WO2019019593A1 - Stateless communication security signature method, terminal and server end - Google Patents

Stateless communication security signature method, terminal and server end Download PDF

Info

Publication number
WO2019019593A1
WO2019019593A1 PCT/CN2018/074757 CN2018074757W WO2019019593A1 WO 2019019593 A1 WO2019019593 A1 WO 2019019593A1 CN 2018074757 W CN2018074757 W CN 2018074757W WO 2019019593 A1 WO2019019593 A1 WO 2019019593A1
Authority
WO
WIPO (PCT)
Prior art keywords
server
terminal
timestamp
character string
database
Prior art date
Application number
PCT/CN2018/074757
Other languages
French (fr)
Chinese (zh)
Inventor
彭冠宇
兰海宇
宋起涛
李屹
Original Assignee
深圳市光峰光电技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳市光峰光电技术有限公司 filed Critical 深圳市光峰光电技术有限公司
Publication of WO2019019593A1 publication Critical patent/WO2019019593A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps

Definitions

  • the invention belongs to the technical field of communications, and in particular relates to a stateless communication security signature method, a terminal and a server end.
  • a front-end (terminal) and a back-end (server-side) stateless communication mechanism of a communication system are commonly used to overcome communication security problems.
  • the front-end and back-end stateless communication mechanism in the related art when the front end is in a user login request, the back end returns a token token to the front end, and the subsequent request carries a token token on the parameter. The backend verifies the token token to confirm the user status.
  • the present invention provides a stateless communication security signature method, terminal and server end with high security and reliability.
  • the invention provides a stateless communication security signature method, the method comprising the following steps:
  • the terminal stores a predetermined key that is unified with the server side
  • the terminal sending, by the terminal, a communication request to the server: the terminal encrypts the predetermined key, the current timestamp, and the function parameter by at least two times to obtain the encrypted first character string, and the first character string and the current time Stamping into the header of the data packet, and sending the data packet to the server side to implement a communication request;
  • the terminal receives data corresponding to a communication request sent by the server.
  • the two encryption methods adopt the HmacShal encryption algorithm and the md5 digest encryption algorithm in sequence.
  • the first character string is a 32-bit sequence.
  • the invention also provides a stateless communication security signature method, the method comprising the following steps:
  • the server side defines a predetermined key that is unified with the terminal
  • a data packet of a communication request sent by the terminal where the data packet includes a first character string obtained by the terminal after being encrypted, wherein the first character string is determined by a predetermined key of the terminal
  • the current timestamp and function parameters are obtained by encrypting at least twice;
  • the server generates a second character string: the server side encrypts the predetermined key, the current timestamp, and the function parameter according to an encryption manner of the terminal to obtain a second character string;
  • the server compares whether the first character string and the second character string are the same. If not, the communication request fails. If the same, the server end uses the IP address of the terminal and the first character.
  • the string is a keyword to search the database of the server and determine whether the first string has been requested, and if so, the data request fails; if not, proceed to the next step;
  • the server compares whether the current timestamp in the received data packet is newer than a timestamp corresponding to the IP of the terminal stored in the database of the server, and if not, the data request fails, and the The timestamp corresponding to the IP of the terminal in the database of the server is updated to the current timestamp in the data packet; if yes, the process proceeds to the next step;
  • the server updates the first character string corresponding to the IP of the terminal stored in the database and the corresponding timestamp as the first character string and the current timestamp in the data packet, and The data requested by the terminal is sent to the terminal.
  • the two encryption methods adopt the HmacShal encryption algorithm and the md5 digest encryption algorithm in sequence.
  • the first character string is a 32-bit sequence.
  • the current timestamp is extracted from a header of the data packet received by the server, and the function parameter is from the server end
  • the interface that establishes communication for the terminal is obtained.
  • the method further includes:
  • the server updates its database: the server saves or updates the first character string and time stamp requested by the terminal in the server-side database in units of the terminal's IP address, so that the request is made.
  • the first string that has passed cannot repeat the request, and the timestamp is required to be larger than the current timestamp saved by the database of the server.
  • the method further includes:
  • the server updates its database: the server saves or updates the first character string and time stamp requested by the terminal in the server-side database in units of the terminal's IP address, so that the request is made.
  • the first string cannot be repeated, and the timestamp is required to be larger than the current timestamp saved by the server-side database; when the verification is correct by the predetermined key signature, but the server-side database
  • the saved current timestamp is not less than the timestamp of the request, intercepting the request, and modifying the current timestamp in the database of the server side and recording the timestamp of the request.
  • the method further includes:
  • the server side updates its database: the server side saves or updates the first character string requested by the terminal in the database of the server end in the unit of the IP address of the terminal, so that the requested The first string cannot be repeated.
  • the method further includes:
  • the server updates its database: the timestamp of the terminal is a request network timestamp or a return timestamp returned by a server dedicated to the acquisition system time of the server cluster of the server, and the server requests the terminal
  • the first character string and the timestamp are saved or updated in a database of the server side in units of IP addresses, so that the requested first character string cannot be repeatedly requested, and the timestamp ratio is required
  • the current timestamp saved by the database on the server side is large.
  • the method further includes:
  • the server side updates its database: the server side saves or updates the first character string and timestamp requested by the terminal in the database of the server side in the unit of the IP address, and clears the data at a preset time. Each time the first string list saved by the IP address is compared, if the first string is not in the first string list, the request is passed.
  • the invention also provides a terminal comprising: a processor, a transceiver, a memory, a user interface and a bus interface, wherein:
  • the processor is configured to read a program in the memory and perform the steps in the stateless communication security signature method provided above.
  • the invention also provides a server end, comprising: a processor, a transceiver, a memory, a user interface and a bus interface, wherein:
  • the processor is configured to read a program in the memory and perform the steps in the stateless communication security signature method provided above.
  • the present invention also provides a computer readable storage medium storing a computer program that, when executed by a processor, implements the steps in the stateless communication security signature method provided above.
  • the present invention also provides a computer readable storage medium storing a computer program that, when executed by a processor, implements the steps in the stateless communication security signature method provided above.
  • the terminal sorts the function parameters in the data packet of the current request by specifying, and then combines the predetermined density before the request.
  • the key and the current timestamp are sequentially obtained by using a Hmacsha1 encryption algorithm and an md5 digest encryption algorithm to obtain a 32-bit sequence and placed in the header of the requested data packet as the first character string; the server side will make the reservation.
  • the key, the current timestamp, and the function parameter are encrypted according to the encryption mode of the terminal to obtain a second character string, and the verification of the terminal request is implemented by comparing the first character string and the second character string. The same is verified.
  • FIG. 1 is a flow chart of a stateless communication security signature method provided by the present invention
  • Embodiment 1 is a flow chart of Embodiment 1 of another stateless communication security signature method provided by the present invention.
  • FIG. 3 is a block diagram showing a part of steps of a second embodiment of a stateless communication security signature method according to the present invention.
  • FIG. 4 is a block diagram showing a part of steps of a third embodiment of a stateless communication security signature method according to the present invention.
  • FIG. 5 is a block diagram of a partial step of a fourth embodiment of a stateless communication security signature method according to the present invention.
  • FIG. 6 is a block diagram showing a part of steps of a fifth embodiment of a stateless communication security signature method according to the present invention.
  • FIG. 7 is a block diagram showing a part of steps of a sixth embodiment of a stateless communication security signature method according to the present invention.
  • FIG. 8 is a schematic structural diagram of a terminal provided by the present invention.
  • FIG. 9 is a schematic structural diagram of a server end according to the present invention.
  • FIG. 10 is a timing chart of the third embodiment corresponding to FIG. 4.
  • FIG. 1 is a flow chart of a stateless communication security signature method provided by the present invention.
  • the invention provides a stateless communication security signature method, and the method comprises the following steps:
  • Step S11 The terminal stores a predetermined key secretKey unified with the server end, such as appotronics-2017.
  • Step S12 The terminal sends a communication request to the server: the terminal encrypts the predetermined key, the current timestamp, and the function parameter by at least two times to obtain the encrypted first string sign, and the first string sign And the current time stamp is loaded into a header header of the data packet, and the data packet is sent to the server end to implement a communication request.
  • the two encryption methods adopt the HmacShal encryption algorithm and the digest encryption algorithm such as md5 in sequence.
  • the encryption method and the number of times are not limited thereto.
  • the first string is a 32-bit sequence.
  • Step S13 The terminal receives data corresponding to the communication request sent by the server.
  • the present invention also provides another stateless communication security signature method, which is described below in several embodiments:
  • FIG. 2 is a block diagram of a first embodiment of a stateless communication security signature method according to the present invention.
  • the present invention provides another stateless communication security signature method, the method comprising the following steps:
  • Step S21 The server side stores a predetermined key secretKey unified with the terminal, such as appotronics-2017.
  • Step S22 The server end receives a data packet of a communication request sent by the terminal, where the data packet includes a first character string sign obtained by the terminal after being encrypted, where the first character string sign is The predetermined key secretKey, the current timestamp, and the function parameters of the terminal are obtained by encrypting at least twice.
  • the two encryption methods adopt the HmacShal encryption algorithm and the digest encryption algorithm such as md5 in sequence.
  • the encryption method and the number of times are not limited thereto.
  • server-side code implementation is as follows:
  • Map ⁇ String,String[]> reqMap request.getParameterMap();
  • SortedMap ⁇ String,Object> sortMap new TreeMap ⁇ String,Object>()
  • the first encrypted string is then encrypted into a 32-bit sequence using an md5 digest algorithm to obtain a first string sign. That is, the first character string sign is a 32-bit sequence.
  • server side implementation code is as follows:
  • Timestamp the current timestamp generated by the above.
  • Step S23 the server generates a second string sign':
  • the server encrypts the predetermined key, the current timestamp, and the function parameter according to an encryption manner of the terminal to obtain a second string sign'.
  • the current timestamp is extracted from a header of the data packet received by the server, and the function parameter is obtained from an interface that the terminal establishes communication with the server, the predetermined key. Is known.
  • Step S24 The server side compares whether the first character string sign and the second character string sign' are the same:
  • the IP address of the terminal and the first string signal are used as keywords to search the database of the server and determine whether the first string sign has been requested, and if so, the data request fails; Then, the process proceeds to step S25.
  • Step S25 The server compares whether the current timestamp in the received data packet is newer than a timestamp corresponding to the IP of the terminal stored in the database of the server:
  • the data request fails, and the timestamp corresponding to the IP of the terminal in the database of the server is updated to the current timestamp in the data packet;
  • step S26 If yes, the process proceeds to step S26.
  • Step S26 the server end updates the first character string sign corresponding to the IP of the terminal stored in the database, and the corresponding timestamp is the first character string and the current time in the data packet. Stamping and transmitting data requested by the terminal to the terminal.
  • FIG. 3 is a block diagram of a partial step of a second embodiment of a stateless communication security signature method according to the present invention.
  • the embodiment is basically the same as the first embodiment.
  • the stateless communication security signature method includes the embodiment except that the terminal time is valid and is not arbitrarily changed.
  • the method further includes:
  • Step S27 The server side saves or updates the first character string and the timestamp requested by the terminal in the database of the server by the IP address of the terminal, and makes a request each time the comparison is performed.
  • the first string cannot be repeated, and the timestamp is required to be larger than the current timestamp saved by the database of the server, so that the terminal external request cannot be repeated frequently.
  • FIG. 4 is a partial flow chart of a third embodiment of a stateless communication security signature method according to another embodiment of the present invention.
  • the stateless communication security signature method includes the first embodiment. In addition to steps S21-S26, it also includes:
  • Step S27 The server side saves or updates the first character string and the timestamp requested by the terminal in the database of the server by the IP address of the terminal, and makes a request each time the comparison is performed.
  • the first string cannot be repeated, and the timestamp is required to be larger than the current timestamp saved by the server-side database; when the verification is correct by the predetermined key signature, but the server-side database
  • the saved current timestamp is not less than the timestamp of the request, intercepting the request, and modifying the current timestamp in the database of the server side and recording the timestamp of the request. Therefore, the external request of the terminal cannot be repeated frequently.
  • FIG. 10 Please refer to FIG. 10 for a timing diagram of the third embodiment corresponding to FIG. 4.
  • the APP shows the terminal
  • the Server shows the server
  • the DB shows the database.
  • the other embodiments of the stateless communication security signature method of the present invention can also be represented by a timing chart.
  • the timing diagram of the third embodiment is further described as an example.
  • the timing diagrams of other embodiments are the same, as follows:
  • the terminal first uses HmacShal to encrypt the string with the value of secretKey as the predetermined key to obtain the first encrypted string, and then encrypts the first string with the 32-bit md5 digest algorithm;
  • the terminal adds the sign and timestamp to the header of the data packet of the current communication request
  • the server generates a second string sign': the server encrypts the predetermined key, the current timestamp, and the function parameter according to an encryption manner of the terminal to obtain a second string sign'. And compare sign' with sign:
  • the server returns a json data to notify the terminal that the request fails;
  • the comparison result is the same, the server side requests to obtain the data record sign and timestamp corresponding to the IP of the terminal to the database;
  • the database returns the requested data record to the server end;
  • the server determines whether the sign recorded by the database has been requested: that is, whether the sign of the data inventory record is different from the sign of the current request, and whether the data inventory record timestamp is smaller than the timestamp of the current request:
  • the terminal data request fails. Returning, by the server, the json data to the terminal to notify the terminal that the request fails;
  • the sign of the data inventory record is different from the sign of the current request, but the timestamp of the request is smaller than the timestamp stored in the database;
  • the server replaces the value of the timestamp in the database with the timestamp of the current request; and notifies the server that the replacement is successful;
  • the terminal data request failed.
  • the server returns a json data to notify the terminal that the request fails;
  • the server side replaces the timestamp and sign values in the database with the timestamp and sign of the request; the database notifies the server that the replacement is successful;
  • the server sends the data requested by the terminal to the terminal.
  • FIG. 5 is a block diagram of a partial step of another fourth embodiment of a stateless communication security signature method according to the present invention.
  • the stateless communication security signature method includes the steps of the first embodiment.
  • S21-S26 it also includes:
  • Step S27 The server side saves or updates the first character string requested by the terminal in the database of the server end in the unit of the IP address of the terminal, and makes the requested location each time the comparison is performed.
  • the first string cannot be repeated, so that the external request of the terminal cannot be repeated frequently.
  • the solution of this embodiment can still achieve the one-time aging of the request, but if the hacker or the attacker finds the processing method of the interception, the hacker or the attacker can prepare two sets of the first string sign, and the polling method requests the attack. However, it is still impossible to change other security functions of the present invention.
  • FIG. 6 is a block diagram of a partial step of a fifth embodiment of a stateless communication security signature method according to the present invention.
  • the embodiment is basically the same as the first embodiment, except that the system time is not changed, and the stateless communication security signature method in the embodiment does not include the embodiment.
  • the method further includes:
  • Step S27 The timestamp of the terminal is a request network timestamp or a return timestamp returned by a server that requests a server time of the server cluster dedicated to acquiring the system time, and the server end requests the first request by the terminal.
  • the string and the timestamp store or update the database on the server side in units of IP addresses, and each time the comparison is performed, the requested first string cannot be repeatedly requested, and the timestamp is required to be compared.
  • the current timestamp saved by the database on the server side is large, so that the external request of the terminal cannot be repeated frequently.
  • the solution of the embodiment may also implement signature one-time aging, but the mobile application emphasizes the user experience, and the solution needs to sacrifice the response speed.
  • FIG. 7 is a block diagram of a partial step of another sixth embodiment of a stateless communication security signature method according to the present invention.
  • the embodiment is basically the same as the first embodiment, except that the system time is not changed, and the stateless communication security signature method in the embodiment does not include the embodiment.
  • the method further includes:
  • Step S27 The server side saves or updates the first character string and the timestamp requested by the terminal in a database of the server side in an IP address unit, and clears the data at a preset time. If the first character string is stored in the first character string list, if the first character string is not in the first character string list, the external request of the terminal cannot be frequently repeated.
  • the solution of the embodiment may also implement signature one-time aging, but the mobile application emphasizes the user experience, and the solution needs to sacrifice the response speed.
  • the fifth embodiment and the sixth embodiment are similar, and the signature can be achieved at one time, but all need to sacrifice the response speed.
  • FIG. 8 a schematic structural diagram of a terminal provided by the present invention.
  • the present invention also provides a terminal 80 comprising a processor 81, a transceiver 82, a memory 83, a user interface 84 and a bus interface 85, wherein:
  • the processor 81 is configured to read a program in the memory 83, and perform the steps in the foregoing stateless communication security signature method, such as performing the steps shown in the flow block diagram of FIG. 1:
  • Step S11 The terminal stores a predetermined key secretKey unified with the server end, such as appotronics-2017.
  • Step S12 The terminal sends a communication request to the server: the terminal encrypts the predetermined key, the current timestamp, and the function parameter by at least two times to obtain the encrypted first string sign, and the first string sign And the current time stamp is loaded into a header header of the data packet, and the data packet is sent to the server end to implement a communication request.
  • the two encryption methods adopt the HmacShal encryption algorithm and the digest encryption algorithm such as md5 in sequence.
  • the encryption method and the number of times are not limited thereto.
  • the first string is a 32-bit sequence.
  • Step S13 The terminal receives data corresponding to the communication request sent by the server.
  • the present invention further provides a computer readable storage medium storing a computer program, when the computer program is executed by a processor, implementing the steps in the above stateless communication security signature method provided by the present invention, such as performing FIG. 1 Steps S11 to S13 shown in the flow chart.
  • FIG. 9 is a schematic structural diagram of a server end provided by the present invention.
  • the invention also provides a server end, comprising: a processor 91, a transceiver 92, a memory 93, a user interface 94 and a bus interface 95, wherein:
  • the processor 91 is configured to read a program in the memory 93 to perform the steps in the stateless communication security signature method. For example, the steps shown in the flow diagrams of any of the embodiments of FIG. 2-7 are performed, such as the steps of performing the stateless communication security signature method shown in FIG. 2:
  • Step S21 The server side stores a predetermined key secretKey unified with the terminal, such as appotronics-2017.
  • Step S22 The server end receives a data packet of a communication request sent by the terminal, where the data packet includes a first character string sign obtained by the terminal after being encrypted, where the first character string sign is The predetermined key secretKey, the current timestamp, and the function parameters of the terminal are obtained by encrypting at least twice.
  • the two encryption methods adopt the HmacShal encryption algorithm and the digest encryption algorithm such as md5 in sequence.
  • the encryption method and the number of times are not limited thereto.
  • server-side code implementation is as follows:
  • Map ⁇ String,String[]> reqMap request.getParameterMap();
  • SortedMap ⁇ String,Object> sortMap new TreeMap ⁇ String,Object>()
  • the first encrypted string is then encrypted into a 32-bit sequence using an md5 digest algorithm to obtain a first string sign. That is, the first character string sign is a 32-bit sequence.
  • server side implementation code is as follows:
  • Timestamp the current timestamp generated by the above.
  • Step S23 the server generates a second string sign':
  • the server encrypts the predetermined key, the current timestamp, and the function parameter according to an encryption manner of the terminal to obtain a second string sign'.
  • the current timestamp is extracted from a header of the data packet received by the server, and the function parameter is obtained from an interface that the terminal establishes communication with the server, the predetermined key. Is known.
  • Step S24 The server side compares whether the first character string sign and the second character string sign' are the same:
  • the IP address of the terminal and the first string signal are used as keywords to search the database of the server and determine whether the first string sign has been requested, and if so, the data request fails; Then, the process proceeds to step S25.
  • Step S25 The server compares whether the current timestamp in the received data packet is newer than a timestamp corresponding to the IP of the terminal stored in the database of the server:
  • the data request fails, and the timestamp corresponding to the IP of the terminal in the database of the server is updated to the current timestamp in the data packet;
  • step S26 If yes, the process proceeds to step S26.
  • Step S26 the server end updates the first character string sign corresponding to the IP of the terminal stored in the database, and the corresponding timestamp is the first character string and the current time in the data packet. Stamping and transmitting data requested by the terminal to the terminal.
  • the present invention further provides a computer readable storage medium storing a computer program, when the computer program is executed by a processor, implementing the steps in the above stateless communication security signature method provided by the present invention, such as performing FIG. 2
  • the steps shown in the block diagram of ⁇ 7 are as shown in steps S21 to S26 in FIG. 2, and are not described herein again.
  • the bus architecture may include any number of interconnected buses and bridges, specifically one or more processors represented by the processors 81/91, the memory 83/93, and the bus interface 85.
  • /95 represents the various circuits of the memory linked together.
  • the bus architecture can also link various other circuits such as peripherals, voltage regulators, and power management circuits, which are well known in the art and, therefore, will not be further described herein.
  • the bus interface 85/95 provides an interface.
  • the transceiver 82/92 can be a plurality of components, including a transmitter and a receiver, providing means for communicating with various other devices on a transmission medium.
  • the user interface 84/94 may also be an interface capable of externally connecting the required devices, including but not limited to a keypad, a display, a speaker, a microphone, a joystick, and the like.
  • the processor 81/91 is responsible for managing the bus architecture and the usual processing, and the memory 83/93 can store the data used by the processor 81/91 in performing the operations.
  • the disclosed method and apparatus may be implemented in other manners.
  • the device embodiments described above are merely illustrative.
  • the division of the unit is only a logical function division.
  • there may be another division manner for example, multiple units or components may be combined or Can be integrated into another system, or some features can be ignored or not executed.
  • the mutual coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection through some interface, device or unit, and may be in an electrical, mechanical or other form.
  • each functional unit in each embodiment of the present invention may be integrated into one processing unit, or each unit may be physically included separately, or two or more units may be integrated into one unit.
  • the above integrated unit can be implemented in the form of hardware or in the form of hardware plus software functional units.
  • the above-described integrated unit implemented in the form of a software functional unit can be stored in a computer readable storage medium.
  • the above software functional unit is stored in a storage medium and includes a plurality of instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform part of the steps of the transceiving method of the various embodiments of the present invention.
  • the foregoing storage medium includes: a U disk, a mobile hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a disk or an optical disk, and the like, which can store program codes. Medium.
  • the terminal sorts the function parameters in the data packet of the current request by specifying, before combining the predetermined key and the current a timestamp, which in turn adopts a Hmacsha1 encryption algorithm and an md5 digest encryption algorithm to obtain a 32-bit sequence, which is placed in the header of the requested data packet as the first character string; the server end uses the predetermined key, the current The timestamp and the function parameter are encrypted according to the encryption mode of the terminal to obtain a second character string, and the verification of the terminal request is implemented by comparing the first character string and the second character string, and the same is passed.
  • the security of the above method in the common Internet application especially when the devices of the application systems of various smart device manufacturers need to communicate statelessly with the server end of the Internet, the security is better and the reliability is strong.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

Provided is a stateless communication security signature method. The method comprises the following steps: a terminal storing a pre-determined key unified with a server end; the terminal obtaining an encrypted first character string after performing encryption at least twice; the server end carrying out encryption according to the encryption mode of the terminal to obtain a second character string; and the server end comparing whether the first character string and the second character string are the same, so as to determine whether or not to accept a request from the terminal. Further provided are a terminal and a server end. Compared with the related art, the stateless communication security signature method, the terminal and the server end in the present invention have higher security and better reliability.

Description

无状态通信安全签名方法、终端及服务器端Stateless communication security signature method, terminal and server 技术领域Technical field
本发明属于通信技术领域,具体涉及一种无状态通信安全签名方法、终端及服务器端。The invention belongs to the technical field of communications, and in particular relates to a stateless communication security signature method, a terminal and a server end.
背景技术Background technique
随着互联网时代的盛行,通信设备越来越多的成为人们生活的一部分。同时,通信安全也是人们越来越关心的问题,该问题直接影响着人们对通信设备的使用。With the prevalence of the Internet age, communication devices are becoming more and more part of people's lives. At the same time, communication security is also a concern of people, which directly affects the use of communication devices.
相关技术中,普遍使用通信系统的前端(终端)与后端(服务器端)无状态通信机制克服通信安全问题。即相关技术中的前端与后端无状态通信机制中,所述前端在用户登录请求时,所述后端返回令牌token给所述前端保存,往后的请求带上令牌token在参数上,所述后端验证令牌token来确认用户状态。In the related art, a front-end (terminal) and a back-end (server-side) stateless communication mechanism of a communication system are commonly used to overcome communication security problems. In the front-end and back-end stateless communication mechanism in the related art, when the front end is in a user login request, the back end returns a token token to the front end, and the subsequent request carries a token token on the parameter. The backend verifies the token token to confirm the user status.
技术问题technical problem
然而,相关技术中的上述通信机制在接口安全, Ddoc攻击(或频繁请求等类似攻击)等一系列问题集合时,数据后台的安全性以及可能面临的竞争对手恶意攻击等情况下,无法保证终端认证。However, the above-mentioned communication mechanism in the related art cannot guarantee the terminal in the case of a series of problems such as interface security, Ddoc attack (or frequent request, etc.), security of the data background, and possible malicious attacks by competitors. Certification.
因此,实有必要提供一种新的无状态通信安全签名方法以解决上述问题。Therefore, it is necessary to provide a new stateless communication security signature method to solve the above problems.
技术解决方案Technical solution
针对以上现有技术的不足,本发明提出一种通信的安全性高且可靠性好的无状态通信安全签名方法、终端及服务器端。In view of the above deficiencies of the prior art, the present invention provides a stateless communication security signature method, terminal and server end with high security and reliability.
本发明提供了一种无状态通信安全签名方法,该方法包括如下步骤:The invention provides a stateless communication security signature method, the method comprising the following steps:
终端存储与服务器端统一的预定密钥;The terminal stores a predetermined key that is unified with the server side;
终端向服务器端发送通信请求:所述终端将所述预定密钥、当前时间戳和功能参数经过至少两次加密得到加密后的第一字符串,将所述第一字符串和所述当前时间戳装至数据包的头部中,并将所述数据包发送至所述服务器端实现通信请求;Sending, by the terminal, a communication request to the server: the terminal encrypts the predetermined key, the current timestamp, and the function parameter by at least two times to obtain the encrypted first character string, and the first character string and the current time Stamping into the header of the data packet, and sending the data packet to the server side to implement a communication request;
所述终端接收所述服务器发出的通信请求所对应的数据。The terminal receives data corresponding to a communication request sent by the server.
优选的,在所述终端向服务器端发送通信请求步骤中,两次加密方式依次采用HmacShal加密算法和md5摘要加密算法。Preferably, in the step of sending the communication request to the server by the terminal, the two encryption methods adopt the HmacShal encryption algorithm and the md5 digest encryption algorithm in sequence.
优选的,所述第一字符串为32位序列。Preferably, the first character string is a 32-bit sequence.
本发明还提供一种无状态通信安全签名方法,该方法包括如下步骤:The invention also provides a stateless communication security signature method, the method comprising the following steps:
服务器端定义与终端统一的预定密钥;The server side defines a predetermined key that is unified with the terminal;
所述服务器端接收所述终端发出的通信请求的数据包,所述数据包包括所述终端经加密后得到的第一字符串,其中,所述第一字符串由所述终端的预定密钥、当前时间戳和功能参数经过至少两次加密得到;Receiving, by the server, a data packet of a communication request sent by the terminal, where the data packet includes a first character string obtained by the terminal after being encrypted, wherein the first character string is determined by a predetermined key of the terminal The current timestamp and function parameters are obtained by encrypting at least twice;
服务器端生成第二字符串:所述服务器端将所述预定密钥、所述当前时间戳和所述功能参数按所述终端的加密方式进行加密得到第二字符串;The server generates a second character string: the server side encrypts the predetermined key, the current timestamp, and the function parameter according to an encryption manner of the terminal to obtain a second character string;
所述服务器端比较所述第一字符串和所述第二字符串是否相同,若不相同,则通信请求失败;若相同,则所述服务器端以所述终端的IP和所述第一字符串为关键字查找所述服务器端的数据库并判断所述第一字符串是否进行过请求,若是,则数据请求失败;若否,则进入下一步骤;The server compares whether the first character string and the second character string are the same. If not, the communication request fails. If the same, the server end uses the IP address of the terminal and the first character. The string is a keyword to search the database of the server and determine whether the first string has been requested, and if so, the data request fails; if not, proceed to the next step;
所述服务器端比较接收的所述数据包中的所述当前时间戳是否比所述服务器端的数据库中存储的所述终端的IP对应的时间戳更新,若否,则数据请求失败,且将所述服务器端的数据库中所述终端的IP对应的时间戳更新为所述数据包中的所述当前时间戳;若是,则进入下一步骤;The server compares whether the current timestamp in the received data packet is newer than a timestamp corresponding to the IP of the terminal stored in the database of the server, and if not, the data request fails, and the The timestamp corresponding to the IP of the terminal in the database of the server is updated to the current timestamp in the data packet; if yes, the process proceeds to the next step;
所述服务器端更新其数据库中存储的所述终端的IP对应的所述第一字符串和对应的时间戳为所述数据包中的所述第一字符串和所述当前时间戳,并将所述终端请求的数据发送给所述终端。The server updates the first character string corresponding to the IP of the terminal stored in the database and the corresponding timestamp as the first character string and the current timestamp in the data packet, and The data requested by the terminal is sent to the terminal.
优选的,在所述服务器端接收所述终端发出的通信请求的数据包中,两次加密方式依次采用HmacShal加密算法和md5摘要加密算法。Preferably, in the data packet that the server end receives the communication request sent by the terminal, the two encryption methods adopt the HmacShal encryption algorithm and the md5 digest encryption algorithm in sequence.
优选的,所述第一字符串为32位序列。Preferably, the first character string is a 32-bit sequence.
优选的,在所述服务器端生成第二字符串的步骤中,所述当前时间戳从所述服务器端接收的所述数据包的头部中提取,所述功能参数从所述服务器端与所述终端建立通信的接口获得。Preferably, in the step of generating the second character string by the server, the current timestamp is extracted from a header of the data packet received by the server, and the function parameter is from the server end The interface that establishes communication for the terminal is obtained.
优选的,还包括:Preferably, the method further includes:
所述服务器端将其数据库更新:所述服务器端把所述终端请求过的所述第一字符串和时间戳以所述终端的IP地址为单位保存或更新在所述服务器端的数据库,使得请求过的所述第一字符串无法重复请求,且要求所述时间戳比所述服务器端的数据库保存的所述当前时间戳大。The server updates its database: the server saves or updates the first character string and time stamp requested by the terminal in the server-side database in units of the terminal's IP address, so that the request is made. The first string that has passed cannot repeat the request, and the timestamp is required to be larger than the current timestamp saved by the database of the server.
优选的,还包括:Preferably, the method further includes:
所述服务器端将其数据库更新:所述服务器端把所述终端请求过的所述第一字符串和时间戳以所述终端的IP地址为单位保存或更新在所述服务器端的数据库,使得请求过的所述第一字符串无法重复请求,且要求所述时间戳比所述服务器端的数据库保存的所述当前时间戳大;当通过所述预定密钥签名验证正确,但所述服务器端的数据库保存的所述当前时间戳不比该次请求的所述时间戳小时,拦截该次请求,并修改所述服务器端的数据库中的所述当前时间戳并记录为本次请求的所述时间戳。The server updates its database: the server saves or updates the first character string and time stamp requested by the terminal in the server-side database in units of the terminal's IP address, so that the request is made. The first string cannot be repeated, and the timestamp is required to be larger than the current timestamp saved by the server-side database; when the verification is correct by the predetermined key signature, but the server-side database The saved current timestamp is not less than the timestamp of the request, intercepting the request, and modifying the current timestamp in the database of the server side and recording the timestamp of the request.
优选的,还包括:Preferably, the method further includes:
所述服务器端将其数据库更新:所述服务器端把所述终端请求过的所述第一字符串以所述终端的IP地址为单位保存或更新在所述服务器端的数据库,使得请求过的所述第一字符串无法重复请求。The server side updates its database: the server side saves or updates the first character string requested by the terminal in the database of the server end in the unit of the IP address of the terminal, so that the requested The first string cannot be repeated.
优选的,还包括:Preferably, the method further includes:
所述服务器端将其数据库更新:所述终端的时间戳为请求网络时间戳或请求服务器端的服务器集群的专用于获取系统时间的服务器所返回的返回时间戳,所述服务器端把所述终端请求过的所述第一字符串和所述时间戳以IP地址为单位保存或更新在所述服务器端的数据库,使得请求过的所述第一字符串无法重复请求,且要求所述时间戳比所述服务器端的数据库保存的所述当前时间戳大。The server updates its database: the timestamp of the terminal is a request network timestamp or a return timestamp returned by a server dedicated to the acquisition system time of the server cluster of the server, and the server requests the terminal The first character string and the timestamp are saved or updated in a database of the server side in units of IP addresses, so that the requested first character string cannot be repeatedly requested, and the timestamp ratio is required The current timestamp saved by the database on the server side is large.
优选的,还包括:Preferably, the method further includes:
所述服务器端将其数据库更新:所述服务器端把所述终端请求过的所述第一字符串和时间戳以IP地址为单位保存或更新在所述服务器端的数据库,隔预设时间清理,每次比对所述IP地址所保存的所述第一字符串列表,若所述第一字符串列表中无相同的所述第一字符串,则通过请求。The server side updates its database: the server side saves or updates the first character string and timestamp requested by the terminal in the database of the server side in the unit of the IP address, and clears the data at a preset time. Each time the first string list saved by the IP address is compared, if the first string is not in the first string list, the request is passed.
本发明还提供一种终端,包括:处理器、收发机、存储器、用户接口及总线接口,其中:The invention also provides a terminal comprising: a processor, a transceiver, a memory, a user interface and a bus interface, wherein:
所述处理器用于读取所述存储器中的程序,执行上述提供的无状态通信安全签名方法中的步骤。The processor is configured to read a program in the memory and perform the steps in the stateless communication security signature method provided above.
本发明还提供一种服务器端,包括:处理器、收发机、存储器、用户接口及总线接口,其中:The invention also provides a server end, comprising: a processor, a transceiver, a memory, a user interface and a bus interface, wherein:
所述处理器用于读取所述存储器中的程序,执行上述提供的无状态通信安全签名方法中的步骤。The processor is configured to read a program in the memory and perform the steps in the stateless communication security signature method provided above.
本发明还提供一种计算机可读存储介质,其存储有计算机程序,所述计算机程序被处理器执行时实现上述提供的无状态通信安全签名方法中的步骤。The present invention also provides a computer readable storage medium storing a computer program that, when executed by a processor, implements the steps in the stateless communication security signature method provided above.
本发明还提供一种计算机可读存储介质,其存储有计算机程序,所述计算机程序被处理器执行时实现上述提供的无状态通信安全签名方法中的步骤。The present invention also provides a computer readable storage medium storing a computer program that, when executed by a processor, implements the steps in the stateless communication security signature method provided above.
有益效果Beneficial effect
与相关技术相比,本发明的无状态通信安全签名方法、终端及服务器端中,所述终端在请求前,将本次请求的数据包里的功能参数通过指定排序,再结合所述预定密钥和所述当前时间戳,依次采用Hmacsha1加密算法和md5摘要加密算法得到32位序列,并放在请求的数据包的头部里作为所述第一字符串;所述服务器端将所述预定密钥、所述当前时间戳和所述功能参数按所述终端的加密方式进行加密得到第二字符串,通过比较所述第一字符串和所述第二字符串实现所述终端请求的验证,相同则通过验证。上述方法在普通互联网应用的安全问题,特别是在各式智能设备厂商的应用系统的设备需要与互联网的所述服务器端进行无状态通信时,其安全性更好且可靠性强。Compared with the related art, in the stateless communication security signature method, the terminal, and the server end of the present invention, the terminal sorts the function parameters in the data packet of the current request by specifying, and then combines the predetermined density before the request. The key and the current timestamp are sequentially obtained by using a Hmacsha1 encryption algorithm and an md5 digest encryption algorithm to obtain a 32-bit sequence and placed in the header of the requested data packet as the first character string; the server side will make the reservation The key, the current timestamp, and the function parameter are encrypted according to the encryption mode of the terminal to obtain a second character string, and the verification of the terminal request is implemented by comparing the first character string and the second character string. The same is verified. The security of the above method in the common Internet application, especially when the devices of the application systems of various smart device manufacturers need to communicate statelessly with the server end of the Internet, the security is better and the reliability is strong.
附图说明DRAWINGS
下面结合附图详细说明本发明。通过结合以下附图所作的详细描述,本发明的上述或其他方面的内容将变得更清楚和更容易理解。附图中:The invention will be described in detail below with reference to the accompanying drawings. The above and other aspects of the present invention will become more apparent from the detailed description of the appended claims. In the figure:
图1为本发明提供的无状态通信安全签名方法的流程框图;1 is a flow chart of a stateless communication security signature method provided by the present invention;
图2为本发明提供的另一种无状态通信安全签名方法的实施例一的流程框图;2 is a flow chart of Embodiment 1 of another stateless communication security signature method provided by the present invention;
图3为本发明提供的另一种无状态通信安全签名方法的实施例二的部分步骤流程框图;3 is a block diagram showing a part of steps of a second embodiment of a stateless communication security signature method according to the present invention;
图4为本发明提供的另一种无状态通信安全签名方法的实施例三的部分步骤流程框图;4 is a block diagram showing a part of steps of a third embodiment of a stateless communication security signature method according to the present invention;
图5为本发明提供的另一种无状态通信安全签名方法的实施例四的部分步骤流程框图;FIG. 5 is a block diagram of a partial step of a fourth embodiment of a stateless communication security signature method according to the present invention; FIG.
图6为本发明提供的另一种无状态通信安全签名方法的实施例五的部分步骤流程框图;6 is a block diagram showing a part of steps of a fifth embodiment of a stateless communication security signature method according to the present invention;
图7为本发明提供的另一种无状态通信安全签名方法的实施例六的部分步骤流程框图;FIG. 7 is a block diagram showing a part of steps of a sixth embodiment of a stateless communication security signature method according to the present invention; FIG.
图8为本发明提供的终端的结构示意图;FIG. 8 is a schematic structural diagram of a terminal provided by the present invention; FIG.
图9为本发明提供的服务器端的结构示意图;9 is a schematic structural diagram of a server end according to the present invention;
图10为图4对应的实施例三的时序图。FIG. 10 is a timing chart of the third embodiment corresponding to FIG. 4.
本发明的实施方式Embodiments of the invention
下面结合附图详细说明本发明的具体实施方式。Specific embodiments of the present invention will be described in detail below with reference to the accompanying drawings.
在此记载的具体实施方式/实施例为本发明的特定的具体实施方式,用于说明本发明的构思,均是解释性和示例性的,不应解释为对本发明实施方式及本发明范围的限制。除在此记载的实施例外,本领域技术人员还能够基于本申请权利要求书和说明书所公开的内容采用显而易见的其它技术方案,这些技术方案包括采用对在此记载的实施例的做出任何显而易见的替换和修改的技术方案,都在本发明的保护范围之内。The specific embodiments and examples described herein are specific embodiments of the present invention, and are intended to be illustrative of the embodiments of the present invention. limit. In addition to the implementations described herein, those skilled in the art will be able to devise other obvious technical solutions based on the disclosure of the present application and the specification, which includes any obvious use of the embodiments described herein. The alternative and modified technical solutions are all within the scope of the present invention.
请参图1,为本发明提供的无状态通信安全签名方法的流程框图。本发明提供的无状态通信安全签名方法,该方法包括如下步骤:Please refer to FIG. 1 , which is a flow chart of a stateless communication security signature method provided by the present invention. The invention provides a stateless communication security signature method, and the method comprises the following steps:
步骤S11、终端存储与服务器端统一的预定密钥secretKey,如appotronics-2017。Step S11: The terminal stores a predetermined key secretKey unified with the server end, such as appotronics-2017.
步骤S12、终端向服务器端发送通信请求:所述终端将所述预定密钥、当前时间戳和功能参数经过至少两次加密得到加密后的第一字符串sign,将所述第一字符串sign和所述当前时间戳装至数据包的头部header中,并将所述数据包发送至所述服务器端实现通信请求。Step S12: The terminal sends a communication request to the server: the terminal encrypts the predetermined key, the current timestamp, and the function parameter by at least two times to obtain the encrypted first string sign, and the first string sign And the current time stamp is loaded into a header header of the data packet, and the data packet is sent to the server end to implement a communication request.
本步骤中,两次加密方式依次采用HmacShal加密算法和md5等摘要加密算法,当然,加密方式和次数并不限于此。更优的,所述第一字符串为32位序列。In this step, the two encryption methods adopt the HmacShal encryption algorithm and the digest encryption algorithm such as md5 in sequence. Of course, the encryption method and the number of times are not limited thereto. More preferably, the first string is a 32-bit sequence.
步骤S13、所述终端接收所述服务器端发出的通信请求所对应的数据。Step S13: The terminal receives data corresponding to the communication request sent by the server.
本发明还提供另一种无状态通信安全签名方法,以下以几种实施例进行说明: The present invention also provides another stateless communication security signature method, which is described below in several embodiments:
实施例一Embodiment 1
请参阅图2,为本发明提供的另一种无状态通信安全签名方法的实施例一的流程框图。本发明提供了另一种无状态通信安全签名方法,该方法包括如下步骤:FIG. 2 is a block diagram of a first embodiment of a stateless communication security signature method according to the present invention. The present invention provides another stateless communication security signature method, the method comprising the following steps:
步骤S21、服务器端存储与终端统一的预定密钥secretKey,如appotronics-2017。Step S21: The server side stores a predetermined key secretKey unified with the terminal, such as appotronics-2017.
步骤S22、所述服务器端接收所述终端发出的通信请求的数据包,所述数据包包括所述终端经加密后得到的第一字符串sign,其中,所述第一字符串sign由所述终端的预定密钥secretKey、当前时间戳和功能参数经过至少两次加密得到。Step S22: The server end receives a data packet of a communication request sent by the terminal, where the data packet includes a first character string sign obtained by the terminal after being encrypted, where the first character string sign is The predetermined key secretKey, the current timestamp, and the function parameters of the terminal are obtained by encrypting at least twice.
本步骤中,两次加密方式依次采用HmacShal加密算法和md5等摘要加密算法,当然,加密方式和次数并不限于此。本实施方式中,具体的:In this step, the two encryption methods adopt the HmacShal encryption algorithm and the digest encryption algorithm such as md5 in sequence. Of course, the encryption method and the number of times are not limited thereto. In this embodiment, the specific:
所述终端把请求的所述数据包的所述功能参数取出,用约定的排序方法排序,如SortMap排序,遍历生成字符串:keyName=keyValue&keyName=keyValue的样式。The terminal extracts the function parameters of the requested data packet, sorts by a predetermined sorting method, such as sorting by SortMap, and traverses a pattern of generating a string: keyName=keyValue&keyName=keyValue.
例如,所述服务器端代码实现如下:For example, the server-side code implementation is as follows:
        Map<String,String[]> reqMap = request.getParameterMap(); Map<String,String[]> reqMap = request.getParameterMap();
        SortedMap<String,Object> sortMap = new TreeMap<String,Object>(); SortedMap<String,Object> sortMap = new TreeMap<String,Object>();
        sortMap.putAll(reqMap); sortMap.putAll(reqMap);
        StringBuffer stringBuffer = new StringBuffer(); StringBuffer stringBuffer = new StringBuffer();
        for (Entry<String, String[]> entry : reqMap.entrySet()) { For (Entry<String, String[]> entry : reqMap.entrySet()) {
            stringBuffer.append(entry.getKey()).append("=") stringBuffer.append(entry.getKey()).append("=")
                    .append(entry.getValue()).append("&"); .append(entry.getValue()).append("&");
        }; };
继续用&拼接所述服务器端和所述终端统一的所述预定密钥和所述当前时间戳:keyName=keyValue&keyName=keyValue&secrectKey=And continuing to splicing the predetermined key and the current timestamp unified by the server end and the terminal: keyName=keyValue&keyName=keyValue&secrectKey=
appotronics-2017&timeStamp=1490952002359,如果所述数据包为空时,则只有secrectKey=appotronics-2017&timeStamp=1490952002359;Appotronics-2017&timeStamp=1490952002359, if the packet is empty, then only secrectKey=appotronics-2017&timeStamp=1490952002359;
采用HmacSha1加密算法加密以上字符串,得到第一次加密字符串,其中,所述secretKey为上述预定密钥secretKey:appotronics-2017;Encrypting the above string using the HmacSha1 encryption algorithm to obtain the first encrypted string, wherein the secretKey is the predetermined key secretKey:appotronics-2017;
再采用md5摘要算法将所述第一次加密字符串加密成32位序列,从而得到第一字符串sign。即所述第一字符串sign为32位序列。The first encrypted string is then encrypted into a 32-bit sequence using an md5 digest algorithm to obtain a first string sign. That is, the first character string sign is a 32-bit sequence.
例如,所述服务器端实现代码如下:For example, the server side implementation code is as follows:
String signValidString = MD5.encode32(CommonCodecUtils.HmacSha1(String signValidString = MD5.encode32(CommonCodecUtils.HmacSha1(
                stringBuffer.toString(), secretKey).toString()); stringBuffer.toString(), secretKey).toString());
最后,在所述终端的请求的数据包的头部header加上:Finally, in the header header of the requested packet of the terminal is added:
Sign:上述生成的数据包的第一字符串;Sign: the first character string of the generated data packet;
timestamp:上述生成的所述当前时间戳。Timestamp: the current timestamp generated by the above.
步骤S23、所述服务器端生成第二字符串sign’:Step S23, the server generates a second string sign':
所述服务器端将所述预定密钥、所述当前时间戳和所述功能参数按所述终端的加密方式进行加密得到第二字符串sign’。The server encrypts the predetermined key, the current timestamp, and the function parameter according to an encryption manner of the terminal to obtain a second string sign'.
本步骤中,所述当前时间戳从所述服务器端接收的所述数据包的头部中提取,所述功能参数从所述终端与所述服务器端建立通信的接口获得,所述预定密钥为已知。In this step, the current timestamp is extracted from a header of the data packet received by the server, and the function parameter is obtained from an interface that the terminal establishes communication with the server, the predetermined key. Is known.
步骤S24、所述服务器端比较所述第一字符串sign和所述第二字符串sign’是否相同:Step S24: The server side compares whether the first character string sign and the second character string sign' are the same:
若不相同,则数据请求失败;If not the same, the data request fails;
若相同:则以所述终端的IP和所述第一字符串sign为关键字查找所述服务器端的数据库并判断所述第一字符串sign是否进行过请求,若是,则数据请求失败;若否,则进入步骤S25。If the same: the IP address of the terminal and the first string signal are used as keywords to search the database of the server and determine whether the first string sign has been requested, and if so, the data request fails; Then, the process proceeds to step S25.
步骤S25、所述服务器端比较接收的所述数据包中的所述当前时间戳是否比所述服务器端的数据库中存储的所述终端的IP对应的时间戳更新:Step S25: The server compares whether the current timestamp in the received data packet is newer than a timestamp corresponding to the IP of the terminal stored in the database of the server:
若否,则数据请求失败,且将所述服务器端的数据库中所述终端的IP对应的时间戳更新为所述数据包中的所述当前时间戳;If not, the data request fails, and the timestamp corresponding to the IP of the terminal in the database of the server is updated to the current timestamp in the data packet;
若是,则进入步骤S26。If yes, the process proceeds to step S26.
步骤S26、所述服务器端更新其数据库中存储的所述终端的IP对应的所述第一字符串sign和对应的时间戳为所述数据包中的所述第一字符串和所述当前时间戳,并将所述终端请求的数据发送给所述终端。Step S26, the server end updates the first character string sign corresponding to the IP of the terminal stored in the database, and the corresponding timestamp is the first character string and the current time in the data packet. Stamping and transmitting data requested by the terminal to the terminal.
实施例二Embodiment 2
请结合参阅图3,为本发明提供的另一种无状态通信安全签名方法实施例二的部分步骤流程框图。Please refer to FIG. 3, which is a block diagram of a partial step of a second embodiment of a stateless communication security signature method according to the present invention.
本实施方式与实施例一基本相同,不同的是,在可以保证所述终端时间有效,且不会随意被变更的情况下,本实施方式中,所述无状态通信安全签名方法除了包括实施例一的步骤S21-S26以外,还包括:The embodiment is basically the same as the first embodiment. The difference is that, in the embodiment, the stateless communication security signature method includes the embodiment except that the terminal time is valid and is not arbitrarily changed. In addition to steps S21-S26, the method further includes:
步骤S27、所述服务器端把所述终端请求过的所述第一字符串和时间戳以所述终端的IP地址为单位保存或更新在所述服务器端的数据库,每次比对时,使得请求过的所述第一字符串无法重复请求,且要求所述时间戳比所述服务器端的数据库保存的所述当前时间戳大,从而达到所述终端外部请求无法频繁重复请求。Step S27: The server side saves or updates the first character string and the timestamp requested by the terminal in the database of the server by the IP address of the terminal, and makes a request each time the comparison is performed. The first string cannot be repeated, and the timestamp is required to be larger than the current timestamp saved by the database of the server, so that the terminal external request cannot be repeated frequently.
实施例三Embodiment 3
请结合参阅图4,为本发明提供的另一种无状态通信安全签名方法实施例三的部分步骤流程框图。Please refer to FIG. 4, which is a partial flow chart of a third embodiment of a stateless communication security signature method according to another embodiment of the present invention.
本实施方式与实施例一基本相同,不同的是,在终端时间有效,但系统时间可能偶尔被用户修改的情况下,本实施方式中,所述无状态通信安全签名方法除了包括实施例一的步骤S21-S26以外,还包括:The embodiment is basically the same as the first embodiment, except that in the case that the terminal time is valid, but the system time may be occasionally modified by the user, in the embodiment, the stateless communication security signature method includes the first embodiment. In addition to steps S21-S26, it also includes:
步骤S27、所述服务器端把所述终端请求过的所述第一字符串和时间戳以所述终端的IP地址为单位保存或更新在所述服务器端的数据库,每次比对时,使得请求过的所述第一字符串无法重复请求,且要求所述时间戳比所述服务器端的数据库保存的所述当前时间戳大;当通过所述预定密钥签名验证正确,但所述服务器端的数据库保存的所述当前时间戳不比该次请求的所述时间戳小时,拦截该次请求,并修改所述服务器端的数据库中的所述当前时间戳并记录为本次请求的所述时间戳。从而达到所述终端的外部请求无法频繁重复请求。Step S27: The server side saves or updates the first character string and the timestamp requested by the terminal in the database of the server by the IP address of the terminal, and makes a request each time the comparison is performed. The first string cannot be repeated, and the timestamp is required to be larger than the current timestamp saved by the server-side database; when the verification is correct by the predetermined key signature, but the server-side database The saved current timestamp is not less than the timestamp of the request, intercepting the request, and modifying the current timestamp in the database of the server side and recording the timestamp of the request. Therefore, the external request of the terminal cannot be repeated frequently.
请结合参阅图10,为图4对应的实施例三的时序图。其中,在该时序图中,APP示终端,Server示服务器端,DB示数据库。本发明的无状态通信安全签名方法的其它实施例也同样可用时序图表示,在此,以实施例三的时序图为例进行进一步说明,其它实施例的时序图均同理,具体如下:Please refer to FIG. 10 for a timing diagram of the third embodiment corresponding to FIG. 4. In the timing diagram, the APP shows the terminal, the Server shows the server, and the DB shows the database. The other embodiments of the stateless communication security signature method of the present invention can also be represented by a timing chart. Here, the timing diagram of the third embodiment is further described as an example. The timing diagrams of other embodiments are the same, as follows:
所述终端获取本次通信请求的数据包,将所述数据包以约定方式排序,并以key=value的形式用&符号连接;The terminal acquires the data packet of the current communication request, sorts the data packet in an agreed manner, and connects with the & symbol in the form of key=value;
所述终端获取预定密钥secretKey和当前时间戳timestamp,继续以key=value的形式用&拼接形成字符串;The terminal acquires a predetermined key secretKey and a current timestamp timestamp, and continues to form a character string by & splicing in the form of key=value;
所述终端先用HmacShal把上述字符串以secretKey的值为预定密钥加密得到第一次加密字符串,再用32位md5摘要算法加密得到第一字符串sign;The terminal first uses HmacShal to encrypt the string with the value of secretKey as the predetermined key to obtain the first encrypted string, and then encrypts the first string with the 32-bit md5 digest algorithm;
所述终端把sign、timestamp加入到本次通讯请求的数据包的头部header;The terminal adds the sign and timestamp to the header of the data packet of the current communication request;
所述终端将所述数据包发送至所述服务器端实现数据请求;Sending, by the terminal, the data packet to the server to implement a data request;
所述服务器端生成第二字符串sign’:所述服务器端将所述预定密钥、所述当前时间戳和所述功能参数按所述终端的加密方式进行加密得到第二字符串sign’,并将sign’与sign比较:The server generates a second string sign': the server encrypts the predetermined key, the current timestamp, and the function parameter according to an encryption manner of the terminal to obtain a second string sign'. And compare sign' with sign:
比较结果不同,则所述终端数据请求失败。所述服务器端返回json数据通知终端请求失败; If the comparison result is different, the terminal data request fails. The server returns a json data to notify the terminal that the request fails;
比较结果相同,则所述服务器端请求向所述数据库获取该终端的IP对应的数据记录sign和timestamp;The comparison result is the same, the server side requests to obtain the data record sign and timestamp corresponding to the IP of the terminal to the database;
所述数据库将该请求的数据记录返回至所述服务器端;The database returns the requested data record to the server end;
所述服务器端判断所述数据库记录的sign是否进行过请求:即所述数据库存记录的sign是否与本次请求的sign不同,所述数据库存记录timestamp是否小于本次请求的timestamp:The server determines whether the sign recorded by the database has been requested: that is, whether the sign of the data inventory record is different from the sign of the current request, and whether the data inventory record timestamp is smaller than the timestamp of the current request:
不满足条件,则所述终端数据请求失败。所述服务器端向所述终端返回json数据通知所述终端请求失败;If the condition is not met, the terminal data request fails. Returning, by the server, the json data to the terminal to notify the terminal that the request fails;
或者,数据库存记录的sign是否与本次请求的sign不同,但本次请求的timestamp小于所述数据库存储的timestamp;Or, the sign of the data inventory record is different from the sign of the current request, but the timestamp of the request is smaller than the timestamp stored in the database;
所述服务器端将所述数据库中的timestamp的值替换为本次请求的timestamp;并通知所述服务器端替换成功;The server replaces the value of the timestamp in the database with the timestamp of the current request; and notifies the server that the replacement is successful;
所述终端数据请求失败。所述服务器端返回json数据通知所述终端请求失败;The terminal data request failed. The server returns a json data to notify the terminal that the request fails;
满足条件:所述服务器端将数据库中的timestamp和sign值替换为本次请求的timestamp和sign;所述数据库通知服务器端替换成功;Satisfying the condition: the server side replaces the timestamp and sign values in the database with the timestamp and sign of the request; the database notifies the server that the replacement is successful;
所述服务器端将所述终端请求的数据发送给所述终端。The server sends the data requested by the terminal to the terminal.
实施例四Embodiment 4
请结合参阅图5,为本发明提供的另一种无状态通信安全签名方法实施例四的部分步骤流程框图。Please refer to FIG. 5, which is a block diagram of a partial step of another fourth embodiment of a stateless communication security signature method according to the present invention.
本实施方式与实施例一基本相同,不同的是,当终端时间不准确,且系统时间经常被修改的情况下,本实施方式中,所述无状态通信安全签名方法除了包括实施例一的步骤S21-S26以外,还包括:The embodiment is basically the same as the first embodiment. The difference is that when the terminal time is inaccurate and the system time is often modified, in the embodiment, the stateless communication security signature method includes the steps of the first embodiment. In addition to S21-S26, it also includes:
步骤S27、所述服务器端把所述终端请求过的所述第一字符串以所述终端的IP地址为单位保存或更新在所述服务器端的数据库,每次比对时,使得请求过的所述第一字符串无法重复请求,从而实现所述终端的外部请求无法频繁重复请求。Step S27: The server side saves or updates the first character string requested by the terminal in the database of the server end in the unit of the IP address of the terminal, and makes the requested location each time the comparison is performed. The first string cannot be repeated, so that the external request of the terminal cannot be repeated frequently.
该实施方式的方案依然可以实现请求的一次性时效,但如果黑客或攻击者发现该拦截的处理方法,黑客或攻击者可以准备两套所述第一字符串sign,轮询的方式请求达到攻击,但依然无法改变本发明其他安全功能。The solution of this embodiment can still achieve the one-time aging of the request, but if the hacker or the attacker finds the processing method of the interception, the hacker or the attacker can prepare two sets of the first string sign, and the polling method requests the attack. However, it is still impossible to change other security functions of the present invention.
实施例五Embodiment 5
请结合参阅图6,为本发明提供的另一种无状态通信安全签名方法实施例五的部分步骤流程框图。Please refer to FIG. 6 , which is a block diagram of a partial step of a fifth embodiment of a stateless communication security signature method according to the present invention.
本实施方式与实施例一基本相同,不同的是,无论所述终端时间准不准确,系统时间被不被改变的情况下,本实施方式中,所述无状态通信安全签名方法除了包括实施例一的步骤S21-S26以外,还包括:The embodiment is basically the same as the first embodiment, except that the system time is not changed, and the stateless communication security signature method in the embodiment does not include the embodiment. In addition to steps S21-S26, the method further includes:
步骤S27、所述终端的时间戳为请求网络时间戳或请求服务器端的服务器集群的专用于获取系统时间的服务器所返回的返回时间戳,所述服务器端把所述终端请求过的所述第一字符串和所述时间戳以IP地址为单位保存或更新在所述服务器端的数据库,每次比对时,使得请求过的所述第一字符串无法重复请求,且要求所述时间戳比所述服务器端的数据库保存的所述当前时间戳大,从而实现所述终端的外部请求无法频繁重复请求。Step S27: The timestamp of the terminal is a request network timestamp or a return timestamp returned by a server that requests a server time of the server cluster dedicated to acquiring the system time, and the server end requests the first request by the terminal. The string and the timestamp store or update the database on the server side in units of IP addresses, and each time the comparison is performed, the requested first string cannot be repeatedly requested, and the timestamp is required to be compared. The current timestamp saved by the database on the server side is large, so that the external request of the terminal cannot be repeated frequently.
需要说明的是,本实施方式的方案也可以实现签名一次性时效,但移动应用讲求用户体验,而本方案需要牺牲响应速度。It should be noted that the solution of the embodiment may also implement signature one-time aging, but the mobile application emphasizes the user experience, and the solution needs to sacrifice the response speed.
实施例六Embodiment 6
请结合参阅图7,为本发明提供的另一种无状态通信安全签名方法实施例六的部分步骤流程框图。Please refer to FIG. 7 , which is a block diagram of a partial step of another sixth embodiment of a stateless communication security signature method according to the present invention.
本实施方式与实施例一基本相同,不同的是,无论所述终端时间准不准确,系统时间被不被改变的情况下,本实施方式中,所述无状态通信安全签名方法除了包括实施例一的步骤S21-S26以外,还包括:The embodiment is basically the same as the first embodiment, except that the system time is not changed, and the stateless communication security signature method in the embodiment does not include the embodiment. In addition to steps S21-S26, the method further includes:
步骤S27、所述服务器端把所述终端请求过的所述第一字符串和时间戳以IP地址为单位保存或更新在所述服务器端的数据库,隔预设时间清理,每次比对所述IP地址所保存的所述第一字符串列表,若所述第一字符串列表中无相同的所述第一字符串,则通过请求,从而实现所述终端的外部请求无法频繁重复请求。Step S27: The server side saves or updates the first character string and the timestamp requested by the terminal in a database of the server side in an IP address unit, and clears the data at a preset time. If the first character string is stored in the first character string list, if the first character string is not in the first character string list, the external request of the terminal cannot be frequently repeated.
需要说明的是,本实施方式的方案也可以实现签名一次性时效,但移动应用讲求用户体验,而本方案需要牺牲响应速度。It should be noted that the solution of the embodiment may also implement signature one-time aging, but the mobile application emphasizes the user experience, and the solution needs to sacrifice the response speed.
即本发明的明无状态通信安全签名方法中,上述实施例五和实施例六相近,可以实现签名一次性时效,但都需要牺牲响应速度。That is, in the clear stateless communication security signature method of the present invention, the fifth embodiment and the sixth embodiment are similar, and the signature can be achieved at one time, but all need to sacrifice the response speed.
请结合参阅图8,为本发明提供的终端的结构示意图。本发明还提供一种终端80,包括处理器81、收发机82、存储器83、用户接口84及总线接口85,其中:Please refer to FIG. 8 for a schematic structural diagram of a terminal provided by the present invention. The present invention also provides a terminal 80 comprising a processor 81, a transceiver 82, a memory 83, a user interface 84 and a bus interface 85, wherein:
所述处理器81用于读取所述存储器83中的程序,执行上述无状态通信安全签名方法中的步骤,比如执行如图1的流程框图所示的步骤:The processor 81 is configured to read a program in the memory 83, and perform the steps in the foregoing stateless communication security signature method, such as performing the steps shown in the flow block diagram of FIG. 1:
步骤S11、终端存储与服务器端统一的预定密钥secretKey,如appotronics-2017。Step S11: The terminal stores a predetermined key secretKey unified with the server end, such as appotronics-2017.
步骤S12、终端向服务器端发送通信请求:所述终端将所述预定密钥、当前时间戳和功能参数经过至少两次加密得到加密后的第一字符串sign,将所述第一字符串sign和所述当前时间戳装至数据包的头部header中,并将所述数据包发送至所述服务器端实现通信请求。Step S12: The terminal sends a communication request to the server: the terminal encrypts the predetermined key, the current timestamp, and the function parameter by at least two times to obtain the encrypted first string sign, and the first string sign And the current time stamp is loaded into a header header of the data packet, and the data packet is sent to the server end to implement a communication request.
本步骤中,两次加密方式依次采用HmacShal加密算法和md5等摘要加密算法,当然,加密方式和次数并不限于此。更优的,所述第一字符串为32位序列。In this step, the two encryption methods adopt the HmacShal encryption algorithm and the digest encryption algorithm such as md5 in sequence. Of course, the encryption method and the number of times are not limited thereto. More preferably, the first string is a 32-bit sequence.
步骤S13、所述终端接收所述服务器端发出的通信请求所对应的数据。Step S13: The terminal receives data corresponding to the communication request sent by the server.
另外,本发明还提供一种计算机可读存储介质,其存储有计算机程序,所述计算机程序被处理器执行时实现本发明提供的上述无状态通信安全签名方法中的步骤,比如执行如图1的流程框图所示的步骤S11~S13。In addition, the present invention further provides a computer readable storage medium storing a computer program, when the computer program is executed by a processor, implementing the steps in the above stateless communication security signature method provided by the present invention, such as performing FIG. 1 Steps S11 to S13 shown in the flow chart.
 
请结合图9,为本发明提供的服务器端的结构示意图。本发明还提供了一种服务器端,包括:处理器91、收发机92、存储器93、用户接口94及总线接口95,其中:Please refer to FIG. 9 , which is a schematic structural diagram of a server end provided by the present invention. The invention also provides a server end, comprising: a processor 91, a transceiver 92, a memory 93, a user interface 94 and a bus interface 95, wherein:
所述处理器91用于读取所述存储器93中的程序,执行上述无状态通信安全签名方法中的步骤。比如执行如图2~7中任一实施方式的流程框图所示的步骤,比如执行图2所示的无状态通信安全签名方法的步骤:The processor 91 is configured to read a program in the memory 93 to perform the steps in the stateless communication security signature method. For example, the steps shown in the flow diagrams of any of the embodiments of FIG. 2-7 are performed, such as the steps of performing the stateless communication security signature method shown in FIG. 2:
步骤S21、服务器端存储与终端统一的预定密钥secretKey,如appotronics-2017。Step S21: The server side stores a predetermined key secretKey unified with the terminal, such as appotronics-2017.
步骤S22、所述服务器端接收所述终端发出的通信请求的数据包,所述数据包包括所述终端经加密后得到的第一字符串sign,其中,所述第一字符串sign由所述终端的预定密钥secretKey、当前时间戳和功能参数经过至少两次加密得到。Step S22: The server end receives a data packet of a communication request sent by the terminal, where the data packet includes a first character string sign obtained by the terminal after being encrypted, where the first character string sign is The predetermined key secretKey, the current timestamp, and the function parameters of the terminal are obtained by encrypting at least twice.
本步骤中,两次加密方式依次采用HmacShal加密算法和md5等摘要加密算法,当然,加密方式和次数并不限于此。本实施方式中,具体的:In this step, the two encryption methods adopt the HmacShal encryption algorithm and the digest encryption algorithm such as md5 in sequence. Of course, the encryption method and the number of times are not limited thereto. In this embodiment, the specific:
所述终端把请求的所述数据包的所述功能参数取出,用约定的排序方法排序,如SortMap排序,遍历生成字符串:keyName=keyValue&keyName=keyValue的样式。The terminal extracts the function parameters of the requested data packet, sorts by a predetermined sorting method, such as sorting by SortMap, and traverses a pattern of generating a string: keyName=keyValue&keyName=keyValue.
例如,所述服务器端代码实现如下:For example, the server-side code implementation is as follows:
        Map<String,String[]> reqMap = request.getParameterMap(); Map<String,String[]> reqMap = request.getParameterMap();
        SortedMap<String,Object> sortMap = new TreeMap<String,Object>(); SortedMap<String,Object> sortMap = new TreeMap<String,Object>();
        sortMap.putAll(reqMap); sortMap.putAll(reqMap);
        StringBuffer stringBuffer = new StringBuffer(); StringBuffer stringBuffer = new StringBuffer();
        for (Entry<String, String[]> entry : reqMap.entrySet()) { For (Entry<String, String[]> entry : reqMap.entrySet()) {
            stringBuffer.append(entry.getKey()).append("=") stringBuffer.append(entry.getKey()).append("=")
                    .append(entry.getValue()).append("&"); .append(entry.getValue()).append("&");
        }; };
继续用&拼接所述服务器端和所述终端统一的所述预定密钥和所述当前时间戳:keyName=keyValue&keyName=keyValue&secrectKey=And continuing to splicing the predetermined key and the current timestamp unified by the server end and the terminal: keyName=keyValue&keyName=keyValue&secrectKey=
appotronics-2017&timeStamp=1490952002359,如果所述数据包为空时,则只有secrectKey=appotronics-2017&timeStamp=1490952002359;Appotronics-2017&timeStamp=1490952002359, if the packet is empty, then only secrectKey=appotronics-2017&timeStamp=1490952002359;
采用HmacSha1加密算法加密以上字符串,得到第一次加密字符串,其中,所述secretKey为上述预定密钥secretKey:appotronics-2017;Encrypting the above string using the HmacSha1 encryption algorithm to obtain the first encrypted string, wherein the secretKey is the predetermined key secretKey:appotronics-2017;
再采用md5摘要算法将所述第一次加密字符串加密成32位序列,从而得到第一字符串sign。即所述第一字符串sign为32位序列。The first encrypted string is then encrypted into a 32-bit sequence using an md5 digest algorithm to obtain a first string sign. That is, the first character string sign is a 32-bit sequence.
例如,所述服务器端实现代码如下:For example, the server side implementation code is as follows:
String signValidString = MD5.encode32(CommonCodecUtils.HmacSha1(String signValidString = MD5.encode32(CommonCodecUtils.HmacSha1(
                stringBuffer.toString(), secretKey).toString()); stringBuffer.toString(), secretKey).toString());
最后,在所述终端的请求的数据包的头部header加上:Finally, in the header header of the requested packet of the terminal is added:
Sign:上述生成的数据包;Sign: the data packet generated above;
timestamp:上述生成的所述当前时间戳。Timestamp: the current timestamp generated by the above.
步骤S23、所述服务器端生成第二字符串sign’:Step S23, the server generates a second string sign':
所述服务器端将所述预定密钥、所述当前时间戳和所述功能参数按所述终端的加密方式进行加密得到第二字符串sign’。The server encrypts the predetermined key, the current timestamp, and the function parameter according to an encryption manner of the terminal to obtain a second string sign'.
本步骤中,所述当前时间戳从所述服务器端接收的所述数据包的头部中提取,所述功能参数从所述终端与所述服务器端建立通信的接口获得,所述预定密钥为已知。In this step, the current timestamp is extracted from a header of the data packet received by the server, and the function parameter is obtained from an interface that the terminal establishes communication with the server, the predetermined key. Is known.
步骤S24、所述服务器端比较所述第一字符串sign和所述第二字符串sign’是否相同:Step S24: The server side compares whether the first character string sign and the second character string sign' are the same:
若不相同,则数据请求失败;If not the same, the data request fails;
若相同:则以所述终端的IP和所述第一字符串sign为关键字查找所述服务器端的数据库并判断所述第一字符串sign是否进行过请求,若是,则数据请求失败;若否,则进入步骤S25。If the same: the IP address of the terminal and the first string signal are used as keywords to search the database of the server and determine whether the first string sign has been requested, and if so, the data request fails; Then, the process proceeds to step S25.
步骤S25、所述服务器端比较接收的所述数据包中的所述当前时间戳是否比所述服务器端的数据库中存储的所述终端的IP对应的时间戳更新:Step S25: The server compares whether the current timestamp in the received data packet is newer than a timestamp corresponding to the IP of the terminal stored in the database of the server:
若否,则数据请求失败,且将所述服务器端的数据库中所述终端的IP对应的时间戳更新为所述数据包中的所述当前时间戳;If not, the data request fails, and the timestamp corresponding to the IP of the terminal in the database of the server is updated to the current timestamp in the data packet;
若是,则进入步骤S26。If yes, the process proceeds to step S26.
步骤S26、所述服务器端更新其数据库中存储的所述终端的IP对应的所述第一字符串sign和对应的时间戳为所述数据包中的所述第一字符串和所述当前时间戳,并将所述终端请求的数据发送给所述终端。Step S26, the server end updates the first character string sign corresponding to the IP of the terminal stored in the database, and the corresponding timestamp is the first character string and the current time in the data packet. Stamping and transmitting data requested by the terminal to the terminal.
另外,本发明还提供一种计算机可读存储介质,其存储有计算机程序,所述计算机程序被处理器执行时实现本发明提供的上述无状态通信安全签名方法中的步骤,比如执行如图2~7的流程框图所示的步骤,如图2中的步骤S21~S26,在此不再赘述。In addition, the present invention further provides a computer readable storage medium storing a computer program, when the computer program is executed by a processor, implementing the steps in the above stateless communication security signature method provided by the present invention, such as performing FIG. 2 The steps shown in the block diagram of ~7 are as shown in steps S21 to S26 in FIG. 2, and are not described herein again.
需要说明的是,在图8和图9中,总线架构可以包括任意数量的互联的总线和桥,具体由处理器81/91代表的一个或多个处理器、存储器83/93及总线接口85/95代表的存储器的各种电路链接在一起。总线架构还可以将诸如外围设备、稳压器和功率管理电路等之类的各种其他电路链接在一起,这些都是本领域所公知的,因此,本文不再对其进行进一步描述。总线接口85/95提供接口。收发机82/92可以是多个元件,即包括发送机和接收机,提供用于在传输介质上与各种其他装置通信的单元。针对不同的用户设备,用户接口84/94还可以是能够外接内接需要设备的接口,连接的设备包括但不限于小键盘、显示器、扬声器、麦克风、操纵杆等。It should be noted that, in FIG. 8 and FIG. 9, the bus architecture may include any number of interconnected buses and bridges, specifically one or more processors represented by the processors 81/91, the memory 83/93, and the bus interface 85. /95 represents the various circuits of the memory linked together. The bus architecture can also link various other circuits such as peripherals, voltage regulators, and power management circuits, which are well known in the art and, therefore, will not be further described herein. The bus interface 85/95 provides an interface. The transceiver 82/92 can be a plurality of components, including a transmitter and a receiver, providing means for communicating with various other devices on a transmission medium. For different user equipments, the user interface 84/94 may also be an interface capable of externally connecting the required devices, including but not limited to a keypad, a display, a speaker, a microphone, a joystick, and the like.
处理器81/91负责管理总线架构和通常的处理,存储器83/93可以存储处理器81/91在执行操作时所使用的数据。The processor 81/91 is responsible for managing the bus architecture and the usual processing, and the memory 83/93 can store the data used by the processor 81/91 in performing the operations.
在本申请所提供的几个实施例中,应该理解到,所揭露方法和装置,可以通过其它的方式实现。例如,以上所描述的装置实施例仅仅是示意性的,例如,所述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,装置或单元的间接耦合或通信连接,可以是电性,机械或其它的形式。In the several embodiments provided in the present application, it should be understood that the disclosed method and apparatus may be implemented in other manners. For example, the device embodiments described above are merely illustrative. For example, the division of the unit is only a logical function division. In actual implementation, there may be another division manner, for example, multiple units or components may be combined or Can be integrated into another system, or some features can be ignored or not executed. In addition, the mutual coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection through some interface, device or unit, and may be in an electrical, mechanical or other form.
另外,在本发明各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理包括,也可以两个或两个以上单元集成在一个单元中。上述集成的单元既可以采用硬件的形式实现,也可以采用硬件加软件功能单元的形式实现。In addition, each functional unit in each embodiment of the present invention may be integrated into one processing unit, or each unit may be physically included separately, or two or more units may be integrated into one unit. The above integrated unit can be implemented in the form of hardware or in the form of hardware plus software functional units.
上述以软件功能单元的形式实现的集成的单元,可以存储在一个计算机可读取存储介质中。上述软件功能单元存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本发明各个实施例所述收发方法的部分步骤。而前述的存储介质包括:U 盘、移动硬盘、只读存储器(Read-Only Memory,简称ROM)、随机存取存储器(Random Access Memory,简称RAM)、磁碟或者光盘等各种可以存储程序代码的介质。The above-described integrated unit implemented in the form of a software functional unit can be stored in a computer readable storage medium. The above software functional unit is stored in a storage medium and includes a plurality of instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform part of the steps of the transceiving method of the various embodiments of the present invention. The foregoing storage medium includes: a U disk, a mobile hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a disk or an optical disk, and the like, which can store program codes. Medium.
需要说明的是,以上参照附图所描述的各个实施例仅用以说明本发明而非限制本发明的范围,本领域的普通技术人员应当理解,在不脱离本发明的精神和范围的前提下对本发明进行的修改或者等同替换,均应涵盖在本发明的范围之内。此外,除上下文另有所指外,以单数形式出现的词包括复数形式,反之亦然。另外,除非特别说明,那么任何实施例的全部或一部分可结合任何其它实施例的全部或一部分来使用。It should be noted that the various embodiments described above with reference to the accompanying drawings are only to illustrate the invention and not to limit the scope of the invention, and those of ordinary skill in the art should understand that without departing from the spirit and scope of the invention Modifications or equivalents to the invention are intended to be included within the scope of the invention. In addition, unless the context indicates otherwise, words in the singular include plural and vice versa. In addition, all or a portion of any embodiment can be used in combination with all or a portion of any other embodiment, unless otherwise stated.
与相关技术相比,本发明的无状态通信安全签名方法中,所述终端在请求前,将本次请求的数据包里的功能参数通过指定排序,再结合所述预定密钥和所述当前时间戳,依次采用Hmacsha1加密算法和md5摘要加密算法得到32位序列,放在请求的数据包的头部里作为所述第一字符串;所述服务器端将所述预定密钥、所述当前时间戳和所述功能参数按所述终端的加密方式进行加密得到第二字符串,通过比较所述第一字符串和所述第二字符串实现所述终端请求的验证,相同则通过验证。上述方法在普通互联网应用的安全问题,特别是在各式智能设备厂商的应用系统的设备需要与互联网的所述服务器端进行无状态通信时,其安全性更好且可靠性强。Compared with the related art, in the stateless communication security signature method of the present invention, the terminal sorts the function parameters in the data packet of the current request by specifying, before combining the predetermined key and the current a timestamp, which in turn adopts a Hmacsha1 encryption algorithm and an md5 digest encryption algorithm to obtain a 32-bit sequence, which is placed in the header of the requested data packet as the first character string; the server end uses the predetermined key, the current The timestamp and the function parameter are encrypted according to the encryption mode of the terminal to obtain a second character string, and the verification of the terminal request is implemented by comparing the first character string and the second character string, and the same is passed. The security of the above method in the common Internet application, especially when the devices of the application systems of various smart device manufacturers need to communicate statelessly with the server end of the Internet, the security is better and the reliability is strong.
以上所述仅为本发明的实施例,并非因此限制本发明的专利范围,凡是利用本发明说明书及附图内容所作的等效结构或等效流程变换,或直接或间接运用在其它相关的技术领域,均同理包括在本发明的专利保护范围内。The above is only the embodiment of the present invention, and is not intended to limit the scope of the invention, and the equivalent structure or equivalent process transformation of the present invention and the contents of the drawings may be directly or indirectly applied to other related technologies. The fields are all included in the scope of patent protection of the present invention.
 

Claims (16)

1、一种无状态通信安全签名方法,其特征在于,该方法包括如下步骤:A method for securely signing a stateless communication, characterized in that the method comprises the following steps:
终端存储与服务器端统一的预定密钥;The terminal stores a predetermined key that is unified with the server side;
终端向服务器端发送通信请求:所述终端将所述预定密钥、当前时间戳和功能参数经过至少两次加密得到加密后的第一字符串,将所述第一字符串和所述当前时间戳装至数据包的头部中,并将所述数据包发送至所述服务器端实现通信请求;Sending, by the terminal, a communication request to the server: the terminal encrypts the predetermined key, the current timestamp, and the function parameter by at least two times to obtain the encrypted first character string, and the first character string and the current time Stamping into the header of the data packet, and sending the data packet to the server side to implement a communication request;
所述终端接收所述服务器端发出的通信请求所对应的数据。The terminal receives data corresponding to the communication request sent by the server.
2、根据权利要求1所述的无状态通信安全签名方法,其特征在于,在所述终端向服务器端发送通信请求步骤中,两次加密方式依次采用HmacShal加密算法和md5摘要加密算法。The stateless communication security signature method according to claim 1, wherein in the step of the terminal transmitting a communication request to the server, the two encryption methods sequentially adopt an HmacShal encryption algorithm and an md5 digest encryption algorithm.
3、根据权利要求2所述的无状态通信安全签名方法,其特征在于,所述第一字符串为32位序列。3. The stateless communication security signature method according to claim 2, wherein the first character string is a 32-bit sequence.
4、一种无状态通信安全签名方法,其特征在于,该方法包括如下步骤:4. A method for secure signature of a stateless communication, characterized in that the method comprises the following steps:
服务器端定义与终端统一的预定密钥;The server side defines a predetermined key that is unified with the terminal;
所述服务器端接收所述终端发出的通信请求的数据包,所述数据包包括所述终端经加密后得到的第一字符串,其中,所述第一字符串由所述终端的预定密钥、当前时间戳和功能参数经过至少两次加密得到;Receiving, by the server, a data packet of a communication request sent by the terminal, where the data packet includes a first character string obtained by the terminal after being encrypted, wherein the first character string is determined by a predetermined key of the terminal The current timestamp and function parameters are obtained by encrypting at least twice;
服务器端生成第二字符串:所述服务器端将所述预定密钥、所述当前时间戳和所述功能参数按所述终端的加密方式进行加密得到第二字符串;The server generates a second character string: the server side encrypts the predetermined key, the current timestamp, and the function parameter according to an encryption manner of the terminal to obtain a second character string;
所述服务器端比较所述第一字符串和所述第二字符串是否相同,若不相同,则通信请求失败;若相同,则所述服务器端以所述终端的IP和所述第一字符串为关键字查找所述服务器端的数据库并判断所述第一字符串是否进行过请求,若是,则数据请求失败;若否,则进入下一步骤;The server compares whether the first character string and the second character string are the same. If not, the communication request fails. If the same, the server end uses the IP address of the terminal and the first character. The string is a keyword to search the database of the server and determine whether the first string has been requested, and if so, the data request fails; if not, proceed to the next step;
所述服务器端比较接收的所述数据包中的所述当前时间戳是否比所述服务器端的数据库中存储的所述终端的IP对应的时间戳更新,若否,则数据请求失败,且将所述服务器端的数据库中所述终端的IP对应的时间戳更新为所述数据包中的所述当前时间戳;若是,则进入下一步骤;The server compares whether the current timestamp in the received data packet is newer than a timestamp corresponding to the IP of the terminal stored in the database of the server, and if not, the data request fails, and the The timestamp corresponding to the IP of the terminal in the database of the server is updated to the current timestamp in the data packet; if yes, the process proceeds to the next step;
所述服务器端更新其数据库中存储的所述终端的IP对应的所述第一字符串和对应的时间戳为所述数据包中的所述第一字符串和所述当前时间戳,并将所述终端请求的数据发送给所述终端。The server updates the first character string corresponding to the IP of the terminal stored in the database and the corresponding timestamp as the first character string and the current timestamp in the data packet, and The data requested by the terminal is sent to the terminal.
5、根据权利要求4所述的无状态通信安全签名方法,其特征在于,在所述服务器端接收所述终端发出的通信请求的数据包中,两次加密方式依次采用HmacShal加密算法和md5摘要加密算法。The stateless communication security signature method according to claim 4, wherein in the data packet in which the server end receives the communication request sent by the terminal, the two encryption methods adopt the HmacShal encryption algorithm and the md5 abstraction in sequence. Encryption Algorithm.
6、根据权利要求5所述的无状态通信安全签名方法,其特征在于,所述第一字符串为32位序列。6. The stateless communication security signature method according to claim 5, wherein the first character string is a 32-bit sequence.
7、根据权利要求6所述的无状态通信安全签名方法,其特征在于,在所述服务器端生成第二字符串的步骤中,所述当前时间戳从所述服务器端接收的所述数据包的头部中提取,所述功能参数从所述服务器端与所述终端建立通信的接口获得。The stateless communication security signature method according to claim 6, wherein in the step of generating a second character string by the server, the current time stamp is received by the server from the server Extracted from the header, the function parameter is obtained from an interface that the server end establishes communication with the terminal.
8、根据权利要求4所述的无状态通信安全签名方法,其特征在于,还包括:The stateless communication security signature method according to claim 4, further comprising:
所述服务器端将其数据库更新:所述服务器端把所述终端请求过的所述第一字符串和时间戳以所述终端的IP地址为单位保存或更新在所述服务器端的数据库,使得请求过的所述第一字符串无法重复请求,且要求所述时间戳比所述服务器端的数据库保存的所述当前时间戳大。The server updates its database: the server saves or updates the first character string and time stamp requested by the terminal in the server-side database in units of the terminal's IP address, so that the request is made. The first string that has passed cannot repeat the request, and the timestamp is required to be larger than the current timestamp saved by the database of the server.
9、根据权利要求4所述的无状态通信安全签名方法,其特征在于,还包括:The stateless communication security signature method according to claim 4, further comprising:
所述服务器端将其数据库更新:所述服务器端把所述终端请求过的所述第一字符串和时间戳以所述终端的IP地址为单位保存或更新在所述服务器端的数据库,使得请求过的所述第一字符串无法重复请求,且要求所述时间戳比所述服务器端的数据库保存的所述当前时间戳大;当通过所述预定密钥签名验证正确,但所述服务器端的数据库保存的所述当前时间戳不比该次请求的所述时间戳小时,拦截该次请求,并修改所述服务器端的数据库中的所述当前时间戳并记录为本次请求的所述时间戳。The server updates its database: the server saves or updates the first character string and time stamp requested by the terminal in the server-side database in units of the terminal's IP address, so that the request is made. The first string cannot be repeated, and the timestamp is required to be larger than the current timestamp saved by the server-side database; when the verification is correct by the predetermined key signature, but the server-side database The saved current timestamp is not less than the timestamp of the request, intercepting the request, and modifying the current timestamp in the database of the server side and recording the timestamp of the request.
10、根据权利要求4所述的无状态通信安全签名方法,其特征在于,还包括:The stateless communication security signature method according to claim 4, further comprising:
所述服务器端将其数据库更新:所述服务器端把所述终端请求过的所述第一字符串以所述终端的IP地址为单位保存或更新在所述服务器端的数据库,使得请求过的所述第一字符串无法重复请求。The server side updates its database: the server side saves or updates the first character string requested by the terminal in the database of the server end in the unit of the IP address of the terminal, so that the requested The first string cannot be repeated.
11、根据权利要求4所述的无状态通信安全签名方法,其特征在于,还包括:The stateless communication security signature method according to claim 4, further comprising:
所述服务器端将其数据库更新:所述终端的时间戳为请求网络时间戳或请求服务器端的服务器集群的专用于获取系统时间的服务器所返回的返回时间戳,所述服务器端把所述终端请求过的所述第一字符串和所述时间戳以IP地址为单位保存或更新在所述服务器端的数据库,使得请求过的所述第一字符串无法重复请求,且要求所述时间戳比所述服务器端的数据库保存的所述当前时间戳大。The server updates its database: the timestamp of the terminal is a request network timestamp or a return timestamp returned by a server dedicated to the acquisition system time of the server cluster of the server, and the server requests the terminal The first character string and the timestamp are saved or updated in a database of the server side in units of IP addresses, so that the requested first character string cannot be repeatedly requested, and the timestamp ratio is required The current timestamp saved by the database on the server side is large.
12、根据权利要求4所述的无状态通信安全签名方法,其特征在于,还包括:12. The stateless communication security signature method according to claim 4, further comprising:
所述服务器端将其数据库更新:所述服务器端把所述终端请求过的所述第一字符串和时间戳以IP地址为单位保存或更新在所述服务器端的数据库,隔预设时间清理,每次比对所述IP地址所保存的所述第一字符串列表,若所述第一字符串列表中无相同的所述第一字符串,则通过请求。The server side updates its database: the server side saves or updates the first character string and timestamp requested by the terminal in the database of the server side in the unit of the IP address, and clears the data at a preset time. Each time the first string list saved by the IP address is compared, if the first string is not in the first string list, the request is passed.
13、一种终端,其特征在于,包括:处理器、收发机、存储器、用户接口及总线接口,其中:13. A terminal, comprising: a processor, a transceiver, a memory, a user interface, and a bus interface, wherein:
所述处理器用于读取所述存储器中的程序,执行如权利要求1至3中任一项所述的无状态通信安全签名方法中的步骤。The processor is configured to read a program in the memory, and perform the steps in the stateless communication security signature method according to any one of claims 1 to 3.
14、一种服务器端,其特征在于,包括:处理器、收发机、存储器、用户接口及总线接口,其中:14. A server terminal, comprising: a processor, a transceiver, a memory, a user interface, and a bus interface, wherein:
所述处理器用于读取所述存储器中的程序,执行如权利要求4至12中任一项所述的无状态通信安全签名方法中的步骤。The processor is configured to read a program in the memory, and perform the steps in the stateless communication security signature method according to any one of claims 4 to 12.
15、一种计算机可读存储介质,其存储有计算机程序,其特征在于,所述计算机程序被处理器执行时实现如权利要求1至3中任一项所述的无状态通信安全签名方法中的步骤。A computer readable storage medium storing a computer program, wherein the computer program is executed by a processor to implement the stateless communication security signature method according to any one of claims 1 to 3. A step of.
16、一种计算机可读存储介质,其存储有计算机程序,其特征在于,所述计算机程序被处理器执行时实现如权利要求4至12中任一项所述的无状态通信安全签名方法中的步骤。A computer readable storage medium storing a computer program, wherein the computer program is executed by a processor to implement the stateless communication security signature method according to any one of claims 4 to 12. A step of.
 
PCT/CN2018/074757 2017-07-28 2018-01-31 Stateless communication security signature method, terminal and server end WO2019019593A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201710632933.6A CN109309655B (en) 2017-07-28 2017-07-28 Stateless communication security signature method, terminal and server
CN201710632933.6 2017-07-28

Publications (1)

Publication Number Publication Date
WO2019019593A1 true WO2019019593A1 (en) 2019-01-31

Family

ID=65039364

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/074757 WO2019019593A1 (en) 2017-07-28 2018-01-31 Stateless communication security signature method, terminal and server end

Country Status (2)

Country Link
CN (1) CN109309655B (en)
WO (1) WO2019019593A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112804222A (en) * 2020-12-31 2021-05-14 中国平安人寿保险股份有限公司 Data transmission method, device, equipment and storage medium based on cloud deployment
CN112948896A (en) * 2021-01-28 2021-06-11 深圳市迅雷网文化有限公司 Signature information verification method and information signature method
CN113541953A (en) * 2020-04-21 2021-10-22 上海大众祥云运输管理有限公司 Authentication method for traffic passenger transport information management system

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2020070170A (en) 2018-11-01 2020-05-07 富士ゼロックス株式会社 Image formation device
CN109413105A (en) * 2018-12-12 2019-03-01 深圳市丰巢科技有限公司 A kind of network request processing method, device, computer equipment and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1744511A (en) * 2005-10-10 2006-03-08 中兴通讯股份有限公司 Flow media service request authentication method and system
US20120117385A1 (en) * 2010-11-09 2012-05-10 International Business Machines Corporation Method and apparatus for data encryption
CN103475664A (en) * 2013-09-18 2013-12-25 北京工业大学 Credible extraction method for digital evidence of Android
CN103647746A (en) * 2013-11-01 2014-03-19 北京奇虎科技有限公司 User login method, device and system
KR101714742B1 (en) * 2015-10-22 2017-03-10 고려대학교 산학협력단 Authentication method and server for remote control

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105681470B (en) * 2012-03-29 2018-12-28 北京奇虎科技有限公司 Communication means, server based on hypertext transfer protocol, terminal
CN103973695A (en) * 2014-05-16 2014-08-06 浪潮电子信息产业股份有限公司 Signature algorithm for server validation
CN106341429B (en) * 2016-11-28 2019-08-02 浙江工业大学 A kind of authentication method for protecting server data safety

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1744511A (en) * 2005-10-10 2006-03-08 中兴通讯股份有限公司 Flow media service request authentication method and system
US20120117385A1 (en) * 2010-11-09 2012-05-10 International Business Machines Corporation Method and apparatus for data encryption
CN103475664A (en) * 2013-09-18 2013-12-25 北京工业大学 Credible extraction method for digital evidence of Android
CN103647746A (en) * 2013-11-01 2014-03-19 北京奇虎科技有限公司 User login method, device and system
KR101714742B1 (en) * 2015-10-22 2017-03-10 고려대학교 산학협력단 Authentication method and server for remote control

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113541953A (en) * 2020-04-21 2021-10-22 上海大众祥云运输管理有限公司 Authentication method for traffic passenger transport information management system
CN112804222A (en) * 2020-12-31 2021-05-14 中国平安人寿保险股份有限公司 Data transmission method, device, equipment and storage medium based on cloud deployment
CN112804222B (en) * 2020-12-31 2022-11-15 中国平安人寿保险股份有限公司 Data transmission method, device, equipment and storage medium based on cloud deployment
CN112948896A (en) * 2021-01-28 2021-06-11 深圳市迅雷网文化有限公司 Signature information verification method and information signature method

Also Published As

Publication number Publication date
CN109309655A (en) 2019-02-05
CN109309655B (en) 2020-12-04

Similar Documents

Publication Publication Date Title
WO2019019593A1 (en) Stateless communication security signature method, terminal and server end
EP3726804B1 (en) Device authentication method, service access control method, device, and non-transitory computer-readable recording medium
US10868801B2 (en) Method and system for establishing connection
WO2018177124A1 (en) Service processing method and device, data sharing system and storage medium
US11676133B2 (en) Method and system for mobile cryptocurrency wallet connectivity
KR101240069B1 (en) Providing fresh session keys
EP4191430A1 (en) Data processing method and apparatus applied to blockchain system
US10250578B2 (en) Internet key exchange (IKE) for secure association between devices
US20150172064A1 (en) Method and relay device for cryptographic communication
US20210377048A1 (en) Digital Signature Method, Signature Information Verification Method, Related Apparatus and Electronic Device
CN109951546B (en) Transaction request processing method, device, equipment and medium based on intelligent contract
CN112968910B (en) Replay attack prevention method and device
WO2018205148A1 (en) Data packet checking method and device
US10419212B2 (en) Methods, systems, apparatuses, and devices for securing network communications using multiple security protocols
US20210211293A1 (en) Systems and methods for out-of-band authenticity verification of mobile applications
CN109120611B (en) User authentication method, apparatus, system and medium for address generation server
CN115473655B (en) Terminal authentication method, device and storage medium for access network
EP2930962B1 (en) Encryption/decryption method, system and device
CN113612616A (en) Vehicle communication method and device based on block chain
CN113497762A (en) Data message transmission method and device
CN113992734A (en) Session connection method, device and equipment
JP2008541221A (en) Bootstrap message security transmission method and device in device management
CN112565156A (en) Information registration method, device and system
WO2021136072A1 (en) Communication method and electronic device
CN117240468A (en) Signature authentication system, method, device, equipment and storage medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18838584

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18838584

Country of ref document: EP

Kind code of ref document: A1