CN111010385A - RESTful-based secure interaction method - Google Patents

RESTful-based secure interaction method Download PDF

Info

Publication number
CN111010385A
CN111010385A CN201911249140.1A CN201911249140A CN111010385A CN 111010385 A CN111010385 A CN 111010385A CN 201911249140 A CN201911249140 A CN 201911249140A CN 111010385 A CN111010385 A CN 111010385A
Authority
CN
China
Prior art keywords
user
token
message
key
jwt
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201911249140.1A
Other languages
Chinese (zh)
Inventor
辛卫民
徐兵兵
侯冬刚
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shandong Inspur Business System Co Ltd
Original Assignee
Shandong Inspur Business System Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shandong Inspur Business System Co Ltd filed Critical Shandong Inspur Business System Co Ltd
Priority to CN201911249140.1A priority Critical patent/CN111010385A/en
Publication of CN111010385A publication Critical patent/CN111010385A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The invention provides a RESTful-based secure interaction method, which belongs to the technical field of HTTP protocol, service communication, stateless resources and secure authentication, provides authentication and authorization service, mainly realizes user login verification and user authentication, and produces a user Token by using JWT service; the client submits a user name and a password through the login request, and the server generates a Token to be associated with the user after the server passes the verification. The safety of the data in the transmission process can be effectively guaranteed.

Description

RESTful-based secure interaction method
Technical Field
The invention relates to the fields of HTTP (hyper text transport protocol), service communication, stateless resources, security authentication and the like, in particular to a RESTful-based security interaction method.
Background
The internet is open, deriving many optimized free software, free services. The internet technology is changing day by day while the society is developing at a high speed. Many excellent software and internet services are obscured in the process, and many new ideas are generated, and the RESTful architecture is generated under the environment.
RESTful architecture:
(1) each URI represents a resource;
(2) some presentation layer for communicating such resources between the client and the server;
(3) the client operates the server side resources through four HTTP verbs to realize 'expression layer state conversion'.
Although no new technology and components are created, the API design specification is the most popular, and is mainly used for designing Web data interfaces. RESTful also creates problems in practical applications.
The existing interface interaction usually authenticates interface access or symmetrically encrypts data, and if a symmetric key is leaked, a great loss is caused.
Disclosure of Invention
In order to solve the technical problems, the invention provides a RESTful-based security interaction method, which can randomly generate data keys which are different every time and effectively ensure the security of data in a transmission process.
The technical scheme of the invention is as follows:
a safe interaction method based on RESTful provides authentication service, mainly realizes user login verification and user authentication, and produces user Token by using JWT service; the client submits a user name and a password through the login request, and the server generates a Token to be associated with the user after the server passes the verification.
Further, in the above-mentioned case,
the client carries Token in the subsequent request, and the server checks the user validity through Token.
The present invention maps the security certificate to a special resource based on the REST request, i.e., the resource. RESTful is a stateless service form, and the verification of login user information by using Token also better conforms to the definition of stateless in RESTful.
A JWT service is built and used for issuing user certificates and verifying the user certificates, the JWT comprises three parts of a Header, a Poyload and a Signature, the Signature is obtained after the Header and the Poyload are used as Signature algorithms, and malicious data tampering can be effectively prevented.
Further, in the above-mentioned case,
the security certification voucher is a group of Token produced based on JWT and carries user identification, issuing time, validity period and effective use times, the JWT is not encrypted by default, and the scheme uses an encryption mode to enhance service security and effectively protect Poyload information.
Further, in the above-mentioned case,
the security authentication map is processed based on the user provided information and returned to the user Token.
Further, in the above-mentioned case,
token fails when the user logs out, logs in for many times, does not operate for a long time and the like.
Further, in the above-mentioned case,
randomly generating a symmetric key for each interaction, and carrying out ASE encryption on the interaction message by the symmetric key; the symmetric key is encrypted by Token to be fixed size, and an interactive message head is attached.
Further, in the above-mentioned case,
the secret random key used by Token has the same length through a specific encryption algorithm.
Further, in the above-mentioned case,
the encryption keys of the messages interacted each time in the mode are different, so that the safety of the messages on the network is improved, and the cracking cost is also improved.
The receiver analyzes the key segment after receiving the message, and decrypts the random key by using Token; and then, decrypting the interactive message decrypted by the interactive message by using the random key to perform normal service operation.
Further, in the above-mentioned case,
developing a universal message encryption module, wherein the module provides a message encryption and decryption function, reads a secret key with a fixed length based on the received request message, decrypts the secret key, and performs ASE decryption on the rest part.
Further, in the above-mentioned case,
when a user sends a message, firstly generating a random key k, and encrypting the random key by Token to obtain w, wherein the w is fixed 16 bits;
AES encryption is performed on the message using k and w is appended to the encrypted message.
Further, in the above-mentioned case,
after receiving the request, the server reads the first 16 bits of the message, decrypts through Token to obtain k, reads the rest part, and decrypts by using k;
and after the message is processed by the message encryption and decryption module, normal service operation is carried out.
The invention has the advantages that
In the scheme, the data key is randomly generated and is different every time, so that the safety of the data in the transmission process can be effectively guaranteed.
The JWT service is used for verifying the user, the JWT data security problem is solved through a free encryption algorithm, and the security and the convenience of user authentication are improved.
Drawings
FIG. 1 is a schematic workflow diagram of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer and more complete, the technical solutions in the embodiments of the present invention will be described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention, and based on the embodiments of the present invention, all other embodiments obtained by a person of ordinary skill in the art without creative efforts belong to the scope of the present invention.
The RESTful-based security interaction method provides authentication service, mainly realizes user login verification and user authentication, and produces a user Token by using JWT service;
the client submits a user name and a password through the login request, and the server generates a Token to be associated with the user after passing the verification
The client carries Token in the subsequent request, and the server checks the user validity through Token;
developing a universal message encryption module, wherein the module provides a message encryption and decryption function, reads a secret key with a fixed length based on a received request message, decrypts the secret key, and performs ASE decryption on the rest part;
when a user sends a message, firstly generating a random key k, and encrypting the random key by Token to obtain w, wherein the w is fixed 16 bits;
using k to carry out AES encryption on the message, and adding w to the front of the encrypted message;
after receiving the request, the server reads the first 16 bits of the message, decrypts through Token to obtain k, reads the rest part, and decrypts by using k;
and after the message is processed by the message encryption and decryption module, normal service operation is carried out.
The noun explains:
REST Representational State Transfer Representational State transition (Representational State transition)
Token ticket
API Application Programming Interface Application program Interface
JWT JSON Web TokenAES Advanced Encryption Standard
The above description is only a preferred embodiment of the present invention, and is only used to illustrate the technical solutions of the present invention, and not to limit the protection scope of the present invention. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention shall fall within the protection scope of the present invention.

Claims (10)

1. A RESTful-based secure interaction method is characterized in that,
providing authentication service, mainly realizing user login verification and user authentication, and producing a user Token by using JWT service; the client submits a user name and a password through the login request, and the server generates a Token to be associated with the user after the server passes the verification.
2. The method of claim 1,
the client carries Token in the subsequent request, and the server checks the user validity through Token.
3. The method of claim 2,
the JWT service is used for issuing user certificates and verifying the user certificates, the JWT comprises three parts of a Header, a Poyload and a Signature, and the Signature is obtained after the Header and the Poyload are used as Signature algorithms.
4. The method of claim 1,
the security certification voucher is manufactured Token based on JWT, carries user identification, issuing time, validity period and effective use times, and is not encrypted by the JWT default.
5. The method of claim 4,
the security authentication mapping is processed based on the information provided by the user and returns to the user Token;
and the Token is invalid if the user logs out, logs in for many times and does not operate for a long time.
6. The method of claim 3,
randomly generating a symmetric key for each interaction, and carrying out ASE encryption on the interaction message by the symmetric key; the symmetric key is encrypted to a fixed size using Token, and an interactive message header is appended.
7. The method of claim 9,
the secret random key of Token has the same length after being used by an encryption algorithm;
the receiver analyzes the key segment after receiving the message, and decrypts the random key by using Token; the interaction message is then decrypted using the random key.
8. The method of claim 7,
developing a universal message encryption module, wherein the module provides a message encryption and decryption function, reads a secret key with a fixed length based on the received request message, decrypts the secret key, and performs ASE decryption on the rest part.
9. The method of claim 8,
when a user sends a message, firstly generating a random key k, and encrypting the random key by Token to obtain w, wherein the w is fixed 16 bits;
AES encryption is performed on the message using k and w is appended to the encrypted message.
10. The method of claim 9,
after receiving the request, the server reads the first 16 bits of the message, decrypts through Token to obtain k, reads the rest part, and decrypts by using k;
and after the message is processed by the message encryption and decryption module, normal service operation is carried out.
CN201911249140.1A 2019-12-09 2019-12-09 RESTful-based secure interaction method Pending CN111010385A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911249140.1A CN111010385A (en) 2019-12-09 2019-12-09 RESTful-based secure interaction method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911249140.1A CN111010385A (en) 2019-12-09 2019-12-09 RESTful-based secure interaction method

Publications (1)

Publication Number Publication Date
CN111010385A true CN111010385A (en) 2020-04-14

Family

ID=70114348

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911249140.1A Pending CN111010385A (en) 2019-12-09 2019-12-09 RESTful-based secure interaction method

Country Status (1)

Country Link
CN (1) CN111010385A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114124534A (en) * 2021-11-24 2022-03-01 航天信息股份有限公司 Data interaction system and method

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104486325A (en) * 2014-12-10 2015-04-01 上海爱数软件有限公司 Safe login certification method based on RESTful
CN105207782A (en) * 2015-11-18 2015-12-30 上海爱数软件有限公司 Identity verification method based on restful framework
CN108901022A (en) * 2018-06-28 2018-11-27 深圳云之家网络有限公司 A kind of micro services universal retrieval method and gateway
CN108900301A (en) * 2018-05-31 2018-11-27 苏州浪潮智能软件有限公司 The certification of restful interface security and message mixed encryption method based on .NET MVC
US20190074979A1 (en) * 2015-11-13 2019-03-07 Minghua Xu Methods and systems for pki-based authentication
CN109889510A (en) * 2019-01-30 2019-06-14 重庆农村商业银行股份有限公司 Multiple encryption method for service provider transmission services message

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104486325A (en) * 2014-12-10 2015-04-01 上海爱数软件有限公司 Safe login certification method based on RESTful
US20190074979A1 (en) * 2015-11-13 2019-03-07 Minghua Xu Methods and systems for pki-based authentication
CN105207782A (en) * 2015-11-18 2015-12-30 上海爱数软件有限公司 Identity verification method based on restful framework
CN108900301A (en) * 2018-05-31 2018-11-27 苏州浪潮智能软件有限公司 The certification of restful interface security and message mixed encryption method based on .NET MVC
CN108901022A (en) * 2018-06-28 2018-11-27 深圳云之家网络有限公司 A kind of micro services universal retrieval method and gateway
CN109889510A (en) * 2019-01-30 2019-06-14 重庆农村商业银行股份有限公司 Multiple encryption method for service provider transmission services message

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114124534A (en) * 2021-11-24 2022-03-01 航天信息股份有限公司 Data interaction system and method

Similar Documents

Publication Publication Date Title
US10243742B2 (en) Method and system for accessing a device by a user
KR100549504B1 (en) Method for creating and verifying simple object access protocol message on web service security using signature encryption
CN100580657C (en) Distributed single sign-on service
CN101674304B (en) Network identity authentication system and method
US7379551B2 (en) Method and system for recovering password protected private data via a communication network without exposing the private data
CN101764806B (en) Single-point log-in method, system and log-in service platform
US20120054491A1 (en) Re-authentication in client-server communications
CN102377788B (en) Single sign-on (SSO) system and single sign-on (SSO) method
EP1249983A2 (en) Methods and arrangements for protecting information in forwarded authentication messages
CN105553654B (en) Key information processing method and device, key information management system
CN108900301A (en) The certification of restful interface security and message mixed encryption method based on .NET MVC
CN111917543B (en) User access cloud platform security access authentication system and application method thereof
JP5324813B2 (en) Key generation apparatus, certificate generation apparatus, service provision system, key generation method, certificate generation method, service provision method, and program
KR101204980B1 (en) Method and System of One-Time Password Authentication Scheme Provide Enhanced Randomness
Fahl et al. Trustsplit: usable confidentiality for social network messaging
Parameswarath et al. Privacy-Preserving User-Centric Authentication Protocol for IoT-Enabled Vehicular Charging System Using Decentralized Identity
CN111010385A (en) RESTful-based secure interaction method
CN112035820B (en) Data analysis method used in Kerberos encryption environment
Zhan et al. Research on dynamic identity authentication mechanism based on digital signature
CN103312671A (en) Method and system for verifying server
CN111447060A (en) Electronic document distribution method based on proxy re-encryption
Nagar et al. A secure authenticate framework for cloud computing environment
Guo et al. Design of Multi-dimensional Electronic Channel Unified Identity Authentication Method for Power Information System
Yang et al. Secure Email Login Based on Lightweight Asymmetric Identities
Prasad et al. Multimodal Authentication-Biomteric, password and steganography

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20200414