CN109995774A - Cipher key authentication method, system, equipment and storage medium based on part decryption - Google Patents

Cipher key authentication method, system, equipment and storage medium based on part decryption Download PDF

Info

Publication number
CN109995774A
CN109995774A CN201910223236.4A CN201910223236A CN109995774A CN 109995774 A CN109995774 A CN 109995774A CN 201910223236 A CN201910223236 A CN 201910223236A CN 109995774 A CN109995774 A CN 109995774A
Authority
CN
China
Prior art keywords
authorization
client
configuration information
access request
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910223236.4A
Other languages
Chinese (zh)
Other versions
CN109995774B (en
Inventor
陈利军
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Taikang Insurance Group Co Ltd
Original Assignee
Taikang Insurance Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Taikang Insurance Group Co Ltd filed Critical Taikang Insurance Group Co Ltd
Priority to CN201910223236.4A priority Critical patent/CN109995774B/en
Publication of CN109995774A publication Critical patent/CN109995774A/en
Application granted granted Critical
Publication of CN109995774B publication Critical patent/CN109995774B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention provides cipher key authentication method, system, equipment and storage mediums based on part decryption, wherein, authentication method includes: to receive the authorization requests of at least client transmission, the authorization message and authorization configuration information of corresponding client are generated, and authorization configuration information is sent to client;Receive the access request of client transmission, access request is encrypted after being merged by authorization configuration information and transmission information and is obtained, after only the authorization configuration information being encrypted in access request is decrypted, and keep the encrypted state of transmission information, it is authenticated in conjunction with authorization message, authenticates and successfully then business service corresponding with access request is called to access for client.The present invention can be avoided artificial operation, enhance the stability of system, and by way of by authorization configuration information and the decryption of transmission information strange land, further ensures the safety of information transmission, decrease the workload of authentication device.

Description

Cipher key authentication method, system, equipment and storage medium based on part decryption
Technical field
The present invention relates to key authentication fields, specifically, be related to based on part decryption cipher key authentication method, system, Equipment and storage medium.
Background technique
It is Internet era now, can all has interaction regardless of system, all there can be data transmitting when interactive, wrap Include the transmission of sensitive data.When each system mutually transmits, needed to configure between system and system corresponding key and Sensitive data, which will also be encrypted, to be prevented from revealing.Every time in raw cloth production, server will be gone artificially to go typing by hand for the first time Key specifies the corresponding relationship of each system, and such manual operation will lead to many problems, corresponding relationship configuration error will affect The interaction of system can seriously affect the operating condition of system, cause to produce the Resolving probiems big influence of bring tool not in time.
Therefore, the present invention provides a kind of cipher key authentication method, system, equipment and storage mediums based on part decryption.
Summary of the invention
For the problems of the prior art, the purpose of the present invention is to provide based on part decryption cipher key authentication method, System, equipment and storage medium can be avoided artificial operation, enhance the stability of system, and match by that will authorize The mode of confidence breath and the decryption of transmission information strange land, further ensures the safety of information transmission, decreases authentication device Workload.
The embodiment of the present invention provides a kind of cipher key authentication method based on part decryption, is applied to mobile terminal, including Following steps:
The authorization requests of at least client transmission are received, the authorization message and authorization for generating the corresponding client are matched Confidence breath, and the authorization configuration information is sent to the client;
The access request that the client is sent is received, the access request is by the authorization configuration information and transmission information Encryption obtains after merging, after only the authorization configuration information being encrypted in access request is decrypted, and the transmission is kept to believe The encrypted state of breath;And
It is authenticated in conjunction with the authorization message, authenticates and successfully then call described in business service confession corresponding with access request Client access.
Optionally, it is authenticated according to authorization configuration information in conjunction with the authorization message, if authenticating successfully, by access request It is sent to service server, it is described that business service corresponding with access request in the service server is called to supply the client Access.
Optionally, it is authenticated according to authorization configuration information in conjunction with the authorization message, if failed authentication, described in refusal Access request.
Optionally, the type for calling the business service includes reading data, in write-in data and deletion data at least One.
Optionally, the authorization configuration information includes the key of cipher mode and the corresponding cipher mode, and the access is asked It asks after being merged by the authorization configuration information and transmission information by being obtained after the cipher mode and key encryption.
Optionally, the authorization message is stored, and establishes the mapping relations of the authorization message Yu the client.
Optionally, the authorization message is stored, the client stores the authorization configuration information.
Optionally, according to by the transmission information after service server decryption, corresponding business service is called to supply The client access.
The embodiment of the present invention also provide it is a kind of based on part decryption key authentication system, for realizing it is above-mentioned based on The cipher key authentication method of part decryption, comprising:
Authentication module receives the authorization requests of at least client transmission, generates the authorization message of the corresponding client And authorization configuration information, and the authorization configuration information is sent to the client;
Deciphering module receives the access request that the client is sent, and the access request is by the authorization configuration information It encrypts and obtains after merging with transmission information, after only the authorization configuration information being encrypted in access request is decrypted, and keep The encrypted state of the transmission information;And
Authentication module is authenticated in conjunction with the authorization message, is authenticated and is successfully then called business corresponding with access request Service is accessed for the client.
The embodiment of the present invention also provides a kind of key authentication equipment based on part decryption, comprising:
Processor;
Memory, wherein being stored with the executable instruction of the processor;
Wherein, the processor is configured to execute via the executable instruction is executed above-mentioned based on the close of part decryption The step of key authentication method.
The embodiment of the present invention also provides a kind of computer readable storage medium, and for storing program, described program is held The step of above-mentioned cipher key authentication method based on part decryption is realized when row.
Cipher key authentication method, system, equipment and storage medium based on part decryption of the invention can be avoided artificial Operation, the stability of system is enhanced, and by way of by authorization configuration information and the decryption of transmission information strange land, into one Step ensure that the safety of information transmission, decrease the workload of authentication device.
Detailed description of the invention
Upon reading the detailed description of non-limiting embodiments with reference to the following drawings, other feature of the invention, Objects and advantages will become more apparent upon.
Fig. 1 is the flow chart of the cipher key authentication method of the invention based on part decryption;
Fig. 2 is the timing flow chart of the cipher key authentication method of the invention based on part decryption;
Fig. 3 is a kind of mode for implementing the cipher key authentication method of the invention based on part decryption;
Fig. 4 is a kind of timing flow chart for implementing the cipher key authentication method of the invention based on part decryption;
Fig. 5 is the configuration diagram of the key authentication system of the invention based on part decryption;
Fig. 6 is the structural schematic diagram of the key authentication equipment of the invention based on part decryption;And
Fig. 7 is the structural schematic diagram of the computer readable storage medium of one embodiment of the invention.
Specific embodiment
Example embodiment is described more fully with reference to the drawings.However, example embodiment can be with a variety of shapes Formula is implemented, and is not understood as limited to embodiment set forth herein.On the contrary, thesing embodiments are provided so that the present invention will Fully and completely, and by the design of example embodiment comprehensively it is communicated to those skilled in the art.It is identical attached in figure Icon note indicates same or similar structure, thus will omit repetition thereof.
Fig. 1 is the flow chart of the cipher key authentication method of the invention based on part decryption.As shown in Figure 1, base of the invention In the cipher key authentication method of part decryption, it is applied to server, comprising the following steps:
Server receives the authorization requests of at least client transmission, generates the authorization message and authorization of corresponding client Configuration information, and authorization configuration information is sent to client.
Server receives the access request of client transmission, after access request is merged by authorization configuration information and transmission information Encryption obtains, and after only the authorization configuration information being encrypted in access request is decrypted, and keeps the encryption shape of transmission information State.And
Server combination authorization message is authenticated, and is authenticated and is successfully then called business service corresponding with access request for visitor The access of family end.After the present invention is only decrypted authorization configuration information, without transmission information is decrypted, to ensure that biography Defeated information, by meaningless leakage, ensure that the safety of information transmission not in authentication process.
In one alternate embodiment, server is authenticated according to authorization configuration information combination authorization message, if authentication Access request is sent service server by success, and business service corresponding with access request is for visitor in calling service server The access of family end.
In one alternate embodiment, server is authenticated according to authorization configuration information combination authorization message, if authentication Failure, then denied access is requested.
In one alternate embodiment, the type of server calls business service includes reading (read) data, write-in (write) at least one in data and deletion (delete) data, but not limited to this.
In one alternate embodiment, authorization configuration information includes the key of cipher mode and the corresponding cipher mode, is visited Ask request by obtaining after passing through cipher mode and key encryption after authorization configuration information and transmission information merging.
In one alternate embodiment, server stores authorization message, and the mapping for establishing authorization message and client is closed System.
In one alternate embodiment, client stores authorization configuration information, so as in subsequent authentication, by awarding for storage Power information is compared with authorization configuration information, time limit authentication functions.
In one alternate embodiment, it according to by the transmission information after service server decryption, calls and corresponds to Business service for the client access.It can know that specific access object since information must be transmitted, authenticating successfully After, service server can just be decrypted the transmission information in access request, and the transmission information tune obtained according to decryption Client access is supplied to corresponding business service, and by business service.
The present invention is in authentication process, after only authorization configuration information is decrypted, without transmission information is decrypted, To ensure that transmission information is not leaked in authentication process, pass through decrypt authorization configuration information and transmission information strange land Mode controls the privacy degrees of transmission information to the maximum extent, ensure that the safety of information transmission.
Fig. 2 is the timing flow chart of the cipher key authentication method of the invention based on part decryption.As shown in Fig. 2, in this reality It applies in example, the timing process of the data management-control method of the invention based on user right is as follows:
S201, authentication device receive the authorization requests of at least client transmission.Server receives the visitor in a mobile phone The authorization requests that family end is sent.
S202, authentication device generate the authorization message and authorization configuration information of corresponding client.After receiving authorization requests, Server generates the authorization message of client and authorization configuration information in corresponding mobile phone.Authorization configuration information includes encryption side The key of formula and the corresponding cipher mode, access request merged by authorization configuration information and transmission information after by cipher mode and It is obtained after key encryption.Server stores authorization message, and establishes the mapping relations of authorization message and client.S203, certification Authorization configuration information is sent to client by device.Server sends authorization configuration information to the client in mobile phone.
S204, client store the authorization configuration information received.The authorization that client storage in mobile phone receives is matched Confidence breath
S205, client encrypt after merging authorization configuration information and transmission information obtains access request.Access request by Authorization configuration information and transmission information are encrypted after merging and are obtained.
Access request is sent authentication device by S206, client.Encrypted access request is sent after mobile phone will merge To server.
S207, authentication device are only decrypted the authorization configuration information being encrypted in access request.Server is only to visit After asking that the authorization configuration information being encrypted in request is decrypted, and keep the encrypted state of transmission information.The present invention is only to awarding After power configuration information is decrypted, without transmission information is decrypted, to ensure that transmission information not in authentication process By meaningless leakage, the safety of information transmission ensure that.
S208, authentication device combination authorization message authenticate authorization configuration information.Server can match according to authorization Confidence breath combines authorization message to be authenticated.
If S209, authenticating successfully, send service server for access request, call in service server with access request Corresponding business service is accessed for client.The transmission information in access request is decrypted in service server, according to decryption Transmission information afterwards calls corresponding business service to access for client.If authenticating successfully, server receives cell phone client Access request, call service server in business service corresponding with access request in mobile phone client access.
If S210, failed authentication, the request of authentication device denied access, but not limited to this.If failed authentication services The access request of device rejection cell phone client.
Cipher key authentication method based on part decryption of the invention can be avoided artificial operation, enhance the steady of system It is qualitative, and by way of by authorization configuration information and the decryption of transmission information strange land, further ensure the peace of information transmission Quan Xing decreases the workload of authentication device.
Fig. 3 is a kind of mode for implementing the cipher key authentication method of the invention based on part decryption.As shown in figure 3, this hair The bright cipher key authentication method based on part decryption can also carry out in the following manner, include interface the distribution server and more A system server.Interface the distribution server read from configuration file the service to be accessed correspond to configuration information and with to transmit Information merge, then the information to be transmitted is encrypted by encryption technology.It is between system server plus a intermediate automatic Decryption portion data and the service for being distributed to corresponding server, interface the distribution server interface automatic butt are distributed authentication key side Method and realization access.Wherein, interface the distribution server configures each server and corresponds to configuration information.It is one of initiate access be System server merges and is encrypted with interactive information after reading configuration information, and is sent to interface the distribution server.Interface point Automatically the service of distribution is decrypted partial information and connects corresponding accessed system server hair server calls.Interface distribution Server use is connected remotely to access server and obtains respective encrypted information.Interface the distribution server calls automatic distribution service Partial information is decrypted and whether Auto-matching and decryption information before are consistent.If unanimously carrying out information connection transmission, hair Play the service of the accessible accessed system server of system server of access.Since with automatic interface assignment of the invention After this service, artificial participation is just eliminated, efficiency of the practice is increased.
Fig. 4 is a kind of timing flow chart for implementing the cipher key authentication method of the invention based on part decryption.Such as Fig. 4 institute Show, another implementation process of the cipher key authentication method of the invention based on part decryption is as follows:
301, developer carries out configuring the information of corresponding access system in database, saves database configuration information
302, reading database configuration information is incorporated as access information with to transmit information encryption.
303, using network transmission calling interface, the service of distributing automatically carries out partial information decryption, only in access information Database configuration information is decrypted, and individually obtains database configuration information, without information to be transmitted is decrypted, guarantees to want Transmission information is still unknowable in this step, to strengthen the confidentiality of information to be transmitted.
304, the corresponding service information after decrypting is obtained to match the server to be accessed, and is matched by the database after decryption Confidence ceases to search the server to be accessed.
305, the encryption information of access server and decryption are obtained, after authenticating successfully, to not decrypting also for access information Transmission information be decrypted.
306, information carries out matching and loads key after two decryption of automatic progress.By to the data decrypted completely It library configuration information and to transmit information and matched, and load association key.
307, successful match is transmitted.It, can be with if the key of load is consistent with the preset-key of server is accessed Transmission channel is established, is transmitted.
Fig. 5 is the configuration diagram of the key authentication system 10 of the invention based on part decryption.As shown in figure 5, this hair Bright embodiment also provide it is a kind of based on part decryption key authentication system 10, for realizing it is above-mentioned based on part decryption Cipher key authentication method, the key authentication system 10 based on part decryption include:
Authentication module 101 receives the authorization requests of at least client transmission, generate the authorization message of corresponding client with And authorization configuration information, and authorization configuration information is sent to client.
Deciphering module 102 receives the access request of client transmission, and access request is by authorization configuration information and transmission information Encryption obtains after merging, after only the authorization configuration information being encrypted in access request is decrypted, and keeps transmission information Encrypted state.
Authentication module 103, is authenticated in conjunction with authorization message, is authenticated and is successfully then called service server 2 and access request Corresponding business service is accessed for client.
Key authentication system 10 based on part decryption of the invention is in authentication process, and deciphering module 102 is only to authorization After configuration information is decrypted, without transmission information is decrypted, to ensure that the transmission information not quilt in authentication process Leakage (is not decrypted module 102 to be decrypted), and after authentication module 103 authenticates successfully, service server 2 just can be to access Transmission information in request is decrypted, and calls corresponding business service according to the obtained transmission information of decryption, and by business Service is supplied to client access.The present invention is by way of by authorization configuration information and the decryption of transmission information strange land, maximum limit The privacy degrees for controlling to degree transmission information, ensure that the safety of information transmission.
The embodiment of the present invention also provides a kind of key authentication equipment based on part decryption, including processor.Memory, In be stored with the executable instruction of processor.Wherein, processor is configured to be performed via execution executable instruction based on portion The step of decomposing close cipher key authentication method.
As it appears from the above, the embodiment can be avoided artificial operation, the stability of system is enhanced, and by that will award It weighs configuration information and transmits the mode of information strange land decryption, further ensure the safety of information transmission, decrease certification The workload of device.
Person of ordinary skill in the field it is understood that various aspects of the invention can be implemented as system, method or Program product.Therefore, various aspects of the invention can be embodied in the following forms, it may be assumed that complete hardware embodiment, complete The embodiment combined in terms of full Software Implementation (including firmware, microcode etc.) or hardware and software, can unite here Referred to as " circuit ", " module " or " platform ".
Fig. 6 is the structural schematic diagram of the key authentication equipment of the invention based on part decryption.It is described referring to Fig. 6 The electronic equipment 600 of this embodiment according to the present invention.The electronic equipment 600 that Fig. 6 is shown is only an example, is not answered Any restrictions are brought to the function and use scope of the embodiment of the present invention.
As shown in fig. 6, electronic equipment 600 is showed in the form of universal computing device.The component of electronic equipment 600 can be with Including but not limited to: at least one processing unit 610, at least one storage unit 620, connection different platform component (including are deposited Storage unit 620 and processing unit 610) bus 630, display unit 640 etc..
Wherein, storage unit is stored with program code, and program code can be executed with unit 610 processed, so that processing is single Member 610 executes various exemplary implementations according to the present invention described in this specification above-mentioned electronic prescription circulation processing method part The step of mode.For example, processing unit 610 can execute step as shown in fig. 1.
Storage unit 620 may include the readable medium of volatile memory cell form, such as Random Access Storage Unit (RAM) 6201 and/or cache memory unit 6202, it can further include read-only memory unit (ROM) 6203.
Storage unit 620 can also include program/utility with one group of (at least one) program module 6205 6204, such program module 6205 includes but is not limited to: operating system, one or more application program, other program moulds It may include the realization of network environment in block and program data, each of these examples or certain combination.
Bus 630 can be to indicate one of a few class bus structures or a variety of, including storage unit bus or storage Cell controller, peripheral bus, graphics acceleration port, processing unit use any bus structures in a variety of bus structures Local bus.
Electronic equipment 600 can also be with one or more external equipments 700 (such as keyboard, sensing equipment, bluetooth equipment Deng) communication, can also be enabled a user to one or more equipment interact with the electronic equipment 600 communicate, and/or with make The electronic equipment 600 any equipment (such as the router, modulatedemodulate that can be communicated with one or more of the other calculating equipment Adjust device etc.) communication.This communication can be carried out by input/output (I/O) interface 650.Also, electronic equipment 600 may be used also To pass through network adapter 660 and one or more network (such as local area network (LAN), wide area network (WAN) and/or public network Network, such as internet) communication.Network adapter 660 can be communicated by bus 630 with other modules of electronic equipment 600.It answers When understanding, although not shown in the drawings, other hardware and/or software module can be used in conjunction with electronic equipment 600, including but unlimited In: microcode, device driver, redundant processing unit, external disk drive array, RAID system, tape drive and number According to backup storage platform etc..
The embodiment of the present invention also provides a kind of computer readable storage medium, and for storing program, program is performed reality The step of existing cipher key authentication method based on part decryption.In some possible embodiments, various aspects of the invention It is also implemented as a kind of form of program product comprising program code, when program product is run on the terminal device, journey Sequence code is for executing terminal device described in this specification above-mentioned electronic prescription circulation processing method part according to this hair The step of bright various illustrative embodiments.
As it appears from the above, the embodiment can be avoided artificial operation, the stability of system is enhanced, and by that will award It weighs configuration information and transmits the mode of information strange land decryption, further ensure the safety of information transmission, decrease certification The workload of device.
Fig. 7 is the structural schematic diagram of computer readable storage medium of the invention.Refering to what is shown in Fig. 7, describing according to this The program product 800 for realizing the above method of the embodiment of invention can use the read-only storage of portable compact disc Device (CD-ROM) and including program code, and can be run on terminal device, such as PC.However, journey of the invention Sequence product is without being limited thereto, and in this document, readable storage medium storing program for executing can be any tangible medium for including or store program, the journey Sequence can be commanded execution system, device or device use or in connection.
Program product can be using any combination of one or more readable mediums.Readable medium can be readable signal Jie Matter or readable storage medium storing program for executing.Readable storage medium storing program for executing for example can be but be not limited to electricity, magnetic, optical, electromagnetic, infrared ray or partly lead System, device or the device of body, or any above combination.More specific example (the non exhaustive column of readable storage medium storing program for executing Table) it include: the electrical connection with one or more conducting wires, portable disc, hard disk, random access memory (RAM), read-only storage Device (ROM), erasable programmable read only memory (EPROM or flash memory), optical fiber, portable compact disc read only memory (CD- ROM), light storage device, magnetic memory device or above-mentioned any appropriate combination.
Computer readable storage medium may include in a base band or as carrier wave a part propagate data-signal, In carry readable program code.The data-signal of this propagation can take various forms, including but not limited to electromagnetic signal, Optical signal or above-mentioned any appropriate combination.Readable storage medium storing program for executing can also be any readable Jie other than readable storage medium storing program for executing Matter, the readable medium can send, propagate or transmit for by instruction execution system, device or device use or and its The program of combined use.The program code for including on readable storage medium storing program for executing can transmit with any suitable medium, including but not It is limited to wireless, wired, optical cable, RF etc. or above-mentioned any appropriate combination.
The program for executing operation of the present invention can be write with any combination of one or more programming languages Code, programming language include object oriented program language-Java, C++ etc., further include conventional process Formula programming language-such as " C " language or similar programming language.Program code can be calculated fully in user It executes in equipment, partly execute on a user device, executing, as an independent software package partially in user calculating equipment Upper part executes on a remote computing or executes in remote computing device or server completely.It is being related to remotely counting In the situation for calculating equipment, remote computing device can pass through the network of any kind, including local area network (LAN) or wide area network (WAN), it is connected to user calculating equipment, or, it may be connected to external computing device (such as utilize ISP To be connected by internet).
To sum up, the purpose of the present invention is to provide cipher key authentication method, system, equipment and storages based on part decryption to be situated between Matter can be avoided artificial operation, enhance the stability of system, and by the way that authorization configuration information and transmission information is different The mode of ground decryption, further ensures the safety of information transmission, decreases the workload of authentication device.
The above content is a further detailed description of the present invention in conjunction with specific preferred embodiments, and it cannot be said that Specific implementation of the invention is only limited to these instructions.For those of ordinary skill in the art to which the present invention belongs, exist Under the premise of not departing from present inventive concept, a number of simple deductions or replacements can also be made, all shall be regarded as belonging to of the invention Protection scope.

Claims (10)

1. a kind of cipher key authentication method based on part decryption, which comprises the following steps:
The authorization requests of at least client transmission are received, the authorization message and authorization configuration letter of the corresponding client are generated Breath, and the authorization configuration information is sent to the client;
The access request that the client is sent is received, the access request is merged by the authorization configuration information and transmission information Encryption obtains afterwards, after only the authorization configuration information being encrypted in access request is decrypted, and keeps the transmission information Encrypted state;And
It is authenticated in conjunction with the authorization message, authenticates and successfully then call business service corresponding with access request for the client End access.
2. the cipher key authentication method as described in claim 1 based on part decryption, it is characterised in that: according to authorization configuration information It is authenticated in conjunction with the authorization message, if authenticating successfully, sends service server for access request, the business is called to take Business service corresponding with access request in device of being engaged in is accessed for the client.
3. the cipher key authentication method as described in claim 1 based on part decryption, it is characterised in that: according to authorization configuration information It is authenticated in conjunction with the authorization message, if failed authentication, refuses the access request.
4. the cipher key authentication method as described in claim 1 based on part decryption, it is characterised in that: call the business service Type include read data, write-in data and delete data at least one of.
5. the cipher key authentication method as described in claim 1 based on part decryption, it is characterised in that: the authorization configuration information Key including cipher mode and the corresponding cipher mode, the access request are closed by the authorization configuration information and transmission information And afterwards by being obtained after the cipher mode and key encryption.
6. the cipher key authentication method as described in claim 1 based on part decryption, it is characterised in that: the storage authorization letter Breath, and establish the mapping relations of the authorization message Yu the client.
7. the cipher key authentication method as claimed in claim 2 based on part decryption, it is characterised in that: taken according to by the business The transmission information after business device decryption, calls corresponding business service to access for the client.
8. a kind of key authentication system based on part decryption characterized by comprising
Authentication module receives the authorization requests of at least client transmission, generate the corresponding client authorization message and Authorization configuration information, and the authorization configuration information is sent to the client;
Deciphering module receives the access request that the client is sent, and the access request is by the authorization configuration information and biography Defeated information is encrypted after merging and is obtained, after only the authorization configuration information being encrypted in access request is decrypted, and described in holding Transmit the encrypted state of information;And
Authentication module is authenticated in conjunction with the authorization message, is authenticated and is successfully then called business service corresponding with access request It is accessed for the client.
9. a kind of key authentication equipment based on part decryption characterized by comprising
Processor;
Memory, wherein being stored with the executable instruction of the processor;
Wherein, the processor is configured to come any one of perform claim requirement 1 to 7 institute via the execution executable instruction The step of stating the cipher key authentication method based on part decryption.
10. a kind of computer readable storage medium, for storing program, which is characterized in that described program is performed realization power Benefit require any one of 1 to 7 described in based on part decryption cipher key authentication method the step of.
CN201910223236.4A 2019-03-22 2019-03-22 Key authentication method, system, device and storage medium based on partial decryption Active CN109995774B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910223236.4A CN109995774B (en) 2019-03-22 2019-03-22 Key authentication method, system, device and storage medium based on partial decryption

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910223236.4A CN109995774B (en) 2019-03-22 2019-03-22 Key authentication method, system, device and storage medium based on partial decryption

Publications (2)

Publication Number Publication Date
CN109995774A true CN109995774A (en) 2019-07-09
CN109995774B CN109995774B (en) 2021-10-08

Family

ID=67130921

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910223236.4A Active CN109995774B (en) 2019-03-22 2019-03-22 Key authentication method, system, device and storage medium based on partial decryption

Country Status (1)

Country Link
CN (1) CN109995774B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112579998A (en) * 2019-09-30 2021-03-30 北京京东尚科信息技术有限公司 Webpage access method, management system and electronic equipment in information interaction platform
CN113779598A (en) * 2021-08-27 2021-12-10 北京达佳互联信息技术有限公司 Data processing method, device, server and storage medium

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030084304A1 (en) * 2001-10-26 2003-05-01 Henry Hon System and method for validating a network session
CN102436830A (en) * 2011-08-31 2012-05-02 武汉光谷高清科技发展有限公司 Internet connection sharing (ICS) authentication system and authentication method thereof
CN103345609A (en) * 2013-06-06 2013-10-09 深圳市大成天下信息技术有限公司 Method and device for text encryption and decryption
CN103701611A (en) * 2013-12-30 2014-04-02 天地融科技股份有限公司 Method for accessing and uploading data in data storage system
CN106534176A (en) * 2016-12-08 2017-03-22 西安交大捷普网络科技有限公司 Data safety storage method in cloud environment
CN107277017A (en) * 2017-06-22 2017-10-20 北京洋浦伟业科技发展有限公司 Purview certification method, apparatus and system based on encryption key and device-fingerprint
CN108900479A (en) * 2018-06-12 2018-11-27 泰康保险集团股份有限公司 Short message verification code acquisition methods and device
CN109194673A (en) * 2018-09-20 2019-01-11 江苏满运软件科技有限公司 Authentication method, system, equipment and storage medium based on authorized user message
CN109218307A (en) * 2018-09-13 2019-01-15 中通国脉物联科技南京有限公司 A kind of method of client identity certification
CN109274653A (en) * 2018-08-31 2019-01-25 江苏满运软件科技有限公司 Data management-control method, system, equipment and storage medium based on user right
CN109409133A (en) * 2018-11-12 2019-03-01 泰康保险集团股份有限公司 Call method, device and electronic equipment

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030084304A1 (en) * 2001-10-26 2003-05-01 Henry Hon System and method for validating a network session
CN102436830A (en) * 2011-08-31 2012-05-02 武汉光谷高清科技发展有限公司 Internet connection sharing (ICS) authentication system and authentication method thereof
CN103345609A (en) * 2013-06-06 2013-10-09 深圳市大成天下信息技术有限公司 Method and device for text encryption and decryption
CN103701611A (en) * 2013-12-30 2014-04-02 天地融科技股份有限公司 Method for accessing and uploading data in data storage system
CN106534176A (en) * 2016-12-08 2017-03-22 西安交大捷普网络科技有限公司 Data safety storage method in cloud environment
CN107277017A (en) * 2017-06-22 2017-10-20 北京洋浦伟业科技发展有限公司 Purview certification method, apparatus and system based on encryption key and device-fingerprint
CN108900479A (en) * 2018-06-12 2018-11-27 泰康保险集团股份有限公司 Short message verification code acquisition methods and device
CN109274653A (en) * 2018-08-31 2019-01-25 江苏满运软件科技有限公司 Data management-control method, system, equipment and storage medium based on user right
CN109218307A (en) * 2018-09-13 2019-01-15 中通国脉物联科技南京有限公司 A kind of method of client identity certification
CN109194673A (en) * 2018-09-20 2019-01-11 江苏满运软件科技有限公司 Authentication method, system, equipment and storage medium based on authorized user message
CN109409133A (en) * 2018-11-12 2019-03-01 泰康保险集团股份有限公司 Call method, device and electronic equipment

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112579998A (en) * 2019-09-30 2021-03-30 北京京东尚科信息技术有限公司 Webpage access method, management system and electronic equipment in information interaction platform
CN112579998B (en) * 2019-09-30 2023-09-26 北京京东尚科信息技术有限公司 Webpage access method, management system and electronic equipment in information interaction platform
CN113779598A (en) * 2021-08-27 2021-12-10 北京达佳互联信息技术有限公司 Data processing method, device, server and storage medium

Also Published As

Publication number Publication date
CN109995774B (en) 2021-10-08

Similar Documents

Publication Publication Date Title
US10277591B2 (en) Protection and verification of user authentication credentials against server compromise
US10412061B2 (en) Method and system for encrypted communications
US20200351105A1 (en) User authentication with self-signed certificate and identity verification
EP3916604A1 (en) Method and apparatus for processing privacy data of block chain, device, storage medium and coputer program product
JP6335280B2 (en) User and device authentication in enterprise systems
US9166777B2 (en) Method and system for user authentication for computing devices utilizing PKI and other user credentials
CN109194673A (en) Authentication method, system, equipment and storage medium based on authorized user message
CN111737366B (en) Private data processing method, device, equipment and storage medium of block chain
CN109587101B (en) Digital certificate management method, device and storage medium
CN108566381A (en) A kind of security upgrading method, device, server, equipment and medium
CN112039826B (en) Login method and device applied to applet end, electronic equipment and readable medium
CN109274653A (en) Data management-control method, system, equipment and storage medium based on user right
US11750590B2 (en) Single sign-on (SSO) user techniques using client side encryption and decryption
CN113422679B (en) Key generation method, device and system, encryption method, electronic device and computer readable storage medium
US10985921B1 (en) Systems and methods for out-of-band authenticity verification of mobile applications
CN109995774A (en) Cipher key authentication method, system, equipment and storage medium based on part decryption
CN114240347A (en) Business service secure docking method and device, computer equipment and storage medium
US20210216620A1 (en) System, method, and computer-readable recording medium of creating, accessing, and recovering a user account with single sign on password hidden authentication
CN109711178A (en) A kind of storage method of key-value pair, device, equipment and storage medium
CN112687363A (en) Health code public service method and platform
CN117061105A (en) Data processing method and device, readable medium and electronic equipment
US10756899B2 (en) Access to software applications
US20220217000A1 (en) Attribute-based encryption keys as key material for key-hash message authentication code user authentication and authorization
CN110493236B (en) Communication method, computer equipment and storage medium
US10313315B2 (en) Ensuring information security in data transfers by utilizing proximity keys

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant