CN113596839A - Safe and reliable flow authentication method free of directional access flow - Google Patents
Safe and reliable flow authentication method free of directional access flow Download PDFInfo
- Publication number
- CN113596839A CN113596839A CN202110868826.XA CN202110868826A CN113596839A CN 113596839 A CN113596839 A CN 113596839A CN 202110868826 A CN202110868826 A CN 202110868826A CN 113596839 A CN113596839 A CN 113596839A
- Authority
- CN
- China
- Prior art keywords
- flow
- user
- user terminal
- free
- dynamic
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 37
- 238000012795 verification Methods 0.000 claims abstract description 16
- 238000004364 calculation method Methods 0.000 claims description 5
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000002427 irreversible effect Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/068—Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/041—Key generation or derivation
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a safe and reliable flow authentication method without directional access, which comprises the steps that a user terminal registers to a server and applies for accessing a flow-free service, the user terminal generates a dynamic user name and a dynamic password containing timestamp information and sends the user name and the dynamic password to the server, the server receives and verifies the dynamic user name and the dynamic password, and after the verification is passed, a requested flow-free destination address is sent to the server; the server receives and checks the destination address sent by the user terminal, the check is passed, the server distributes a routing channel to the user terminal, and the user terminal enters a user routing state at the moment. The invention verifies the dynamic user name and the dynamic password of the timestamp information contained in the user terminal by the server side so as to distribute the flow-free channel, thereby solving the problem of flow stealing caused by head data counterfeiting, ensuring the flow-free rights and interests of the user and improving the network service experience.
Description
Technical Field
The invention relates to the technical field of a directional access flow-free flow authentication method, in particular to a safe and reliable directional access flow-free flow authentication method.
Background
At present, in a general flow-free processing process, an account verification identifier is added to a header message in data packet transmission at a user terminal, and if a server verifies that the identifier feature is correct, the request does not enter a flow charging system for accounting. Generally, the transmission mode is easy to steal and forge the related characteristic identification, so that the traffic of the user is stolen and the rights and interests of the user are violated.
Disclosure of Invention
The invention aims to solve the defects in the prior art and provides a safe and reliable stream-free authentication method.
In order to achieve the purpose, the invention adopts the following technical scheme: a safe and reliable flow authentication method for directional access flow-free, which comprises the following steps:
step S1: the user registers to the server through the flow-free application program of the user terminal and applies for accessing the flow-free service, submits a requested flow-free destination address list, and acquires and stores the terminal number and the corresponding private key information distributed by the server after the registration is passed.
Step S2, the user opens the application program of exempting from to flow, load the user information and information of exempting from to flow the package;
step S3, the application program generates dynamic user name and dynamic password containing time stamp information, and sends the user name and dynamic password to the server, at this time, the user terminal enters into user authentication state;
step S4, the server receives and verifies the dynamic user name and the dynamic password, the verification is passed, and the verification success mark is sent to the user terminal, at this time, the user terminal enters the user request state;
step S5, the user terminal sends the request flow-free destination address to the server terminal after receiving the verification success mark sent by the server terminal;
and step S6, the server receives and checks the destination address sent by the user terminal, the check is passed, the server distributes a routing channel to the user terminal, and the user terminal enters a user routing state.
Preferably, the flow-free package information includes a threshold parameter, the secure and reliable flow-free authentication method further includes the step of the server side counting flow-free generated by the user terminal in real time, comparing the flow-free with the threshold, interrupting a routing channel allocated to the user terminal if the statistical value of the flow-free is equal to or greater than the threshold, and the user terminal enters a user prohibition state at this time.
Preferably, the step S3 further includes a method for generating a dynamic username and a dynamic password, where the method for generating a dynamic username and a dynamic password includes the following steps:
step S31: acquiring a mobile phone number of a user;
step S32: the acquired timestamp information is taken from the number of seconds counted from 1/1970;
step S33, splicing the mobile phone number and the terminal number with the timestamp information to form a first character string, and using the first character string as a dynamic user name; and splicing the private key information stored in the step S1 with the timestamp information to form a second character string, generating a 32-bit character string information from the second character string through an MD5 algorithm, and using the character string information as a dynamic password.
Preferably, the step S4 further includes a method for the server to authenticate the dynamic username and the dynamic password, where the method includes the following steps:
step S41: separating the dynamic user name from the terminal number, the mobile phone number and the timestamp information from the dynamic user name and the dynamic password reported by the user terminal
Step S42: and taking out the corresponding private key information when the terminal number is registered from the registered private key library of the server side, splicing the character strings according to the timestamp information of the step S41, calculating by using an MD5 algorithm, and according to the characteristics that the calculation result is the same and the result is not reducible according to the same content of the MD5 algorithm, if the calculation result is consistent with the password obtained in the step S41, successfully verifying, replying a successful state mark to the user terminal, waiting for the user terminal to report a request destination address, and if the verification fails, indicating that the received information of the dynamic user name is tampered.
Preferably, the step S6 further includes a directional access intercepting method for performing directional access interception on the non-permitted destination address, where the directional access intercepting method includes the following steps:
step S61: acquiring destination address information requested by a user, wherein the destination address information comprises a domain name or an IP address and a port number;
step 62: according to the address list of the submitted request obtained from the information registered by the user terminal in the step S1, using a regular expression to carry out matching verification, if the matching is passed, distributing a flow-free channel, and simultaneously replying a successful state mark to the user terminal, wherein the user terminal enters a routing state; if the matching is not passed, the forbidden state mark is replied to the user terminal, and the user terminal keeps the original request state unchanged.
The invention has the following beneficial effects:
the invention verifies the dynamic user name and the dynamic password of the timestamp information contained in the user terminal through the server side so as to distribute the flow-free channel, thereby solving the problem of flow stealing caused by head data counterfeiting, ensuring the flow-free rights and interests of the user and improving the network service experience.
Drawings
FIG. 1 is a flow chart of a secure and reliable flow-free authentication method for directional access according to the present invention;
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1, the invention provides a secure and reliable authentication method for directed access flow-free traffic, which includes the following steps:
step S1: the user registers to the server through the flow-free application program of the user terminal and applies for accessing the flow-free service, submits a requested flow-free destination address list, and acquires and stores the terminal number and the corresponding private key information distributed by the server after the registration is passed.
Step S2, the user opens the application program of exempting from to flow, load the user information and information of exempting from to flow the package;
step S3, the flow-free application program generates a dynamic user name and a dynamic password, wherein the dynamic user name and the dynamic password both contain timestamp information and send the user name and the dynamic password to the server, and the user terminal enters a user authentication state at the moment;
the method for generating the dynamic user name and the dynamic password comprises the following steps:
step S31: acquiring a mobile phone number of a user;
step S32: the acquired timestamp information is taken from the number of seconds counted from 1/1970;
step S33, splicing the mobile phone number and the terminal number with the timestamp information to form a first character string, and using the first character string as a dynamic user name; and splicing the private key information stored in the step S1 with the timestamp information to form a second character string, generating a 32-bit character string information from the second character string through an MD5 algorithm, and using the character string information as a dynamic password. According to different timestamp information, the passwords generated every time are different, and the real private key information of the user is effectively protected from being stolen. The design mainly solves the problem of user-centered authentication, namely, the problem that identification is not carried out on a data header in the prior art, and a password is checked through irreversible MD5 operation, so that real-time elements of timestamp information are added, and the traffic of a user cannot be stolen immediately.
Step S4, the server receives and verifies the dynamic user name and the dynamic password, the verification is passed, and the verification success mark is sent to the user terminal, at this time, the user terminal enters the user request state;
the method for verifying the dynamic user name and the dynamic password by the server comprises the following steps: step S41: separating the dynamic user name into terminal number, mobile phone number and timestamp information from the dynamic user name and dynamic password reported by the user terminal
Step S42: and taking out the corresponding private key information when the terminal number is registered from the registered private key library of the server, splicing the character strings according to the timestamp information of the step S41, calculating by using an MD5 algorithm, calculating according to the same content of the MD5 abstract algorithm, wherein the result is the same and the result is irreproducible, if the calculation result is consistent with the password obtained by the step S41, successfully verifying, replying a successful state mark to the user terminal, waiting for the user terminal to report a request destination address, otherwise, failing to verify, indicating that the received information of the dynamic user name is tampered, replying a refusal state mark to the user terminal, and if refusal states occur for many times, the user terminal locks and informs the user to apply for unlocking or reset the private key information.
Step S5, the user terminal sends the request flow-free destination address to the server terminal after receiving the verification success mark sent by the server terminal;
and step S6, the server receives and checks the destination address sent by the user terminal, the check is passed, the server distributes a routing channel to the user terminal, and the user terminal enters a user routing state. The server side counts the flow-free flow generated by the user terminal in real time, the flow-free package information includes a threshold parameter, the flow-free flow counted by the server side in real time is compared with the threshold, if the statistical value of the flow-free flow is equal to or larger than the threshold, the routing channel distributed to the user terminal is interrupted, and the user terminal enters a user forbidden state at the moment.
The method for verifying the destination address sent by the user terminal by the service end comprises a directional access interception method for performing directional access interception on a non-permitted destination address, wherein the directional access interception method comprises the following steps:
step S61: acquiring destination address information requested by a user, wherein the destination address information comprises a domain name or an IP address and a port number;
step 62: according to the address list of the submitted request obtained from the information registered by the user terminal in the step S1, using a regular expression to carry out matching verification, if the matching is passed, distributing a flow-free channel, and simultaneously replying a successful state mark to the user terminal, wherein the user terminal enters a routing state; if the matching is not passed, the forbidden state mark is replied to the user terminal, and the user terminal keeps the original request state unchanged. The subtlety of the method is that the interception and prejudgment can be carried out according to the destination address requested by the user, and the method is an important index in the directional flow-free application.
The user terminal in the present invention is a device capable of executing program codes, including but not limited to computer and mobile phone devices. The server side is a device capable of executing program codes, and includes, but is not limited to, a computer, a server host, a cloud service and the like.
Finally, it should be noted that: although the present invention has been described in detail with reference to the foregoing embodiments, it will be apparent to those skilled in the art that modifications may be made to the embodiments described above, or equivalent substitutions and modifications may be made to some features of the embodiments described above, and any modifications, equivalents, improvements, etc. within the spirit and principle of the present invention should be included in the scope of the present invention.
Claims (5)
1. A safe and reliable flow authentication method without directional access flow is characterized in that: the method comprises the following steps:
step S1: a user registers to a server through a flow-free application program of a user terminal and applies for accessing a flow-free service, submits a requested flow-free destination address list, and acquires and stores a terminal number and corresponding private key information distributed by the server after the registration is passed;
step S2, the user opens the application program of exempting from to flow, load the user information and information of exempting from to flow the package;
step S3, the application program generates dynamic user name and dynamic password containing time stamp information, and sends the user name and dynamic password to the server, at this time, the user terminal enters into user authentication state;
step S4, the server receives and verifies the dynamic user name and the dynamic password, the verification is passed, and the verification success mark is sent to the user terminal, at this time, the user terminal enters the user request state;
step S5, the user terminal sends the requested destination address of the flow-free to the server terminal after receiving the verification success mark sent by the server terminal;
and step S6, the server receives and checks the destination address sent by the user terminal, the check is passed, the server distributes a routing channel to the user terminal, and the user terminal enters a user routing state at the moment.
2. The secure and reliable directed traffic flow-free authentication method according to claim 1, wherein: the flow-free package information comprises a threshold parameter, the safe and reliable flow-free authentication method comprises the steps that the server side counts flow-free flow generated by the user terminal in real time, the flow-free flow is compared with the threshold, if the statistic value of the flow-free flow is equal to or larger than the threshold, a routing channel distributed to the user terminal is interrupted, and the user terminal enters a user forbidden state at the moment.
3. The secure and reliable stream-free authentication method according to claim 1, wherein: the step S3 further includes a method for generating a dynamic user name and a dynamic password, where the method for generating a dynamic user name and a dynamic password includes the following steps:
step S31: acquiring a mobile phone number of a user;
step S32: the acquired timestamp information is taken from the number of seconds counted from 1/1970;
step S33, splicing the mobile phone number and the terminal number with the timestamp information to form a first character string, and using the first character string as a dynamic user name; and splicing the private key information stored in the step S1 and the timestamp information to form a second character string, generating a third character string containing 32 bits by the second character string through an MD5 algorithm, and taking the third character string as a dynamic password.
4. The secure and reliable stream-free authentication method according to claim 1, wherein: the step S4 further includes a method for verifying the dynamic user name and the dynamic password by the server, where the method includes the following steps:
step S41: separating the dynamic user name into terminal number, mobile phone number and timestamp information from the dynamic user name and dynamic password reported by the user terminal
Step S42: and taking out the corresponding private key information when the terminal number is registered from the registered private key library of the server side, splicing the character strings according to the timestamp information of the step S41, calculating by using an MD5 algorithm, calculating according to the characteristics that the same content of the MD5 algorithm has the same calculation result and the result is not recoverable, if the calculation result is consistent with the password obtained by the step S41, successfully verifying, replying a successful state mark to the user terminal, waiting for the user terminal to report a request destination address, and if the verification fails, indicating that the received information of the dynamic user name is tampered, replying a refused state mark to the user terminal.
5. The secure and reliable flow-free directional traffic authentication method according to claim 1, wherein: the step S6 further includes a directional access intercepting method for performing directional access interception on the non-permitted destination address, where the directional access intercepting method includes the following steps:
step S61: acquiring destination address information requested by a user, wherein the destination address information comprises a domain name or an IP address and a port number;
step 62: according to the destination address list of the submitted request obtained from the information registered by the user terminal in the step S1, using a regular expression to carry out matching verification, if the matching is passed, distributing a flow-free channel, and simultaneously replying a successful state mark to the user terminal, wherein the user terminal enters a routing state; if the matching is not passed, the forbidden state mark is replied to the user terminal, and the user terminal keeps the original request state unchanged.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110868826.XA CN113596839A (en) | 2021-07-30 | 2021-07-30 | Safe and reliable flow authentication method free of directional access flow |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110868826.XA CN113596839A (en) | 2021-07-30 | 2021-07-30 | Safe and reliable flow authentication method free of directional access flow |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113596839A true CN113596839A (en) | 2021-11-02 |
Family
ID=78252275
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110868826.XA Pending CN113596839A (en) | 2021-07-30 | 2021-07-30 | Safe and reliable flow authentication method free of directional access flow |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113596839A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116016284A (en) * | 2022-12-09 | 2023-04-25 | 中国联合网络通信集团有限公司 | Data analysis method, device, electronic equipment and storage medium |
| CN117041899A (en) * | 2023-10-10 | 2023-11-10 | 联通在线信息科技有限公司 | Edge authentication streaming-free metering method and device, electronic equipment and storage medium |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102624740A (en) * | 2012-03-30 | 2012-08-01 | 奇智软件(北京)有限公司 | Data interaction method, client and server |
| CN107171789A (en) * | 2017-04-20 | 2017-09-15 | 努比亚技术有限公司 | A kind of safe login method, client device and server |
| CN107612889A (en) * | 2017-08-23 | 2018-01-19 | 四川长虹电器股份有限公司 | The method for preventing user profile from revealing |
| CN109450649A (en) * | 2018-12-28 | 2019-03-08 | 北京金山安全软件有限公司 | Gateway verification method and device based on application program interface and electronic equipment |
| US20190238598A1 (en) * | 2018-01-29 | 2019-08-01 | Oracle International Corporation | Dynamic client registration for an identity cloud service |
| CN111836320A (en) * | 2020-07-23 | 2020-10-27 | 闻泰通讯股份有限公司 | Control method and device for switching Sim cards, mobile terminal and storage medium |
-
2021
- 2021-07-30 CN CN202110868826.XA patent/CN113596839A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102624740A (en) * | 2012-03-30 | 2012-08-01 | 奇智软件(北京)有限公司 | Data interaction method, client and server |
| CN107171789A (en) * | 2017-04-20 | 2017-09-15 | 努比亚技术有限公司 | A kind of safe login method, client device and server |
| CN107612889A (en) * | 2017-08-23 | 2018-01-19 | 四川长虹电器股份有限公司 | The method for preventing user profile from revealing |
| US20190238598A1 (en) * | 2018-01-29 | 2019-08-01 | Oracle International Corporation | Dynamic client registration for an identity cloud service |
| CN109450649A (en) * | 2018-12-28 | 2019-03-08 | 北京金山安全软件有限公司 | Gateway verification method and device based on application program interface and electronic equipment |
| CN111836320A (en) * | 2020-07-23 | 2020-10-27 | 闻泰通讯股份有限公司 | Control method and device for switching Sim cards, mobile terminal and storage medium |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116016284A (en) * | 2022-12-09 | 2023-04-25 | 中国联合网络通信集团有限公司 | Data analysis method, device, electronic equipment and storage medium |
| CN116016284B (en) * | 2022-12-09 | 2024-05-28 | 中国联合网络通信集团有限公司 | Data analysis method, device, electronic equipment and storage medium |
| CN117041899A (en) * | 2023-10-10 | 2023-11-10 | 联通在线信息科技有限公司 | Edge authentication streaming-free metering method and device, electronic equipment and storage medium |
| CN117041899B (en) * | 2023-10-10 | 2024-02-09 | 联通在线信息科技有限公司 | Edge authentication streaming-free metering method and device, electronic equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107579991B (en) | Method for performing cloud protection authentication on client, server and client | |
| CN106230851B (en) | Data security method and system based on block chain | |
| CN101183932B (en) | Security identification system of wireless application service and login and entry method thereof | |
| CN109413000B (en) | Anti-stealing-link method and anti-stealing-link network relation system | |
| CN112000951B (en) | Access method, device, system, electronic equipment and storage medium | |
| CN109309565A (en) | A kind of method and device of safety certification | |
| CN107453878A (en) | A kind of method for supporting the anti-tamper anti-replays of REST API | |
| CN104717192A (en) | Validity verification method and intermediate server | |
| CN103905194B (en) | Identity traceability authentication method and system | |
| CN107124431A (en) | Method for authenticating, device, computer-readable recording medium and right discriminating system | |
| CN103532963A (en) | IOT (Internet of Things) based equipment authentication method, device and system | |
| CN113596839A (en) | Safe and reliable flow authentication method free of directional access flow | |
| US9332432B2 (en) | Methods and system for device authentication | |
| CN108282779A (en) | Incorporate Information Network low time delay anonymous access authentication method | |
| CN113595985A (en) | Internet of things security cloud platform implementation method based on state cryptographic algorithm security chip | |
| CN110943840B (en) | Signature verification method | |
| CN112968910B (en) | Replay attack prevention method and device | |
| CN112688919A (en) | APP interface-based crawler-resisting method, device and medium | |
| CN106411948A (en) | Json verification code-based security authentication interception method | |
| CN112448930A (en) | Account registration method, device, server and computer readable storage medium | |
| CN110572392A (en) | Identity authentication method based on HyperLegger network | |
| CN112039857B (en) | Calling method and device of public basic module | |
| CN111371811B (en) | Resource calling method, resource calling device, client and service server | |
| CN106850592B (en) | A kind of information processing method, server and terminal | |
| CN109145543B (en) | Identity authentication method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |