CN113765887A - HTTP server data confirmation method - Google Patents

HTTP server data confirmation method Download PDF

Info

Publication number
CN113765887A
CN113765887A CN202110892779.2A CN202110892779A CN113765887A CN 113765887 A CN113765887 A CN 113765887A CN 202110892779 A CN202110892779 A CN 202110892779A CN 113765887 A CN113765887 A CN 113765887A
Authority
CN
China
Prior art keywords
authentication
request
key
verification
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN202110892779.2A
Other languages
Chinese (zh)
Inventor
王伟任
谭鑫
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wanhang Star Technology Development Co ltd
Original Assignee
Wanhang Star Technology Development Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wanhang Star Technology Development Co ltd filed Critical Wanhang Star Technology Development Co ltd
Priority to CN202110892779.2A priority Critical patent/CN113765887A/en
Publication of CN113765887A publication Critical patent/CN113765887A/en
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • General Health & Medical Sciences (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The invention discloses a data confirmation method of an HTTP server, which comprises the steps of respectively constructing request information of password verification and voice verification, wherein the request information comprises a request head and a request body; generating a first key and storing the first key in a request header; encrypting the request body according to the first key, generating an encrypted request body and replacing the request body; carrying out identity authentication on the encryption request body and generating an identity authentication request body; storing the generated identity authentication request body in a request header; the method for transmitting the request information of password verification and voice verification to the server increases the technical difficulty of data cracking in data interaction of the HTTP server and improves the safety of data transmission.

Description

HTTP server data confirmation method
Technical Field
The invention relates to the technical field of data confirmation, in particular to a data confirmation method of an HTTP server.
Background
At present, in the development of the internet, the connection between the devices is more and more tight, and the security problem existing in the data transmission process between the devices is more and more concerned.
At present, two methods are mainly adopted in the market to solve the problem of data transmission between devices, one is to use http (hypertext transfer protocol) encryption to carry out data interaction; the other method is to use an http (hypertext transfer protocol security) mode for data interaction, http adopts plaintext transmission, and insecurity exists in the transmission process, which easily causes leakage of transmission data.
Disclosure of Invention
The invention aims to provide a data confirmation method for an HTTP server, and aims to solve the technical problems that in the prior art, HTTP adopts plaintext transmission, insecurity exists in the transmission process, and leakage of transmission data is easily caused.
In order to achieve the above object, the present invention employs a HTTP server data validation method, comprising the steps of,
respectively constructing request information of password authentication and voice authentication, wherein the request information comprises a request head and a request body;
generating a first key and storing the first key in a request header;
encrypting the request body according to the first key, generating an encrypted request body and replacing the request body;
carrying out identity authentication on the encryption request body and generating an identity authentication request body;
storing the generated identity authentication request body in a request header;
and transmitting the request information of password authentication and voice authentication to the server.
Wherein, in "respectively constructing request information for password authentication and voice authentication, the request information including a request header and a request body", the method further comprises,
setting letter and number verification passwords, and limiting the times of the verification passwords;
setting voice verification information and limiting the times of the verification information;
and sequencing the verification password and the voice verification information.
Wherein in the 'setting an alphanumeric authentication password and defining the number of times of the authentication password', the method further comprises,
the alphanumeric authentication code includes a fixed encryption key and a random encryption key.
Wherein, in the 'authenticating the encryption requester and generating the authentication requester', the method further comprises,
signing the user authentication public key by using the verification private key;
sending the authentication key certificate and the equipment authentication key certificate to an identity authentication server;
verifying the signature data by using the equipment verification public key;
the user information is stored in the request header together with the user authentication key.
Wherein, before "signing the user authentication key using the verification secret key", the method further comprises,
and generating a user authentication public and private key pair during user registration, and storing the user authentication private key in the user equipment.
Wherein, in storing the user information together with the user authentication key in the request header, the method further comprises,
acquiring an encryption request body in the current request information, and performing signature authentication on the encryption request body to generate a signature authentication request body;
and judging whether the generated signature authentication request body is the same as the signature authentication request body in the current request information or not, thereby judging whether the signature verification passes or not.
Wherein in the step of determining whether the generated signature authentication requester is identical to the signature authentication requester in the current request message, thereby determining whether the signature verification passes, the method further comprises,
and when the generated signature authentication request body is the same as the signature authentication request body in the current request information, the signature verification is passed, the current request information is responded, if not, the signature verification fails, and the client is informed of the signature verification result.
The invention discloses a data confirmation method of an HTTP server, which comprises the steps of respectively constructing request information of password verification and voice verification, wherein the request information comprises a request head and a request body; generating a first key and storing the first key in a request header; encrypting the request body according to the first key, generating an encrypted request body and replacing the request body; carrying out identity authentication on the encryption request body and generating an identity authentication request body; storing the generated identity authentication request body in a request header; the method for transmitting the request information of password verification and voice verification to the server increases the technical difficulty of data cracking in data interaction of the HTTP server and improves the safety of data transmission.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a flowchart of an HTTP server data validation method of the present invention.
Fig. 2 is a flow chart of the present invention for constructing request information for password authentication and voice authentication, respectively, the request information including a request header and a request body.
Fig. 3 is a flow chart of the present invention for authenticating an encrypted requestor and generating an authentication requestor.
Fig. 4 is a flow chart of the present invention for storing user information in a request header along with a user authentication key.
Detailed Description
Reference will now be made in detail to embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the drawings are illustrative and intended to be illustrative of the invention and are not to be construed as limiting the invention.
In the description of the present invention, it is to be understood that the terms "length", "width", "upper", "lower", "front", "rear", "left", "right", "vertical", "horizontal", "top", "bottom", "inner", "outer", and the like, indicate orientations or positional relationships based on the orientations or positional relationships illustrated in the drawings, and are used merely for convenience in describing the present invention and for simplicity in description, and do not indicate or imply that the devices or elements referred to must have a particular orientation, be constructed in a particular orientation, and be operated, and thus, are not to be construed as limiting the present invention. Further, in the description of the present invention, "a plurality" means two or more unless specifically defined otherwise.
Referring to fig. 1 to 4, the present invention provides a method for data validation of an HTTP server, including the following steps,
s101: respectively constructing request information of password authentication and voice authentication, wherein the request information comprises a request head and a request body;
s1011: setting letter and number verification passwords and limiting the times of the verification passwords, wherein the letter and number verification passwords comprise a fixed encryption key and a random encryption key;
s1012: setting voice verification information and limiting the times of the verification information;
s1013: sequencing the verification password and the voice verification information;
s102: generating a first key and storing the first key in a request header;
in this embodiment, the manner of obtaining the encryption key includes a method of obtaining a fixed encryption key or a random encryption key, and a more preferable method is to obtain the random encryption key, and encrypting the original data by using the random encryption key can increase the difficulty of decryption, thereby further ensuring the security of data transmission.
S103: encrypting the request body according to the first key, generating an encrypted request body and replacing the request body;
in this embodiment, the method for encrypting the request body according to the secret key, generating the encrypted request body and replacing the request body may use a symmetric encryption method including encryption algorithms such as gsm encryption algorithm, RSA encryption algorithm, RKI encryption algorithm, and DES encryption algorithm.
S104: carrying out identity authentication on the encryption request body and generating an identity authentication request body;
s1041: generating a user authentication public-private key pair during user registration, and storing a user authentication private key in user equipment;
s1042: signing the user authentication public key by using the verification private key;
s1043: sending the authentication key certificate and the equipment authentication key certificate to an identity authentication server;
s1044: verifying the signature data by using the equipment verification public key;
s1045: storing the user information and the user authentication key in a request header;
s10451: acquiring an encryption request body in current request information, performing signature authentication on the encryption request body to generate a signature authentication request body, acquiring an encryption key in a request header in the current request information, decrypting the encryption request body according to the encryption key, and responding to the current request information according to decrypted data;
s10452: and judging whether the generated signature authentication request body is the same as the signature authentication request body in the current request information or not, if so, responding to the current request information if the generated signature authentication request body is the same as the signature authentication request body in the current request information, and if not, notifying the client of the signature authentication result if the signature authentication request body is failed to be verified.
S1046: returning the user certificate to the identity authentication server for storage;
in this embodiment, the user equipment submits a user name and other necessary user data to the application provider through the APP, and applies for starting the UAF registration program. And after receiving the user request, the application provider server sends a registration application to the UAF client in the intelligent equipment through the user application. After receiving the registration application, the UAF client calls a UAF identity authenticator through an application interface and provides a local confirmation mode supported by the equipment for the user to select and confirm; after user confirmation, the UAF identity authenticator generates a new public and private key pair. The UAF identity authenticator herein may be any kind of biometric information recognition device, including but not limited to known fingerprint recognition device, face recognition module, iris recognition module, voice recognition device, etc.
After a user obtains an intelligent terminal (such as a mobile phone) supporting a UAF protocol, the user needs to input user biological feature identification information on equipment to complete local authentication as in daily use. For example, fingerprint information of a user is collected by a fingerprint identification module, voice information of the user is collected by a microphone, or face or iris information of the user is collected by a camera, so that authentication information between the user and the equipment is collected and stored in a security unit of the equipment.
The user authentication process can be realized by referring to the existing FIDO standard, in the authentication process, an identity authentication client (namely user equipment) initiates an initial identity authentication request to an identity authentication server, the server generates a random challenge value to the client, the client unlocks a UAK private key and signs the challenge value through a fingerprint or iris recognition and other biological characteristic information recognition means, the random challenge value and the signature are sent to the server, and the server verifies the signature by using the user public key certificate and returns a verification result. And if the signature passes the verification, executing corresponding electronic transaction operation.
S105: storing the generated identity authentication request body in a request header;
s106: and transmitting the request information of password authentication and voice authentication to the server.
In this embodiment, the method for the server to decrypt the encrypted data according to the encryption key to obtain the original data corresponds to the method for the client to encrypt the original data by using the encryption key, for example, the client uses the DES algorithm for encryption, and the server uses the DES algorithm for decryption.
While the invention has been described with reference to a preferred embodiment, it will be understood by those skilled in the art that various changes in form and detail may be made therein without departing from the spirit and scope of the invention as defined by the appended claims.

Claims (7)

1. A HTTP server data confirmation method is characterized by comprising the following steps,
respectively constructing request information of password authentication and voice authentication, wherein the request information comprises a request head and a request body;
generating a first key and storing the first key in a request header;
encrypting the request body according to the first key, generating an encrypted request body and replacing the request body;
carrying out identity authentication on the encryption request body and generating an identity authentication request body;
storing the generated identity authentication request body in a request header;
and transmitting the request information of password authentication and voice authentication to the server.
2. The HTTP server data confirmation method of claim 1, wherein in "request information of password authentication and voice authentication is constructed separately, the request information including a request header and a request body", the method further comprises,
setting letter and number verification passwords, and limiting the times of the verification passwords;
setting voice verification information and limiting the times of the verification information;
and sequencing the verification password and the voice verification information.
3. The HTTP server data confirmation method of claim 2, wherein in setting the authentication password of letters and numbers and defining the number of times of the authentication password, the method further comprises,
the alphanumeric authentication code includes a fixed encryption key and a random encryption key.
4. The HTTP server data validation method of claim 1, wherein, in authenticating the encrypted requestor and generating the authentication requestor, the method further comprises,
signing the user authentication public key by using the verification private key;
sending the authentication key certificate and the equipment authentication key certificate to an identity authentication server;
verifying the signature data by using the equipment verification public key;
the user information is stored in the request header together with the user authentication key.
5. The HTTP server data validation method of claim 4, wherein, prior to "signing the user authentication key with the verification private key", the method further comprises,
and generating a user authentication public and private key pair during user registration, and storing the user authentication private key in the user equipment.
6. The HTTP server data validation method of claim 4, wherein in "store user information in a request header with a user authentication key", the method further comprises,
acquiring an encryption request body in the current request information, and performing signature authentication on the encryption request body to generate a signature authentication request body;
and judging whether the generated signature authentication request body is the same as the signature authentication request body in the current request information or not, thereby judging whether the signature verification passes or not.
7. The HTTP server data validation method of claim 6, wherein in determining whether the generated signed authentication requester is identical to the signed authentication requester in the current request message, thereby determining whether the signature verification passes, the method further comprises,
and when the generated signature authentication request body is the same as the signature authentication request body in the current request information, the signature verification is passed, the current request information is responded, if not, the signature verification fails, and the client is informed of the signature verification result.
CN202110892779.2A 2021-08-04 2021-08-04 HTTP server data confirmation method Withdrawn CN113765887A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110892779.2A CN113765887A (en) 2021-08-04 2021-08-04 HTTP server data confirmation method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110892779.2A CN113765887A (en) 2021-08-04 2021-08-04 HTTP server data confirmation method

Publications (1)

Publication Number Publication Date
CN113765887A true CN113765887A (en) 2021-12-07

Family

ID=78788695

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110892779.2A Withdrawn CN113765887A (en) 2021-08-04 2021-08-04 HTTP server data confirmation method

Country Status (1)

Country Link
CN (1) CN113765887A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116866093A (en) * 2023-09-05 2023-10-10 鼎铉商用密码测评技术(深圳)有限公司 Identity authentication method, identity authentication device, and readable storage medium

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116866093A (en) * 2023-09-05 2023-10-10 鼎铉商用密码测评技术(深圳)有限公司 Identity authentication method, identity authentication device, and readable storage medium
CN116866093B (en) * 2023-09-05 2024-01-05 鼎铉商用密码测评技术(深圳)有限公司 Identity authentication method, identity authentication device, and readable storage medium

Similar Documents

Publication Publication Date Title
US20210367795A1 (en) Identity-Linked Authentication Through A User Certificate System
CN110380852B (en) Bidirectional authentication method and communication system
US9338163B2 (en) Method using a single authentication device to authenticate a user to a service provider among a plurality of service providers and device for performing such a method
US8615663B2 (en) System and method for secure remote biometric authentication
US20190173873A1 (en) Identity verification document request handling utilizing a user certificate system and user identity document repository
CN109150548B (en) Digital certificate signing and signature checking method and system and digital certificate system
CN106664208B (en) System and method for establishing trust using secure transport protocol
WO2017032263A1 (en) Identity authentication method and apparatus
WO2018090183A1 (en) Identity authentication method, terminal device, authentication server and electronic device
US20100042848A1 (en) Personalized I/O Device as Trusted Data Source
US20060262929A1 (en) Method and system for identifying the identity of a user
US20070050618A1 (en) Method and apparatus for user authentication
US20050287985A1 (en) Using a portable security token to facilitate public key certification for devices in a network
JP2018038068A (en) Method for confirming identification information of user of communication terminal and related system
US8397281B2 (en) Service assisted secret provisioning
CN111552935B (en) Block chain data authorized access method and device
CN111935712A (en) Data transmission method, system and medium based on NB-IoT communication
US11777743B2 (en) Method for securely providing a personalized electronic identity on a terminal
CN109361681B (en) Method, device and equipment for authenticating national secret certificate
CN112020716A (en) Remote biometric identification
CN107070918B (en) A kind of network application login method and system
CN114362946B (en) Key agreement method and system
CN114331456A (en) Communication method, device, system and readable storage medium
RU2698424C1 (en) Authorization control method
CN112583588B (en) Communication method and device and readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication

Application publication date: 20211207

WW01 Invention patent application withdrawn after publication