WO2018149004A1 - Procédé et système d'authentification - Google Patents

Procédé et système d'authentification Download PDF

Info

Publication number
WO2018149004A1
WO2018149004A1 PCT/CN2017/076603 CN2017076603W WO2018149004A1 WO 2018149004 A1 WO2018149004 A1 WO 2018149004A1 CN 2017076603 W CN2017076603 W CN 2017076603W WO 2018149004 A1 WO2018149004 A1 WO 2018149004A1
Authority
WO
WIPO (PCT)
Prior art keywords
string
client terminal
http request
authentication
public key
Prior art date
Application number
PCT/CN2017/076603
Other languages
English (en)
Chinese (zh)
Inventor
胡龙军
Original Assignee
武汉斗鱼网络科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 武汉斗鱼网络科技有限公司 filed Critical 武汉斗鱼网络科技有限公司
Publication of WO2018149004A1 publication Critical patent/WO2018149004A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/108Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC

Definitions

  • the present invention relates to the field of communication technologies, and in particular, to an authentication method and system.
  • Internet software products are mainly divided into two categories from product audiences, including popular Internet products for end consumers, such as Sina Weibo Web, Zhizhi Web.
  • the characteristics of such products are that the objects of such products are human, and most of the provided media content is unstructured text (such as novels, blogs), pictures, audio and video, and the like.
  • Another type of product is aimed at the computer, that is, the main form of the service is an API (Application Programming Interface) that provides a programming interface, which is convenient for programmers to use the API for secondary development.
  • API Application Programming Interface
  • the characteristics of this type of product are that the service object is a computer, and the media content provided is mostly structured text, such as XML, JSON, and the like.
  • Authentication refers to verifying that a user has the right to access the system.
  • Traditional authentication is verified by a password.
  • the premise of this approach is that each user who receives the password is already authorized.
  • the user is assigned a password, which can be specified by the administrator or by the user.
  • the weakness of this method is very obvious: once the password is stolen or the user loses the password, the situation will be very troublesome.
  • the administrator needs to re-edit the user password, and manually verify the user's legal identity before modifying the password.
  • the current mainstream authentication method is to use the authentication and authorization to verify the positive of the digital signature. True or not.
  • the common practice for authenticating the corresponding user terminal accessing it is to use the corresponding authentication encryption algorithm to generate the authentication encrypted string corresponding to the request information of the user terminal together with the request information sent by the user terminal.
  • the server Sended to the server that needs to be accessed, the server uses PHP (ertext Preprocessor), which is a general-purpose open source scripting language for authentication operations.
  • the present invention provides an authentication method and system for overcoming the above problems or at least partially solving the above problems.
  • an authentication method including:
  • Step 1 Add an API interface public key, a current client terminal time, and an authentication encrypted character string in the HTTP request to the client terminal HTTP request header information;
  • Step 2 Receive an HTTP request from the client terminal, confirm that the API interface public key in the header information is correct, and confirm that the difference between the client terminal time and the current server time is less than a preset threshold;
  • Step 3 Confirm that the authentication encrypted string is correct.
  • an authentication system including an encryption module, a first confirmation module, and a second confirmation module:
  • the cryptographic module is connected to the first acknowledgment module, and configured to generate an authentication encrypted character string; adding an API interface public key, a current client terminal time, and an authentication encrypted character string to the client terminal HTTP request header information;
  • the first confirmation module is connected to the encryption module and the second confirmation module, respectively, for receiving the HTTP request of the client terminal, confirming that the API interface public key is correct, and confirming that the client terminal time and the current server time difference are Less than a preset threshold;
  • the second confirmation module is connected to the first confirmation module, and is configured to confirm that the authentication encrypted string is correct.
  • the present application proposes an authentication method and system, which adds authentication information, Nginx, to the client terminal HTTP request header information.
  • the invention has the following beneficial effects: 1. Adding the authentication information to the HTTP request Header header information does not cause the Url of the HTTP request Header header information to be inconsistent; 2.
  • the special authentication encryption string generation algorithm can effectively prevent the third party. Malicious imitation.
  • FIG. 1 is a schematic overall flow chart of an authentication method according to an embodiment of the present invention.
  • FIG. 2 is a schematic flow chart of an authentication method according to an embodiment of the present invention.
  • FIG. 3 is a schematic diagram of an overall framework of an authentication system according to an embodiment of the present invention.
  • FIG. 4 is a structural block diagram of an apparatus of an authentication system according to an embodiment of the present invention.
  • HTTP Request message from client to server.
  • Header Header header information carried in the HTTP request.
  • API Application Programming Interface
  • Public Key and Private Key are a pair of keys obtained by an algorithm (ie, a public key and a private key).
  • the public key is the public part of the key pair, and the private key is not.
  • Public keys are typically used to encrypt session keys, verify digital signatures, or encrypt data that can be decrypted with the corresponding private key.
  • the key pair obtained by this algorithm is guaranteed to be unique worldwide.
  • this key pair if one piece of data is used to encrypt a piece of data, it must be decrypted with another key. For example, encrypting data with a public key must be decrypted with a private key. If it is encrypted with a private key, it must be decrypted with a public key, otherwise the decryption will not succeed.
  • Public Key AID The public key used for API interface encryption.
  • Key AID The key used by the API interface to encrypt, not external, provided by the server.
  • MD5 Message Digest Algorithm MD5 (Information-Summary Algorithm 5).
  • GET request The type of request sent by the HTTP client, indicating that a file is requested from the web server.
  • Post request The type of request sent by the HTTP client, indicating that the data is sent to the web server for processing by the web server.
  • Authentication Encryption String An encrypted string used for authentication according to certain rules.
  • Nginx is a lightweight web server / reverse proxy server and email (IMAP / POP3) proxy service.
  • Proxy_cache Built-in caching module that comes with Nginx.
  • Url The Uniform Resource Identifier (or URI) is a string that identifies the name of an Internet resource.
  • Lua is a small scripting language. A complete Lua interpreter is only 200k. In all current scripting engines, Lua is the fastest.
  • FIG. 1 is a schematic diagram showing the overall flow of an authentication method in a specific embodiment of the present invention.
  • the method includes the following steps: Step 1: Add an API request public key, a current client terminal time, and an authentication encrypted character string in an HTTP request to the client terminal HTTP request header information; Step 2, receive the client terminal HTTP The request confirms that the API interface public key is correct; confirms that the client terminal time and the current server time difference are less than a preset threshold; and step 3, confirms that the authentication encrypted string is correct.
  • the HTTP request header information of the encrypted information client terminal does not cause the HTTP request Url to be inconsistent, and the server cache cannot be hit because the request Url is inconsistent.
  • an authentication method the authentication encrypted string in the step 1 is generated by the following steps: S11, the first character of the uniform resource identifier in the HTTP request is / "Delete; S12, the character string obtained by deleting the character "/" and the API interface public key in the HTTP request, the client terminal time, and the get parameter string in the HTTP request of the client terminal are sorted according to a preset sorting rule; Sequencing the sorted strings in sequence; S13, inserting an API interface key in a specified position in the string obtained after the splicing; obtaining an authentication encrypted string; converting the authentication encrypted string into MD5 code.
  • the authentication encrypted string generated by the special generation rule can effectively prevent the third party crawling or malicious attack, thereby improving the security of the accessed server.
  • MD5 is an irreversible encryption algorithm, it has high security and is widely used to judge file integrity. Therefore, converting the generated authentication encrypted string to MD5 code can effectively prevent the final authentication encrypted string from being reversed. To the crack, a higher degree of security and validity of the authentication encrypted string is guaranteed.
  • an authentication method before the step 2, further includes: Confirming that the client terminal HTTP request Header header information includes both an API interface public key, a client terminal time, and an authentication encrypted string.
  • the step 3 further includes: adding the customer identity information to the API interface public key, and confirming, according to the API interface public key access authority, that the client terminal has the Permissions for HTTP requests.
  • the identity information of the client may be added to the API interface key pair, and the identity of the API interface public key included in the HTTP request is checked before the authentication encrypted string operation of step 3 is performed. Whether the access authority corresponding to the information can support the client terminal having the authority of the HTTP request.
  • an authentication method the generating an authentication encrypted string in the step 1 further includes: S11', confirming that the HTTP request includes post information; S12', the post is The information parameter string is spliced with the uniform resource identifier of the first character "/", the API interface public key, the client terminal time, and the get parameter string in the client terminal HTTP request, and the characters are pressed after the splicing
  • the preset sorting rule is sorted; S13', the API interface key is inserted in the specified position of the string obtained after sorting, and the authentication encrypted string is obtained; and the authentication encrypted string is converted into the MD5 code.
  • the preset threshold in the step 2 is ⁇ 5 minutes.
  • the reason why the preset threshold is set to 5 minutes in this embodiment is that the Url of each HTTP request is time-limited, and even if the Url is caught by the packet capture, it can only use up to 5 minutes. Therefore, in order to ensure that the authenticated HTTP request is still valid, the preset threshold should be set to no more than 5 minutes.
  • the preset sorting rule in the step 1 is: sorting according to the ascending/descending order of the first letter of each string.
  • the sorting rule in this embodiment is only one of them, and the initials of each string are raised in the 26 alphabets. / Sort in descending order.
  • the actual operation of the present invention is not limited to the above two sorting rules, and the string sorting purpose of the present invention can be achieved as long as it is a fixed scrambled sorting rule.
  • FIG. 2 is a schematic diagram showing the overall flow of an authentication method according to another embodiment of the present invention. In general, the following steps are included:
  • the client terminal attaches the public key aid, the client current request timestamp time, and the authentication encryption string auth to the HTTP request header.
  • the above specific encryption auth generation algorithm is as follows: (1) the requested interface address uri (ie /api/thirdPart/live) part, intercepted from the second bit (ie api/v1/live); (2) the characters obtained in the above steps After the string is concatenated with the get parameter, the public key aid, and time, it is sorted in ascending order according to the initial name of each parameter string.
  • the public key aid contains customer identity information.
  • the lua module in the server Nginx checks whether the header contains three fields: aid, time, and auth; the server checks the validity of the public key aid; the server checks whether the time passed by the client and the time error of the server are within 5 minutes; Check the public key AID access permission range; check whether the authentication string is correct.
  • proxy_cache caching function to proxy the business logic to the php if there is no hit cache, and return directly if hit.
  • an authentication method is performed by the scripting language lua module in the web server Nginx.
  • Nginx is a lightweight web server / reverse proxy server and email (IMAP / POP3) proxy service. It is characterized by less memory and strong concurrency. In fact, Nginx's concurrency capability does perform better in the same type of web server.
  • Lua is A small scripting language, a full Lua interpreter but 200k, Lua script processing is the fastest in all current scripting engines.
  • the authentication operation script implemented by Lua is embedded in the Nginx as a module to perform the authentication operations of steps 2 and 3, and the authentication speed is directly improved in the authentication operation implemented by PHP in the prior art.
  • an authentication method after the step 3, further includes: when the acquisition target information of the HTTP request is not in the server cache, using the cache module proxy_cache in the web server Nginx
  • the agent processes the business logic into the hypertext preprocessor.
  • Proxy_cache is a built-in cache module that comes with Nginx.
  • the Proxy_cache delegates to the PHP processing business logic. If the user terminal HTTP request hits the server cache, it directly returns the content it needs.
  • FIG. 3 is a schematic diagram showing the overall structure of an authentication system in a specific embodiment of the present invention.
  • the encryption module A1, the first confirmation module A2, and the second confirmation module A3 are included: the encryption module A1 is connected to the first confirmation module A2, and is used to generate an authentication encrypted character string; Adding an API interface public key, a current client terminal time, and an authentication encryption string to the Header header information; the first confirmation module A2 is connected to the encryption module A1 and the second confirmation module A3, respectively, for receiving the client The terminal HTTP request confirms that the API interface public key is correct; and confirms that the client terminal time and the current server time difference are less than a preset threshold; the second confirmation module A3 is connected to the first confirmation module A2 for confirming The authentication encrypted string is correct.
  • the HTTP request header information of the encrypted information client terminal does not cause the HTTP request Url to be inconsistent, and the server cache cannot be hit because the request Url is inconsistent.
  • the encryption module A1 further includes an authentication encrypted string generating unit, configured to: use a first character of the uniform resource identifier in the HTTP request. /"delete; will remove the character "/" to get the string and HTTP
  • the API parameter public key, the client terminal time, and the get parameter string in the client terminal HTTP request are sorted according to a preset sorting rule; the sorted strings are sequentially spliced;
  • the API interface key is inserted in the specified position in the string; the authentication encrypted string is obtained; and the authentication encrypted string is converted into the MD5 code.
  • the authentication encrypted string generating unit can effectively prevent third party crawling or malicious attack intrusion through the authentication encrypted string generated by the special generating rule, thereby improving the security of the accessed server.
  • MD5 is an irreversible encryption algorithm, it has high security and is widely used to judge file integrity. Therefore, converting the generated authentication encrypted string to MD5 code can effectively prevent the final authentication encrypted string from being reversed. To the crack, a higher degree of security and validity of the authentication encrypted string is guaranteed.
  • an authentication system is further configured to: confirm that the client terminal HTTP request header information includes an API interface public key, a client terminal time, and an authentication. Encrypt the string.
  • an authentication system the encryption module A1 is further configured to add customer identity information to an API interface public key; and the first confirmation module is further configured to access according to an API interface public key.
  • the authority confirms that the client terminal has the authority to the HTTP request.
  • the identity information of the client may be added to the API interface key pair, and the identity of the API interface public key included in the HTTP request is checked before the authentication encrypted string operation of step 3 is performed. Whether the access authority corresponding to the information can support the client terminal having the authority of the HTTP request.
  • an authentication system is further configured to confirm that the HTTP request includes post information, and the post information parameter string and the first character are deleted.
  • Uniform resource identifier, API interface public key, client terminal time and get parameter string in the client terminal HTTP request are spliced, and the above characters are sorted according to a preset sorting rule after splicing; characters obtained after sorting String specification
  • the location is inserted into the API interface key to obtain an authentication encrypted string; the authentication encrypted string is converted into an MD5 code.
  • the POST information may be added to the authentication encrypted string to be sorted, thereby increasing the complexity of the authentication encrypted string. Further improve the security of the server.
  • the preset threshold in the first confirmation module is ⁇ 5 minutes.
  • the reason why the preset threshold is set to 5 minutes in this embodiment is that the Url of each HTTP request is time-limited, and even if the Url is caught by the packet capture, it can only use up to 5 minutes. Therefore, in order to ensure that the authenticated HTTP request is still valid, the preset threshold should be set to no more than 5 minutes.
  • the preset sorting rule in the encryption module is: sorting according to the ascending/descending order of the first letter of each string.
  • the sorting rule in this embodiment is only one of them, and the first letter of each character string is sorted in ascending/descending order in the 26 alphabets.
  • the actual operation of the present invention is not limited to the above two sorting rules, and the string sorting purpose of the present invention can be achieved as long as it is a fixed scrambled sorting rule.
  • an authentication system the first confirmation module and the second confirmation module are implemented by a script language lua module in a web server Nginx.
  • Nginx is a lightweight web server / reverse proxy server and email (IMAP / POP3) proxy service. It is characterized by less memory and strong concurrency. In fact, Nginx's concurrency capability does perform better in the same type of web server.
  • Lua is a small scripting language. A complete Lua interpreter is only 200k. In all current scripting engines, Lua scripting is the fastest.
  • the authentication operation script implemented by Lua is embedded in the Nginx as a module to perform the authentication operations of steps 2 and 3, and the authentication speed is directly improved in the authentication operation implemented by PHP in the prior art.
  • an authentication system further includes a proxy module, coupled to the second confirmation module A3, for obtaining the target information of the HTTP request.
  • proxy_cache in the web server Nginx is used to proxy the business logic to the hypertext preprocessor.
  • Proxy_cache is a built-in cache module that comes with Nginx.
  • the Proxy_cache delegates to the PHP processing business logic. If the user terminal HTTP request hits the server cache, it directly returns the content it needs.
  • FIG. 4 is a structural block diagram of an apparatus for illustrating an authentication method according to another embodiment of the present application.
  • the device for operating a database includes: a processor 401, a memory 402, and a bus 403;
  • the processor 401 and the memory 402 complete communication with each other through the bus 403.
  • the processor 401 is configured to invoke a program instruction in the memory 402 to perform the method provided by the foregoing method embodiments, for example, including: adding an HTTP request in an API request to the client terminal HTTP request header information. The key, the current client terminal time, and the authentication encrypted character string; receiving the HTTP request of the client terminal, confirming that the API interface public key in the Header header information is correct, and confirming that the difference between the client terminal time and the current server time is less than a preset threshold. ; Confirm that the authentication encrypted string is correct.
  • FIG. 1 Another embodiment of the present application discloses a computer program product comprising a computer program stored on a non-transitory computer readable storage medium, the computer program comprising program instructions, when the program instructions are When executed, the computer can perform the method provided by the foregoing method embodiments, for example, including: adding an API interface public key, a current client terminal time, and an authentication encrypted character string in the HTTP request to the client terminal HTTP request header information; Receiving the client terminal HTTP request, confirming that the API interface public key in the header information is correct, confirming that the client terminal time and the current server time difference are less than a preset threshold; and confirming that the authentication encrypted string is correct.
  • Another embodiment of the present application discloses a non-transitory computer readable storage medium storing computer instructions that cause the computer to perform the operations provided by the various method embodiments described above Method, for example comprising: at the guest The client terminal HTTP request Header header information adds an API request public key, a current client terminal time, and an authentication encrypted character string in the HTTP request; receives the client terminal HTTP request, and confirms that the API interface public key in the Header header information is correct, and confirms The difference between the client terminal time and the current server time is less than a preset threshold; and the authentication encrypted string is confirmed to be correct.
  • the foregoing program may be stored in a computer readable storage medium, and the program is executed when executed.
  • the foregoing steps include the steps of the foregoing method embodiments; and the foregoing storage medium includes: a medium that can store program codes, such as a ROM, a RAM, a magnetic disk, or an optical disk.
  • the apparatus and the like of an authentication method described above are merely illustrative, wherein the units described as separate components may or may not be physically separated, and the components displayed as the unit may be or may be It is not a physical unit, it can be located in one place, or it can be distributed to multiple network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the embodiment. Those of ordinary skill in the art can understand and implement without deliberate labor.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Information Transfer Between Computers (AREA)
  • Storage Device Security (AREA)

Abstract

L'invention concerne un procédé et un système d'authentification. Dans le procédé, des informations d'authentification sont ajoutées à des informations d'en-tête d'une demande HTTP d'un terminal client, et enfin, une opération d'authentification est effectuée. La présente invention dispose des effets bénéfiques suivants : 1. L'ajout d'informations d'authentification à des informations d'en-tête d'une demande HTTP ne conduira pas à une incohérence d'URL dans les informations d'en-tête de la demande HTTP; et 2. Un algorithme de génération de chaîne de caractères de chiffrement d'authentification spéciale peut empêcher efficacement une imitation malveillante d'une tierce partie.
PCT/CN2017/076603 2017-02-17 2017-03-14 Procédé et système d'authentification WO2018149004A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201710087135.X 2017-02-17
CN201710087135.XA CN106911684B (zh) 2017-02-17 2017-02-17 一种鉴权方法及系统

Publications (1)

Publication Number Publication Date
WO2018149004A1 true WO2018149004A1 (fr) 2018-08-23

Family

ID=59207671

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/076603 WO2018149004A1 (fr) 2017-02-17 2017-03-14 Procédé et système d'authentification

Country Status (2)

Country Link
CN (1) CN106911684B (fr)
WO (1) WO2018149004A1 (fr)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107483563A (zh) * 2017-07-31 2017-12-15 九次方大数据信息集团有限公司 防爬虫的数据查询方法和装置以及客户端和服务器
CN107733635B (zh) * 2017-11-29 2020-10-09 四川长虹电器股份有限公司 基于网关的数据安全传输方法
CN108897898A (zh) * 2018-07-26 2018-11-27 广东浪潮大数据研究有限公司 一种静态网站托管数据访问的方法、系统及服务器
CN109150865A (zh) * 2018-08-07 2019-01-04 厦门市美亚柏科信息股份有限公司 一种移动终端app通讯协议的保护、装置及存储介质
CN109522726B (zh) * 2018-10-16 2024-06-25 康键信息技术(深圳)有限公司 小程序的鉴权方法、服务器及计算机可读存储介质
CN110636041A (zh) * 2019-08-09 2019-12-31 西藏宁算科技集团有限公司 一种基于OpenResty的云端鉴权方案实现方法及系统
CN111083681B (zh) * 2019-11-20 2023-08-29 广州小鹏汽车科技有限公司 近距离通信数据加密方法、终端设备及车辆
CN112491549A (zh) * 2020-12-08 2021-03-12 平安国际智慧城市科技股份有限公司 数据信息加密校验方法、系统及计算机可读存储介质

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100325421A1 (en) * 2007-04-01 2010-12-23 Samsung Eectronics Co., Ltd. Apparatus and method for providing security service in home network
US8181227B2 (en) * 2006-08-29 2012-05-15 Akamai Technologies, Inc. System and method for client-side authenticaton for secure internet communications
CN102739671A (zh) * 2012-06-26 2012-10-17 中国电力科学研究院 一种电力系统协同计算中的桌面虚拟化及应用展示平台
CN105022952A (zh) * 2014-04-28 2015-11-04 深圳市茁壮网络股份有限公司 一种中间件授权认证方法及装置

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6885388B2 (en) * 2001-04-25 2005-04-26 Probaris Technologies Inc. Method for automatically generating list of meeting participants and delegation permission
US8621598B2 (en) * 2008-03-12 2013-12-31 Intuit Inc. Method and apparatus for securely invoking a rest API
CN105681470B (zh) * 2012-03-29 2018-12-28 北京奇虎科技有限公司 基于超文本传输协议的通信方法、服务器、终端
CN103701761B (zh) * 2012-09-28 2017-07-18 中国电信股份有限公司 开放接口调用的认证方法与系统
CN105262592A (zh) * 2015-09-18 2016-01-20 浪潮(北京)电子信息产业有限公司 一种数据交互的方法及api接口
CN105306534B (zh) * 2015-09-21 2019-05-14 拉扎斯网络科技(上海)有限公司 一种基于开放平台的信息校验方法和开放平台
CN105306473B (zh) * 2015-11-05 2018-06-22 北京奇虎科技有限公司 一种防止注入攻击的方法、客户端、服务器和系统
CN105450730A (zh) * 2015-11-05 2016-03-30 北京奇虎科技有限公司 一种处理客户端请求的方法和装置
CN105407102B (zh) * 2015-12-10 2019-05-17 四川长虹电器股份有限公司 http请求数据可靠性验证方法
CN106101258B (zh) * 2016-07-08 2021-05-25 腾讯科技(深圳)有限公司 一种混合云的接口调用方法、装置及系统

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8181227B2 (en) * 2006-08-29 2012-05-15 Akamai Technologies, Inc. System and method for client-side authenticaton for secure internet communications
US20100325421A1 (en) * 2007-04-01 2010-12-23 Samsung Eectronics Co., Ltd. Apparatus and method for providing security service in home network
CN102739671A (zh) * 2012-06-26 2012-10-17 中国电力科学研究院 一种电力系统协同计算中的桌面虚拟化及应用展示平台
CN105022952A (zh) * 2014-04-28 2015-11-04 深圳市茁壮网络股份有限公司 一种中间件授权认证方法及装置

Also Published As

Publication number Publication date
CN106911684A (zh) 2017-06-30
CN106911684B (zh) 2020-06-16

Similar Documents

Publication Publication Date Title
WO2018149004A1 (fr) Procédé et système d'authentification
US10574648B2 (en) Methods and systems for user authentication
US11757641B2 (en) Decentralized data authentication
CN111355726B (zh) 一种身份授权登录方法、装置及电子设备和存储介质
More et al. Third party public auditing scheme for cloud storage
Somorovsky et al. On breaking {SAML}: Be whoever you want to be
US8185942B2 (en) Client-server opaque token passing apparatus and method
WO2017028804A1 (fr) Dispositif et procédé d'authentification et d'accès de plate-forme de communication web en temps réel
CN104935568A (zh) 一种面向云平台接口鉴权签名方法
WO2018145127A1 (fr) Procédés et systèmes de vérification d'une identification électronique avec stockage d'enregistrements de certification sur une chaîne latérale
CN106685973B (zh) 记住登录信息的方法及装置、登录控制方法及装置
CN106027228B (zh) 一种网页标识的加解密方法及其加解密系统
JP2006525563A (ja) ユーザとウェッブ・サイトの認証方法及び装置
El-Booz et al. A secure cloud storage system combining time-based one-time password and automatic blocker protocol
CN109618341A (zh) 一种数字签名认证方法、系统、装置以及存储介质
KR102137122B1 (ko) 보안 체크 방법, 장치, 단말기 및 서버
CN110071937B (zh) 基于区块链的登录方法、系统及存储介质
CN107517194B (zh) 一种内容分发网络的回源认证方法和装置
CN108777673B (zh) 一种在区块链中进行双向身份认证方法
Seta et al. Implement time based one time password and secure hash algorithm 1 for security of website login authentication
WO2008053279A1 (fr) Ouvrir une session sur un dispositif utilisateur vers un serveur
CN110572392A (zh) 一种基于Hyperledger网络的身份认证方法
CN112149068A (zh) 基于访问的授权校验方法、信息的生成方法及装置、服务器
Duong et al. Flickr’s api signature forgery vulnerability
CN112565156B (zh) 信息注册方法、装置和系统

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17896784

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17896784

Country of ref document: EP

Kind code of ref document: A1