CN110493258A - Proof of identity method and relevant device based on TOKEN token - Google Patents

Proof of identity method and relevant device based on TOKEN token Download PDF

Info

Publication number
CN110493258A
CN110493258A CN201910849275.5A CN201910849275A CN110493258A CN 110493258 A CN110493258 A CN 110493258A CN 201910849275 A CN201910849275 A CN 201910849275A CN 110493258 A CN110493258 A CN 110493258A
Authority
CN
China
Prior art keywords
token
client
task requests
user
identity
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910849275.5A
Other languages
Chinese (zh)
Other versions
CN110493258B (en
Inventor
杨小彦
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Puhui Enterprise Management Co Ltd
Original Assignee
Ping An Puhui Enterprise Management Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Puhui Enterprise Management Co Ltd filed Critical Ping An Puhui Enterprise Management Co Ltd
Priority to CN201910849275.5A priority Critical patent/CN110493258B/en
Priority to PCT/CN2019/117322 priority patent/WO2021047012A1/en
Publication of CN110493258A publication Critical patent/CN110493258A/en
Application granted granted Critical
Publication of CN110493258B publication Critical patent/CN110493258B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/121Timestamp
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

This application involves information security fields, and this application discloses a kind of proof of identity methods and relevant device based on TOKEN token, which comprises detect in logging state of the client to user, obtain the identity information of the user;A random number is generated in client, and obtains the time stamp of client, current TOKEN token is generated in client according to the identity information of the user, random number and time stamp, and HTTP task requests are sent to server-side according to the current TOKEN token;After server-side receives the HTTP task requests, the corresponding user identity of the HTTP task requests is verified, and sends feedback information to client according to check results.The application is sent to server-side, and carry out the verification of TOKEN in server end, can effectively improve the safety of proof of identity by generating TOKEN token in client.

Description

Proof of identity method and relevant device based on TOKEN token
Technical field
This application involves information security field, in particular to a kind of proof of identity method and correlation based on TOKEN token Equipment.
Background technique
Currently, most of remote access systems are all front and back end separation, the project of front and back end separation has a most scabrous Problem is exactly how to do calling authentication, i.e., how could knows that this time request is legal.Way typically now is exactly After user logins successfully in front end, rear end can distribute a TOKEN token to front end, and the TOKEN token is used for request The identity of person verifies, and wherein how long expired TOKEN token can generally provide, the expired TOKEN later will lose Effect, but be easy to be intercepted and captured by attacker before TOKEN failure, it is then forged into user and rear end is gone to request, thereby result in Request attack is forged, system potential risks are caused.
Summary of the invention
The purpose of the application is in view of the deficiencies of the prior art, to provide a kind of proof of identity side based on TOKEN token Method and relevant device are sent to server-side, and carry out the school of TOKEN in server end by generating TOKEN token in client It tests, the safety of proof of identity can be effectively improved.
In order to achieve the above objectives, the technical solution of the application provide a kind of proof of identity method based on TOKEN token and Relevant device.
This application discloses a kind of proof of identity methods based on TOKEN token, comprising the following steps:
Detected in logging state of the client to user, when detect user when client successfully logs in, obtain The identity information of the user;
When the user prepares to initiate HTTP task requests, a random number is generated in client, and obtain client Time stamp, current TOKEN token, and root are generated in client according to the identity information of the user, random number and time stamp HTTP task requests are sent to server-side according to the current TOKEN token;
After server-side receives the HTTP task requests, school is carried out to the corresponding user identity of the HTTP task requests It tests, and sends feedback information to client according to check results;
It is corresponding to this HTTP task requests according to the feedback information after client receives the feedback information of server-side Data be updated.
Preferably, it is described when the user prepares to initiate HTTP task requests, a random number, packet are generated in client It includes:
When the user prepares to initiate HTTP task requests, the identity information of one with the user are generated in client The random number of identical digit;
It is then described that current TOKEN order is generated in client according to the identity information of the user, random number and time stamp Board, comprising:
The identity information of the user, random number and time stamp are spliced with random order the first character string of generation, and Time stamp station location marker is added on the head of first character string, generates the second character string;
Second character string is generated into a TOKEN token in client by HASH algorithm.
Preferably, it is described when the user prepares to initiate HTTP task requests, a random number, packet are generated in client It includes:
When the user prepares to initiate HTTP task requests, the random number of an any digit is generated in client;
It is then described that current TOKEN order is generated in client according to the identity information of the user, random number and time stamp Board, comprising:
The identity information of the user, random number and time stamp are spliced and generate a character string, and the time stamp is put On the head or tail portion of the character string;
The character string is generated into a TOKEN token in client by HASH algorithm.
Preferably, described send HTTP task requests to server-side according to the current TOKEN token, comprising:
The character string is encrypted;
The encrypted character string is put into the packet header of the HTTP task requests, and the TOKEN token is put In the backpack body for entering the HTTP task requests;
The HTTP task requests are sent to server-side.
Preferably, it is described the corresponding user identity of the HTTP task requests is verified before, comprising:
Default effective period of time;
The packet header of the HTTP task requests is parsed, the character string in the HTTP task requests is obtained, to institute It states character string to be decrypted, obtains the time stamp in the character string;
Obtain the current system time of server-side, and by the time difference between the current system time and the time stamp It is compared with the effective period of time, if the time difference between the current system time and the time stamp has described It imitates in the period, then user identity is verified, otherwise send time-out refusal feedback information to client.
Preferably, described verify the corresponding user identity of the HTTP task requests, and according to check results to Client sends feedback information, comprising:
The backpack body of the HTTP task requests is parsed, the TOKEN token in the HTTP task requests is obtained;
Verification TOKEN token is generated by HASH algorithm according to the character string after the decryption;
The verification TOKEN token is compared with the TOKEN token in the HTTP task requests, if unanimously, Then verification pass through, and to client transmission verify successfully feedback information and this corresponding data of HTTP task requests, otherwise to Client sends verification and unsuccessfully refuses feedback information.
Preferably, after the feedback information for receiving server-side when client, according to the feedback information to this HTTP The corresponding data of task requests are updated, comprising:
When client receive time-out refusal feedback information when, client generate new random number and obtain it is new when Stamp, generates new TOKEN token according to the new random number, new time stamp and the identity information of user, and according to described New TOKEN token initiates HTTP task requests to server-side again;
When client receives the feedback information of verification failure refusal, terminate this HTTP task requests;
When client, which receives, verifies successful feedback information, terminate this HTTP task requests, and send out according to server-side The data corresponding with the HTTP task requests sent are updated.
Disclosed herein as well is a kind of identity verification device based on TOKEN token, described device includes:
Data obtaining module: being set as detecting in logging state of the client to user, when detecting user in visitor When family end successfully logs in, the identity information of the user is obtained;
Request sending module: being set as when the user prepares to initiate HTTP task requests, generates one in client Random number, and the time stamp of client is obtained, worked as according to the identity information of the user, random number and time stamp in client generation Preceding TOKEN token, and HTTP task requests are sent to server-side according to the current TOKEN token;
Correction verification module: being set as after server-side receives the HTTP task requests, corresponding to the HTTP task requests User identity verified, and according to check results to client send feedback information;
Update module: it is set as after client receives the feedback information of server-side, according to the feedback information to this The corresponding data of HTTP task requests are updated.
Disclosed herein as well is a kind of computer equipment, the computer equipment includes memory and processor, described to deposit Computer-readable instruction is stored in reservoir to be made when the computer-readable instruction is executed by one or more processors Obtain the step of one or more processors execute proof of identity method described above.
Disclosed herein as well is a kind of storage medium, the storage medium can be read and write by processor, and the storage medium is deposited Computer instruction is contained, when the computer-readable instruction is executed by one or more processors, so that one or more processing Device executes the step of proof of identity method described above.
The beneficial effect of the application is: the application in client by generating by subscriber identity information, time stamp and random number The TOKEN token of composition verifies this token in server-side, since the random number in the token is to be randomly generated and pass through Encryption is crossed, and the random number is passed through into hash algorithm together with user information and time stamp and generates token, ensure that task requests Safety, avoid by server-side distribution TOKEN lead to the danger being tampered.
Detailed description of the invention
Fig. 1 is a kind of flow diagram of proof of identity method based on TOKEN token of the application one embodiment;
Fig. 2 is a kind of flow diagram of proof of identity method based on TOKEN token of second embodiment of the application;
Fig. 3 is a kind of flow diagram of proof of identity method based on TOKEN token of the application third embodiment;
Fig. 4 is a kind of flow diagram of proof of identity method based on TOKEN token of the 4th embodiment of the application;
Fig. 5 is a kind of flow diagram of proof of identity method based on TOKEN token of the 5th embodiment of the application;
Fig. 6 is a kind of flow diagram of proof of identity method based on TOKEN token of the 6th embodiment of the application;
Fig. 7 is a kind of flow diagram of proof of identity method based on TOKEN token of the 7th embodiment of the application;
Fig. 8 is a kind of identity verification device structural schematic diagram based on TOKEN token of the embodiment of the present application.
Specific embodiment
It is with reference to the accompanying drawings and embodiments, right in order to which the objects, technical solutions and advantages of the application are more clearly understood The application is further elaborated.It should be appreciated that specific embodiment described herein is only used to explain the application, and It is not used in restriction the application.
Those skilled in the art of the present technique are appreciated that unless expressly stated, singular " one " used herein, " one It is a ", " described " and "the" may also comprise plural form.It is to be further understood that being arranged used in the description of the present application Diction " comprising " refer to that there are the feature, integer, step, operation, element and/or component, but it is not excluded that in the presence of or addition Other one or more features, integer, step, operation, element, component and/or their group.
The application one embodiment it is a kind of based on the proof of identity method flow of TOKEN token as shown in Figure 1, this reality Apply example the following steps are included:
Step s101 is detected in logging state of the client to user, when detecting that user successfully steps in client When record, the identity information of the user is obtained;
Specifically, when user is in client local log-on, it will usually input the information of the user, the letter of the user Breath includes the account name and password of user, and after client passes through the account name of the user and password authentification, user can Successfully to log in client, client also believe by the available identity information to currently logged on user, the identity of the user Breath is the account of user.
Step s102 generates a random number in client, and obtain when the user prepares to initiate HTTP task requests The time stamp for taking client generates current TOKEN in client according to the identity information of the user, random number and time stamp and enables Board, and HTTP task requests are sent to server-side according to the current TOKEN token;
Specifically, when user prepares to initiate HTTP task requests to server-side corresponding HTTP can be generated in client Task requests data packet, includes the identity information and mission bit stream of the user in the HTTP task requests data packet, so The HTTP task requests data packet is sent to server-side afterwards, to receive the HTTP task requests number in the server-side After packet, the HTTP task requests data packet is parsed, obtains user's body in the HTTP task requests data packet Part information and mission bit stream, and verified according to the subscriber identity information, and believed after verification passes through according to the task Breath executes corresponding task.
Specifically, when generating the subscriber identity information, can the client generate a fixed digit or The random number of any digit, and the current time stamp of client is obtained, then according to the random number, time stamp and the identity of user Information generates a TOKEN token, and is put into the HTTTP task requests data packet in the TOKEN token.
Step s103, after server-side receives the HTTP task requests, user corresponding to the HTTP task requests Identity is verified, and sends feedback information to client according to check results;
Specifically, can be solved to the HTTP task requests after server-side receives the HTTP task requests of client Analysis, obtains the subscriber identity information in the HTTP task requests, and verify to the subscriber identity information, if verification Pass through, then corresponding data is sent to client according to the task in the HTTP task requests, otherwise can send and refuse to client Exhausted request message.
Step s104 appoints this HTTP according to the feedback information after client receives the feedback information of server-side Business requests corresponding data to be updated.
Specifically, after client receives the feedback information of server-side number clients can be carried out according to the feedback information According to update;The feedback information includes the feedback message of successful feedback message and failure, if client receives feedback letter Breath is identified since time-out leads to the refusal of server, and client can regenerate a TOKEN, and the TOKEN includes current Time stamp, user information and random number;If client can terminate since TOKEN is verified not by leading to the refusal of server-side This HTTP task requests;If receiving success message, client can terminate this HTTP task requests, and according to server-side The update of feedback data progress client data.
In the present embodiment, enabled by being generated in client by the TOKEN that subscriber identity information, time stamp and random number form Board verifies this token in server-side, since the random number in the token is randomly generated and by encryption, and by institute It states random number and passes through hash algorithm generation token together with user information and time stamp, ensure that the safety of task requests, avoid The danger being tampered is led to by server-side distribution TOKEN.
Fig. 2 is a kind of proof of identity method flow schematic diagram based on TOKEN token of second embodiment of the application, such as Shown in figure, the step s102 generates a random number in client when the user prepares to initiate HTTP task requests, Include:
When the user prepares to initiate HTTP task requests, the identity information of one with the user are generated in client The random number of identical digit;
Specifically, when the user prepares to initiate HTTP task requests one and the user can be generated in client The identical digit of identity information random number, since the identity information of the user is regular length, the random number It is also regular length, and the digit of the random number is consistent with the identity information digit of user.
It is then described that current TOKEN order is generated in client according to the identity information of the user, random number and time stamp Board, comprising:
The identity information of the user, random number and time stamp are spliced and generate the first word with random order by step s201 Symbol string, and time stamp station location marker is added on the head of first character string, generate the second character string;
The first word is generated with random order specifically, the identity information of the user, random number and time stamp can be spliced Symbol string, it is assumed that the identity information of user be A, random number B, time stamp C, then sequence can be ABC, CBA, ACB, CAB, Any of BCA, BAC add time stamp position on the head of first character string after first text string generation Mark, for identifying position of the time stamp in first character string, the time stamp station location marker can pass through 2 bit digitals Mark, such as the 00 mark time stamp, on the head of first character string, the 01 mark time stamp is in first character string Centre, then the 10 mark time stamps generate the second character string in the tail portion of first character string, in this way when server-side is received To after second character string, 2 bit digital of read head can obtain the position of time stamp, time stamp can be obtained after being parsed Particular content.
Second character string is generated a TOKEN token in client by HASH algorithm by step s202.
After second text string generation, second character string can be generated one in client by HASH algorithm A TOKEN token, the HASH algorithm are a HASH functions, and exactly the input of random length is transformed by hashing algorithm The output of regular length, the output are exactly hashed value, can similarly be solved by HASH algorithm to TOKEN token in server-side Analysis obtains character string.
In the present embodiment, by splicing the identity information, time stamp and random number of user with random order, spirit can be improved Activity improves data-handling efficiency.
Fig. 3 is a kind of proof of identity method flow schematic diagram based on TOKEN token of the application third embodiment, such as Shown in figure, the step s102 generates a random number in client when the user prepares to initiate HTTP task requests, Include:
When the user prepares to initiate HTTP task requests, the random number of an any digit is generated in client;
Specifically, any digit includes the positive integer of any digit.
It is then described that current TOKEN order is generated in client according to the identity information of the user, random number and time stamp Board, comprising:
The identity information of the user, random number and time stamp are spliced and generate a character string by step s301, and by institute State head or tail portion that time stamp is placed on the character string;
A character string is generated specifically, can first splice the identity information of the user, random number and time stamp, is being spelled In termination process, the timestamp can be placed on to the head or tail portion of character string, and arrange the digit of the timestamp with server-side It can be 14 with position, such as timestamp, be date Hour Minute Second respectively, such as 20190424000000, it is then welcome Random number and user information are spliced by different order, generate a string of character string x, such server-side is receiving character string x After can pass through the character string x and read corresponding timestamp, it is assumed that the identity information of user is A, random number B, time stamp C, So sequence can be ABC, CBA, ACB, any of BCA, and the position of time stamp and digit client and server-side it Between appoint in advance, once after appointing, no longer changed in communication process.
The character string is generated a TOKEN token in client by HASH algorithm by step s302.
Specifically, the character string can be generated one in client by HASH algorithm after the text string generation A TOKEN token, the HASH algorithm are a HASH functions, and exactly the input of random length is transformed by hashing algorithm The output of regular length, the output are exactly hashed value, can similarly be solved by HASH algorithm to TOKEN token in server-side Analysis obtains character string.
In the present embodiment, position and digit by time stamp of making an appointment between client and server-side in advance, thus The random number of any digit is produced, and random number is one of component part of TOKEN, therefore the peace of TOKEN verification can be improved Quan Xing.
Fig. 4 is a kind of proof of identity method flow schematic diagram based on TOKEN token of the 4th embodiment of the application, such as Shown in figure, the step s102 sends HTTP task requests to server-side according to the current TOKEN token, comprising:
Step s401 encrypts the character string;
Specifically, can back up to the character string after text string generation, one for according to HASH algorithm TOKEN token is generated, another can be used for being encrypted, and the encryption can be to be encrypted by symmetric encipherment algorithm, add Close code key can arrange in advance at client and server end, and the code key can be regularly between client and server-side It updates, for example, presetting renewal time section, such as one week, one month etc., after expiring, is sent out by client or server-side It plays code key and updates request, and the code key that request updates both sides is updated according to the code key, before code key update, code key is not It can change;It is also possible to be encrypted by rivest, shamir, adelman, a pair of of public key and private are respectively safeguarded in client and server end Key safeguards that a public key and a private key, the public key are used in server-side that is, in one public key of client maintenance and a private key It is encrypted in character string, the private key is for being decrypted character string, i.e., if in client public key to the word Symbol string is encrypted, then the character string is decrypted with private key in server-side.
The encrypted character string is put into the packet header of the HTTP task requests by step s402, and will be described TOKEN token is put into the backpack body of the HTTP task requests;
Specifically, the HTTP task requests are sent by way of HTTP task requests data packet, it is described HTTP task requests data packet includes packet header and backpack body can be by the character of the encryption after text string generation of the encryption String is put into the packet header of the HTTP task requests data packet, can be by the TOKEN token after TOKEN token generates It is put into the backpack body of the HTTP task requests data packet.
The HTTP task requests are sent to server-side by step s403.
Specifically, when the character string of the encryption and the TOKEN token are all put into the HTTP task requests data packet Afterwards, so that it may which the HTTP task requests data packet is sent to server-side.
In the present embodiment, by being encrypted to the character string and being sent together with the TOKEN, inspection can be improved Safety.
Fig. 5 is a kind of proof of identity method flow schematic diagram based on TOKEN token of the 5th embodiment of the application, such as Shown in figure, the step s103, before being verified to the corresponding user identity of the HTTP task requests, comprising:
Step s501 presets effective period of time;
Specifically, effective period of time can be preset in server-side, guarantee the validity of TOKEN, client is avoided to initiate After HTTP task requests, for a long time without reaching server-side, caused by security risk, the effective period of time can be one section Time, such as 5 seconds or 10 seconds,.
Step s502 parses the packet header of the HTTP task requests, obtains the word in the HTTP task requests Symbol string, is decrypted the character string, obtains the time stamp in the character string;
Specifically, after getting the HTTP task requests data packet of client, it can be to the HTTP task requests data Packet header in packet is parsed, and obtains the character string in the HTTP task requests, then the character string is decrypted, institute The mode for stating server-side decryption need to be consistent with the mode that client encrypts, i.e., if client is symmetric cryptography, server-side It should symmetrically decrypt, then obtain the time stamp in the character string, since time stamp is placed on the stem of the character string, and digit is It is appointed between client and server-side in advance, as long as therefore can according to the initial digit that agreement reads the character string Obtain time stamp.
Step s503, obtains the current system time of server-side, and by the current system time and the time stamp it Between time difference be compared with the effective period of time, if the time between the current system time and the time stamp Difference then verifies user identity in the effective period of time, otherwise sends time-out refusal feedback information to client.
Specifically, after getting client time stamp the current system time of server-side can be obtained, then according to Client time stamp and the current system time of the server-side obtain the time difference, and by the time difference and it is described it is preset effectively Period is compared, if the time difference between the current system time and the time stamp is in the effective period of time It is interior, then user identity is verified, otherwise time-out refusal feedback information is sent to client, for example, if when presetting effective Between section be 30 seconds, the time stamp received be 11 points 11 seconds 25 minutes, service end system current time be 11 points 11 seconds 26 minutes, the time difference is 60 seconds, the time difference was much larger than the default effective period of time, therefore server-side is rejected by this task requests.
In the present embodiment, the HTTP task is obtained by carrying out parsing to the time stamp in HTTP task requests in server-side The term of validity of request, and this validity requested is determined according to the term of validity, the safety of proof of identity can be improved Property.
Fig. 6 is a kind of proof of identity method flow schematic diagram based on TOKEN token of the 6th embodiment of the application, such as Shown in figure, the step s103 verifies the corresponding user identity of the HTTP task requests, and according to check results to Client sends feedback information, comprising:
Step s601 parses the backpack body of the HTTP task requests, obtains in the HTTP task requests TOKEN token;
Specifically, after getting the HTTP task requests data packet of client, it can be to the HTTP task requests data Backpack body in packet is parsed, and the TOKEN token in the HTTP task requests is obtained.
Step s602 generates verification TOKEN token by HASH algorithm according to the character string after the decryption;
Specifically, can be generated and be verified in server-side according to HASH algorithm after the character string that parsing obtains after decryption TOKEN token, the verification TOKEN token with the TOKEN in HTTP task requests for being compared, completion authentication, Due to character string x be by encryption, can using the TOKEN token generated in server-side as compare sample, and HTTP appoint TOKEN in business request is easy to be stolen by people, can be used for authentication, if unanimously, illustrating that this task requests passes through, this Sample, which may not need, to be allowed server-side to generate TOKEN and is sent to client, and the load of server-side is mitigated.
The verification TOKEN token is compared step s603 with the TOKEN token in the HTTP task requests, If consistent, verification passes through, and verifies successfully feedback information and this corresponding number of HTTP task requests to client transmission According to, otherwise to client send verification unsuccessfully refuse feedback information.
Specifically, the verification TOKEN token can be compared with the TOKEN token in the HTTP task requests, If consistent, verification passes through, and verifies successfully feedback information and this corresponding number of HTTP task requests to client transmission According to, otherwise to client send verification unsuccessfully refuse feedback information.
It, can by being verified to the TOKEN in HTTP task requests by HASH algorithm in server-side in the present embodiment To effectively improve the safety of verification.
Fig. 7 is a kind of proof of identity method flow schematic diagram based on TOKEN token of the 7th embodiment of the application, such as Shown in figure, the step s104 carries out client according to the feedback information after client receives the feedback information of server-side The update of data, comprising:
Step s701 generates new random number in client and obtains when client receives the feedback information of time-out refusal New time stamp is taken, new TOKEN token is generated according to the new random number, new time stamp and the identity information of user, and HTTP task requests are initiated again to server-side according to the new TOKEN token;
Specifically, new random number can be generated in the client when client receives the feedback information of time-out refusal And new time stamp is obtained, the new random number is also possible to arbitrarily, i.e., new random number can be different with old random number Digit, different digital;Then new TOKEN is generated according to the new random number, new time stamp and the identity information of user Token, and HTTP task requests are initiated to server-side according to the new TOKEN token again.
Step s702 terminates this HTTP task requests when client receives the feedback information of verification failure refusal;
Specifically, can directly terminate this HTTP task when client receives the feedback information of verification failure refusal and ask It asks, no longer initiates new HTTP task requests.
Step s703 terminates this HTTP task requests when client, which receives, verifies successful feedback information, and according to The data corresponding with the HTTP task requests that server-side is sent are updated.
Specifically, this HTTP task requests can be terminated when client receives and verifies successful feedback information, and according to The data corresponding with the HTTP task requests that server-side is sent are updated, for example, client initiates one to server-side A request for reading user's history order, server-side receive the request, start the identity for verifying user, will after verifying successfully The History Order data query of the user, which comes out, returns to client, and client carries out visitor after receiving the History Order data The update of family end data.
In the present embodiment, by client according to the feedback information of server-side carry out further operating, time-out when Time can re-initiate request, avoid unnecessary communication disruption, and ending request when verifying failure avoids excessive ask Increase system burden is sought, and updates local data when success, improves the operational efficiency of system.
A kind of identity verification device structure based on TOKEN token of the embodiment of the present application is as shown in Figure 8, comprising:
Data obtaining module 801, request sending module 802, correction verification module 803 and update module 804;Wherein, information obtains Modulus block 801 is connected with request sending module 802, and request sending module 802 is connected with correction verification module 803, correction verification module 803 with Update module 804 is connected;Data obtaining module 801 is set as detecting in logging state of the client to user, works as detection To user when client successfully logs in, the identity information of the user is obtained;Request sending module 802 is set as when the use When family prepares to initiate HTTP task requests, a random number is generated in client, and obtain the time stamp of client, according to the use Identity information, random number and the time stamp at family generate current TOKEN token in client, and according to the current TOKEN Token sends HTTP task requests to server-side;Correction verification module 803 is set as after server-side receives the HTTP task requests, The corresponding user identity of the HTTP task requests is verified, and sends feedback information to client according to check results; Update module 804 is set as after client receives the feedback information of server-side, is appointed according to the feedback information to this HTTP Business requests corresponding data to be updated.
The embodiment of the present application also discloses a kind of computer equipment, and the computer equipment includes memory and processor, Computer-readable instruction is stored in the memory, the computer-readable instruction is executed by one or more processors When, so that one or more processors execute the step in proof of identity method described in the various embodiments described above.
The embodiment of the present application also discloses a kind of storage medium, and the storage medium can be read and write by processor, the storage Device is stored with computer-readable instruction, when the computer-readable instruction is executed by one or more processors so that one or Multiple processors execute the step in proof of identity method described in the various embodiments described above.
Those of ordinary skill in the art will appreciate that realizing all or part of the process in above-described embodiment method, being can be with Relevant hardware is instructed to complete by computer program, which can be stored in a computer-readable storage and be situated between In matter, the program is when being executed, it may include such as the process of the embodiment of above-mentioned each method.Wherein, storage medium above-mentioned can be The non-volatile memory mediums such as magnetic disk, CD, read-only memory (Read-Only Memory, ROM) or random storage note Recall body (Random Access Memory, RAM) etc..
Each technical characteristic of embodiment described above can be combined arbitrarily, for simplicity of description, not to above-mentioned reality It applies all possible combination of each technical characteristic in example to be all described, as long as however, the combination of these technical characteristics is not deposited In contradiction, all should be considered as described in this specification.
The several embodiments of the application above described embodiment only expresses, the description thereof is more specific and detailed, but simultaneously The limitation to the application the scope of the patents therefore cannot be interpreted as.It should be pointed out that for those of ordinary skill in the art For, without departing from the concept of this application, various modifications and improvements can be made, these belong to the guarantor of the application Protect range.Therefore, the scope of protection shall be subject to the appended claims for the application patent.

Claims (10)

1. a kind of proof of identity method based on TOKEN token, which comprises the following steps:
It is detected in logging state of the client to user, when detecting user when client successfully logs in, described in acquisition The identity information of user;
When the user prepare initiate HTTP task requests when, client generate a random number, and obtain client when Stamp, generates current TOKEN token in client according to the identity information of the user, random number and time stamp, and according to institute It states current TOKEN token and sends HTTP task requests to server-side;
After server-side receives the HTTP task requests, the corresponding user identity of the HTTP task requests is verified, And feedback information is sent to client according to check results;
After client receives the feedback information of server-side, according to the feedback information to this corresponding number of HTTP task requests According to being updated.
2. as described in claim 1 based on the proof of identity method of TOKEN token, which is characterized in that described to work as the user When preparing to initiate HTTP task requests, a random number is generated in client, comprising:
It is identical as the identity information of the user in client generation one when the user prepares to initiate HTTP task requests The random number of digit;
It is then described that current TOKEN token is generated in client according to the identity information of the user, random number and time stamp, packet It includes:
The identity information of the user, random number and time stamp are spliced, the first character string is generated with random order, and described Time stamp station location marker is added on the head of first character string, generates the second character string;
Second character string is generated into a TOKEN token in client by HASH algorithm.
3. as described in claim 1 based on the proof of identity method of TOKEN token, which is characterized in that described to work as the user When preparing to initiate HTTP task requests, a random number is generated in client, comprising:
When the user prepares to initiate HTTP task requests, the random number of an any digit is generated in client;
It is then described that current TOKEN token is generated in client according to the identity information of the user, random number and time stamp, packet It includes:
The identity information of the user, random number and time stamp are spliced and generate a character string, and the time stamp is placed on institute State the head or tail portion of character string;
The character string is generated into a TOKEN token in client by HASH algorithm.
4. as claimed in claim 3 based on the proof of identity method of TOKEN token, which is characterized in that described to work as according to Preceding TOKEN token sends HTTP task requests to server-side, comprising:
The character string is encrypted;
The encrypted character string is put into the packet header of the HTTP task requests, and the TOKEN token is put into institute In the backpack body for stating HTTP task requests;
The HTTP task requests are sent to server-side.
5. as described in claim 1 based on the proof of identity method of TOKEN token, which is characterized in that described to the HTTP Before the corresponding user identity of task requests is verified, comprising:
Default effective period of time;
The packet header of the HTTP task requests is parsed, the character string in the HTTP task requests is obtained, to the word Symbol string is decrypted, and obtains the time stamp in the character string;
Obtain the current system time of server-side, and by between the current system time and the time stamp time difference and institute It states effective period of time to be compared, if the time difference between the current system time and the time stamp is when described effective Between in section, then user identity is verified, otherwise sends time-out refusal feedback information to client.
6. as claimed in claim 5 based on the proof of identity method of TOKEN token, which is characterized in that described to the HTTP The corresponding user identity of task requests is verified, and sends feedback information to client according to check results, comprising:
The backpack body of the HTTP task requests is parsed, the TOKEN token in the HTTP task requests is obtained;
Verification TOKEN token is generated by HASH algorithm according to the character string after the decryption;
The verification TOKEN token is compared with the TOKEN token in the HTTP task requests, if unanimously, school It tests and passes through, and verify successfully feedback information and this corresponding data of HTTP task requests to client transmission, otherwise to client End sends verification and unsuccessfully refuses feedback information.
7. as claimed in claim 6 based on the proof of identity method of TOKEN token, which is characterized in that described when client is received To after the feedback information of server-side, this corresponding data of HTTP task requests is updated according to the feedback information, is wrapped It includes:
When client receives the feedback information of time-out refusal, new random number is generated in client and obtains new time stamp, root New TOKEN token is generated according to the new random number, new time stamp and the identity information of user, and according to described new TOKEN token initiates HTTP task requests to server-side again;
When client receives the feedback information of verification failure refusal, terminate this HTTP task requests;
When client, which receives, verifies successful feedback information, terminate this HTTP task requests, and sent according to server-side The data corresponding with the HTTP task requests are updated.
8. a kind of identity verification device based on TOKEN token, which is characterized in that described device includes:
Data obtaining module: being set as detecting in logging state of the client to user, when detecting user in client When success logs in, the identity information of the user is obtained;
Request sending module: being set as when the user prepares to initiate HTTP task requests, generates one at random in client Number, and the time stamp of client is obtained, it is generated currently according to the identity information of the user, random number and time stamp in client TOKEN token, and HTTP task requests are sent to server-side according to the current TOKEN token;
Correction verification module: being set as after server-side receives the HTTP task requests, use corresponding to the HTTP task requests Family identity is verified, and sends feedback information to client according to check results;
Update module: it is set as after client receives the feedback information of server-side, according to the feedback information to this HTTP The corresponding data of task requests are updated.
9. a kind of computer equipment, which is characterized in that the computer equipment includes memory and processor, in the memory It is stored with computer-readable instruction, when the computer-readable instruction is executed by one or more processors, so that one Or multiple processors are executed as described in any one of claims 1 to 7 the step of proof of identity method.
10. a kind of storage medium, which is characterized in that the storage medium can be read and write by processor, and the storage medium is stored with Computer instruction, when the computer-readable instruction is executed by one or more processors, so that one or more processors are held Row is as described in any one of claims 1 to 7 the step of proof of identity method.
CN201910849275.5A 2019-09-09 2019-09-09 Identity verification method based on TOKEN and related equipment Active CN110493258B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201910849275.5A CN110493258B (en) 2019-09-09 2019-09-09 Identity verification method based on TOKEN and related equipment
PCT/CN2019/117322 WO2021047012A1 (en) 2019-09-09 2019-11-12 Token-based identity verification method and related device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910849275.5A CN110493258B (en) 2019-09-09 2019-09-09 Identity verification method based on TOKEN and related equipment

Publications (2)

Publication Number Publication Date
CN110493258A true CN110493258A (en) 2019-11-22
CN110493258B CN110493258B (en) 2022-09-30

Family

ID=68557013

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910849275.5A Active CN110493258B (en) 2019-09-09 2019-09-09 Identity verification method based on TOKEN and related equipment

Country Status (2)

Country Link
CN (1) CN110493258B (en)
WO (1) WO2021047012A1 (en)

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111756702A (en) * 2020-05-29 2020-10-09 北京沃东天骏信息技术有限公司 Data security protection method, device, equipment and storage medium
CN112822175A (en) * 2020-12-31 2021-05-18 联想(北京)有限公司 Information access method and device and electronic equipment
CN113179277A (en) * 2021-05-07 2021-07-27 济南云拓互动传媒有限公司 Verification method hidden in standard HTTP plaintext message header
CN113285808A (en) * 2021-05-18 2021-08-20 挂号网(杭州)科技有限公司 Identity information verification method, device, equipment and storage medium
CN113395282A (en) * 2021-06-15 2021-09-14 济南浪潮智投智能科技有限公司 Method and system for preventing third party from accessing server resources
CN113542235A (en) * 2021-06-28 2021-10-22 上海浦东发展银行股份有限公司 Security mutual access system and method based on token mutual trust mechanism
CN113709162A (en) * 2021-08-30 2021-11-26 康键信息技术(深圳)有限公司 Method, device and equipment for acquiring intranet data and storage medium
CN113726513A (en) * 2021-08-31 2021-11-30 西安交通大学 Safety monitoring method, system and equipment for video real-time transmission and readable storage medium
CN114124534A (en) * 2021-11-24 2022-03-01 航天信息股份有限公司 Data interaction system and method
CN114650175A (en) * 2022-03-21 2022-06-21 网宿科技股份有限公司 Verification method and device
CN114938313A (en) * 2022-07-26 2022-08-23 北京盛邦赛云科技有限公司 Man-machine identification method and device based on dynamic token

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014078605A1 (en) * 2012-11-14 2014-05-22 Google Inc. Client token storage for cross-site request forgery protection
CN106161032A (en) * 2015-04-24 2016-11-23 华为技术有限公司 A kind of identity authentication method and device
CN108494740A (en) * 2018-03-01 2018-09-04 捷开通讯(深圳)有限公司 Token generates and method of calibration, intelligent terminal and server
US20180278595A1 (en) * 2015-12-31 2018-09-27 Huawei Technologies Co., Ltd. Key configuration method, key management center, and network element
CN108737326A (en) * 2017-04-14 2018-11-02 北京京东尚科信息技术有限公司 Method, system, device and electronic equipment for carrying out token authentication

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7454622B2 (en) * 2002-12-31 2008-11-18 American Express Travel Related Services Company, Inc. Method and system for modular authentication and session management
CN103188344A (en) * 2013-02-22 2013-07-03 浪潮电子信息产业股份有限公司 Method for safely invoking REST API (representational state transfer, application programming interface)
CN105227551A (en) * 2015-09-24 2016-01-06 四川长虹电器股份有限公司 The uniform permission administration method of XBRL application platform
CN105471916B (en) * 2016-01-13 2018-08-17 西安电子科技大学 Take precautions against the method that the latent channel key of Secure Socket Layer is restored

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014078605A1 (en) * 2012-11-14 2014-05-22 Google Inc. Client token storage for cross-site request forgery protection
CN106161032A (en) * 2015-04-24 2016-11-23 华为技术有限公司 A kind of identity authentication method and device
US20180278595A1 (en) * 2015-12-31 2018-09-27 Huawei Technologies Co., Ltd. Key configuration method, key management center, and network element
CN108737326A (en) * 2017-04-14 2018-11-02 北京京东尚科信息技术有限公司 Method, system, device and electronic equipment for carrying out token authentication
CN108494740A (en) * 2018-03-01 2018-09-04 捷开通讯(深圳)有限公司 Token generates and method of calibration, intelligent terminal and server

Cited By (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111756702A (en) * 2020-05-29 2020-10-09 北京沃东天骏信息技术有限公司 Data security protection method, device, equipment and storage medium
CN112822175A (en) * 2020-12-31 2021-05-18 联想(北京)有限公司 Information access method and device and electronic equipment
CN112822175B (en) * 2020-12-31 2022-06-28 联想(北京)有限公司 Information access method and device and electronic equipment
CN113179277A (en) * 2021-05-07 2021-07-27 济南云拓互动传媒有限公司 Verification method hidden in standard HTTP plaintext message header
CN113179277B (en) * 2021-05-07 2022-08-02 济南云拓互动传媒有限公司 Verification method hidden in standard HTTP plaintext message header
CN113285808A (en) * 2021-05-18 2021-08-20 挂号网(杭州)科技有限公司 Identity information verification method, device, equipment and storage medium
CN113285808B (en) * 2021-05-18 2024-03-26 挂号网(杭州)科技有限公司 Identity information verification method, device, equipment and storage medium
CN113395282A (en) * 2021-06-15 2021-09-14 济南浪潮智投智能科技有限公司 Method and system for preventing third party from accessing server resources
CN113542235B (en) * 2021-06-28 2023-04-07 上海浦东发展银行股份有限公司 Safe mutual access method based on token mutual trust mechanism
CN113542235A (en) * 2021-06-28 2021-10-22 上海浦东发展银行股份有限公司 Security mutual access system and method based on token mutual trust mechanism
CN113709162A (en) * 2021-08-30 2021-11-26 康键信息技术(深圳)有限公司 Method, device and equipment for acquiring intranet data and storage medium
CN113726513A (en) * 2021-08-31 2021-11-30 西安交通大学 Safety monitoring method, system and equipment for video real-time transmission and readable storage medium
CN114124534A (en) * 2021-11-24 2022-03-01 航天信息股份有限公司 Data interaction system and method
CN114650175A (en) * 2022-03-21 2022-06-21 网宿科技股份有限公司 Verification method and device
CN114650175B (en) * 2022-03-21 2024-04-02 网宿科技股份有限公司 Verification method and device
CN114938313B (en) * 2022-07-26 2022-10-04 北京盛邦赛云科技有限公司 Man-machine identification method and device based on dynamic token
CN114938313A (en) * 2022-07-26 2022-08-23 北京盛邦赛云科技有限公司 Man-machine identification method and device based on dynamic token

Also Published As

Publication number Publication date
CN110493258B (en) 2022-09-30
WO2021047012A1 (en) 2021-03-18

Similar Documents

Publication Publication Date Title
CN110493258A (en) Proof of identity method and relevant device based on TOKEN token
US6678270B1 (en) Packet interception system including arrangement facilitating authentication of intercepted packets
CN102223374B (en) Third-party authentication security protection system and third-party authentication security protection method based on online security protection of electronic evidence
CN111435913B (en) Identity authentication method and device for terminal of Internet of things and storage medium
CN104394172B (en) Single-sign-on apparatus and method
CN110691087A (en) Access control method, device, server and storage medium
CN110932850B (en) Communication encryption method and system
CN111444499B (en) User identity authentication method and system
CN111884811B (en) Block chain-based data evidence storing method and data evidence storing platform
US10756896B2 (en) Trustless account recovery
CN108199847B (en) Digital security processing method, computer device, and storage medium
CN112054897B (en) Outsourcing Internet of things data for protecting privacy based on block chain and integrity verification method for backup of outsourcing Internet of things data
CN111080299B (en) Anti-repudiation method for transaction information, client and server
CN106470103B (en) Method and system for sending encrypted URL request by client
CN111339040B (en) Cloud storage method, device and equipment for data files and storage medium
Yu et al. Decim: Detecting endpoint compromise in messaging
CN111130798A (en) Request authentication method and related equipment
CN112581233A (en) Method, device, equipment and computer-readable storage medium for order offline operation
CN112699374A (en) Integrity checking vulnerability security protection method and system
CN114666060A (en) Electronic data preservation method and system based on HyperLegger Fabric
CN110224824B (en) Digital certificate processing method and device, computer equipment and storage medium
CN109302425B (en) Identity authentication method and terminal equipment
CN112235276B (en) Master-slave equipment interaction method, device, system, electronic equipment and computer medium
CN113852628A (en) Decentralized single sign-on method, decentralized single sign-on device and storage medium
CN110139163A (en) A kind of method and relevant apparatus obtaining barrage

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant