CN107360131A - A kind of method, server and the system of the control of service request legitimacy - Google Patents

A kind of method, server and the system of the control of service request legitimacy Download PDF

Info

Publication number
CN107360131A
CN107360131A CN201710390926.XA CN201710390926A CN107360131A CN 107360131 A CN107360131 A CN 107360131A CN 201710390926 A CN201710390926 A CN 201710390926A CN 107360131 A CN107360131 A CN 107360131A
Authority
CN
China
Prior art keywords
key
time stamp
ciphertext
current time
client
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710390926.XA
Other languages
Chinese (zh)
Other versions
CN107360131B (en
Inventor
陈强
潘有劲
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Wangjin Holdings Co Ltd
Original Assignee
Guangdong Wangjin Holdings Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Wangjin Holdings Co Ltd filed Critical Guangdong Wangjin Holdings Co Ltd
Priority to CN201710390926.XA priority Critical patent/CN107360131B/en
Publication of CN107360131A publication Critical patent/CN107360131A/en
Application granted granted Critical
Publication of CN107360131B publication Critical patent/CN107360131B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0478Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/121Timestamp

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)
  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present invention relates to method, server and the system of a kind of service request legitimacy control.Client stores the front half section of integrity key, server storage integrity key, it is front half section and second half section respectively, client first carries out one-time authentication before service request is carried out to server, server returns to client after carrying out 2 encryptions according to integrity key and server timestamp after this authentication, client gets unique token and corresponding timestamp after reusing front half section secret key decryption and assembling integrity key, client maintenance timestamp is consistent with server timestamp by it, part of key can further prevent client to be cracked to obtain integrity key, and then improve security, the mode being encrypted using server time stamp, so that it also is difficult to be forged after the request of client is intercepted.

Description

A kind of method, server and the system of the control of service request legitimacy
Technical field
The present invention relates to communication security techniques.
Background technology
In Internet era, in today that WEB and app spread unchecked, the control of client request legitimacy shows more and more important, Client request server will typically now be used, then server generation token (token) returns to client, and client is every Secondary request takes the token.But so can be there is some security breaches, once token is crawled, then can forge please Ask.
The content of the invention
For overcome the deficiencies in the prior art, an object of the present invention is to provide a kind of service request legitimacy control Method, its can solve the problems, such as easily forge request.
The second object of the present invention is to provide a kind of server, and it can solve the problems, such as easily to forge request.
The third object of the present invention is to provide a kind of system, and it can solve the problems, such as easily to forge request.
One of to achieve these goals, the technical solution adopted in the present invention is as follows:
A kind of method of service request legitimacy control, it is applied to server, and the server storage has integrity key And the mark and the corresponding relation of the integrity key, the integrity key of client include first key and the second key;
This method includes encrypting step and decryption step;
The encrypting step includes:
Receive the mark of client;
Unique token is generated, and association corresponding with the unique token is identified by described;
It is encrypted to obtain using combination of the integrity key corresponding with the mark to unique token and current time stamp A First ciphertext;
It is encrypted to obtain the second ciphertext using combination of the first key to the first ciphertext and the second key;
Second ciphertext is sent to the client, so that second ciphertext is decrypted the client To integrity key, unique token and current time stamp A, predicted time stamp is calculated according to current time stamp A, and using complete close The combination that key stabs to unique token and predicted time is encrypted to obtain the 3rd ciphertext;
The decryption step includes:
Receive mark, the 3rd ciphertext and the service request of client;
The 3rd ciphertext is decrypted using integrity key corresponding with the mark, obtains unique token and prediction Timestamp;
Predicted time stamp is obtained into fiducial value compared with current time stamp B;
When unique token is effective, and the fiducial value within a preset range when, respond the service request.
Preferably, the unique token is GUID.
Preferably, the first key is the front half section of integrity key, and the second key is the second half section of integrity key.
Preferably, " second ciphertext is decrypted to obtain the tool of integrity key, unique token and current time stamp A " Body step is as follows:
The second ciphertext is decrypted using first key, obtains the first ciphertext and the second key;The first key is deposited Storage is in the client;
First key and the second key are combined to obtain integrity key, the first ciphertext solved using integrity key It is close, obtain unique token and current time stamp A.
Preferably, " second ciphertext is being decrypted to obtain integrity key, unique token and current time stamp A " When, record current time stamp C;" the calculating predicted time stamp according to current time stamp A " specifically comprises the following steps:
In initiating business request, current time stamp D is subtracted into current time stamp C and obtains time difference E, by time difference E with Current time stamp A sums to obtain the predicted time stamp.
To achieve these goals two, the technical solution adopted in the present invention is as follows:
A kind of server, it includes memory and processor;
The memory, for store integrity key, client mark and the corresponding relation of the integrity key and Programmed instruction;Wherein, the integrity key includes first key and the second key;
The processor, for running described program instruction, to perform encrypting step and decryption step;
The encrypting step includes:
Receive the mark of client;
Unique token is generated, and association corresponding with the unique token is identified by described;
It is encrypted to obtain using combination of the integrity key corresponding with the mark to unique token and current time stamp A First ciphertext;
It is encrypted to obtain the second ciphertext using combination of the first key to the first ciphertext and the second key;
Second ciphertext is sent to the client, so that second ciphertext is decrypted the client To integrity key, unique token and current time stamp A, predicted time stamp is calculated according to current time stamp A, and using complete close The combination that key stabs to unique token and predicted time is encrypted to obtain the 3rd ciphertext;
The decryption step includes:
Receive mark, the 3rd ciphertext and the service request of client;
The 3rd ciphertext is decrypted using integrity key corresponding with the mark, obtains unique token and prediction Timestamp;
Predicted time stamp is obtained into fiducial value compared with current time stamp B;
When unique token is effective, and the fiducial value within a preset range when, respond the service request.
Preferably, " second ciphertext is decrypted to obtain the tool of integrity key, unique token and current time stamp A " Body step is as follows:
The second ciphertext is decrypted using first key, obtains the first ciphertext and the second key;The first key is deposited Storage is in the client;
First key and the second key are combined to obtain integrity key, the first ciphertext solved using integrity key It is close, obtain unique token and current time stamp A.
Preferably, " second ciphertext is being decrypted to obtain integrity key, unique token and current time stamp A " When, record current time stamp C;" the calculating predicted time stamp according to current time stamp A " specifically comprises the following steps:
In initiating business request, current time stamp D is subtracted into current time stamp C and obtains time difference E, by time difference E with Current time stamp A sums to obtain the predicted time stamp.
To achieve these goals three, the technical solution adopted in the present invention is as follows:
A kind of system, it includes server and the client of network service, the server bag is used with the server First memory and first processor are included, the client includes second memory and second processor;
The first memory, for store integrity key, client mark and the corresponding relation of the integrity key, And first programmed instruction;Wherein, the integrity key includes first key and the second key;
The first processor, for running first programmed instruction, to perform encrypting step and decryption step;
The encrypting step includes:
Receive the mark of client;
Unique token is generated, and association corresponding with the unique token is identified by described;
It is encrypted to obtain using combination of the integrity key corresponding with the mark to unique token and current time stamp A First ciphertext;
It is encrypted to obtain the second ciphertext using combination of the first key to the first ciphertext and the second key;
Second ciphertext is sent to the client;
The decryption step includes:
Receive mark, the 3rd ciphertext and the service request of client;
The 3rd ciphertext is decrypted using integrity key corresponding with the mark, obtains unique token and prediction Timestamp;
Predicted time stamp is obtained into fiducial value compared with current time stamp B;
When unique token is effective, and the fiducial value within a preset range when, respond the service request;
The second memory, for storing the second programmed instruction;
The second processor, for running second programmed instruction, to perform following steps:
Second ciphertext is decrypted to obtain integrity key, unique token and current time stamp A;
In initiating business request, predicted time stamp is calculated according to current time stamp A, and using integrity key to unique The combination of token and predicted time stamp is encrypted to obtain the 3rd ciphertext;
3rd ciphertext, mark and the service request are sent to the server.
The second memory is additionally operable to store first key;Wherein, " second ciphertext is decrypted to obtain completely Key, unique token and current time stamp A " are comprised the following steps that:
The second ciphertext is decrypted using first key, obtains the first ciphertext and the second key;
First key and the second key are combined to obtain integrity key, the first ciphertext solved using integrity key It is close, obtain unique token and current time stamp A.
Preferably, " second ciphertext is being decrypted to obtain integrity key, unique token and current time stamp A " When, record current time stamp C;" the calculating predicted time stamp according to current time stamp A " specifically comprises the following steps:
Current time stamp D is subtracted into current time stamp C and obtains time difference E, time difference E and current time stamp A are summed Stabbed to the predicted time.
Compared with prior art, the beneficial effects of the present invention are:
Segmented key and server timestamp are combined and are applied in communication, so as to be effectively controlled client Access rights, allow forge ask difficulty it is very big.
Brief description of the drawings
Fig. 1 is the structural representation of the server of the embodiment of the present invention two;
Fig. 2 is the structural representation of the system of the embodiment of the present invention three;
Fig. 3 is the interaction process schematic flow sheet of the system of the embodiment of the present invention three.
Embodiment
Below, with reference to accompanying drawing and embodiment, the present invention is described further:
Embodiment one
The present embodiment proposes a kind of method of service request legitimacy control, and it is applied to server, the server The mark and the corresponding relation of the integrity key of integrity key and client are stored with, it is close that the integrity key includes first Key and the second key.The mark of the present embodiment preferably uses the machine code of client.The first key of the present embodiment is preferably The front half section of integrity key, the second key are preferably the second half section of integrity key, certainly, according to the demand of setting, first key Can be the value of the odd positions of integrity key permutation and combination after value, the second key can be the even number position of integrity key Value permutation and combination after value, or integrity key can be formed using other modes.
The server of the present embodiment is communicated with client by network.The network can be wireless network or wired Network.Client can be mobile phone, financial terminal etc..It is preferably provided with client and the time synchronized of server.Client stores There is first key.
The method of the present embodiment specifically includes encrypting step and decryption step;
The encrypting step specifically includes:
Step A1, the mark of client is received;
Step A2, unique token is generated according to preset rules, and association corresponding with the unique token is identified by described;Only One token is not reproducible, preferably using GUID (GUID);
Step A3, carried out using combination of the integrity key corresponding with the mark to unique token and current time stamp A Encryption obtains the first ciphertext;The current time stamp A refers to current time of the server in this step;
Step A4, it is encrypted to obtain the second ciphertext using combination of the first key to the first ciphertext and the second key;
Step A5, second ciphertext is sent to the client, so that the client is entered to second ciphertext Row decryption obtains integrity key, unique token and current time stamp A, calculates predicted time stamp according to current time stamp A, and adopt The combination stabbed with integrity key to unique token and predicted time is encrypted to obtain the 3rd ciphertext.
Wherein, " second ciphertext is decrypted to obtain the specific of integrity key, unique token and current time stamp A " Step is as follows:
The second ciphertext is decrypted using first key, obtains the first ciphertext and the second key;
First key and the second key are combined to obtain integrity key, the first ciphertext solved using integrity key It is close, obtain unique token and current time stamp A.
" when being decrypted to obtain integrity key, unique token and current time stamp A " to second ciphertext, recording and working as Preceding timestamp C;" the calculating predicted time stamp according to current time stamp A " specifically comprises the following steps:
In initiating business request, current time stamp D is subtracted into current time stamp C and obtains time difference E, by time difference E with Current time stamp A sums to obtain the predicted time stamp.Current time stamp D refers to current time of the client in this step.
The decryption step specifically includes:
Step B1, step receives mark, the 3rd ciphertext and the service request of client;
Step B2, the 3rd ciphertext is decrypted using integrity key corresponding with the mark, uniquely made Board and predicted time stamp;
Step B3, predicted time stamp is obtained into fiducial value compared with current time stamp B;The current time stamp B refers to current time of the server in this step;
Step B4, when unique token is effective, and the fiducial value within a preset range when, respond the service request.Only One token is effectively referred to according to the corresponding unique token for associating out step A2 storages of the mark, by step A2 unique order Board is compared with the unique token of this step, if unanimously, then it is assumed that effectively.The preset range can be 0-2 seconds, 0-5 seconds Deng can be configured according to client or the disposal ability of server, business processing amount.
Embodiment two
As shown in Fig. 2 present embodiment discloses a kind of server, it includes memory and processor.The memory, use In storage integrity key, the mark of client and the corresponding relation and programmed instruction of the integrity key;Wherein, it is described complete Whole key includes first key and the second key;The processor, for running described program instruction, retouched with performing embodiment one The encrypting step and decryption step stated.It will not be repeated here.
Embodiment three
As shown in figure 3, a kind of system, it includes server and the client of network service, institute is used with the server Stating server includes first memory and first processor, and the client includes second memory and second processor.
The first memory, for store integrity key, client mark and the corresponding relation of the integrity key, And first programmed instruction;Wherein, the integrity key includes first key and the second key;The first processor, is used for First programmed instruction is run, to perform step as shown in Figure 3.
The second memory, for storing the second programmed instruction and first key;The second processor, for transporting Row second programmed instruction, to perform step as shown in Figure 3.
As shown in figure 3, it is described in detail with the interaction flow of server and client.
First, client terminal start-up is asked:
Step S01, verification request is sent, the mark of client is included in verification request;
2nd, server authenticates for the first time:
Step C01, after receiving verification request, the mark of client is obtained;
Step C02, verify client-side information after, according to preset rules generate unique token, and by it is described mark with it is described Unique token is corresponding to be associated;
Step C03, unique token and current time stamp A are combined, using integrity key corresponding with the mark to only The combination of one token and current time stamp A is encrypted to obtain the first ciphertext;
Step C04, the first ciphertext and the second key are combined, using first key to the first ciphertext and the second key Combination be encrypted to obtain the second ciphertext;
Step C05, second ciphertext is sent to the client;
3rd, client lifts service request:
Step S02, the second ciphertext is decrypted using first key, obtains the first ciphertext and the second key;
Step S03, first key and the second key are combined to obtain integrity key, it is close to first using integrity key Text is decrypted, and obtains unique token and current time stamp A.
Step S04, unique token and current time stamp A are preserved, and records current time stamp C;
Step S05, in initiating business request, current time stamp D is subtracted into current time stamp C and obtains time difference E, will Time difference E and current time stamp A sums to obtain predicted time stamp, and unique token and predicted time are stabbed using integrity key Combination is encrypted to obtain the 3rd ciphertext, and the 3rd ciphertext, mark and the service request are sent to the server.
4th, server response service request:
Step C06, mark, the 3rd ciphertext and the service request of client are received;Correspondingly associated out completely according to the mark Key, if taking less than corresponding integrity key, it is not legal client to return to client, if integrity key can be obtained, The 3rd ciphertext is decrypted using integrity key corresponding with the mark, obtains unique token and predicted time stamp, If integrity key can not be decrypted to the 3rd ciphertext, client validation failure is returned, verification request is restarted by client;
Step C07, predicted time stamp is obtained into fiducial value compared with current time stamp B, if unique token has Effect, and the fiducial value within a preset range when, then respond the service request, carry out normal business processing;If unique order Board is invalid, or the fiducial value not within a preset range when, then return client validation failure, school is restarted by client Test request.The present embodiment and the identical term of embodiment one, then explain, will not be repeated here using with the identical of embodiment one.
In general, the general principle of embodiment one to three is:Client stores the front half section of integrity key, server Integrity key is store, is front half section and second half section respectively, client is first carried out once before service request is carried out to server Checking, server return to client, client after carrying out 2 encryptions according to integrity key and server timestamp after this authentication Unique token and corresponding timestamp, client maintenance are got after reusing front half section secret key decryption and assembling integrity key Timestamp is consistent with server timestamp by it, and part of key (front half section or second half section) further can prevent client to be cracked Integrity key is obtained, and then improves security, the mode being encrypted using server time stamp so that the request quilt of client It also is difficult to be forged after interception.
It will be apparent to those skilled in the art that technical scheme that can be as described above and design, make other various Corresponding change and deformation, and all these changes and deformation should all belong to the protection domain of the claims in the present invention Within.

Claims (10)

1. a kind of method of service request legitimacy control, it is applied to server, it is characterised in that the server storage has The mark and the corresponding relation of the integrity key of integrity key and client, the integrity key include first key and the Two keys;
This method includes encrypting step and decryption step;
The encrypting step includes:
Receive the mark of client;
Unique token is generated, and association corresponding with the unique token is identified by described;
It is encrypted to obtain first using combination of the integrity key corresponding with the mark to unique token and current time stamp A Ciphertext;
It is encrypted to obtain the second ciphertext using combination of the first key to the first ciphertext and the second key;
Second ciphertext is sent to the client, so that the client is decrypted to have obtained to second ciphertext Whole key, unique token and current time stamp A, predicted time stamp is calculated according to current time stamp A, and use integrity key pair The combination of unique token and predicted time stamp is encrypted to obtain the 3rd ciphertext;
The decryption step includes:
Receive mark, the 3rd ciphertext and the service request of client;
The 3rd ciphertext is decrypted using integrity key corresponding with the mark, obtains unique token and predicted time Stamp;
Predicted time stamp is obtained into fiducial value compared with current time stamp B;
When unique token is effective, and the fiducial value within a preset range when, respond the service request.
2. the method as described in claim 1, it is characterised in that the unique token is GUID.
3. the method as described in claim 1, it is characterised in that the first key is the front half section of integrity key, and second is close Key is the second half section of integrity key.
4. the method as described in claim 1, it is characterised in that " be decrypted to obtain integrity key, only to second ciphertext One token and current time stamp A's " comprises the following steps that:
The second ciphertext is decrypted using first key, obtains the first ciphertext and the second key;The first key is stored in In the client;
First key and the second key are combined to obtain integrity key, the first ciphertext are decrypted using integrity key, Obtain unique token and current time stamp A.
5. method as claimed in claim 4, it is characterised in that " second ciphertext is decrypted to obtain integrity key, Unique token and during current time stamp A ", records current time stamp C;It is described " predicted time to be calculated according to current time stamp A Stamp " specifically comprises the following steps:
In initiating business request, current time stamp D is subtracted into current time stamp C and obtains time difference E, by time difference E and currently Timestamp A sums to obtain the predicted time stamp.
6. a kind of server, it is characterised in that including memory and processor;
The memory, for storing integrity key, the mark of client and the corresponding relation and program of the integrity key Instruction;Wherein, the integrity key includes first key and the second key;
The processor, for running described program instruction, to perform encrypting step and decryption step;
The encrypting step includes:
Receive the mark of client;
Unique token is generated, and association corresponding with the unique token is identified by described;
It is encrypted to obtain first using combination of the integrity key corresponding with the mark to unique token and current time stamp A Ciphertext;
It is encrypted to obtain the second ciphertext using combination of the first key to the first ciphertext and the second key;
Second ciphertext is sent to the client, so that the client is decrypted to have obtained to second ciphertext Whole key, unique token and current time stamp A, predicted time stamp is calculated according to current time stamp A, and use integrity key pair The combination of unique token and predicted time stamp is encrypted to obtain the 3rd ciphertext;
The decryption step includes:
Receive mark, the 3rd ciphertext and the service request of client;
The 3rd ciphertext is decrypted using integrity key corresponding with the mark, obtains unique token and predicted time Stamp;
Predicted time stamp is obtained into fiducial value compared with current time stamp B;
When unique token is effective, and the fiducial value within a preset range when, respond the service request.
7. server as claimed in claim 6, it is characterised in that " second ciphertext is decrypted to obtain integrity key, Unique token and current time stamp A's " comprises the following steps that:
The second ciphertext is decrypted using first key, obtains the first ciphertext and the second key;The first key is stored in In the client;
First key and the second key are combined to obtain integrity key, the first ciphertext are decrypted using integrity key, Obtain unique token and current time stamp A.
8. server as claimed in claim 7, it is characterised in that " be decrypted to obtain to second ciphertext complete close When key, unique token and current time stamp A ", current time stamp C is recorded;It is described " when calculating prediction according to current time stamp A Between stab " specifically comprise the following steps:
In initiating business request, current time stamp D is subtracted into current time stamp C and obtains time difference E, by time difference E and currently Timestamp A sums to obtain the predicted time stamp.
9. a kind of system, it includes server and the client of network service is used with the server, and the server includes First memory and first processor, the client include second memory and second processor;Characterized in that,
The first memory, for store integrity key, client mark and the corresponding relation of the integrity key and First programmed instruction;Wherein, the integrity key includes first key and the second key;
The first processor, for running first programmed instruction, to perform encrypting step and decryption step;
The encrypting step includes:
Receive the mark of client;
Unique token is generated, and association corresponding with the unique token is identified by described;
It is encrypted to obtain first using combination of the integrity key corresponding with the mark to unique token and current time stamp A Ciphertext;
It is encrypted to obtain the second ciphertext using combination of the first key to the first ciphertext and the second key;
Second ciphertext is sent to the client;
The decryption step includes:
Receive mark, the 3rd ciphertext and the service request of client;
The 3rd ciphertext is decrypted using integrity key corresponding with the mark, obtains unique token and predicted time Stamp;
Predicted time stamp is obtained into fiducial value compared with current time stamp B;
When unique token is effective, and the fiducial value within a preset range when, respond the service request;
The second memory, for storing the second programmed instruction;
The second processor, for running second programmed instruction, to perform following steps:
Second ciphertext is decrypted to obtain integrity key, unique token and current time stamp A;
In initiating business request, predicted time stamp is calculated according to current time stamp A, and using integrity key to unique token Combination with predicted time stamp is encrypted to obtain the 3rd ciphertext;
3rd ciphertext, mark and the service request are sent to the server.
10. system as claimed in claim 9, it is characterised in that the second memory is additionally operable to store first key;Its In, " second ciphertext is decrypted to obtain integrity key, unique token and current time stamp A " and comprised the following steps that:
The second ciphertext is decrypted using first key, obtains the first ciphertext and the second key;
First key and the second key are combined to obtain integrity key, the first ciphertext are decrypted using integrity key, Obtain unique token and current time stamp A.
" when being decrypted to obtain integrity key, unique token and current time stamp A " to second ciphertext, when recording current Between stab C;" the calculating predicted time stamp according to current time stamp A " specifically comprises the following steps:
Current time stamp D is subtracted into current time stamp C and obtains time difference E, time difference E and current time stamp A are summed to obtain institute State predicted time stamp.
CN201710390926.XA 2017-05-27 2017-05-27 Method, server and system for controlling validity of service request Active CN107360131B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710390926.XA CN107360131B (en) 2017-05-27 2017-05-27 Method, server and system for controlling validity of service request

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710390926.XA CN107360131B (en) 2017-05-27 2017-05-27 Method, server and system for controlling validity of service request

Publications (2)

Publication Number Publication Date
CN107360131A true CN107360131A (en) 2017-11-17
CN107360131B CN107360131B (en) 2020-02-07

Family

ID=60271630

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710390926.XA Active CN107360131B (en) 2017-05-27 2017-05-27 Method, server and system for controlling validity of service request

Country Status (1)

Country Link
CN (1) CN107360131B (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109189590A (en) * 2018-08-16 2019-01-11 黄疆 Memory management method and device based on RESTful service
CN110445809A (en) * 2019-09-03 2019-11-12 深圳绿米联创科技有限公司 Network attack detecting method, device, system, electronic equipment and storage medium
CN110826097A (en) * 2019-10-29 2020-02-21 维沃移动通信有限公司 Data processing method and electronic equipment
CN110912578A (en) * 2019-11-28 2020-03-24 耒阳市旗心电子科技有限公司 Communication method of portable communication equipment
CN111756738A (en) * 2020-06-24 2020-10-09 昆明东电科技有限公司 System framework for quickly constructing Web application, data processing method and system
CN112235277A (en) * 2020-10-09 2021-01-15 北京达佳互联信息技术有限公司 Resource request method, resource response method and related equipment
CN113872974A (en) * 2021-09-29 2021-12-31 深圳市微购科技有限公司 Method, server and computer-readable storage medium for network session encryption
CN114866303A (en) * 2022-04-26 2022-08-05 武昌理工学院 Anti-hijacking detection signal authentication method
CN117714216A (en) * 2024-02-06 2024-03-15 杭州城市大脑有限公司 Data unauthorized access control method based on encryption of multidimensional unique identification

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103763356A (en) * 2014-01-08 2014-04-30 深圳大学 Establishment method, device and system for connection of secure sockets layers
CN106060078A (en) * 2016-07-11 2016-10-26 浪潮(北京)电子信息产业有限公司 User information encryption method, user registration method and user validation method applied to cloud platform
US20170099146A1 (en) * 2014-03-31 2017-04-06 EXILANT Technologies Private Limited Increased communication security
WO2017068399A1 (en) * 2015-10-23 2017-04-27 Telefonaktiebolaget Lm Ericsson (Publ) Method and apparatus for secure content caching and delivery
WO2017081208A1 (en) * 2015-11-13 2017-05-18 Cassidian Cybersecurity Sas Method for securing and authenticating a telecommunication

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103763356A (en) * 2014-01-08 2014-04-30 深圳大学 Establishment method, device and system for connection of secure sockets layers
US20170099146A1 (en) * 2014-03-31 2017-04-06 EXILANT Technologies Private Limited Increased communication security
WO2017068399A1 (en) * 2015-10-23 2017-04-27 Telefonaktiebolaget Lm Ericsson (Publ) Method and apparatus for secure content caching and delivery
WO2017081208A1 (en) * 2015-11-13 2017-05-18 Cassidian Cybersecurity Sas Method for securing and authenticating a telecommunication
CN106060078A (en) * 2016-07-11 2016-10-26 浪潮(北京)电子信息产业有限公司 User information encryption method, user registration method and user validation method applied to cloud platform

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109189590A (en) * 2018-08-16 2019-01-11 黄疆 Memory management method and device based on RESTful service
CN110445809A (en) * 2019-09-03 2019-11-12 深圳绿米联创科技有限公司 Network attack detecting method, device, system, electronic equipment and storage medium
CN110826097A (en) * 2019-10-29 2020-02-21 维沃移动通信有限公司 Data processing method and electronic equipment
CN110912578A (en) * 2019-11-28 2020-03-24 耒阳市旗心电子科技有限公司 Communication method of portable communication equipment
CN111756738A (en) * 2020-06-24 2020-10-09 昆明东电科技有限公司 System framework for quickly constructing Web application, data processing method and system
CN112235277A (en) * 2020-10-09 2021-01-15 北京达佳互联信息技术有限公司 Resource request method, resource response method and related equipment
CN113872974A (en) * 2021-09-29 2021-12-31 深圳市微购科技有限公司 Method, server and computer-readable storage medium for network session encryption
CN114866303A (en) * 2022-04-26 2022-08-05 武昌理工学院 Anti-hijacking detection signal authentication method
CN114866303B (en) * 2022-04-26 2023-05-26 武昌理工学院 Anti-hijacking detection signal authentication method
CN117714216A (en) * 2024-02-06 2024-03-15 杭州城市大脑有限公司 Data unauthorized access control method based on encryption of multidimensional unique identification
CN117714216B (en) * 2024-02-06 2024-04-30 杭州城市大脑有限公司 Data unauthorized access control method based on encryption of multidimensional unique identification

Also Published As

Publication number Publication date
CN107360131B (en) 2020-02-07

Similar Documents

Publication Publication Date Title
CN107360131A (en) A kind of method, server and the system of the control of service request legitimacy
CN104113534B (en) The login system and method for application APP
US11521203B2 (en) Generating a cryptographic key based on transaction data of mobile payments
CN106612180B (en) Method and device for realizing session identification synchronization
EP2566204A1 (en) Authentication method and device, authentication centre and system
KR101982237B1 (en) Method and system for data sharing using attribute-based encryption in cloud computing
CN108111604A (en) Block chain common recognition methods, devices and systems, identification information treating method and apparatus
CN112000951B (en) Access method, device, system, electronic equipment and storage medium
CN107809317A (en) A kind of identity identifying method and system based on token digital signature
CN109347625B (en) Password operation method, work key creation method, password service platform and equipment
JP4256361B2 (en) Authentication management method and system
CN110659467A (en) Remote user identity authentication method, device, system, terminal and server
US9215064B2 (en) Distributing keys for decrypting client data
CN103201998A (en) Data processing for securing local resources in a mobile device
KR102162044B1 (en) The Method for User Authentication Based on Block Chain and The System Thereof
CN110311895B (en) Session permission verification method and system based on identity authentication and electronic equipment
CN110175466B (en) Security management method and device for open platform, computer equipment and storage medium
CN102916970B (en) Network-based PIN cache method
CN111753014B (en) Identity authentication method and device based on block chain
US20220417241A1 (en) Methods, Systems, and Devices for Server Control of Client Authorization Proof of Possession
CN110059458A (en) A kind of user password encryption and authentication method, apparatus and system
US20120102319A1 (en) System and Method for Reliably Authenticating an Appliance
CN114629713B (en) Identity verification method, device and system
CN108881280A (en) Cut-in method, content distribution network system and access system
CN104901967A (en) Registration method for trusted device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
PP01 Preservation of patent right

Effective date of registration: 20210922

Granted publication date: 20200207

PP01 Preservation of patent right