CN107241187A - A kind of service end data processing method verified for mobile terminal wizard-like - Google Patents

A kind of service end data processing method verified for mobile terminal wizard-like Download PDF

Info

Publication number
CN107241187A
CN107241187A CN201710278683.0A CN201710278683A CN107241187A CN 107241187 A CN107241187 A CN 107241187A CN 201710278683 A CN201710278683 A CN 201710278683A CN 107241187 A CN107241187 A CN 107241187A
Authority
CN
China
Prior art keywords
service end
mobile terminal
verified
wizard
data processing
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710278683.0A
Other languages
Chinese (zh)
Other versions
CN107241187B (en
Inventor
陈强
梁武
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Wangjin Holdings Co Ltd
Original Assignee
Guangdong Wangjin Holdings Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Wangjin Holdings Co Ltd filed Critical Guangdong Wangjin Holdings Co Ltd
Priority to CN201710278683.0A priority Critical patent/CN107241187B/en
Publication of CN107241187A publication Critical patent/CN107241187A/en
Application granted granted Critical
Publication of CN107241187B publication Critical patent/CN107241187B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key

Abstract

The invention discloses a kind of service end data processing method verified for mobile terminal wizard-like, the process is:The business datum that service end is verified the need for being sent to mobile terminal carries out data verification;The service end is signed to the business datum being verified with service end private key, and returns to mobile terminal;Above-mentioned steps are completed in the mobile terminal guide step;The business datum of all steps for the assembling caching that the service end submits mobile terminal final step carries out sign test with public key, if whole sign tests pass through, the checking of the business datum submitted Jing Guo the service end.The service end data processing method that the present invention is verified for mobile terminal wizard-like, the characteristics of using data signature, reaches the effect verified again;Can simply and effectively it ensure under the wizard-like checking scene of mobile terminal, service end carries out the security of data processing.

Description

A kind of service end data processing method verified for mobile terminal wizard-like
Technical field
Taken the present invention relates to data security arts in internet communication, more particularly to one kind when mobile terminal wizard-like is verified Business end carries out safely and effectively data processing method.
Background technology
With the arrival in mobile Internet epoch, mobile end equipment is in explosive growth, and application of the people to mobile terminal is needed Ask more and more, in the different software process of installation and operation, the scene of many wizard-like checkings occurs in mobile terminal.Such as " card flow is tied up in registration ", " giving password flow for change ", " modification data process " etc., these scenes have a common ground:In guide Formula verification process each step request in, be likely to presence service end checking needs, when all steps verify after the completion of, it is necessary to Final step is completed to submit, and finishing service flow.
The scene of this wizard-like checking, the problem of some secure contexts being brought to system:Wizard-like verification process Verification process only occurs for request step, does not occur practical business interaction;When submitting practical business interaction can occur for final step, But for service end, final step and requests verification step above are separated, and the data safety in intermediate link is not It can guarantee that.
For above-mentioned technological deficiency, in the prior art in the presence of two kinds of alternative solutions.Scheme one, service end note The data firmly being had verified that in intermediate steps, when final step is submitted, by service end assemble before the data that had verified that, and The data composition partial data source come up, finishing service processing are submitted with final step mobile terminal.The advantage of the program is:Clothes The data that each step had verified that are remembered at business end, mobile terminal in final step without submitting again before authenticated data, then The data having verified that are comparatively safe, and reason is that client is had no chance the data distorted have verified that again.But shortcoming is:(1) Service end design is dumb, so can be right due to complete preceding Buffering Verifier data in final step, and in final step assembling Mobile terminal wizard-like design produces very strong dependence, if the data structure of each step changes in the guide of mobile terminal, Or the step of guide changes, service end is also required to the logic that changes;(2) because checking data buffer storage is in service end, It is also contemplated that rollback modification problem of the client during guide;(3) after the completion of being verified due to client the step of above, Final step may not necessarily be covered, submission business may be finally abandoned, therefore be also contemplated that the timeliness that service end verifies data buffer storage Sex chromosome mosaicism.
Scheme two, the data of each step are remembered by mobile terminal, all steps before being assembled when final step is submitted Data, constitute complete business datum and submit together, verified again by service end after submission, finishing service processing.This scheme Advantage be:Service end is verified and final step processing separates logic, and service end is without data cached, independent of client Wizard-like design.But shortcoming is:To ensure Information Security during last execution business, service end is needed to final step The total data of submission is verified again, to ensure that data are not distorted after authenticated by client;But it is not all Checking can verify again:Such as mobile phone identifying code is after being proved to be successful, and final step can not verify mobile phone identifying code again.
In view of the defect of above-mentioned safety problem and existing solution, the invention person is by prolonged research and in fact Trample and obtain this creation finally.
The content of the invention
It is an object of the invention to provide a kind of service end data processing method verified for mobile terminal wizard-like, to solve Certainly service end design is dumb in the prior art, the problem of repeated authentication.
To achieve these goals, the technical scheme is that:A kind of service end verified for mobile terminal wizard-like Data processing method, comprises the following steps:
The business datum that service end is verified the need for being sent to mobile terminal carries out data verification;
The service end is signed to the business datum being verified with service end private key, and returns to mobile terminal;It is above-mentioned Step is completed in the mobile terminal guide step;
The business datum of all steps for the assembling caching that the service end submits mobile terminal final step is entered with public key Row sign test, if whole sign tests pass through, the checking of the business datum submitted by the logical service end.
Further, in the signature process of the service end, service end is signed using private key, and defines a pass Keyword and signature value, are assembled into key-value pair, form is by key word:Keyword+signature value.
Further, the keyword, which is that service end is customized, can represent the expression formula of certain checking.
Further, the key-value pair of the service end formation is encrypted with the symmetric key of service end, forms encrypted word Symbol string, the result and encrypted characters string are returned to according to preset format to mobile terminal.
Further, the mobile terminal is when final step is submitted, and assembles all step business datums of caching and each The encrypted characters string that service end is returned is walked, service end is sent jointly to according to default form.
Further, the service end one by one decrypts the encrypted characters string that mobile terminal is submitted, and is reduced into after decryption default Keyword+signature value form.
Further, the service end is searched final step mobile terminal and carried according to implication of the service end to keyword definition Corresponding data in whole business datums of friendship, and corresponding data and signature value are carried out sign test comparison.
Further, the quantity of the key-value pair is at least one.
Compared with prior art the invention has the advantages that:The service that the present invention is verified for mobile terminal wizard-like End data processing method, the characteristics of using data signature, reaches the effect verified again;Can simply and effectively ensure mobile terminal to Under conduction checking scene, service end carries out the security of data processing.
On the one hand, the present invention uses data signature, only when mobile terminal final step is submitted, and completes one-time authentication, it is to avoid Repeated authentication, saves program resource.
Another invention, data signature of the present invention can represent the expression formula of certain checking using service end is customized, check on Key word and signature value are assembled into key-value pair, and coded format is easy, and service end has a larger design flexibility, data format it is steady It is qualitative good.
Also, mobile terminal of the present invention submits the business datum for constituting complete, by servicing after submission together in final step Verify that service end checking and final step separately handle logic, and service end is without data cached, independent of client again in end Wizard-like design, with larger design flexibility.Service end is during guide, it would be desirable to which the data of checking are signed Name, and the unified checking signature in final step, greatly save the program resource of server.
Brief description of the drawings
Fig. 1 is the schematic flow sheet for being directed to the service end data processing method that mobile terminal wizard-like is verified of the invention;
The schematic flow sheet of mobile terminal and service end both sides during Fig. 2 verifies for the mobile terminal wizard-like of the present invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete Whole description, it is clear that described embodiment is only a part of embodiment of the invention, rather than whole embodiments.
Refer to shown in Fig. 1, it is the service end data processing method verified for mobile terminal wizard-like of the invention Schematic flow sheet;Comprise the steps:
Step a, the business datum that service end is verified the need for being sent to mobile terminal carries out data verification;
Step b, service end is signed to the business datum being verified with service end private key, and returns to mobile terminal;
Step c, the business datum public key of all steps for the assembling caching that service end submits mobile terminal final step Sign test is carried out, if whole sign tests pass through, the business datum submitted passes through the checking of service end.
It can then trust by the above-mentioned steps c data verified, be not tampered with, without verifying again;Tested by above-mentioned After card, then service end carries out the regular traffic processing of final step.
Specifically, above-mentioned steps b signature process is applied in the guide step of mobile terminal, in above-mentioned steps b, service End is signed using private key, and defines a keyword, and keyword and signature value are assembled into key-value pair;Keyword is service End is customized to represent the expression formula of certain checking;The form of the key-value pair ultimately formed is:The lattice of keyword+signature value Formula.
Preferably, the security in order to preferably protect signed data, in above-mentioned steps b, above-mentioned key-value pair can be with Increase key;Concrete operations are:Above-mentioned key-value pair data is encrypted with the symmetric key of service end, encrypted characters are formed String, the result and encrypted characters string are returned to mobile terminal.
Specifically, after above-mentioned steps b, the result that mobile terminal is returned according to service end judges whether to enter next Step, and cache the business datum in encrypted characters string and current procedures from service end.
Specifically, above-mentioned steps c occurs when the completion final step of mobile terminal guide needs to submit to service end, at this During, if there is encryption situation, all step business datums of the mobile terminal assembling caching, and each step service end are returned Encrypted characters string, send jointly to service end according to default form.
Accordingly, the service end one by one decrypts the encrypted characters string that mobile terminal is submitted, and is reduced into after decryption default The form of key-value pair, the form of keyword+signature value.In the present embodiment, there is at least one guide step, each guide Step may all need checking, and accordingly, there exist at least one key-value pair data, therefore, mobile terminal sends key-value pair to service end Data value, sends every key-value pair data to service end according to default form, it is to avoid occur checking disorderly.
Specifically, in above-mentioned steps c, according to implication of the service end to keyword definition, final step movement is searched Data corresponding in the whole business datums submitted are held, and corresponding data and signature value are carried out sign test comparison, if entirely Portion's sign test passes through, according to the characteristics of data signature, can be concluded that checking of the submitted business datum Jing Guo service end, and It is not tampered with, without verifying again.
Refer to shown in Fig. 2, mobile terminal and service end both sides are handled during it is verified for the mobile terminal wizard-like of the present invention Schematic flow sheet, illustrates that the process is below as the sequencing of sequential:
Step S01, mobile terminal is sent to service end needs the business datum of checking in current procedures;Those skilled in the art It is understood that the transformat of business datum be able to can also be encrypted for conventional coded format, this process.
Step C01, service end carries out data verification to the business datum of submission;
The data being verified are signed by step C02 with service end private key, and define a keyword, key Word and signature value are assembled into key-value pair, and the key-value pair eventually formed is:The form of keyword+signature value;
Keyword, which is that service end is customized, can represent the expression formula of certain checking;For the data or data being verified Combination, signature is signed using the private key of service end oneself.
In the present embodiment, such as the checking keyword definition of cell-phone number is " S01 ", and the checking keyword definition of name is “S02”;Then it is proved to be successful after cell-phone number, userid+ cell-phone numbers is signed, forms a signature value.Obviously, this kind is defined Mode has diversified forms.
Step C03, service end is encrypted above-mentioned key-value pair data with the symmetric key of service end, forms encrypted characters String, the result and encrypted characters string are returned to mobile terminal;It will be readily appreciated that, checking keyword can with encrypted characters string To set same form, Unified coding.
Step S02, the result returned according to service end judges whether to enter next step, and cache encrypted characters string with And the business datum in current procedures;
Step S03, assembles all step business datums of caching, and the encrypted characters string that each step service end is returned, one Rise and be sent to service end;
Step C04, the encrypted characters string that mobile terminal is submitted is decrypted one by one, and keyword+signature value is reduced into after decryption Data format;
Step C05, according to implication of the service end to keyword definition, searches whole business that final step mobile terminal is submitted Corresponding data in data, and corresponding data and signature value are carried out sign test comparison, if whole sign tests pass through, according to number The characteristics of according to signature, checking of the submitted business datum Jing Guo service end is can be concluded that, and be not tampered with, Wu Xuzai Secondary checking.
In the present embodiment, such as keyword is S01, then searches the userid+ mobile phones in the business datum for submitting Number, and the corresponding signature values of S01 in userid+ cell-phone numbers and key-value pair are carried out sign test;
Step C06, carries out the regular traffic processing of final step.
So far, combined preferred embodiment shown in the drawings describes technical scheme, still, this area Technical staff is it is easily understood that protection scope of the present invention is expressly not limited to these embodiments.Without departing from this On the premise of the principle of invention, those skilled in the art can make equivalent change or replacement to correlation technique feature, these Technical scheme after changing or replacing it is fallen within protection scope of the present invention.

Claims (8)

1. a kind of service end data processing method verified for mobile terminal wizard-like, it is characterised in that comprise the following steps:
The business datum that service end is verified the need for being sent to mobile terminal carries out data verification;
The service end is signed to the business datum being verified with service end private key, and returns to mobile terminal;Above-mentioned steps Completed in the mobile terminal guide step;
The business datum of all steps for the assembling caching that the service end submits mobile terminal final step is tested with public key Label, if whole sign tests pass through, the business datum submitted passes through the checking of the service end.
2. the service end data processing method according to claim 1 verified for mobile terminal wizard-like, it is characterised in that In the signature process of the service end, service end is signed using private key, and defines a keyword, keyword and label Name value is assembled into key-value pair, and form is:Keyword+signature value.
3. the service end data processing method according to claim 2 verified for mobile terminal wizard-like, it is characterised in that The keyword, which is that service end is customized, can represent the expression formula of certain checking.
4. the service end data processing method according to claim 2 verified for mobile terminal wizard-like, it is characterised in that The key-value pair of the service end formation is encrypted with the symmetric key of service end, encrypted characters string is formed, according to preset format The result and encrypted characters string are returned to mobile terminal.
5. the service end data processing method according to claim 4 verified for mobile terminal wizard-like, it is characterised in that The mobile terminal assembles the encryption that all step business datums and each step service end of caching are returned when final step is submitted Character string, service end is sent jointly to according to default form.
6. the service end data processing method according to claim 4 verified for mobile terminal wizard-like, it is characterised in that The service end one by one decrypts the encrypted characters string that mobile terminal is submitted, and default keyword+signature value is reduced into after decryption Form.
7. the service end data processing method according to claim 6 verified for mobile terminal wizard-like, it is characterised in that The service end is searched in whole business datums that final step mobile terminal is submitted according to implication of the service end to keyword definition Corresponding data, and corresponding data and signature value are carried out sign test comparison.
8. the service end data processing side verified for mobile terminal wizard-like according to claim 2-7 any claims Method, it is characterised in that the quantity of the key-value pair is at least one.
CN201710278683.0A 2017-04-25 2017-04-25 A kind of server-side data processing method for the verifying of mobile terminal wizard-like Active CN107241187B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710278683.0A CN107241187B (en) 2017-04-25 2017-04-25 A kind of server-side data processing method for the verifying of mobile terminal wizard-like

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710278683.0A CN107241187B (en) 2017-04-25 2017-04-25 A kind of server-side data processing method for the verifying of mobile terminal wizard-like

Publications (2)

Publication Number Publication Date
CN107241187A true CN107241187A (en) 2017-10-10
CN107241187B CN107241187B (en) 2019-11-08

Family

ID=59984300

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710278683.0A Active CN107241187B (en) 2017-04-25 2017-04-25 A kind of server-side data processing method for the verifying of mobile terminal wizard-like

Country Status (1)

Country Link
CN (1) CN107241187B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102111378A (en) * 2009-12-25 2011-06-29 上海格尔软件股份有限公司 Signature verification system
CN104969528A (en) * 2012-12-28 2015-10-07 诺克诺克实验公司 Query system and method to determine authentication capabilities
CN106452792A (en) * 2016-11-21 2017-02-22 济南浪潮高新科技投资发展有限公司 Data single transmission module based on digital signature integrity checking

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102111378A (en) * 2009-12-25 2011-06-29 上海格尔软件股份有限公司 Signature verification system
CN104969528A (en) * 2012-12-28 2015-10-07 诺克诺克实验公司 Query system and method to determine authentication capabilities
CN106452792A (en) * 2016-11-21 2017-02-22 济南浪潮高新科技投资发展有限公司 Data single transmission module based on digital signature integrity checking

Also Published As

Publication number Publication date
CN107241187B (en) 2019-11-08

Similar Documents

Publication Publication Date Title
US11323272B2 (en) Electronic identification verification methods and systems with storage of certification records to a side chain
WO2020135114A1 (en) Method and device for authenticating identity information, and server
CN105850073B (en) Information system access authentication method and device
CN107948204B (en) One-key login method and system, related equipment and computer readable storage medium
WO2018030707A1 (en) Authentication system and method, and user equipment, authentication server, and service server for performing same method
US20190305955A1 (en) Push notification authentication
KR101744747B1 (en) Mobile terminal, terminal and method for authentication using security cookie
CN106936790A (en) The method that client and server end carries out two-way authentication is realized based on digital certificate
US20130232551A1 (en) Method and device for anonymous entity identification
KR102137122B1 (en) Security check method, device, terminal and server
CN111865889B (en) Login request processing method, system, device, electronic equipment and storage medium
CN111756750B (en) Secure access method, device, equipment and storage medium
US20220029983A1 (en) System and method for automated customer verification
US20240098493A1 (en) Identifying trusted service set identifiers for wireless networks
US10972465B1 (en) Secure authentication through visual codes containing unique metadata
CN113536250B (en) Token generation method, login verification method and related equipment
CN110690971A (en) Data processing method and system based on USBKey
KR101799517B1 (en) A authentication server and method thereof
CN107241187B (en) A kind of server-side data processing method for the verifying of mobile terminal wizard-like
US20220086134A1 (en) Mobile device based credential authentication
US20210385213A1 (en) Device-to-device authentication method and program based on virtual authentication code
WO2023029476A1 (en) Method for determining account information when user is in non-login state, and system
CN113591053A (en) Method and system for identifying general mobile equipment based on biological information
CN106790164B (en) L2TP password modification method and device
TWI694346B (en) System and method for multiple identity authentication credentials

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
PP01 Preservation of patent right
PP01 Preservation of patent right

Effective date of registration: 20210922

Granted publication date: 20191108