CN114710281A - Method and device for quitting Internet banking system - Google Patents
Method and device for quitting Internet banking system Download PDFInfo
- Publication number
- CN114710281A CN114710281A CN202210436726.4A CN202210436726A CN114710281A CN 114710281 A CN114710281 A CN 114710281A CN 202210436726 A CN202210436726 A CN 202210436726A CN 114710281 A CN114710281 A CN 114710281A
- Authority
- CN
- China
- Prior art keywords
- session key
- session
- key
- client
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 55
- 238000004590 computer program Methods 0.000 claims description 19
- 238000010586 diagram Methods 0.000 description 18
- 238000004891 communication Methods 0.000 description 6
- 230000006870 function Effects 0.000 description 6
- 230000008569 process Effects 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000002688 persistence Effects 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0891—Revocation or update of secret information, e.g. encryption key update or rekeying
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
Abstract
The invention provides a quitting method and a quitting device of an online banking system, which relate to the technical field of information security, and the method comprises the following steps: receiving quitting request information and a first session key identifier sent by a client; searching a corresponding second session key locally according to a first session key identifier sent by a client; decrypting the logout request information using the second session key; and if the logging-out request message is judged and known, deleting the local second session key and the second session key identification. According to the method and the device for logging out of the internet banking system, the server side correspondingly searches the stored user session key identification and the corresponding session key after receiving the login logging-out request, deletes the stored session key for maintaining the session while logging out of the internet banking, and cannot reestablish the session with the server side even if other people acquire the session key of the client side, so that the security of the data of the internet banking system is improved.
Description
Technical Field
The invention relates to the technical field of information security, in particular to a quitting method and a quitting device of an online banking system.
Background
In order to ensure the data transmission security of the online banking system and the identity compliance of the client, the financial institution provides an online banking secure login scheme, the user opens a U shield digital certificate authentication tool in the online banking, and the online banking system signs and issues a digital certificate to the U shield of the user. A user accesses an online banking system through an online banking client (a browser, an APP and the like), logs in an online bank through a U-shield digital certificate mode, Session key negotiation and secure transmission channel establishment of a TLS protocol are completed between the client and the online banking system through a TLS protocol and a U-shield digital signature function, and the online banking system keeps the validity of a Session between the online banking client and a server and the persistence of a user online banking login state by means of a TLS protocol Session key corresponding to a Session key identifier (Session ID) in the TLS protocol. When the user needs to quit the online bank, the TLS protocol session key is cleared, the client cannot be suitable for the TLS session key to maintain the effective session between the client and the server, and therefore the user cannot continue to use the online bank, and the purpose that the user safely quits the online bank for logging in is achieved.
In the prior art, a security component interface provided by a client operating system is mainly used for clearing a TLS protocol session key so as to close a session between a client and a server and achieve the purpose of safely logging out and logging in, but the method has the problem that the TLS protocol session key stored in the server is not cleared after a client logs out and logs in, and at the moment, if the TLS protocol session key which is not deleted at the client is used for being exposed to the Internet, the TLS protocol session key can be stolen after being implanted with viruses by lawbreakers and used for establishing a session with the server so as to repeatedly log in an online bank.
Disclosure of Invention
Aiming at the problems in the prior art, the embodiment of the invention provides a quitting method and a quitting device of an online banking system, which can at least partially solve the problems in the prior art.
In a first aspect, the present invention provides a logout method for an online banking system, including:
receiving logout request information and a first session key identifier sent by a client, wherein the logout request information comprises a logout request message, the logout request information is encrypted by the first session key of the client, and the first session key corresponds to the first session key identifier one by one;
locally searching a corresponding second session key according to the first session key identifier sent by the client, wherein the first session key is the same as the second session key;
decrypting the logout request information using the second session key;
and if the decrypted log-out request information contains a log-out request message, deleting the local second session key and a second session key identifier to end the session with the client, wherein the second session key and the second session key identifier are in one-to-one correspondence.
Further, the first session key and the second session key are obtained by:
receiving a TLS session request sent by a client, wherein the TLS session request comprises TLS session request information and a first random number;
sending a U shield digital certificate request and a second random number to a client, so that the client generates a pre-master key and a first session key identifier, then generates a first session key by using the first random number, the second random number and the pre-master key, and sends the pre-master key encrypted by using a server certificate public key and the pre-master key identifier to a server together with the first session key identifier;
receiving the encrypted pre-master key and the first session key identification sent by the client;
after the server certificate public key is used for decrypting the pre-master key, a second session key is generated by using the first random number, the second random number and the pre-master key;
and correspondingly storing the first session key identification as the second session key identification and the second session key.
Further, the TLS session request information includes TLS protocol version number information and encryption algorithm information.
Further, after deleting the local second session key and the second session key identifier, the method further includes: and sending a safety exit prompt to the client.
Further, the log-out request message includes a log-out request identifier, log-out time, a client IP address, and a terminal MAC address.
In a second aspect, the present invention provides a logout method for an online banking system, including: the client sends logout request information and a first session key identifier to the server, wherein the logout request information comprises a logout request message, the logout request information is encrypted by a first session key of the client, the first session key corresponds to the first session key identifier one by one, so that the server decrypts the logout request information by using a second session key, and the first session key and the second session key are the same; and if the server judges that the decrypted log-out request information contains a log-out request message, deleting the local second session key and a second session key identifier to end the session with the client, wherein the second session key and the second session key identifier are in one-to-one correspondence.
Further, the first session key and the second session key are obtained by:
sending a TLS session request to a server side, wherein the TLS session request comprises TLS session request information and a first random number;
receiving a U shield digital certificate request and a second random number sent by a server, generating a pre-master key and a first session key identifier, then generating a first session key by using the first random number, the second random number and the pre-master key, encrypting the pre-master key by using a server certificate public key, and then sending the pre-master key and the first session key identifier to the server; and after the server decrypts the pre-master key by using the server certificate public key, generating a second session key by using the first random number, the second random number and the pre-master key, and correspondingly storing the first session key identifier as the second session key identifier and the second session key.
In a third aspect, the present invention provides a withdrawal device for an internet banking system, comprising:
the system comprises a first receiving module, a second receiving module and a third receiving module, wherein the first receiving module is used for receiving log-out request information and a first session key identifier sent by a client, the log-out request information comprises a log-out request message, the log-out request information is encrypted by the first session key of the client, and the first session key corresponds to the first session key identifier one to one;
the first searching module is used for locally searching a corresponding second session key according to the first session key identifier sent by the client, wherein the first session key and the second session key are the same;
the first decryption module is used for decrypting the quit request information by using the second session key;
and the log-out judging module is used for judging that the decrypted log-out request information contains a log-out request message, and deleting the local second session key and the second session key identifier to end the session with the client, wherein the second session key and the second session key identifier are in one-to-one correspondence.
In a fourth aspect, the present invention provides an exit device for an internet banking system, comprising:
the request sending module is used for sending quit request information and a first session key identifier to the server so that the server searches a corresponding second session key according to the first session key identifier, decrypts the quit request information by using the second session key, and deletes the second session key and the second session key identifier to finish the corresponding session after judging that the decrypted quit request information contains a quit login request message;
the log-out request information comprises a log-out request message, the log-out request information is encrypted by a first session key, and the first session key corresponds to the first session key identifier one to one; the first session key and the second session key are the same; the second session key corresponds to the second session key identifier one to one.
In another aspect, the present invention provides an electronic device, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor executes the computer program to implement the steps of the method for logging out of an internet banking system according to any one of the above embodiments.
In still another aspect, the present invention provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the steps of the exiting method of the internet banking system according to any one of the above embodiments.
The quitting and device of the online banking system provided by the embodiment of the invention correspondingly searches the user session key identification and the corresponding session key stored in the server after the server receives the quitting and logging request of the client, deletes the user session key identification and the corresponding session key, deletes the session key stored in the server for maintaining the session while quitting and logging in the online banking, and cannot reestablish the session with the server even if other people maliciously obtain the session key of the client, thereby repeatedly logging in the online banking and improving the security of the data of the online banking system.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the embodiments or the prior art descriptions will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and other drawings can be obtained by those skilled in the art without creative efforts. In the drawings:
fig. 1 is a schematic flow chart of a logout method of an online banking system according to an embodiment of the present invention.
Fig. 2 is a flowchart illustrating an exit method of an internet banking system according to an embodiment of the present invention.
Fig. 3 is a flowchart illustrating an exit method of the internet banking system according to an embodiment of the present invention.
Fig. 4 is a flowchart illustrating an exit method of the internet banking system according to an embodiment of the present invention.
Fig. 5 is a schematic structural diagram of an exit device of an internet banking system according to an embodiment of the present invention.
Fig. 6 is a schematic structural diagram of an exit device of an internet banking system according to an embodiment of the present invention.
Fig. 7 is a schematic structural diagram of an exit device of an internet banking system according to an embodiment of the present invention.
Fig. 8 is a schematic structural diagram of an exit device of an internet banking system according to an embodiment of the present invention.
Fig. 9 is a schematic physical structure diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the embodiments of the present invention are further described in detail below with reference to the accompanying drawings. The exemplary embodiments and descriptions of the present invention are provided to explain the present invention, but not to limit the present invention. It should be noted that the embodiments and features of the embodiments in the present application may be arbitrarily combined with each other without conflict.
The following describes an implementation process of the logout method of the internet banking system provided by the embodiment of the present invention by taking a server as an execution subject. The execution subject of the quitting method of the online banking system provided by the embodiment of the invention includes but is not limited to a server.
Fig. 1 is a schematic flow chart of a logout method of an online banking system according to an embodiment of the present invention, and as shown in fig. 1, the logout method of the online banking system according to the embodiment of the present invention includes:
s101: receiving logout request information and a first session key identifier sent by a client, wherein the logout request information comprises a logout request message, the logout request information is encrypted by the first session key of the client, and the first session key corresponds to the first session key identifier one by one;
in this step, the server receives a log-out request and a first session key identifier sent by the client, so as to trigger the server to search and delete the second session key, thereby ending the session between the server and the client.
Specifically, the logout request information includes a logout request message, and the logout request message is used for triggering the server to start searching the second session key stored locally according to the first session key identifier.
The log-out request message is formed by assembling a log-out request identifier, log-out time, a client IP address and a terminal MAC address.
The first Session Key identifier (Session ID) is a text string, and is a unique identifier of (Session Key) corresponding to the first Session Key used for keeping the Session channel stable in the online banking connection Session.
S102: searching a corresponding second session key locally according to the first session key identification sent by the client, wherein the first session key is the same as the second session key;
in the step, the server uses the first session key identifier to locally search a corresponding second session key according to the relationship between the first session key identifier and the first session key.
Specifically, the first session key is generated by the client using a first random number generated when the client sends a TLS session request, receiving a premaster key generated after the client sends a U-shield digital certificate request and a second random number, and storing the premaster key and the second random number in the local of the client corresponding to the first session key identifier.
After receiving the encrypted premaster secret key sent by the client, the server decrypts the premaster secret key by using the server certificate public key, generates a second session secret key by using the premaster secret key, the first random number and the second random number, and stores the second session secret key in the local server corresponding to the second session secret key identifier. Therefore, the first session key and the second session key are the same, and the server uses the first session key identifier to search the corresponding second session key locally according to the corresponding relation between the first session key identifier and the first session key.
S103: decrypting the logout request information using the session key;
in this step, the server decrypts the exit request information by using the second session key, and is used to determine whether to clear the locally stored second session key and the second session key identifier corresponding to the second session key.
Specifically, the server decrypts the logout request information by using the second session key found locally in S102.
Because the quit request information is encrypted by the client before being sent, after the server receives the encrypted quit request, the quit request information is decrypted by a second session key which is the same as the first session key.
S104: and if the decrypted log-out request information contains a log-out request message, deleting the local second session key and a second session key identifier to end the session with the client, wherein the second session key and the second session key identifier are in one-to-one correspondence.
In this step, the decrypted logout request information is identified to determine whether to delete the second session key and the second session key identifier locally stored in the server, thereby ending the session between the server and the client.
Specifically, the exit request information decrypted by using the second session key in S103 is identified and determined, and if it is determined that the decrypted exit request information includes an exit request message, because the exit request message includes an exit login request identifier, the server is triggered to start a secure exit, thereby ending the session with the client.
Because the session between the online banking client and the server is performed based on a Transport Layer Security Protocol (TLS), the online banking system maintains the validity of the session between the online banking client and the server and the persistence of the online banking login state of the user by using the session key corresponding to the session key identifier in the TLS, and the online banking server and the online banking client maintain the session by storing and recording the respective first session key and the second session key.
It can be understood that, if the online banking server and the client cannot correspond to each other by storing and recording the respective first session key and the second session key, for example, the first session key and the second session key are different or the server does not have the second session key corresponding to the first session key, the session between the client and the server cannot be established or the established session cannot be maintained continuously.
Therefore, after judging that the decrypted logout request information contains the logout request message, the server deletes the second session key stored locally, so that the server does not have the second session key which is the same as the first session key of the client, thereby ending the session between the client and the server, and because the server deletes the second session key, even if the first session key stored locally at the client is maliciously acquired by others, the session with the server is attempted to be established from other clients, the session cannot be established because the server does not have the corresponding second session key, thereby ensuring the security of the user logging in the online bank.
The logging-out method of the online banking system provided by the embodiment of the invention correspondingly searches the user session key identification and the corresponding session key stored in the server after the server receives the logging-out request of the client, deletes the user session key identification and the corresponding session key, deletes the session key stored in the server for maintaining the session while logging out of the online banking, and cannot reestablish the session with the server even if other people maliciously obtain the session key of the client, thereby repeatedly logging in the online banking and improving the security of the data of the online banking system.
Fig. 2 is a schematic flow chart of a logout method of an online banking system according to an embodiment of the present invention, and as shown in fig. 2, on the basis of the foregoing embodiments, further, the first session key and the second session key are obtained through the following steps:
s201: receiving a TLS session request sent by a client, wherein the TLS session request comprises TLS session request information and a first random number;
in this step, the server receives a TLS session request sent by the client.
Specifically, when a user logs in from an online banking client, the online banking client sends a TLS session request and a first random number generated randomly to the online banking server, so that a session of the user between the client and the server is established.
Meanwhile, when the client sends the first random number to the server, the first random number is stored locally.
The TLS session request information comprises TLS protocol version number information and encryption algorithm information, wherein the TLS protocol version number information is the version number of a TLS protocol supported by a client, the encryption algorithm information is a set of encryption algorithm suites supported by the client, and after the server receives the TLS protocol version number information and the encryption algorithm information, the version number of the TLS protocol and the set of the encryption algorithm suites supported by both sides are selected.
S202: sending a U shield digital certificate request and a second random number to a client, so that the client generates a pre-master key and a first session key identifier, then generates a first session key by using the first random number, the second random number and the pre-master key, and sends the pre-master key encrypted by using a server certificate public key and the pre-master key identifier to a server together with the first session key identifier;
in the step, the server side sends a U-shield digital certificate request and a second random number to the client side, so that after the client side generates a pre-master key and a first session key identifier, the first random number, the second random number and the pre-master key are used for generating a first session key, and after the pre-master key is encrypted by using a server side certificate public key, the first session key and the first session key identifier are sent to the server side.
Specifically, after the version number of the TLS protocol and the set of the encryption algorithm suite both supported by the client and the server are selected, the server randomly generates a second random number, and sends the second random number to the client together with the U-shield digital certificate request, and meanwhile, the second random number is also stored locally at the server.
After receiving a U shield digital certificate request sent by a server, a client generates a pre-master key and a first session key identifier, and generates a first session key by using the first random number stored locally, the second random number sent by the server and the pre-master key.
After the client generates the pre-master key, the client encrypts the pre-master key by using the server certificate public key, and sends the encrypted pre-master key and the first session key identifier to the server.
S203: receiving the encrypted premaster secret key and the first session secret key identification sent by a client;
in this step, the pre-master key and the first session key identifier sent by the client and encrypted by the server certificate public key are received.
Specifically, after receiving a U-shield digital certificate request sent by a server, a client generates a pre-master key and a first session key identifier, and generates a first session key using the locally stored first random number, the second random number sent by the server, and the pre-master key.
After the client generates the pre-master key, the client encrypts the pre-master key by using the server certificate public key, and sends the encrypted pre-master key and the first session key identifier to the server.
S204: after the server certificate public key is used for decrypting the pre-master key, a second session key is generated by using the first random number, the second random number and the pre-master key;
in this step, a second session key is generated with the first random number and the second random number after the pre-master key is decrypted.
Specifically, after receiving the premaster secret key encrypted by the client, the server decrypts the premaster secret key by using the server certificate public key, and generates a second session secret key by using the first random number sent by the client and the second random number locally stored by the server.
S205: and correspondingly storing the first session key identification as the second session key identification and the second session key.
In this step, the server generates a second session key identifier and stores the second session key identifier in correspondence with the second session key.
Specifically, after receiving the encrypted premaster secret key sent by the client, the server decrypts the premaster secret key by using the server certificate public key, generates the premaster secret key by using the first random number and the second random number, and stores the premaster secret key locally corresponding to the second session secret key identifier. Therefore, the first session key and the second session key are the same, the first session key identification corresponding to the first session key which is the same as the second session key is used as the second session key identification corresponding to the second session key, and the second session key identification are correspondingly stored locally at the server.
Fig. 3 is a schematic flowchart of a logout method of the internet banking system according to an embodiment of the present invention, and as shown in fig. 3, on the basis of the foregoing embodiments, further, the logout method of the internet banking system according to the embodiment of the present invention further includes, after deleting the local second session key and the second session key identifier:
s105: and sending a safety exit prompt to the client.
In this step, a safe logout prompt is sent to the client terminal which successfully logs out.
Specifically, in S104, after it is determined that the decrypted logout request information includes the logout request packet, the server deletes the second session key and the corresponding second session key identifier stored locally, so that the server does not have the second session key that is the same as the first session key of the client, thereby ending the session between the client and the server, and when the session between the client and the server is ended, the server sends a secure logout prompt to the client to prompt the user that the online bank has securely logged out.
The following describes an implementation process of the logout method of the internet banking system provided by the embodiment of the present invention by taking a client server as an execution subject. The execution subject of the quitting method of the online banking system provided by the embodiment of the invention includes but is not limited to a server.
The quitting method of the online banking system provided by the embodiment of the invention comprises the following steps:
the client sends quit request information and a first session key identification to the server, so that the server searches a corresponding second session key according to the first session key identification, decrypts the quit request information by using the second session key, and deletes the second session key and the second session key identification to end a corresponding session after judging that the decrypted quit request information contains a quit login request message;
the log-out request information comprises a log-out request message, the log-out request information is encrypted by a first session key, and the first session key corresponds to the first session key identification one by one; the first session key and the second session key are the same; the second session key corresponds to the second session key identifier one to one.
In this step, the client sends logout request information and a first session key identifier to the server, so that the server deletes the local second session key and the second session key identifier to end the session with the client.
Specifically, the logout request information includes a logout request message, and the logout request message is used to trigger the server to start searching the second session key locally stored according to the first session key identifier.
The log-out request message is formed by assembling a log-out request identifier, log-out time, a client IP address and a terminal MAC address.
The first Session Key identifier (Session ID) is a text string, and is a unique identifier of (Session Key) corresponding to the first Session Key used for keeping the Session channel stable in the online banking connection Session.
The steps of the method for the server to delete the local second session key and the second session key identifier to end the session with the client are detailed above, and are not described in detail in this embodiment.
Fig. 4 is a schematic flowchart of a logout method of an online banking system according to an embodiment of the present invention, and as shown in fig. 4, on the basis of the foregoing embodiments, further, the first session key and the second session key are obtained through the following steps:
s401: sending a TLS session request to a server side, wherein the TLS session request comprises TLS session request information and a first random number;
in this step, a TLS session request is sent to the server.
Specifically, when a user logs in from an online banking client, the online banking client sends a TLS session request and a first random number generated randomly to the online banking server, so that a session of the user between the client and the server is established.
Meanwhile, when the client sends the first random number to the server, the first random number is stored locally.
The TLS session request information comprises TLS protocol version number information and encryption algorithm information, wherein the TLS protocol version number information is the version number of a TLS protocol supported by a client, the encryption algorithm information is a set of encryption algorithm suites supported by the client, and after the server receives the TLS protocol version number information and the encryption algorithm information, the version number of the TLS protocol and the set of the encryption algorithm suites supported by both sides are selected.
S402: receiving a U shield digital certificate request and a second random number sent by a server, generating a pre-master key and a first session key identifier, then generating a first session key by using the first random number, the second random number and the pre-master key, encrypting the pre-master key by using a server certificate public key, and then sending the pre-master key and the first session key identifier to the server; and after the server decrypts the pre-master key by using the server certificate public key, generating a second session key by using the first random number, the second random number and the pre-master key, and correspondingly storing the first session key identifier as the second session key identifier and the second session key.
In the step, the client receives a U shield digital certificate request and a second random number sent by the server, generates a pre-master key and a first session key identifier, then generates a first session key, and sends the encrypted pre-master key and the first session key identifier to the server.
Specifically, after the version number of the TLS protocol and the set of the encryption algorithm suite both supported by the client and the server are selected, the server randomly generates a second random number, and sends the second random number to the client together with the U-shield digital certificate request, and meanwhile, the second random number is also stored locally at the server.
After receiving a U shield digital certificate request sent by a server, a client generates a pre-master key and a first session key identifier, and generates a first session key by using the first random number stored locally, the second random number sent by the server and the pre-master key.
After the client generates the pre-master key, the client encrypts the pre-master key by using the server certificate public key, and sends the encrypted pre-master key and the first session key identifier to the server.
Specifically, after the server decrypts the premaster secret key by using the server certificate public key, a second session secret key is generated by using the first random number, the second random number and the premaster secret key, and the content of the identifier of the first session secret key, which is used as the identifier of the second session secret key and is correspondingly stored with the second session secret key, is described in detail above, and this embodiment is not described again.
The logging-out method of the online banking system provided by the embodiment of the invention correspondingly searches the user session key identification and the corresponding session key stored by the server after the server receives the logging-out request of the client, deletes the user session key identification and the corresponding session key, deletes the application session key stored by the server while logging out of the online banking, and cannot reestablish a session with the server even if other people maliciously acquire the session key of the client, thereby repeatedly logging in the online banking and improving the security of the data of the online banking system.
Fig. 5 is a schematic structural diagram of an exit device of an online banking system according to an embodiment of the present invention, and as shown in fig. 5, the exit device of the online banking system according to the embodiment of the present invention includes a first receiving module 501, configured to receive exit request information and a first session key identifier sent by a client, where the exit login request information includes an exit login request message, the exit request information is encrypted by the first session key of the client, and the session first session key corresponds to the first session key identifier one to one; a first searching module 502, configured to locally search a corresponding second session key according to the first session key identifier sent by the client, where the first session key is the same as the second session key; a first decryption module 503, configured to decrypt the logout request information using the second session key; a log-out judging module 504, configured to judge that the decrypted log-out request information includes a log-out request packet, delete the local second session key and the second session key identifier to end the session with the client, where the second session key and the second session key identifier correspond to each other one to one; wherein:
a first receiving module 501, configured to receive a login logout request and a first session key identifier sent by a client, so as to trigger a server to search and delete the second session key, thereby ending a session between the server and the client.
A first searching module 502, configured to locally search, according to a relationship between the first session key identifier and the first session key, a corresponding second session key using the first session key identifier.
The first decryption module 503 is configured to decrypt the logout request information using the second session key, and is configured to determine whether to clear the locally stored second session key and the second session key identifier corresponding to the locally stored second session key.
A quit determining module 504, configured to identify the decrypted quit request information to determine whether to delete the second session key and the second session key identifier locally stored in the server, so as to end the session between the server and the client.
Fig. 6 is a schematic structural diagram of a quitting device of an online banking system according to an embodiment of the present invention, and as shown in fig. 6, the quitting device of the online banking system according to the embodiment of the present invention includes: a first receiving module 601, configured to receive a TLS session request sent by a client, where the TLS session request includes TLS session request information and a first random number; a first sending module 602, configured to send a U-shield digital certificate request and a second random number to a client, so that after the client generates a pre-master key and a first session key identifier, the client generates a first session key using the first random number, the second random number, and the pre-master key, encrypts the pre-master key using a server certificate public key, and sends the pre-master key and the first session key identifier to a server; a second receiving module 603, configured to receive the encrypted premaster secret key and the first session secret key identifier sent by the client; a key generation module 604, configured to generate a second session key using the first random number, the second random number, and the premaster secret key after decrypting the premaster secret key using a server certificate public key; a storage module 605, configured to store the first session key identifier as the second session key identifier and store the second session key identifier in a corresponding manner. Wherein:
the first receiving module 601 is configured to receive a TLS session request sent by a client.
A first sending module 602, configured to send a U-shield digital certificate request and a second random number to a client by a server, so that after the client generates a pre-master key and a first session key identifier, the client generates a first session key by using the first random number, the second random number, and the pre-master key, encrypts the pre-master key by using a server certificate public key, and sends the pre-master key and the first session key identifier to the server.
A second receiving module 603, configured to receive the premaster secret key and the first session secret key identifier, which are sent by the client and encrypted by the server certificate public key.
The key generating module 604 is configured to decrypt the premaster secret key and then generate a second session secret key with the first random number and the second random number.
The storage module 605 is configured to generate a second session key identifier by the server and store the second session key identifier in correspondence with the second session key identifier.
Fig. 7 is a schematic structural diagram of a quitting device of an online banking system according to an embodiment of the present invention, and as shown in fig. 7, the quitting device of the online banking system according to the embodiment of the present invention further includes: and a prompt module 505, configured to send a security exit prompt to the client. Wherein:
and a prompt module 505, configured to send a secure exit prompt to the client that successfully exits.
On the basis of the above embodiments, further, the quitting device of the internet banking system provided by the embodiment of the present invention is a request sending module, configured to send a request to a user terminal of the internet banking system
Sending quit request information and a first session key identification to a server so that the server searches a corresponding second session key according to the first session key identification, decrypting the quit request information by using the second session key, and deleting the second session key and the second session key identification to finish the corresponding session after judging that the decrypted quit request information contains a quit login request message; the log-out request information comprises a log-out request message, the log-out request information is encrypted by a first session key, and the first session key corresponds to the first session key identifier one to one; the first session key and the second session key are the same; the second session key corresponds to the second session key identifier one to one.
Wherein:
and the request sending module is used for sending quit request information and a first session key identifier to the server so that the server deletes the local second session key and the second session key identifier to end the session with the client.
Fig. 8 is a schematic structural diagram of a quitting device of an internet banking system according to an embodiment of the present invention, and as shown in fig. 8, the quitting device of the internet banking system according to the embodiment of the present invention includes:
a second sending module 801, configured to send a TLS session request to a server, where the TLS session request includes TLS session request information and a first random number;
a third receiving module 802, configured to receive a U-shield digital certificate request and a second random number sent by a server, generate a pre-master key and a first session key identifier, then generate a first session key using the first random number, the second random number, and the pre-master key, encrypt the pre-master key using a server certificate public key, and send the pre-master key and the first session key identifier to the server; and after the server decrypts the pre-master key by using the server certificate public key, generating a second session key by using the first random number, the second random number and the pre-master key, and correspondingly storing the first session key identifier as the second session key identifier and the second session key. Wherein:
a second sending module 801, configured to send a TLS session request to a server.
A third receiving module 802, configured to receive a U-shield digital certificate request and a second random number sent by a server, generate a pre-master key and a first session key identifier, then generate a first session key, and send the encrypted pre-master key and the first session key identifier to the server together.
The embodiment of the server provided in the embodiment of the present invention may be specifically configured to execute the processing flows of the above method embodiments, and the functions of the embodiment are not described herein again, and refer to the detailed description of the above method embodiments.
It should be noted that the logout method and apparatus for the internet banking system provided by the embodiment of the present invention may be used in the financial field, and may also be used in any technical field except the financial field
Fig. 9 is a schematic physical structure diagram of an electronic device according to an embodiment of the present invention, and as shown in fig. 9, the electronic device may include: a processor (processor)901, a communication Interface (Communications Interface)902, a memory (memory)903 and a communication bus 904, wherein the processor 901, the communication Interface 902 and the memory 903 are in communication with each other via the communication bus 904. The processor 901 may call logic instructions in the memory 903 to perform the following method: receiving logout request information and a first session key identifier sent by a client, wherein the logout request information comprises a logout request message, the logout request information is encrypted by the first session key of the client, and the first session key corresponds to the first session key identifier one by one; locally searching a corresponding second session key according to the first session key identifier sent by the client, wherein the first session key is the same as the second session key; decrypting the logout request information using the session key; and if the decrypted log-out request information contains a log-out request message, deleting the local second session key and a second session key identifier to end the session with the client, wherein the second session key and the second session key identifier are in one-to-one correspondence. The client sends logout request information and a first session key identifier to the server, wherein the logout request information comprises a logout request message, the logout request information is encrypted by a first session key of the client, the first session key corresponds to the first session key identifier one by one, so that the server decrypts the logout request information by using a second session key, and the first session key and the second session key are the same; and if the server judges that the decrypted log-out request information contains a log-out request message, deleting the local second session key and a second session key identifier to end the session with the client, wherein the second session key and the second session key identifier are in one-to-one correspondence.
In addition, the logic instructions in the memory 903 may be implemented in a software functional unit and stored in a computer readable storage medium when the logic instructions are sold or used as a separate product. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The present embodiment discloses a computer program product comprising a computer program stored on a non-transitory computer readable storage medium, the computer program comprising program instructions which, when executed by a computer, enable the computer to perform the method provided by the above-mentioned method embodiments, for example, comprising: receiving logout request information and a first session key identifier sent by a client, wherein the logout request information comprises a logout request message, the logout request information is encrypted by the first session key of the client, and the first session key corresponds to the first session key identifier one by one; locally searching a corresponding second session key according to the first session key identifier sent by the client, wherein the first session key is the same as the second session key; decrypting the logout request information using the session key; and if the decrypted log-out request information contains a log-out request message, deleting the local second session key and a second session key identifier to end the session with the client, wherein the second session key and the second session key identifier are in one-to-one correspondence. The client sends logout request information and a first session key identifier to the server, wherein the logout request information comprises a logout request message, the logout request information is encrypted by a first session key of the client, the first session key corresponds to the first session key identifier one by one, so that the server decrypts the logout request information by using a second session key, and the first session key and the second session key are the same; and if the server judges that the decrypted log-out request information contains a log-out request message, deleting the local second session key and a second session key identifier to end the session with the client, wherein the second session key and the second session key identifier are in one-to-one correspondence.
The present embodiment provides a computer-readable storage medium, which stores a computer program, where the computer program causes the computer to execute the method provided by the above method embodiments, for example, the method includes: receiving logout request information and a first session key identifier sent by a client, wherein the logout request information comprises a logout request message, the logout request information is encrypted by the first session key of the client, and the first session key corresponds to the first session key identifier one by one; locally searching a corresponding second session key according to the first session key identifier sent by the client, wherein the first session key is the same as the second session key; decrypting the logout request information using the session key; and if the decrypted log-out request information contains a log-out request message, deleting the local second session key and a second session key identifier to end the session with the client, wherein the second session key and the second session key identifier are in one-to-one correspondence. The client sends logout request information and a first session key identifier to the server, wherein the logout request information comprises a logout request message, the logout request information is encrypted by a first session key of the client, the first session key corresponds to the first session key identifier one by one, so that the server decrypts the logout request information by using a second session key, and the first session key and the second session key are the same; and if the server side judges that the decrypted log-out request information contains a log-out request message, deleting the local second session key and the second session key identification to end the session with the client side, wherein the second session key corresponds to the second session key identification one to one.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In the description herein, reference to the description of the terms "one embodiment," "a particular embodiment," "some embodiments," "for example," "an example," "a particular example," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
The above-mentioned embodiments are provided to further explain the objects, technical solutions and advantages of the present invention in detail, and it should be understood that the above-mentioned embodiments are only examples of the present invention and should not be used to limit the scope of the present invention, and any modifications, equivalents, improvements and the like made within the spirit and principle of the present invention should be included in the scope of the present invention.
Claims (11)
1. A quit method of an online banking system is characterized by comprising the following steps:
receiving logout request information and a first session key identifier sent by a client, wherein the logout request information comprises a logout request message, the logout request information is encrypted by the first session key of the client, and the first session key corresponds to the first session key identifier one by one;
locally searching a corresponding second session key according to the first session key identifier sent by the client, wherein the first session key is the same as the second session key;
decrypting the logout request information using the second session key;
and if the decrypted log-out request information contains a log-out request message, deleting the local second session key and a second session key identifier to end the session with the client, wherein the second session key and the second session key identifier are in one-to-one correspondence.
2. The internet banking system logout method according to claim 1, wherein the first session key and the second session key are obtained by:
receiving a TLS session request sent by a client, wherein the TLS session request comprises TLS session request information and a first random number;
sending a U shield digital certificate request and a second random number to a client, so that after the client generates a pre-master key and a first session key identifier, the first random number, the second random number and the pre-master key are used for generating a first session key, and after the pre-master key is encrypted by using a server certificate public key, the pre-master key and the first session key identifier are sent to a server;
receiving the encrypted premaster secret key and the first session secret key identification sent by a client;
after the pre-master key is decrypted by using a server certificate public key, a second session key is generated by using the first random number, the second random number and the pre-master key;
and correspondingly storing the first session key identification as the second session key identification and the second session key.
3. The internet banking system logout method according to claim 2, wherein the TLS session request information includes TLS protocol version number information and encryption algorithm information.
4. The logging-out method of the internet banking system as claimed in claim 1, further comprising, after deleting the local second session key and the second session key identifier:
and sending a safety exit prompt to the client.
5. The internet banking system logout method according to claim 1, wherein the logout request message comprises a logout request identifier, a logout time, a client IP address and a terminal MAC address.
6. A quit method of an online banking system is characterized by comprising the following steps:
sending quit request information and a first session key identification to a server so that the server searches a corresponding second session key according to the first session key identification, decrypting the quit request information by using the second session key, and deleting the second session key and the second session key identification to finish the corresponding session after judging that the decrypted quit request information contains a quit login request message;
the log-out request information comprises a log-out request message, the log-out request information is encrypted by a first session key, and the first session key corresponds to the first session key identifier one to one; the first session key and the second session key are the same; the second session key corresponds to the second session key identifier one to one.
7. The internet banking system logout method according to claim 6, wherein the first session key and the second session key are obtained by:
sending a TLS session request to a server side, wherein the TLS session request comprises TLS session request information and a first random number;
receiving a U shield digital certificate request and a second random number sent by a server, generating a pre-master key and a first session key identifier, then generating a first session key by using the first random number, the second random number and the pre-master key, encrypting the pre-master key by using a server certificate public key, and then sending the pre-master key and the first session key identifier to the server; and after the server decrypts the pre-master key by using the server certificate public key, generating a second session key by using the first random number, the second random number and the pre-master key, and correspondingly storing the first session key identifier as the second session key identifier and the second session key.
8. An exit device of an internet banking system, comprising:
the system comprises a first receiving module, a second receiving module and a third receiving module, wherein the first receiving module is used for receiving log-out request information and a first session key identifier sent by a client, the log-out request information comprises a log-out request message, the log-out request information is encrypted by the first session key of the client, and the first session key corresponds to the first session key identifier one to one;
the first searching module is used for locally searching a corresponding second session key according to the first session key identifier sent by the client, wherein the first session key and the second session key are the same;
the first decryption module is used for decrypting the quit request information by using the second session key;
and the log-out judging module is used for judging that the decrypted log-out request information contains a log-out request message, and deleting the local second session key and the second session key identifier to end the session with the client, wherein the second session key and the second session key identifier are in one-to-one correspondence.
9. An exit device of an internet banking system, comprising:
the request sending module is used for sending quit request information and a first session key identifier to the server so that the server searches a corresponding second session key according to the first session key identifier, decrypts the quit request information by using the second session key, and deletes the second session key and the second session key identifier to finish the corresponding session after judging that the decrypted quit request information contains a quit login request message;
the log-out request information comprises a log-out request message, the log-out request information is encrypted by a first session key, and the first session key corresponds to the first session key identifier one to one; the first session key and the second session key are the same; the second session key corresponds to the second session key identifier one to one.
10. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the steps of the method of any of claims 1 to 7 are implemented when the computer program is executed by the processor.
11. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method of any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210436726.4A CN114710281A (en) | 2022-04-24 | 2022-04-24 | Method and device for quitting Internet banking system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210436726.4A CN114710281A (en) | 2022-04-24 | 2022-04-24 | Method and device for quitting Internet banking system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114710281A true CN114710281A (en) | 2022-07-05 |
Family
ID=82173852
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210436726.4A Pending CN114710281A (en) | 2022-04-24 | 2022-04-24 | Method and device for quitting Internet banking system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114710281A (en) |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106850699A (en) * | 2017-04-10 | 2017-06-13 | 中国工商银行股份有限公司 | A kind of mobile terminal login authentication method and system |
| CN111698264A (en) * | 2020-06-28 | 2020-09-22 | 京东数字科技控股有限公司 | Method and apparatus for maintaining user authentication sessions |
-
2022
- 2022-04-24 CN CN202210436726.4A patent/CN114710281A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106850699A (en) * | 2017-04-10 | 2017-06-13 | 中国工商银行股份有限公司 | A kind of mobile terminal login authentication method and system |
| CN111698264A (en) * | 2020-06-28 | 2020-09-22 | 京东数字科技控股有限公司 | Method and apparatus for maintaining user authentication sessions |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8307208B2 (en) | Confidential communication method | |
| JP4235676B2 (en) | Authentication system and authentication method | |
| EP2304636B1 (en) | Mobile device assisted secure computer network communications | |
| CN109150897B (en) | End-to-end communication encryption method and device | |
| CN112751821B (en) | Data transmission method, electronic equipment and storage medium | |
| US20060005033A1 (en) | System and method for secure communications between at least one user device and a network entity | |
| CN108243176B (en) | Data transmission method and device | |
| JP2017521934A (en) | Method of mutual verification between client and server | |
| CN108111497B (en) | Mutual authentication method and device for camera and server | |
| CN109167802B (en) | Method, server and terminal for preventing session hijacking | |
| US20030210791A1 (en) | Key management | |
| CN110213195B (en) | Login authentication method, server and user terminal | |
| CN107920052B (en) | Encryption method and intelligent device | |
| CN113806772A (en) | Information encryption transmission method and device based on block chain | |
| KR100860573B1 (en) | Method for User Authentication | |
| US20160065366A1 (en) | Password-Based Generation and Management of Secret Cryptographic Keys | |
| CN113225352A (en) | Data transmission method and device, electronic equipment and storage medium | |
| CN114143082A (en) | Encryption communication method, system and device | |
| CN111639357A (en) | Encryption network disk system and authentication method and device thereof | |
| CN110839240A (en) | Method and device for establishing connection | |
| CN105099686B (en) | Data synchronous method, server, terminal and system | |
| JP2022117456A (en) | Message transmission system with hardware security module | |
| CN113922974B (en) | Information processing method and system, front end, server side and storage medium | |
| CN109120621B (en) | Data processor | |
| CN112487380A (en) | Data interaction method, device, equipment and medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |