CN113765887A - HTTP server data confirmation method - Google Patents
HTTP server data confirmation method Download PDFInfo
- Publication number
- CN113765887A CN113765887A CN202110892779.2A CN202110892779A CN113765887A CN 113765887 A CN113765887 A CN 113765887A CN 202110892779 A CN202110892779 A CN 202110892779A CN 113765887 A CN113765887 A CN 113765887A
- Authority
- CN
- China
- Prior art keywords
- authentication
- request
- key
- verification
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3268—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Biomedical Technology (AREA)
- General Health & Medical Sciences (AREA)
- Telephonic Communication Services (AREA)
Abstract
The invention discloses a data confirmation method of an HTTP server, which comprises the steps of respectively constructing request information of password verification and voice verification, wherein the request information comprises a request head and a request body; generating a first key and storing the first key in a request header; encrypting the request body according to the first key, generating an encrypted request body and replacing the request body; carrying out identity authentication on the encryption request body and generating an identity authentication request body; storing the generated identity authentication request body in a request header; the method for transmitting the request information of password verification and voice verification to the server increases the technical difficulty of data cracking in data interaction of the HTTP server and improves the safety of data transmission.
Description
Technical Field
The invention relates to the technical field of data confirmation, in particular to a data confirmation method of an HTTP server.
Background
At present, in the development of the internet, the connection between the devices is more and more tight, and the security problem existing in the data transmission process between the devices is more and more concerned.
At present, two methods are mainly adopted in the market to solve the problem of data transmission between devices, one is to use http (hypertext transfer protocol) encryption to carry out data interaction; the other method is to use an http (hypertext transfer protocol security) mode for data interaction, http adopts plaintext transmission, and insecurity exists in the transmission process, which easily causes leakage of transmission data.
Disclosure of Invention
The invention aims to provide a data confirmation method for an HTTP server, and aims to solve the technical problems that in the prior art, HTTP adopts plaintext transmission, insecurity exists in the transmission process, and leakage of transmission data is easily caused.
In order to achieve the above object, the present invention employs a HTTP server data validation method, comprising the steps of,
respectively constructing request information of password authentication and voice authentication, wherein the request information comprises a request head and a request body;
generating a first key and storing the first key in a request header;
encrypting the request body according to the first key, generating an encrypted request body and replacing the request body;
carrying out identity authentication on the encryption request body and generating an identity authentication request body;
storing the generated identity authentication request body in a request header;
and transmitting the request information of password authentication and voice authentication to the server.
Wherein, in "respectively constructing request information for password authentication and voice authentication, the request information including a request header and a request body", the method further comprises,
setting letter and number verification passwords, and limiting the times of the verification passwords;
setting voice verification information and limiting the times of the verification information;
and sequencing the verification password and the voice verification information.
Wherein in the 'setting an alphanumeric authentication password and defining the number of times of the authentication password', the method further comprises,
the alphanumeric authentication code includes a fixed encryption key and a random encryption key.
Wherein, in the 'authenticating the encryption requester and generating the authentication requester', the method further comprises,
signing the user authentication public key by using the verification private key;
sending the authentication key certificate and the equipment authentication key certificate to an identity authentication server;
verifying the signature data by using the equipment verification public key;
the user information is stored in the request header together with the user authentication key.
Wherein, before "signing the user authentication key using the verification secret key", the method further comprises,
and generating a user authentication public and private key pair during user registration, and storing the user authentication private key in the user equipment.
Wherein, in storing the user information together with the user authentication key in the request header, the method further comprises,
acquiring an encryption request body in the current request information, and performing signature authentication on the encryption request body to generate a signature authentication request body;
and judging whether the generated signature authentication request body is the same as the signature authentication request body in the current request information or not, thereby judging whether the signature verification passes or not.
Wherein in the step of determining whether the generated signature authentication requester is identical to the signature authentication requester in the current request message, thereby determining whether the signature verification passes, the method further comprises,
and when the generated signature authentication request body is the same as the signature authentication request body in the current request information, the signature verification is passed, the current request information is responded, if not, the signature verification fails, and the client is informed of the signature verification result.
The invention discloses a data confirmation method of an HTTP server, which comprises the steps of respectively constructing request information of password verification and voice verification, wherein the request information comprises a request head and a request body; generating a first key and storing the first key in a request header; encrypting the request body according to the first key, generating an encrypted request body and replacing the request body; carrying out identity authentication on the encryption request body and generating an identity authentication request body; storing the generated identity authentication request body in a request header; the method for transmitting the request information of password verification and voice verification to the server increases the technical difficulty of data cracking in data interaction of the HTTP server and improves the safety of data transmission.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a flowchart of an HTTP server data validation method of the present invention.
Fig. 2 is a flow chart of the present invention for constructing request information for password authentication and voice authentication, respectively, the request information including a request header and a request body.
Fig. 3 is a flow chart of the present invention for authenticating an encrypted requestor and generating an authentication requestor.
Fig. 4 is a flow chart of the present invention for storing user information in a request header along with a user authentication key.
Detailed Description
Reference will now be made in detail to embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the drawings are illustrative and intended to be illustrative of the invention and are not to be construed as limiting the invention.
In the description of the present invention, it is to be understood that the terms "length", "width", "upper", "lower", "front", "rear", "left", "right", "vertical", "horizontal", "top", "bottom", "inner", "outer", and the like, indicate orientations or positional relationships based on the orientations or positional relationships illustrated in the drawings, and are used merely for convenience in describing the present invention and for simplicity in description, and do not indicate or imply that the devices or elements referred to must have a particular orientation, be constructed in a particular orientation, and be operated, and thus, are not to be construed as limiting the present invention. Further, in the description of the present invention, "a plurality" means two or more unless specifically defined otherwise.
Referring to fig. 1 to 4, the present invention provides a method for data validation of an HTTP server, including the following steps,
s101: respectively constructing request information of password authentication and voice authentication, wherein the request information comprises a request head and a request body;
s1011: setting letter and number verification passwords and limiting the times of the verification passwords, wherein the letter and number verification passwords comprise a fixed encryption key and a random encryption key;
s1012: setting voice verification information and limiting the times of the verification information;
s1013: sequencing the verification password and the voice verification information;
s102: generating a first key and storing the first key in a request header;
in this embodiment, the manner of obtaining the encryption key includes a method of obtaining a fixed encryption key or a random encryption key, and a more preferable method is to obtain the random encryption key, and encrypting the original data by using the random encryption key can increase the difficulty of decryption, thereby further ensuring the security of data transmission.
S103: encrypting the request body according to the first key, generating an encrypted request body and replacing the request body;
in this embodiment, the method for encrypting the request body according to the secret key, generating the encrypted request body and replacing the request body may use a symmetric encryption method including encryption algorithms such as gsm encryption algorithm, RSA encryption algorithm, RKI encryption algorithm, and DES encryption algorithm.
S104: carrying out identity authentication on the encryption request body and generating an identity authentication request body;
s1041: generating a user authentication public-private key pair during user registration, and storing a user authentication private key in user equipment;
s1042: signing the user authentication public key by using the verification private key;
s1043: sending the authentication key certificate and the equipment authentication key certificate to an identity authentication server;
s1044: verifying the signature data by using the equipment verification public key;
s1045: storing the user information and the user authentication key in a request header;
s10451: acquiring an encryption request body in current request information, performing signature authentication on the encryption request body to generate a signature authentication request body, acquiring an encryption key in a request header in the current request information, decrypting the encryption request body according to the encryption key, and responding to the current request information according to decrypted data;
s10452: and judging whether the generated signature authentication request body is the same as the signature authentication request body in the current request information or not, if so, responding to the current request information if the generated signature authentication request body is the same as the signature authentication request body in the current request information, and if not, notifying the client of the signature authentication result if the signature authentication request body is failed to be verified.
S1046: returning the user certificate to the identity authentication server for storage;
in this embodiment, the user equipment submits a user name and other necessary user data to the application provider through the APP, and applies for starting the UAF registration program. And after receiving the user request, the application provider server sends a registration application to the UAF client in the intelligent equipment through the user application. After receiving the registration application, the UAF client calls a UAF identity authenticator through an application interface and provides a local confirmation mode supported by the equipment for the user to select and confirm; after user confirmation, the UAF identity authenticator generates a new public and private key pair. The UAF identity authenticator herein may be any kind of biometric information recognition device, including but not limited to known fingerprint recognition device, face recognition module, iris recognition module, voice recognition device, etc.
After a user obtains an intelligent terminal (such as a mobile phone) supporting a UAF protocol, the user needs to input user biological feature identification information on equipment to complete local authentication as in daily use. For example, fingerprint information of a user is collected by a fingerprint identification module, voice information of the user is collected by a microphone, or face or iris information of the user is collected by a camera, so that authentication information between the user and the equipment is collected and stored in a security unit of the equipment.
The user authentication process can be realized by referring to the existing FIDO standard, in the authentication process, an identity authentication client (namely user equipment) initiates an initial identity authentication request to an identity authentication server, the server generates a random challenge value to the client, the client unlocks a UAK private key and signs the challenge value through a fingerprint or iris recognition and other biological characteristic information recognition means, the random challenge value and the signature are sent to the server, and the server verifies the signature by using the user public key certificate and returns a verification result. And if the signature passes the verification, executing corresponding electronic transaction operation.
S105: storing the generated identity authentication request body in a request header;
s106: and transmitting the request information of password authentication and voice authentication to the server.
In this embodiment, the method for the server to decrypt the encrypted data according to the encryption key to obtain the original data corresponds to the method for the client to encrypt the original data by using the encryption key, for example, the client uses the DES algorithm for encryption, and the server uses the DES algorithm for decryption.
While the invention has been described with reference to a preferred embodiment, it will be understood by those skilled in the art that various changes in form and detail may be made therein without departing from the spirit and scope of the invention as defined by the appended claims.
Claims (7)
1. A HTTP server data confirmation method is characterized by comprising the following steps,
respectively constructing request information of password authentication and voice authentication, wherein the request information comprises a request head and a request body;
generating a first key and storing the first key in a request header;
encrypting the request body according to the first key, generating an encrypted request body and replacing the request body;
carrying out identity authentication on the encryption request body and generating an identity authentication request body;
storing the generated identity authentication request body in a request header;
and transmitting the request information of password authentication and voice authentication to the server.
2. The HTTP server data confirmation method of claim 1, wherein in "request information of password authentication and voice authentication is constructed separately, the request information including a request header and a request body", the method further comprises,
setting letter and number verification passwords, and limiting the times of the verification passwords;
setting voice verification information and limiting the times of the verification information;
and sequencing the verification password and the voice verification information.
3. The HTTP server data confirmation method of claim 2, wherein in setting the authentication password of letters and numbers and defining the number of times of the authentication password, the method further comprises,
the alphanumeric authentication code includes a fixed encryption key and a random encryption key.
4. The HTTP server data validation method of claim 1, wherein, in authenticating the encrypted requestor and generating the authentication requestor, the method further comprises,
signing the user authentication public key by using the verification private key;
sending the authentication key certificate and the equipment authentication key certificate to an identity authentication server;
verifying the signature data by using the equipment verification public key;
the user information is stored in the request header together with the user authentication key.
5. The HTTP server data validation method of claim 4, wherein, prior to "signing the user authentication key with the verification private key", the method further comprises,
and generating a user authentication public and private key pair during user registration, and storing the user authentication private key in the user equipment.
6. The HTTP server data validation method of claim 4, wherein in "store user information in a request header with a user authentication key", the method further comprises,
acquiring an encryption request body in the current request information, and performing signature authentication on the encryption request body to generate a signature authentication request body;
and judging whether the generated signature authentication request body is the same as the signature authentication request body in the current request information or not, thereby judging whether the signature verification passes or not.
7. The HTTP server data validation method of claim 6, wherein in determining whether the generated signed authentication requester is identical to the signed authentication requester in the current request message, thereby determining whether the signature verification passes, the method further comprises,
and when the generated signature authentication request body is the same as the signature authentication request body in the current request information, the signature verification is passed, the current request information is responded, if not, the signature verification fails, and the client is informed of the signature verification result.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110892779.2A CN113765887A (en) | 2021-08-04 | 2021-08-04 | HTTP server data confirmation method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110892779.2A CN113765887A (en) | 2021-08-04 | 2021-08-04 | HTTP server data confirmation method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN113765887A true CN113765887A (en) | 2021-12-07 |
Family
ID=78788695
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110892779.2A Withdrawn CN113765887A (en) | 2021-08-04 | 2021-08-04 | HTTP server data confirmation method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113765887A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116866093A (en) * | 2023-09-05 | 2023-10-10 | 鼎铉商用密码测评技术(深圳)有限公司 | Identity authentication method, identity authentication device, and readable storage medium |
-
2021
- 2021-08-04 CN CN202110892779.2A patent/CN113765887A/en not_active Withdrawn
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116866093A (en) * | 2023-09-05 | 2023-10-10 | 鼎铉商用密码测评技术(深圳)有限公司 | Identity authentication method, identity authentication device, and readable storage medium |
CN116866093B (en) * | 2023-09-05 | 2024-01-05 | 鼎铉商用密码测评技术(深圳)有限公司 | Identity authentication method, identity authentication device, and readable storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20210367795A1 (en) | Identity-Linked Authentication Through A User Certificate System | |
CN110380852B (en) | Bidirectional authentication method and communication system | |
US9338163B2 (en) | Method using a single authentication device to authenticate a user to a service provider among a plurality of service providers and device for performing such a method | |
US8615663B2 (en) | System and method for secure remote biometric authentication | |
US20190173873A1 (en) | Identity verification document request handling utilizing a user certificate system and user identity document repository | |
CN109150548B (en) | Digital certificate signing and signature checking method and system and digital certificate system | |
CN106664208B (en) | System and method for establishing trust using secure transport protocol | |
WO2017032263A1 (en) | Identity authentication method and apparatus | |
WO2018090183A1 (en) | Identity authentication method, terminal device, authentication server and electronic device | |
US20100042848A1 (en) | Personalized I/O Device as Trusted Data Source | |
US20060262929A1 (en) | Method and system for identifying the identity of a user | |
US20070050618A1 (en) | Method and apparatus for user authentication | |
US20050287985A1 (en) | Using a portable security token to facilitate public key certification for devices in a network | |
JP2018038068A (en) | Method for confirming identification information of user of communication terminal and related system | |
US8397281B2 (en) | Service assisted secret provisioning | |
CN111552935B (en) | Block chain data authorized access method and device | |
CN111935712A (en) | Data transmission method, system and medium based on NB-IoT communication | |
US11777743B2 (en) | Method for securely providing a personalized electronic identity on a terminal | |
CN109361681B (en) | Method, device and equipment for authenticating national secret certificate | |
CN112020716A (en) | Remote biometric identification | |
CN107070918B (en) | A kind of network application login method and system | |
CN114362946B (en) | Key agreement method and system | |
CN114331456A (en) | Communication method, device, system and readable storage medium | |
RU2698424C1 (en) | Authorization control method | |
CN112583588B (en) | Communication method and device and readable storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WW01 | Invention patent application withdrawn after publication |
Application publication date: 20211207 |
|
WW01 | Invention patent application withdrawn after publication |