CN110149354A - A kind of encryption and authentication method and device based on https agreement - Google Patents
A kind of encryption and authentication method and device based on https agreement Download PDFInfo
- Publication number
- CN110149354A CN110149354A CN201810146515.0A CN201810146515A CN110149354A CN 110149354 A CN110149354 A CN 110149354A CN 201810146515 A CN201810146515 A CN 201810146515A CN 110149354 A CN110149354 A CN 110149354A
- Authority
- CN
- China
- Prior art keywords
- access request
- signing certificate
- key
- preset
- timestamp
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 37
- 238000004590 computer program Methods 0.000 claims description 7
- 230000005540 biological transmission Effects 0.000 abstract description 7
- 238000005516 engineering process Methods 0.000 abstract description 2
- 239000003795 chemical substances by application Substances 0.000 description 8
- 230000006854 communication Effects 0.000 description 8
- 230000006870 function Effects 0.000 description 8
- 238000004891 communication Methods 0.000 description 7
- 238000010586 diagram Methods 0.000 description 7
- 238000012545 processing Methods 0.000 description 5
- 238000012546 transfer Methods 0.000 description 4
- 230000000694 effects Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000004364 calculation method Methods 0.000 description 2
- 230000005611 electricity Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 238000012797 qualification Methods 0.000 description 2
- 239000004065 semiconductor Substances 0.000 description 2
- 238000006467 substitution reaction Methods 0.000 description 2
- 230000001360 synchronised effect Effects 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 238000010276 construction Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 210000003127 knee Anatomy 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 230000000644 propagated effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3297—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of encryption and authentication method and device based on https agreement, is related to field of computer technology.One specific embodiment of this method includes: reception access request, wherein the access request is encrypted with preset-key;The access request is decrypted with the preset-key, and the timestamp of the verifying access request;If successful decryption, and the timestamp verifying of the access request is correct, then authenticates success, return to signing certificate.The embodiment can encrypt authenticating step by increasing, and improve the safety of https agreement transmission data.
Description
Technical field
The present invention relates to field of computer technology more particularly to a kind of encryption methods based on https agreement, device, electricity
Sub- equipment and computer-readable medium.
Background technique
Hypertext transfer protocol (http, HyperText Transfer Protocol) is that interconnection web-based applications are the widest
A kind of general network protocol, all www documents must comply with this standard.Hypertext transfer protocol is used for clear
It lookes between device and Website server (i.e. client and server-side) and transmits information.Http agreement sends content with clear-text way, no
The data encryption of any mode is provided, if attacker has intercepted the transmitting message between browser and Website server, so that it may
Directly to understand information therein, therefore it is directed to this defect of http agreement, use another agreement: Secure Socket Layer is super literary
This transport protocol --- https.For the safety of data transmission, https agreement joined SSL association on the basis of http agreement
It discusses (Secure Sockets Layer, secure socket layer protocol), SSL carrys out the identity of authentication server by certificate, and is clear
The communication encryption look between device and server.The difference of https agreement and http agreement is predominantly 4 points following:
1.https agreement needs to apply for certificate to certification authority, and general free certificate is seldom, needs to pay dues, certification authority
For saving the signing certificate for the server being certified.
2.http is hypertext transfer protocol, and information is plaintext transmission, and https is then that there is the SSL encryption of safety to pass
Defeated agreement.
3.http and https uses entirely different connection type, and port is also different, the former is 80, after
Person is 443.
The connection of 4.http is very simple, is stateless;Https agreement is to add carrying out for http protocol construction by SSL
Encrypted transmission, the network protocol of authentication, than http protocol security.
In realizing process of the present invention, at least there are the following problems in the prior art for inventor's discovery:
After client gets the signing certificate of the server-side from certification authority by https agreement, saved with prior
The signing certificate of server-side in client is compared, if identical, illustrates that the server-side is server-side trusty.
But the signing certificate for saving server-side in client in advance is possible to be tampered the signing certificate for agent side (such as Fig. 1 institute
Show).Agent side intercepts the https access request from client first, and personation server-side returns to the signing certificate of agent side, visitor
After family end receives the signing certificate of agent side, it is mistakenly considered believable server-side, sends data to agent side;Agent receives number
According to rear, palm off as client, send data to server-side, it is that client sends data that server-side, which will mistakenly believe that, is returned data to
Agent side.In this way, agent side has just got the communication data between server-side and client.
Summary of the invention
In view of this, the embodiment of the present invention provides a kind of encryption and authentication method and device based on https agreement, Neng Goutong
Increase encryption authenticating step is crossed, the safety of https agreement transmission data is improved.
To achieve the above object, according to an aspect of an embodiment of the present invention, a kind of adding based on https agreement is provided
Close authentication method, comprising: access request is received, wherein the access request is encrypted with preset-key;With described pre-
If access request described in key pair is decrypted, and the timestamp of the verifying access request;If successful decryption, and the visit
It asks that the timestamp verifying of request is correct, then authenticates success, return to signing certificate.
Optionally, the access request is decrypted, and after the timestamp of the verifying access request, the side
Method further include: if the timestamp of decryption failure and/or the access request verifies wrong, authentification failure, refuse the access
Request.
Optionally, before returning to signing certificate, the method also includes: using the preset-key to the signing certificate
It is encrypted.
Optionally, the signing certificate is being encrypted using the preset-key, return encryption signing certificate it
Afterwards, the method also includes: be decrypted using signing certificate of the preset-key to the encryption;If successful decryption, it is determined that
Whether the signing certificate is identical as default signing certificate;If they are the same, it is determined that the sender of the signing certificate is to be certified
's.
To achieve the above object, other side according to an embodiment of the present invention provides a kind of adding based on https agreement
The device of close certification, comprising: receiving module, for receiving access request, wherein the access request is carried out with preset-key
Encryption;Deciphering module, for the access request to be decrypted with the preset-key, and the verifying access request
Timestamp;Return module, if being used for the deciphering module successful decryption, and the timestamp verifying of the access request is just
Really, then success is authenticated, signing certificate is returned.
Optionally, the return module is also used to, if deciphering module decryption failure and/or the access request
Timestamp verifying is wrong, then authentification failure, refuses the access request.
Optionally, described device further include: encrypting module, for using before the return module returns to signing certificate
The preset-key encrypts the signing certificate;The return module is also used to, what return was encrypted using the preset-key
Signing certificate.
Optionally, described device further include: authentication module, for use preset-key to the signing certificate of the encryption into
Row decryption;If successful decryption, it is determined that whether the signing certificate is identical as default signing certificate;If they are the same, it is determined that described
The sender of signing certificate is certified.
To achieve the above object, another aspect according to an embodiment of the present invention, provides a kind of electronic equipment, comprising:
One or more processors;Storage device, for storing one or more programs, when one or more of programs are by described one
A or multiple processors execute, so that one or more of processors realize a kind of encryption authenticating party based on https agreement
Any method in method.
To achieve the above object, another aspect according to an embodiment of the present invention provides a kind of computer-readable medium,
It is stored thereon with computer program, is realized when described program is executed by one or more processors a kind of based on https agreement
Any method in encryption and authentication method.
One embodiment in foregoing invention has the following advantages that or the utility model has the advantages that because uses using preset-key to visit
Ask that request carries out the technological means of encrypting and decrypting and verification time stamp, https access request is proxied to be cracked so overcoming
Technical problem, and then reach the technical effect for improving the safety of https agreement transmission.
Further effect possessed by above-mentioned non-usual optional way adds hereinafter in conjunction with specific embodiment
With explanation.
Detailed description of the invention
Attached drawing for a better understanding of the present invention, does not constitute an undue limitation on the present invention.Wherein:
Fig. 1 is a kind of showing for the key step of encryption and authentication method based on https agreement according to an embodiment of the present invention
It is intended to;
Fig. 2 is a kind of flow chart of preferred embodiment according to an embodiment of the present invention;
Fig. 3 is a kind of showing for the major part of encryption authentication device based on https agreement according to an embodiment of the present invention
It is intended to;
Fig. 4 is that the embodiment of the present invention can be applied to exemplary system architecture figure therein;
Fig. 5 is adapted for the structural representation of the computer system for the terminal device or server of realizing the embodiment of the present invention
Figure.
Specific embodiment
Below in conjunction with attached drawing, an exemplary embodiment of the present invention will be described, including the various of the embodiment of the present invention
Details should think them only exemplary to help understanding.Therefore, those of ordinary skill in the art should recognize
It arrives, it can be with various changes and modifications are made to the embodiments described herein, without departing from scope and spirit of the present invention.Together
Sample, for clarity and conciseness, descriptions of well-known functions and structures are omitted from the following description.
Fig. 1 is a kind of showing for the key step of encryption and authentication method based on https agreement according to an embodiment of the present invention
It is intended to, as shown in Figure 1,
Step S101 indicates to receive access request, wherein the access request is encrypted with preset-key;This step
Rapid purpose is to be encrypted using preset-key to access request, and access request content is prevented to be leaked.Wherein, described default
Key can be the key for being also possible to generate including public key and private key pair form with preset cryptographic protocol.For example,
Built-in default public key in the code of client, client first send http access and ask before sending https request to server-side
It asks, and is encrypted with the public key.
Step S102 expression is decrypted the access request with the preset-key, and the verifying access request
Timestamp;The purpose of this step is whether the determining access request is to be encrypted with preset-key, if can use
Preset-key is decrypted, then illustrates that the access request is from authenticating party.
For example, server-side has received the access request with the default public key encryption in preset-key, in preset-key
Default private key be decrypted;Whether the validity period that timestamp can be used to authentication-access request is more than default time limit, Huo Zhejie
Whether the timestamp for closing the verifying of timestamp synchronization system is synchronous.
If step S103 indicates successful decryption, and the timestamp verifying of the access request is correct, then authenticates success, return
Signing certificate.The purpose of this step is after completing certification, to return the result.Wherein the signing certificate, which can be, is pre-stored in server-side
By certificate signed by certification authority, which is used to determine the identity of server-side, illustrates that server-side is to be certified agency qualification
's.
For example, server-side preset-key is to access request successful decryption, and demonstrates the validity of timestamp, then return
The signing certificate of server-side.
Before returning to signing certificate, the method may also include that the request for sending and obtaining the signing certificate;Described in reception
Signing certificate.The purpose of this step is to obtain signature when needing to obtain signing certificate to certification authority or other sources
Certificate further increases safety.
The access request is decrypted, and after the timestamp of the verifying access request, the method may be used also
If including: decryption failure, i.e., the access request cannot be decrypted using the preset-key and/or the access is asked
The timestamp verifying asked is wrong, then authentification failure, refuses the access request.The purpose of this step is to refuse the visit of authentification failure
It asks request, prevents leaking data.If cannot use the preset-key that the access request is decrypted, illustrate the visit
It asks that request is encrypted with preset-key, shows that its source is unknown, so authentification failure, denied access request;At that time
Between when stabbing authentication failed, if timestamp has been more than default validity period or asynchronous with timestamp synchronization system, then authentification failure, is refused
Exhausted access request.
Before returning to signing certificate, the method, which may also include that, carries out the signing certificate using the preset-key
Encryption;The method also includes: return to the signing certificate encrypted using the preset-key.The purpose of this step is using default
The encryption of key pair signing certificate, further increases safety.
After returning to the signing certificate encrypted using the preset-key, the method may also include that using preset-key
The signing certificate of the encryption is decrypted;If successful decryption, it is determined that the signing certificate whether with default signing certificate
It is identical;If they are the same, it is determined that the sender of the signing certificate is certified.The purpose of this step is with preset-key to returning
The signing certificate returned is decrypted, if decryption unsuccessfully illustrates that the default signing certificate returned is encrypted with preset-key
, source may be not to be certified;After decryption, if signing certificate is identical as preset signing certificate, furtherly
The reliability in bright source completes certification, if front certificate is different from default signing certificate, illustrates the source of the signing certificate
It is unreliable.Wherein presetting signing certificate can be the signature card for the server-side obtained from certification authority for being pre-stored in client in advance
Book is also possible to client and sends https access request to server-side again, the signing certificate returned by server-side.
For example, client receives the signing certificate of the encryption from server-side, the default public key pair in preset-key is used
Signing certificate is decrypted, if successful decryption, illustrates that signing certificate is encrypted using the default private key in preset-key
's;It after decrypting signing certificate, then is compared with default signing certificate, if identical, illustrates that signing certificate is from being recognized
The server-side of card, so that the identity to server-side is authenticated.
After client is to server side authentication, so that it may send data to server-side according to https agreement.
Fig. 2 is a kind of flow chart of preferred embodiment according to an embodiment of the present invention, as shown in Figure 2:
S201 indicates that client sends http access request to server-side, and is added using the public key 1 consulted with server-side
The close http access request;
S202 indicates that server-side decrypts whether the http access request and verification time stamp are more than to be preset with private key 1
The effect phase;
S203 indicates that illustrating that client is can if server-side is using 1 successful decryption of private key and timestamp is verified errorless
It leans on, 1 ciphering signature certificate 1 of server-side private key is simultaneously sent to client, and wherein signing certificate 1 is obtained from certification authority
's;
After S204 indicates that client receives signing certificate 1, with 1 decrypted signature certificate 1 of public key;
S205 indicates that client sends https access request to server-side again;
After S206 indicates that server-side receives https access request, signing certificate 2 is returned to client;
S206 indicate determine signing certificate 1 and the signing certificate 2 it is whether identical, if identical, illustrate server-side be by
Certification.
Fig. 3 is a kind of major part of encryption authentication device 300 based on https agreement according to an embodiment of the present invention
Schematic diagram, as shown in Figure 3:
Receiving module 301, for receiving access request, wherein the access request is encrypted with preset-key;
Purpose is to be encrypted using preset-key to access request, and access request content is prevented to be leaked.Wherein, the preset-key
It can be the key for being also possible to generate including public key and private key pair form with preset cryptographic protocol.For example, in client
Built-in default public key in the code at end, client first send http access request before sending https request to server-side,
And it is encrypted with the public key.
Deciphering module 302, for the access request to be decrypted with the preset-key, and the verifying access
The timestamp of request;Purpose is whether the determining access request is to be encrypted with preset-key, if can use default
Key is decrypted, then illustrates that the access request is from authenticating party.
For example, server-side has received the access request with the default public key encryption in preset-key, in preset-key
Default private key be decrypted;Whether the validity period that timestamp can be used to authentication-access request is more than default time limit, Huo Zhejie
Whether the timestamp for closing the verifying of timestamp synchronization system is synchronous.
Return module 303, if being used for the deciphering module successful decryption, and the timestamp verifying of the access request is just
Really, then success is authenticated, signing certificate is returned.Purpose is after completing certification, to return the result.For example, server-side preset-key pair
Access request successful decryption, and demonstrate the validity of timestamp, then return to the signing certificate of server-side.The wherein signature card
Book can be pre-stored in server-side by certificate signed by certification authority, which is used to determine the identity of server-side, illustrates to take
Business end is certified agency qualification.
The return module can also be used in, if the decryption failure of deciphering module 302, i.e., cannot use the preset-key to institute
State access request be decrypted and/or the timestamp of the access request verifying it is wrong, then authentification failure, refuses the access
Request.Purpose is to refuse the access request of authentification failure, prevents leaking data.If the preset-key cannot be used to the visit
When asking that request is decrypted, illustrate that the access request is encrypted with preset-key, shows that its source is unknown, so
Authentification failure, denied access request;When timestamp authentication failed, as timestamp be more than default validity period or with timestamp it is same
Step system is asynchronous, then authentification failure, denied access request.
Described device 300 may also include that
Encrypting module, for before return module 303 returns to the signing certificate, with the preset-key to the label
Name certificate encryption;Return module 303 is also used to, and returns to the signing certificate encrypted using the preset-key.Purpose is using pre-
If key pair signing certificate encrypts, safety is further increased.
Evidence obtaining module, for sending and obtaining asking for the signing certificate before return module 303 returns to signing certificate
It asks, receives the signing certificate.Purpose is to obtain label when needing to obtain signing certificate to certification authority or other sources
Name certificate, further increases safety.
Authentication module, for being decrypted using signing certificate of the preset-key to the encryption;If successful decryption, really
Whether the fixed signing certificate is identical as default signing certificate;If they are the same, it is determined that the sender of the signing certificate is to be recognized
Card.Purpose is decrypted with signing certificate of the preset-key to return, if decryption unsuccessfully illustrates the default signature returned
Certificate is encrypted with preset-key, and source may be not to be certified;After decryption, if signing certificate and default
Signing certificate it is identical, then further illustrate the reliability in source, complete certification, if front certificate and default signing certificate are not
Together, then illustrate that the source of the signing certificate is unreliable.Wherein preset signing certificate can be pre-stored in advance client from recognizing
The signing certificate for demonstrate,proving the server-side that mechanism obtains is also possible to client and sends https access request to server-side again, by servicing
Hold the signing certificate returned.
For example, client receives the signing certificate of the encryption from server-side, the default public key pair in preset-key is used
Signing certificate is decrypted, if successful decryption, illustrates that signing certificate is encrypted using the default private key in preset-key
's;It after decrypting signing certificate, then is compared with default signing certificate, if identical, illustrates that signing certificate is from being recognized
The server-side of card, so that the identity to server-side is authenticated.
After client is to server side authentication, so that it may send data to server-side according to https agreement.
Fig. 4 shows a kind of encryption and authentication method or one kind based on https agreement that can apply the embodiment of the present invention
The exemplary system architecture 400 of encryption authentication device based on https agreement.
As shown in figure 4, system architecture 400 may include terminal device 401,402,403, network 404 and server 405.
Network 404 between terminal device 401,402,403 and server 405 to provide the medium of communication link.Network 404 can be with
Including various connection types, such as wired, wireless communication link or fiber optic cables etc..
User can be used terminal device 401,402,403 and be interacted by network 404 with server 405, to receive or send out
Send message etc..Various telecommunication customer end applications, such as the application of shopping class, net can be installed on terminal device 401,402,403
The application of page browsing device, searching class application, instant messaging tools, mailbox client, social platform software etc..
Terminal device 401,402,403 can be the various electronic equipments with display screen and supported web page browsing, packet
Include but be not limited to smart phone, tablet computer, pocket computer on knee and desktop computer etc..
Server 405 can be to provide the server of various services, such as utilize terminal device 401,402,403 to user
The shopping class website browsed provides the back-stage management server supported.Back-stage management server can believe the product received
The data such as breath inquiry request carry out the processing such as analyzing, and processing result (such as target push information, product information) is fed back to
Terminal device.
It should be noted that a kind of encryption and authentication method based on https agreement provided by the embodiment of the present invention is general
It is executed by server 405, correspondingly, a kind of encryption authentication device based on https agreement is generally positioned in server 405.
It should be understood that the number of terminal device, network and server in Fig. 4 is only schematical.According to realization need
It wants, can have any number of terminal device, network and server.
Fig. 5 show the structural representation for being suitable for the computer system 500 for the terminal device for being used to realize the embodiment of the present invention
Figure.Terminal device shown in fig. 5 is only an example, should not function to the embodiment of the present invention and use scope bring it is any
Limitation.
As shown in figure 5, computer system 500 includes central processing unit (CPU) 501, it can be read-only according to being stored in
Program in memory (ROM) 502 or be loaded into the program in random access storage device (RAM) 503 from storage section 508 and
Execute various movements appropriate and processing.In RAM 503, also it is stored with system 500 and operates required various programs and data.
CPU 501, ROM 502 and RAM 503 are connected with each other by bus 504.Input/output (I/O) interface 505 is also connected to always
Line 504.
I/O interface 505 is connected to lower component: the importation 506 including keyboard, mouse etc.;It is penetrated including such as cathode
The output par, c 507 of spool (CRT), liquid crystal display (LCD) etc. and loudspeaker etc.;Storage section 508 including hard disk etc.;
And the communications portion 509 of the network interface card including LAN card, modem etc..Communications portion 509 via such as because
The network of spy's net executes communication process.Driver 510 is also connected to I/O interface 505 as needed.Detachable media 511, such as
Disk, CD, magneto-optic disk, semiconductor memory etc. are mounted on as needed on driver 510, in order to read from thereon
Computer program be mounted into storage section 508 as needed.
Particularly, disclosed embodiment, the process of above step figure description may be implemented as computer according to the present invention
Software program.For example, embodiment disclosed by the invention includes a kind of computer program product comprising be carried on computer-readable
Computer program on medium, the computer program include the program code for executing method shown in block diagram.In this way
Embodiment in, which can be downloaded and installed from network by communications portion 509, and/or from detachable
Medium 511 is mounted.When the computer program is executed by central processing unit (CPU) 501, executes and limited in system of the invention
Fixed above-mentioned function.
It should be noted that computer-readable medium shown in the present invention includes computer-readable signal media or computer
Readable storage medium storing program for executing or the two any combination.Computer readable storage medium include but is not limited to electricity, magnetic, light,
Electromagnetism, infrared ray, the system of semiconductor, any combination of device or device or above content.Computer readable storage medium
Be specifically including but not limited to: electrical connection, portable computer diskette with one or more conducting wires, hard disk, random access are deposited
Reservoir (RAM), read-only memory (ROM), erasable programmable read only memory (EPROM or flash memory), optical fiber, Portable, compact
Disk read-only memory (CD-ROM), light storage device, magnetic memory device or above content any combination.In the present invention
In, computer readable storage medium, which includes any, includes or the tangible medium of storage program, which can be commanded and execute system
System, device or device use or in connection;Computer-readable signal media includes in a base band or conduct
The data-signal that carrier wave a part is propagated, wherein carrying computer-readable program code, the data-signal of this propagation can
To take various forms, including but not limited to electromagnetic signal, any combination of optical signal or above-mentioned signal.Computer-readable letter
Number medium can also be any computer-readable medium other than computer readable storage medium, which can be with
It sends, propagate or transmits for by the use of instruction execution system, device or device or program in connection.Meter
The program code for including on calculation machine readable medium can transmit with any suitable medium, including but not limited to: wireless, electric wire,
Any combination of optical cable, RF (radio frequency) etc. or above-mentioned medium.
Step figure or block diagram in attached drawing, illustrate according to the system of various embodiments of the invention, method and computer journey
The architecture, function and operation in the cards of sequence product, each box in block diagram or block diagram can represent a mould
A part of block, program segment or code, a part of above-mentioned module, program segment or code include it is one or more for realizing
The executable instruction of defined logic function.It should be noted that in some implementations as replacements, function marked in the box
It can also occur in a different order than that indicated in the drawings.For example, two boxes succeedingly indicated can actually be parallel
Ground executes, and can also execute in the opposite order sometimes, and execution sequence depends on the functions involved.It is also noted that
Each box in block diagram or block diagram with and combinations thereof, can the dedicated of the functions or operations as defined in executing be based on hardware
System realize, or can realize using a combination of dedicated hardware and computer instructions.
Being described in the embodiment of the present invention involved module or unit can be realized by way of software, can also be with
It is realized by way of hardware.Described module or unit also can be set in the processor, for example, can be described as:
A kind of processor includes receiving module, deciphering module and return module.Wherein, these modules or the title of unit are in certain situation
Under do not constitute restriction to the module or unit itself, for example, receiving module is also described as " asking for receiving access
The module asked ".
On the other hand, the embodiment of the invention also provides a kind of computer-readable medium, which can be with
It is included in equipment described in above-described embodiment;It is also possible to individualism, and without in the supplying equipment.Above-mentioned meter
Calculation machine readable medium carries one or more program, when said one or multiple programs are executed by the equipment,
So that the equipment includes: reception access request, wherein the access request is encrypted with preset-key;It is preset with described
Access request described in key pair is decrypted, and the timestamp of the verifying access request;If successful decryption, and the access
The timestamp verifying of request is correct, then authenticates success, return to signing certificate.
Technical solution according to an embodiment of the present invention can encrypt authenticating step by increasing, improve the transmission of https agreement
The safety of data.
Above-mentioned specific embodiment, does not constitute a limitation on the scope of protection of the present invention.Those skilled in the art should be bright
It is white, design requirement and other factors are depended on, various modifications, combination, sub-portfolio and substitution can occur.It is any
Made modifications, equivalent substitutions and improvements etc. within the spirit and principles in the present invention, should be included in the scope of the present invention
Within.
Claims (10)
1. a kind of encryption and authentication method based on https agreement characterized by comprising
Access request is received, wherein the access request is encrypted with preset-key;
The access request is decrypted with the preset-key, and the timestamp of the verifying access request;
If successful decryption, and the timestamp verifying of the access request is correct, then authenticates success, return to signing certificate.
2. the method according to claim 1, wherein the access request is decrypted, and described in verifying
After the timestamp of access request, the method also includes:
If the timestamp of decryption failure and/or the access request verifies wrong, authentification failure, refuse the access request.
3. the method according to claim 1, wherein return signing certificate before, the method also includes:
The signing certificate is encrypted using the preset-key.
4. according to the method described in claim 3, it is characterized in that, being added using the preset-key to the signing certificate
It is close, after the signing certificate for returning to encryption, the method also includes:
It is decrypted using signing certificate of the preset-key to the encryption;
If successful decryption, it is determined that whether the signing certificate is identical as default signing certificate;
If they are the same, it is determined that the sender of the signing certificate is certified.
5. a kind of encryption authentication device based on https agreement characterized by comprising
Receiving module, for receiving access request, wherein the access request is encrypted with preset-key;
Deciphering module, for the access request to be decrypted with the preset-key, and the verifying access request
Timestamp;
Return module, if being used for the deciphering module successful decryption, and the timestamp verifying of the access request is correct, then recognizes
It demonstrate,proves successfully, returns to signing certificate.
6. device according to claim 5, which is characterized in that the return module is also used to, if the deciphering module solution
The verifying of the timestamp of close failure and/or the access request is wrong, then authentification failure, refuses the access request.
7. device according to claim 5, which is characterized in that described device further include:
Encrypting module is used for before the return module returns to signing certificate, with the preset-key to the signing certificate
Encryption;
The return module is also used to, and returns to the signing certificate encrypted using the preset-key.
8. device according to claim 7, which is characterized in that described device further include:
Authentication module, for being decrypted using signing certificate of the preset-key to the encryption;
If successful decryption, it is determined that whether the signing certificate is identical as default signing certificate;
If they are the same, it is determined that the sender of the signing certificate is certified.
9. a kind of electronic equipment characterized by comprising
One or more processors;
Storage device, for storing one or more programs,
When one or more of programs are executed by one or more of processors, so that one or more of processors are real
The now method as described in any in claim 1-4.
10. a kind of computer-readable medium, is stored thereon with computer program, which is characterized in that described program is by one or more
The method as described in any in claim 1-4 is realized when a processor executes.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810146515.0A CN110149354A (en) | 2018-02-12 | 2018-02-12 | A kind of encryption and authentication method and device based on https agreement |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810146515.0A CN110149354A (en) | 2018-02-12 | 2018-02-12 | A kind of encryption and authentication method and device based on https agreement |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110149354A true CN110149354A (en) | 2019-08-20 |
Family
ID=67588089
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810146515.0A Pending CN110149354A (en) | 2018-02-12 | 2018-02-12 | A kind of encryption and authentication method and device based on https agreement |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110149354A (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111193704A (en) * | 2019-10-28 | 2020-05-22 | 腾讯科技(深圳)有限公司 | HTTP communication method and device |
| CN111930763A (en) * | 2020-07-29 | 2020-11-13 | 浙江德迅网络安全技术有限公司 | Network security protection method for encrypted https protocol |
| CN111935164A (en) * | 2020-08-14 | 2020-11-13 | 天元大数据信用管理有限公司 | Https interface request method |
| CN112434315A (en) * | 2020-11-20 | 2021-03-02 | 湖南快乐阳光互动娱乐传媒有限公司 | Attachment access method, server and access terminal |
| CN113553573A (en) * | 2021-07-09 | 2021-10-26 | 深圳市高德信通信股份有限公司 | Data security verification method |
| CN114666132A (en) * | 2022-03-22 | 2022-06-24 | 深圳供电局有限公司 | Method for encrypting and authenticating application layer based on TCP/IP protocol |
| CN114844651A (en) * | 2022-05-31 | 2022-08-02 | 唯思电子商务(深圳)有限公司 | Method and system for strong verification of app client https certificate |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110264905A1 (en) * | 2010-04-21 | 2011-10-27 | Michael Ovsiannikov | Systems and methods for split proxying of ssl via wan appliances |
| CN102624740A (en) * | 2012-03-30 | 2012-08-01 | 奇智软件(北京)有限公司 | Data interaction method, client and server |
| CN103634307A (en) * | 2013-11-19 | 2014-03-12 | 北京奇虎科技有限公司 | Method for certificating webpage content and browser |
| CN106936790A (en) * | 2015-12-30 | 2017-07-07 | 上海格尔软件股份有限公司 | The method that client and server end carries out two-way authentication is realized based on digital certificate |
| CN107248075A (en) * | 2017-05-19 | 2017-10-13 | 飞天诚信科技股份有限公司 | A kind of method and device for realizing bidirectional authentication of smart secret key equipment and transaction |
-
2018
- 2018-02-12 CN CN201810146515.0A patent/CN110149354A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110264905A1 (en) * | 2010-04-21 | 2011-10-27 | Michael Ovsiannikov | Systems and methods for split proxying of ssl via wan appliances |
| CN102624740A (en) * | 2012-03-30 | 2012-08-01 | 奇智软件(北京)有限公司 | Data interaction method, client and server |
| CN103634307A (en) * | 2013-11-19 | 2014-03-12 | 北京奇虎科技有限公司 | Method for certificating webpage content and browser |
| CN106936790A (en) * | 2015-12-30 | 2017-07-07 | 上海格尔软件股份有限公司 | The method that client and server end carries out two-way authentication is realized based on digital certificate |
| CN107248075A (en) * | 2017-05-19 | 2017-10-13 | 飞天诚信科技股份有限公司 | A kind of method and device for realizing bidirectional authentication of smart secret key equipment and transaction |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111193704A (en) * | 2019-10-28 | 2020-05-22 | 腾讯科技(深圳)有限公司 | HTTP communication method and device |
| CN111193704B (en) * | 2019-10-28 | 2021-07-23 | 腾讯科技(深圳)有限公司 | HTTP communication method, device and readable storage medium |
| CN111930763A (en) * | 2020-07-29 | 2020-11-13 | 浙江德迅网络安全技术有限公司 | Network security protection method for encrypted https protocol |
| CN111935164A (en) * | 2020-08-14 | 2020-11-13 | 天元大数据信用管理有限公司 | Https interface request method |
| CN112434315A (en) * | 2020-11-20 | 2021-03-02 | 湖南快乐阳光互动娱乐传媒有限公司 | Attachment access method, server and access terminal |
| CN113553573A (en) * | 2021-07-09 | 2021-10-26 | 深圳市高德信通信股份有限公司 | Data security verification method |
| CN113553573B (en) * | 2021-07-09 | 2024-02-06 | 深圳市高德信通信股份有限公司 | Data security verification method |
| CN114666132A (en) * | 2022-03-22 | 2022-06-24 | 深圳供电局有限公司 | Method for encrypting and authenticating application layer based on TCP/IP protocol |
| CN114666132B (en) * | 2022-03-22 | 2024-01-30 | 深圳供电局有限公司 | Method for encrypting and authenticating application layer based on TCP/IP protocol |
| CN114844651A (en) * | 2022-05-31 | 2022-08-02 | 唯思电子商务(深圳)有限公司 | Method and system for strong verification of app client https certificate |
| CN114844651B (en) * | 2022-05-31 | 2024-05-28 | 唯思电子商务(深圳)有限公司 | Method and system for strong verification of https certificate of app client |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11729150B2 (en) | Key pair infrastructure for secure messaging | |
| US20210367795A1 (en) | Identity-Linked Authentication Through A User Certificate System | |
| CN109088889B (en) | SSL encryption and decryption method, system and computer readable storage medium | |
| US9838205B2 (en) | Network authentication method for secure electronic transactions | |
| CN110149354A (en) | A kind of encryption and authentication method and device based on https agreement | |
| US9231925B1 (en) | Network authentication method for secure electronic transactions | |
| CN105007279B (en) | Authentication method and Verification System | |
| JP6012125B2 (en) | Enhanced 2CHK authentication security through inquiry-type transactions | |
| US8417941B2 (en) | Apparatus and method to prevent man in the middle attack | |
| CN102801710B (en) | A kind of network trading method and system | |
| CN111615105B (en) | Information providing and acquiring method, device and terminal | |
| CN105072125B (en) | A kind of http communication system and method | |
| KR101974062B1 (en) | Electronic Signature Method Based on Cloud HSM | |
| CN108616352B (en) | Dynamic password generation method and system based on secure element | |
| CN111784887A (en) | Authorization releasing method, device and system for user access | |
| CN107994995A (en) | A kind of method of commerce, system and the terminal device of lower security medium | |
| CN115760082A (en) | Digital payment processing method, device, equipment, system and medium | |
| CN101924635A (en) | Method and device for user identity authentication | |
| WO2015109958A1 (en) | Data processing method based on negotiation key, and mobile phone | |
| KR100848966B1 (en) | Method for authenticating and decrypting of short message based on public key | |
| CN115766294B (en) | Cloud server resource authentication processing method, device, equipment and storage medium | |
| CN114584355B (en) | Security authentication method, device and system for digital currency transaction | |
| KR102053993B1 (en) | Method for Authenticating by using Certificate | |
| CN112767142A (en) | Processing method, device, computing equipment and medium for transaction file | |
| Fourar-Laidi | A smart card based framework for securing e-business transactions in distributed systems |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190820 |