CN111010385A - RESTful-based secure interaction method - Google Patents
RESTful-based secure interaction method Download PDFInfo
- Publication number
- CN111010385A CN111010385A CN201911249140.1A CN201911249140A CN111010385A CN 111010385 A CN111010385 A CN 111010385A CN 201911249140 A CN201911249140 A CN 201911249140A CN 111010385 A CN111010385 A CN 111010385A
- Authority
- CN
- China
- Prior art keywords
- user
- token
- message
- key
- jwt
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention provides a RESTful-based secure interaction method, which belongs to the technical field of HTTP protocol, service communication, stateless resources and secure authentication, provides authentication and authorization service, mainly realizes user login verification and user authentication, and produces a user Token by using JWT service; the client submits a user name and a password through the login request, and the server generates a Token to be associated with the user after the server passes the verification. The safety of the data in the transmission process can be effectively guaranteed.
Description
Technical Field
The invention relates to the fields of HTTP (hyper text transport protocol), service communication, stateless resources, security authentication and the like, in particular to a RESTful-based security interaction method.
Background
The internet is open, deriving many optimized free software, free services. The internet technology is changing day by day while the society is developing at a high speed. Many excellent software and internet services are obscured in the process, and many new ideas are generated, and the RESTful architecture is generated under the environment.
RESTful architecture:
(1) each URI represents a resource;
(2) some presentation layer for communicating such resources between the client and the server;
(3) the client operates the server side resources through four HTTP verbs to realize 'expression layer state conversion'.
Although no new technology and components are created, the API design specification is the most popular, and is mainly used for designing Web data interfaces. RESTful also creates problems in practical applications.
The existing interface interaction usually authenticates interface access or symmetrically encrypts data, and if a symmetric key is leaked, a great loss is caused.
Disclosure of Invention
In order to solve the technical problems, the invention provides a RESTful-based security interaction method, which can randomly generate data keys which are different every time and effectively ensure the security of data in a transmission process.
The technical scheme of the invention is as follows:
a safe interaction method based on RESTful provides authentication service, mainly realizes user login verification and user authentication, and produces user Token by using JWT service; the client submits a user name and a password through the login request, and the server generates a Token to be associated with the user after the server passes the verification.
Further, in the above-mentioned case,
the client carries Token in the subsequent request, and the server checks the user validity through Token.
The present invention maps the security certificate to a special resource based on the REST request, i.e., the resource. RESTful is a stateless service form, and the verification of login user information by using Token also better conforms to the definition of stateless in RESTful.
A JWT service is built and used for issuing user certificates and verifying the user certificates, the JWT comprises three parts of a Header, a Poyload and a Signature, the Signature is obtained after the Header and the Poyload are used as Signature algorithms, and malicious data tampering can be effectively prevented.
Further, in the above-mentioned case,
the security certification voucher is a group of Token produced based on JWT and carries user identification, issuing time, validity period and effective use times, the JWT is not encrypted by default, and the scheme uses an encryption mode to enhance service security and effectively protect Poyload information.
Further, in the above-mentioned case,
the security authentication map is processed based on the user provided information and returned to the user Token.
Further, in the above-mentioned case,
token fails when the user logs out, logs in for many times, does not operate for a long time and the like.
Further, in the above-mentioned case,
randomly generating a symmetric key for each interaction, and carrying out ASE encryption on the interaction message by the symmetric key; the symmetric key is encrypted by Token to be fixed size, and an interactive message head is attached.
Further, in the above-mentioned case,
the secret random key used by Token has the same length through a specific encryption algorithm.
Further, in the above-mentioned case,
the encryption keys of the messages interacted each time in the mode are different, so that the safety of the messages on the network is improved, and the cracking cost is also improved.
The receiver analyzes the key segment after receiving the message, and decrypts the random key by using Token; and then, decrypting the interactive message decrypted by the interactive message by using the random key to perform normal service operation.
Further, in the above-mentioned case,
developing a universal message encryption module, wherein the module provides a message encryption and decryption function, reads a secret key with a fixed length based on the received request message, decrypts the secret key, and performs ASE decryption on the rest part.
Further, in the above-mentioned case,
when a user sends a message, firstly generating a random key k, and encrypting the random key by Token to obtain w, wherein the w is fixed 16 bits;
AES encryption is performed on the message using k and w is appended to the encrypted message.
Further, in the above-mentioned case,
after receiving the request, the server reads the first 16 bits of the message, decrypts through Token to obtain k, reads the rest part, and decrypts by using k;
and after the message is processed by the message encryption and decryption module, normal service operation is carried out.
The invention has the advantages that
In the scheme, the data key is randomly generated and is different every time, so that the safety of the data in the transmission process can be effectively guaranteed.
The JWT service is used for verifying the user, the JWT data security problem is solved through a free encryption algorithm, and the security and the convenience of user authentication are improved.
Drawings
FIG. 1 is a schematic workflow diagram of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer and more complete, the technical solutions in the embodiments of the present invention will be described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention, and based on the embodiments of the present invention, all other embodiments obtained by a person of ordinary skill in the art without creative efforts belong to the scope of the present invention.
The RESTful-based security interaction method provides authentication service, mainly realizes user login verification and user authentication, and produces a user Token by using JWT service;
the client submits a user name and a password through the login request, and the server generates a Token to be associated with the user after passing the verification
The client carries Token in the subsequent request, and the server checks the user validity through Token;
developing a universal message encryption module, wherein the module provides a message encryption and decryption function, reads a secret key with a fixed length based on a received request message, decrypts the secret key, and performs ASE decryption on the rest part;
when a user sends a message, firstly generating a random key k, and encrypting the random key by Token to obtain w, wherein the w is fixed 16 bits;
using k to carry out AES encryption on the message, and adding w to the front of the encrypted message;
after receiving the request, the server reads the first 16 bits of the message, decrypts through Token to obtain k, reads the rest part, and decrypts by using k;
and after the message is processed by the message encryption and decryption module, normal service operation is carried out.
The noun explains:
REST Representational State Transfer Representational State transition (Representational State transition)
Token ticket
API Application Programming Interface Application program Interface
JWT JSON Web TokenAES Advanced Encryption Standard
The above description is only a preferred embodiment of the present invention, and is only used to illustrate the technical solutions of the present invention, and not to limit the protection scope of the present invention. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention shall fall within the protection scope of the present invention.
Claims (10)
1. A RESTful-based secure interaction method is characterized in that,
providing authentication service, mainly realizing user login verification and user authentication, and producing a user Token by using JWT service; the client submits a user name and a password through the login request, and the server generates a Token to be associated with the user after the server passes the verification.
2. The method of claim 1,
the client carries Token in the subsequent request, and the server checks the user validity through Token.
3. The method of claim 2,
the JWT service is used for issuing user certificates and verifying the user certificates, the JWT comprises three parts of a Header, a Poyload and a Signature, and the Signature is obtained after the Header and the Poyload are used as Signature algorithms.
4. The method of claim 1,
the security certification voucher is manufactured Token based on JWT, carries user identification, issuing time, validity period and effective use times, and is not encrypted by the JWT default.
5. The method of claim 4,
the security authentication mapping is processed based on the information provided by the user and returns to the user Token;
and the Token is invalid if the user logs out, logs in for many times and does not operate for a long time.
6. The method of claim 3,
randomly generating a symmetric key for each interaction, and carrying out ASE encryption on the interaction message by the symmetric key; the symmetric key is encrypted to a fixed size using Token, and an interactive message header is appended.
7. The method of claim 9,
the secret random key of Token has the same length after being used by an encryption algorithm;
the receiver analyzes the key segment after receiving the message, and decrypts the random key by using Token; the interaction message is then decrypted using the random key.
8. The method of claim 7,
developing a universal message encryption module, wherein the module provides a message encryption and decryption function, reads a secret key with a fixed length based on the received request message, decrypts the secret key, and performs ASE decryption on the rest part.
9. The method of claim 8,
when a user sends a message, firstly generating a random key k, and encrypting the random key by Token to obtain w, wherein the w is fixed 16 bits;
AES encryption is performed on the message using k and w is appended to the encrypted message.
10. The method of claim 9,
after receiving the request, the server reads the first 16 bits of the message, decrypts through Token to obtain k, reads the rest part, and decrypts by using k;
and after the message is processed by the message encryption and decryption module, normal service operation is carried out.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911249140.1A CN111010385A (en) | 2019-12-09 | 2019-12-09 | RESTful-based secure interaction method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911249140.1A CN111010385A (en) | 2019-12-09 | 2019-12-09 | RESTful-based secure interaction method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN111010385A true CN111010385A (en) | 2020-04-14 |
Family
ID=70114348
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201911249140.1A Pending CN111010385A (en) | 2019-12-09 | 2019-12-09 | RESTful-based secure interaction method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111010385A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114124534A (en) * | 2021-11-24 | 2022-03-01 | 航天信息股份有限公司 | Data interaction system and method |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104486325A (en) * | 2014-12-10 | 2015-04-01 | 上海爱数软件有限公司 | Safe login certification method based on RESTful |
CN105207782A (en) * | 2015-11-18 | 2015-12-30 | 上海爱数软件有限公司 | Identity verification method based on restful framework |
CN108901022A (en) * | 2018-06-28 | 2018-11-27 | 深圳云之家网络有限公司 | A kind of micro services universal retrieval method and gateway |
CN108900301A (en) * | 2018-05-31 | 2018-11-27 | 苏州浪潮智能软件有限公司 | The certification of restful interface security and message mixed encryption method based on .NET MVC |
US20190074979A1 (en) * | 2015-11-13 | 2019-03-07 | Minghua Xu | Methods and systems for pki-based authentication |
CN109889510A (en) * | 2019-01-30 | 2019-06-14 | 重庆农村商业银行股份有限公司 | Multiple encryption method for service provider transmission services message |
-
2019
- 2019-12-09 CN CN201911249140.1A patent/CN111010385A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104486325A (en) * | 2014-12-10 | 2015-04-01 | 上海爱数软件有限公司 | Safe login certification method based on RESTful |
US20190074979A1 (en) * | 2015-11-13 | 2019-03-07 | Minghua Xu | Methods and systems for pki-based authentication |
CN105207782A (en) * | 2015-11-18 | 2015-12-30 | 上海爱数软件有限公司 | Identity verification method based on restful framework |
CN108900301A (en) * | 2018-05-31 | 2018-11-27 | 苏州浪潮智能软件有限公司 | The certification of restful interface security and message mixed encryption method based on .NET MVC |
CN108901022A (en) * | 2018-06-28 | 2018-11-27 | 深圳云之家网络有限公司 | A kind of micro services universal retrieval method and gateway |
CN109889510A (en) * | 2019-01-30 | 2019-06-14 | 重庆农村商业银行股份有限公司 | Multiple encryption method for service provider transmission services message |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114124534A (en) * | 2021-11-24 | 2022-03-01 | 航天信息股份有限公司 | Data interaction system and method |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10243742B2 (en) | Method and system for accessing a device by a user | |
KR100549504B1 (en) | Method for creating and verifying simple object access protocol message on web service security using signature encryption | |
CN100580657C (en) | Distributed single sign-on service | |
CN101674304B (en) | Network identity authentication system and method | |
US7379551B2 (en) | Method and system for recovering password protected private data via a communication network without exposing the private data | |
CN101764806B (en) | Single-point log-in method, system and log-in service platform | |
US20120054491A1 (en) | Re-authentication in client-server communications | |
CN102377788B (en) | Single sign-on (SSO) system and single sign-on (SSO) method | |
EP1249983A2 (en) | Methods and arrangements for protecting information in forwarded authentication messages | |
CN105553654B (en) | Key information processing method and device, key information management system | |
CN108900301A (en) | The certification of restful interface security and message mixed encryption method based on .NET MVC | |
CN111917543B (en) | User access cloud platform security access authentication system and application method thereof | |
JP5324813B2 (en) | Key generation apparatus, certificate generation apparatus, service provision system, key generation method, certificate generation method, service provision method, and program | |
KR101204980B1 (en) | Method and System of One-Time Password Authentication Scheme Provide Enhanced Randomness | |
Fahl et al. | Trustsplit: usable confidentiality for social network messaging | |
Parameswarath et al. | Privacy-Preserving User-Centric Authentication Protocol for IoT-Enabled Vehicular Charging System Using Decentralized Identity | |
CN111010385A (en) | RESTful-based secure interaction method | |
CN112035820B (en) | Data analysis method used in Kerberos encryption environment | |
Zhan et al. | Research on dynamic identity authentication mechanism based on digital signature | |
CN103312671A (en) | Method and system for verifying server | |
CN111447060A (en) | Electronic document distribution method based on proxy re-encryption | |
Nagar et al. | A secure authenticate framework for cloud computing environment | |
Guo et al. | Design of Multi-dimensional Electronic Channel Unified Identity Authentication Method for Power Information System | |
Yang et al. | Secure Email Login Based on Lightweight Asymmetric Identities | |
Prasad et al. | Multimodal Authentication-Biomteric, password and steganography |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200414 |