CN112787821A - Asymmetric encryption Token verification method, server, client and system - Google Patents
Asymmetric encryption Token verification method, server, client and system Download PDFInfo
- Publication number
- CN112787821A CN112787821A CN202110004736.6A CN202110004736A CN112787821A CN 112787821 A CN112787821 A CN 112787821A CN 202110004736 A CN202110004736 A CN 202110004736A CN 112787821 A CN112787821 A CN 112787821A
- Authority
- CN
- China
- Prior art keywords
- token
- server
- client
- private key
- ciphertext
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 44
- 238000012795 verification Methods 0.000 title claims abstract description 23
- 238000010586 diagram Methods 0.000 description 3
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000008859 change Effects 0.000 description 1
- 238000005336 cracking Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
- H04L9/3213—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the invention discloses an asymmetric encryption Token verification method, a server, a client and a system, which improve the system security through the asymmetric encryption Token, when the client successfully logs in by using a user name and a password, and the server transmits the Token to the client or the client requests data to the server to carry the Token, the Token cannot be directly used for requesting the data even if intercepted, and the Token can only be used for requesting the data from the server after a private key of a sending end and a public key of a receiving end are decrypted to obtain a real Token. Meanwhile, even if the user name and the password are not allowed to be input by the user, if the Token cannot be decrypted and encrypted correctly, the Token cannot be exempted from login authentication in subsequent data requests and used for Token authentication. And long time is needed for decrypting and acquiring the real Token for the server to acquire the information, so that the data security is effectively ensured.
Description
Technical Field
The embodiment of the invention relates to the technical field of information security, in particular to an asymmetric encryption Token verification method, a server, a client and a system.
Background
With the development of the times, the lives of people are inseparable from data, wherein data security and information security are particularly important for people. This is especially true for an enterprise, after logging in for the first time, the server will generate a Token and return the Token to the client, and when entering the intranet using VPN or the like, the Token may be intercepted in a way of Trojan or the like. If the Token sent by the server to the client is intercepted, the interceptor can carry the Token to request data from the server to acquire server information, and a hacker uses the server to obtain the server information without using a user name and a password to verify login, so that the information in the server is leaked, and an unauthorized user can acquire the server data, thereby threatening the information security of the server.
Disclosure of Invention
Therefore, the embodiment of the invention provides an asymmetric encryption Token verification method, a server, a client and a system, so as to solve the problems that the Token sent to the client by the existing enterprise server is easy to intercept, an interceptor carries the Token to request data from the server to acquire server information, and login is not required to be verified by using a user name and a password, so that the server information is leaked.
In order to achieve the above object, the embodiments of the present invention provide the following technical solutions:
according to a first aspect of the embodiments of the present invention, an asymmetric encryption Token verification method is provided, which is applied to a server, and the method includes:
after the client successfully logs in the server by using the user name and the password, generating and storing Token;
firstly encrypting the Token by using a client public key, then carrying out secondary encryption by using a server private key to obtain a first Token ciphertext, and sending the first Token ciphertext to the client, so that the client firstly decrypts the first Token ciphertext by using the server public key and then decrypts the first Token ciphertext by using a client private key to obtain the Token and stores the Token;
receiving request information sent by a client, wherein the request information carries a second Token ciphertext, and the second Token ciphertext is obtained by encrypting the Token obtained by the client by using a server public key firstly and then performing secondary encryption by using a client private key;
and decrypting the second Token ciphertext carried in the request information by using the client public key firstly and then decrypting by using the server private key to obtain the Token, comparing the obtained Token with the Token stored by the server, if the obtained Token is the same as the server public key, returning the request data to the client, and if the obtained Token is not the same as the server private key, refusing to return the data.
Further, the method further comprises:
and generating a server public and private key pair, reserving a server private key and sending the server public key to the client.
Further, the method further comprises:
and regularly replacing the generated server public and private key pair.
According to a second aspect of the embodiments of the present invention, there is provided a server, including:
the Token generation module is used for generating and storing a Token after the client successfully logs in by using the user name and the password;
the Token encryption module is used for encrypting the Token by using a client public key firstly and then carrying out secondary encryption by using a server private key to obtain a first Token ciphertext, and the first Token ciphertext is sent to the client, so that the client receives the first Token ciphertext, then decrypts the first Token ciphertext by using the server public key firstly and then decrypts the first Token ciphertext by using a client private key to obtain the Token and stores the Token;
the system comprises a request receiving module, a first Token cipher text generation module and a second Token cipher text generation module, wherein the request receiving module is used for receiving request information sent by a client, the request information carries the second Token cipher text, and the second Token cipher text is obtained by encrypting the Token obtained by the client by using a server public key firstly and then performing secondary encryption by using a client private key;
and the Token verification module is used for decrypting a second Token ciphertext carried in the request information by using a client public key firstly and then by using a server private key to obtain a Token, comparing the obtained Token with the Token stored by the server, if the obtained Token is the same as the server private key, returning the request data to the client, and if the obtained Token is not the same as the server private key, refusing to return the data.
According to a third aspect of the embodiments of the present invention, an asymmetric encryption Token verification method is provided, which is applied to a client, and the method includes:
logging in a server by using a user name and a password so as to generate and store a Token at the server after successful logging in;
receiving a first Token ciphertext sent by a server, wherein the first Token ciphertext is obtained by encrypting the Token by using a client public key and then performing secondary encryption by using a server private key by the server;
after receiving the first Token ciphertext, firstly decrypting by using a server public key and then decrypting by using a client private key to obtain and store the Token;
the server public key is used for encrypting the obtained Token, the client private key is used for carrying out secondary encryption to obtain a second Token ciphertext, the second Token ciphertext is carried to send request information to the server, so that after the server receives the request information, the server decrypts the second Token ciphertext carried in the request information by using the client public key and then carries out decryption by using the server private key to obtain the Token, the obtained Token is compared with the Token stored in the server, if the obtained Token is the same as the server stored Token, request data are returned to the client, and if the obtained Token is different from the server stored Token, the data are refused to be returned.
Further, the method further comprises:
and generating a client public and private key pair, reserving a client private key and sending the client public key to the server.
Further, the method further comprises:
and regularly replacing the generated client public and private key pair.
According to a fourth aspect of the embodiments of the present invention, there is provided a client, including:
the login module is used for logging in the server by using the user name and the password so as to generate and store Token at the server after successful login;
the Token receiving module is used for receiving a first Token ciphertext sent by a server, wherein the first Token ciphertext is obtained by encrypting the Token by using a client public key and then performing secondary encryption by using a server private key by the server;
the Token decryption module is used for decrypting by using a server public key and then by using a client private key after receiving the first Token ciphertext to obtain and store the Token;
the request sending module is used for firstly encrypting the acquired Token by using the server public key and then carrying out secondary encryption by using the client private key to obtain a second Token ciphertext, carrying the second Token ciphertext to send request information to the server, so that after the server receives the request information, the server decrypts the second Token ciphertext carried in the request information by using the client public key and then carries out decryption by using the server private key to obtain the Token, compares the obtained Token with the Token stored by the server, returns the request data to the client if the obtained Token is the same as the server, and refuses to return the data if the obtained Token is different from the server.
According to a fifth aspect of the embodiments of the present invention, there is provided an asymmetric encryption Token verification system, the system including: a processor and a memory;
the memory is to store one or more program instructions;
the processor is configured to execute one or more program instructions to perform a Token authentication method as applied to the server or to perform a Token authentication method as applied to the client.
According to a sixth aspect of embodiments of the present invention, there is provided a computer storage medium having one or more program instructions embodied therein for performing a Token authentication method as applied to a server or performing a Token authentication method as applied to a client.
The embodiment of the invention has the following advantages:
according to the asymmetric encryption Token verification method, the server, the client and the system provided by the embodiment of the invention, the security of the system is improved through the asymmetric encryption Token, when the client successfully logs in by using a user name and a password, the Token is transmitted to the client by the server or the client requests data to the server to carry the Token, the Token cannot be directly used for requesting the data even if intercepted, and the Token can only be used for requesting the data from the server after a private key of a sending end and a public key of a receiving end are decrypted to obtain a real Token. Meanwhile, even if the user name and the password are not allowed to be input by the user, if the Token cannot be decrypted and encrypted correctly, the Token cannot be exempted from login authentication in subsequent data requests and used for Token authentication. And long time is needed for decrypting and acquiring the real Token for the server to acquire the information, so that the data security is effectively ensured.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below. It should be apparent that the drawings in the following description are merely exemplary, and that other embodiments can be derived from the drawings provided by those of ordinary skill in the art without inventive effort.
Fig. 1 is a schematic flow chart of an asymmetric encryption Token verification method provided in embodiment 1 of the present invention;
fig. 2 is a schematic structural diagram of a server according to embodiment 2 of the present invention;
fig. 3 is a schematic flowchart of an asymmetric encryption Token verification method according to embodiment 3 of the present invention;
fig. 4 is a schematic structural diagram of a client according to embodiment 4 of the present invention;
fig. 5 is a schematic structural diagram of an asymmetric encryption Token verification system provided in embodiment 5 of the present invention.
Detailed Description
The present invention is described in terms of particular embodiments, other advantages and features of the invention will become apparent to those skilled in the art from the following disclosure, and it is to be understood that the described embodiments are merely exemplary of the invention and that it is not intended to limit the invention to the particular embodiments disclosed. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Embodiment 1 of the present invention provides an asymmetric encryption Token verification method, which is applied to a server, and as shown in fig. 1, the method includes the following steps:
and step S110, after the client successfully logs in the server by using the user name and the password, generating and storing Token. When the client correctly inputs the username and password, the server generates a Token accordingly, and can record the session between the client and the server.
And step S120, encrypting the Token by using the client public key firstly, then carrying out secondary encryption by using the server private key to obtain a first Token ciphertext, and sending the first Token ciphertext to the client, so that the client decrypts the first Token ciphertext by using the server public key firstly and then decrypts the first Token ciphertext by using the client private key to obtain the Token and stores the Token.
The server firstly encrypts by using the public key of the client and then encrypts by using the private key of the server, and then sends the Token after the two times of encryption to the client. And the client decrypts the data by using the public key of the server after receiving the data and then decrypts the data by using the private key of the client to obtain the Token.
Step S130, receiving request information sent by the client, wherein the request information carries a second Token ciphertext, and the second Token ciphertext is obtained by encrypting the Token obtained by the client by using the server public key firstly and then performing secondary encryption by using the client private key.
And then the Token which is firstly encrypted by the public key of the server and then encrypted by the private key of the client can be carried when the client requests the server for information.
Step S140, decrypting the second Token ciphertext carried in the request information by using the client public key, and then decrypting by using the server private key to obtain the Token, and comparing the obtained Token with the Token stored in the server, if the obtained Token is the same as the server, returning the request data to the client, and if the obtained Token is not the same as the server, rejecting to return the data.
When the server receives the request information, the encrypted Token carried in the request information is decrypted by the client public key and then by the private key, the decrypted Token is compared with the Token recorded in the session, if the decrypted Token is the same as the Token recorded in the session, the client request information is returned, and if the decrypted Token is not the same as the Token recorded in the session, the client request information is rejected. So that the client does not need to enter a user name and password before Token expires.
Thus, even if someone intercepts Token, it cannot be directly used for transmitting to the server to obtain data. Meanwhile, more time is needed for decrypting and acquiring the real Token for the server to acquire the information, and the time may even exceed the Token valid time. This enhances the security of Token authentication.
Further, the method further comprises:
and generating a server public and private key pair, reserving a server private key and sending the server public key to the client. The server and the client have own public key and private key and send the public key of the other party.
Further, the method further comprises:
and regularly replacing the generated server public and private key pair.
At present, the commonly used asymmetric key is 2048 bits, and brute force cracking needs factorization, which takes 80 years with the traditional super computer. In 2019, the quantum computer with 2000 quantum bits is used for breaking for 8 hours, namely, as long as a user in an enterprise changes a key group with the server every 6 hours, the user can not break the key group at present even by using the most advanced quantum computer, and what is more, the key group is generally the traditional super computer, and the change once a year is basically enough to ensure the safety of the server.
According to the asymmetric encryption Token verification method provided by the embodiment of the invention, the system security is improved through the asymmetric encryption Token, when the client successfully logs in by using the user name and the password, and the Token is transmitted to the client by the server or the client requests data to the server to carry the Token, the Token cannot be directly used for requesting data even if intercepted, and the Token can only be used for requesting data from the server after a private key of a transmitting end and a public key of a receiving end are decrypted to obtain a real Token. Meanwhile, even if the user name and the password are not allowed to be input by the user, if the Token cannot be decrypted and encrypted correctly, the Token cannot be exempted from login authentication in subsequent data requests and used for Token authentication. And long time is needed for decrypting and acquiring the real Token for the server to acquire the information, so that the data security is effectively ensured.
In correspondence with the above-described embodiment, embodiment 2 of the present invention proposes a server, as shown in fig. 2, the server including:
the Token generation module 210 is configured to generate and store a Token after the client successfully logs in using the user name and the password;
the Token encryption module 220 encrypts Token by using the client public key, and then performs secondary encryption by using the server private key to obtain a first Token ciphertext, and the first Token ciphertext is sent to the client, so that the client receives the first Token ciphertext, decrypts by using the server public key, decrypts by using the client private key, and then acquires and stores Token;
the request receiving module 230 is configured to receive request information sent by the client, where the request information carries a second Token ciphertext, and the second Token ciphertext is obtained by encrypting, by the client, Token obtained by using the server public key first and then performing secondary encryption by using the client private key;
the Token verification module 240 is configured to decrypt the second Token ciphertext carried in the request information by using the client public key, then decrypt the second Token ciphertext by using the server private key to obtain a Token, compare the Token with the Token stored in the server, if the Token is the same as the server private key, return the request data to the client, and if the Token is not the same as the server private key, refuse to return the data.
The functions executed by each component in the server provided in the embodiment of the present invention have been described in detail in embodiment 1, and therefore, redundant description is not repeated here.
The server provided by the embodiment of the invention promotes the system security through the asymmetric encryption Token, when the client successfully logs in by using the user name and the password and the server transmits the Token to the client or the client requests the server for data carrying the Token, the Token cannot be directly used for requesting data even if intercepted, and the server can only request the data from the server after the private key of the sending end and the public key of the receiving end are decrypted to obtain the real Token. Meanwhile, even if the user name and the password are not allowed to be input by the user, if the Token cannot be decrypted and encrypted correctly, the Token cannot be exempted from login authentication in subsequent data requests and used for Token authentication. And long time is needed for decrypting and acquiring the real Token for the server to acquire the information, so that the data security is effectively ensured.
Embodiment 3 of the present invention provides an asymmetric encryption Token verification method, which is applied to a client, and as shown in fig. 3, the method includes:
step S310, logging in a server by using a user name and a password so as to generate and store a Token at the server after successful logging in;
step S320, receiving a first Token ciphertext sent by the server, wherein the first Token ciphertext is obtained by encrypting Token by using a client public key and then performing secondary encryption by using a server private key by the server;
step S330, after receiving the first Token ciphertext, decrypting by using the server public key, then decrypting by using the client private key, acquiring the Token and storing;
step S340, firstly encrypting the obtained Token by using the server public key, then carrying out secondary encryption by using the client private key to obtain a second Token ciphertext, and carrying the second Token ciphertext to send request information to the server, so that after receiving the request information, the server decrypts the second Token ciphertext carried in the request information by using the client public key, then decrypts the second Token ciphertext by using the server private key to obtain the Token, compares the obtained Token with the Token stored in the server, if the obtained Token is the same as the server stored Token, returns the request data to the client, and if the obtained Token is not the same as the server stored Token, refuses to return the data.
Further, the method further comprises:
and generating a client public and private key pair, reserving a client private key and sending the client public key to the server.
Further, the method further comprises:
and regularly replacing the generated client public and private key pair.
According to the asymmetric encryption Token verification method provided by the embodiment of the invention, the system security is improved through the asymmetric encryption Token, when the client successfully logs in by using the user name and the password, and the Token is transmitted to the client by the server or the client requests data to the server to carry the Token, the Token cannot be directly used for requesting data even if intercepted, and the Token can only be used for requesting data from the server after a private key of a transmitting end and a public key of a receiving end are decrypted to obtain a real Token. Meanwhile, even if the user name and the password are not allowed to be input by the user, if the Token cannot be decrypted and encrypted correctly, the Token cannot be exempted from login authentication in subsequent data requests and used for Token authentication. And long time is needed for decrypting and acquiring the real Token for the server to acquire the information, so that the data security is effectively ensured.
Corresponding to the above embodiments, embodiment 4 of the present invention provides a client, as shown in fig. 4, where the client includes:
the login module 410 is used for logging in the server by using a user name and a password so as to generate and store Token at the server after successful login;
the Token receiving module 420 is configured to receive a first Token ciphertext sent by the server, where the first Token ciphertext is obtained by using the client public key to encrypt the Token and then using the server private key to perform secondary encryption;
the Token decryption module 430 is configured to, after receiving the first Token ciphertext, decrypt the first Token ciphertext by using the server public key and then decrypt the first Token ciphertext by using the client private key to obtain a Token and store the Token;
the request sending module 440 is configured to encrypt the obtained Token with the server public key first, then encrypt the obtained Token with the client private key for the second time to obtain a second Token ciphertext, and send request information to the server with the second Token ciphertext, so that after the server receives the request information, the server decrypts the second Token ciphertext carried in the request information with the client public key first, then decrypts the second Token ciphertext with the server private key to obtain the Token, and compares the obtained Token with the Token stored in the server, if the obtained Token is the same as the server, the request data is returned to the client, and if the obtained Token is not the same as the server, the request data is rejected.
According to the client, the system security is improved through the asymmetric encryption Token, when the client successfully logs in by using a user name and a password and the server transmits the Token to the client or the client requests data to the server to carry the Token, the Token cannot be directly used for requesting data even if intercepted, and the Token can only be used for requesting data from the server after a private key of a sending end and a public key of a receiving end are decrypted to obtain a real Token. Meanwhile, even if the user name and the password are not allowed to be input by the user, if the Token cannot be decrypted and encrypted correctly, the Token cannot be exempted from login authentication in subsequent data requests and used for Token authentication. And long time is needed for decrypting and acquiring the real Token for the server to acquire the information, so that the data security is effectively ensured.
Corresponding to the above embodiments, embodiment 5 of the present invention provides an asymmetric encryption Token verification system, as shown in fig. 5, the system includes: a processor 510 and a memory 520;
In correspondence with the above-described embodiments, embodiment 6 of the present invention proposes a computer storage medium containing one or more program instructions for executing a Token authentication method applied to a server as described above or executing a Token authentication method applied to a client as described above.
Although the invention has been described in detail above with reference to a general description and specific examples, it will be apparent to one skilled in the art that modifications or improvements may be made thereto based on the invention. Accordingly, such modifications and improvements are intended to be within the scope of the invention as claimed.
Claims (10)
1. An asymmetric encryption Token verification method is applied to a server, and comprises the following steps:
after the client successfully logs in the server by using the user name and the password, generating and storing Token;
firstly encrypting the Token by using a client public key, then carrying out secondary encryption by using a server private key to obtain a first Token ciphertext, and sending the first Token ciphertext to the client, so that the client firstly decrypts the first Token ciphertext by using the server public key and then decrypts the first Token ciphertext by using a client private key to obtain the Token and stores the Token;
receiving request information sent by a client, wherein the request information carries a second Token ciphertext, and the second Token ciphertext is obtained by encrypting the Token obtained by the client by using a server public key firstly and then performing secondary encryption by using a client private key;
and decrypting the second Token ciphertext carried in the request information by using the client public key firstly and then decrypting by using the server private key to obtain the Token, comparing the obtained Token with the Token stored by the server, if the obtained Token is the same as the server public key, returning the request data to the client, and if the obtained Token is not the same as the server private key, refusing to return the data.
2. The asymmetric encryption Token authentication method as claimed in claim 1, further comprising:
and generating a server public and private key pair, reserving a server private key and sending the server public key to the client.
3. The asymmetric encryption Token authentication method as claimed in claim 2, further comprising:
and regularly replacing the generated server public and private key pair.
4. A server, characterized in that the server comprises:
the Token generation module is used for generating and storing a Token after the client successfully logs in by using the user name and the password;
the Token encryption module is used for encrypting the Token by using a client public key firstly and then carrying out secondary encryption by using a server private key to obtain a first Token ciphertext, and the first Token ciphertext is sent to the client, so that the client receives the first Token ciphertext, then decrypts the first Token ciphertext by using the server public key firstly and then decrypts the first Token ciphertext by using a client private key to obtain the Token and stores the Token;
the system comprises a request receiving module, a first Token cipher text generation module and a second Token cipher text generation module, wherein the request receiving module is used for receiving request information sent by a client, the request information carries the second Token cipher text, and the second Token cipher text is obtained by encrypting the Token obtained by the client by using a server public key firstly and then performing secondary encryption by using a client private key;
and the Token verification module is used for decrypting a second Token ciphertext carried in the request information by using a client public key firstly and then by using a server private key to obtain a Token, comparing the obtained Token with the Token stored by the server, if the obtained Token is the same as the server private key, returning the request data to the client, and if the obtained Token is not the same as the server private key, refusing to return the data.
5. An asymmetric encryption Token verification method is applied to a client, and comprises the following steps:
logging in a server by using a user name and a password so as to generate and store a Token at the server after successful logging in;
receiving a first Token ciphertext sent by a server, wherein the first Token ciphertext is obtained by encrypting the Token by using a client public key and then performing secondary encryption by using a server private key by the server;
after receiving the first Token ciphertext, firstly decrypting by using a server public key and then decrypting by using a client private key to obtain and store the Token;
the server public key is used for encrypting the obtained Token, the client private key is used for carrying out secondary encryption to obtain a second Token ciphertext, the second Token ciphertext is carried to send request information to the server, so that after the server receives the request information, the server decrypts the second Token ciphertext carried in the request information by using the client public key and then carries out decryption by using the server private key to obtain the Token, the obtained Token is compared with the Token stored in the server, if the obtained Token is the same as the server stored Token, request data are returned to the client, and if the obtained Token is different from the server stored Token, the data are refused to be returned.
6. The asymmetric encryption Token authentication method as claimed in claim 5, further comprising:
and generating a client public and private key pair, reserving a client private key and sending the client public key to the server.
7. The asymmetric encryption Token verification method of claim 6, further comprising:
and regularly replacing the generated client public and private key pair.
8. A client, the client comprising:
the login module is used for logging in the server by using the user name and the password so as to generate and store Token at the server after successful login;
the Token receiving module is used for receiving a first Token ciphertext sent by a server, wherein the first Token ciphertext is obtained by encrypting the Token by using a client public key and then performing secondary encryption by using a server private key by the server;
the Token decryption module is used for decrypting by using a server public key and then by using a client private key after receiving the first Token ciphertext to obtain and store the Token;
the request sending module is used for firstly encrypting the acquired Token by using the server public key and then carrying out secondary encryption by using the client private key to obtain a second Token ciphertext, carrying the second Token ciphertext to send request information to the server, so that after the server receives the request information, the server decrypts the second Token ciphertext carried in the request information by using the client public key and then carries out decryption by using the server private key to obtain the Token, compares the obtained Token with the Token stored by the server, returns the request data to the client if the obtained Token is the same as the server, and refuses to return the data if the obtained Token is different from the server.
9. An asymmetric encryption Token authentication system, the system comprising: a processor and a memory;
the memory is to store one or more program instructions;
the processor, configured to execute one or more program instructions to perform the method according to any one of claims 1-3 or to perform the method according to any one of claims 5-7.
10. A computer storage medium comprising one or more program instructions for performing the method of any one of claims 1-3 or for performing the method of any one of claims 5-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110004736.6A CN112787821A (en) | 2021-01-04 | 2021-01-04 | Asymmetric encryption Token verification method, server, client and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110004736.6A CN112787821A (en) | 2021-01-04 | 2021-01-04 | Asymmetric encryption Token verification method, server, client and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112787821A true CN112787821A (en) | 2021-05-11 |
Family
ID=75754003
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110004736.6A Pending CN112787821A (en) | 2021-01-04 | 2021-01-04 | Asymmetric encryption Token verification method, server, client and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112787821A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113438234A (en) * | 2021-06-24 | 2021-09-24 | 字极(上海)网络科技有限公司 | Network data security protection encryption method |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103001976A (en) * | 2012-12-28 | 2013-03-27 | 中国科学院计算机网络信息中心 | Safe network information transmission method |
| US20150381618A1 (en) * | 2014-06-27 | 2015-12-31 | Gerard Lin | Method of mutual verification between a client and a server |
| CN109150910A (en) * | 2018-10-11 | 2019-01-04 | 平安科技(深圳)有限公司 | Log in token generation and verification method, device and storage medium |
| CN111510282A (en) * | 2020-04-28 | 2020-08-07 | 刘佳 | Information encryption algorithm and device, information decryption algorithm and device and communication method |
| CN111510442A (en) * | 2020-04-08 | 2020-08-07 | 五八有限公司 | User verification method and device, electronic equipment and storage medium |
-
2021
- 2021-01-04 CN CN202110004736.6A patent/CN112787821A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103001976A (en) * | 2012-12-28 | 2013-03-27 | 中国科学院计算机网络信息中心 | Safe network information transmission method |
| US20150381618A1 (en) * | 2014-06-27 | 2015-12-31 | Gerard Lin | Method of mutual verification between a client and a server |
| CN109150910A (en) * | 2018-10-11 | 2019-01-04 | 平安科技(深圳)有限公司 | Log in token generation and verification method, device and storage medium |
| CN111510442A (en) * | 2020-04-08 | 2020-08-07 | 五八有限公司 | User verification method and device, electronic equipment and storage medium |
| CN111510282A (en) * | 2020-04-28 | 2020-08-07 | 刘佳 | Information encryption algorithm and device, information decryption algorithm and device and communication method |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113438234A (en) * | 2021-06-24 | 2021-09-24 | 字极(上海)网络科技有限公司 | Network data security protection encryption method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3661120B1 (en) | Method and apparatus for security authentication | |
| CN109347835B (en) | Information transmission method, client, server, and computer-readable storage medium | |
| EP2020797B1 (en) | Client-server Opaque token passing apparatus and method | |
| US8196186B2 (en) | Security architecture for peer-to-peer storage system | |
| US5892828A (en) | User presence verification with single password across applications | |
| US8082446B1 (en) | System and method for non-repudiation within a public key infrastructure | |
| US10250589B2 (en) | System and method for protecting access to authentication systems | |
| CN107920052B (en) | Encryption method and intelligent device | |
| CN111030814A (en) | Key negotiation method and device | |
| CN109684129B (en) | Data backup recovery method, storage medium, encryption machine, client and server | |
| EP2414983B1 (en) | Secure Data System | |
| CN114244508A (en) | Data encryption method, device, equipment and storage medium | |
| CN110519222B (en) | External network access identity authentication method and system based on disposable asymmetric key pair and key fob | |
| CN110912857B (en) | Method and storage medium for sharing login between mobile applications | |
| CN112787821A (en) | Asymmetric encryption Token verification method, server, client and system | |
| CN110086627B (en) | Quantum communication service station key negotiation method and system based on asymmetric key pool pair and time stamp | |
| Ozha | Kerberos: An Authentication Protocol | |
| CN113271306B (en) | Data request and transmission method, device and system | |
| CN116074129B (en) | Login method and system integrating and compatible with third party authentication | |
| US20240171380A1 (en) | Methods and devices for authentication | |
| CN113037686B (en) | Multi-database secure communication method and system, computer readable storage medium | |
| Corella et al. | Strong and convenient multi-factor authentication on mobile devices | |
| Arora | Hardening Kerberos Authentication Using Honeywords | |
| Tarawneh et al. | Secure Exam Storage Using RSA public key encryption | |
| Khaleel | Review of Network Authentication Based on Kerberos Protocol. |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210511 |
|
| RJ01 | Rejection of invention patent application after publication |