CN107360131A - A kind of method, server and the system of the control of service request legitimacy - Google Patents
A kind of method, server and the system of the control of service request legitimacy Download PDFInfo
- Publication number
- CN107360131A CN107360131A CN201710390926.XA CN201710390926A CN107360131A CN 107360131 A CN107360131 A CN 107360131A CN 201710390926 A CN201710390926 A CN 201710390926A CN 107360131 A CN107360131 A CN 107360131A
- Authority
- CN
- China
- Prior art keywords
- key
- time stamp
- ciphertext
- current time
- client
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0478—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
- H04L9/3213—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3297—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/121—Timestamp
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present invention relates to method, server and the system of a kind of service request legitimacy control.Client stores the front half section of integrity key, server storage integrity key, it is front half section and second half section respectively, client first carries out one-time authentication before service request is carried out to server, server returns to client after carrying out 2 encryptions according to integrity key and server timestamp after this authentication, client gets unique token and corresponding timestamp after reusing front half section secret key decryption and assembling integrity key, client maintenance timestamp is consistent with server timestamp by it, part of key can further prevent client to be cracked to obtain integrity key, and then improve security, the mode being encrypted using server time stamp, so that it also is difficult to be forged after the request of client is intercepted.
Description
Technical field
The present invention relates to communication security techniques.
Background technology
In Internet era, in today that WEB and app spread unchecked, the control of client request legitimacy shows more and more important,
Client request server will typically now be used, then server generation token (token) returns to client, and client is every
Secondary request takes the token.But so can be there is some security breaches, once token is crawled, then can forge please
Ask.
The content of the invention
For overcome the deficiencies in the prior art, an object of the present invention is to provide a kind of service request legitimacy control
Method, its can solve the problems, such as easily forge request.
The second object of the present invention is to provide a kind of server, and it can solve the problems, such as easily to forge request.
The third object of the present invention is to provide a kind of system, and it can solve the problems, such as easily to forge request.
One of to achieve these goals, the technical solution adopted in the present invention is as follows:
A kind of method of service request legitimacy control, it is applied to server, and the server storage has integrity key
And the mark and the corresponding relation of the integrity key, the integrity key of client include first key and the second key;
This method includes encrypting step and decryption step;
The encrypting step includes:
Receive the mark of client;
Unique token is generated, and association corresponding with the unique token is identified by described;
It is encrypted to obtain using combination of the integrity key corresponding with the mark to unique token and current time stamp A
First ciphertext;
It is encrypted to obtain the second ciphertext using combination of the first key to the first ciphertext and the second key;
Second ciphertext is sent to the client, so that second ciphertext is decrypted the client
To integrity key, unique token and current time stamp A, predicted time stamp is calculated according to current time stamp A, and using complete close
The combination that key stabs to unique token and predicted time is encrypted to obtain the 3rd ciphertext;
The decryption step includes:
Receive mark, the 3rd ciphertext and the service request of client;
The 3rd ciphertext is decrypted using integrity key corresponding with the mark, obtains unique token and prediction
Timestamp;
Predicted time stamp is obtained into fiducial value compared with current time stamp B;
When unique token is effective, and the fiducial value within a preset range when, respond the service request.
Preferably, the unique token is GUID.
Preferably, the first key is the front half section of integrity key, and the second key is the second half section of integrity key.
Preferably, " second ciphertext is decrypted to obtain the tool of integrity key, unique token and current time stamp A "
Body step is as follows:
The second ciphertext is decrypted using first key, obtains the first ciphertext and the second key;The first key is deposited
Storage is in the client;
First key and the second key are combined to obtain integrity key, the first ciphertext solved using integrity key
It is close, obtain unique token and current time stamp A.
Preferably, " second ciphertext is being decrypted to obtain integrity key, unique token and current time stamp A "
When, record current time stamp C;" the calculating predicted time stamp according to current time stamp A " specifically comprises the following steps:
In initiating business request, current time stamp D is subtracted into current time stamp C and obtains time difference E, by time difference E with
Current time stamp A sums to obtain the predicted time stamp.
To achieve these goals two, the technical solution adopted in the present invention is as follows:
A kind of server, it includes memory and processor;
The memory, for store integrity key, client mark and the corresponding relation of the integrity key and
Programmed instruction;Wherein, the integrity key includes first key and the second key;
The processor, for running described program instruction, to perform encrypting step and decryption step;
The encrypting step includes:
Receive the mark of client;
Unique token is generated, and association corresponding with the unique token is identified by described;
It is encrypted to obtain using combination of the integrity key corresponding with the mark to unique token and current time stamp A
First ciphertext;
It is encrypted to obtain the second ciphertext using combination of the first key to the first ciphertext and the second key;
Second ciphertext is sent to the client, so that second ciphertext is decrypted the client
To integrity key, unique token and current time stamp A, predicted time stamp is calculated according to current time stamp A, and using complete close
The combination that key stabs to unique token and predicted time is encrypted to obtain the 3rd ciphertext;
The decryption step includes:
Receive mark, the 3rd ciphertext and the service request of client;
The 3rd ciphertext is decrypted using integrity key corresponding with the mark, obtains unique token and prediction
Timestamp;
Predicted time stamp is obtained into fiducial value compared with current time stamp B;
When unique token is effective, and the fiducial value within a preset range when, respond the service request.
Preferably, " second ciphertext is decrypted to obtain the tool of integrity key, unique token and current time stamp A "
Body step is as follows:
The second ciphertext is decrypted using first key, obtains the first ciphertext and the second key;The first key is deposited
Storage is in the client;
First key and the second key are combined to obtain integrity key, the first ciphertext solved using integrity key
It is close, obtain unique token and current time stamp A.
Preferably, " second ciphertext is being decrypted to obtain integrity key, unique token and current time stamp A "
When, record current time stamp C;" the calculating predicted time stamp according to current time stamp A " specifically comprises the following steps:
In initiating business request, current time stamp D is subtracted into current time stamp C and obtains time difference E, by time difference E with
Current time stamp A sums to obtain the predicted time stamp.
To achieve these goals three, the technical solution adopted in the present invention is as follows:
A kind of system, it includes server and the client of network service, the server bag is used with the server
First memory and first processor are included, the client includes second memory and second processor;
The first memory, for store integrity key, client mark and the corresponding relation of the integrity key,
And first programmed instruction;Wherein, the integrity key includes first key and the second key;
The first processor, for running first programmed instruction, to perform encrypting step and decryption step;
The encrypting step includes:
Receive the mark of client;
Unique token is generated, and association corresponding with the unique token is identified by described;
It is encrypted to obtain using combination of the integrity key corresponding with the mark to unique token and current time stamp A
First ciphertext;
It is encrypted to obtain the second ciphertext using combination of the first key to the first ciphertext and the second key;
Second ciphertext is sent to the client;
The decryption step includes:
Receive mark, the 3rd ciphertext and the service request of client;
The 3rd ciphertext is decrypted using integrity key corresponding with the mark, obtains unique token and prediction
Timestamp;
Predicted time stamp is obtained into fiducial value compared with current time stamp B;
When unique token is effective, and the fiducial value within a preset range when, respond the service request;
The second memory, for storing the second programmed instruction;
The second processor, for running second programmed instruction, to perform following steps:
Second ciphertext is decrypted to obtain integrity key, unique token and current time stamp A;
In initiating business request, predicted time stamp is calculated according to current time stamp A, and using integrity key to unique
The combination of token and predicted time stamp is encrypted to obtain the 3rd ciphertext;
3rd ciphertext, mark and the service request are sent to the server.
The second memory is additionally operable to store first key;Wherein, " second ciphertext is decrypted to obtain completely
Key, unique token and current time stamp A " are comprised the following steps that:
The second ciphertext is decrypted using first key, obtains the first ciphertext and the second key;
First key and the second key are combined to obtain integrity key, the first ciphertext solved using integrity key
It is close, obtain unique token and current time stamp A.
Preferably, " second ciphertext is being decrypted to obtain integrity key, unique token and current time stamp A "
When, record current time stamp C;" the calculating predicted time stamp according to current time stamp A " specifically comprises the following steps:
Current time stamp D is subtracted into current time stamp C and obtains time difference E, time difference E and current time stamp A are summed
Stabbed to the predicted time.
Compared with prior art, the beneficial effects of the present invention are:
Segmented key and server timestamp are combined and are applied in communication, so as to be effectively controlled client
Access rights, allow forge ask difficulty it is very big.
Brief description of the drawings
Fig. 1 is the structural representation of the server of the embodiment of the present invention two;
Fig. 2 is the structural representation of the system of the embodiment of the present invention three;
Fig. 3 is the interaction process schematic flow sheet of the system of the embodiment of the present invention three.
Embodiment
Below, with reference to accompanying drawing and embodiment, the present invention is described further:
Embodiment one
The present embodiment proposes a kind of method of service request legitimacy control, and it is applied to server, the server
The mark and the corresponding relation of the integrity key of integrity key and client are stored with, it is close that the integrity key includes first
Key and the second key.The mark of the present embodiment preferably uses the machine code of client.The first key of the present embodiment is preferably
The front half section of integrity key, the second key are preferably the second half section of integrity key, certainly, according to the demand of setting, first key
Can be the value of the odd positions of integrity key permutation and combination after value, the second key can be the even number position of integrity key
Value permutation and combination after value, or integrity key can be formed using other modes.
The server of the present embodiment is communicated with client by network.The network can be wireless network or wired
Network.Client can be mobile phone, financial terminal etc..It is preferably provided with client and the time synchronized of server.Client stores
There is first key.
The method of the present embodiment specifically includes encrypting step and decryption step;
The encrypting step specifically includes:
Step A1, the mark of client is received;
Step A2, unique token is generated according to preset rules, and association corresponding with the unique token is identified by described;Only
One token is not reproducible, preferably using GUID (GUID);
Step A3, carried out using combination of the integrity key corresponding with the mark to unique token and current time stamp A
Encryption obtains the first ciphertext;The current time stamp A refers to current time of the server in this step;
Step A4, it is encrypted to obtain the second ciphertext using combination of the first key to the first ciphertext and the second key;
Step A5, second ciphertext is sent to the client, so that the client is entered to second ciphertext
Row decryption obtains integrity key, unique token and current time stamp A, calculates predicted time stamp according to current time stamp A, and adopt
The combination stabbed with integrity key to unique token and predicted time is encrypted to obtain the 3rd ciphertext.
Wherein, " second ciphertext is decrypted to obtain the specific of integrity key, unique token and current time stamp A "
Step is as follows:
The second ciphertext is decrypted using first key, obtains the first ciphertext and the second key;
First key and the second key are combined to obtain integrity key, the first ciphertext solved using integrity key
It is close, obtain unique token and current time stamp A.
" when being decrypted to obtain integrity key, unique token and current time stamp A " to second ciphertext, recording and working as
Preceding timestamp C;" the calculating predicted time stamp according to current time stamp A " specifically comprises the following steps:
In initiating business request, current time stamp D is subtracted into current time stamp C and obtains time difference E, by time difference E with
Current time stamp A sums to obtain the predicted time stamp.Current time stamp D refers to current time of the client in this step.
The decryption step specifically includes:
Step B1, step receives mark, the 3rd ciphertext and the service request of client;
Step B2, the 3rd ciphertext is decrypted using integrity key corresponding with the mark, uniquely made
Board and predicted time stamp;
Step B3, predicted time stamp is obtained into fiducial value compared with current time stamp B;The current time stamp
B refers to current time of the server in this step;
Step B4, when unique token is effective, and the fiducial value within a preset range when, respond the service request.Only
One token is effectively referred to according to the corresponding unique token for associating out step A2 storages of the mark, by step A2 unique order
Board is compared with the unique token of this step, if unanimously, then it is assumed that effectively.The preset range can be 0-2 seconds, 0-5 seconds
Deng can be configured according to client or the disposal ability of server, business processing amount.
Embodiment two
As shown in Fig. 2 present embodiment discloses a kind of server, it includes memory and processor.The memory, use
In storage integrity key, the mark of client and the corresponding relation and programmed instruction of the integrity key;Wherein, it is described complete
Whole key includes first key and the second key;The processor, for running described program instruction, retouched with performing embodiment one
The encrypting step and decryption step stated.It will not be repeated here.
Embodiment three
As shown in figure 3, a kind of system, it includes server and the client of network service, institute is used with the server
Stating server includes first memory and first processor, and the client includes second memory and second processor.
The first memory, for store integrity key, client mark and the corresponding relation of the integrity key,
And first programmed instruction;Wherein, the integrity key includes first key and the second key;The first processor, is used for
First programmed instruction is run, to perform step as shown in Figure 3.
The second memory, for storing the second programmed instruction and first key;The second processor, for transporting
Row second programmed instruction, to perform step as shown in Figure 3.
As shown in figure 3, it is described in detail with the interaction flow of server and client.
First, client terminal start-up is asked:
Step S01, verification request is sent, the mark of client is included in verification request;
2nd, server authenticates for the first time:
Step C01, after receiving verification request, the mark of client is obtained;
Step C02, verify client-side information after, according to preset rules generate unique token, and by it is described mark with it is described
Unique token is corresponding to be associated;
Step C03, unique token and current time stamp A are combined, using integrity key corresponding with the mark to only
The combination of one token and current time stamp A is encrypted to obtain the first ciphertext;
Step C04, the first ciphertext and the second key are combined, using first key to the first ciphertext and the second key
Combination be encrypted to obtain the second ciphertext;
Step C05, second ciphertext is sent to the client;
3rd, client lifts service request:
Step S02, the second ciphertext is decrypted using first key, obtains the first ciphertext and the second key;
Step S03, first key and the second key are combined to obtain integrity key, it is close to first using integrity key
Text is decrypted, and obtains unique token and current time stamp A.
Step S04, unique token and current time stamp A are preserved, and records current time stamp C;
Step S05, in initiating business request, current time stamp D is subtracted into current time stamp C and obtains time difference E, will
Time difference E and current time stamp A sums to obtain predicted time stamp, and unique token and predicted time are stabbed using integrity key
Combination is encrypted to obtain the 3rd ciphertext, and the 3rd ciphertext, mark and the service request are sent to the server.
4th, server response service request:
Step C06, mark, the 3rd ciphertext and the service request of client are received;Correspondingly associated out completely according to the mark
Key, if taking less than corresponding integrity key, it is not legal client to return to client, if integrity key can be obtained,
The 3rd ciphertext is decrypted using integrity key corresponding with the mark, obtains unique token and predicted time stamp,
If integrity key can not be decrypted to the 3rd ciphertext, client validation failure is returned, verification request is restarted by client;
Step C07, predicted time stamp is obtained into fiducial value compared with current time stamp B, if unique token has
Effect, and the fiducial value within a preset range when, then respond the service request, carry out normal business processing;If unique order
Board is invalid, or the fiducial value not within a preset range when, then return client validation failure, school is restarted by client
Test request.The present embodiment and the identical term of embodiment one, then explain, will not be repeated here using with the identical of embodiment one.
In general, the general principle of embodiment one to three is:Client stores the front half section of integrity key, server
Integrity key is store, is front half section and second half section respectively, client is first carried out once before service request is carried out to server
Checking, server return to client, client after carrying out 2 encryptions according to integrity key and server timestamp after this authentication
Unique token and corresponding timestamp, client maintenance are got after reusing front half section secret key decryption and assembling integrity key
Timestamp is consistent with server timestamp by it, and part of key (front half section or second half section) further can prevent client to be cracked
Integrity key is obtained, and then improves security, the mode being encrypted using server time stamp so that the request quilt of client
It also is difficult to be forged after interception.
It will be apparent to those skilled in the art that technical scheme that can be as described above and design, make other various
Corresponding change and deformation, and all these changes and deformation should all belong to the protection domain of the claims in the present invention
Within.
Claims (10)
1. a kind of method of service request legitimacy control, it is applied to server, it is characterised in that the server storage has
The mark and the corresponding relation of the integrity key of integrity key and client, the integrity key include first key and the
Two keys;
This method includes encrypting step and decryption step;
The encrypting step includes:
Receive the mark of client;
Unique token is generated, and association corresponding with the unique token is identified by described;
It is encrypted to obtain first using combination of the integrity key corresponding with the mark to unique token and current time stamp A
Ciphertext;
It is encrypted to obtain the second ciphertext using combination of the first key to the first ciphertext and the second key;
Second ciphertext is sent to the client, so that the client is decrypted to have obtained to second ciphertext
Whole key, unique token and current time stamp A, predicted time stamp is calculated according to current time stamp A, and use integrity key pair
The combination of unique token and predicted time stamp is encrypted to obtain the 3rd ciphertext;
The decryption step includes:
Receive mark, the 3rd ciphertext and the service request of client;
The 3rd ciphertext is decrypted using integrity key corresponding with the mark, obtains unique token and predicted time
Stamp;
Predicted time stamp is obtained into fiducial value compared with current time stamp B;
When unique token is effective, and the fiducial value within a preset range when, respond the service request.
2. the method as described in claim 1, it is characterised in that the unique token is GUID.
3. the method as described in claim 1, it is characterised in that the first key is the front half section of integrity key, and second is close
Key is the second half section of integrity key.
4. the method as described in claim 1, it is characterised in that " be decrypted to obtain integrity key, only to second ciphertext
One token and current time stamp A's " comprises the following steps that:
The second ciphertext is decrypted using first key, obtains the first ciphertext and the second key;The first key is stored in
In the client;
First key and the second key are combined to obtain integrity key, the first ciphertext are decrypted using integrity key,
Obtain unique token and current time stamp A.
5. method as claimed in claim 4, it is characterised in that " second ciphertext is decrypted to obtain integrity key,
Unique token and during current time stamp A ", records current time stamp C;It is described " predicted time to be calculated according to current time stamp A
Stamp " specifically comprises the following steps:
In initiating business request, current time stamp D is subtracted into current time stamp C and obtains time difference E, by time difference E and currently
Timestamp A sums to obtain the predicted time stamp.
6. a kind of server, it is characterised in that including memory and processor;
The memory, for storing integrity key, the mark of client and the corresponding relation and program of the integrity key
Instruction;Wherein, the integrity key includes first key and the second key;
The processor, for running described program instruction, to perform encrypting step and decryption step;
The encrypting step includes:
Receive the mark of client;
Unique token is generated, and association corresponding with the unique token is identified by described;
It is encrypted to obtain first using combination of the integrity key corresponding with the mark to unique token and current time stamp A
Ciphertext;
It is encrypted to obtain the second ciphertext using combination of the first key to the first ciphertext and the second key;
Second ciphertext is sent to the client, so that the client is decrypted to have obtained to second ciphertext
Whole key, unique token and current time stamp A, predicted time stamp is calculated according to current time stamp A, and use integrity key pair
The combination of unique token and predicted time stamp is encrypted to obtain the 3rd ciphertext;
The decryption step includes:
Receive mark, the 3rd ciphertext and the service request of client;
The 3rd ciphertext is decrypted using integrity key corresponding with the mark, obtains unique token and predicted time
Stamp;
Predicted time stamp is obtained into fiducial value compared with current time stamp B;
When unique token is effective, and the fiducial value within a preset range when, respond the service request.
7. server as claimed in claim 6, it is characterised in that " second ciphertext is decrypted to obtain integrity key,
Unique token and current time stamp A's " comprises the following steps that:
The second ciphertext is decrypted using first key, obtains the first ciphertext and the second key;The first key is stored in
In the client;
First key and the second key are combined to obtain integrity key, the first ciphertext are decrypted using integrity key,
Obtain unique token and current time stamp A.
8. server as claimed in claim 7, it is characterised in that " be decrypted to obtain to second ciphertext complete close
When key, unique token and current time stamp A ", current time stamp C is recorded;It is described " when calculating prediction according to current time stamp A
Between stab " specifically comprise the following steps:
In initiating business request, current time stamp D is subtracted into current time stamp C and obtains time difference E, by time difference E and currently
Timestamp A sums to obtain the predicted time stamp.
9. a kind of system, it includes server and the client of network service is used with the server, and the server includes
First memory and first processor, the client include second memory and second processor;Characterized in that,
The first memory, for store integrity key, client mark and the corresponding relation of the integrity key and
First programmed instruction;Wherein, the integrity key includes first key and the second key;
The first processor, for running first programmed instruction, to perform encrypting step and decryption step;
The encrypting step includes:
Receive the mark of client;
Unique token is generated, and association corresponding with the unique token is identified by described;
It is encrypted to obtain first using combination of the integrity key corresponding with the mark to unique token and current time stamp A
Ciphertext;
It is encrypted to obtain the second ciphertext using combination of the first key to the first ciphertext and the second key;
Second ciphertext is sent to the client;
The decryption step includes:
Receive mark, the 3rd ciphertext and the service request of client;
The 3rd ciphertext is decrypted using integrity key corresponding with the mark, obtains unique token and predicted time
Stamp;
Predicted time stamp is obtained into fiducial value compared with current time stamp B;
When unique token is effective, and the fiducial value within a preset range when, respond the service request;
The second memory, for storing the second programmed instruction;
The second processor, for running second programmed instruction, to perform following steps:
Second ciphertext is decrypted to obtain integrity key, unique token and current time stamp A;
In initiating business request, predicted time stamp is calculated according to current time stamp A, and using integrity key to unique token
Combination with predicted time stamp is encrypted to obtain the 3rd ciphertext;
3rd ciphertext, mark and the service request are sent to the server.
10. system as claimed in claim 9, it is characterised in that the second memory is additionally operable to store first key;Its
In, " second ciphertext is decrypted to obtain integrity key, unique token and current time stamp A " and comprised the following steps that:
The second ciphertext is decrypted using first key, obtains the first ciphertext and the second key;
First key and the second key are combined to obtain integrity key, the first ciphertext are decrypted using integrity key,
Obtain unique token and current time stamp A.
" when being decrypted to obtain integrity key, unique token and current time stamp A " to second ciphertext, when recording current
Between stab C;" the calculating predicted time stamp according to current time stamp A " specifically comprises the following steps:
Current time stamp D is subtracted into current time stamp C and obtains time difference E, time difference E and current time stamp A are summed to obtain institute
State predicted time stamp.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710390926.XA CN107360131B (en) | 2017-05-27 | 2017-05-27 | Method, server and system for controlling validity of service request |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710390926.XA CN107360131B (en) | 2017-05-27 | 2017-05-27 | Method, server and system for controlling validity of service request |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107360131A true CN107360131A (en) | 2017-11-17 |
CN107360131B CN107360131B (en) | 2020-02-07 |
Family
ID=60271630
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710390926.XA Active CN107360131B (en) | 2017-05-27 | 2017-05-27 | Method, server and system for controlling validity of service request |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107360131B (en) |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109189590A (en) * | 2018-08-16 | 2019-01-11 | 黄疆 | Memory management method and device based on RESTful service |
CN110445809A (en) * | 2019-09-03 | 2019-11-12 | 深圳绿米联创科技有限公司 | Network attack detecting method, device, system, electronic equipment and storage medium |
CN110826097A (en) * | 2019-10-29 | 2020-02-21 | 维沃移动通信有限公司 | Data processing method and electronic equipment |
CN110912578A (en) * | 2019-11-28 | 2020-03-24 | 耒阳市旗心电子科技有限公司 | Communication method of portable communication equipment |
CN111756738A (en) * | 2020-06-24 | 2020-10-09 | 昆明东电科技有限公司 | System framework for quickly constructing Web application, data processing method and system |
CN112235277A (en) * | 2020-10-09 | 2021-01-15 | 北京达佳互联信息技术有限公司 | Resource request method, resource response method and related equipment |
CN113872974A (en) * | 2021-09-29 | 2021-12-31 | 深圳市微购科技有限公司 | Method, server and computer-readable storage medium for network session encryption |
CN114866303A (en) * | 2022-04-26 | 2022-08-05 | 武昌理工学院 | Anti-hijacking detection signal authentication method |
CN117714216A (en) * | 2024-02-06 | 2024-03-15 | 杭州城市大脑有限公司 | Data unauthorized access control method based on encryption of multidimensional unique identification |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103763356A (en) * | 2014-01-08 | 2014-04-30 | 深圳大学 | Establishment method, device and system for connection of secure sockets layers |
CN106060078A (en) * | 2016-07-11 | 2016-10-26 | 浪潮(北京)电子信息产业有限公司 | User information encryption method, user registration method and user validation method applied to cloud platform |
US20170099146A1 (en) * | 2014-03-31 | 2017-04-06 | EXILANT Technologies Private Limited | Increased communication security |
WO2017068399A1 (en) * | 2015-10-23 | 2017-04-27 | Telefonaktiebolaget Lm Ericsson (Publ) | Method and apparatus for secure content caching and delivery |
WO2017081208A1 (en) * | 2015-11-13 | 2017-05-18 | Cassidian Cybersecurity Sas | Method for securing and authenticating a telecommunication |
-
2017
- 2017-05-27 CN CN201710390926.XA patent/CN107360131B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103763356A (en) * | 2014-01-08 | 2014-04-30 | 深圳大学 | Establishment method, device and system for connection of secure sockets layers |
US20170099146A1 (en) * | 2014-03-31 | 2017-04-06 | EXILANT Technologies Private Limited | Increased communication security |
WO2017068399A1 (en) * | 2015-10-23 | 2017-04-27 | Telefonaktiebolaget Lm Ericsson (Publ) | Method and apparatus for secure content caching and delivery |
WO2017081208A1 (en) * | 2015-11-13 | 2017-05-18 | Cassidian Cybersecurity Sas | Method for securing and authenticating a telecommunication |
CN106060078A (en) * | 2016-07-11 | 2016-10-26 | 浪潮(北京)电子信息产业有限公司 | User information encryption method, user registration method and user validation method applied to cloud platform |
Cited By (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109189590A (en) * | 2018-08-16 | 2019-01-11 | 黄疆 | Memory management method and device based on RESTful service |
CN110445809A (en) * | 2019-09-03 | 2019-11-12 | 深圳绿米联创科技有限公司 | Network attack detecting method, device, system, electronic equipment and storage medium |
CN110826097A (en) * | 2019-10-29 | 2020-02-21 | 维沃移动通信有限公司 | Data processing method and electronic equipment |
CN110912578A (en) * | 2019-11-28 | 2020-03-24 | 耒阳市旗心电子科技有限公司 | Communication method of portable communication equipment |
CN111756738A (en) * | 2020-06-24 | 2020-10-09 | 昆明东电科技有限公司 | System framework for quickly constructing Web application, data processing method and system |
CN112235277A (en) * | 2020-10-09 | 2021-01-15 | 北京达佳互联信息技术有限公司 | Resource request method, resource response method and related equipment |
CN113872974A (en) * | 2021-09-29 | 2021-12-31 | 深圳市微购科技有限公司 | Method, server and computer-readable storage medium for network session encryption |
CN114866303A (en) * | 2022-04-26 | 2022-08-05 | 武昌理工学院 | Anti-hijacking detection signal authentication method |
CN114866303B (en) * | 2022-04-26 | 2023-05-26 | 武昌理工学院 | Anti-hijacking detection signal authentication method |
CN117714216A (en) * | 2024-02-06 | 2024-03-15 | 杭州城市大脑有限公司 | Data unauthorized access control method based on encryption of multidimensional unique identification |
CN117714216B (en) * | 2024-02-06 | 2024-04-30 | 杭州城市大脑有限公司 | Data unauthorized access control method based on encryption of multidimensional unique identification |
Also Published As
Publication number | Publication date |
---|---|
CN107360131B (en) | 2020-02-07 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107360131A (en) | A kind of method, server and the system of the control of service request legitimacy | |
CN104113534B (en) | The login system and method for application APP | |
US11521203B2 (en) | Generating a cryptographic key based on transaction data of mobile payments | |
CN106612180B (en) | Method and device for realizing session identification synchronization | |
EP2566204A1 (en) | Authentication method and device, authentication centre and system | |
KR101982237B1 (en) | Method and system for data sharing using attribute-based encryption in cloud computing | |
CN108111604A (en) | Block chain common recognition methods, devices and systems, identification information treating method and apparatus | |
CN112000951B (en) | Access method, device, system, electronic equipment and storage medium | |
CN107809317A (en) | A kind of identity identifying method and system based on token digital signature | |
CN109347625B (en) | Password operation method, work key creation method, password service platform and equipment | |
JP4256361B2 (en) | Authentication management method and system | |
CN110659467A (en) | Remote user identity authentication method, device, system, terminal and server | |
US9215064B2 (en) | Distributing keys for decrypting client data | |
CN103201998A (en) | Data processing for securing local resources in a mobile device | |
KR102162044B1 (en) | The Method for User Authentication Based on Block Chain and The System Thereof | |
CN110311895B (en) | Session permission verification method and system based on identity authentication and electronic equipment | |
CN110175466B (en) | Security management method and device for open platform, computer equipment and storage medium | |
CN102916970B (en) | Network-based PIN cache method | |
CN111753014B (en) | Identity authentication method and device based on block chain | |
US20220417241A1 (en) | Methods, Systems, and Devices for Server Control of Client Authorization Proof of Possession | |
CN110059458A (en) | A kind of user password encryption and authentication method, apparatus and system | |
US20120102319A1 (en) | System and Method for Reliably Authenticating an Appliance | |
CN114629713B (en) | Identity verification method, device and system | |
CN108881280A (en) | Cut-in method, content distribution network system and access system | |
CN104901967A (en) | Registration method for trusted device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
PP01 | Preservation of patent right |
Effective date of registration: 20210922 Granted publication date: 20200207 |
|
PP01 | Preservation of patent right |