CN112104657A - Information verification method and device - Google Patents
Information verification method and device Download PDFInfo
- Publication number
- CN112104657A CN112104657A CN202010978990.1A CN202010978990A CN112104657A CN 112104657 A CN112104657 A CN 112104657A CN 202010978990 A CN202010978990 A CN 202010978990A CN 112104657 A CN112104657 A CN 112104657A
- Authority
- CN
- China
- Prior art keywords
- information set
- user
- offset
- reference value
- target user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/126—Applying verification of the received information the source of the received data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The embodiment of the specification provides an information checking method and device, wherein the method comprises the following steps: receiving a target service request triggered by a target user and sent by a first end; the target service request comprises a user information set and a characteristic value; acquiring a first check information set of a target user, wherein the first check information set comprises a reference value and an offset stored by a second end; executing the target service under the condition that the verification of the characteristic value is determined to pass according to the first verification information set and a preset formula; updating the reference value and the offset in the first check information set according to the characteristic value to obtain a second check information set; and sending the reference value and the offset in the second check information set to the first end so that the first end updates the stored reference value and the offset. In the embodiments of the present specification, the verification may be performed using the changed feature value to effectively defend against the replay attack. And the characteristic value is adopted for verification, accurate synchronization on the time of both communication parties is not needed, and the method is more suitable for cross-region communication.
Description
Technical Field
The embodiment of the specification relates to the technical field of information security, in particular to an information verification method and device.
Background
Replay attacks can occur in any network communication process, and are one of attack modes commonly used by hackers in the field of computers. The basic principle of replay attack is to re-transmit the data which is stolen before to the receiver, and many times, the data transmitted on the network is encrypted, and at the moment, an eavesdropper cannot obtain the accurate content of the data. But if he knows the effect of the data he can do without knowing the content of the data by sending it again for the purpose of fooling the receiving end. For example, a message in the internet deposit system indicates that a user draws a deposit, an attacker can send the message heard by the attacker to the deposit system for many times, and if the website has no anti-replay method, the user can cause economic loss without knowing.
The existing anti-replay method usually adopts a defense method based on a timestamp, and a user side needs to add the timestamp in a communication message when the user side communicates at a server side. And after receiving the message sent by the user terminal, the service terminal checks the timestamp in the message, and if the comparison between the timestamp in the message and the time of the service terminal system exceeds a certain threshold value, the message is considered to be a replay attack. Because the difference value of the timestamps of the two parties needs to be compared to be within the threshold value, the two parties need to have time synchronization as accurate as possible, and the better the synchronization is, the lower the possibility of being attacked is. However, when the system is large and spans a wide area, it is difficult to achieve precise time synchronization. Therefore, the replay attack cannot be effectively prevented by adopting the replay prevention method in the prior art.
In view of the above problems, no effective solution has been proposed.
Disclosure of Invention
The embodiment of the specification provides an information verification method and an information verification device, so as to solve the problem that replay attack cannot be effectively prevented in the prior art.
An embodiment of the present specification provides an information checking method, including:
receiving a target service request triggered by a target user and sent by a first end; the target service request comprises a user information set and a characteristic value, the user information set comprises information for identifying a user, and the characteristic value is calculated by the first end according to a stored reference value and an offset of the target user according to a preset formula;
acquiring a first verification information set of the target user according to the user information set of the target user; the first check information set comprises a reference value and an offset of the target user, which are stored by a second end;
executing the target service under the condition that the verification of the characteristic value is determined to pass according to the first verification information set and the preset formula;
updating the reference value and the offset of the target user in the first check information set according to the characteristic value to obtain a second check information set;
and sending the reference value and the offset in the second check information set to the first end so that the first end updates the stored reference value and the stored offset.
An embodiment of the present specification further provides an information checking apparatus, including:
the receiving module is used for receiving a target service request triggered by a target user and sent by a first end; the target service request comprises a user information set and a characteristic value, the user information set comprises information for identifying a user, and the characteristic value is calculated by the first end according to a stored reference value and an offset of the target user according to a preset formula;
the acquisition module is used for acquiring a first verification information set of the target user according to the user information set of the target user; the first check information set comprises a reference value and an offset of the target user, which are stored by a second end;
the processing module is used for executing the target service under the condition that the verification of the characteristic value is determined to pass according to the first verification information set and the preset formula;
the updating module is used for updating the reference value and the offset of the target user in the first check information set according to the characteristic value to obtain a second check information set;
and the sending module is used for sending the reference value and the offset in the second check information set to the first end so that the first end updates the stored reference value and the stored offset.
The present specification also provides a computer readable storage medium, on which computer instructions are stored, and when executed, the instructions implement the steps of the information verification method.
The embodiment of the present specification provides an information verification method, which may receive a target service request triggered by a target user sent by a first end, where the target service request includes a user information set and a feature value, the user information set includes information for identifying a user, and the feature value is calculated by the first end according to a preset formula based on a stored reference value and an offset of the target user. Therefore, the second end may obtain the first verification information set of the target user according to the user information set of the target user, where the first verification information set includes the reference value and the offset of the target user stored by the second end. Further, the target service may be executed by determining that the target service request is not a replay attack in a case where the verification of the characteristic value is determined to pass according to the first verification information set and the preset formula. In order to ensure that the characteristic value carried in the next service request is different from the current service request, the reference value and the offset of the target user in the first check information set can be updated according to the characteristic value, so as to obtain a second check information set. And sending the reference value and the offset in the second check information set to the first end so that the first end updates the stored reference value and the stored offset, thereby ensuring the consistency of the reference value and the offset stored in the first end and the second end. Since the second end updates the reference value and the offset correspondingly after each successful verification and synchronizes the updated values to the first end, the characteristic values calculated by the first end according to the reference value and the offset have differences each time the first end requests a service. Even though the attacker hears the service request data, the attacker cannot use the service request data to carry out replay attack because the characteristic value in the request data cannot pass the verification. The attacker can not accurately calculate the number of the characteristic values which should be sent at the current moment of attack according to the service request data, so that the replay attack can be effectively defended by checking the characteristic values. And the mode of checking by adopting the characteristic value does not need the accurate synchronization of both communication parties in time, and is more suitable for cross-region communication.
Drawings
The accompanying drawings, which are included to provide a further understanding of the embodiments of the disclosure, are incorporated in and constitute a part of this specification, and are not intended to limit the embodiments of the disclosure. In the drawings:
fig. 1 is a schematic structural diagram of an information verification system provided according to an embodiment of the present specification;
FIG. 2 is a schematic diagram illustrating steps of an information verification method provided in accordance with an embodiment of the present disclosure;
fig. 3 is a schematic structural diagram of an information verification apparatus provided in an embodiment of the present specification;
fig. 4 is a schematic structural diagram of an information verification apparatus provided in an embodiment of the present specification.
Detailed Description
The principles and spirit of the embodiments of the present specification will be described with reference to a number of exemplary embodiments. It should be understood that these embodiments are presented merely to enable those skilled in the art to better understand and to implement the embodiments of the present description, and are not intended to limit the scope of the embodiments of the present description in any way. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
As will be appreciated by one skilled in the art, implementations of the embodiments of the present description may be embodied as a system, an apparatus, a method, or a computer program product. Therefore, the disclosure of the embodiments of the present specification can be embodied in the following forms: entirely hardware, entirely software (including firmware, resident software, micro-code, etc.), or a combination of hardware and software.
Although the flow described below includes operations that occur in a particular order, it should be appreciated that the processes may include more or less operations that are performed sequentially or in parallel (e.g., using parallel processors or a multi-threaded environment).
In an example scenario of the present application, an information verification system is provided, as shown in fig. 1, which may include: the terminal device 101 and the server 102, wherein the terminal device 101 may be a first terminal and the server 102 may be a second terminal. A user may initiate a target service request through the terminal device 101, where the target service request may include a user information set and a feature value of the target user. After receiving the user information set and the feature value of the target user sent by the terminal device 101 at the first end, the server 102 may obtain the first check information set of the target user according to the user information set of the target user, execute the target service when the feature value check is determined to be passed according to the first check information set and the preset formula, and update the reference value and the offset of the target user in the first check information set according to the feature value to obtain the second check information set. The reference value and the offset in the second check information set can be fed back to the terminal device 101, so that the terminal device 101 can use the next service request, and thus the terminal device 101 can calculate the characteristic value by using the reference value and the offset updated each time, and further can effectively prevent replay attack according to the characteristic value.
The terminal device 101 may be a terminal device or software used by a user. Specifically, the terminal device may be a terminal device such as a smart phone, a tablet computer, a notebook computer, a desktop computer, a smart watch, or other wearable devices, or may be a robot device. Of course, the terminal apparatus 101 may be software that can be run in the above terminal apparatus. For example: system applications, payment applications, browsers, wechat applets, and the like.
The server 102 may be a single server or a server cluster, and certainly, the functions of the server may also be implemented by a cloud computing technology. The server 102 may be connected to a plurality of terminal devices, or may be a server having a strong information set library, and may obtain, after receiving the user information set and the feature value of the target user sent by the terminal device 101 at the first end, the first verification information set of the target user according to the user information set of the target user, execute the target service when it is determined that the feature value verification passes according to the first verification information set and the preset formula, and update the reference value and the offset of the target user in the first verification information set according to the feature value, so as to obtain the second verification information set. The reference value and the offset in the second check information set can be fed back to the terminal device 101 so that the terminal device 101 can be used at the next request, and the replay attack can be effectively prevented.
Referring to fig. 2, the present embodiment can provide an information checking method. The information verification method can be used for verifying the characteristic value sent by the first end by using the reference value, the offset and the preset formula stored in the second end, updating the reference value and the offset and feeding the reference value and the offset back to the first end under the condition that the verification is passed, so that the first end can be used when communicating with the first end next time, the characteristic values used for verification are different during each communication, and the replay attack can be effectively prevented. The above information verification method may include the following steps.
S201: receiving a target service request triggered by a target user and sent by a first end; the target service request comprises a user information set and a characteristic value, the user information set comprises information for identifying a user, and the characteristic value is calculated by the first end according to a preset formula according to a stored reference value and an offset of the target user.
In this embodiment, the first end may send the generated target service request to the second end, and correspondingly, the second end may receive the target service request. The target service request may be generated by the first end in response to a trigger request of a target user for a target service, where the target service request may include a user information set and a feature value, the user information set includes information for identifying a user, and the feature value is calculated according to a preset formula based on a reference value and an offset of the target user stored by the first end.
In this embodiment, the target service request may be transmitted in a form of a message, and the target service request may further include identification information of the target service. It is understood that, the target service request may further include other information, such as a current time point, which may be determined according to an actual situation, and the present application does not limit this.
In this embodiment, the user information set may include information for identifying a user, so that the second end may uniquely determine the target user according to the user information set. The information for identifying the user may include: user number, password, etc. When the user number is registered for the user, the background system generates a character string with a fixed number of bits according to a specific rule, and the character string can be used as a unique identifier of the user. When logging in, a user can log in by using a user number and a password, and the user number can also be called a user account in some scenes. It will of course be appreciated that the user information set may also contain other data, such as: token, phone number, bank card number, identification number, etc. may be determined according to actual conditions, and the present application does not limit this.
In this embodiment, the characteristic value may be a value for verifying whether the target service request is a replay attack, and the characteristic value may be calculated according to a preset formula based on a reference value and an offset of the target user stored in the first end. In a case that the target service is a login service, the reference value of the target user stored in the first end may be a preset initial reference value and an initial offset, and the initial reference value and the initial offset may be obtained by negotiation between the first end and the second end, that is, the initial reference value and the initial offset stored in the first end and the second end are the same.
In this embodiment, when the target service is not a login service, the reference value of the target user stored by the first end may be a value fed back to the first end by the second end after the last service request check is passed by the first end, so that the characteristic values in each service request of the user may be different.
In the present embodiment, the initial reference value and the initial offset value may be any randomly generated values, or may be default fixed values, which may be determined specifically according to actual conditions, and the present application does not limit the values.
In this embodiment, the first end may be a user end, the second end may be a service end for processing a service request, and data communication may be performed between the first end and the second end. Of course, the first end and the second end are not limited to the above examples, and other modifications are possible for those skilled in the art in light of the technical spirit of the embodiments of the present disclosure, and all that can be achieved is intended to be covered by the scope of the embodiments of the present disclosure as long as the functions and effects achieved by the embodiments of the present disclosure are the same or similar to the embodiments of the present disclosure.
In an embodiment, the target service request may be generated based on a user operation of a target user to start a terminal device corresponding to the first end or start a target service function in the terminal device corresponding to the first end, where starting the target service function may be realized by operating guidance prompt information displayed by the terminal device, the guidance prompt information may be text information, an image identifier, and the like, and the guidance prompt information may also be an operation control, and when the operation control is clicked, a trigger request may be generated, so as to start the target service function. The terminal device may be a terminal device or software operated and used by a target user. Specifically, the terminal device may be a terminal device such as a smart phone, a tablet computer, a notebook computer, a desktop computer, a smart watch, or other wearable devices, or may be a robot device. Of course, the terminal device may also be software that can run in the above terminal device. For example: system applications, payment applications, browsers, wechat applets, and the like.
In an embodiment, when receiving the target service request, the second end may determine, according to the routing configuration information, an interface call type corresponding to the target service request, where the interfaces of different types are used to process different services, and correspondingly, the interfaces of different types are configured with different service processing logics.
S202: acquiring a first verification information set of a target user according to a user information set of the target user; the first check information set comprises a reference value and an offset of the target user stored by the second end.
In this embodiment, since the user information set includes information for identifying the target user, the second end may obtain the first verification information set of the target user according to the user information set of the target user. The first check information set comprises a reference value and an offset of the target user stored by the second end.
In this embodiment, the first verification information set may store verification information for verifying the feature value, and the feature value is calculated from a reference value and an offset, so that the first verification information set includes the reference value and the offset of the target user stored at the second end. In some embodiments, the first check information set may further include information indicating a target user, so that the information may be used to determine to which user the reference value and the offset correspond.
In an embodiment, the reference value and the offset of the target user stored by the second end may be obtained by the second end randomly updating after the last service request verification is successful. It is understood that, if the target service is a login service, it means that the reference value and the offset of the target user stored in the second end are empty, and at this time, the initial reference value and the initial offset, which are pre-negotiated and set by the first end and the second end, may be used to calculate and check the characteristic value, and the initial reference value and the initial offset may be configured in the codes of the first end and the second end.
In this embodiment, different initial reference values and initial offset amounts may be set for different users, but it is needless to say that the same initial reference values and initial offset amounts may be set for different users. In some embodiments, the initial reference value and the initial offset may be different at different login times, and may be determined specifically according to an actual situation, which is not limited in this application.
S203: and executing the target service under the condition that the verification of the characteristic value is determined to pass according to the first verification information set and the preset formula.
In this embodiment, the second end may verify a feature value in the target service request according to the first verification information set and the preset formula, and may determine that the target service request is safe and not a replay attack when the feature value verification passes, and at this time, may execute the target service.
In this embodiment, since the second end updates the reference value and the offset correspondingly after each successful verification and synchronizes the updated values to the first end, the first end may have a difference in the feature values calculated according to the reference value and the offset each time a service is requested. Even though the attacker hears the service request data, the attacker cannot use the service request data to carry out replay attack because the characteristic value in the request data cannot pass the verification. And the attacker can not accurately calculate the number of the characteristic values which should be sent at the current moment when the attacker carries out replay attack according to the current service request data, so that replay attack can be effectively prevented by verifying the characteristic values. Based on this, in case that it is determined that the characteristic value check passes, the target service requested by the target service request may be executed.
In this embodiment, since the characteristic value is calculated according to the preset formula based on the reference value and the offset of the target user stored at the first end, the second end may reverse the calculation according to the reference value and the offset of the target user stored at the second end and the preset formula, that is, if the value calculated according to the reference value and the offset of the target user stored at the second end and the preset formula is equal to the characteristic value, it may be determined that the reference value and the offset of the target user stored at the first end are the same as the reference value and the offset of the target user stored at the second end, and thus it may be determined that the target service request is safe and not a replay attack.
In this embodiment, the target service may be a service requested by a user, and in some example scenarios, the target service may include: deposit, withdraw money, inquire balance, transact loan, modify password, log in, quit and view activity information, etc. Of course, the target service is not limited to the above examples, and other modifications are possible for those skilled in the art in light of the technical spirit of the embodiments of the present disclosure, and all that can be achieved by the embodiments of the present disclosure are intended to be covered by the scope of the embodiments of the present disclosure.
S204: and updating the reference value and the offset of the target user in the first check information set according to the characteristic value to obtain a second check information set.
In this embodiment, when the feature value is determined to pass the verification according to the first verification information set and the preset formula, the reference value and the offset of the target user in the first verification information set may be updated according to the feature value, so as to obtain the second verification information set.
In this embodiment, in order to ensure that the eigenvalue carried in the next service request is different from the current service request, the reference value and the offset of the target user in the first check information set may be updated according to the eigenvalue. In some embodiments, the reference value of the target user may be updated to be the characteristic value offset, the reference value of the target user may be updated to be the characteristic value and a new offset may be randomly generated, or the offset of the target user may be updated to be the characteristic value reference value. Of course, the way of updating the reference value and the offset of the target user in the first verification information set according to the above feature values is not limited to the above example, and other modifications may be made by those skilled in the art in light of the technical spirit of the embodiments of the present disclosure, but the present disclosure is intended to cover the scope of the embodiments of the present disclosure as long as the functions and effects achieved by the present disclosure are the same as or similar to the embodiments of the present disclosure.
In this embodiment, the reference value and the offset of the target user in the first check information set may be modified to updated values, or the first check information set may be deleted, and the second check information set of the target user may be regenerated based on the updated reference value and offset and stored in the second terminal. The specific method can be determined according to actual conditions, and the method is not limited in the application.
S205: and sending the reference value and the offset in the second check information set to the first end so that the first end updates the stored reference value and the stored offset.
In this embodiment, in order to ensure consistency between the reference value and the offset value stored in the first end and the second end, the reference value and the offset value in the second check information set may be transmitted to the first end so that the first end updates the stored reference value and offset value accordingly.
In this embodiment, only the latest reference value and offset may be stored in both the first end and the second end, and the reference value and offset stored in history may be deleted after each verification is successful, so as to reduce the amount of information that needs to be stored.
In this embodiment, the first end may calculate the characteristic value according to the reference value and the offset in the received second check information set in the next service request, so as to effectively check whether the service request is a replay attack according to the characteristic value.
In this embodiment, after the target service is successfully executed, the execution result of the target service may be sent to the first end together with the reference value and the offset in the second check information set. It is understood that the transmission may also be separately performed, which may be determined according to practical situations, and is not limited in this application.
From the above description, it can be seen that the embodiments of the present specification achieve the following technical effects: the target service request triggered by the target user sent by the first end can be received, the target service request comprises a user information set and a characteristic value, the user information set comprises information for identifying the user, and the characteristic value is calculated according to a preset formula according to a reference value and an offset of the target user stored by the first end. Therefore, the second end may obtain the first verification information set of the target user according to the user information set of the target user, where the first verification information set includes the reference value and the offset of the target user stored by the second end. Further, the target service may be executed by determining that the target service request is not a replay attack in a case where the verification of the characteristic value is determined to pass according to the first verification information set and the preset formula. In order to ensure that the characteristic value carried in the next service request is different from the current service request, the reference value and the offset of the target user in the first check information set can be updated according to the characteristic value, so as to obtain a second check information set. The reference value and the offset in the second check information set are sent to the first end, so that consistency of the reference value and the offset stored in the first end and the second end can be ensured. Since the second end updates the reference value and the offset correspondingly after each successful verification and synchronizes the updated values to the first end, the characteristic values calculated by the first end according to the reference value and the offset have differences each time the first end requests a service. Even though the attacker hears the service request data, the attacker cannot use the service request data to carry out replay attack because the characteristic value in the request data cannot pass the verification. The attacker can not accurately calculate the number of the characteristic values which should be sent at the current moment of attack according to the service request data, so that the replay attack can be effectively defended by checking the characteristic values. And the mode of checking by adopting the characteristic value does not need the accurate synchronization of both communication parties in time, and is more suitable for cross-region communication.
In one embodiment, after obtaining the first verification information set of the target user according to the user information set of the target user, the method may further include: and generating abnormal prompt information under the condition that the verification of the characteristic value is determined to be failed according to the first verification information set and the preset formula, sending the abnormal prompt information to the first end, and disconnecting the first end and the second end.
In the present embodiment, in the case where the feature value check is determined to fail according to the first check information set and the preset formula, it is described that the target service request is not secure and may be a replay attack. Therefore, at this time, the second end will reject the target service request, specifically, the second end may generate the exception prompting message according to the target service request, send the exception prompting message to the first end, and disconnect the connection between the first end and the second end.
In this embodiment, the abnormality indication information may include user identification information, a characteristic value, a password, an abnormality cause, and the like in the target service request, but it is understood that the abnormality indication information may also include other data, such as an IP Address (Internet Protocol Address) of the first end, and the like, and the details may be determined according to actual situations, and the present application does not limit the present invention. The abnormal prompt information can be displayed on a display interface of the first end in a prompt box form to prompt the user that the service request is abnormal and the user needs to try again.
In this embodiment, in order to ensure the security of the second peer, the communication connection between the first peer and the second peer may be disconnected in case that the verification of the characteristic value fails according to the first verification information set and the preset formula.
In an embodiment, the executing the target service when the verification of the feature value is determined to pass according to the first verification information set and the preset formula may include: and under the condition that the characteristic value passes the verification determined according to the first verification information set and the preset formula, determining the service processing logic of the current interface of the second end, so that the target service can be executed according to the service processing logic of the current interface.
In this embodiment, when receiving the target service request, the second end may determine an interface call type corresponding to the target service request according to the routing configuration information, where the interfaces of different types are used to process different services, and correspondingly, the interfaces of different types are configured with different service processing logics. Therefore, the service processing logic of the current interface of the second end can be determined, and the target service is executed according to the service processing logic of the current interface.
In this embodiment, the service processing logic may be a logic configured in advance by the system for each service to execute the service, and a specific configuration manner may be selected according to an actual situation, which is not limited in this application.
In an embodiment, since the state of the user may change due to the execution of different services, updating the reference value and the offset of the target user in the first check information set according to the characteristic value may include: and determining whether the target service is logged out or not according to the service processing logic of the current interface, and assigning the reference value and the offset of the target user in the first check information set to be null under the conditions of determining that the target service is logged out or the like.
In this embodiment, since log-out of the target user means that the target user does not perform any more service request, in order to ensure the security of the user account, the reference value and the offset of the target user in the first verification information set may be updated to be null when the target service requested by the target user is log-out, that is, the storage of the reference value and the offset of the target user in the first verification information set may be deleted.
In this embodiment, the service requested by the next service request after the target user logs out of the login is a login service, and the corresponding characteristic value also changes, so that an attacker can resend the service request data before the user logs out of the login, which is overheard by the attacker, to the second end in a manner of deleting the reference value and the offset of the target user stored in the second end when the target user logs out of the login, so that the replay attack can be effectively verified, and the storage pressure is reduced to a certain extent.
In one embodiment, after determining whether the target service is logged out according to the service processing logic of the current interface, the method may further include: and under the condition that the target service is determined not to log out, updating the reference value of the target user in the first check information set to be a characteristic value, and updating the offset of the target user in the first check information set to be a randomly generated value.
In this embodiment, in order to ensure that there is a difference between the value calculated from the updated reference value and offset and the feature value calculated without updating, when it is determined that the target service is not logged out, the reference value of the target user in the first verification information set may be updated to the feature value, and the offset of the target user in the first verification information set may be updated to a randomly generated value, so that the feature value used for verification in the next service request of the user is updated by updating the reference value and the offset, so that the feature value used for verification in the service request is in a constantly changing state, and thus, the accuracy and effectiveness of defending against replay attack may be improved.
In the present embodiment, the offset may be a numerical value other than 0 in order to ensure that there is a difference in the characteristic value calculated from the updated reference value and offset value and the characteristic value calculated without update. In some embodiments, the offset may be any data greater than 0, and of course, the offset may be a negative value. The specific method can be determined according to actual conditions, and the method is not limited in the application.
In the embodiment, a random algorithm can be used for randomly allocating a new offset to the target user, and the offset is randomly allocated and has no predictability, so that an attacker is difficult to crack. Thereby further improving the ability to defend against replay.
In one embodiment, the user information set of the target user may include: user number, password of the target user. When the user number is registered for the user, the background system generates a character string with a fixed number of bits according to a specific rule, and the character string can be used as a unique identifier of the user. When logging in, a user can log in by using a user number and a password, and the user number can also be called a user account in some scenes. It will of course be appreciated that the user information set may also contain other data, such as: token, phone number, bank card number, identification number, etc. may be determined according to actual conditions, and the present application does not limit this.
In one embodiment, obtaining the first verification information set of the target user according to the user information set of the target user may include: and acquiring a user verification information set stored by the second end, wherein the user verification information set can contain multiple groups of data, and each group of data can contain a user number, a reference value, an offset and the like. Further, the first verification information set of the target user can be determined according to the user number and the user verification information set of the target user.
In this embodiment, the second end may maintain a user verification information set, where information used for verification by each user may be stored, and the specific information may include: user number, reference value, offset, etc. The user number can uniquely identify the user, so that the first verification information set of the target user can be determined from the user verification information according to the user number in the user information set of the target user.
In an embodiment, the user verification information set may be stored in a table form, or may be stored in an image form, which may be determined according to an actual situation, and the application does not limit this. The user verification information set stored in the form of a table may be as shown in table 1:
TABLE 1
| User number (U) | Reference value (N) | Offset (M) |
| Number of user 0 (U0) | N0 | M0 |
| Number of user 1 (U1) | N1 | M1 |
| Number of user 2 (U2) | N2 | M2 |
| …… | …… | …… |
In one embodiment, the identity information of the user needs to be verified before the target service is executed, wherein the identity information needing to be verified may include but is not limited to: user number, password, login token, etc. The above-mentioned login token (token) is a secret number, and before some data transmission, the secret number is checked, and different secret numbers are authorized to operate different data. The login status of the user may be determined by the value of a token, which is similar to a long string encrypted by MD5(Message-Digest Algorithm).
In this embodiment, after the user logs in successfully, the backend (server) generates a unique value according to the user information, and this value is the token value. The token value is saved at the server side, and the corresponding user information can be retrieved by using the token value later, and the login state of the user can be judged. After the user logs in successfully, the server returns the generated token value to the user side, and the corresponding client side also stores the token value (generally, the token value may be stored in a Cookie, or the storage location may be determined manually by itself (for example, a preference setting)). When the client sends a new service request, the token value is automatically attached by default (transmitted to the server as a parameter), and the server can compare the token value transmitted by the client with the token value stored in the database so as to judge the user identity and the login state. If the client does not have this token value, meaning that no login has been successful, the user may be prompted to login. If the client has a token value, it is generally assumed that the login is successful and the user does not need to login again (enter the user number and password).
In this embodiment, the Cookie is a small text file stored on a browser of a user by a Web (global wide area network) server, can contain information about the user, is one of the main places where the user acquires, communicates and transmits information, and the Web site can access the Cookie information whenever the user is linked to the server.
In one embodiment, since the user does not have a login token when the user is not logged in, that is, the user identity information verification manner corresponding to the target service being the login service and not being the login service is different, it may be determined whether the current interface of the second end is the login interface, and in the case that the current interface of the second end is the login interface, it may be determined whether the user number and the password of the target user are matched. Further, under the condition that the user number of the target user is determined to be matched with the password, a login token of the target user is generated, and the login token and the reference value and the offset of the second check-up information set are sent to the first end.
In one embodiment, after determining whether the user number and the password of the target user match, the method may further include: and generating abnormal prompt information under the condition that the user number and the password of the target user are not matched, further sending the abnormal prompt information to the first end, and disconnecting the first end and the second end.
In this embodiment, the abnormality indication information may include user identification information, a characteristic value, a password, an abnormality cause, and the like in the target service request, but it is understood that the abnormality indication information may also include other data, such as an IP Address (Internet Protocol Address) of the first end, and the like, and the details may be determined according to actual situations, and the present application does not limit the present invention. The abnormal prompt message can be displayed on the display interface of the first end in a prompt box form to prompt the user to log in the abnormal condition and please try again.
In this embodiment, in order to ensure the security of the second peer, the communication connection between the first peer and the second peer may be disconnected if it is determined that the user number and the password of the target user do not match.
In one embodiment, in a case that the current interface of the second end is not a login interface, it indicates that the user has successfully logged in, and therefore, the user information set of the target user may further include: a login token for the target user. Correspondingly, after determining whether the current interface of the second end is the login interface, whether the login token of the target user is valid or not can be determined, and under the condition that the login token of the target user is determined to be valid or the like, the target service can be executed and the reference value and the offset in the second check-up information set can be sent to the first end.
In this embodiment, when it is determined that the login token of the target user is valid, it may be determined that the authentication of the target user passes, so that the target service may be executed and the reference value and the offset in the second verification information set may be sent to the first end.
In one embodiment, since the feature value is calculated according to a preset formula based on the reference value and the offset of the target user stored at the first end, the second end may perform a reverse-extrapolation according to the reference value and the offset of the target user stored at the second end and the preset formula to determine whether the feature value passes the verification. That is, if the value calculated according to the reference value and offset of the target user stored in the second end and the preset formula is equal to the characteristic value, it may be determined that the reference value and offset of the target user stored in the first end and the reference value and offset of the target user stored in the second end are the same, and thus it may be determined that the target service request is safe and not a replay attack. If not, it means that the target service request is not secure, and the communication connection with the first end needs to be disconnected.
In this embodiment, since the reference value and the offset in the first verification information set are null when the user is not logged in, determining whether the characteristic value passes the verification according to the first verification information set and the preset formula may include: and under the condition that the reference value and the offset in the first check information set are determined to be empty, obtaining an initial reference value and an initial offset, and calculating according to the initial reference value and the initial offset and a preset formula to obtain a first check value. Thereby determining that the characteristic value is verified in the case where it is determined that the first verification value is equal to the characteristic value.
In this embodiment, when it is determined that the reference value and the offset in the first check information set are not empty, it indicates that the user has successfully logged in, and at this time, the reference value and the offset updated after the last service request check is successful should be stored in the second end, so that the second check value can be calculated according to the reference value and the offset in the first check information set and according to a preset formula, and when it is determined that the second check value is equal to the above-mentioned feature value, it can be determined that the feature value check is passed.
In this embodiment, the first check value may be calculated from the initial reference value and the initial offset amount according to the following formula:
FlowNO=N0+M0 3
wherein the FlowNO is a first check value; n is a radical of0Is an initial reference value; m0Is the initial offset.
In this embodiment, the formula may be the preset formula, and since the offset in the preset formula is updated in a random manner and the offset needs to be raised to the power of 3, the feature value calculated by using the preset formula is more random and unpredictable, so that the security that a user requests to execute a service to the second end through a service request carrying the feature value is improved, and even if an attacker monitors a target service request sent by a current user, the feature value in the target service request is difficult to crack, the number of feature values to be carried in a next service request cannot be determined, so that the second end can effectively prevent replay attack, the security of a user account is effectively protected, and the user experience is improved.
Based on the same inventive concept, an information checking apparatus is further provided in the embodiments of the present specification, as in the following embodiments. Because the principle of the information verification device for solving the problems is similar to that of the information verification method, the implementation of the information verification device can refer to the implementation of the information verification method, and repeated parts are not described again. As used hereinafter, the term "unit" or "module" may be a combination of software and/or hardware that implements a predetermined function. Although the means described in the embodiments below are preferably implemented in software, an implementation in hardware, or a combination of software and hardware is also possible and contemplated. Fig. 3 is a block diagram of a structure of an information verification apparatus according to an embodiment of the present disclosure, and as shown in fig. 3, the information verification apparatus may include: the following describes the structure of the receiving module 301, the obtaining module 302, the processing module 303, the updating module 304, and the sending module 305.
A receiving module 301, configured to receive a target service request triggered by a target user sent by a first end; the target service request comprises a user information set and a characteristic value, the user information set comprises information for identifying a user, and the characteristic value is calculated by the first end according to a preset formula according to a stored reference value and an offset of a target user;
the obtaining module 302 may be configured to obtain a first verification information set of a target user according to a user information set of the target user; the first check information set comprises a reference value and an offset of a target user stored by the second end;
the processing module 303 may be configured to execute the target service when the verification of the feature value is determined to pass according to the first verification information set and the preset formula;
the updating module 304 may be configured to update the reference value and the offset of the target user in the first check information set according to the feature value, so as to obtain a second check information set;
the sending module 305 may be configured to send the reference value and the offset in the second check information set to the first end, so that the first end updates the stored reference value and offset.
The embodiment of the present specification further provides an electronic device, which may specifically refer to a schematic structural diagram of the electronic device based on the information verification method provided by the embodiment of the present specification, shown in fig. 4, and the electronic device may specifically include an input device 41, a processor 42, and a memory 43. The input device 41 may be specifically configured to input a target service request triggered by a target user and sent by the first end. The processor 42 may specifically be configured to receive a target service request triggered by a target user sent by the first end; the target service request comprises a user information set and a characteristic value, the user information set comprises information for identifying a user, and the characteristic value is calculated by the first end according to a preset formula according to a stored reference value and an offset of a target user; acquiring a first verification information set of a target user according to a user information set of the target user; the first check information set comprises a reference value and an offset of a target user stored by the second end; executing the target service under the condition that the verification of the characteristic value is determined to pass according to the first verification information set and a preset formula; updating the reference value and the offset of the target user in the first check information set according to the characteristic value to obtain a second check information set; and sending the reference value and the offset in the second check information set to the first end so that the first end updates the stored reference value and the stored offset. The memory 43 may be specifically used for storing parameters such as a reference value, an offset value, and a feature value of the target user.
In this embodiment, the input device may be one of the main apparatuses for information exchange between a user and a computer system. The input devices may include a keyboard, mouse, camera, scanner, light pen, handwriting input panel, voice input device, etc.; the input device is used to input raw data and a program for processing the data into the computer. The input device can also acquire and receive data transmitted by other modules, units and devices. The processor may be implemented in any suitable way. For example, the processor may take the form of, for example, a microprocessor or processor and a computer-readable medium that stores computer-readable program code (e.g., software or firmware) executable by the (micro) processor, logic gates, switches, an Application Specific Integrated Circuit (ASIC), a programmable logic controller, an embedded microcontroller, and so forth. The memory may in particular be a memory device used in modern information technology for storing information. The memory may include multiple levels, and in a digital system, memory may be used as long as binary data can be stored; in an integrated circuit, a circuit without a physical form and with a storage function is also called a memory, such as a RAM, a FIFO and the like; in the system, the storage device in physical form is also called a memory, such as a memory bank, a TF card and the like.
In this embodiment, the functions and effects specifically realized by the electronic device can be explained by comparing with other embodiments, and are not described herein again.
Embodiments of the present specification further provide a computer storage medium based on an information verification method, where the computer storage medium stores computer program instructions, and when the computer program instructions are executed, the computer storage medium may implement: receiving a target service request triggered by a target user and sent by a first end; the target service request comprises a user information set and a characteristic value, the user information set comprises information for identifying a user, and the characteristic value is calculated by the first end according to a preset formula according to a stored reference value and an offset of a target user; acquiring a first verification information set of a target user according to a user information set of the target user; the first check information set comprises a reference value and an offset of a target user stored by the second end; executing the target service under the condition that the verification of the characteristic value is determined to pass according to the first verification information set and a preset formula; updating the reference value and the offset of the target user in the first check information set according to the characteristic value to obtain a second check information set; and sending the reference value and the offset in the second check information set to the first end so that the first end updates the stored reference value and the stored offset.
In this embodiment, the storage medium includes, but is not limited to, a Random Access Memory (RAM), a Read-Only Memory (ROM), a Cache (Cache), a Hard Disk Drive (HDD), or a Memory Card (Memory Card). The memory may be used to store computer program instructions. The network communication unit may be an interface for performing network connection communication, which is set in accordance with a standard prescribed by a communication protocol.
In this embodiment, the functions and effects specifically realized by the program instructions stored in the computer storage medium can be explained by comparing with other embodiments, and are not described herein again.
It will be apparent to those skilled in the art that the modules or steps of the embodiments of the present specification described above may be implemented by a general purpose computing device, they may be centralized on a single computing device or distributed over a network of multiple computing devices, and alternatively, they may be implemented by program code executable by a computing device, such that they may be stored in a storage device and executed by a computing device, and in some cases, the steps shown or described may be performed in an order different from that described herein, or they may be separately fabricated into individual integrated circuit modules, or multiple ones of them may be fabricated into a single integrated circuit module. Thus, embodiments of the present description are not limited to any specific combination of hardware and software.
Although the embodiments herein provide the method steps as described in the above embodiments or flowcharts, more or fewer steps may be included in the method based on conventional or non-inventive efforts. In the case of steps where no causal relationship is logically necessary, the order of execution of the steps is not limited to that provided by the embodiments of the present description. When the method is executed in an actual device or end product, the method can be executed sequentially or in parallel according to the embodiment or the method shown in the figure (for example, in the environment of a parallel processor or a multi-thread processing).
It is to be understood that the above description is intended to be illustrative, and not restrictive. Many embodiments and many applications other than the examples provided will be apparent to those of skill in the art upon reading the above description. The scope of embodiments of the present specification should, therefore, be determined not with reference to the above description, but should instead be determined with reference to the appended claims, along with the full scope of equivalents to which such claims are entitled.
The above description is only a preferred embodiment of the embodiments of the present disclosure, and is not intended to limit the embodiments of the present disclosure, and it will be apparent to those skilled in the art that various modifications and variations can be made in the embodiments of the present disclosure. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the embodiments of the present disclosure should be included in the protection scope of the embodiments of the present disclosure.
Claims (16)
1. An information verification method, comprising:
receiving a target service request triggered by a target user and sent by a first end; the target service request comprises a user information set and a characteristic value, the user information set comprises information for identifying a user, and the characteristic value is calculated by the first end according to a stored reference value and an offset of the target user according to a preset formula;
acquiring a first verification information set of the target user according to the user information set of the target user; the first check information set comprises a reference value and an offset of the target user, which are stored by a second end;
executing the target service under the condition that the verification of the characteristic value is determined to pass according to the first verification information set and the preset formula;
updating the reference value and the offset of the target user in the first check information set according to the characteristic value to obtain a second check information set;
and sending the reference value and the offset in the second check information set to the first end so that the first end updates the stored reference value and the stored offset.
2. The method of claim 1, further comprising, after obtaining the first verification information set of the target user according to the user information set of the target user:
generating abnormal prompt information under the condition that the verification of the characteristic value is determined to be failed according to the first verification information set and the preset formula;
sending the abnormal prompt information to the first end;
disconnecting the first end from the second end.
3. The method according to claim 1, wherein the executing the target service in case that it is determined that the eigenvalue check passes according to the first check information set and the preset formula comprises:
determining the service processing logic of the current interface of the second end under the condition that the verification of the characteristic value is determined to pass according to the first verification information set and the preset formula;
and executing the target service according to the service processing logic of the current interface.
4. The method of claim 3, wherein updating the reference value and the offset of the target user in the first set of parity information according to the eigenvalue comprises:
determining whether the target service is logged out or not according to the service processing logic of the current interface;
and assigning the reference value and the offset of the target user in the first verification information set to be null under the condition that the target service is determined to be logged out and the like.
5. The method of claim 4, after determining whether the target service is logged off according to the service processing logic of the current interface, further comprising:
updating the reference value of the target user in the first verification information set to the characteristic value under the condition that the target service is determined not to log out or the like;
and updating the offset of the target user in the first check information set into a randomly generated value.
6. The method of claim 1, wherein the user information set of the target user comprises: and the user number and the password of the target user.
7. The method of claim 6, wherein obtaining the first verification information set of the target user according to the user information set of the target user comprises:
acquiring a user verification information set stored by the second end; the user verification information set comprises a plurality of groups of data, and each group of data comprises a user number, a reference value and an offset;
and determining a first verification information set of the target user according to the user number of the target user and the user verification information set.
8. The method of claim 6, wherein prior to executing the target service, comprising:
determining whether the current interface of the second end is a login interface;
under the condition that the current interface of the second end is determined to be a login interface, determining whether the user number and the password of the target user are matched;
under the condition that the user number of the target user is determined to be matched with the password, generating a login token of the target user;
and sending the reference value and the offset in the login token and the second check information set to the first end.
9. The method of claim 8, after determining whether the user number and the password of the target user match, further comprising:
generating abnormal prompt information under the condition that the user number and the password of the target user are determined not to be matched;
sending the abnormal prompt information to the first end;
disconnecting the first end from the second end.
10. The method of claim 8, wherein in the case that the current interface of the second end is not a login interface, the user information set of the target user further comprises: a login token for the target user;
correspondingly, after determining that the current interface of the second end is not the login interface, the method further includes:
determining whether the login token of the target user is valid;
and under the condition that the login token of the target user is determined to be valid, executing the target service and sending the reference value and the offset in the second check-up information set to the first end.
11. The method of claim 1, further comprising, after obtaining the first verification information set of the target user according to the user information set of the target user:
and determining whether the characteristic value passes the verification according to the first verification information set and the preset formula.
12. The method of claim 11, wherein determining whether the feature value is verified according to the first verification information set and the preset formula comprises:
acquiring an initial reference value and an initial offset under the condition that the reference value and the offset in the first check information set are determined to be empty;
calculating according to the initial reference value and the initial offset according to the preset formula to obtain a first check value;
determining that the feature value verifies if the first verification value is determined to be equal to the feature value.
13. The method of claim 12, further comprising:
under the condition that the reference value and the offset in the first check information set are determined not to be empty, calculating according to the reference value and the offset in the first check information set and the preset formula to obtain a second check value;
determining that the feature value check passes in a case where it is determined that the second check value is equal to the feature value.
14. The method of claim 12, wherein the first check value is calculated based on the initial reference value and the initial offset according to the following formula:
FlowNO=N0+M0 3
wherein FlowNO is a first check value; n is a radical of0Is an initial reference value; m0Is the initial offset.
15. An information verifying apparatus, comprising:
the receiving module is used for receiving a target service request triggered by a target user and sent by a first end; the target service request comprises a user information set and a characteristic value, the user information set comprises information for identifying a user, and the characteristic value is calculated by the first end according to a stored reference value and an offset of the target user according to a preset formula;
the acquisition module is used for acquiring a first verification information set of the target user according to the user information set of the target user; the first check information set comprises a reference value and an offset of the target user, which are stored by a second end;
the processing module is used for executing the target service under the condition that the verification of the characteristic value is determined to pass according to the first verification information set and the preset formula;
the updating module is used for updating the reference value and the offset of the target user in the first check information set according to the characteristic value to obtain a second check information set;
and the sending module is used for sending the reference value and the offset in the second check information set to the first end so that the first end updates the stored reference value and the stored offset.
16. A computer-readable storage medium having stored thereon computer instructions which, when executed, implement the steps of the method of any one of claims 1 to 14.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010978990.1A CN112104657B (en) | 2020-09-17 | 2020-09-17 | Information checking method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010978990.1A CN112104657B (en) | 2020-09-17 | 2020-09-17 | Information checking method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112104657A true CN112104657A (en) | 2020-12-18 |
| CN112104657B CN112104657B (en) | 2022-10-18 |
Family
ID=73758876
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010978990.1A Active CN112104657B (en) | 2020-09-17 | 2020-09-17 | Information checking method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112104657B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20170366558A1 (en) * | 2015-03-07 | 2017-12-21 | Huawei Technologies Co., Ltd. | Verification method, apparatus, and system used for network application access |
| US20180145833A1 (en) * | 2015-07-02 | 2018-05-24 | Alibaba Group Holding Limited | Using biometric features for user authentication |
| CN108810891A (en) * | 2017-04-27 | 2018-11-13 | 华为技术有限公司 | It is a kind of to realize authentication method, authenticating device and the user equipment for accessing network |
| CN110517389A (en) * | 2019-08-30 | 2019-11-29 | 联永智能科技(上海)有限公司 | Generation, verification method, device, equipment and the storage medium of device password |
-
2020
- 2020-09-17 CN CN202010978990.1A patent/CN112104657B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20170366558A1 (en) * | 2015-03-07 | 2017-12-21 | Huawei Technologies Co., Ltd. | Verification method, apparatus, and system used for network application access |
| US20180145833A1 (en) * | 2015-07-02 | 2018-05-24 | Alibaba Group Holding Limited | Using biometric features for user authentication |
| CN108810891A (en) * | 2017-04-27 | 2018-11-13 | 华为技术有限公司 | It is a kind of to realize authentication method, authenticating device and the user equipment for accessing network |
| CN110517389A (en) * | 2019-08-30 | 2019-11-29 | 联永智能科技(上海)有限公司 | Generation, verification method, device, equipment and the storage medium of device password |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112104657B (en) | 2022-10-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP7199775B2 (en) | Data processing method, data processing device, node device, and computer program based on smart contract | |
| US9432339B1 (en) | Automated token renewal using OTP-based authentication codes | |
| US9578004B2 (en) | Authentication of API-based endpoints | |
| CN101605108B (en) | Method, system and apparatus for instant communication | |
| US11146553B2 (en) | Systems and methods for online fraud detection | |
| WO2020248658A1 (en) | Abnormal account detection method and apparatus | |
| US8694993B1 (en) | Virtualization platform for secured communications between a user device and an application server | |
| CN102882676A (en) | Method and system for equipment to safely access Internet of things | |
| CN107248995B (en) | Account verification method and device | |
| CN112968910B (en) | Replay attack prevention method and device | |
| CN110912689A (en) | Method and system for generating and verifying unique value | |
| US20210349881A1 (en) | Data verification in a distributed data processing system | |
| EP3796613A1 (en) | Techniques for repeat authentication | |
| US9203616B1 (en) | Multi-server fault tolerant data store update | |
| CN112055008B (en) | Identity authentication method and device, computer equipment and storage medium | |
| CN113676452A (en) | Replay attack resisting method and system based on one-time secret key | |
| CN111541649B (en) | Password resetting method and device, server and storage medium | |
| CN111343177B (en) | Method, device, equipment and medium for supervising lightweight node | |
| CN112104657B (en) | Information checking method and device | |
| CN108924149B (en) | Token-based identity validity verification method and system | |
| CN113225348B (en) | Request anti-replay verification method and device | |
| CN104753755A (en) | System access method, system access device, application client, and IM background system | |
| CN111092864B (en) | Session protection method, device, equipment and readable storage medium | |
| CN107465744B (en) | Data downloading control method and system | |
| CN110585717A (en) | Information processing method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |