CN115065553A - Single package authentication method and device, electronic equipment and storage medium - Google Patents
Single package authentication method and device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN115065553A CN115065553A CN202210889160.0A CN202210889160A CN115065553A CN 115065553 A CN115065553 A CN 115065553A CN 202210889160 A CN202210889160 A CN 202210889160A CN 115065553 A CN115065553 A CN 115065553A
- Authority
- CN
- China
- Prior art keywords
- client
- timestamp information
- verification
- spa
- identification information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 54
- 238000012795 verification Methods 0.000 claims abstract description 58
- 238000012545 processing Methods 0.000 description 12
- 238000004590 computer program Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 4
- 238000013475 authorization Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000004891 communication Methods 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/108—Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3297—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a single packet authentication method, a single packet authentication device, electronic equipment and a storage medium, wherein the method comprises the following steps: receiving an SPA message sent by a client; determining the identity identification information and the timestamp information of the client according to the SPA message; determining whether the client passes the verification or not according to the identity identification information and the timestamp information of the client; and if the verification is passed, updating the identity identification information and the timestamp information of the client to a local record. The method provided by the invention is a method for preventing the replay of the SPA from knocking the door, can effectively prevent an attacker from using a replay SPA mode to pass single-packet authentication, and enhances the safety of an SDP controller or an SDP gateway.
Description
Technical Field
The present invention relates to the field of network security technologies, and in particular, to a method and an apparatus for single-package authentication, an electronic device, and a storage medium.
Background
Software Defined Perimeter (SDP) is a network security architecture that can provide security protection for the OSI seven-layer protocol stack. SDP three major components: SDP controller, SDP client, SDP gateway. SDP can realize asset hiding, before a client is allowed to be connected to the hidden asset, a single data packet is used for establishing trust connection through a separate control and data plane, a zero trust network realized by the SDP can defend a new variant of an old attack method, and the security difficulty of increasingly complex and expanded attack surface faced by the SDP can be improved.
Currently, the conventional practice of the industry for anti-SPA replay is: the SPA message carries a timestamp, after the SDP controller or the SDP gateway receives the SPA message, the timestamp in the SPA message is compared with the local time, and if the difference value of the timestamp in the SPA message and the local time is within a preset time range, the SPA is considered to be legal. In the processing mode, the client of the SDP and the SDP controller or the SDP gateway need to carry out time synchronization, if the local clocks of the sending party and the receiving party of the SPA message are not synchronous, authentication failure is easily caused, and the standard for measuring whether the timestamp in the SPA message is overtime is difficult to determine, so that the SPA replay attack is easily suffered, the replay attack cannot be completely prevented, and the authentication accuracy is not high.
Disclosure of Invention
The invention provides a single packet authentication method, a single packet authentication device, electronic equipment and a storage medium, which are used for solving the technical problem of low client authentication accuracy in the prior art and achieving the purpose of improving the accuracy of single packet authentication by comparing a timestamp of the time with a timestamp recorded by last authentication.
In a first aspect, the present invention provides a single packet authentication method, including:
receiving an SPA message sent by a client;
determining the identity identification information and the timestamp information of the client according to the SPA message;
determining whether the client passes the verification or not according to the identity identification information and the timestamp information of the client;
and if the verification is passed, updating the identity identification information and the timestamp information of the client to a local record.
Further, according to the single packet data authentication method provided by the present invention, determining whether the client passes the verification according to the identification information and the timestamp information of the client includes:
according to the identity identification information, retrieving timestamp information carried by the last successful knock of the client in a local record;
and determining whether the client passes the verification or not according to the timestamp information of the client and the timestamp information carried by the last successful knock.
Further, according to the single-packet authentication method provided by the present invention, determining whether the client passes the verification according to the timestamp information of the client and the timestamp information carried by the last successful knock includes:
and if the timestamp information of the client is larger than the timestamp information carried by the last successful knock, determining that the client passes the verification.
Further, according to the single-packet authentication method provided by the present invention, the determining whether the client passes the verification according to the timestamp information of the client and the timestamp information carried by the last successful knock further includes:
and if the timestamp information of the client is less than or equal to the timestamp information carried by the last successful knock, determining that the client fails to be verified.
Further, according to the single packet authentication method provided by the present invention, before receiving the SPA packet sent by the client, the method includes:
and the client constructs an SPA message, wherein the SPA message carries the identity information and the timestamp information of the client.
In a second aspect, the present invention further provides a single packet authentication apparatus, including:
the receiving module is used for receiving the SPA message sent by the client;
the first determining module is used for determining the identity identification information and the timestamp information of the client according to the SPA message;
the second determining module is used for determining whether the client passes the verification according to the identity identification information and the timestamp information of the client;
and the updating module is used for updating the identity identification information and the timestamp information of the client to a local record if the client passes the verification.
Further, according to the single-package authentication apparatus provided in the present invention, the determining module is further configured to:
according to the identity identification information, retrieving timestamp information carried by the last successful knock of the client in a local record;
and determining whether the client passes the verification or not according to the timestamp information of the client and the timestamp information carried by the last successful knock.
Further, according to the single-package authentication apparatus provided in the present invention, the determining module is further configured to:
and if the timestamp information of the client is larger than the timestamp information carried by the last successful knock, determining that the client passes the verification.
In a third aspect, the present invention also provides an electronic device, including:
a processor, a memory, and a bus, wherein,
the processor and the memory are communicated with each other through the bus;
the memory stores program instructions executable by the processor, the processor invoking the program instructions to perform the steps of the single packet authentication method as described in any one of the above.
In a fourth aspect, the present invention also provides a non-transitory computer readable storage medium storing computer instructions for causing a computer to perform the steps of the single package authentication method as described in any one of the above.
The invention provides a single packet authentication method, a single packet authentication device, electronic equipment and a storage medium, wherein the method comprises the following steps: receiving an SPA message sent by a client; determining the identity identification information and the timestamp information of the client according to the SPA message; determining whether the client passes the verification or not according to the identity identification information and the timestamp information of the client; and if the verification is passed, updating the identity identification information and the timestamp information of the client to a local record. The method provided by the invention is a method for preventing the replay of the SPA from knocking the door, can effectively prevent an attacker from using a replay SPA mode to pass single-packet authentication, and enhances the safety of an SDP controller or an SDP gateway.
Drawings
In order to more clearly illustrate the technical solutions of the present invention or the prior art, the drawings needed for the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and those skilled in the art can also obtain other drawings according to the drawings without creative efforts.
FIG. 1 is a flow chart of a single packet authentication method provided by the present invention;
FIG. 2 is a schematic overall flow chart of a single packet authentication method provided by the present invention;
FIG. 3 is a schematic structural diagram of a single-package authentication device provided in the present invention;
fig. 4 is a schematic structural diagram of an electronic device provided in the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention clearer, the technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings, and it is obvious that the described embodiments are some, but not all embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In order to better understand the technical solution of the present invention, the following description of the prior art is provided.
Fig. 1 is a schematic flow chart of a single packet authentication method provided by the present invention, and as shown in fig. 1, the single packet authentication method provided by the present invention includes:
step 101: and receiving the SPA message sent by the client.
In this embodiment, an SDP controller or an SDP gateway needs to receive an SPA Packet sent by an SDP client, where the SPA (single Packet authorization) Packet refers to a single Packet authorization Packet and belongs to a core function of an SDP.
Step 102: and determining the identity identification information and the timestamp information of the client according to the SPA message.
In this embodiment, the SPA message does not need to be decrypted, the identification information and the timestamp information of the client are directly extracted according to the SPA message, in other embodiments, the received SPA message may need to be decrypted, the decrypted SPA message includes the identification information and the timestamp information of the client, for example, the client 111 is specifically included, the timestamp information of the sent message is 16:00 pm of 2022.1.9, the specific format may be set according to the actual needs of the user, and no specific limitation is made herein.
Step 103: and determining whether the client passes the verification or not according to the identity identification information and the timestamp information of the client.
In this embodiment, the SDP controller or the SDP gateway further needs to determine whether the client passes the verification according to the identity information and the timestamp information of the client, where the verification mode is to compare the timestamp information of this time with the timestamp information of the last time of verification, and when the timestamp information of this time is greater than the timestamp information of the last time, the verification passes, and the specific comparison mode is described in the following embodiments, which is not described in detail herein.
Step 104: and if the verification is passed, updating the identity identification information and the timestamp information of the client to a local record.
In this embodiment, after the verification passes, the identification information and the timestamp information of the client need to be updated and stored in the local record, for example, the identification information of the client is 1, the timestamp information of the last record is 19:02, after the verification passes, the update information is the client 1, and the timestamp information is 19: 20. It should be noted that the specific updating method is a method well known in the art, and is not limited herein.
According to the single-packet authentication method provided by the invention, the SPA message sent by the client is received; determining the identity identification information and the timestamp information of the client according to the SPA message; determining whether the client passes the verification or not according to the identity identification information and the timestamp information of the client; and if the verification is passed, updating the identity identification information and the timestamp information of the client to a local record. The method provided by the invention is a method for preventing the replay of the SPA from knocking the door, can effectively prevent an attacker from using a replay SPA mode to pass single-packet authentication, and enhances the safety of an SDP controller or an SDP gateway.
Based on any of the foregoing embodiments, in an embodiment, the determining whether the client is authenticated according to the identity information and the timestamp information of the client includes:
according to the identity identification information, retrieving timestamp information carried by the last successful knock of the client in a local record;
and determining whether the client passes the verification or not according to the timestamp information of the client and the timestamp information carried by the last successful knock.
In this embodiment, the SDP controller or the SDP gateway needs to retrieve, according to the identification information of the SDP client, timestamp information carried by the client that was last successfully knocked in the local record, and then compare the current timestamp information with timestamp information carried by the last successful knocking to determine whether the client passes verification.
According to the single-packet authentication method provided by the invention, whether the client passes the verification or not is determined according to the timestamp information of the client and the timestamp information carried by the last successful knock, the processing mode improves the efficiency and the accuracy of data authentication processing, an attacker can be effectively prevented from passing the single-packet authentication by utilizing a mode of replaying SPA, and the safety of an SDP controller or an SDP gateway is enhanced.
Based on any one of the foregoing embodiments, in an embodiment, the determining, according to the timestamp information of the client and the timestamp information carried in the last successful knock, whether the client passes the verification includes:
and if the timestamp information of the client is larger than the timestamp information carried by the last successful knock, determining that the client passes the verification.
In this embodiment, when the timestamp information of the client is greater than the timestamp information carried by the last successful knock, it is determined that the client passes the verification, for example, the timestamp information of the client this time is T1, the timestamp information carried by the last successful knock is T2, and only when T1 is greater than T2, it is determined that the client passes the verification successfully.
According to the single-packet authentication method provided by the invention, when the timestamp information of the client is greater than the timestamp information carried by the last successful knock, the client is determined to pass the verification, the processing mode improves the efficiency and the accuracy of data authentication processing, an attacker can be effectively prevented from passing the single-packet authentication by utilizing a mode of replaying SPA, and the safety of an SDP controller or an SDP gateway is enhanced.
Based on any one of the foregoing embodiments, in an embodiment, the determining, according to the timestamp information of the client and the timestamp information carried in the last successful knock, whether the client passes the verification further includes:
and if the timestamp information of the client is less than or equal to the timestamp information carried by the last successful knock, determining that the client fails to be verified.
In this embodiment, when the timestamp information of the client is less than or equal to the timestamp information carried by the last successful knock, it is determined that the client fails to be verified, that is, when the timestamp information of the client this time is T1, the timestamp information carried by the last successful knock is T2, and when T1 is less than or equal to T2, it is determined that the client fails to be verified.
According to the single-packet authentication method provided by the invention, when the timestamp information of the client is less than or equal to the timestamp information carried by the last successful knock, the client is determined not to pass the verification, the processing mode improves the efficiency and the accuracy of data authentication processing, an attacker can be effectively prevented from passing the single-packet authentication by utilizing a mode of replaying SPA, and the safety of an SDP controller or an SDP gateway is enhanced.
Based on any of the foregoing embodiments, in an embodiment, before receiving an SPA packet sent by a client, the method includes:
and constructing an SPA message by the client, wherein the SPA message carries the identity identification information and the timestamp information of the client.
In this embodiment, before the SDP controller or the SDP gateway receives the SPA message sent by the SDP client, it is necessary to complete the structure of the SPA message at the SDP client, and set that the SPA message carries the identity information and the timestamp information of the client.
According to the single-packet authentication method provided by the invention, the construction of the SPA message is completed at the client, and the efficiency and the accuracy of data authentication processing can be improved.
Based on any of the above embodiments, in an embodiment, as shown in fig. 2, an SDP client constructs an SPA packet and sends the SPA packet to an SDP controller or an SDP gateway, where the SPA packet carries an identity and a ciphertext timestamp of the SDP client; after receiving the SPA message, the SDP controller or the SDP gateway acquires the identification information of the SDP client and the decrypted timestamp information from the SPA message, then searches whether the timestamp information carried by the client which is successfully knocked last time is recorded in a local record according to the identification information of the SDP client, if so, compares whether the timestamp information of this time is greater than the timestamp information carried by the message which is successfully knocked last time, if so, passes the verification, otherwise, the authentication fails.
It should be noted that after the SPA packet passes through all the validity checks, the timestamp information and the identity information of the client carried in the packet need to be updated to the local record.
The invention provides a method for preventing the replay of the SPA from knocking the door, which can effectively prevent an attacker from utilizing the replay SPA to pass single-packet authentication and strengthen the safety of an SDP controller or an SDP gateway.
Fig. 3 is a diagram of a single-package authentication apparatus provided by the present invention, and as shown in fig. 3, the single-package authentication apparatus provided by the present invention includes:
a receiving module 301, configured to receive an SPA packet sent by a client;
a first determining module 302, configured to determine, according to the SPA packet, identity information and timestamp information of the client;
a second determining module 303, configured to determine whether the client passes verification according to the identity information and the timestamp information of the client;
and the updating module 304 is configured to update the identification information and the timestamp information of the client to a local record if the client passes the verification.
According to the single-packet authentication device provided by the invention, the SPA message sent by the client is received; determining the identity identification information and the timestamp information of the client according to the SPA message; determining whether the client passes the verification or not according to the identity identification information and the timestamp information of the client; and if the verification is passed, updating the identity identification information and the timestamp information of the client to a local record. The device provided by the invention is a knock device for preventing the reproduction of the SPA, can effectively prevent an attacker from using a reproduction SPA mode to pass single-packet authentication, and enhances the safety of an SDP controller or an SDP gateway.
Further, the second determining module 303 is further configured to:
according to the identity identification information, retrieving timestamp information carried by the last successful knock of the client in a local record;
and determining whether the client passes the verification or not according to the timestamp information of the client and the timestamp information carried by the last successful knock.
According to the single-packet authentication device provided by the invention, whether the client passes the verification or not is determined according to the timestamp information of the client and the timestamp information carried by the last successful knock, the processing mode improves the efficiency and the accuracy of data authentication processing, an attacker can be effectively prevented from passing the single-packet authentication by utilizing a mode of replaying SPA, and the safety of an SDP controller or an SDP gateway is enhanced.
Further, the second determining module 303 is further configured to:
and if the timestamp information of the client is larger than the timestamp information carried by the last successful knock, determining that the client passes the verification.
According to the single-packet authentication device provided by the invention, when the time stamp information of the client is larger than the time stamp information carried by the last successful knock, the client is determined to pass the verification, the processing mode improves the efficiency and the accuracy of data authentication processing, an attacker can be effectively prevented from passing the single-packet authentication by utilizing a mode of replaying SPA, and the safety of an SDP controller or an SDP gateway is enhanced.
Since the principle of the apparatus according to the embodiment of the present invention is the same as that of the method according to the above embodiment, further details are not described herein for further explanation.
Fig. 4 is a schematic structural diagram of an electronic device provided in an embodiment of the present invention, and as shown in fig. 4, the present invention provides an electronic device, including: a processor (processor)401, a memory (memory)402, and a bus 403;
the processor 401 and the memory 402 complete communication with each other through the bus 403;
the processor 401 is configured to call the program instructions in the memory 402 to execute the methods provided in the above-mentioned embodiments of the methods, including, for example: receiving an SPA message sent by a client; determining the identity identification information and the timestamp information of the client according to the SPA message; determining whether the client passes the verification or not according to the identity identification information and the timestamp information of the client; and if the verification is passed, updating the identity identification information and the timestamp information of the client to a local record.
Furthermore, the logic instructions in the memory 402 may be implemented in the form of software functional units and stored in a computer readable storage medium when the software functional units are sold or used as independent products. Based on such understanding, the technical solution of the present invention or a part thereof which substantially contributes to the prior art may be embodied in the form of a software product, which is stored in a storage medium and includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
In another aspect, the present invention also provides a computer program product comprising a computer program stored on a non-transitory computer readable storage medium, the computer program comprising program instructions which, when executed by a computer, enable the computer to perform the method provided by the above methods, the method comprising: receiving an SPA message sent by a client; determining the identity identification information and the timestamp information of the client according to the SPA message; determining whether the client passes the verification or not according to the identity identification information and the timestamp information of the client; and if the verification is passed, updating the identity identification information and the timestamp information of the client to a local record.
In yet another aspect, the present invention also provides a non-transitory computer readable storage medium having stored thereon a computer program that, when executed by a processor, is implemented to perform the methods provided above, the method comprising: receiving an SPA message sent by a client; determining the identity identification information and the timestamp information of the client according to the SPA message; determining whether the client passes the verification or not according to the identity identification information and the timestamp information of the client; and if the verification is passed, updating the identity identification information and the timestamp information of the client to a local record.
The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware. Based on the understanding, the above technical solutions substantially or otherwise contributing to the prior art may be embodied in the form of a software product, which may be stored in a computer-readable storage medium, such as ROM/RAM, magnetic disk, optical disk, etc., and includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method according to the various embodiments or some parts of the embodiments.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, and not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.
Claims (10)
1. A method of single packet authentication, comprising:
receiving an SPA message sent by a client;
determining the identity identification information and the timestamp information of the client according to the SPA message;
determining whether the client passes verification or not according to the identity identification information and the timestamp information of the client;
and if the verification is passed, updating the identity identification information and the timestamp information of the client to a local record.
2. The single-packet authentication method according to claim 1, wherein the determining whether the client is verified according to the identification information and the timestamp information of the client comprises:
according to the identity identification information, retrieving timestamp information carried by the last successful knock of the client in a local record;
and determining whether the client passes verification or not according to the timestamp information of the client and the timestamp information carried by the last successful knock.
3. The single-packet authentication method according to claim 2, wherein the determining whether the client is verified according to the timestamp information of the client and the timestamp information carried by the last successful knock comprises:
and if the timestamp information of the client is larger than the timestamp information carried by the last successful knock, determining that the client passes the verification.
4. The single-packet authentication method according to claim 2, wherein the determining whether the client is verified according to the timestamp information of the client and the timestamp information carried by the last successful knock further comprises:
and if the timestamp information of the client is less than or equal to the timestamp information carried by the last successful knock, determining that the client fails to be verified.
5. The single-packet authentication method according to claim 1, wherein before receiving the SPA packet sent by the client, the method comprises:
and constructing an SPA message by the client, wherein the SPA message carries the identity identification information and the timestamp information of the client.
6. A single-package authentication apparatus, comprising:
the receiving module is used for receiving the SPA message sent by the client;
the first determining module is used for determining the identity identification information and the timestamp information of the client according to the SPA message;
the second determining module is used for determining whether the client passes the verification according to the identity identification information and the timestamp information of the client;
and the updating module is used for updating the identity identification information and the timestamp information of the client to a local record if the client passes the verification.
7. The single-package authentication device of claim 6, wherein the determining module is further configured to:
according to the identity identification information, retrieving timestamp information carried by the last successful knock of the client in a local record;
and determining whether the client passes the verification or not according to the timestamp information of the client and the timestamp information carried by the last successful knock.
8. The single-package authentication device of claim 6, wherein the determining module is further configured to:
and if the timestamp information of the client is larger than the timestamp information carried by the last successful knock, determining that the client passes the verification.
9. An electronic device, comprising:
a processor, a memory, and a bus, wherein,
the processor and the memory are communicated with each other through the bus;
the memory stores program instructions executable by the processor, the processor invoking the program instructions to perform the steps of the single package authentication method of any one of claims 1 to 5.
10. A non-transitory computer readable storage medium storing computer instructions for causing a computer to perform the steps of the single package authentication method according to any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210889160.0A CN115065553A (en) | 2022-07-27 | 2022-07-27 | Single package authentication method and device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210889160.0A CN115065553A (en) | 2022-07-27 | 2022-07-27 | Single package authentication method and device, electronic equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115065553A true CN115065553A (en) | 2022-09-16 |
Family
ID=83206702
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210889160.0A Pending CN115065553A (en) | 2022-07-27 | 2022-07-27 | Single package authentication method and device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115065553A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115776408A (en) * | 2022-12-08 | 2023-03-10 | 四川启睿克科技有限公司 | Single-packet multi-stage authentication method based on zero trust |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102739659A (en) * | 2012-06-16 | 2012-10-17 | 华南师范大学 | Authentication method for preventing replay attack |
| US20180343238A1 (en) * | 2012-05-24 | 2018-11-29 | Smart Security Systems Llc | System and method for protecting communications |
| CN110830444A (en) * | 2019-10-14 | 2020-02-21 | 云深互联(北京)科技有限公司 | Method and device for single-packet enhanced security verification |
| US20210281417A1 (en) * | 2020-03-06 | 2021-09-09 | Alipay (Hangzhou) Information Technology Co., Ltd. | Methods and devices for generating and verifying passwords |
| WO2021208037A1 (en) * | 2020-04-16 | 2021-10-21 | 深圳市欢太科技有限公司 | Authentication method and system and storage medium |
| CN113992365A (en) * | 2021-10-15 | 2022-01-28 | 北京天融信网络安全技术有限公司 | Key distribution method and device and electronic equipment |
| WO2022067667A1 (en) * | 2020-09-30 | 2022-04-07 | Zte Corporation | A method for preventing encrypted user identity from replay attacks |
| CN114422139A (en) * | 2021-12-17 | 2022-04-29 | 上海浦东发展银行股份有限公司 | API gateway request security verification method and device, electronic equipment and computer readable medium |
-
2022
- 2022-07-27 CN CN202210889160.0A patent/CN115065553A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20180343238A1 (en) * | 2012-05-24 | 2018-11-29 | Smart Security Systems Llc | System and method for protecting communications |
| CN102739659A (en) * | 2012-06-16 | 2012-10-17 | 华南师范大学 | Authentication method for preventing replay attack |
| CN110830444A (en) * | 2019-10-14 | 2020-02-21 | 云深互联(北京)科技有限公司 | Method and device for single-packet enhanced security verification |
| US20210281417A1 (en) * | 2020-03-06 | 2021-09-09 | Alipay (Hangzhou) Information Technology Co., Ltd. | Methods and devices for generating and verifying passwords |
| WO2021208037A1 (en) * | 2020-04-16 | 2021-10-21 | 深圳市欢太科技有限公司 | Authentication method and system and storage medium |
| WO2022067667A1 (en) * | 2020-09-30 | 2022-04-07 | Zte Corporation | A method for preventing encrypted user identity from replay attacks |
| CN113992365A (en) * | 2021-10-15 | 2022-01-28 | 北京天融信网络安全技术有限公司 | Key distribution method and device and electronic equipment |
| CN114422139A (en) * | 2021-12-17 | 2022-04-29 | 上海浦东发展银行股份有限公司 | API gateway request security verification method and device, electronic equipment and computer readable medium |
Non-Patent Citations (2)
| Title |
|---|
| 石硕等: "面向数控机床产业集群区域网络协同制造的信息共享安全机制", 《制造业自动化》 * |
| 谢欣梦: "软件定义边界的安全应用研究", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115776408A (en) * | 2022-12-08 | 2023-03-10 | 四川启睿克科技有限公司 | Single-packet multi-stage authentication method based on zero trust |
| CN115776408B (en) * | 2022-12-08 | 2024-05-14 | 四川启睿克科技有限公司 | Single-packet multi-stage authentication method based on zero trust |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111010376B (en) | Master-slave chain-based Internet of things authentication system and method | |
| CN105933353B (en) | The realization method and system of secure log | |
| CN107222476B (en) | A kind of authentication service method | |
| US11849052B2 (en) | Certificate in blockchain network, storage medium, and computer device | |
| WO2002017555A2 (en) | Countering credentials copying | |
| CN112491829B (en) | MEC platform identity authentication method and device based on 5G core network and blockchain | |
| CN106209816B (en) | A kind of web camera login method and system | |
| CN114978773A (en) | Single package authentication method and system | |
| CN111831974A (en) | Interface protection method and device, electronic equipment and storage medium | |
| CN115065553A (en) | Single package authentication method and device, electronic equipment and storage medium | |
| CN110943840A (en) | Signature verification method and system | |
| CN110602111A (en) | Interface anti-brushing method and system based on long connection | |
| CN109614789A (en) | A kind of verification method and equipment of terminal device | |
| EP3361691B1 (en) | Method and device for verifying validity of identity of entity | |
| CN112968910A (en) | Replay attack prevention method and device | |
| WO2020147856A1 (en) | Authentication processing method and device, storage medium, and electronic device | |
| CN112566121A (en) | Method for preventing attack, server, electronic equipment and storage medium | |
| CN115473655B (en) | Terminal authentication method, device and storage medium for access network | |
| CN109190725B (en) | RFID bidirectional authentication method | |
| EP1320975B1 (en) | Internet protocol telephony security architecture | |
| Chen et al. | CallChain: Identity authentication based on blockchain for telephony networks | |
| CN110035082A (en) | A kind of interchanger admission authentication method, interchanger and system | |
| CN111786783B (en) | Public key certificate acquisition method and related equipment | |
| CN115174264A (en) | Security-optimized single-package authentication method and system | |
| CN101163326A (en) | Method, system and mobile terminal of preventing playback attack |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20220916 |
|
| RJ01 | Rejection of invention patent application after publication |