipher of the user name and extracts the first information
Summary and the request time.
Brief description of the drawings
Fig. 1 is the credit process schematic of the embodiment of the present invention one.
Fig. 2 is the credit process schematic of the embodiment of the present invention two.
Embodiment
Specific examples below is only explanation of the invention, and it is not limitation of the present invention, art technology
Personnel can make the modification without creative contribution to the present embodiment as needed after this specification is read, but as long as
All protected in scope of the presently claimed invention by Patent Law.
Embodiment one
As shown in figure 1, a kind of safe credit system, including client and server.
The user that client is sent with credit voucher asks to server to provide service with request server;Server pair
Service is provided by the client of credit credential verification.
The form of client has a variety of, and such as browser or APP applications, user pass through client browser or client
Hold APP applications to carry out User logs in, send user name and user cipher to server.The user that client simultaneously inputs user
Name and password are saved, and client simultaneously need not ask authentication to server.Server end is stored with what is succeeded in registration
The information of user, the user profile includes the corresponding relation of user name and user cipher.
Specifically, client includes client memory module and credit voucher generation module.Deposited in client memory module
User profile is contained, is specifically included:User name and the corresponding user cipher of user name.Credit voucher generation module is based on user
Request content generation include according to the request content of user encrypt ciphertext credit voucher.
Credit voucher generation module includes first information summarization generation unit, ciphering unit, first information summarization generation list
The request content of user is carried out summary computing to obtain first information summary by member.Preferably, the summary fortune in the present embodiment
Calculate using Message Digest 5 (for example, Message Digest Algorithm MD5, Message Digest Algorithm 5) to obtain
The first information summary of regular length is obtained, while also having the advantages that easily calculating, anti-modification property and strong impact resistant.Ciphering unit
The user cipher of user is encrypted as key to the first information summary obtained by first information summarization generation unit and obtained
Ciphertext.Credit voucher generation module by the ciphertext generated by ciphering unit together with user user name together as credit voucher.
Client by the credit voucher obtained by credit voucher generation module together with user this request request content together as
User's request is sent to server.
Server includes server storage module and credit credential validation module.Be stored with registration in server storage module
Successful user profile, the user profile includes:User name and the corresponding user cipher of the user name.Credit credential verification
Module is used for the credit voucher for verifying user's request, including decryption unit, the second informative abstract generation unit and matching list
Member.Decryption unit finds out the user cipher of user according to the user name of user in server storage module, utilizes the user
Password is decrypted to the ciphertext in load credit voucher and obtains first information summary.Second informative abstract generation unit will be serviced
Request content in the request of the user from client that device is received carries out summary computing, and summary mathematical algorithm herein should
The algorithm used with the first information summarization generation unit of client is consistent.Such as the second information in the present embodiment is plucked
Generation unit is wanted to use the Message Digest Algorithm 5 consistent with first information summarization generation unit.Matching unit then compares
Second informative abstract generation unit obtain the second informative abstract and by decryption unit to be attached to user request credit voucher in
Ciphertext be decrypted obtain the first information summary it is whether identical, if the first information summary it is identical with the second informative abstract if
It is matching to represent them, and server answers the user at customer in response end to ask;If the first information is made a summary and the second informative abstract
Different then represent that they are unmatched, server does not answer the user at customer in response end to ask.
In the present embodiment, the credit method based on above-mentioned credit system is as follows, including:
Step S1, client sends user and asked to server, and user's request includes request content and credit voucher, credit
Voucher includes the ciphertext being encrypted according to request content.Specifically include:
Step S1-1, summary fortune is carried out by the first information summarization generation unit of client to the request content of user
Calculate (being MD5 computings, i.e. Message Digest Algorithm 5 in the present embodiment) generation first information summary;
Step S1-2, the ciphering unit of the credit voucher generation module of client regard the user cipher of user as key pairs
The first information summary obtained in step S1-1, which is encrypted, to be obtained and the corresponding ciphertext of first information summary;
Step S1-3, ciphertext and use that the credit voucher generation module of client obtains ciphering unit in step S1-2
The user name at family is together as credit voucher.
Step S1-4, client sends user and asked to server, and user request includes asking for this request of user
Ask content and the credit voucher obtained by step S1-3.
Step S2, server receives the ciphertext in user's request from client, the credit voucher of decrypted user request
Obtain first information summary, and request content the second informative abstract of generation in user request.Specifically include:
Step S2-1, server is by the decryption unit of credit credential validation module according to the user name of user in server
Server storage module in search corresponding with user name user cipher.
Step S2-2, the credit credential validation module of server utilizes the user obtained in step S2-1 by decryption unit
Ciphertext in the credit voucher that password is asked user, which is decrypted, obtains first information summary;The credit credential verification of server
Module asked by the second informative abstract generation unit according to user in request content carry out summary computing (be in the present embodiment
MD5 computings, i.e. Message Digest Algorithm 5) obtain the second informative abstract.
The first information summary obtained in step S3, the matching unit comparison step S2 of server credit credential validation module
It is whether identical with the second informative abstract.First information summary and the second message digest matches, service are represented if both are identical
Device answers the user at customer in response end to ask;Do not represent first information summary with the second informative abstract not if both differ
Match somebody with somebody, server should refuse user's request of client.
The credit voucher of each user request of the present embodiment client it is all different and with ask every time in have it is close
Cut association.Even if malicious third parties obtain the credit voucher of user on open network, it can not also be used for pretending the request of oneself,
It is safe and reliable.
Embodiment two
As shown in Fig. 2 a kind of safe credit system, including client and server.
The user that client is sent with credit voucher asks to server to provide service with request server;Server pair
Service is provided by the client of credit credential verification.
The form of client has a variety of, and such as browser or APP applications, user pass through client browser or client
Hold APP applications to carry out User logs in, send user name and user cipher to server.The user that client simultaneously inputs user
Name and password are saved, and client simultaneously need not ask authentication to server.Server end is stored with what is succeeded in registration
The information of user, the user profile includes the corresponding relation of user name and user cipher.
Specifically, client includes client memory module and credit voucher generation module.Deposited in client memory module
User profile is contained, is specifically included:User name and the corresponding user cipher of user name.Credit voucher generation module is based on user
Request content generation include according to the request content and request time of user encrypt ciphertext credit voucher.
Credit voucher generation module includes first information summarization generation unit, ciphering unit, first information summarization generation list
The request content of user is carried out summary computing to obtain first information summary by member.Preferably, the summary fortune in the present embodiment
Calculate using Message Digest 5 (for example, Message Digest Algorithm MD5, Message Digest Algorithm 5) to obtain
The first information summary of regular length is obtained, while also having the advantages that easily calculating, anti-modification property and strong impact resistant.Ciphering unit
Using the user cipher of user as key to the first information summary obtained by first information summarization generation unit and the request of user
Time, which is encrypted, obtains ciphertext.Credit voucher generation module is by user name one of the ciphertext generated by ciphering unit together with user
Rise and be used as credit voucher.Client asking together with this request of user by the credit voucher obtained by credit voucher generation module
Content is asked to be sent to server together as user's request.
Server includes server storage module and credit credential validation module.Be stored with registration in server storage module
Successful user profile, the user profile includes:User name and the corresponding user cipher of the user name.Credit credential verification
Module be used for verify user request credit voucher, including decryption unit, the second informative abstract generation unit, matching unit, with
And ageing authentication unit.The user that decryption unit finds out user according to the user name of user in server storage module is close
Code, is decrypted to the ciphertext in load credit voucher using the user cipher and obtains first information summary.Second informative abstract
Request content in the request of the user from client that generation unit receives server carries out summary computing, plucking herein
The algorithm that wanting mathematical algorithm should be used with the first information summarization generation unit of client is consistent.Such as the present embodiment
In the second informative abstract generation unit should use the Message Digest Algorithm 5 consistent with first information summarization generation unit.
Matching unit then compares the second informative abstract of the second informative abstract generation unit acquisition and asked by decryption unit to being attached to user
Ciphertext in the credit voucher asked be decrypted obtain the first information summary it is whether identical, if the first information summary and second
Informative abstract is identical, and it is matching to represent them;Represent that they are if first information summary is different with the second informative abstract
Unmatched, server does not answer the user at customer in response end to ask.Ageing authentication unit will compare to be decrypted by decryption unit
To request time and server receive whether the time difference between the reception time of user request is more than credit voucher
30 minutes timeliness phases:If it is, representing that the credit voucher has failed, server does not answer the user at customer in response end to ask;Such as
It is not really, then it represents that the credit voucher is still effective, and server answers the user at customer in response end to ask.
In the present embodiment, the credit method based on above-mentioned credit system is as follows, including:
Step S1, client sends user and asked to server, and user's request includes request content and credit voucher, credit
Voucher includes the ciphertext being encrypted according to the request time of request content and user.Specifically include:
Step S1-1, summary fortune is carried out by the first information summarization generation unit of client to the request content of user
Calculate (being MD5 computings, i.e. Message Digest Algorithm 5 in the present embodiment) generation first information summary;
Step S1-2, the ciphering unit of the credit voucher generation module of client regard the user cipher of user as key pairs
The first information summary and the request time of user obtained in step S1-1, which is encrypted, obtains corresponding with first information summary
Ciphertext;
Step S1-3, ciphertext and use that the credit voucher generation module of client obtains ciphering unit in step S1-2
The user name at family is together as credit voucher.
Step S1-4, client sends user and asked to server, and user request includes asking for this request of user
Ask content and the credit voucher obtained by step S1-3.
Step S2, server receives the ciphertext in user's request from client, the credit voucher of decrypted user request
Obtain first information summary, and request content the second informative abstract of generation in user request.Specifically include:
Step S2-1, server is by the decryption unit of credit credential validation module according to the user name of user in server
Server storage module in search corresponding with user name user cipher.
Step S2-2, the credit credential validation module of server utilizes the user obtained in step S2-1 by decryption unit
Ciphertext in the credit voucher that password is asked user, which is decrypted, obtains first information summary;The credit credential verification of server
Module asked by the second informative abstract generation unit according to user in request content carry out summary computing (be in the present embodiment
MD5 computings, i.e. Message Digest Algorithm 5) obtain the second informative abstract.
The first information summary obtained in step S3, the matching unit comparison step S2 of server credit credential validation module
It is whether identical with the second informative abstract.First information summary and the second message digest matches, service are represented if both are identical
Device answers the user at customer in response end to ask to enter step S4;First information summary and the second information are represented if both differ
Summary is mismatched, and server should refuse user's request of client.
Step S4, ageing authentication unit will compare the request time obtained by decryption unit decryption and be received with server
Whether the time difference between the reception time of user request is more than 30 minutes timeliness phases of credit voucher:If it is, representing
The credit voucher has failed, and server does not answer the user at customer in response end to ask;If it is not, then representing that the credit voucher still has
Effect, server answers the user at customer in response end to ask.
The present embodiment except provide to after the disposably credit voucher related with request content, also in embodiment one
On the basis of for credit voucher set it is effective, server need further the ageing of credit voucher is verified, more pacify
It is complete reliable.
Specific embodiment described herein is only to spirit explanation for example of the invention.Technology neck belonging to of the invention
The technical staff in domain can be made various modifications or supplement to described specific embodiment or be replaced using similar mode
Generation, but without departing from the spiritual of the present invention or surmount scope defined in appended claims.
Claims (10)
1. a kind of safe credit method, it is characterised in that including:
Step S1, client sends user and asked to server, and user's request includes request content and credit voucher, described
Credit voucher includes encrypting the ciphertext of generation according to the request content;
Step S2, server reception user's request decrypts the ciphertext and obtains first information summary, asked according to described
Content is asked to generate the second informative abstract;
Step S3, if first information summary and second message digest matches, the server response is described to be used
Ask at family;If the first information summary is mismatched with second informative abstract, the server refuses the user
Request.
2. a kind of safe credit method according to claim 1, it is characterised in that the credit voucher includes user name;
In the step S1, it is encrypted using the corresponding user cipher of the user name;The step S2 uses the user name pair
The user cipher answered is decrypted.
3. a kind of safe credit method according to claim 2, it is characterised in that:The step S1 includes:
Step S1-1, carries out summary computing by the request content and generates the first information summary;
Step S1-2, first information summary is encrypted with the corresponding user cipher of the user name, obtains described close
Text;
Step S1-3, by the ciphertext and the user name together as the credit voucher;
Step S1-4, transmission includes the request content and the user of the credit voucher is asked to the server.
4. a kind of safe credit method according to claim 3, it is characterised in that:The step S2 includes:
Step S2-1, in the corresponding user cipher of user name described in the whois lookup;
Step S2-2, decrypts the ciphertext with the user cipher and obtains the first information summary;The request content is entered
The row summary computing generates second informative abstract;
In the step S3, the first information summary refers to the first information summary with second message digest matches
Request content is identical with the request content of second informative abstract;The first information summary and second informative abstract are not
Matching refers to that the request content of the first information summary is different from the request content of second informative abstract.
5. a kind of safe credit method according to claim 2, it is characterised in that the step S1 includes:
Step S1-1, carries out summary computing by the request content and generates the first information summary;
Step S1-2, the first pooling information is merged into by first information summary with request time;
Step S1-3, first pooling information is encrypted with the corresponding user cipher of the user name, obtains described close
Text;
Step S1-4, by the ciphertext and the user name together as the credit voucher;
Step S1-5, transmission includes the request content and the user of the credit voucher is asked to the server.
6. a kind of safe credit method according to claim 5, it is characterised in that:The step S2 includes:
Step S2-1, in the corresponding user cipher of user name described in the whois lookup;
Step S2-2, decrypts the ciphertext acquisition first pooling information with the user cipher and extracts described first and close
And the first information summary in information;The request content is carried out into the summary computing generation second information to pluck
Will;
In the step S3, the first information summary refers to the first information summary with second message digest matches
Request content is identical with the request content of second informative abstract, and between the reception time and the request time
Timeliness phase of the time difference without departing from the credit voucher;Otherwise, the first information is made a summary with second informative abstract not
Matching.
7. a kind of safe credit system, including client and server, including client and server, the client send attached
The user for having credit voucher asks to the server to ask the server providing services;The server is to passing through credit
The client of credential verification provides service;It is characterized in that:User's request includes request content and credit voucher;
The client includes client memory module and credit voucher generation module;The client memory module stores user
Name and its corresponding user cipher of the user name, the credit voucher generation module generation include being added according to the request content
The credit voucher of close ciphertext;The credit voucher generation module includes first information summarization generation unit, ciphering unit, described
First information summarization generation unit generates first information summary according to the request content, and the ciphering unit is believed described first
The breath summary encryption generation ciphertext;
The server is including the server storage module for storing user name and user cipher corresponding relation, for verifying
State the credit credential validation module of the credit voucher of user's request;The credit credential validation module includes decryption unit, second
Informative abstract generation unit, matching unit, the decryption unit decrypt the ciphertext and extract the first information summary;It is described
Second informative abstract generation unit generates the second informative abstract according to the request content;The matching unit more described first
Whether informative abstract and second informative abstract match.
8. a kind of safe credit system according to claim 7, it is characterised in that:The credit voucher generation module generation
Including the ciphertext encrypted according to the request content and the credit voucher of the user name;
The ciphering unit is described close to first information summary encryption generation using the corresponding user cipher of the user name
Text;
The decryption unit is decrypted to the ciphertext using the corresponding user cipher of the user name and extracts the first information
Summary.
9. a kind of safe credit system according to claim 7, it is characterised in that:The ciphering unit is believed described first
Breath summary and the request time encryption generation ciphertext;
The decryption unit decrypts the ciphertext and extracts the first information summary and the request time;
Credit credential validation module includes ageing authentication unit, and the ageing authentication unit judges connecing for the credit voucher
Whether the time difference between the time receiving between the request time exceeds the timeliness phase of the credit voucher.
10. a kind of safe credit system according to claim 9, it is characterised in that:The credit voucher generation module life
Into including the ciphertext encrypted according to the request content and the credit voucher of the user name;The ciphering unit is used using described
The corresponding user cipher of name in an account book is made a summary and the request time encryption generation ciphertext to the first information;
The decryption unit decrypts the ciphertext using the corresponding user cipher of the user name and extracts the first information summary
With the request time.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710407013.4A CN107231237A (en) | 2017-06-02 | 2017-06-02 | A kind of safe credit method and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710407013.4A CN107231237A (en) | 2017-06-02 | 2017-06-02 | A kind of safe credit method and system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107231237A true CN107231237A (en) | 2017-10-03 |
Family
ID=59933378
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710407013.4A Pending CN107231237A (en) | 2017-06-02 | 2017-06-02 | A kind of safe credit method and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107231237A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111835514A (en) * | 2020-07-23 | 2020-10-27 | 上海英方软件股份有限公司 | Method and system for realizing safe interaction of front-end and back-end separated data |
Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101640682A (en) * | 2009-06-04 | 2010-02-03 | 深圳市汇海科技开发有限公司 | Method for improving safety of Web service |
CN102025505A (en) * | 2010-12-16 | 2011-04-20 | 浪潮(北京)电子信息产业有限公司 | Advanced encryption standard (AES) algorithm-based encryption/decryption method and device |
CN102685119A (en) * | 2012-04-28 | 2012-09-19 | 上海杰之能信息科技有限公司 | Data transmitting/receiving method, data transmitting/receiving device, transmission method, transmission system and server |
EP2717539A1 (en) * | 2012-10-02 | 2014-04-09 | BlackBerry Limited | Method and system for hypertext transfer protocol digest authentication |
CN105447407A (en) * | 2015-11-11 | 2016-03-30 | 中国建设银行股份有限公司 | Off-line data encryption method and decryption method and corresponding apparatus and system |
CN105530100A (en) * | 2016-01-12 | 2016-04-27 | 东南大学 | VoLTE secure communication method |
CN105610822A (en) * | 2015-12-28 | 2016-05-25 | 东软熙康健康科技有限公司 | Credit verifying method and device |
CN106022035A (en) * | 2016-05-03 | 2016-10-12 | 识益生物科技(北京)有限公司 | Method and system for electronic signature |
CN106506494A (en) * | 2016-10-27 | 2017-03-15 | 上海斐讯数据通信技术有限公司 | Application access method of open platform |
CN106534079A (en) * | 2016-10-19 | 2017-03-22 | 华迪计算机集团有限公司 | Method and system for safety processing of data files |
-
2017
- 2017-06-02 CN CN201710407013.4A patent/CN107231237A/en active Pending
Patent Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101640682A (en) * | 2009-06-04 | 2010-02-03 | 深圳市汇海科技开发有限公司 | Method for improving safety of Web service |
CN102025505A (en) * | 2010-12-16 | 2011-04-20 | 浪潮(北京)电子信息产业有限公司 | Advanced encryption standard (AES) algorithm-based encryption/decryption method and device |
CN102685119A (en) * | 2012-04-28 | 2012-09-19 | 上海杰之能信息科技有限公司 | Data transmitting/receiving method, data transmitting/receiving device, transmission method, transmission system and server |
EP2717539A1 (en) * | 2012-10-02 | 2014-04-09 | BlackBerry Limited | Method and system for hypertext transfer protocol digest authentication |
CN105447407A (en) * | 2015-11-11 | 2016-03-30 | 中国建设银行股份有限公司 | Off-line data encryption method and decryption method and corresponding apparatus and system |
CN105610822A (en) * | 2015-12-28 | 2016-05-25 | 东软熙康健康科技有限公司 | Credit verifying method and device |
CN105530100A (en) * | 2016-01-12 | 2016-04-27 | 东南大学 | VoLTE secure communication method |
CN106022035A (en) * | 2016-05-03 | 2016-10-12 | 识益生物科技(北京)有限公司 | Method and system for electronic signature |
CN106534079A (en) * | 2016-10-19 | 2017-03-22 | 华迪计算机集团有限公司 | Method and system for safety processing of data files |
CN106506494A (en) * | 2016-10-27 | 2017-03-15 | 上海斐讯数据通信技术有限公司 | Application access method of open platform |
Non-Patent Citations (1)
Title |
---|
飘过的春风: "数字签名技术", 《CSDN博客HTTPS://BLOG.CSDN.NET/U011630575/ARTICLE/DETAILS/53241027》 * |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111835514A (en) * | 2020-07-23 | 2020-10-27 | 上海英方软件股份有限公司 | Method and system for realizing safe interaction of front-end and back-end separated data |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11336446B2 (en) | System and method for generating and depositing keys for multi-point authentication | |
CN104579694B (en) | A kind of identity identifying method and system | |
CN105743638B (en) | Method based on B/S architecture system client authorization certifications | |
CN104980477B (en) | Data access control method and system under cloud storage environment | |
CN104009989B (en) | A kind of anti-stealing link method of media file, system and server | |
CN104601593B (en) | The method that anti-tracking in network electronic authentication procedures is realized based on challenge mode | |
CN108092776A (en) | A kind of authentication server and authentication token | |
CN109660485A (en) | A kind of authority control method and system based on the transaction of block chain | |
CN104378379B (en) | A kind of digital content encrypted transmission method, equipment and system | |
CN102647461A (en) | Communication method, server and terminal based on HTTP (Hypertext Transfer Protocol) | |
CN108809633B (en) | Identity authentication method, device and system | |
CN106534150B (en) | Identity identifying method and system, user terminal, Website server | |
CN111080299B (en) | Anti-repudiation method for transaction information, client and server | |
CN108769029A (en) | It is a kind of to application system authentication device, method and system | |
CN109492424A (en) | Data assets management method, data assets managing device and computer-readable medium | |
KR20170003905A (en) | System architecture and method for ensuring network information security | |
CN105978688B (en) | A kind of cross-domain safety certifying method based on information separation management | |
KR102157695B1 (en) | Method for Establishing Anonymous Digital Identity | |
KR101204980B1 (en) | Method and System of One-Time Password Authentication Scheme Provide Enhanced Randomness | |
CN107231237A (en) | A kind of safe credit method and system | |
JP2001344214A (en) | Method for certifying terminal and cipher communication system | |
CN103916372B (en) | A kind of third party's log-on message trustship method and system | |
CN107231238A (en) | A kind of credit method and system based on safe credit voucher | |
JPH09330298A (en) | Password registering method, verifying method, password updating method, password registering system, verifying system and password updating system | |
CN107360132A (en) | A kind of method and system for preventing session from recurring |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
CB02 | Change of applicant information | ||
CB02 | Change of applicant information |
Address after: 201616 Shanghai city Songjiang District Sixian Road No. 3666 Applicant after: Shanghai Feixun Data Communication Technology Co., Ltd. Address before: 201616 Shanghai City, Songjiang District Road No. 3666 Applicant before: Shanghai Feixun Data Communication Technology Co., Ltd. |
|
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20171003 |