CN107231237A - A kind of safe credit method and system - Google Patents

A kind of safe credit method and system Download PDF

Info

Publication number
CN107231237A
CN107231237A CN201710407013.4A CN201710407013A CN107231237A CN 107231237 A CN107231237 A CN 107231237A CN 201710407013 A CN201710407013 A CN 201710407013A CN 107231237 A CN107231237 A CN 107231237A
Authority
CN
China
Prior art keywords
user
credit
request
information
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710407013.4A
Other languages
Chinese (zh)
Inventor
仇亚东
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Feixun Data Communication Technology Co Ltd
Original Assignee
Shanghai Feixun Data Communication Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Feixun Data Communication Technology Co Ltd filed Critical Shanghai Feixun Data Communication Technology Co Ltd
Priority to CN201710407013.4A priority Critical patent/CN107231237A/en
Publication of CN107231237A publication Critical patent/CN107231237A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/108Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3228One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Storage Device Security (AREA)

Abstract

The invention belongs to communication technical field, it is related to a kind of safe credit method and system.The credit voucher of each user request of client it is all different and with ask every time in have close association.Even if malicious third parties obtain the credit voucher of user on open network, it can not also be used for pretending the request of oneself, it is safe and reliable.

Description

A kind of safe credit method and system
Technical field
The invention belongs to communication technical field, it is related to a kind of safe credit method and system.
Background technology
Present seemingly most of website user's certifications mainly include two ways:
User authentication of one, based on SESSION
After the authentication that user passes through server, the related SESSION data of user are generated in server end, and will hair It is stored in client SESSION_ID in COOKIE.When client is needed to server for services, sending to service SESSION_ID is taken in user's request of device.Server just can according to SESSION_ID authentication servers end with the presence or absence of pair The SESSION data answered, user authentication is completed with this.
User authentication of two, based on TOKEN
User authentication based on TOKEN is a kind of stateless authentication mode of server end, and server end is without storage TOKEN data.After the authentication that user passes through server, generating a TOKEN by server, (Hash or Encrypt, that is, breathe out Uncommon or encryption) issue client.Client can be put into COOKIE or LOCALSTORAGE, and client is being sent to server Each user request in enclose TOKEN as credit voucher, service end carries out credit credential verification after TOKEN is received, By the way that the identity of user can be confirmed after checking.
Above two authentication mode, client, each user request of client are issued mainly by unique credit voucher SESSION or TOKEN is all incidentally gone up to keep, recognize credit voucher.Although SESSION or TOKEN in each client It is unique, but SESSION or TOKEN are also changeless within a certain period of time.On open network, SESSION or TOKEN is likely to be usurped by malicious third parties interception, and is attached in the malicious requests of oneself so that malicious third parties can emit Fill and really send malicious requests with user orientation server, server is difficult to, and menace network is complete.
Then in the prior art, server every time first give client distribute a random number, by client according to this with Machine number is encrypted or conversion SESSION or TOKEN information, to cause the credit voucher of each user's request of client different.But It is, in the implementation of this technical scheme, it is necessary first to which server produces and keeps this random number and by the random number Send client to.Therefore, if dangerous for the Transfer pipe for transmitting this random number, then this random number still has It may be usurped by third party's interception of malice.
The content of the invention
In order to solve the above-mentioned technical problem the present invention, proposes a kind of safe credit method, it is characterised in that including:
Step S1, client sends user and asked to server, and user's request includes request content and credit voucher, The credit voucher includes encrypting the ciphertext of generation according to the request content;
Step S2, the server receives user's request, decrypts the ciphertext and obtains first information summary, according to institute State request content and generate the second informative abstract;
Step S3, if first information summary and second message digest matches, the server respond institute State user's request;If the first information summary is mismatched with second informative abstract, the server refusal is described User asks.
Preferably, the credit voucher includes user name;In the step S1, using the corresponding user of the user name Password is encrypted;The step S2 is decrypted using the corresponding user cipher of the user name.
Preferably, the step S1 includes:
Step S1-1, carries out summary computing by the request content and generates the first information summary;
Step S1-2, first information summary is encrypted with the corresponding user cipher of the user name, institute is obtained State ciphertext;
Step S1-3, by the ciphertext and the user name together as the credit voucher;
Step S1-4, transmission includes the request content and the user of the credit voucher is asked to the service Device.
Preferably, the step S2 includes:
Step S2-1, in the corresponding user cipher of user name described in the whois lookup;
Step S2-2, decrypts the ciphertext with the user cipher and obtains the first information summary;By in the request Hold and carry out the summary computing generation second informative abstract;
In the step S3, the first information summary refers to that the first information is plucked with second message digest matches The request content wanted is identical with the request content of second informative abstract;The first information summary is plucked with second information Mismatch and refer to that the request content of the first information summary is different from the request content of second informative abstract.
Preferably, the step S1 includes:
Step S1-1, carries out summary computing by the request content and generates the first information summary;
Step S1-2, the first pooling information is merged into by first information summary with request time;
Step S1-3, is encrypted with the corresponding user cipher of the user name to first pooling information, obtains institute State ciphertext;
Step S1-4, by the ciphertext and the user name together as the credit voucher;
Step S1-5, transmission includes the request content and the user of the credit voucher is asked to the service Device.
Preferably, the step S2 includes:
Step S2-1, in the corresponding user cipher of user name described in the whois lookup;
Step S2-2, decrypts the ciphertext with the user cipher and obtains first pooling information and extract described the First information summary in one pooling information;The request content is subjected to the summary computing and generates second information Summary;
In the step S3, the first information summary refers to that the first information is plucked with second message digest matches The request content wanted is identical with the request content of second informative abstract, and the reception time and the request time it Between time difference without departing from the credit voucher the timeliness phase;Otherwise, the first information summary is plucked with second information Mismatch.
Present invention also offers a kind of safe credit system, including client and server, including client and server, The user that the client sends with credit voucher asks to the server to ask the server providing services;It is described Server by the client of credit credential verification to providing service;It is characterized in that:User's request includes request Content and credit voucher;
The client includes client memory module and credit voucher generation module;The client memory module storage User name and its corresponding user cipher of the user name, the credit voucher generation module generation are included according in the request Hold the credit voucher of the ciphertext of encryption;The credit voucher generation module includes first information summarization generation unit, ciphering unit, The first information summarization generation unit generates first information summary according to the request content, and the ciphering unit is to described the The one informative abstract encryption generation ciphertext;
The server is including the server storage module for storing user name and user cipher corresponding relation, for testing Demonstrate,prove the credit credential validation module of the credit voucher of user's request;The credit credential validation module include decryption unit, Second informative abstract generation unit, matching unit, the decryption unit decrypt the ciphertext and extract the first information summary; The second informative abstract generation unit generates the second informative abstract according to the request content;The matching unit is more described The first information is made a summary and whether second informative abstract matches.
Preferably, the credit voucher generation module generation includes the ciphertext encrypted according to the request content and described The credit voucher of user name;
The ciphering unit is using the corresponding user cipher of the user name to first information summary encryption generation institute State ciphertext;
The decryption unit is decrypted to the ciphertext using the corresponding user cipher of the user name and extracts described first Informative abstract.
Preferably, the ciphering unit is made a summary and the request time encryption generation ciphertext to the first information;
The decryption unit decrypts the ciphertext and extracts the first information summary and the request time;
Credit credential validation module includes ageing authentication unit, and the ageing authentication unit judges the credit voucher The time difference received between time and the request time whether exceed timeliness phase of the credit voucher.
Preferably, the credit voucher generation module generation includes the ciphertext encrypted according to the request content and described The credit voucher of user name;
The ciphering unit is made a summary and request time using the corresponding user cipher of the user name to the first information The encryption generation ciphertext;
The decryption unit decrypts the ciphertext using the corresponding user cipher of the user name and extracts the first information Summary and the request time.
Brief description of the drawings
Fig. 1 is the credit process schematic of the embodiment of the present invention one.
Fig. 2 is the credit process schematic of the embodiment of the present invention two.
Embodiment
Specific examples below is only explanation of the invention, and it is not limitation of the present invention, art technology Personnel can make the modification without creative contribution to the present embodiment as needed after this specification is read, but as long as All protected in scope of the presently claimed invention by Patent Law.
Embodiment one
As shown in figure 1, a kind of safe credit system, including client and server.
The user that client is sent with credit voucher asks to server to provide service with request server;Server pair Service is provided by the client of credit credential verification.
The form of client has a variety of, and such as browser or APP applications, user pass through client browser or client Hold APP applications to carry out User logs in, send user name and user cipher to server.The user that client simultaneously inputs user Name and password are saved, and client simultaneously need not ask authentication to server.Server end is stored with what is succeeded in registration The information of user, the user profile includes the corresponding relation of user name and user cipher.
Specifically, client includes client memory module and credit voucher generation module.Deposited in client memory module User profile is contained, is specifically included:User name and the corresponding user cipher of user name.Credit voucher generation module is based on user Request content generation include according to the request content of user encrypt ciphertext credit voucher.
Credit voucher generation module includes first information summarization generation unit, ciphering unit, first information summarization generation list The request content of user is carried out summary computing to obtain first information summary by member.Preferably, the summary fortune in the present embodiment Calculate using Message Digest 5 (for example, Message Digest Algorithm MD5, Message Digest Algorithm 5) to obtain The first information summary of regular length is obtained, while also having the advantages that easily calculating, anti-modification property and strong impact resistant.Ciphering unit The user cipher of user is encrypted as key to the first information summary obtained by first information summarization generation unit and obtained Ciphertext.Credit voucher generation module by the ciphertext generated by ciphering unit together with user user name together as credit voucher. Client by the credit voucher obtained by credit voucher generation module together with user this request request content together as User's request is sent to server.
Server includes server storage module and credit credential validation module.Be stored with registration in server storage module Successful user profile, the user profile includes:User name and the corresponding user cipher of the user name.Credit credential verification Module is used for the credit voucher for verifying user's request, including decryption unit, the second informative abstract generation unit and matching list Member.Decryption unit finds out the user cipher of user according to the user name of user in server storage module, utilizes the user Password is decrypted to the ciphertext in load credit voucher and obtains first information summary.Second informative abstract generation unit will be serviced Request content in the request of the user from client that device is received carries out summary computing, and summary mathematical algorithm herein should The algorithm used with the first information summarization generation unit of client is consistent.Such as the second information in the present embodiment is plucked Generation unit is wanted to use the Message Digest Algorithm 5 consistent with first information summarization generation unit.Matching unit then compares Second informative abstract generation unit obtain the second informative abstract and by decryption unit to be attached to user request credit voucher in Ciphertext be decrypted obtain the first information summary it is whether identical, if the first information summary it is identical with the second informative abstract if It is matching to represent them, and server answers the user at customer in response end to ask;If the first information is made a summary and the second informative abstract Different then represent that they are unmatched, server does not answer the user at customer in response end to ask.
In the present embodiment, the credit method based on above-mentioned credit system is as follows, including:
Step S1, client sends user and asked to server, and user's request includes request content and credit voucher, credit Voucher includes the ciphertext being encrypted according to request content.Specifically include:
Step S1-1, summary fortune is carried out by the first information summarization generation unit of client to the request content of user Calculate (being MD5 computings, i.e. Message Digest Algorithm 5 in the present embodiment) generation first information summary;
Step S1-2, the ciphering unit of the credit voucher generation module of client regard the user cipher of user as key pairs The first information summary obtained in step S1-1, which is encrypted, to be obtained and the corresponding ciphertext of first information summary;
Step S1-3, ciphertext and use that the credit voucher generation module of client obtains ciphering unit in step S1-2 The user name at family is together as credit voucher.
Step S1-4, client sends user and asked to server, and user request includes asking for this request of user Ask content and the credit voucher obtained by step S1-3.
Step S2, server receives the ciphertext in user's request from client, the credit voucher of decrypted user request Obtain first information summary, and request content the second informative abstract of generation in user request.Specifically include:
Step S2-1, server is by the decryption unit of credit credential validation module according to the user name of user in server Server storage module in search corresponding with user name user cipher.
Step S2-2, the credit credential validation module of server utilizes the user obtained in step S2-1 by decryption unit Ciphertext in the credit voucher that password is asked user, which is decrypted, obtains first information summary;The credit credential verification of server Module asked by the second informative abstract generation unit according to user in request content carry out summary computing (be in the present embodiment MD5 computings, i.e. Message Digest Algorithm 5) obtain the second informative abstract.
The first information summary obtained in step S3, the matching unit comparison step S2 of server credit credential validation module It is whether identical with the second informative abstract.First information summary and the second message digest matches, service are represented if both are identical Device answers the user at customer in response end to ask;Do not represent first information summary with the second informative abstract not if both differ Match somebody with somebody, server should refuse user's request of client.
The credit voucher of each user request of the present embodiment client it is all different and with ask every time in have it is close Cut association.Even if malicious third parties obtain the credit voucher of user on open network, it can not also be used for pretending the request of oneself, It is safe and reliable.
Embodiment two
As shown in Fig. 2 a kind of safe credit system, including client and server.
The user that client is sent with credit voucher asks to server to provide service with request server;Server pair Service is provided by the client of credit credential verification.
The form of client has a variety of, and such as browser or APP applications, user pass through client browser or client Hold APP applications to carry out User logs in, send user name and user cipher to server.The user that client simultaneously inputs user Name and password are saved, and client simultaneously need not ask authentication to server.Server end is stored with what is succeeded in registration The information of user, the user profile includes the corresponding relation of user name and user cipher.
Specifically, client includes client memory module and credit voucher generation module.Deposited in client memory module User profile is contained, is specifically included:User name and the corresponding user cipher of user name.Credit voucher generation module is based on user Request content generation include according to the request content and request time of user encrypt ciphertext credit voucher.
Credit voucher generation module includes first information summarization generation unit, ciphering unit, first information summarization generation list The request content of user is carried out summary computing to obtain first information summary by member.Preferably, the summary fortune in the present embodiment Calculate using Message Digest 5 (for example, Message Digest Algorithm MD5, Message Digest Algorithm 5) to obtain The first information summary of regular length is obtained, while also having the advantages that easily calculating, anti-modification property and strong impact resistant.Ciphering unit Using the user cipher of user as key to the first information summary obtained by first information summarization generation unit and the request of user Time, which is encrypted, obtains ciphertext.Credit voucher generation module is by user name one of the ciphertext generated by ciphering unit together with user Rise and be used as credit voucher.Client asking together with this request of user by the credit voucher obtained by credit voucher generation module Content is asked to be sent to server together as user's request.
Server includes server storage module and credit credential validation module.Be stored with registration in server storage module Successful user profile, the user profile includes:User name and the corresponding user cipher of the user name.Credit credential verification Module be used for verify user request credit voucher, including decryption unit, the second informative abstract generation unit, matching unit, with And ageing authentication unit.The user that decryption unit finds out user according to the user name of user in server storage module is close Code, is decrypted to the ciphertext in load credit voucher using the user cipher and obtains first information summary.Second informative abstract Request content in the request of the user from client that generation unit receives server carries out summary computing, plucking herein The algorithm that wanting mathematical algorithm should be used with the first information summarization generation unit of client is consistent.Such as the present embodiment In the second informative abstract generation unit should use the Message Digest Algorithm 5 consistent with first information summarization generation unit. Matching unit then compares the second informative abstract of the second informative abstract generation unit acquisition and asked by decryption unit to being attached to user Ciphertext in the credit voucher asked be decrypted obtain the first information summary it is whether identical, if the first information summary and second Informative abstract is identical, and it is matching to represent them;Represent that they are if first information summary is different with the second informative abstract Unmatched, server does not answer the user at customer in response end to ask.Ageing authentication unit will compare to be decrypted by decryption unit To request time and server receive whether the time difference between the reception time of user request is more than credit voucher 30 minutes timeliness phases:If it is, representing that the credit voucher has failed, server does not answer the user at customer in response end to ask;Such as It is not really, then it represents that the credit voucher is still effective, and server answers the user at customer in response end to ask.
In the present embodiment, the credit method based on above-mentioned credit system is as follows, including:
Step S1, client sends user and asked to server, and user's request includes request content and credit voucher, credit Voucher includes the ciphertext being encrypted according to the request time of request content and user.Specifically include:
Step S1-1, summary fortune is carried out by the first information summarization generation unit of client to the request content of user Calculate (being MD5 computings, i.e. Message Digest Algorithm 5 in the present embodiment) generation first information summary;
Step S1-2, the ciphering unit of the credit voucher generation module of client regard the user cipher of user as key pairs The first information summary and the request time of user obtained in step S1-1, which is encrypted, obtains corresponding with first information summary Ciphertext;
Step S1-3, ciphertext and use that the credit voucher generation module of client obtains ciphering unit in step S1-2 The user name at family is together as credit voucher.
Step S1-4, client sends user and asked to server, and user request includes asking for this request of user Ask content and the credit voucher obtained by step S1-3.
Step S2, server receives the ciphertext in user's request from client, the credit voucher of decrypted user request Obtain first information summary, and request content the second informative abstract of generation in user request.Specifically include:
Step S2-1, server is by the decryption unit of credit credential validation module according to the user name of user in server Server storage module in search corresponding with user name user cipher.
Step S2-2, the credit credential validation module of server utilizes the user obtained in step S2-1 by decryption unit Ciphertext in the credit voucher that password is asked user, which is decrypted, obtains first information summary;The credit credential verification of server Module asked by the second informative abstract generation unit according to user in request content carry out summary computing (be in the present embodiment MD5 computings, i.e. Message Digest Algorithm 5) obtain the second informative abstract.
The first information summary obtained in step S3, the matching unit comparison step S2 of server credit credential validation module It is whether identical with the second informative abstract.First information summary and the second message digest matches, service are represented if both are identical Device answers the user at customer in response end to ask to enter step S4;First information summary and the second information are represented if both differ Summary is mismatched, and server should refuse user's request of client.
Step S4, ageing authentication unit will compare the request time obtained by decryption unit decryption and be received with server Whether the time difference between the reception time of user request is more than 30 minutes timeliness phases of credit voucher:If it is, representing The credit voucher has failed, and server does not answer the user at customer in response end to ask;If it is not, then representing that the credit voucher still has Effect, server answers the user at customer in response end to ask.
The present embodiment except provide to after the disposably credit voucher related with request content, also in embodiment one On the basis of for credit voucher set it is effective, server need further the ageing of credit voucher is verified, more pacify It is complete reliable.
Specific embodiment described herein is only to spirit explanation for example of the invention.Technology neck belonging to of the invention The technical staff in domain can be made various modifications or supplement to described specific embodiment or be replaced using similar mode Generation, but without departing from the spiritual of the present invention or surmount scope defined in appended claims.

Claims (10)

1. a kind of safe credit method, it is characterised in that including:
Step S1, client sends user and asked to server, and user's request includes request content and credit voucher, described Credit voucher includes encrypting the ciphertext of generation according to the request content;
Step S2, server reception user's request decrypts the ciphertext and obtains first information summary, asked according to described Content is asked to generate the second informative abstract;
Step S3, if first information summary and second message digest matches, the server response is described to be used Ask at family;If the first information summary is mismatched with second informative abstract, the server refuses the user Request.
2. a kind of safe credit method according to claim 1, it is characterised in that the credit voucher includes user name; In the step S1, it is encrypted using the corresponding user cipher of the user name;The step S2 uses the user name pair The user cipher answered is decrypted.
3. a kind of safe credit method according to claim 2, it is characterised in that:The step S1 includes:
Step S1-1, carries out summary computing by the request content and generates the first information summary;
Step S1-2, first information summary is encrypted with the corresponding user cipher of the user name, obtains described close Text;
Step S1-3, by the ciphertext and the user name together as the credit voucher;
Step S1-4, transmission includes the request content and the user of the credit voucher is asked to the server.
4. a kind of safe credit method according to claim 3, it is characterised in that:The step S2 includes:
Step S2-1, in the corresponding user cipher of user name described in the whois lookup;
Step S2-2, decrypts the ciphertext with the user cipher and obtains the first information summary;The request content is entered The row summary computing generates second informative abstract;
In the step S3, the first information summary refers to the first information summary with second message digest matches Request content is identical with the request content of second informative abstract;The first information summary and second informative abstract are not Matching refers to that the request content of the first information summary is different from the request content of second informative abstract.
5. a kind of safe credit method according to claim 2, it is characterised in that the step S1 includes:
Step S1-1, carries out summary computing by the request content and generates the first information summary;
Step S1-2, the first pooling information is merged into by first information summary with request time;
Step S1-3, first pooling information is encrypted with the corresponding user cipher of the user name, obtains described close Text;
Step S1-4, by the ciphertext and the user name together as the credit voucher;
Step S1-5, transmission includes the request content and the user of the credit voucher is asked to the server.
6. a kind of safe credit method according to claim 5, it is characterised in that:The step S2 includes:
Step S2-1, in the corresponding user cipher of user name described in the whois lookup;
Step S2-2, decrypts the ciphertext acquisition first pooling information with the user cipher and extracts described first and close And the first information summary in information;The request content is carried out into the summary computing generation second information to pluck Will;
In the step S3, the first information summary refers to the first information summary with second message digest matches Request content is identical with the request content of second informative abstract, and between the reception time and the request time Timeliness phase of the time difference without departing from the credit voucher;Otherwise, the first information is made a summary with second informative abstract not Matching.
7. a kind of safe credit system, including client and server, including client and server, the client send attached The user for having credit voucher asks to the server to ask the server providing services;The server is to passing through credit The client of credential verification provides service;It is characterized in that:User's request includes request content and credit voucher;
The client includes client memory module and credit voucher generation module;The client memory module stores user Name and its corresponding user cipher of the user name, the credit voucher generation module generation include being added according to the request content The credit voucher of close ciphertext;The credit voucher generation module includes first information summarization generation unit, ciphering unit, described First information summarization generation unit generates first information summary according to the request content, and the ciphering unit is believed described first The breath summary encryption generation ciphertext;
The server is including the server storage module for storing user name and user cipher corresponding relation, for verifying State the credit credential validation module of the credit voucher of user's request;The credit credential validation module includes decryption unit, second Informative abstract generation unit, matching unit, the decryption unit decrypt the ciphertext and extract the first information summary;It is described Second informative abstract generation unit generates the second informative abstract according to the request content;The matching unit more described first Whether informative abstract and second informative abstract match.
8. a kind of safe credit system according to claim 7, it is characterised in that:The credit voucher generation module generation Including the ciphertext encrypted according to the request content and the credit voucher of the user name;
The ciphering unit is described close to first information summary encryption generation using the corresponding user cipher of the user name Text;
The decryption unit is decrypted to the ciphertext using the corresponding user cipher of the user name and extracts the first information Summary.
9. a kind of safe credit system according to claim 7, it is characterised in that:The ciphering unit is believed described first Breath summary and the request time encryption generation ciphertext;
The decryption unit decrypts the ciphertext and extracts the first information summary and the request time;
Credit credential validation module includes ageing authentication unit, and the ageing authentication unit judges connecing for the credit voucher Whether the time difference between the time receiving between the request time exceeds the timeliness phase of the credit voucher.
10. a kind of safe credit system according to claim 9, it is characterised in that:The credit voucher generation module life Into including the ciphertext encrypted according to the request content and the credit voucher of the user name;The ciphering unit is used using described The corresponding user cipher of name in an account book is made a summary and the request time encryption generation ciphertext to the first information;
The decryption unit decrypts the ciphertext using the corresponding user cipher of the user name and extracts the first information summary With the request time.
CN201710407013.4A 2017-06-02 2017-06-02 A kind of safe credit method and system Pending CN107231237A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710407013.4A CN107231237A (en) 2017-06-02 2017-06-02 A kind of safe credit method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710407013.4A CN107231237A (en) 2017-06-02 2017-06-02 A kind of safe credit method and system

Publications (1)

Publication Number Publication Date
CN107231237A true CN107231237A (en) 2017-10-03

Family

ID=59933378

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710407013.4A Pending CN107231237A (en) 2017-06-02 2017-06-02 A kind of safe credit method and system

Country Status (1)

Country Link
CN (1) CN107231237A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111835514A (en) * 2020-07-23 2020-10-27 上海英方软件股份有限公司 Method and system for realizing safe interaction of front-end and back-end separated data

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101640682A (en) * 2009-06-04 2010-02-03 深圳市汇海科技开发有限公司 Method for improving safety of Web service
CN102025505A (en) * 2010-12-16 2011-04-20 浪潮(北京)电子信息产业有限公司 Advanced encryption standard (AES) algorithm-based encryption/decryption method and device
CN102685119A (en) * 2012-04-28 2012-09-19 上海杰之能信息科技有限公司 Data transmitting/receiving method, data transmitting/receiving device, transmission method, transmission system and server
EP2717539A1 (en) * 2012-10-02 2014-04-09 BlackBerry Limited Method and system for hypertext transfer protocol digest authentication
CN105447407A (en) * 2015-11-11 2016-03-30 中国建设银行股份有限公司 Off-line data encryption method and decryption method and corresponding apparatus and system
CN105530100A (en) * 2016-01-12 2016-04-27 东南大学 VoLTE secure communication method
CN105610822A (en) * 2015-12-28 2016-05-25 东软熙康健康科技有限公司 Credit verifying method and device
CN106022035A (en) * 2016-05-03 2016-10-12 识益生物科技(北京)有限公司 Method and system for electronic signature
CN106506494A (en) * 2016-10-27 2017-03-15 上海斐讯数据通信技术有限公司 Application access method of open platform
CN106534079A (en) * 2016-10-19 2017-03-22 华迪计算机集团有限公司 Method and system for safety processing of data files

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101640682A (en) * 2009-06-04 2010-02-03 深圳市汇海科技开发有限公司 Method for improving safety of Web service
CN102025505A (en) * 2010-12-16 2011-04-20 浪潮(北京)电子信息产业有限公司 Advanced encryption standard (AES) algorithm-based encryption/decryption method and device
CN102685119A (en) * 2012-04-28 2012-09-19 上海杰之能信息科技有限公司 Data transmitting/receiving method, data transmitting/receiving device, transmission method, transmission system and server
EP2717539A1 (en) * 2012-10-02 2014-04-09 BlackBerry Limited Method and system for hypertext transfer protocol digest authentication
CN105447407A (en) * 2015-11-11 2016-03-30 中国建设银行股份有限公司 Off-line data encryption method and decryption method and corresponding apparatus and system
CN105610822A (en) * 2015-12-28 2016-05-25 东软熙康健康科技有限公司 Credit verifying method and device
CN105530100A (en) * 2016-01-12 2016-04-27 东南大学 VoLTE secure communication method
CN106022035A (en) * 2016-05-03 2016-10-12 识益生物科技(北京)有限公司 Method and system for electronic signature
CN106534079A (en) * 2016-10-19 2017-03-22 华迪计算机集团有限公司 Method and system for safety processing of data files
CN106506494A (en) * 2016-10-27 2017-03-15 上海斐讯数据通信技术有限公司 Application access method of open platform

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
飘过的春风: "数字签名技术", 《CSDN博客HTTPS://BLOG.CSDN.NET/U011630575/ARTICLE/DETAILS/53241027》 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111835514A (en) * 2020-07-23 2020-10-27 上海英方软件股份有限公司 Method and system for realizing safe interaction of front-end and back-end separated data

Similar Documents

Publication Publication Date Title
US11336446B2 (en) System and method for generating and depositing keys for multi-point authentication
CN104579694B (en) A kind of identity identifying method and system
CN105743638B (en) Method based on B/S architecture system client authorization certifications
CN104980477B (en) Data access control method and system under cloud storage environment
CN104009989B (en) A kind of anti-stealing link method of media file, system and server
CN104601593B (en) The method that anti-tracking in network electronic authentication procedures is realized based on challenge mode
CN108092776A (en) A kind of authentication server and authentication token
CN109660485A (en) A kind of authority control method and system based on the transaction of block chain
CN104378379B (en) A kind of digital content encrypted transmission method, equipment and system
CN102647461A (en) Communication method, server and terminal based on HTTP (Hypertext Transfer Protocol)
CN108809633B (en) Identity authentication method, device and system
CN106534150B (en) Identity identifying method and system, user terminal, Website server
CN111080299B (en) Anti-repudiation method for transaction information, client and server
CN108769029A (en) It is a kind of to application system authentication device, method and system
CN109492424A (en) Data assets management method, data assets managing device and computer-readable medium
KR20170003905A (en) System architecture and method for ensuring network information security
CN105978688B (en) A kind of cross-domain safety certifying method based on information separation management
KR102157695B1 (en) Method for Establishing Anonymous Digital Identity
KR101204980B1 (en) Method and System of One-Time Password Authentication Scheme Provide Enhanced Randomness
CN107231237A (en) A kind of safe credit method and system
JP2001344214A (en) Method for certifying terminal and cipher communication system
CN103916372B (en) A kind of third party's log-on message trustship method and system
CN107231238A (en) A kind of credit method and system based on safe credit voucher
JPH09330298A (en) Password registering method, verifying method, password updating method, password registering system, verifying system and password updating system
CN107360132A (en) A kind of method and system for preventing session from recurring

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
CB02 Change of applicant information
CB02 Change of applicant information

Address after: 201616 Shanghai city Songjiang District Sixian Road No. 3666

Applicant after: Shanghai Feixun Data Communication Technology Co., Ltd.

Address before: 201616 Shanghai City, Songjiang District Road No. 3666

Applicant before: Shanghai Feixun Data Communication Technology Co., Ltd.

SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20171003