CN114401094A - Token generation and verification method and device - Google Patents
Token generation and verification method and device Download PDFInfo
- Publication number
- CN114401094A CN114401094A CN202111616912.8A CN202111616912A CN114401094A CN 114401094 A CN114401094 A CN 114401094A CN 202111616912 A CN202111616912 A CN 202111616912A CN 114401094 A CN114401094 A CN 114401094A
- Authority
- CN
- China
- Prior art keywords
- token
- key
- client
- determining
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 75
- 238000012795 verification Methods 0.000 title claims abstract description 42
- 238000012545 processing Methods 0.000 claims description 18
- 230000006835 compression Effects 0.000 claims description 15
- 238000007906 compression Methods 0.000 claims description 15
- 230000008569 process Effects 0.000 claims description 13
- 238000004590 computer program Methods 0.000 claims description 5
- 230000003993 interaction Effects 0.000 description 5
- 230000006837 decompression Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 235000014510 cooky Nutrition 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
- H04L9/3213—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a token generation method, a token verification method and a token generation device, wherein in the generation of a token, data information is compressed and encrypted, so that the safety of information transmitted in the token can be improved, the leakage is avoided, meanwhile, the content stored at the back end can be minimized, and the occupation of resources is reduced; moreover, because the identification of the client is arranged corresponding to the key, rather than adopting a uniform key as in the prior art, the multi-key issuing verification can be realized, and better safety performance is provided; in addition, when the token is verified, the token is compressed and encrypted, so that the user verification is realized, and the information security can be improved.
Description
Technical Field
The present invention relates to the field of communication security technologies, and in particular, to a token generation method, a token verification method, and a token verification device.
Background
In internet applications, a server generally needs to perform user verification and authentication on a request sent by a client to ensure service and data security. Therefore, how to perform user verification is a technical problem to be solved urgently by those skilled in the art.
Disclosure of Invention
The embodiment of the invention provides a token generation method, a token verification method and a token verification device, which are used for realizing user verification and improving interaction safety.
In a first aspect, an embodiment of the present invention provides a token generation method, including:
receiving first data sent by a client; wherein the first data comprises: an identification of the client, and user information using the client;
determining data information according to the first data, and determining header information according to the first data, a preset compression rule and a preset encryption rule;
compressing the data information according to the compression rule to obtain compressed data;
encrypting the compressed data according to the determined key corresponding to the identification of the client and the encryption rule to obtain encrypted data;
and respectively carrying out encoding processing on the encrypted data and the header information to generate the token.
Optionally, in an embodiment of the present invention, a data format of the header information and the data information is BSON.
Optionally, in this embodiment of the present invention, when the cache of the server stores the correspondence between the identifier and the key, the method for determining the key corresponding to the identifier of the client specifically includes:
judging whether the identification of the client is found from the cache;
if yes, extracting a key corresponding to the client identifier from the cache;
and if not, generating a key corresponding to the client identifier, and storing the client identifier and the corresponding key in the cache.
Optionally, in an embodiment of the present invention, the method further includes:
updating the determined key corresponding to the identifier of the client according to a preset key updating rule, and updating the token according to the updated key;
wherein the key update rule comprises:
when the header information includes a preset key period validity period, the key period validity period expires;
and/or determining that the generated token is invalid.
In a second aspect, an embodiment of the present invention provides a token verification method, including:
obtaining a token, wherein the token is generated by adopting the method provided by the embodiment of the invention;
decoding the token to obtain head information and encrypted data; determining the identification of the client based on the head information;
when the key corresponding to the identification of the client is found in the cache, the encrypted data is analyzed according to the head information and the found key;
and determining whether the token is valid according to the analysis processing result.
Optionally, in this embodiment of the present invention, when the header information includes a preset key period validity period, determining whether the token is valid according to a result of the parsing processing, specifically including:
judging whether the analysis processing result is successful analysis;
if yes, determining the validity period of the secret key from the header information, and determining that the token is valid when the validity period of the secret key is judged not to be expired;
if not, determining that the token is invalid.
Optionally, in an embodiment of the present invention, the method further includes:
and determining that the token is invalid when the key validity period is judged to be expired.
Optionally, in an embodiment of the present invention, the method further includes:
and when the key corresponding to the identifier of the client is not found in the cache, determining that the token is invalid.
In a third aspect, an embodiment of the present invention provides an electronic device, including:
a memory for storing program instructions;
and the processor is used for calling the program instructions stored in the memory and executing the method provided by the embodiment of the invention according to the obtained program.
In a fourth aspect, the present invention provides a readable storage medium storing electronic device executable instructions, where the electronic device executable instructions are configured to cause an electronic device to perform the method provided by the embodiment of the present invention.
In a fifth aspect, an embodiment of the present invention provides a computer device, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, and when the processor executes the computer program, the processor implements the steps of the above method provided by the embodiment of the present invention.
The invention has the following beneficial effects:
according to the generation method, the verification method and the verification device of the token, provided by the embodiment of the invention, in the generation of the token, the data information is compressed and encrypted, so that the safety of the information transmitted in the token can be improved, the leakage is avoided, meanwhile, the content stored at the back end can be minimized, and the resource occupation is reduced; moreover, because the identification of the client is arranged corresponding to the key, rather than adopting a uniform key as in the prior art, the multi-key issuing verification can be realized, and better safety performance is provided; in addition, when the token is verified, the token is compressed and encrypted, so that the user verification is realized, and the information security can be improved.
Drawings
Fig. 1 is a flowchart of a token generation method provided in an embodiment of the present invention;
FIG. 2 is a flow chart of one embodiment provided in embodiments of the present invention;
FIG. 3 is a flow chart of another embodiment provided in embodiments of the present invention;
fig. 4 is a flowchart of a token verification method provided in an embodiment of the present invention;
FIG. 5 is a flow chart of yet another embodiment provided in an embodiment of the present invention;
fig. 6 is a schematic structural diagram of an electronic device provided in an embodiment of the present invention.
Detailed Description
The following describes in detail specific embodiments of a token generation method, a token verification method, and a token verification apparatus according to embodiments of the present invention with reference to the accompanying drawings. It should be noted that the described embodiments are only a part of the embodiments of the present invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The inventor finds in research that Session-based (i.e. time-domain) authentication is the earliest and has poor expansion capability, so that the authentication is easy to be intercepted and forged, and the cost of a server is obviously increased with the increase of authenticated users.
JWT (JSON Web Token) solves the problems and brings the characteristics of high safety, good performance and easy expansion into the JWT, and becomes one of the most popular cross-domain identity verification solutions at present. JWT is a character string, and can be obtained by performing Base64 encoding processing on the user basic information and the signature generated by the algorithm for tamper resistance. In the process of interaction between the client and the server, the client firstly obtains a JWT token generated by the server during login operation, then each request of the client carries the JWT token, and the server can determine the identity of the client by analyzing the JWT token in the request. In this way, the server can determine the identity of the requester without accessing the database, and the requester is not limited to a host, which is convenient for the distributed system.
Therefore, the JWT has the following advantages compared with the traditional authentication method:
1. JWT authentication is more secure because a digital signature is introduced so that the server can verify whether JWT information has been modified;
2. JWT is stateless, the server does not need to store Session information, and the pressure of the server is reduced;
3. the generation can be anywhere without binding a specific identity verification system.
However, JWT currently suffers from two problems:
1) the tokens issued by the same platform/authentication center adopt a uniform key, and once the key needs to be updated, all the tokens issued originally are invalid;
2) the information passed in the token is not compressed using encryption, the information can be seen by the man in the middle, and the length of the token may be too long.
Based on this, embodiments of the present invention provide a token generation method, a token verification method, and a token verification apparatus, which are used to support verification of multi-key issuance, and can minimize content stored at a back end, improve security of information transmitted in a token, and avoid leakage.
Specifically, an embodiment of the present invention provides a token generation method, as shown in fig. 1, which is applied to a server side, and may include:
s101, receiving first data sent by a client; wherein the first data comprises: an identification of the client, and user information using the client;
the user information may be information of a user using the client, and specific information content is not limited herein.
S102, determining data information according to the first data, and determining header information according to the first data, a preset compression rule and a preset encryption rule;
s103, compressing the data information according to the compression rule to obtain compressed data;
the specific compression rule may be set according to actual needs, and is not limited herein.
S104, according to the determined key corresponding to the identification of the client, encrypting the compressed data according to the encryption rule to obtain encrypted data;
the specific encryption rule may be set according to actual needs, and is not limited herein.
And S105, respectively encoding the encrypted data and the header information to generate the token.
Specifically, when performing the encoding process, the encoding may be performed in the Base64 encoding method, but the encoding method is not limited to this, and other encoding methods may be used, and the encoding method is not limited to this.
Therefore, in the generation of the token, the data information is compressed and encrypted, so that the safety of the information transmitted in the token can be improved, the leakage is avoided, the content stored at the back end can be minimized, and the occupation of resources is reduced; moreover, because the identification of the client is arranged corresponding to the key instead of adopting a uniform key as in the prior art, the multi-key issuing verification can be realized, and better safety performance is provided.
Optionally, in an embodiment of the present invention, a data format of the header information and the data information is BSON.
Thus, compared with the existing jwt token, the present invention uses the binary BSON data format to store information, and BSON has better performance than the conventional JSON, increasing the efficiency of encryption compression for Payload (i.e. the aforementioned data information) domain.
Of course, in practical cases, the data format of the header information and the data information is not limited to BSON, and may also be other data formats, and is not limited herein.
Optionally, in this embodiment of the present invention, when the cache of the server stores the correspondence between the identifier and the key, the method for determining the key corresponding to the identifier of the client specifically includes:
judging whether the identification of the client is found from the cache;
if yes, extracting a key corresponding to the client identifier from the cache;
and if not, generating a key corresponding to the client identifier, and storing the client identifier and the corresponding key in the cache.
Since in the prior art no information of any token is stored in the backend application, the already issued token cannot be invalidated. In the embodiment of the invention, the key corresponding to the identifier of the client is stored in the cache of the server, so that the subsequent token updating can be facilitated when the issued token is invalid.
And when the client identifier does not exist in the cache, a key can be generated according to a preset key generation method, the corresponding relation between the key and the client identifier is established, and the key and the client identifier are stored in the cache so as to facilitate the subsequent verification of the token.
Specifically, in the embodiment of the present invention, as for the preset key generation method, any method that can generate a key and is known to those skilled in the art may be used, and is not limited herein.
Optionally, in an embodiment of the present invention, the method further includes:
updating the determined key corresponding to the identifier of the client according to a preset key updating rule, and updating the token according to the updated key;
wherein the key update rule comprises:
when the header information includes a preset key period validity period, the key period validity period expires;
and/or determining that the generated token is invalid.
Therefore, dynamic key updating can be realized, forced token invalidation is supported, and risks caused by token leakage are reduced.
Optionally, in an embodiment of the present invention, the method further includes:
the server may send the generated token to the client.
Therefore, the client side can conveniently send the request to the server to carry the token, and the verification and authentication process is realized.
The above method provided by the embodiments of the present invention will be described with reference to the following specific examples.
Example (b): as shown in fig. 2, the execution subjects of the following steps are all servers in the token generation process.
S201, receiving first data sent by a client when a user successfully logs in the client; wherein the first data comprises: an identification of the client, and user information using the client;
s202, determining data information in a BSON format according to the first data, and determining header information in the BSON format according to the first data, a preset compression rule and a preset encryption rule;
for example, taking the client identifier as 1376360834669744129, the compression rule as GZIP, and the encryption rule as AES256 as an example, the generated header information is as follows:
R\x00\x00\x00\x02alg\x00\x07\x00\x00\x00AES256\x00\x02typ\x00\x04\x00\x00\x00JWT\x00\x02key\x00\x14\x00\x00\x001376360834669744129\x00\x02co mpress\x00\x05\x00\x00\x00GZIP\x00\x00。
s203, compressing the data information according to the compression rule to obtain compressed data;
s204, judging whether the cache has the client identification or not; if not, executing S205; if yes, go to S206;
s205, generating a key corresponding to the client identifier, and storing the client identifier and the corresponding key in the cache; executing S206;
s206, according to a secret key corresponding to the identification of the client, encrypting the compressed data according to the encryption rule to obtain encrypted data;
s207, respectively carrying out Base64 encoding on the encrypted data and the header information to generate the token.
Example (b): as shown in fig. 3, the key update process is performed by the server in the following steps.
S301, acquiring an identifier of a client;
s302, judging whether a key corresponding to the client identification exists in the cache; if yes, executing S303; if not, ending the flow;
and S303, updating the key when the key is determined to be updated currently according to the key updating rule.
It is stated that, when updating the key, the key corresponding to the identifier of the client stored in the cache is deleted, the updated key is stored in the cache, and a corresponding relationship between the updated key and the identifier of the client is formed.
Based on the same inventive concept, an embodiment of the present invention provides a token checking method, as shown in fig. 4, which is applied to a server side, and may include:
s401, obtaining a token, wherein the token is generated by adopting the method provided by the embodiment of the invention;
wherein the token may be, but is not limited to being, retrieved from a cookie.
S402, decoding the token to obtain head information and encrypted data; determining the identification of the client based on the head information;
s403, when the key corresponding to the client identifier is found in the cache, analyzing the encrypted data according to the header information and the found key;
specifically, the parsing process may include: decompression processing and decryption processing.
Since the header information includes the encryption rule and the compression rule, the encrypted data can be parsed with these rules as well.
S404, determining whether the token is valid according to the analysis processing result.
Therefore, the identification of the client is arranged corresponding to the key instead of adopting a uniform key as in the prior art, so that the multi-key issuing verification can be realized, and better safety performance is provided; in addition, when the token is verified, the token is compressed and encrypted, so that the safety of information can be improved while user verification is realized, leakage is avoided, the content stored in the back end can be minimized, and the occupation of resources is reduced.
Optionally, in this embodiment of the present invention, when the header information includes a preset key period validity period, determining whether the token is valid according to a result of the parsing processing, specifically including:
judging whether the analysis processing result is successful analysis;
if yes, determining the validity period of the secret key from the header information, and determining that the token is valid when the validity period of the secret key is judged not to be expired;
if not, determining that the token is invalid.
The validity period of the key may be set according to actual needs, and is not limited herein.
Therefore, whether the token is valid can be determined according to the analysis processing result, and the verification process is realized; when the token is valid and the user information is extracted from the token, the subsequent user authentication process can be performed, so that the safety of interaction between the server and the client is improved.
It should be noted that, in the case of unsuccessful parsing, it is stated that the obtained token is not a token that has been generated and issued by the server before, and the key of the token is different from the key of the token that has been issued before, which results in unsuccessful parsing, and this indicates that the token may be leaked. Therefore, the safety of the interaction process can be effectively improved.
Optionally, in an embodiment of the present invention, the method further includes:
and determining that the token is invalid when the key validity period is judged to be expired.
Optionally, in an embodiment of the present invention, the method further includes:
and when the key corresponding to the identifier of the client is not found in the cache, determining that the token is invalid.
This situation illustrates that the key may have expired and therefore not be found in the cache.
Therefore, whether the token is effective or not can be judged from a plurality of angles, so that the accuracy of the verification result is improved, and the safety performance is improved.
It should be noted that, optionally, in the embodiment of the present invention, the token verification process may be applied to an interaction process between the server and the client, for example:
the client sends request information carrying the token to the server;
when the server receives the request information, extracting the token and verifying the token;
when the verification result is that the token is valid, identity information of the client (for example, but not limited to, information including an identifier of the client, etc.) may be extracted from the token;
authenticating the extracted identity information;
and when the authentication result is legal, replying the request information sent by the client.
Of course, when the authentication result is illegal and/or the verification result is that the token is invalid, the server does not reply to the request sent by the client.
And when the verification result is that the token is invalid, subsequent authentication is not executed, and authentication is only carried out when the verification result is that the token is valid.
The above method provided by the embodiments of the present invention will be described with reference to the following specific examples.
Example (b): referring to fig. 5, for the token verification process, the following steps are executed by the server.
S501, obtaining a token;
s502, decoding the token to obtain head information and encrypted data; extracting the identification of the client from the head information;
s503, judging whether the key corresponding to the extracted client identifier is stored in the cache; if yes, executing S504; if not, executing S508;
s504, according to the encryption rule and the compression rule extracted from the head information and the key searched from the cache, carrying out decryption processing and decompression processing on the encrypted data;
s505, judging whether the decryption processing and the decompression processing are successfully completed; if yes, go to S506; if not, executing S508;
s506, judging whether the validity period of the key in the header information is expired; if not, executing S507; if yes, go to S508;
s507, determining that the token is valid; ending the flow;
and S508, determining that the token is invalid.
Based on the same inventive concept, embodiments of the present invention provide an electronic device, an implementation principle of the electronic device is similar to that of the foregoing method, and specific embodiments of the electronic device may refer to the foregoing method, and repeated details are omitted.
Specifically, an electronic device provided in an embodiment of the present invention, as shown in fig. 6, includes:
a memory 601 for storing program instructions;
a processor 602, configured to call the program instructions stored in the memory 601, and execute the above method according to the obtained program.
Optionally, in the embodiment of the present invention, the electronic device may be, but is not limited to, a server.
Based on the same inventive concept, embodiments of the present invention provide a readable storage medium, where electronic device executable instructions are stored, and the electronic device executable instructions are used to enable an electronic device to execute the method provided by the embodiments of the present invention.
Based on the same inventive concept, embodiments of the present invention provide a computer device, which includes a memory, a processor, and a computer program stored on the memory and executable on the processor, and the processor executes the computer program to implement the steps of the above-mentioned method provided by the embodiments of the present invention.
It is emphasized that the above-described solution provided by the embodiment of the present invention has the following advantages:
1) compared with the existing jwt token without state completely, the scheme can realize the functions of multi-key issuing verification, dynamic token key updating and token invalidation forcing by introducing a part of states (namely the states of one-to-one correspondence between the client identifier and the key).
2) Compared with the existing jwt token, the scheme uses the storage information in the binary BSON format, the BSON has better performance than the traditional JSON, the encryption compression of the Payload domain is increased, the Payload domain is generally used for transmitting parameters, the content occupation is more, the generated token length can be effectively reduced by using the compression, and the encryption can be used for enabling the Payload to be suitable for transmitting more content, thereby providing more efficient system performance and better security performance.
3) Under the condition of cloud computing, the computing capacity of the distributed cluster can be utilized to the maximum extent, and meanwhile, better safety performance is provided under the condition of adding the multi-key signing and verifying capacity.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.
Claims (11)
1. A method for generating a token, comprising:
receiving first data sent by a client; wherein the first data comprises: an identification of the client, and user information using the client;
determining data information according to the first data, and determining header information according to the first data, a preset compression rule and a preset encryption rule;
compressing the data information according to the compression rule to obtain compressed data;
encrypting the compressed data according to the determined key corresponding to the identification of the client and the encryption rule to obtain encrypted data;
and respectively carrying out encoding processing on the encrypted data and the header information to generate the token.
2. The generation method of claim 1, wherein a data format of the header information and the data information is BSON.
3. The method of generating a key according to claim 1, wherein when the cache of the server stores the correspondence between the identifier and the key, the method of determining the key corresponding to the identifier of the client specifically includes:
judging whether the identification of the client is found from the cache;
if yes, extracting a key corresponding to the client identifier from the cache;
and if not, generating a key corresponding to the client identifier, and storing the client identifier and the corresponding key in the cache.
4. The generation method of any one of claims 1 to 3, further comprising:
updating the determined key corresponding to the identifier of the client according to a preset key updating rule, and updating the token according to the updated key;
wherein the key update rule comprises:
when the header information includes a preset key period validity period, the key period validity period expires;
and/or determining that the generated token is invalid.
5. A method for verifying a token, comprising:
obtaining a token, and the token is generated using the method of any one of claims 1-4;
decoding the token to obtain head information and encrypted data; determining the identification of the client based on the head information;
when the key corresponding to the identification of the client is found in the cache, the encrypted data is analyzed according to the head information and the found key;
and determining whether the token is valid according to the analysis processing result.
6. The verification method according to claim 5, wherein when the header information includes a preset key period validity period, determining whether the token is valid according to a result of the parsing process includes:
judging whether the analysis processing result is successful analysis;
if yes, determining the validity period of the secret key from the header information, and determining that the token is valid when the validity period of the secret key is judged not to be expired;
if not, determining that the token is invalid.
7. The verification method of claim 6, further comprising:
and determining that the token is invalid when the key validity period is judged to be expired.
8. The verification method of claim 5, further comprising:
and when the key corresponding to the identifier of the client is not found in the cache, determining that the token is invalid.
9. An electronic device, comprising:
a memory for storing program instructions;
a processor for calling said program instructions stored in said memory to execute the method of any one of claims 1 to 8 in accordance with the obtained program.
10. A readable storage medium having stored thereon electronic device-executable instructions for causing an electronic device to perform the method of any one of claims 1-8.
11. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the steps of the method according to any of claims 1-8 are implemented when the program is executed by the processor.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111616912.8A CN114401094A (en) | 2021-12-27 | 2021-12-27 | Token generation and verification method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111616912.8A CN114401094A (en) | 2021-12-27 | 2021-12-27 | Token generation and verification method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114401094A true CN114401094A (en) | 2022-04-26 |
Family
ID=81228167
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111616912.8A Pending CN114401094A (en) | 2021-12-27 | 2021-12-27 | Token generation and verification method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114401094A (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107659406A (en) * | 2016-07-25 | 2018-02-02 | 华为技术有限公司 | A kind of resource operating methods and device |
| CN112202705A (en) * | 2020-08-21 | 2021-01-08 | 上海微亿智造科技有限公司 | Digital signature verification generation and verification method and system |
| WO2021017128A1 (en) * | 2019-07-29 | 2021-02-04 | 深圳壹账通智能科技有限公司 | Login token generation method and apparatus, login token verification method and apparatus, and server |
| CN112688773A (en) * | 2019-10-17 | 2021-04-20 | 浙江大搜车软件技术有限公司 | Token generation and verification method and device |
| CN113746882A (en) * | 2020-05-28 | 2021-12-03 | 支付宝实验室(新加坡)有限公司 | User session information storage method and device and electronic equipment |
-
2021
- 2021-12-27 CN CN202111616912.8A patent/CN114401094A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107659406A (en) * | 2016-07-25 | 2018-02-02 | 华为技术有限公司 | A kind of resource operating methods and device |
| WO2021017128A1 (en) * | 2019-07-29 | 2021-02-04 | 深圳壹账通智能科技有限公司 | Login token generation method and apparatus, login token verification method and apparatus, and server |
| CN112688773A (en) * | 2019-10-17 | 2021-04-20 | 浙江大搜车软件技术有限公司 | Token generation and verification method and device |
| CN113746882A (en) * | 2020-05-28 | 2021-12-03 | 支付宝实验室(新加坡)有限公司 | User session information storage method and device and electronic equipment |
| CN112202705A (en) * | 2020-08-21 | 2021-01-08 | 上海微亿智造科技有限公司 | Digital signature verification generation and verification method and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111935094B (en) | Database access method, device, system and computer readable storage medium | |
| CN110691087B (en) | Access control method, device, server and storage medium | |
| CN111556006B (en) | Third-party application system login method, device, terminal and SSO service platform | |
| WO2018036314A1 (en) | Single-sign-on authentication method and apparatus, and storage medium | |
| CN108900471B (en) | Server, client, network system and method for transmitting data | |
| KR102429406B1 (en) | Check user interactions on the content platform | |
| CN103139200A (en) | Single sign-on method of web service | |
| US9215064B2 (en) | Distributing keys for decrypting client data | |
| CN108322416B (en) | Security authentication implementation method, device and system | |
| CN109714370B (en) | HTTP (hyper text transport protocol) -based cloud security communication implementation method | |
| CN110071937B (en) | Login method, system and storage medium based on block chain | |
| CN110958119A (en) | Identity verification method and device | |
| CN111404695A (en) | Token request verification method and device | |
| CN109698806B (en) | User data verification method and system | |
| CN114157434A (en) | Login verification method and device, electronic equipment and storage medium | |
| CN114430324B (en) | On-line rapid identity verification method based on hash chain | |
| CN113783867B (en) | Authentication request method and terminal | |
| CN111249740A (en) | Resource data access method and system | |
| CN116647345A (en) | Method and device for generating permission token, storage medium and computer equipment | |
| CN116527341A (en) | Client-side calling rear-end interface authentication authorization security method | |
| KR20210112359A (en) | Browser Cookie Security | |
| CN114584324B (en) | Identity authorization method and system based on block chain | |
| CN107343028B (en) | Communication method and system based on HTTP (hyper text transport protocol) | |
| CN114401094A (en) | Token generation and verification method and device | |
| CN113225348B (en) | Request anti-replay verification method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |