CN108965230A - A kind of safety communicating method, system and terminal device - Google Patents

A kind of safety communicating method, system and terminal device Download PDF

Info

Publication number
CN108965230A
CN108965230A CN201810436553.XA CN201810436553A CN108965230A CN 108965230 A CN108965230 A CN 108965230A CN 201810436553 A CN201810436553 A CN 201810436553A CN 108965230 A CN108965230 A CN 108965230A
Authority
CN
China
Prior art keywords
server
jwt
client
request
signature value
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810436553.XA
Other languages
Chinese (zh)
Other versions
CN108965230B (en
Inventor
黄佳鹏
何鹏程
方春冬
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Citic Network Security Certification Co Ltd
Original Assignee
Shenzhen Citic Network Security Certification Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Citic Network Security Certification Co Ltd filed Critical Shenzhen Citic Network Security Certification Co Ltd
Priority to CN201810436553.XA priority Critical patent/CN108965230B/en
Publication of CN108965230A publication Critical patent/CN108965230A/en
Application granted granted Critical
Publication of CN108965230B publication Critical patent/CN108965230B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)
  • Computer And Data Communications (AREA)

Abstract

The application is suitable for field of communication technology, provide a kind of safety communicating method, system and terminal device, it include: the logging request for receiving client and sending, identity security token JWT is generated according to the logging request, the JWT and the server-side public key are sent to the client, to indicate that the client generates signature value;The service request that the client is sent is received, the JWT and the signature value are verified;If the two passes through verifying, the request data of the service request is returned to the client.By the JWT for generating encryption, and when client sends service request to server-side every time, server-side is sent to using the JWT as a part of service request, establish an information security channel, to guarantee the safety of data transmission, third party's stealing or distorting to data is prevented, server-side verifies JWT therein and signature value to the service request received, it is ensured that requests the legitimacy of certification.

Description

A kind of safety communicating method, system and terminal device
Technical field
The application belongs to field of communication technology more particularly to a kind of safety communicating method, system and terminal device.
Background technique
When accessing server by customer end, generally require to carry out communication authentication, currently used communication authentication to login process It is an open authorization criteria that method, which has OAuth or Basic Auth etc., OAuth, it allows user that third-party application is allowed to visit The resource (such as photo, video, contacts list) for asking the secret that the user stores on a certain web services, without by user Name and password are supplied to third-party application.But it only allows user that third party website can be authorized to access them and is stored in other clothes Certain specific informations of business supplier, rather than all the elements.Basic Auth then requires to provide user in request API every time The login password of name and user, therefore, it is very easy to which the information such as the username and password of user are exposed to third-party client End.Secure communication between the client and server of user cannot ensure.
Summary of the invention
In view of this, the embodiment of the present application provides a kind of safety communicating method, system and terminal device, it is existing to solve The problem of client and the safety of data transmission in server communication process cannot ensure in technology.
The first aspect of the embodiment of the present application provides a kind of safety communicating method, and the safety communicating method includes:
The logging request that client is sent is received, identity security token JWT, the JWT are generated according to the logging request In load data have been subjected to encryption;
The JWT and the server-side public key are sent to the client, to indicate that the client generates signature value;
Receive the service request that the client is sent, include the JWT and the signature value in the service request with And request data;
Verify the JWT and the signature value;
If the two passes through verifying, the request data of the service request is returned to the client.
The second aspect of the embodiment of the present application provides a kind of safety communicating method, and the safety communicating method includes:
Logging request is sent to server-side;
JWT and the server-side public key that the server-side is sent are received, the JWT is that the server-side is stepped on according to Record request generates;
Signature value is generated according to the public key for stating server-side;
Service request is sent to the server-side, indicates that the server-side verifies the service request.The clothes It include the JWT, the signature value and request data in business request;
Receive the request data that the server-side is sent.
The third aspect of the embodiment of the present application provides a kind of safe communication system, and the safe communication system includes: clothes Business end and client;
The server-side includes:
Receiving unit generates identity security according to the logging request and enables for receiving the logging request of client transmission Load data in board JWT, the JWT has been subjected to encryption;It is also used to receive the service request that the client is sent, institute State includes the JWT and the signature value and request data in service request;
Transmission unit, for sending the JWT and the server-side public key to the client, to indicate the client Generate signature value;
Authentication unit, for verifying the JWT and the signature value;If the two passes through verifying, to the client Return to the request data of the service request.
The client includes:
Request transmitting unit, for sending logging request to server-side;It is also used to send service request to the server-side, Indicate that the server-side verifies the service request.Comprising the JWT, the signature value and asking in the service request Seek data;
Generation unit, the public key for stating server-side according to generate signature value;
Data receipt unit, the JWT and the server-side public key sent for receiving the server-side, the JWT is institute Server-side is stated to be generated according to the logging request;It is also used to receive the request data that the server-side is sent.
The fourth aspect of the embodiment of the present application provides a kind of terminal device, including memory, processor and is stored in In the memory and the computer program that can run on the processor, when the processor executes the computer program It realizes such as the step of any one of safety communicating method the method.
5th aspect of the embodiment of the present application provides a kind of computer readable storage medium, the computer-readable storage Media storage has computer program, is realized when the computer program is executed by processor as any in the safety communicating method The step of item the method.
Client is with server-side when being communicated in embodiment provided by the present application, and server-side is according to the login of client Request generates the identity security token JWT of encryption, the JWT and server-side public key is sent collectively to client, so that client End generates signature value when sending service request to server-side, and server-side receives the service request that client is sent, and to described The JWT and signature value for including in service request are verified, if the two is verified, it is requested to return to its to client Data.Pass through the JWT for generating encryption during this, and when client sends service request to server-side every time, it will be described JWT is sent to server-side as a part of service request, establishes an information security channel, to guarantee the peace of data transmission Quan Xing, prevents third party's stealing or distorting to data, and server-side verifies JWT and signature therein to the service request received Value, it is ensured that request the legitimacy of certification.
Detailed description of the invention
It in order to more clearly explain the technical solutions in the embodiments of the present application, below will be to embodiment or description of the prior art Needed in attached drawing be briefly described, it should be apparent that, the accompanying drawings in the following description is only some of the application Embodiment for those of ordinary skill in the art without any creative labor, can also be according to these Attached drawing obtains other attached drawings.
Fig. 1 is the implementation process schematic diagram of safety communicating method provided by the embodiments of the present application;
Fig. 2 is the implementation process schematic diagram for the safety communicating method that another embodiment of the application provides;
Fig. 3 is the schematic diagram of safe communication system provided by the embodiments of the present application;
Fig. 4 is the schematic diagram of terminal device provided by the embodiments of the present application.
Specific embodiment
In being described below, for illustration and not for limitation, the tool of such as particular system structure, technology etc is proposed Body details, so as to provide a thorough understanding of the present application embodiment.However, it will be clear to one skilled in the art that there is no these specific The application also may be implemented in the other embodiments of details.In other situations, it omits to well-known system, device, electricity The detailed description of road and method, so as not to obscure the description of the present application with unnecessary details.
Client is with server-side when being communicated in embodiment provided by the present application, and server-side is according to the login of client Request generates the identity security token JWT of encryption, the JWT and server-side public key is sent collectively to client, so that client End generates signature value when sending service request to server-side, and server-side receives the service request that client is sent, and to described The JWT and signature value for including in service request are verified, if the two is verified, it is requested to return to its to client Data.
In order to illustrate technical solution described herein, the following is a description of specific embodiments.
Embodiment one:
Fig. 1 shows a kind of implementation process schematic diagram of safety communicating method provided by the embodiments of the present application, and details are as follows:
Step S11, server-side receive the logging request that client is sent, and generate identity security according to the logging request and enable Load data in board JWT, the JWT has been subjected to encryption;
Client sends logging request to server-side in embodiment provided by the present application, includes client in the logging request The public key of the user name at end, login password and client;The public key of the client sends to server-side in client and logs in It is generated before request by Diffie-Hellman algorithm, while generating the private of client by Diffie-Hellman algorithm Key.The identity security token (Json Web Token, JWT) includes head, load and signature.
It is further, described that identity security token JWT is generated according to the logging request, comprising:
The log-on message of the client is obtained according to the logging request;
The log-on message is encrypted, the signature of identity security token JWT is obtained;
Described in the Encryption Algorithm used according to the signature, the load data and when encrypting the log-on message generates JWT。
In the step according to the logging request obtain log-on message, the log-on message include client user name, It further include the contents such as the term of validity of JWT except login password and the public key of client.The JWT include head, load with And signature.Obtain the signature section of JWT after encrypting the head and the load data, then according to signature section, described step on The Encryption Algorithm used when record information and the encryption log-on message generates JWT.
It is exemplified below:
The head of JWT is used to describe the most basic information of the JWT, such as algorithm used in the type or signature of JWT, shape Such as:
"typ":"JWT",
"alg":"HS256"
}
I.e. above-mentioned is a JSON object, and used signature algorithm is HS256 algorithm, encodes it to Base64 to be carried out Character string afterwards is just at the head (Header) of JWT:
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9
The load includes the log-on message in logging request, such as the term of validity of label originator (i.e. user name), JWT; A JSON object is described it as first, such as:
{
"iss":"Alice",
"iat":1522292400,
"exp":1522294200,
"aud":"www.example.com",
"sub":"Alice@example",
"from_user":"B",
"target_user":"A"
}
First five field is as defined in the standard of JWT, iss: indicating the label originator of JWT;Sub: indicate JWT towards User;Aud: it indicates to receive a side of the JWT;Exp (expires): indicating the term of validity of JWT, when being a Unix Between stab;Iat (issued at): indicate that the JWT's signs and issues the time.JSON object progress [base64 coding] is obtained Following character string.The character string is referred to as the load (Payload) of JWT.
eyJpc3MiOiJBbGljZSIsImlhdCI6MTUyMjI5MjQwMCwiZXhwIjoxNTIyMjk0MjAwLCJhdWQiOiJ3d 3cuZXhhbXBsZS5jb20iLCJzdWIiOiJhbGljZUBleGFtcGxlL MNvbSIsImZyb21fdXNlciI6IkIiLCJ0YXJnZXRfdXNlciI6IkEifQ==
It signs (signature)
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJmcm9tX3VzZXIiOiJCIiwidG FyZ2V0X3VzZXIiOiJBIn0
The character string spliced above is encrypted with HS256 algorithm.Obtain encrypted content: This part of rSWamyAYwuHCo7IFAgd1oRpSP7nzL7BF5t7ItqpKViM, which is called, does signature section.
The character string of the last signature section is also spliced behind the character string being signed, complete to finally obtain JWT:
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJmcm9tX3VzZXIiOiJCIiwidG FyZ2V0X3VzZXIiOiJBIn0.rSWamyAYwuHCo7IFAgd1oRpSP7nzL7BF5t7ItqpKV iM
Step S12, sends the JWT and the server-side public key to the client, with indicate the client to The server-side generates signature value when sending service request;
In the step, JWT generated and server public key are sent the client by server-side, so that the client End is generating signature value according to the server-side public key whenever necessary, and when sending service request to server-side by the JWT It is sent to server-side together included in service request.
Further, the server-side public key and server-side private key are generated according to Diffie-Hellman algorithm.
Step S13 receives the service request that user is sent by the client, includes described in the service request JWT and the signature value and request data;
Server-side receives the service request that client is sent in embodiment provided by the present application, includes in the service request Signature value that JWT that client is received from server-side, client are generated according to the local key of client and this time client The request data at end.The local key of the client is generated according to client private key and server-side public key, the client Local key is identical as the local key of server-side, and the local key of the server-side is according to the server-side private key and client Public key generates.
Further, identical algorithm can be used when generating respective local key in client and server-side.
In order to avoid the leakage of key needed for client signature and server-side verifying signature in the step, when formulation logs in Arranging key rule, negotiates the key with server-side when client is logged in, key agreement then uses Diffie-Hellman close Key exchange algorithm arranging key.Making communicating pair by exchanging respective public key by the algorithm, to generate shared local close Key.
Step S14 verifies the JWT and the signature value;
Server-side obtains JWT and signature value therein, by described to the service request received in the embodiment of the present application JWT to client identity, whether be that effective information such as log in are verified, pass through the conjunction of the label name-value pair this time service request Method is verified.
Further, the verifying JWT and the signature value, comprising:
Parse the JWT for including in the service request and signature value;
Whether the identity for verifying the user according to the JWT is legal and whether the client logs in the server Time-out;
If the identity of the user is legal and the client login server has not timed out, according to the server-side Local key authentication described in signature value it is whether legal, wherein the local key of the server-side is according to the server-side private key It is generated with the client public key.
In the step, server parses JWT and signature value respectively from the service request received, first passes through JWT pairs Whether the identity of user legal and the client logs in the server whether time-out is verified, if the two verifying is logical It crosses, is then verified again by the legitimacy of the local key pair signature value of server-side.
Further, according to the local key authentication institute of the server-side described in another embodiment provided by the present application Whether legal state signature value, comprising:
According to the service request obtain this time request relevant information, the relevant information include request message content, One of request method, request API, random number, timestamp are a variety of;
The local key of the relevant information and the server-side is combined, the first combined result is obtained;
Sign test is carried out to the signature value by the sign test method in SM3 algorithm according to first combined result, with true Whether the fixed signature value is legal.
In the step, server-side receive request after according to the JWT acquisition request message content, request method, request One of API, random number, timestamp or a variety of relevant informations;By the local key of server-side and the relevant information According to " body: request message Nei Rong &httpMethod: Qing Qiufangshi &httpURI: request API&nonce: random number & SecretKey: local Mi Yao &timestamp: timestamp " rule is combined, and obtains the first combined result, and described first Combined result carries out signature value verifying by the sign test method in SM3 algorithm, finally to determine the service request of client transmission It is whether legal.
Step S15 returns to the request content of the service request to the client if the two passes through verifying.
In embodiment provided by the present application, if the signature value that the JWT and client are sent passes through verifying, illustrate The client this service request be legitimate request therefore it is sent to client according to the service request and is requested Data.
Client is with server-side when being communicated in embodiment provided by the present application, and server-side is according to the login of client Request generates the identity security token JWT of encryption, the JWT and server-side public key is sent collectively to client, so that client End generates signature value when sending service request to server-side, and server-side receives the service request that client is sent, and to described The JWT and signature value for including in service request are verified, if the two is verified, it is requested to return to its to client Data.Pass through the JWT for generating encryption during this, and when client sends service request to server-side every time, it will be described JWT is sent to server-side as a part of service request, establishes an information security channel, to guarantee the peace of data transmission Quan Xing, prevents third party's stealing or distorting to data, and server-side verifies JWT and signature therein to the service request received Value, it is ensured that request the legitimacy of certification.
Embodiment two:
Corresponding with above-described embodiment one, Fig. 2 shows the realities for the safety communicating method that another embodiment of the application provides Existing flow diagram, details are as follows:
Step S21 sends logging request to server-side;
Client sends logging request to server-side in the step, so that server-side verifies the logging request, So that it is determined that whether client can successfully log in the server-side.Include the user name of client in the logging request, step on Record the public key of password and client;The public key of the client passes through before client sends logging request to server-side Diffie-Hellman algorithm generates, while the private key of client is generated by Diffie-Hellman algorithm.
Step S22 receives JWT and the server-side public key that the server-side is sent, and the JWT is the server-side root It is generated according to the logging request;
In the step, client receives the identity security token (Json Web Token, JWT) that server-side is sent, And the public key of server-side, the server-side public key and server-side private key are generated according to Diffie-Hellman algorithm.It is described JWT includes head, load and signature.
Step S23 generates signature value according to the server-side public key of stating;
In embodiment provided by the present application, client generates the local of client according to server-side public key and client private key Key, to generate signature value by the local key.
It is optionally, described that signature value is generated according to the server-side public key, comprising:
The client generates the local key of the client according to the server-side public key and the client private key;
The local key of the relevant information of the service request and the client is subjected to regular combination, obtains second group Close result;
Second combined result is calculated by the digest algorithm in SM3 algorithm, obtains the signature value.
In the step, when the API of client call service end, random number (nonce), timestamp are added in http request head (timestamp), three parameters of signature value (sign) request this time for server-side to carry out sign test.Client generates signature value Process is as follows: content to be signed presses and " body: request message Nei Rong &httpMethod: Qing Qiufangshi &httpURI: asks API& Nonce: Sui Jishuo &secretKey: local Mi Yao &timestamp: timestamp " rule is combined, and obtains the second combination As a result, and calculate to the second combined result the signature value of Base64 format using SM3 abstract operation.
Step S24 sends service request to the server-side, indicates that the server-side tests the service request Card.It include the JWT, the signature value and request data in the service request;
In the step, client sends service request to server-side, so that server-side verifies the service request, It include the JWT, the signature value and request data in the service request;Server-side to the verification process of service request referring to Embodiment one.
Step S25 receives the request data that the server-side is sent.
In the step, client waits server-side to the verification result of service request, if being verified, client is waited It receives server-side and sends back to request data.
Client is with server-side when being communicated in embodiment provided by the present application, and server-side is according to the login of client Request generates the identity security token JWT of encryption, the JWT and server-side public key is sent collectively to client, so that client End generates signature value when sending service request to server-side, and server-side receives the service request that client is sent, and to described The JWT and signature value for including in service request are verified, if the two is verified, it is requested to return to its to client Data.Pass through the JWT for generating encryption during this, and when client sends service request to server-side every time, it will be described JWT is sent to server-side as a part of service request, establishes an information security channel, to guarantee the peace of data transmission Quan Xing, prevents third party's stealing or distorting to data, and server-side verifies JWT and signature therein to the service request received Value, it is ensured that request the legitimacy of certification.
Embodiment three:
Corresponding to safety communicating method described in foregoing embodiments, it is logical that Fig. 3 shows safety provided by the embodiments of the present application The structural block diagram of letter system illustrates only part relevant to the embodiment of the present application for ease of description.
Referring to Fig. 3, which includes: server-side 31 and client 32;The server 31 includes receiving list Member 311, transmission unit 312 and authentication unit 313, the client 32 include: request transmitting unit 321, generation unit 322 And data receipt unit 323, in which:
The server-side 31 includes:
Receiving unit 311 generates identity security according to the logging request for receiving the logging request of client transmission Load data in token JWT, the JWT has been subjected to encryption;It is also used to receive the service request that the client is sent, It include the JWT and the signature value and request data in the service request;
Transmission unit 312, for sending the JWT and the server-side public key to the client, to indicate the visitor Family end generates signature value;
Authentication unit 313, for verifying the JWT and the signature value;If the two passes through verifying, to the client End returns to the request data of the service request.
Further, the receiving unit 31, comprising:
Module is obtained, for obtaining the log-on message of the client according to the logging request;
Encrypting module obtains the signature of identity security token JWT for encrypting the log-on message;According to it is described signature, The Encryption Algorithm used when the load data and the encryption log-on message generates the JWT.
Further, the authentication unit 313, comprising:
Parsing module, for parsing the JWT for including in the service request and signature value;
First authentication module, whether the identity for verifying the user according to the JWT legal and the client Whether overtime log in the server;
Second authentication module, if the identity for the client is legal and the client login server does not surpass When, then whether the signature value according to the local key authentication of the server-side is legal, wherein the local key of the server-side It is generated according to the server-side private key and the client public key.
Further, second authentication module, comprising:
Relevant information obtains module, for obtaining the relevant information of this time request, the correlation according to the service request Information includes one of request message content, request method, request API, random number, timestamp or a variety of;
Composite module obtains first group for the local key of the relevant information and the server-side to be combined Close result;Sign test is carried out to the signature value by the sign test method in SM3 algorithm according to first combined result, with determination Whether the signature value is legal.
The client 32 includes:
Request transmitting unit 321, for sending logging request to server-side;It is also used to send service request to the service End, indicates that the server-side verifies the service request.It include the JWT, the signature value in the service request And request data;
Generation unit 322, the public key for stating server-side according to generate signature value;
Data receipt unit 323, JWT and the server-side public key, the JWT for receiving the server-side transmission are The server-side is generated according to the logging request;It is also used to receive the request data that the server-side is sent.
Further, the generation unit 322, comprising:
Local key production module, for generating the client according to the server-side public key and the client private key Local key;
Computing module, for the local key of the relevant information of the service request and the client to be carried out regular group It closes, obtains the second combined result;Second combined result is calculated by the digest algorithm in SM3 algorithm, obtains institute State signature value.
Client is with server-side when being communicated in embodiment provided by the present application, and server-side is according to the login of client Request generates the identity security token JWT of encryption, the public key of the JWT and server-side is sent collectively to client, so that objective Family end generates signature value when sending service request to server-side, and server-side receives the service request that client is sent, and to institute It states the JWT for including in service request and signature value is verified, if the two is verified, returns to it to client and requested Data.Pass through the JWT for generating encryption during this, and when client sends service request to server-side every time, by institute A part that JWT is stated as service request is sent to server-side, establishes an information security channel, to guarantee data transmission Safety, prevents third party's stealing or distorting to data, and server-side verifies JWT and label therein to the service request received Name value, it is ensured that request the legitimacy of certification.
It should be understood that the size of the serial number of each step is not meant that the order of the execution order in above-described embodiment, each process Execution sequence should be determined by its function and internal logic, the implementation process without coping with the embodiment of the present application constitutes any limit It is fixed.
Example IV:
Fig. 4 is the schematic diagram for the terminal device that one embodiment of the application provides.As shown in figure 4, the terminal of the embodiment is set Standby 4 include: processor 40, memory 41 and are stored in the meter that can be run in the memory 41 and on the processor 40 Calculation machine program 42.The processor 40 is realized when executing the computer program 42 in above-mentioned each safety communicating method embodiment The step of, such as step S11 to S15 shown in FIG. 1 or step S21 to S25.Alternatively, the processor 40 executes the calculating The function of each module/unit in above-mentioned each Installation practice, such as server 31 shown in Fig. 3 or client are realized when machine program 42 32 functions.
Illustratively, the computer program 42 can be divided into one or more module/units, it is one or Multiple module/units are stored in the memory 41, and are executed by the processor 40, to complete the application.Described one A or multiple module/units can be the series of computation machine program instruction section that can complete specific function, which is used for Implementation procedure of the computer program 42 in the terminal device 4 is described.For example, the computer program 42 can be divided It is cut into receiving unit, transmission unit and authentication unit, each unit concrete function is as follows:
Receiving unit generates identity security according to the logging request and enables for receiving the logging request of client transmission Load data in board JWT, the JWT has been subjected to encryption;It is also used to receive the service request that the client is sent, institute State includes the JWT and the signature value and request data in service request;
Transmission unit, for sending the JWT and the server-side public key to the client, to indicate the client Generate signature value;
Authentication unit, for verifying the JWT and the signature value;If the two passes through verifying, to the client Return to the request data of the service request.
Further, the receiving unit, comprising:
Module is obtained, for obtaining the log-on message of the client according to the logging request;
Encrypting module obtains the signature of identity security token JWT for encrypting the log-on message;According to it is described signature, The Encryption Algorithm used when the load data and the encryption log-on message generates the JWT.
Further, the authentication unit, comprising:
Parsing module, for parsing the JWT for including in the service request and signature value;
First authentication module, whether the identity for verifying the user according to the JWT legal and the client Whether overtime log in the server;
Second authentication module, if the identity for the client is legal and the client login server does not surpass When, then whether the signature value according to the local key authentication of the server-side is legal, wherein the local key of the server-side It is generated according to the server-side private key and the client public key.
Further, second authentication module, comprising:
Relevant information obtains module, for obtaining the relevant information of this time request, the correlation according to the service request Information includes one of request message content, request method, request API, random number, timestamp or a variety of;
Composite module obtains first group for the local key of the relevant information and the server-side to be combined Close result;Sign test is carried out to the signature value by the sign test method in SM3 algorithm according to first combined result, with determination Whether the signature value is legal.
Or the computer program 42 can be divided into request transmitting unit, generation unit and data receipt unit:
Request transmitting unit, for sending logging request to server-side;It is also used to send service request to the server-side, Indicate that the server-side verifies the service request.Comprising the JWT, the signature value and asking in the service request Seek data;
Generation unit, the public key for stating server-side according to generate signature value;
Data receipt unit, the JWT and the server-side public key sent for receiving the server-side, the JWT is institute Server-side is stated to be generated according to the logging request;It is also used to receive the request data that the server-side is sent.
Further, the generation unit, comprising:
Local key production module, for generating the client according to the server-side public key and the client private key Local key;
Computing module, for the local key of the relevant information of the service request and the client to be carried out regular group It closes, obtains the second combined result;Second combined result is calculated by the digest algorithm in SM3 algorithm, obtains institute State signature value.
The terminal device 4 can be the calculating such as desktop PC, notebook, palm PC and cloud server and set It is standby.The terminal device may include, but be not limited only to, processor 40, memory 41.It will be understood by those skilled in the art that Fig. 4 The only example of terminal device 4 does not constitute the restriction to terminal device 4, may include than illustrating more or fewer portions Part perhaps combines certain components or different components, such as the terminal device can also include input-output equipment, net Network access device, bus etc..
Alleged processor 40 can be central processing unit (Central Processing Unit, CPU), can also be Other general processors, digital signal processor (Digital Signal Processor, DSP), specific integrated circuit (Application Specific Integrated Circuit, ASIC), ready-made programmable gate array (Field- Programmable Gate Array, FPGA) either other programmable logic device, discrete gate or transistor logic, Discrete hardware components etc..General processor can be microprocessor or the processor is also possible to any conventional processor Deng.
The memory 41 can be the internal storage unit of the terminal device 4, such as the hard disk or interior of terminal device 4 It deposits.The memory 41 is also possible to the External memory equipment of the terminal device 4, such as be equipped on the terminal device 4 Plug-in type hard disk, intelligent memory card (Smart Media Card, SMC), secure digital (Secure Digital, SD) card dodge Deposit card (Flash Card) etc..Further, the memory 41 can also both include the storage inside list of the terminal device 4 Member also includes External memory equipment.The memory 41 is for storing needed for the computer program and the terminal device Other programs and data.The memory 41 can be also used for temporarily storing the data that has exported or will export.
It is apparent to those skilled in the art that for convenience of description and succinctly, only with above-mentioned each function Can unit, module division progress for example, in practical application, can according to need and by above-mentioned function distribution by different Functional unit, module are completed, i.e., the internal structure of described device is divided into different functional unit or module, more than completing The all or part of function of description.Each functional unit in embodiment, module can integrate in one processing unit, can also To be that each unit physically exists alone, can also be integrated in one unit with two or more units, it is above-mentioned integrated Unit both can take the form of hardware realization, can also realize in the form of software functional units.In addition, each function list Member, the specific name of module are also only for convenience of distinguishing each other, the protection scope being not intended to limit this application.Above system The specific work process of middle unit, module, can refer to corresponding processes in the foregoing method embodiment, and details are not described herein.
In the above-described embodiments, it all emphasizes particularly on different fields to the description of each embodiment, is not described in detail or remembers in some embodiment The part of load may refer to the associated description of other embodiments.
Those of ordinary skill in the art may be aware that list described in conjunction with the examples disclosed in the embodiments of the present disclosure Member and algorithm steps can be realized with the combination of electronic hardware or computer software and electronic hardware.These functions are actually It is implemented in hardware or software, the specific application and design constraint depending on technical solution.Professional technician Each specific application can be used different methods to achieve the described function, but this realization is it is not considered that exceed Scope of the present application.
In embodiment provided herein, it should be understood that disclosed device/terminal device and method, it can be with It realizes by another way.For example, device described above/terminal device embodiment is only schematical, for example, institute The division of module or unit is stated, only a kind of logical function partition, there may be another division manner in actual implementation, such as Multiple units or components can be combined or can be integrated into another system, or some features can be ignored or not executed.Separately A bit, shown or discussed mutual coupling or direct-coupling or communication connection can be through some interfaces, device Or the INDIRECT COUPLING or communication connection of unit, it can be electrical property, mechanical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme 's.
It, can also be in addition, each functional unit in each embodiment of the application can integrate in one processing unit It is that each unit physically exists alone, can also be integrated in one unit with two or more units.Above-mentioned integrated list Member both can take the form of hardware realization, can also realize in the form of software functional units.
If the integrated module/unit be realized in the form of SFU software functional unit and as independent product sale or In use, can store in a computer readable storage medium.Based on this understanding, the application realizes above-mentioned implementation All or part of the process in example method, can also instruct relevant hardware to complete, the meter by computer program Calculation machine program can be stored in a computer readable storage medium, the computer program when being executed by processor, it can be achieved that on The step of stating each embodiment of the method.Wherein, the computer program includes computer program code, the computer program Code can be source code form, object identification code form, executable file or certain intermediate forms etc..Computer-readable Jie Matter may include: can carry the computer program code any entity or device, recording medium, USB flash disk, mobile hard disk, Magnetic disk, CD, computer storage, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), electric carrier signal, telecommunication signal and software distribution medium etc..It should be noted that described The content that computer-readable medium includes can carry out increasing appropriate according to the requirement made laws in jurisdiction with patent practice Subtract, such as in certain jurisdictions, according to legislation and patent practice, computer-readable medium do not include be electric carrier signal and Telecommunication signal.
Embodiment described above is only to illustrate the technical solution of the application, rather than its limitations;Although referring to aforementioned reality Example is applied the application is described in detail, those skilled in the art should understand that: it still can be to aforementioned each Technical solution documented by embodiment is modified or equivalent replacement of some of the technical features;And these are modified Or replacement, the spirit and scope of each embodiment technical solution of the application that it does not separate the essence of the corresponding technical solution should all Comprising within the scope of protection of this application.

Claims (10)

1. a kind of safety communicating method, which is characterized in that the safety communicating method includes:
The logging request that client is sent is received, according in the logging request generation identity security token JWT, the JWT Load data has been subjected to encryption;
The JWT and the server-side public key are sent to the client, to indicate that the client generates signature value;
The service request that the client is sent is received, includes the JWT and the signature value in the service request and asks Seek data;
Verify the JWT and the signature value;
If the two passes through verifying, the request data of the service request is returned to the client.
2. safety communicating method as described in claim 1, which is characterized in that described to generate identity peace according to the logging request Full token JWT, comprising:
The log-on message of the client is obtained according to the logging request;
The log-on message is encrypted, the signature of identity security token JWT is obtained;
The Encryption Algorithm used according to the signature, the load data and when encrypting the log-on message generates the JWT.
3. safety communicating method as described in claim 1, which is characterized in that the verifying JWT and the signature value, packet It includes:
Parse the JWT for including in the service request and signature value;
Whether the identity for verifying the user according to the JWT is legal and whether the client login server surpasses When;
If the identity of the client is legal and the client login server has not timed out, according to the server-side Whether signature value described in local key authentication legal, wherein the local key of the server-side according to the server-side private key and The client public key generates.
4. safety communicating method as claimed in claim 3, which is characterized in that described to be tested according to the local key of the server-side Whether legal demonstrate,prove the signature value, comprising:
The relevant information of this time request is obtained according to the service request, the relevant information includes request message content, request One of mode, request API, random number, timestamp are a variety of;
The local key of the relevant information and the server-side is combined, the first combined result is obtained;
Sign test is carried out to the signature value by the sign test method in SM3 algorithm according to first combined result, to determine Whether legal state signature value.
5. a kind of safety communicating method, which is characterized in that the safety communicating method includes:
Logging request is sent to server-side;
JWT and the server-side public key that the server-side is sent are received, the JWT is that the server-side is asked according to the login It seeks survival into;
Signature value is generated according to the server-side public key of stating;
Service request is sent to the server-side, indicates that the server-side verifies the service request.The service is asked It include the JWT, the signature value and request data in asking;
Receive the request data that the server-side is sent.
6. safety communicating method as claimed in claim 5, which is characterized in that described generated according to the server-side public key is signed Value, comprising:
The local key of the client is generated according to the server-side public key and client private key;
The local key of the relevant information of the service request and the client is subjected to regular combination, obtains the second combination knot Fruit;
Second combined result is calculated by the digest algorithm in SM3 algorithm, obtains the signature value.
7. a kind of safe communication system, which is characterized in that the safe communication system includes: server-side and client;
The server-side includes:
Receiving unit generates identity security token according to the logging request for receiving the logging request of client transmission Load data in JWT, the JWT has been subjected to encryption;It is also used to receive the service request that the client is sent, it is described It include the JWT and the signature value and request data in service request;
Transmission unit, for sending the JWT and the server-side public key to the client, to indicate that the client generates Signature value;
Authentication unit, for verifying the JWT and the signature value;If the two passes through verifying, returned to the client The request data of the service request;
The client includes:
Request transmitting unit, for sending logging request to server-side;It is also used to send service request to the server-side, instruction The server-side verifies the service request.It include the JWT, the signature value and number of request in the service request According to;
Generation unit, the public key for stating server-side according to generate signature value;
Data receipt unit, the JWT and the server-side public key sent for receiving the server-side, the JWT is the clothes Business end is generated according to the logging request;It is also used to receive the request data that the server-side is sent.
8. safe communication system as claimed in claim 7, which is characterized in that the receiving unit, comprising:
Module is obtained, for obtaining the log-on message of the client according to the logging request;
Encrypting module obtains the signature of identity security token JWT for encrypting the log-on message;According to it is described signature, it is described The Encryption Algorithm used when load data and the encryption log-on message generates the JWT.
9. a kind of terminal device, including memory, processor and storage are in the memory and can be on the processor The computer program of operation, which is characterized in that the processor realizes such as Claims 1-4 when executing the computer program The step of any one of any one or the claim 5 or 6 the method.
10. a kind of computer readable storage medium, the computer-readable recording medium storage has computer program, and feature exists In any one of such as Claims 1-4 of realization or the claim 5 or 6 are any when the computer program is executed by processor The step of item the method.
CN201810436553.XA 2018-05-09 2018-05-09 Secure communication method, system and terminal equipment Active CN108965230B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810436553.XA CN108965230B (en) 2018-05-09 2018-05-09 Secure communication method, system and terminal equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810436553.XA CN108965230B (en) 2018-05-09 2018-05-09 Secure communication method, system and terminal equipment

Publications (2)

Publication Number Publication Date
CN108965230A true CN108965230A (en) 2018-12-07
CN108965230B CN108965230B (en) 2021-10-15

Family

ID=64499026

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810436553.XA Active CN108965230B (en) 2018-05-09 2018-05-09 Secure communication method, system and terminal equipment

Country Status (1)

Country Link
CN (1) CN108965230B (en)

Cited By (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109450649A (en) * 2018-12-28 2019-03-08 北京金山安全软件有限公司 Gateway verification method and device based on application program interface and electronic equipment
CN109743163A (en) * 2019-01-03 2019-05-10 优信拍(北京)信息科技有限公司 Purview certification method, apparatus and system in micro services framework
CN110827018A (en) * 2019-10-11 2020-02-21 北京如易行科技有限公司 Method for two-dimensional code intercommunication use between public traffic APP clients
CN110932844A (en) * 2019-12-30 2020-03-27 中科全维科技(苏州)有限公司 Terminal safety communication method and system for emergency field
CN111125655A (en) * 2019-12-20 2020-05-08 紫光云(南京)数字技术有限公司 Method for secure communication of OSS-API interface
CN111225001A (en) * 2020-03-12 2020-06-02 北京跨联元焕网络科技有限公司 Block chain decentralized communication method, electronic equipment and system
CN111447220A (en) * 2020-03-26 2020-07-24 金蝶软件(中国)有限公司 Authentication information management method, server of application system and computer storage medium
CN111510300A (en) * 2020-04-10 2020-08-07 中国联合网络通信集团有限公司 Data processing method, device, equipment and computer readable storage medium
CN111625800A (en) * 2020-06-05 2020-09-04 光载互联(杭州)科技有限公司 Digital identity authentication method and system based on in-vivo detection
CN111835514A (en) * 2020-07-23 2020-10-27 上海英方软件股份有限公司 Method and system for realizing safe interaction of front-end and back-end separated data
CN111835523A (en) * 2020-05-25 2020-10-27 北京齐尔布莱特科技有限公司 Data request method, system and computing equipment
CN111901124A (en) * 2020-07-29 2020-11-06 北京天融信网络安全技术有限公司 Communication safety protection method and device and electronic equipment
CN112242901A (en) * 2019-07-16 2021-01-19 中国移动通信集团浙江有限公司 Service verification method, device, equipment and computer storage medium
CN112260838A (en) * 2020-10-15 2021-01-22 四川长虹电器股份有限公司 Automatic renewal authentication method based on JWT (just-before-last-transaction)
WO2021030545A1 (en) * 2019-08-13 2021-02-18 Google Llc Securing browser cookies
CN112600674A (en) * 2020-12-04 2021-04-02 中国农业银行股份有限公司深圳市分行 User security authentication method and device for front-end and back-end separation system and storage medium
CN113132363A (en) * 2021-04-02 2021-07-16 上海万物新生环保科技集团有限公司 Front-end and back-end security verification method and equipment
CN113285807A (en) * 2021-05-14 2021-08-20 广东美房智高机器人有限公司 Method and system for network access authentication of intelligent equipment
CN113498602A (en) * 2020-02-06 2021-10-12 谷歌有限责任公司 Aggregating encrypted network values
CN113612774A (en) * 2021-08-04 2021-11-05 特瓦特能源科技有限公司 Network security protection method and related equipment
CN113746882A (en) * 2020-05-28 2021-12-03 支付宝实验室(新加坡)有限公司 User session information storage method and device and electronic equipment
CN114124441A (en) * 2021-09-29 2022-03-01 上海欧冶金融信息服务股份有限公司 JWT (just-before-wt) -based client authentication method and system
CN114143026A (en) * 2021-10-26 2022-03-04 福建福诺移动通信技术有限公司 Data security interface based on asymmetric and symmetric encryption and working method thereof
CN114268506A (en) * 2021-12-28 2022-04-01 优刻得科技股份有限公司 Method for accessing server side equipment, access side equipment and server side equipment
CN115001714A (en) * 2022-07-15 2022-09-02 中国电信股份有限公司 Resource access method and device, electronic equipment and storage medium

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101202753A (en) * 2007-11-29 2008-06-18 中国电信股份有限公司 Method and device for accessing plug-in connector applied system by client terminal
CN102984127A (en) * 2012-11-05 2013-03-20 武汉大学 User-centered mobile internet identity managing and identifying method
CN103490899A (en) * 2013-09-27 2014-01-01 浪潮齐鲁软件产业有限公司 Application cloud safety certification method based on third-party service
CN104767731A (en) * 2015-03-12 2015-07-08 江苏中天科技软件技术有限公司 Identity authentication protection method of Restful mobile transaction system
CN106341429A (en) * 2016-11-28 2017-01-18 浙江工业大学 Authentication method capable of protecting safety of server data
CN107294920A (en) * 2016-03-31 2017-10-24 阿里巴巴集团控股有限公司 It is a kind of reversely to trust login method and device
US20180091299A1 (en) * 2016-09-28 2018-03-29 International Business Machines Corporation Integrity protected trusted public key token with performance enhancements

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101202753A (en) * 2007-11-29 2008-06-18 中国电信股份有限公司 Method and device for accessing plug-in connector applied system by client terminal
CN102984127A (en) * 2012-11-05 2013-03-20 武汉大学 User-centered mobile internet identity managing and identifying method
CN103490899A (en) * 2013-09-27 2014-01-01 浪潮齐鲁软件产业有限公司 Application cloud safety certification method based on third-party service
CN104767731A (en) * 2015-03-12 2015-07-08 江苏中天科技软件技术有限公司 Identity authentication protection method of Restful mobile transaction system
CN107294920A (en) * 2016-03-31 2017-10-24 阿里巴巴集团控股有限公司 It is a kind of reversely to trust login method and device
US20180091299A1 (en) * 2016-09-28 2018-03-29 International Business Machines Corporation Integrity protected trusted public key token with performance enhancements
CN106341429A (en) * 2016-11-28 2017-01-18 浙江工业大学 Authentication method capable of protecting safety of server data

Cited By (35)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109450649A (en) * 2018-12-28 2019-03-08 北京金山安全软件有限公司 Gateway verification method and device based on application program interface and electronic equipment
CN109743163A (en) * 2019-01-03 2019-05-10 优信拍(北京)信息科技有限公司 Purview certification method, apparatus and system in micro services framework
CN112242901A (en) * 2019-07-16 2021-01-19 中国移动通信集团浙江有限公司 Service verification method, device, equipment and computer storage medium
CN112242901B (en) * 2019-07-16 2023-09-19 中国移动通信集团浙江有限公司 Service verification method, device, equipment and computer storage medium
WO2021030545A1 (en) * 2019-08-13 2021-02-18 Google Llc Securing browser cookies
US11949688B2 (en) 2019-08-13 2024-04-02 Google Llc Securing browser cookies
CN110827018A (en) * 2019-10-11 2020-02-21 北京如易行科技有限公司 Method for two-dimensional code intercommunication use between public traffic APP clients
CN111125655A (en) * 2019-12-20 2020-05-08 紫光云(南京)数字技术有限公司 Method for secure communication of OSS-API interface
CN110932844B (en) * 2019-12-30 2023-06-30 中科全维科技(苏州)有限公司 Emergency field-oriented terminal secure communication method and system
CN110932844A (en) * 2019-12-30 2020-03-27 中科全维科技(苏州)有限公司 Terminal safety communication method and system for emergency field
US12021972B2 (en) 2020-02-06 2024-06-25 Google Llc Aggregating encrypted network values
CN113498602A (en) * 2020-02-06 2021-10-12 谷歌有限责任公司 Aggregating encrypted network values
CN111225001A (en) * 2020-03-12 2020-06-02 北京跨联元焕网络科技有限公司 Block chain decentralized communication method, electronic equipment and system
CN111447220A (en) * 2020-03-26 2020-07-24 金蝶软件(中国)有限公司 Authentication information management method, server of application system and computer storage medium
CN111447220B (en) * 2020-03-26 2022-08-23 金蝶软件(中国)有限公司 Authentication information management method, server of application system and computer storage medium
CN111510300A (en) * 2020-04-10 2020-08-07 中国联合网络通信集团有限公司 Data processing method, device, equipment and computer readable storage medium
CN111835523A (en) * 2020-05-25 2020-10-27 北京齐尔布莱特科技有限公司 Data request method, system and computing equipment
CN111835523B (en) * 2020-05-25 2023-05-30 北京齐尔布莱特科技有限公司 Data request method, system and computing device
CN113746882A (en) * 2020-05-28 2021-12-03 支付宝实验室(新加坡)有限公司 User session information storage method and device and electronic equipment
CN111625800A (en) * 2020-06-05 2020-09-04 光载互联(杭州)科技有限公司 Digital identity authentication method and system based on in-vivo detection
CN111835514A (en) * 2020-07-23 2020-10-27 上海英方软件股份有限公司 Method and system for realizing safe interaction of front-end and back-end separated data
CN111901124A (en) * 2020-07-29 2020-11-06 北京天融信网络安全技术有限公司 Communication safety protection method and device and electronic equipment
CN111901124B (en) * 2020-07-29 2023-04-18 北京天融信网络安全技术有限公司 Communication safety protection method and device and electronic equipment
CN112260838A (en) * 2020-10-15 2021-01-22 四川长虹电器股份有限公司 Automatic renewal authentication method based on JWT (just-before-last-transaction)
CN112600674A (en) * 2020-12-04 2021-04-02 中国农业银行股份有限公司深圳市分行 User security authentication method and device for front-end and back-end separation system and storage medium
CN113132363A (en) * 2021-04-02 2021-07-16 上海万物新生环保科技集团有限公司 Front-end and back-end security verification method and equipment
CN113285807A (en) * 2021-05-14 2021-08-20 广东美房智高机器人有限公司 Method and system for network access authentication of intelligent equipment
CN113612774A (en) * 2021-08-04 2021-11-05 特瓦特能源科技有限公司 Network security protection method and related equipment
CN114124441B (en) * 2021-09-29 2022-11-15 上海欧冶金融信息服务股份有限公司 JWT (just in time wt) -based client authentication method and system
CN114124441A (en) * 2021-09-29 2022-03-01 上海欧冶金融信息服务股份有限公司 JWT (just-before-wt) -based client authentication method and system
CN114143026B (en) * 2021-10-26 2024-01-23 福建福诺移动通信技术有限公司 Data security interface based on asymmetric and symmetric encryption and working method thereof
CN114143026A (en) * 2021-10-26 2022-03-04 福建福诺移动通信技术有限公司 Data security interface based on asymmetric and symmetric encryption and working method thereof
CN114268506A (en) * 2021-12-28 2022-04-01 优刻得科技股份有限公司 Method for accessing server side equipment, access side equipment and server side equipment
CN115001714A (en) * 2022-07-15 2022-09-02 中国电信股份有限公司 Resource access method and device, electronic equipment and storage medium
CN115001714B (en) * 2022-07-15 2024-03-19 中国电信股份有限公司 Resource access method and device, electronic equipment and storage medium

Also Published As

Publication number Publication date
CN108965230B (en) 2021-10-15

Similar Documents

Publication Publication Date Title
CN108965230A (en) A kind of safety communicating method, system and terminal device
Bera et al. Designing blockchain-based access control protocol in IoT-enabled smart-grid system
CN102984127B (en) User-centered mobile internet identity managing and identifying method
CN109327477A (en) Authentication method, device and storage medium
CN107425983A (en) A kind of unified identity authentication method and system platform based on WEB service
CN109309565A (en) A kind of method and device of safety certification
Sani et al. Xyreum: A high-performance and scalable blockchain for iiot security and privacy
CN110493237A (en) Identity management method, device, computer equipment and storage medium
CN109361508A (en) Data transmission method, electronic equipment and computer readable storage medium
Chen et al. Security analysis and improvement of user authentication framework for cloud computing
CN106060078A (en) User information encryption method, user registration method and user validation method applied to cloud platform
CN102957584A (en) Home network equipment management method, control equipment and home network equipment
CN111756530B (en) Quantum service mobile engine system, network architecture and related equipment
CN111756529A (en) Quantum session key distribution method and system
CN107094156A (en) A kind of safety communicating method and system based on P2P patterns
CN106713236A (en) End-to-end identity authentication and encryption method based on CPK identifier authentication
CN109272314A (en) A kind of safety communicating method and system cooperateing with signature calculation based on two sides
CN109587100A (en) A kind of cloud computing platform user authentication process method and system
CN112989426A (en) Authorization authentication method and device, and resource access token acquisition method
CN109815659A (en) Safety certifying method, device, electronic equipment and storage medium based on WEB project
CN113411187A (en) Identity authentication method and system, storage medium and processor
CN111756528A (en) Quantum session key distribution method and device and communication architecture
Yang et al. Iba: A secure and efficient device-to-device interaction-based authentication scheme for internet of things
CN109495458A (en) A kind of method, system and the associated component of data transmission
CN104753879B (en) Method and system, the method and system of cloud service provider certification terminal of terminal authentication cloud service provider

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant