CN110493258A - Proof of identity method and relevant device based on TOKEN token - Google Patents
Proof of identity method and relevant device based on TOKEN token Download PDFInfo
- Publication number
- CN110493258A CN110493258A CN201910849275.5A CN201910849275A CN110493258A CN 110493258 A CN110493258 A CN 110493258A CN 201910849275 A CN201910849275 A CN 201910849275A CN 110493258 A CN110493258 A CN 110493258A
- Authority
- CN
- China
- Prior art keywords
- token
- client
- task requests
- user
- identity
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
- H04L9/3213—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/121—Timestamp
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
- Information Transfer Between Computers (AREA)
Abstract
This application involves information security fields, and this application discloses a kind of proof of identity methods and relevant device based on TOKEN token, which comprises detect in logging state of the client to user, obtain the identity information of the user;A random number is generated in client, and obtains the time stamp of client, current TOKEN token is generated in client according to the identity information of the user, random number and time stamp, and HTTP task requests are sent to server-side according to the current TOKEN token;After server-side receives the HTTP task requests, the corresponding user identity of the HTTP task requests is verified, and sends feedback information to client according to check results.The application is sent to server-side, and carry out the verification of TOKEN in server end, can effectively improve the safety of proof of identity by generating TOKEN token in client.
Description
Technical field
This application involves information security field, in particular to a kind of proof of identity method and correlation based on TOKEN token
Equipment.
Background technique
Currently, most of remote access systems are all front and back end separation, the project of front and back end separation has a most scabrous
Problem is exactly how to do calling authentication, i.e., how could knows that this time request is legal.Way typically now is exactly
After user logins successfully in front end, rear end can distribute a TOKEN token to front end, and the TOKEN token is used for request
The identity of person verifies, and wherein how long expired TOKEN token can generally provide, the expired TOKEN later will lose
Effect, but be easy to be intercepted and captured by attacker before TOKEN failure, it is then forged into user and rear end is gone to request, thereby result in
Request attack is forged, system potential risks are caused.
Summary of the invention
The purpose of the application is in view of the deficiencies of the prior art, to provide a kind of proof of identity side based on TOKEN token
Method and relevant device are sent to server-side, and carry out the school of TOKEN in server end by generating TOKEN token in client
It tests, the safety of proof of identity can be effectively improved.
In order to achieve the above objectives, the technical solution of the application provide a kind of proof of identity method based on TOKEN token and
Relevant device.
This application discloses a kind of proof of identity methods based on TOKEN token, comprising the following steps:
Detected in logging state of the client to user, when detect user when client successfully logs in, obtain
The identity information of the user;
When the user prepares to initiate HTTP task requests, a random number is generated in client, and obtain client
Time stamp, current TOKEN token, and root are generated in client according to the identity information of the user, random number and time stamp
HTTP task requests are sent to server-side according to the current TOKEN token;
After server-side receives the HTTP task requests, school is carried out to the corresponding user identity of the HTTP task requests
It tests, and sends feedback information to client according to check results;
It is corresponding to this HTTP task requests according to the feedback information after client receives the feedback information of server-side
Data be updated.
Preferably, it is described when the user prepares to initiate HTTP task requests, a random number, packet are generated in client
It includes:
When the user prepares to initiate HTTP task requests, the identity information of one with the user are generated in client
The random number of identical digit;
It is then described that current TOKEN order is generated in client according to the identity information of the user, random number and time stamp
Board, comprising:
The identity information of the user, random number and time stamp are spliced with random order the first character string of generation, and
Time stamp station location marker is added on the head of first character string, generates the second character string;
Second character string is generated into a TOKEN token in client by HASH algorithm.
Preferably, it is described when the user prepares to initiate HTTP task requests, a random number, packet are generated in client
It includes:
When the user prepares to initiate HTTP task requests, the random number of an any digit is generated in client;
It is then described that current TOKEN order is generated in client according to the identity information of the user, random number and time stamp
Board, comprising:
The identity information of the user, random number and time stamp are spliced and generate a character string, and the time stamp is put
On the head or tail portion of the character string;
The character string is generated into a TOKEN token in client by HASH algorithm.
Preferably, described send HTTP task requests to server-side according to the current TOKEN token, comprising:
The character string is encrypted;
The encrypted character string is put into the packet header of the HTTP task requests, and the TOKEN token is put
In the backpack body for entering the HTTP task requests;
The HTTP task requests are sent to server-side.
Preferably, it is described the corresponding user identity of the HTTP task requests is verified before, comprising:
Default effective period of time;
The packet header of the HTTP task requests is parsed, the character string in the HTTP task requests is obtained, to institute
It states character string to be decrypted, obtains the time stamp in the character string;
Obtain the current system time of server-side, and by the time difference between the current system time and the time stamp
It is compared with the effective period of time, if the time difference between the current system time and the time stamp has described
It imitates in the period, then user identity is verified, otherwise send time-out refusal feedback information to client.
Preferably, described verify the corresponding user identity of the HTTP task requests, and according to check results to
Client sends feedback information, comprising:
The backpack body of the HTTP task requests is parsed, the TOKEN token in the HTTP task requests is obtained;
Verification TOKEN token is generated by HASH algorithm according to the character string after the decryption;
The verification TOKEN token is compared with the TOKEN token in the HTTP task requests, if unanimously,
Then verification pass through, and to client transmission verify successfully feedback information and this corresponding data of HTTP task requests, otherwise to
Client sends verification and unsuccessfully refuses feedback information.
Preferably, after the feedback information for receiving server-side when client, according to the feedback information to this HTTP
The corresponding data of task requests are updated, comprising:
When client receive time-out refusal feedback information when, client generate new random number and obtain it is new when
Stamp, generates new TOKEN token according to the new random number, new time stamp and the identity information of user, and according to described
New TOKEN token initiates HTTP task requests to server-side again;
When client receives the feedback information of verification failure refusal, terminate this HTTP task requests;
When client, which receives, verifies successful feedback information, terminate this HTTP task requests, and send out according to server-side
The data corresponding with the HTTP task requests sent are updated.
Disclosed herein as well is a kind of identity verification device based on TOKEN token, described device includes:
Data obtaining module: being set as detecting in logging state of the client to user, when detecting user in visitor
When family end successfully logs in, the identity information of the user is obtained;
Request sending module: being set as when the user prepares to initiate HTTP task requests, generates one in client
Random number, and the time stamp of client is obtained, worked as according to the identity information of the user, random number and time stamp in client generation
Preceding TOKEN token, and HTTP task requests are sent to server-side according to the current TOKEN token;
Correction verification module: being set as after server-side receives the HTTP task requests, corresponding to the HTTP task requests
User identity verified, and according to check results to client send feedback information;
Update module: it is set as after client receives the feedback information of server-side, according to the feedback information to this
The corresponding data of HTTP task requests are updated.
Disclosed herein as well is a kind of computer equipment, the computer equipment includes memory and processor, described to deposit
Computer-readable instruction is stored in reservoir to be made when the computer-readable instruction is executed by one or more processors
Obtain the step of one or more processors execute proof of identity method described above.
Disclosed herein as well is a kind of storage medium, the storage medium can be read and write by processor, and the storage medium is deposited
Computer instruction is contained, when the computer-readable instruction is executed by one or more processors, so that one or more processing
Device executes the step of proof of identity method described above.
The beneficial effect of the application is: the application in client by generating by subscriber identity information, time stamp and random number
The TOKEN token of composition verifies this token in server-side, since the random number in the token is to be randomly generated and pass through
Encryption is crossed, and the random number is passed through into hash algorithm together with user information and time stamp and generates token, ensure that task requests
Safety, avoid by server-side distribution TOKEN lead to the danger being tampered.
Detailed description of the invention
Fig. 1 is a kind of flow diagram of proof of identity method based on TOKEN token of the application one embodiment;
Fig. 2 is a kind of flow diagram of proof of identity method based on TOKEN token of second embodiment of the application;
Fig. 3 is a kind of flow diagram of proof of identity method based on TOKEN token of the application third embodiment;
Fig. 4 is a kind of flow diagram of proof of identity method based on TOKEN token of the 4th embodiment of the application;
Fig. 5 is a kind of flow diagram of proof of identity method based on TOKEN token of the 5th embodiment of the application;
Fig. 6 is a kind of flow diagram of proof of identity method based on TOKEN token of the 6th embodiment of the application;
Fig. 7 is a kind of flow diagram of proof of identity method based on TOKEN token of the 7th embodiment of the application;
Fig. 8 is a kind of identity verification device structural schematic diagram based on TOKEN token of the embodiment of the present application.
Specific embodiment
It is with reference to the accompanying drawings and embodiments, right in order to which the objects, technical solutions and advantages of the application are more clearly understood
The application is further elaborated.It should be appreciated that specific embodiment described herein is only used to explain the application, and
It is not used in restriction the application.
Those skilled in the art of the present technique are appreciated that unless expressly stated, singular " one " used herein, " one
It is a ", " described " and "the" may also comprise plural form.It is to be further understood that being arranged used in the description of the present application
Diction " comprising " refer to that there are the feature, integer, step, operation, element and/or component, but it is not excluded that in the presence of or addition
Other one or more features, integer, step, operation, element, component and/or their group.
The application one embodiment it is a kind of based on the proof of identity method flow of TOKEN token as shown in Figure 1, this reality
Apply example the following steps are included:
Step s101 is detected in logging state of the client to user, when detecting that user successfully steps in client
When record, the identity information of the user is obtained;
Specifically, when user is in client local log-on, it will usually input the information of the user, the letter of the user
Breath includes the account name and password of user, and after client passes through the account name of the user and password authentification, user can
Successfully to log in client, client also believe by the available identity information to currently logged on user, the identity of the user
Breath is the account of user.
Step s102 generates a random number in client, and obtain when the user prepares to initiate HTTP task requests
The time stamp for taking client generates current TOKEN in client according to the identity information of the user, random number and time stamp and enables
Board, and HTTP task requests are sent to server-side according to the current TOKEN token;
Specifically, when user prepares to initiate HTTP task requests to server-side corresponding HTTP can be generated in client
Task requests data packet, includes the identity information and mission bit stream of the user in the HTTP task requests data packet, so
The HTTP task requests data packet is sent to server-side afterwards, to receive the HTTP task requests number in the server-side
After packet, the HTTP task requests data packet is parsed, obtains user's body in the HTTP task requests data packet
Part information and mission bit stream, and verified according to the subscriber identity information, and believed after verification passes through according to the task
Breath executes corresponding task.
Specifically, when generating the subscriber identity information, can the client generate a fixed digit or
The random number of any digit, and the current time stamp of client is obtained, then according to the random number, time stamp and the identity of user
Information generates a TOKEN token, and is put into the HTTTP task requests data packet in the TOKEN token.
Step s103, after server-side receives the HTTP task requests, user corresponding to the HTTP task requests
Identity is verified, and sends feedback information to client according to check results;
Specifically, can be solved to the HTTP task requests after server-side receives the HTTP task requests of client
Analysis, obtains the subscriber identity information in the HTTP task requests, and verify to the subscriber identity information, if verification
Pass through, then corresponding data is sent to client according to the task in the HTTP task requests, otherwise can send and refuse to client
Exhausted request message.
Step s104 appoints this HTTP according to the feedback information after client receives the feedback information of server-side
Business requests corresponding data to be updated.
Specifically, after client receives the feedback information of server-side number clients can be carried out according to the feedback information
According to update;The feedback information includes the feedback message of successful feedback message and failure, if client receives feedback letter
Breath is identified since time-out leads to the refusal of server, and client can regenerate a TOKEN, and the TOKEN includes current
Time stamp, user information and random number;If client can terminate since TOKEN is verified not by leading to the refusal of server-side
This HTTP task requests;If receiving success message, client can terminate this HTTP task requests, and according to server-side
The update of feedback data progress client data.
In the present embodiment, enabled by being generated in client by the TOKEN that subscriber identity information, time stamp and random number form
Board verifies this token in server-side, since the random number in the token is randomly generated and by encryption, and by institute
It states random number and passes through hash algorithm generation token together with user information and time stamp, ensure that the safety of task requests, avoid
The danger being tampered is led to by server-side distribution TOKEN.
Fig. 2 is a kind of proof of identity method flow schematic diagram based on TOKEN token of second embodiment of the application, such as
Shown in figure, the step s102 generates a random number in client when the user prepares to initiate HTTP task requests,
Include:
When the user prepares to initiate HTTP task requests, the identity information of one with the user are generated in client
The random number of identical digit;
Specifically, when the user prepares to initiate HTTP task requests one and the user can be generated in client
The identical digit of identity information random number, since the identity information of the user is regular length, the random number
It is also regular length, and the digit of the random number is consistent with the identity information digit of user.
It is then described that current TOKEN order is generated in client according to the identity information of the user, random number and time stamp
Board, comprising:
The identity information of the user, random number and time stamp are spliced and generate the first word with random order by step s201
Symbol string, and time stamp station location marker is added on the head of first character string, generate the second character string;
The first word is generated with random order specifically, the identity information of the user, random number and time stamp can be spliced
Symbol string, it is assumed that the identity information of user be A, random number B, time stamp C, then sequence can be ABC, CBA, ACB, CAB,
Any of BCA, BAC add time stamp position on the head of first character string after first text string generation
Mark, for identifying position of the time stamp in first character string, the time stamp station location marker can pass through 2 bit digitals
Mark, such as the 00 mark time stamp, on the head of first character string, the 01 mark time stamp is in first character string
Centre, then the 10 mark time stamps generate the second character string in the tail portion of first character string, in this way when server-side is received
To after second character string, 2 bit digital of read head can obtain the position of time stamp, time stamp can be obtained after being parsed
Particular content.
Second character string is generated a TOKEN token in client by HASH algorithm by step s202.
After second text string generation, second character string can be generated one in client by HASH algorithm
A TOKEN token, the HASH algorithm are a HASH functions, and exactly the input of random length is transformed by hashing algorithm
The output of regular length, the output are exactly hashed value, can similarly be solved by HASH algorithm to TOKEN token in server-side
Analysis obtains character string.
In the present embodiment, by splicing the identity information, time stamp and random number of user with random order, spirit can be improved
Activity improves data-handling efficiency.
Fig. 3 is a kind of proof of identity method flow schematic diagram based on TOKEN token of the application third embodiment, such as
Shown in figure, the step s102 generates a random number in client when the user prepares to initiate HTTP task requests,
Include:
When the user prepares to initiate HTTP task requests, the random number of an any digit is generated in client;
Specifically, any digit includes the positive integer of any digit.
It is then described that current TOKEN order is generated in client according to the identity information of the user, random number and time stamp
Board, comprising:
The identity information of the user, random number and time stamp are spliced and generate a character string by step s301, and by institute
State head or tail portion that time stamp is placed on the character string;
A character string is generated specifically, can first splice the identity information of the user, random number and time stamp, is being spelled
In termination process, the timestamp can be placed on to the head or tail portion of character string, and arrange the digit of the timestamp with server-side
It can be 14 with position, such as timestamp, be date Hour Minute Second respectively, such as 20190424000000, it is then welcome
Random number and user information are spliced by different order, generate a string of character string x, such server-side is receiving character string x
After can pass through the character string x and read corresponding timestamp, it is assumed that the identity information of user is A, random number B, time stamp C,
So sequence can be ABC, CBA, ACB, any of BCA, and the position of time stamp and digit client and server-side it
Between appoint in advance, once after appointing, no longer changed in communication process.
The character string is generated a TOKEN token in client by HASH algorithm by step s302.
Specifically, the character string can be generated one in client by HASH algorithm after the text string generation
A TOKEN token, the HASH algorithm are a HASH functions, and exactly the input of random length is transformed by hashing algorithm
The output of regular length, the output are exactly hashed value, can similarly be solved by HASH algorithm to TOKEN token in server-side
Analysis obtains character string.
In the present embodiment, position and digit by time stamp of making an appointment between client and server-side in advance, thus
The random number of any digit is produced, and random number is one of component part of TOKEN, therefore the peace of TOKEN verification can be improved
Quan Xing.
Fig. 4 is a kind of proof of identity method flow schematic diagram based on TOKEN token of the 4th embodiment of the application, such as
Shown in figure, the step s102 sends HTTP task requests to server-side according to the current TOKEN token, comprising:
Step s401 encrypts the character string;
Specifically, can back up to the character string after text string generation, one for according to HASH algorithm
TOKEN token is generated, another can be used for being encrypted, and the encryption can be to be encrypted by symmetric encipherment algorithm, add
Close code key can arrange in advance at client and server end, and the code key can be regularly between client and server-side
It updates, for example, presetting renewal time section, such as one week, one month etc., after expiring, is sent out by client or server-side
It plays code key and updates request, and the code key that request updates both sides is updated according to the code key, before code key update, code key is not
It can change;It is also possible to be encrypted by rivest, shamir, adelman, a pair of of public key and private are respectively safeguarded in client and server end
Key safeguards that a public key and a private key, the public key are used in server-side that is, in one public key of client maintenance and a private key
It is encrypted in character string, the private key is for being decrypted character string, i.e., if in client public key to the word
Symbol string is encrypted, then the character string is decrypted with private key in server-side.
The encrypted character string is put into the packet header of the HTTP task requests by step s402, and will be described
TOKEN token is put into the backpack body of the HTTP task requests;
Specifically, the HTTP task requests are sent by way of HTTP task requests data packet, it is described
HTTP task requests data packet includes packet header and backpack body can be by the character of the encryption after text string generation of the encryption
String is put into the packet header of the HTTP task requests data packet, can be by the TOKEN token after TOKEN token generates
It is put into the backpack body of the HTTP task requests data packet.
The HTTP task requests are sent to server-side by step s403.
Specifically, when the character string of the encryption and the TOKEN token are all put into the HTTP task requests data packet
Afterwards, so that it may which the HTTP task requests data packet is sent to server-side.
In the present embodiment, by being encrypted to the character string and being sent together with the TOKEN, inspection can be improved
Safety.
Fig. 5 is a kind of proof of identity method flow schematic diagram based on TOKEN token of the 5th embodiment of the application, such as
Shown in figure, the step s103, before being verified to the corresponding user identity of the HTTP task requests, comprising:
Step s501 presets effective period of time;
Specifically, effective period of time can be preset in server-side, guarantee the validity of TOKEN, client is avoided to initiate
After HTTP task requests, for a long time without reaching server-side, caused by security risk, the effective period of time can be one section
Time, such as 5 seconds or 10 seconds,.
Step s502 parses the packet header of the HTTP task requests, obtains the word in the HTTP task requests
Symbol string, is decrypted the character string, obtains the time stamp in the character string;
Specifically, after getting the HTTP task requests data packet of client, it can be to the HTTP task requests data
Packet header in packet is parsed, and obtains the character string in the HTTP task requests, then the character string is decrypted, institute
The mode for stating server-side decryption need to be consistent with the mode that client encrypts, i.e., if client is symmetric cryptography, server-side
It should symmetrically decrypt, then obtain the time stamp in the character string, since time stamp is placed on the stem of the character string, and digit is
It is appointed between client and server-side in advance, as long as therefore can according to the initial digit that agreement reads the character string
Obtain time stamp.
Step s503, obtains the current system time of server-side, and by the current system time and the time stamp it
Between time difference be compared with the effective period of time, if the time between the current system time and the time stamp
Difference then verifies user identity in the effective period of time, otherwise sends time-out refusal feedback information to client.
Specifically, after getting client time stamp the current system time of server-side can be obtained, then according to
Client time stamp and the current system time of the server-side obtain the time difference, and by the time difference and it is described it is preset effectively
Period is compared, if the time difference between the current system time and the time stamp is in the effective period of time
It is interior, then user identity is verified, otherwise time-out refusal feedback information is sent to client, for example, if when presetting effective
Between section be 30 seconds, the time stamp received be 11 points 11 seconds 25 minutes, service end system current time be 11 points 11 seconds 26 minutes, the time difference is
60 seconds, the time difference was much larger than the default effective period of time, therefore server-side is rejected by this task requests.
In the present embodiment, the HTTP task is obtained by carrying out parsing to the time stamp in HTTP task requests in server-side
The term of validity of request, and this validity requested is determined according to the term of validity, the safety of proof of identity can be improved
Property.
Fig. 6 is a kind of proof of identity method flow schematic diagram based on TOKEN token of the 6th embodiment of the application, such as
Shown in figure, the step s103 verifies the corresponding user identity of the HTTP task requests, and according to check results to
Client sends feedback information, comprising:
Step s601 parses the backpack body of the HTTP task requests, obtains in the HTTP task requests
TOKEN token;
Specifically, after getting the HTTP task requests data packet of client, it can be to the HTTP task requests data
Backpack body in packet is parsed, and the TOKEN token in the HTTP task requests is obtained.
Step s602 generates verification TOKEN token by HASH algorithm according to the character string after the decryption;
Specifically, can be generated and be verified in server-side according to HASH algorithm after the character string that parsing obtains after decryption
TOKEN token, the verification TOKEN token with the TOKEN in HTTP task requests for being compared, completion authentication,
Due to character string x be by encryption, can using the TOKEN token generated in server-side as compare sample, and HTTP appoint
TOKEN in business request is easy to be stolen by people, can be used for authentication, if unanimously, illustrating that this task requests passes through, this
Sample, which may not need, to be allowed server-side to generate TOKEN and is sent to client, and the load of server-side is mitigated.
The verification TOKEN token is compared step s603 with the TOKEN token in the HTTP task requests,
If consistent, verification passes through, and verifies successfully feedback information and this corresponding number of HTTP task requests to client transmission
According to, otherwise to client send verification unsuccessfully refuse feedback information.
Specifically, the verification TOKEN token can be compared with the TOKEN token in the HTTP task requests,
If consistent, verification passes through, and verifies successfully feedback information and this corresponding number of HTTP task requests to client transmission
According to, otherwise to client send verification unsuccessfully refuse feedback information.
It, can by being verified to the TOKEN in HTTP task requests by HASH algorithm in server-side in the present embodiment
To effectively improve the safety of verification.
Fig. 7 is a kind of proof of identity method flow schematic diagram based on TOKEN token of the 7th embodiment of the application, such as
Shown in figure, the step s104 carries out client according to the feedback information after client receives the feedback information of server-side
The update of data, comprising:
Step s701 generates new random number in client and obtains when client receives the feedback information of time-out refusal
New time stamp is taken, new TOKEN token is generated according to the new random number, new time stamp and the identity information of user, and
HTTP task requests are initiated again to server-side according to the new TOKEN token;
Specifically, new random number can be generated in the client when client receives the feedback information of time-out refusal
And new time stamp is obtained, the new random number is also possible to arbitrarily, i.e., new random number can be different with old random number
Digit, different digital;Then new TOKEN is generated according to the new random number, new time stamp and the identity information of user
Token, and HTTP task requests are initiated to server-side according to the new TOKEN token again.
Step s702 terminates this HTTP task requests when client receives the feedback information of verification failure refusal;
Specifically, can directly terminate this HTTP task when client receives the feedback information of verification failure refusal and ask
It asks, no longer initiates new HTTP task requests.
Step s703 terminates this HTTP task requests when client, which receives, verifies successful feedback information, and according to
The data corresponding with the HTTP task requests that server-side is sent are updated.
Specifically, this HTTP task requests can be terminated when client receives and verifies successful feedback information, and according to
The data corresponding with the HTTP task requests that server-side is sent are updated, for example, client initiates one to server-side
A request for reading user's history order, server-side receive the request, start the identity for verifying user, will after verifying successfully
The History Order data query of the user, which comes out, returns to client, and client carries out visitor after receiving the History Order data
The update of family end data.
In the present embodiment, by client according to the feedback information of server-side carry out further operating, time-out when
Time can re-initiate request, avoid unnecessary communication disruption, and ending request when verifying failure avoids excessive ask
Increase system burden is sought, and updates local data when success, improves the operational efficiency of system.
A kind of identity verification device structure based on TOKEN token of the embodiment of the present application is as shown in Figure 8, comprising:
Data obtaining module 801, request sending module 802, correction verification module 803 and update module 804;Wherein, information obtains
Modulus block 801 is connected with request sending module 802, and request sending module 802 is connected with correction verification module 803, correction verification module 803 with
Update module 804 is connected;Data obtaining module 801 is set as detecting in logging state of the client to user, works as detection
To user when client successfully logs in, the identity information of the user is obtained;Request sending module 802 is set as when the use
When family prepares to initiate HTTP task requests, a random number is generated in client, and obtain the time stamp of client, according to the use
Identity information, random number and the time stamp at family generate current TOKEN token in client, and according to the current TOKEN
Token sends HTTP task requests to server-side;Correction verification module 803 is set as after server-side receives the HTTP task requests,
The corresponding user identity of the HTTP task requests is verified, and sends feedback information to client according to check results;
Update module 804 is set as after client receives the feedback information of server-side, is appointed according to the feedback information to this HTTP
Business requests corresponding data to be updated.
The embodiment of the present application also discloses a kind of computer equipment, and the computer equipment includes memory and processor,
Computer-readable instruction is stored in the memory, the computer-readable instruction is executed by one or more processors
When, so that one or more processors execute the step in proof of identity method described in the various embodiments described above.
The embodiment of the present application also discloses a kind of storage medium, and the storage medium can be read and write by processor, the storage
Device is stored with computer-readable instruction, when the computer-readable instruction is executed by one or more processors so that one or
Multiple processors execute the step in proof of identity method described in the various embodiments described above.
Those of ordinary skill in the art will appreciate that realizing all or part of the process in above-described embodiment method, being can be with
Relevant hardware is instructed to complete by computer program, which can be stored in a computer-readable storage and be situated between
In matter, the program is when being executed, it may include such as the process of the embodiment of above-mentioned each method.Wherein, storage medium above-mentioned can be
The non-volatile memory mediums such as magnetic disk, CD, read-only memory (Read-Only Memory, ROM) or random storage note
Recall body (Random Access Memory, RAM) etc..
Each technical characteristic of embodiment described above can be combined arbitrarily, for simplicity of description, not to above-mentioned reality
It applies all possible combination of each technical characteristic in example to be all described, as long as however, the combination of these technical characteristics is not deposited
In contradiction, all should be considered as described in this specification.
The several embodiments of the application above described embodiment only expresses, the description thereof is more specific and detailed, but simultaneously
The limitation to the application the scope of the patents therefore cannot be interpreted as.It should be pointed out that for those of ordinary skill in the art
For, without departing from the concept of this application, various modifications and improvements can be made, these belong to the guarantor of the application
Protect range.Therefore, the scope of protection shall be subject to the appended claims for the application patent.
Claims (10)
1. a kind of proof of identity method based on TOKEN token, which comprises the following steps:
It is detected in logging state of the client to user, when detecting user when client successfully logs in, described in acquisition
The identity information of user;
When the user prepare initiate HTTP task requests when, client generate a random number, and obtain client when
Stamp, generates current TOKEN token in client according to the identity information of the user, random number and time stamp, and according to institute
It states current TOKEN token and sends HTTP task requests to server-side;
After server-side receives the HTTP task requests, the corresponding user identity of the HTTP task requests is verified,
And feedback information is sent to client according to check results;
After client receives the feedback information of server-side, according to the feedback information to this corresponding number of HTTP task requests
According to being updated.
2. as described in claim 1 based on the proof of identity method of TOKEN token, which is characterized in that described to work as the user
When preparing to initiate HTTP task requests, a random number is generated in client, comprising:
It is identical as the identity information of the user in client generation one when the user prepares to initiate HTTP task requests
The random number of digit;
It is then described that current TOKEN token is generated in client according to the identity information of the user, random number and time stamp, packet
It includes:
The identity information of the user, random number and time stamp are spliced, the first character string is generated with random order, and described
Time stamp station location marker is added on the head of first character string, generates the second character string;
Second character string is generated into a TOKEN token in client by HASH algorithm.
3. as described in claim 1 based on the proof of identity method of TOKEN token, which is characterized in that described to work as the user
When preparing to initiate HTTP task requests, a random number is generated in client, comprising:
When the user prepares to initiate HTTP task requests, the random number of an any digit is generated in client;
It is then described that current TOKEN token is generated in client according to the identity information of the user, random number and time stamp, packet
It includes:
The identity information of the user, random number and time stamp are spliced and generate a character string, and the time stamp is placed on institute
State the head or tail portion of character string;
The character string is generated into a TOKEN token in client by HASH algorithm.
4. as claimed in claim 3 based on the proof of identity method of TOKEN token, which is characterized in that described to work as according to
Preceding TOKEN token sends HTTP task requests to server-side, comprising:
The character string is encrypted;
The encrypted character string is put into the packet header of the HTTP task requests, and the TOKEN token is put into institute
In the backpack body for stating HTTP task requests;
The HTTP task requests are sent to server-side.
5. as described in claim 1 based on the proof of identity method of TOKEN token, which is characterized in that described to the HTTP
Before the corresponding user identity of task requests is verified, comprising:
Default effective period of time;
The packet header of the HTTP task requests is parsed, the character string in the HTTP task requests is obtained, to the word
Symbol string is decrypted, and obtains the time stamp in the character string;
Obtain the current system time of server-side, and by between the current system time and the time stamp time difference and institute
It states effective period of time to be compared, if the time difference between the current system time and the time stamp is when described effective
Between in section, then user identity is verified, otherwise sends time-out refusal feedback information to client.
6. as claimed in claim 5 based on the proof of identity method of TOKEN token, which is characterized in that described to the HTTP
The corresponding user identity of task requests is verified, and sends feedback information to client according to check results, comprising:
The backpack body of the HTTP task requests is parsed, the TOKEN token in the HTTP task requests is obtained;
Verification TOKEN token is generated by HASH algorithm according to the character string after the decryption;
The verification TOKEN token is compared with the TOKEN token in the HTTP task requests, if unanimously, school
It tests and passes through, and verify successfully feedback information and this corresponding data of HTTP task requests to client transmission, otherwise to client
End sends verification and unsuccessfully refuses feedback information.
7. as claimed in claim 6 based on the proof of identity method of TOKEN token, which is characterized in that described when client is received
To after the feedback information of server-side, this corresponding data of HTTP task requests is updated according to the feedback information, is wrapped
It includes:
When client receives the feedback information of time-out refusal, new random number is generated in client and obtains new time stamp, root
New TOKEN token is generated according to the new random number, new time stamp and the identity information of user, and according to described new
TOKEN token initiates HTTP task requests to server-side again;
When client receives the feedback information of verification failure refusal, terminate this HTTP task requests;
When client, which receives, verifies successful feedback information, terminate this HTTP task requests, and sent according to server-side
The data corresponding with the HTTP task requests are updated.
8. a kind of identity verification device based on TOKEN token, which is characterized in that described device includes:
Data obtaining module: being set as detecting in logging state of the client to user, when detecting user in client
When success logs in, the identity information of the user is obtained;
Request sending module: being set as when the user prepares to initiate HTTP task requests, generates one at random in client
Number, and the time stamp of client is obtained, it is generated currently according to the identity information of the user, random number and time stamp in client
TOKEN token, and HTTP task requests are sent to server-side according to the current TOKEN token;
Correction verification module: being set as after server-side receives the HTTP task requests, use corresponding to the HTTP task requests
Family identity is verified, and sends feedback information to client according to check results;
Update module: it is set as after client receives the feedback information of server-side, according to the feedback information to this HTTP
The corresponding data of task requests are updated.
9. a kind of computer equipment, which is characterized in that the computer equipment includes memory and processor, in the memory
It is stored with computer-readable instruction, when the computer-readable instruction is executed by one or more processors, so that one
Or multiple processors are executed as described in any one of claims 1 to 7 the step of proof of identity method.
10. a kind of storage medium, which is characterized in that the storage medium can be read and write by processor, and the storage medium is stored with
Computer instruction, when the computer-readable instruction is executed by one or more processors, so that one or more processors are held
Row is as described in any one of claims 1 to 7 the step of proof of identity method.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910849275.5A CN110493258B (en) | 2019-09-09 | 2019-09-09 | Identity verification method based on TOKEN and related equipment |
PCT/CN2019/117322 WO2021047012A1 (en) | 2019-09-09 | 2019-11-12 | Token-based identity verification method and related device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910849275.5A CN110493258B (en) | 2019-09-09 | 2019-09-09 | Identity verification method based on TOKEN and related equipment |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110493258A true CN110493258A (en) | 2019-11-22 |
CN110493258B CN110493258B (en) | 2022-09-30 |
Family
ID=68557013
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910849275.5A Active CN110493258B (en) | 2019-09-09 | 2019-09-09 | Identity verification method based on TOKEN and related equipment |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN110493258B (en) |
WO (1) | WO2021047012A1 (en) |
Cited By (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111756702A (en) * | 2020-05-29 | 2020-10-09 | 北京沃东天骏信息技术有限公司 | Data security protection method, device, equipment and storage medium |
CN112822175A (en) * | 2020-12-31 | 2021-05-18 | 联想(北京)有限公司 | Information access method and device and electronic equipment |
CN113179277A (en) * | 2021-05-07 | 2021-07-27 | 济南云拓互动传媒有限公司 | Verification method hidden in standard HTTP plaintext message header |
CN113285808A (en) * | 2021-05-18 | 2021-08-20 | 挂号网(杭州)科技有限公司 | Identity information verification method, device, equipment and storage medium |
CN113395282A (en) * | 2021-06-15 | 2021-09-14 | 济南浪潮智投智能科技有限公司 | Method and system for preventing third party from accessing server resources |
CN113542235A (en) * | 2021-06-28 | 2021-10-22 | 上海浦东发展银行股份有限公司 | Security mutual access system and method based on token mutual trust mechanism |
CN113709162A (en) * | 2021-08-30 | 2021-11-26 | 康键信息技术(深圳)有限公司 | Method, device and equipment for acquiring intranet data and storage medium |
CN113726513A (en) * | 2021-08-31 | 2021-11-30 | 西安交通大学 | Safety monitoring method, system and equipment for video real-time transmission and readable storage medium |
CN114124534A (en) * | 2021-11-24 | 2022-03-01 | 航天信息股份有限公司 | Data interaction system and method |
CN114650175A (en) * | 2022-03-21 | 2022-06-21 | 网宿科技股份有限公司 | Verification method and device |
CN114938313A (en) * | 2022-07-26 | 2022-08-23 | 北京盛邦赛云科技有限公司 | Man-machine identification method and device based on dynamic token |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2014078605A1 (en) * | 2012-11-14 | 2014-05-22 | Google Inc. | Client token storage for cross-site request forgery protection |
CN106161032A (en) * | 2015-04-24 | 2016-11-23 | 华为技术有限公司 | A kind of identity authentication method and device |
CN108494740A (en) * | 2018-03-01 | 2018-09-04 | 捷开通讯(深圳)有限公司 | Token generates and method of calibration, intelligent terminal and server |
US20180278595A1 (en) * | 2015-12-31 | 2018-09-27 | Huawei Technologies Co., Ltd. | Key configuration method, key management center, and network element |
CN108737326A (en) * | 2017-04-14 | 2018-11-02 | 北京京东尚科信息技术有限公司 | Method, system, device and electronic equipment for carrying out token authentication |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7454622B2 (en) * | 2002-12-31 | 2008-11-18 | American Express Travel Related Services Company, Inc. | Method and system for modular authentication and session management |
CN103188344A (en) * | 2013-02-22 | 2013-07-03 | 浪潮电子信息产业股份有限公司 | Method for safely invoking REST API (representational state transfer, application programming interface) |
CN105227551A (en) * | 2015-09-24 | 2016-01-06 | 四川长虹电器股份有限公司 | The uniform permission administration method of XBRL application platform |
CN105471916B (en) * | 2016-01-13 | 2018-08-17 | 西安电子科技大学 | Take precautions against the method that the latent channel key of Secure Socket Layer is restored |
-
2019
- 2019-09-09 CN CN201910849275.5A patent/CN110493258B/en active Active
- 2019-11-12 WO PCT/CN2019/117322 patent/WO2021047012A1/en active Application Filing
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2014078605A1 (en) * | 2012-11-14 | 2014-05-22 | Google Inc. | Client token storage for cross-site request forgery protection |
CN106161032A (en) * | 2015-04-24 | 2016-11-23 | 华为技术有限公司 | A kind of identity authentication method and device |
US20180278595A1 (en) * | 2015-12-31 | 2018-09-27 | Huawei Technologies Co., Ltd. | Key configuration method, key management center, and network element |
CN108737326A (en) * | 2017-04-14 | 2018-11-02 | 北京京东尚科信息技术有限公司 | Method, system, device and electronic equipment for carrying out token authentication |
CN108494740A (en) * | 2018-03-01 | 2018-09-04 | 捷开通讯(深圳)有限公司 | Token generates and method of calibration, intelligent terminal and server |
Cited By (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111756702A (en) * | 2020-05-29 | 2020-10-09 | 北京沃东天骏信息技术有限公司 | Data security protection method, device, equipment and storage medium |
CN112822175A (en) * | 2020-12-31 | 2021-05-18 | 联想(北京)有限公司 | Information access method and device and electronic equipment |
CN112822175B (en) * | 2020-12-31 | 2022-06-28 | 联想(北京)有限公司 | Information access method and device and electronic equipment |
CN113179277A (en) * | 2021-05-07 | 2021-07-27 | 济南云拓互动传媒有限公司 | Verification method hidden in standard HTTP plaintext message header |
CN113179277B (en) * | 2021-05-07 | 2022-08-02 | 济南云拓互动传媒有限公司 | Verification method hidden in standard HTTP plaintext message header |
CN113285808A (en) * | 2021-05-18 | 2021-08-20 | 挂号网(杭州)科技有限公司 | Identity information verification method, device, equipment and storage medium |
CN113285808B (en) * | 2021-05-18 | 2024-03-26 | 挂号网(杭州)科技有限公司 | Identity information verification method, device, equipment and storage medium |
CN113395282A (en) * | 2021-06-15 | 2021-09-14 | 济南浪潮智投智能科技有限公司 | Method and system for preventing third party from accessing server resources |
CN113542235B (en) * | 2021-06-28 | 2023-04-07 | 上海浦东发展银行股份有限公司 | Safe mutual access method based on token mutual trust mechanism |
CN113542235A (en) * | 2021-06-28 | 2021-10-22 | 上海浦东发展银行股份有限公司 | Security mutual access system and method based on token mutual trust mechanism |
CN113709162A (en) * | 2021-08-30 | 2021-11-26 | 康键信息技术(深圳)有限公司 | Method, device and equipment for acquiring intranet data and storage medium |
CN113726513A (en) * | 2021-08-31 | 2021-11-30 | 西安交通大学 | Safety monitoring method, system and equipment for video real-time transmission and readable storage medium |
CN114124534A (en) * | 2021-11-24 | 2022-03-01 | 航天信息股份有限公司 | Data interaction system and method |
CN114650175A (en) * | 2022-03-21 | 2022-06-21 | 网宿科技股份有限公司 | Verification method and device |
CN114650175B (en) * | 2022-03-21 | 2024-04-02 | 网宿科技股份有限公司 | Verification method and device |
CN114938313B (en) * | 2022-07-26 | 2022-10-04 | 北京盛邦赛云科技有限公司 | Man-machine identification method and device based on dynamic token |
CN114938313A (en) * | 2022-07-26 | 2022-08-23 | 北京盛邦赛云科技有限公司 | Man-machine identification method and device based on dynamic token |
Also Published As
Publication number | Publication date |
---|---|
CN110493258B (en) | 2022-09-30 |
WO2021047012A1 (en) | 2021-03-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110493258A (en) | Proof of identity method and relevant device based on TOKEN token | |
US6678270B1 (en) | Packet interception system including arrangement facilitating authentication of intercepted packets | |
CN102223374B (en) | Third-party authentication security protection system and third-party authentication security protection method based on online security protection of electronic evidence | |
CN111435913B (en) | Identity authentication method and device for terminal of Internet of things and storage medium | |
CN104394172B (en) | Single-sign-on apparatus and method | |
CN110691087A (en) | Access control method, device, server and storage medium | |
CN110932850B (en) | Communication encryption method and system | |
CN111444499B (en) | User identity authentication method and system | |
CN111884811B (en) | Block chain-based data evidence storing method and data evidence storing platform | |
US10756896B2 (en) | Trustless account recovery | |
CN108199847B (en) | Digital security processing method, computer device, and storage medium | |
CN112054897B (en) | Outsourcing Internet of things data for protecting privacy based on block chain and integrity verification method for backup of outsourcing Internet of things data | |
CN111080299B (en) | Anti-repudiation method for transaction information, client and server | |
CN106470103B (en) | Method and system for sending encrypted URL request by client | |
CN111339040B (en) | Cloud storage method, device and equipment for data files and storage medium | |
Yu et al. | Decim: Detecting endpoint compromise in messaging | |
CN111130798A (en) | Request authentication method and related equipment | |
CN112581233A (en) | Method, device, equipment and computer-readable storage medium for order offline operation | |
CN112699374A (en) | Integrity checking vulnerability security protection method and system | |
CN114666060A (en) | Electronic data preservation method and system based on HyperLegger Fabric | |
CN110224824B (en) | Digital certificate processing method and device, computer equipment and storage medium | |
CN109302425B (en) | Identity authentication method and terminal equipment | |
CN112235276B (en) | Master-slave equipment interaction method, device, system, electronic equipment and computer medium | |
CN113852628A (en) | Decentralized single sign-on method, decentralized single sign-on device and storage medium | |
CN110139163A (en) | A kind of method and relevant apparatus obtaining barrage |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |