CN112235237A - Access method, system, device and medium based on multiple security protocols - Google Patents
Access method, system, device and medium based on multiple security protocols Download PDFInfo
- Publication number
- CN112235237A CN112235237A CN202010902886.4A CN202010902886A CN112235237A CN 112235237 A CN112235237 A CN 112235237A CN 202010902886 A CN202010902886 A CN 202010902886A CN 112235237 A CN112235237 A CN 112235237A
- Authority
- CN
- China
- Prior art keywords
- signature
- character string
- sequence
- multiple security
- acquiring
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 50
- 230000004044 response Effects 0.000 claims abstract description 40
- 238000012795 verification Methods 0.000 claims abstract description 14
- 238000013507 mapping Methods 0.000 claims description 3
- 230000008569 process Effects 0.000 abstract description 12
- 230000005540 biological transmission Effects 0.000 abstract description 4
- 230000006870 function Effects 0.000 description 10
- 230000008901 benefit Effects 0.000 description 4
- 230000002441 reversible effect Effects 0.000 description 3
- 238000013475 authorization Methods 0.000 description 2
- 238000006243 chemical reaction Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 239000000463 material Substances 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- BPFOQVIYHIFVRD-UHFFFAOYSA-N 1-decyl-1-oxidopiperidin-1-ium Chemical compound CCCCCCCCCC[N+]1([O-])CCCCC1 BPFOQVIYHIFVRD-UHFFFAOYSA-N 0.000 description 1
- 230000004075 alteration Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 235000014510 cooky Nutrition 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides an access method, a system, a device and a medium based on multiple security protocols, wherein the method comprises the steps of obtaining an access request of a target resource and obtaining a response message according to the access request; decoding the character string of the response message to obtain a first character string; dividing the first character string to obtain a header file, a load and a signature; verifying the signature through the header file, and outputting a data stream of the load when a verification result is correct; the method can avoid accidents such as messy codes, analysis errors and the like in the data transmission process by carrying out decryption transcoding on the obtained response message; the signature is verified after the character string obtained by decoding is divided, so that the information in the response message can be ensured not to be falsified, and the signature is used for verification and trust, so that the method is more reliable; meanwhile, the process from request to response is light and convenient enough, low in cost and low in consumption. The invention can be widely applied to the technical field of computer software.
Description
Technical Field
The invention belongs to the technical field of computer software, and particularly relates to an access method, a system, a device and a medium based on multiple security protocols.
Background
With the wider and wider business coverage area of enterprises and the continuous expansion of organization architecture, correspondingly, enterprises also need to develop a plurality of independent business systems in a targeted manner or continuously expand the functions of the business systems of the enterprises to maintain the normal operation of the enterprises, such as operation, maintenance, release, deployment platform, timing scheduling management, and daemon scheduling management. For the development of various subsystems and the implementation of extended functions, the development process can adopt various computer languages java, python, go and php, or complete the interaction of data by various protocols. However, due to the incompatibility of protocols, the data of each platform architecture is difficult to realize intercommunication and can only be simply and mechanically collected, so that the risk of data leakage is faced; due to the inconsistency of the communication protocol, the data structure and the form are inconsistent, and the operations such as network transmission, storage and the like are inconvenient.
Disclosure of Invention
In view of this, in order to solve one of the above technical problems, embodiments of the present invention provide an access method compatible with a common security protocol; meanwhile, the embodiment of the invention also provides a system, a device and a medium which can realize the access method based on multiple security protocols.
In a first aspect, an embodiment of the present invention provides an access method based on multiple security protocols, which includes the following steps:
acquiring an access request of a target resource, and acquiring a response message according to the access request;
decoding the character string of the response message to obtain a first character string;
dividing the first character string to obtain a header file, a load and a signature; and verifying the signature through the header file, and outputting the data stream of the load when the verification result is correct.
In some embodiments of the invention, the method further comprises the steps of: and acquiring an access request of the target resource, analyzing the access request, confirming a local storage file of the target resource, and outputting the local storage file.
In some embodiments of the present invention, the step of decoding the character string of the response packet to obtain the first character string specifically includes the following steps:
acquiring a character string of the response message, and acquiring a first sequence according to a coding mapping table, wherein data in the first sequence is decimal;
converting according to the first sequence to obtain a second sequence, wherein the data in the second sequence is a six-bit binary number,
combining according to the second sequence to obtain a third sequence, wherein data in the third sequence is eight-bit binary number;
a fourth sequence is obtained through conversion according to the third sequence, and data in the fourth sequence are decimal numbers; and splicing according to the fourth sequence and the ASCII code to obtain a first character string.
In some embodiments of the present invention, the step of verifying the signature by using the header file, and outputting a data stream of the payload when the verification result is correct specifically includes:
acquiring an encryption algorithm from the head file, and generating a second signature according to the encryption algorithm and the load;
and comparing the signature with the second signature, and when the signature is consistent with the second signature, the verification result is correct.
In some embodiments of the invention, the signature is obtained by key encryption; or by generating a public key and a private key from the private key.
In some embodiments of the invention, the load comprises at least one of: standard registration statements, public statements, and private statements.
The content of the standard registration statement comprises an issuer, a user facing, a receiver, an expiration timestamp and an issuing time.
In a second aspect, a technical solution of the present invention further provides a system for access based on multiple security protocols, including an access request unit, a response obtaining unit, and a decoding unit, where:
the access request unit is used for acquiring an access request of a target resource;
a response obtaining unit, configured to obtain a response packet according to the access request;
the decoding unit is used for decoding the character string of the response message to obtain a first character string; dividing the first character string to obtain a header file, a load and a signature; and verifying the signature through the header file, and outputting the data stream of the load when the verification result is correct.
In a third aspect, a technical solution of the present invention further provides an apparatus for accessing based on multiple security protocols, including:
at least one processor;
at least one memory for storing at least one program;
when the at least one program is executed by the at least one processor, the at least one processor is caused to implement the multiple security protocol based access method of the first aspect.
In a fourth aspect, the present invention also provides a storage medium in which a processor-executable program is stored, the processor-executable program being configured to implement the method as in the first aspect when executed by a processor.
Advantages and benefits of the present invention will be set forth in part in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention:
according to the access method based on multiple security protocols, provided by the embodiment of the invention, by carrying out decryption transcoding on the obtained response message, accidents such as messy codes and analysis errors can be avoided in the data transmission process; the signature is verified after the character string obtained by decoding is divided, so that the information in the response message can be ensured not to be falsified, and the signature is used for verification and trust, so that the method is more reliable; meanwhile, the process from request to response is light and convenient enough, low in cost and low in consumption.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
FIG. 1 is a core thread flow chart of an access method based on multiple security protocols according to an embodiment of the present invention;
FIG. 2 is a flowchart illustrating the detailed steps of an access method based on multiple security protocols according to an embodiment of the present invention;
fig. 3 is a schematic diagram of an access device based on multiple security protocols according to an embodiment of the present invention.
Detailed Description
Reference will now be made in detail to embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the accompanying drawings are illustrative only for the purpose of explaining the present invention, and are not to be construed as limiting the present invention. The step numbers in the following embodiments are provided only for convenience of illustration, the order between the steps is not limited at all, and the execution order of each step in the embodiments can be adapted according to the understanding of those skilled in the art.
As shown in fig. 1, the core concept of the technical solution provided by the embodiment of the present invention is to implement single sign-on and access through JWT based on an optimized coding and decoding algorithm of base 64. In the format data of JWT, header information (header), Payload (Payload), and Signature (Signature) are obtained by division with a symbol ". times.. The encoding and decoding processes are reversible, and plaintext, namely data of an access target, can be obtained by carrying out reverse pushing in an encoding mode.
In a first aspect, as shown in fig. 2, an embodiment of the present invention provides an access method based on multiple security protocols, which mainly includes steps S01-S03:
s01, obtaining the access request of the target resource and obtaining the response message according to the access request. Specifically, according to a specific user requirement, a request for accessing a resource of a corresponding service system is requested, in this embodiment, authentication and authorization of an access request are performed through a JWT (json Web token) framework, and in the JWT framework, when a browser or APP of a client serves as a calling end to call an interface API, a temporary token (token) issued by an API end is attached, so as to verify authorization information of a caller. And after the accessed server side confirms the authority verification of the corresponding client side and the user information, returning the entity main body according to the page information specified by the request in the access request, wherein the entity host is contained in the response message. Additionally, in embodiments, the protocols supported by the access request include HTTP, OAuth2, and custom authentication mechanisms; for example, using Basic Auth as specified in the HTTP specification, which requires an authenticated Header to be set in the response, the client must attach their credentials (creddenbtial), including its password, to each sub-response. If these credentials pass, the user's information is passed to the server application.
Besides, in the access method based on multiple security protocols in the embodiment, the method may further include: and acquiring an access request of the target resource, analyzing the target resource of the access request, confirming a local storage file of the target resource, and outputting the local storage file. Specifically, in the implementation process, the client does not submit the user name and the password every time, and in a general case, the client exchanges some reliable information with the server to obtain a Token, the Token serves as an authority key requested again by the client, and the Token is usually longer and more complicated than the password; for example, JWTs are typically as long as 150 characters. Once a token is obtained, it is attached each time the API is called. For another example, when the client sends an access request through a browser, the generated token may be stored in a local small text data file (cookies).
And S02, decoding the character string of the response message to obtain a first character string. Specifically, the obtained response message is decrypted to obtain a corresponding character string. In the JWT architecture of this embodiment, the Base64 encryption and decryption algorithm is used. Base64 is a method of representing binary data based on 64 printable characters. Base64 used 26 lower case letters, 26 upper case letters, 10 numbers, and two symbols, such as "+" and "-", for transmitting binary data in a text-based medium such as an email.
In this embodiment, the server side performs encryption, and taking the "pancku" character string as an example, it can be known from the ASCII lookup table that p corresponds to 112, a corresponds to 97, n corresponds to 110, g corresponds to 103, k corresponds to 107, and u corresponds to 117. After ASCII encoding, the pangku string becomes "11297110103107117". The decimal number is then converted to an eight-digit binary number, again for example decimal 112 corresponds to binary 01110000, and finally the string "pancku" is converted to "011100000110000101101110011001110110101101110101". The subdivision is then done every 6 bit group, resulting in "011100000110000101101110011001110110101101110101". Then, the binary number of one group of six digits is converted into decimal number, and the character string '28654625544553' is obtained. Finally, according to the customized base64 encoding table and automatic conversion according to the request domain name, in the embodiment, c and 6 corresponding to 28 in the customized base64 encoding table correspond to M, 5 corresponds to 3, 46 corresponds to k, 25 corresponds to W, 54 corresponds to 2, 45 corresponds to j, 53 corresponds to Z, and the finally encrypted base64 character string is cM3kW2 jZ.
The decoding process in the embodiment is a reverse-pushing process of encryption, and specifically, the decoding process includes steps S021 to S024:
s021, obtaining a character string of the response message, and obtaining a first sequence according to the coding mapping table, wherein data in the first sequence is decimal numbers. For example, the character string obtained by the response message is "cM 3kW2 jZ", according to the customized base64 encoding table, c corresponds to 28, M corresponds to 6, 3 corresponds to 5, k corresponds to 46, W corresponds to 25, 2 corresponds to 54, j corresponds to 45, and Z corresponds to 53. Through the optimized base64 table, we obtain decimal '28654625544553', which is the first sequence.
And S022, converting according to the first sequence to obtain a second sequence, wherein the data in the second sequence is a six-bit binary number. For example: decimal 28 corresponds to binary 011100, and converting the decimal number in the first sequence to a six digit binary number results in "011100000110000101101110011001110110101101110101", which is the second sequence.
And S023, combining according to the second sequence to obtain a third sequence, wherein the data in the third sequence is eight-bit binary number. For example: the second sequence is recombined in octets to obtain "011100000110000101101110011001110110101101110101" which is the third sequence.
S024, converting according to the third sequence to obtain a fourth sequence, wherein data in the third character string is decimal; splicing according to the fourth sequence and the ASCII code to obtain a first character string; specifically, the octet binary number in the third sequence is converted into a decimal number, i.e., a fourth sequence "11297110103107117" is obtained, and then converted into the final character string "pancku" through ASCII code.
S03, dividing the first character string into a header file, a load and a signature; verifying the signature through the header file, and outputting a data stream of the load when a verification result is correct; specifically, a message in JWT format consists of three parts, namely a header, a payload, and a signature, separated by ". times.. When dividing the character string, the content can be divided directly by the separating symbols.
In this embodiment, the header file consists of two parts, the token type is: JWT, hashing algorithms include HMAC, RSASSA-PSS, etc.
The payload carries the specific access data content, which also includes claims (Claim), which are the status of some entities, such as the user and additional metadata. In this embodiment, the types of Claim include three types: standard registration statements, public statements, and private statements; wherein, standard registration statements (Reserved containers) are predefined by JWT, they are not mandatory to use in JWT but recommended to use, commonly used Reserved containers include issuers (iss), i.e. issuers of JWT, whose value should be case-sensitive character string or Uri; expiration time stamp (exp), the expiration time of jwt, must be a digital type that can be resolved to a time/timestamp, and the server should verify that the current time is greater than the expiration time and not pass; the facing user (sub), i.e. the owner of the JWT, may be a user ID, a unique identification; the receiver (aud), i.e. the applicable object of JWT, should be a case-sensitive string or Uri, which may be a specific App, service or module in general, and the server-side security policy must be aud consistent issuing time when issuing and verifying; (iat) the time of issuance of JWT, like exp, needs to be of a numeric type that can be resolved to time. Public announcements (Public claims): defining own fields according to needs, and paying attention to avoid collision; private declaration (Private clients): these are custom fields that can be used to exchange information between two parties.
The signature is generated by using the encoded header and payload and a secret key in the encoding or encryption process, and the signature is generated by using a signature algorithm specified in the header. For example, using the HMAC SHA256 algorithm, the signature is created using the following: HMACSHA256(base64UrlEncode (header) + "" + base64UrlEncode (payload), secret). The signature is mainly used to verify the sender of the message and that the message has not been tampered, for example, if the header and the payload are maliciously decoded, modified and encoded, then the signature of the new header and payload will be different from the previous signature, so as to verify the token.
For example, in the specific implementation process of this embodiment, the obtained character strings of the response packet are:
eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImp0aSI6IjYzZWY5MWRkMjZkN2M5MDMifQ.eyJpc3MiOiJwYW5na3VfdWNlbnRlciIsImF1ZCI6ImNoYW5uZWxfYWRtaW4iLCJqdGkiOiI2M2VmOTFkZDI2ZDdjOTAzIiwiaWF0IjoxNTk3Mjg5MTE2LCJuYmYiOjE1OTcyODkxMTYsImV4cCI6MTU5NzI5NjMxNiwidXNlcmluZm8iOiJ7XCJ1c2VybmFtZVwiOlwiXFx1NTlkYVxcdTZi MjNcXHU5NTQ3XCIsXCJlbWFpbFwiOlwiMTU5MTMzOTU2MzNAcGFuZ2t1LmNvbVwiLFw iY2VsbHBob25lXCI6XCIxNTkxMzM5NTYzM1wiLFwib3Blbl91aWRcIjpcIjY5YTk3YWJjM2E5ODY5MGY3ZTZmMTM1ODAyYWJkOWEzXCIsXCJzZXhcIjoxLFwicGljXCI6XCJcIixcImRlcF9uYW1lXCI6XCJcXHU2MjgwXFx1NjcyZlxcdTkwZThcIixcImRlcF9ub1wiOlwiZ2diXCIsXCJkZ XBfdHlwZVwiOjN9In0.EOpP4vooA7Dofz0czJT5uSkp9JZhwqmaKCxhOtWfHutXxOrQplULvsK se_CHh5gN0OGyxs3_V273IiQlLn1_j3gfOFu-sD6wri9-c4ToUsWwOz1VE3Qg_ij8kjHE-QkJBtIPg0Y2gTIBNqX8Cfe2g2h1d08h-TERPa1CL44OSUUkQeohGq32EhOqukOxy_GYGeNambWtdnKf SL-f0slfVr7G8kJwQD8n4pKiabEhnwjTjFE-FV38lEakRjPkkhSekxo0kD-o61QahaRh7vlOHVzXze1mMuCKJYYSB7LLZbVaqn8vdVuZnxisn3PeQPOQwSpKg7FuFMu03wf0w8UwTA。
completing the division according to the symbol ". The obtained header character string is:
eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImp0aSI6IjYzZWY5MWRkMjZkN2M5MDMifQ
the plaintext obtained after decoding is: { "typ": JWT "," alg ": RS256", "jti": 63ef91dd26d7c903 "}. Similarly, the payload character string obtained by dividing according to the symbol ".", after decoding, the following result is obtained:
{"iss":"pangku_ucenter","aud":"channel_admin","jti":"63ef91dd26d7c903","iat":1597289116,"nbf":1597289116,"exp":1597296316,"userinfo":"{\"username\":\"\\u59da\\u6b23\\u9547\",\"email\":\"15913395633@pangku.com\",\"cellphone\":\"15913395633\",\"open_uid\":\"69a97abc3a98690f7e6f135802abd9a3\",\"sex\":1,\"pic\":\"\",\"dep_name\":\"\\u6280\\u672f\\u90e8\",\"dep_no\":\"ggb\",\"dep_type\":3}"}
and finally, the rest part is the signature, and after the signature is verified to be correct, the plaintext content of the payload is output after the payload is confirmed to be not maliciously tampered.
In addition, in this embodiment, in step S03, the process of verifying the signature by using the header file specifically includes steps S031-S032:
s031, obtain the encryption algorithm from the header file, produce the second signature according to encryption algorithm and load; specifically, the analysis header obtains the encryption algorithm, encodes the encryption algorithm according to the decoded payload and the header, and generates a signature correspondingly, the signature is recorded as a second signature, and the first signature is a signature generated when the whole response message is generated.
S032, comparing the signature with the second signature, and if the signature is consistent with the second signature, verifying that the result is correct; specifically, the first signature and the second signature obtained respectively are compared, and if the header and the content of the payload are modified after being decoded maliciously and then encoded, the new signature of the header and the payload, that is, the second signature and the previous signature will be different. Moreover, when a malicious attacker does not know the key encrypted by the server, the obtained signatures are also different.
In addition, in some embodiments, the signature in the response message may be obtained by encrypting a secret key, or may be obtained by an asymmetric encryption method, that is, a pair of secret keys is generated, and the server end completes encryption of the header and payload of the response message by using a private key to obtain a corresponding signature; the public key is published in the whole network, and the client side completes the verification of the signature through the public key.
In a second aspect, a technical solution of the present invention further provides a system for access based on multiple security protocols, which includes an access request unit, a response obtaining unit, and a decoding unit, wherein:
the access request unit is used for acquiring an access request of a target resource;
a response obtaining unit, configured to obtain a response packet according to the access request;
the decoding unit is used for decoding the character string of the response message to obtain a first character string; dividing the first character string to obtain a header file, a load and a signature; and verifying the signature through the header file, and outputting the data stream of the load when the verification result is correct.
In a third aspect, as shown in fig. 3, an embodiment of the present invention further provides an apparatus for access based on multiple security protocols, which includes at least one processor; at least one memory for storing at least one program; when the at least one program is executed by the at least one processor, the at least one processor is caused to implement a multiple security protocol based access method as in the first aspect.
An embodiment of the present invention further provides a storage medium storing a program, where the program is executed by a processor as the method in the first aspect.
From the above specific implementation process, it can be concluded that the technical solution provided by the present invention has the following advantages or advantages compared to the prior art:
1. the embodiment provided by the invention can avoid the risk of character string transmission process, knowing the encoding mode and jwt plaintext data leakage.
2. The embodiment provided by the invention can realize single sign-on compatible with various common security protocols.
In alternative embodiments, the functions/acts noted in the block diagrams may occur out of the order noted in the operational illustrations. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality/acts involved. Furthermore, the embodiments presented and described in the flow charts of the present invention are provided by way of example in order to provide a more thorough understanding of the technology. The disclosed methods are not limited to the operations and logic flows presented herein. Alternative embodiments are contemplated in which the order of various operations is changed and in which sub-operations described as part of larger operations are performed independently.
Furthermore, although the present invention is described in the context of functional modules, it should be understood that, unless otherwise stated to the contrary, one or more of the functions and/or features may be integrated in a single physical device and/or software module, or one or more of the functions and/or features may be implemented in a separate physical device or software module. It will also be appreciated that a detailed discussion of the actual implementation of each module is not necessary for an understanding of the present invention. Rather, the actual implementation of the various functional modules in the apparatus disclosed herein will be understood within the ordinary skill of an engineer, given the nature, function, and internal relationship of the modules. Accordingly, those skilled in the art can, using ordinary skill, practice the invention as set forth in the claims without undue experimentation. It is also to be understood that the specific concepts disclosed are merely illustrative of and not intended to limit the scope of the invention, which is defined by the appended claims and their full scope of equivalents.
Wherein the functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The logic and/or steps represented in the flowcharts or otherwise described herein, e.g., an ordered listing of executable instructions that can be considered to implement logical functions, can be embodied in any computer-readable medium for use by or in connection with an instruction execution system, apparatus, or device, such as a computer-based system, processor-containing system, or other system that can fetch the instructions from the instruction execution system, apparatus, or device and execute the instructions. For the purposes of this description, a "computer-readable medium" can be any means that can contain, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device.
More specific examples (a non-exhaustive list) of the computer-readable medium would include the following: an electrical connection (electronic device) having one or more wires, a portable computer diskette (magnetic device), a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber device, and a portable compact disc read-only memory (CDROM). Additionally, the computer-readable medium could even be paper or another suitable medium upon which the program is printed, as the program can be electronically captured, via for instance optical scanning of the paper or other medium, then compiled, interpreted or otherwise processed in a suitable manner if necessary, and then stored in a computer memory.
It should be understood that portions of the present invention may be implemented in hardware, software, firmware, or a combination thereof. In the above embodiments, the various steps or methods may be implemented in software or firmware stored in memory and executed by a suitable instruction execution system. For example, if implemented in hardware, as in another embodiment, any one or combination of the following techniques, which are known in the art, may be used: a discrete logic circuit having a logic gate circuit for implementing a logic function on a data signal, an application specific integrated circuit having an appropriate combinational logic gate circuit, a Programmable Gate Array (PGA), a Field Programmable Gate Array (FPGA), or the like.
In the description herein, references to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
While embodiments of the invention have been shown and described, it will be understood by those of ordinary skill in the art that: various changes, modifications, substitutions and alterations can be made to the embodiments without departing from the principles and spirit of the invention, the scope of which is defined by the claims and their equivalents.
While the preferred embodiments of the present invention have been illustrated and described, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims.
Claims (10)
1. An access method based on multiple security protocols, characterized by comprising the steps of:
acquiring an access request of a target resource, and acquiring a response message according to the access request;
decoding the character string of the response message to obtain a first character string;
dividing the first character string to obtain a header file, a load and a signature; and verifying the signature through the header file, and outputting the data stream of the load when the verification result is correct.
2. The multiple security protocol based access method of claim 1, further comprising the steps of:
acquiring an access request of a target resource, analyzing the access request, confirming a local storage file of the target resource, and outputting the local storage file.
3. The multiple security protocols-based access method according to claim 1, wherein the step of decoding the character string of the response packet to obtain the first character string specifically comprises the steps of:
acquiring a character string of the response message, and acquiring a first sequence according to a coding mapping table, wherein data in the first sequence is decimal;
converting according to the first sequence to obtain a second sequence, wherein data in the second sequence is a six-bit binary number;
combining according to the second sequence to obtain a third sequence, wherein data in the third sequence is an eight-bit binary number;
converting according to the third sequence to obtain a fourth sequence, wherein data in the fourth sequence are decimal numbers; and splicing according to the fourth sequence and the ASCII code to obtain a first character string.
4. The multiple security protocols-based access method according to claim 1, wherein the step of verifying the signature by the header file and outputting the data stream of the payload when the verification result is correct includes the following steps:
acquiring an encryption algorithm from the header file, and generating a second signature according to the encryption algorithm and the load;
and comparing the signature with the second signature, and when the signature is consistent with the second signature, verifying that the result is correct.
5. The multiple security protocol based access method of claim 1, wherein the signature is obtained by key encryption;
or
The method comprises the steps of generating a public key and a private key and obtaining the public key and the private key according to the private key.
6. An access method based on multiple security protocols according to any one of claims 1-5, characterized in that the payload comprises at least one of the following three: standard registration statements, public statements, and private statements.
7. The multiple security protocol-based access method of claim 6, wherein the standard registration statement comprises an issuer, a user, a receiver, an expiration timestamp, and an issue time.
8. A system for access based on multiple security protocols is characterized by comprising an access request unit, a response acquisition unit and a decoding unit, wherein:
the access request unit is used for acquiring an access request of a target resource;
the response acquiring unit is used for acquiring a response message according to the access request;
the decoding unit is used for decoding the character string of the response message to obtain a first character string; dividing the first character string to obtain a header file, a load and a signature; and verifying the signature through the header file, and outputting the data stream of the load when the verification result is correct.
9. An apparatus for access based on multiple security protocols, comprising:
at least one processor;
at least one memory for storing at least one program;
when executed by the at least one processor, cause the at least one processor to implement a multiple security protocol based access method according to any one of claims 1-7.
10. A storage medium having stored therein a program executable by a processor, characterized in that: the processor executable program when executed by a processor is for implementing a multiple security protocol based access method as claimed in any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010902886.4A CN112235237A (en) | 2020-09-01 | 2020-09-01 | Access method, system, device and medium based on multiple security protocols |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010902886.4A CN112235237A (en) | 2020-09-01 | 2020-09-01 | Access method, system, device and medium based on multiple security protocols |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112235237A true CN112235237A (en) | 2021-01-15 |
Family
ID=74116974
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010902886.4A Pending CN112235237A (en) | 2020-09-01 | 2020-09-01 | Access method, system, device and medium based on multiple security protocols |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112235237A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114095177A (en) * | 2021-11-18 | 2022-02-25 | 中国银行股份有限公司 | Information security processing method and device, electronic equipment and storage medium |
| CN114374517A (en) * | 2021-12-08 | 2022-04-19 | 天翼物联科技有限公司 | API calling method, system, device and storage medium based on dynamic timestamp |
| CN115834254A (en) * | 2023-02-16 | 2023-03-21 | 北京安锐卓越信息技术股份有限公司 | Network content security protection method and device, storage medium and electronic equipment |
-
2020
- 2020-09-01 CN CN202010902886.4A patent/CN112235237A/en active Pending
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114095177A (en) * | 2021-11-18 | 2022-02-25 | 中国银行股份有限公司 | Information security processing method and device, electronic equipment and storage medium |
| CN114095177B (en) * | 2021-11-18 | 2024-01-26 | 中国银行股份有限公司 | Information security processing method and device, electronic equipment and storage medium |
| CN114374517A (en) * | 2021-12-08 | 2022-04-19 | 天翼物联科技有限公司 | API calling method, system, device and storage medium based on dynamic timestamp |
| CN115834254A (en) * | 2023-02-16 | 2023-03-21 | 北京安锐卓越信息技术股份有限公司 | Network content security protection method and device, storage medium and electronic equipment |
| CN115834254B (en) * | 2023-02-16 | 2023-04-28 | 北京安锐卓越信息技术股份有限公司 | Network content security protection method and device, storage medium and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110933118B (en) | Edge computing gateway secure communication method, system, terminal equipment and server | |
| CN112235237A (en) | Access method, system, device and medium based on multiple security protocols | |
| JP5021215B2 (en) | Reliable third-party authentication for web services | |
| KR101658501B1 (en) | Digital signature service system based on hash function and method thereof | |
| CN101247407B (en) | Network authentication service system and method | |
| US8959570B2 (en) | Verifying a security token | |
| US10237270B2 (en) | Distributed storage of authentication data | |
| CN113966625B (en) | Techniques for certificate handling in the core network domain | |
| US20160119784A1 (en) | Authentication of phone caller identity | |
| JP2016515235A5 (en) | ||
| CN105208024B (en) | Without using the data safe transmission method and system of HTTPS, client and server-side | |
| CN106470201A (en) | A kind of user authen method and device | |
| CN110138739B (en) | Data information encryption method and device, computer equipment and storage medium | |
| JP5602165B2 (en) | Method and apparatus for protecting network communications | |
| CA2798024C (en) | One time passwords with ipsec and ike version 1 authentication | |
| CN109981287A (en) | A kind of code signature method and its storage medium | |
| US11882117B1 (en) | System and method for device label scan based zero touch device onboarding and device directory service | |
| CN104579657A (en) | Method and device for identity authentication | |
| US20100313012A1 (en) | light access authentication method and system | |
| CN114127764A (en) | Destination addressing associated with distributed ledger | |
| Horsch et al. | PALPAS--PAssword Less PAssword Synchronization | |
| US20210377051A1 (en) | Method of establishing a future 2-way authentication between a client application and an application server | |
| JP2020078067A (en) | System and method for securely enabling user with mobile device to access capabilities of standalone computing device | |
| WO2007018476A1 (en) | Hybrid cryptographic approach to mobile messaging | |
| WO2023177490A1 (en) | Device and method for issuing a limited-use electronic certificate |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210115 |
|
| RJ01 | Rejection of invention patent application after publication |