本发明的最佳实施方式The best mode of the invention
参照图1,本申请一实施例中提供了一种基于时间戳的加密方法,包括以下步骤:1, an embodiment of the present application provides a timestamp-based encryption method, which includes the following steps:
步骤S1,前端获取加密指令,上述加密指令是由前端用户操作而产生;Step S1, the front-end obtains an encrypted instruction, the aforementioned encrypted instruction is generated by the operation of the front-end user;
步骤S2,产生randKey,并获取timestamp,其中,randKey是前端产生的一个随机key值,timestamp是当前时间戳;Step S2, generate a randKey, and obtain a timestamp, where randKey is a random key value generated by the front end, and timestamp is the current timestamp;
步骤S3,将上述randKey和上述timestamp通过第一预置分隔符拼接起来,形成encryptKey;Step S3, splicing the aforementioned randKey and the aforementioned timestamp through the first preset separator to form an encryptKey;
步骤S4,获取userID和password,将上述userID和上述encryptKey通过第二预置分隔符拼接起来,形成contactUserID;将上述password与上述encryptKey通过第三预置分隔符拼接起来,形成contactPassword;其中,userID是用户名,password是密码;Step S4: Obtain userID and password, and join the userID and the encryptKey through a second preset separator to form a contactUserID; join the password and the encryptKey through a third preset separator to form a contactPassword; where userID is User name, password is the password;
步骤S5,对上述contactUserID和上述contactPassword使用非对称加密算法的公钥分别进行加密,得到encryptUserID和encryptPassword。Step S5: Encrypt the contactUserID and the contactPassword using the public key of an asymmetric encryption algorithm to obtain encryptUserID and encryptPassword.
如上述步骤S1所述,系统的前端用户通过操作前端,向前端发出加密指令,该加密指令可以是在前端用户输入账户名和密码后自动产生,也可以是在点击某具体的按键而产生,一般是前端用户输入账户名和密码并点击“提交”后产生。前端接收该加密指令。其中,前端可以是安全认证系统的前端部分,也可以是客户端。As mentioned in step S1 above, the front-end user of the system sends an encrypted instruction to the front-end by operating the front-end. The encrypted instruction can be automatically generated after the front-end user enters the account name and password, or it can be generated by clicking a specific button. It is generated after the front-end user enters the account name and password and clicks "Submit". The front end receives the encryption instruction. Among them, the front-end can be the front-end part of the security authentication system or the client.
如上述步骤S2所述,前端接收到加密指令后,随机生成一个UUID,也即随机key值,把该随机key值称为randKey。同时,前端还获取到timestamp(当前时间戳)。然后,如上述步骤S3所述,前端将生成的randKey和获取的timestamp通过第一预置分隔符拼接起来,形成encryptKey。其中,第一预置分隔符如-、@、#、$、%、&等字符。例如,将randKey(2b162f8e38a045d78ed5606c8bdbea3a)与当前时间戳timestamp(1541057401)通过第一预置分隔符“-”进行拼接,得到encryptKey=2b162f8e38a045d78ed5606c8bdbea3a-1541057401。As described in step S2 above, after receiving the encryption instruction, the front end randomly generates a UUID, that is, a random key value, and the random key value is called randKey. At the same time, the front end also obtains the timestamp (current timestamp). Then, as described in step S3 above, the front end splices the generated randKey and the obtained timestamp through the first preset separator to form an encryptKey. Among them, the first preset separator such as -, @, #, $, %, & and other characters. For example, the randKey (2b162f8e38a045d78ed5606c8bdbea3a) and the current timestamp (1541057401) are spliced through the first preset separator "-" to obtain encryptKey=2b162f8e38a045d78ed5606c8bdbea3a-1541057401.
如上述步骤S4所述,获取userID(用户名)和password(密码),这里获取userID和password的时间点与前端用户输入用户名和密码的时间并不是同时的。实际上,前端用户输入用户名和密码后,前端的第一个响应就是产生如步骤S1所述的加密指令,而在步骤S1中用户名和密码并不会马上被使用。在步骤S4中,先前输入的userID和password才被具体使用。具体为,将userID和encryptKey通过第二预置分隔符拼接起来,形成contactUserID;将password与encryptKey通过第三预置分隔符拼接起来,形成contactPassword。其中,第二预置分隔符、第三预置分隔符与上述第一预置分隔符的作用是相同的,并不存在必然的区别或联系,可以将第一预置分隔符、第二预置分隔符和第三预置分隔符均设置为“-”。As described in step S4 above, the userID (user name) and password (password) are obtained. Here, the time of obtaining the userID and password is not the same as the time when the front-end user inputs the user name and password. In fact, after the front-end user enters the user name and password, the first response of the front-end is to generate an encrypted instruction as described in step S1, and the user name and password in step S1 will not be used immediately. In step S4, the previously entered userID and password are specifically used. Specifically, the userID and encryptKey are spliced together through the second preset separator to form a contactUserID; the password and encryptKey are spliced together through the third preset separator to form a contactPassword. Among them, the functions of the second preset separator and the third preset separator are the same as the above-mentioned first preset separator, and there is no necessary difference or connection. The first preset separator and the second preset separator can be Both the preset separator and the third preset separator are set to "-".
例如:获取到用户输入的userID为zhangsan,通过以上步骤得到encryptKey为2b162f8e38a045d78ed5606c8bdbea3a-1541057401,将userID和encryptKey通过第二预置分隔符“-”拼接起来,形成的contactUserID为zhangsan-2b162f8e38a045d78ed5606c8bdbea3a-1541057401,表示为contactUserID=zhangsan-2b162f8e38a045d78ed5606c8bdbea3a-1541057401。获取到用户输入的password为123456,将password和encryptKey通过第三预置分隔符“-”拼接起来,形成的contactPassword为123456-2b162f8e38a045d78ed5606c8bdbea3a-1541057401,表示为contactPassword=123456-2b162f8e38a045d78ed5606c8bdbea3a-1541057401。For example, if the userID entered by the user is obtained as zhangsan, the encryptKey obtained through the above steps is 2b162f8e38a045d78ed5606c8bdbea3a-1541057401, and the userID and encryptKey are spliced together by the second preset separator "-" to form a contactUserID of zhangsan-2b162f8e38a045d78ed5606c8e38a045d78ed5606c8e38a045d78ed5606c8e38a045d78ed5606c8e38a045d78ed5606c8e38a045d78ed5606c8e38a045d78ed5606c8e38a045d78ed5606c8bdbea3a-1541057401 contactUserID=zhangsan-2b162f8e38a045d78ed5606c8bdbea3a-1541057401. The password entered by the user is 123456, and the password and encryptKey are spliced by the third preset separator "-" to form a contactPassword of 123456-2b162f8e38a045d78ed5606c8bdbea3a-1541057401, which is expressed as contactPassword=123456-2b162f8e38a045d78ed5606c8bdbea3a-1541057401.
如上述步骤S5所述,对contactUserID使用非对称加密算法的公钥进行加密,得到encryptUserID。非对称加密算法主要包括RSA、Elgamal、背包算法、Rabin、D-H和ECC(椭圆曲线加密算法),其中,RSA是使用最广泛的非对称加密算法,RSA是1977年由罗纳德·李维斯特(Ron Rivest)、阿迪·萨莫尔(Adi
Shamir)和伦纳德·阿德曼(Leonard Adleman)一起提出的,RSA是由他们三人姓氏开头字母拼在一起组成的。As described in step S5 above, the contactUserID is encrypted using the public key of the asymmetric encryption algorithm to obtain the encryptUserID. Asymmetric encryption algorithms mainly include RSA, Elgamal, knapsack algorithm, Rabin, DH and ECC (elliptic curve encryption algorithm). Among them, RSA is the most widely used asymmetric encryption algorithm. RSA was developed by Ronald Levist in 1977 ( Ron Rivest), Adi Samer (Adi
Shamir) and Leonard Adleman (Leonard Adleman) proposed together that RSA is composed of the initial letters of the three of them.
例如:RSA非对称加密算法的公钥For example: RSA asymmetric encryption algorithm public key
公钥指数pubExp:10001;Public key index pubExp: 10001;
公钥模module:A67DF0337FAF559163BCBA89EE597C2DB0F17CEF87F4E0F476216C44831369504876B78FEB848DFD352BB598615B81C26D1027AC8481116BE40DBA6BD34A92524412936EDA2C6D402D81119DB33F180551DB1762B5F367B0AB319290C546A12B6483F65C55B6BFF19337FDCD79DE78A815725E9AE9FDA48C0FDCEBD6AFD8F9BC1BA254F93D8B189A7C8F6D205C5715B9C82F1EAEC1AA4D7BEE8679D58A0DB8AE4ED24B5B1942EE893BF4B2343D50F5CB38D4C38544D56E1C1877B6629A53BCCEB91B994A316BFE408E93359B3DDD3DDA4C96A26433C62A9E4C7332ADABDF148B6593B3F37621E921B21CF9B4D9AE9344D827C286F5671D0F3B582C5FEFCD4467。Public Key mode module: A67DF0337FAF559163BCBA89EE597C2DB0F17CEF87F4E0F476216C44831369504876B78FEB848DFD352BB598615B81C26D1027AC8481116BE40DBA6BD34A92524412936EDA2C6D402D81119DB33F180551DB1762B5F367B0AB319290C546A12B6483F65C55B6BFF19337FDCD79DE78A815725E9AE9FDA48C0FDCEBD6AFD8F9BC1BA254F93D8B189A7C8F6D205C5715B9C82F1EAEC1AA4D7BEE8679D58A0DB8AE4ED24B5B1942EE893BF4B2343D50F5CB38D4C38544D56E1C1877B6629A53BCCEB91B994A316BFE408E93359B3DDD3DDA4C96A26433C62A9E4C7332ADABDF148B6593B3F37621E921B21CF9B4D9AE9344D827C286F5671D0F3B582C5FEFCD4467.
使用上述RSA非对称加密算法的公钥,对contactUserID(zhangsan-2b162f8e38a045d78ed5606c8bdbea3a-1541057401)进行加密,得到encryptUserID为919A237AA02D7383AA01AB9E64FB6664C3FC129C4C94012AA716FE07F9003FCB765AD81DAA56BA37AC4D06E3C0C9FF4DAC352DE288D437FF4BD1B68B4A322FB8456CC7161D6995847FD57FB99735F45E4B90EBECAB1192B988E30D3AC9A584CD673170B59594138A7669F5B68C8AF6A3304A4970519111D94B603986E57CAFE744FE0E7A9AFCEEA9F6D8769E5C0A6AC1CD96B1861A26918D29A2D85C467885816FB69F4169E305B29BAA75073794C3D21878BCEE5A5C3CF0F7E51813E66BE6C5B01D9DF88AC8E93508B8164612CA59DE86856AC9466347D1B687BDC48A358D61933F6623643B4A26868DBB79CAD6DBA000ADC8DAFF9E10A43D0BD5630F5EDE1D,表示为encryptUserID=919A237AA02D7383AA01AB9E64FB6664C3FC129C4C94012AA716FE07F9003FCB765AD81DAA56BA37AC4D06E3C0C9FF4DAC352DE288D437FF4BD1B68B4A322FB8456CC7161D6995847FD57FB99735F45E4B90EBECAB1192B988E30D3AC9A584CD673170B59594138A7669F5B68C8AF6A3304A4970519111D94B603986E57CAFE744FE0E7A9AFCEEA9F6D8769E5C0A6AC1CD96B1861A26918D29A2D85C467885816FB69F4169E305B29BAA75073794C3D21878BCEE5A5C3CF0F7E51813E66BE6C5B01D9DF88AC8E93508B8164612CA59DE86856AC9466347D1B687BDC48A358D61933F6623643B4A26868DBB79CAD6DBA000ADC8DAFF9E10A43D0BD5630F5EDE1D。Using the RSA public key of an asymmetric encryption algorithm, on contactUserID (zhangsan-2b162f8e38a045d78ed5606c8bdbea3a-1541057401) is encrypted, to obtain encryptUserId 919A237AA02D7383AA01AB9E64FB6664C3FC129C4C94012AA716FE07F9003FCB765AD81DAA56BA37AC4D06E3C0C9FF4DAC352DE288D437FF4BD1B68B4A322FB8456CC7161D6995847FD57FB99735F45E4B90EBECAB1192B988E30D3AC9A584CD673170B59594138A7669F5B68C8AF6A3304A4970519111D94B603986E57CAFE744FE0E7A9AFCEEA9F6D8769E5C0A6AC1CD96B1861A26918D29A2D85C467885816FB69F4169E305B29BAA75073794C3D21878BCEE5A5C3CF0F7E51813E66BE6C5B01D9DF88AC8E93508B8164612CA59DE86856AC9466347D1B687BDC48A358D61933F6623643B4A26868DBB79CAD6DBA000ADC8DAFF9E10A43D0BD5630F5EDE1D, expressed as encryptUserID = 919A237AA02D7383AA01AB9E64FB6664C3FC129C4C94012AA716FE07F9003FCB765AD81DAA56BA37AC4D06E3C0C9FF4DAC352DE288D437FF4BD1B68B4A322FB8456CC7161D6995847FD57FB99735F45E4B90EBECAB1192B988E30D3AC9A584CD673170B59594138A7669F5B68C8AF6A3304A4970519111D94B603986E57CAFE744FE0E7A9AFCEEA9F6D8769E5C0A6AC1CD96B1861A26918D29A2D85C467885816FB69F4169E305B29BAA75073794C3D21878BCEE5A5 C3CF0F7E51813E66BE6C5B01D9DF88AC8E93508B8164612CA59DE86856AC9466347D1B687BDC48A358D61933F6623643B4A26868DBB79CAD6DBA000ADC8DAFF9E10A43D0BD5630F5EDE1D.
对contactPassword使用非对称加密算法的公钥进行加密,得到encryptPassword。同样,使用上述RSA非对称加密算法的公钥,对contactPassword(123456-2b162f8e38a045d78ed5606c8bdbea3a-1541057401)进行加密,得到encryptPassword为74CA36C0DC2C1EB0A285726FC2D58F3038B72916B5CEE7255B1AF27F1680A1FFCAFA6E492DBA1B3264AB6E569E47DF81E5B7F82AF10F9F82B0CD5053FEB9EB04BBD5BFD159EDE9383EF39CDB5778D7127E74E6DAF3227653F162E4F13442C6E711D2478B6773D0BF625C3DF327E9F12303F8E487EB42256D73C0CF6616FA74594C988D070E1FBEB5097313F81E9D730B32AC9AFCEAD0D95EA64D497B15BB64AECD61078B341EA54031211D09233893825B48EE57DB7E0FA16A5AD3C32CE8B3A7D359676D88309166FB838C66E8F556DCA751D557C62607D5E318A629A12DF0BF07BF1C5C09FD97A0B3BDEAE9A5308D4080454511B526D77F62FFC7CCEBC6B5E4,表示为encryptPassword=74CA36C0DC2C1EB0A285726FC2D58F3038B72916B5CEE7255B1AF27F1680A1FFCAFA6E492DBA1B3264AB6E569E47DF81E5B7F82AF10F9F82B0CD5053FEB9EB04BBD5BFD159EDE9383EF39CDB5778D7127E74E6DAF3227653F162E4F13442C6E711D2478B6773D0BF625C3DF327E9F12303F8E487EB42256D73C0CF6616FA74594C988D070E1FBEB5097313F81E9D730B32AC9AFCEAD0D95EA64D497B15BB64AECD61078B341EA54031211D09233893825B48EE57DB7E0FA16A5AD3C32CE8B3A7D359676D88309166FB838C66E8F556DCA751D557C62607D5E318A629A12DF0BF07BF1C5C09FD97A0B3BDEAE9A5308D4080454511B526D77F62FFC7CCEBC6B5E4。Encrypt the contactPassword using the public key of an asymmetric encryption algorithm to obtain encryptPassword. Similarly, using the above-described RSA asymmetric public key encryption algorithm, on contactPassword (123456-2b162f8e38a045d78ed5606c8bdbea3a-1541057401) is encrypted, to obtain EncryptPassword 74CA36C0DC2C1EB0A285726FC2D58F3038B72916B5CEE7255B1AF27F1680A1FFCAFA6E492DBA1B3264AB6E569E47DF81E5B7F82AF10F9F82B0CD5053FEB9EB04BBD5BFD159EDE9383EF39CDB5778D7127E74E6DAF3227653F162E4F13442C6E711D2478B6773D0BF625C3DF327E9F12303F8E487EB42256D73C0CF6616FA74594C988D070E1FBEB5097313F81E9D730B32AC9AFCEAD0D95EA64D497B15BB64AECD61078B341EA54031211D09233893825B48EE57DB7E0FA16A5AD3C32CE8B3A7D359676D88309166FB838C66E8F556DCA751D557C62607D5E318A629A12DF0BF07BF1C5C09FD97A0B3BDEAE9A5308D4080454511B526D77F62FFC7CCEBC6B5E4, expressed as encryptPassword = 74CA36C0DC2C1EB0A285726FC2D58F3038B72916B5CEE7255B1AF27F1680A1FFCAFA6E492DBA1B3264AB6E569E47DF81E5B7F82AF10F9F82B0CD5053FEB9EB04BBD5BFD159EDE9383EF39CDB5778D7127E74E6DAF3227653F162E4F13442C6E711D2478B6773D0BF625C3DF327E9F12303F8E487EB42256D73C0CF6616FA74594C988D070E1FBEB5097313F81E9D730B32AC9AFCEAD0D95EA64D497B15BB64AECD61078B341EA54031211D09233893825B48 EE57DB7E0FA16A5AD3C32CE8B3A7D359676D88309166FB838C66E8F556DCA751D557C62607D5E318A629A12DF0BF07BF1C5C09FD97A0B3BDEAE9A5308D4080454511B526D77F62FFC7CCEBC6B5E4.
前端将上述通过非对称加密算法进行加密后所得的encryptUserID和encryptPassword传输到系统的后端,供后端进行安全认证。The front end transmits the encryptUserID and encryptPassword obtained after encryption by the asymmetric encryption algorithm to the back end of the system for the back end to perform security authentication.
参照图2,本申请一实施例中还提供了一种基于时间戳的认证方法,包括以下步骤:Referring to Figure 2, an embodiment of the present application also provides a timestamp-based authentication method, including the following steps:
步骤S6,后端接收所述前端发送的上述encryptUserID和上述encryptPassword;Step S6, the backend receives the encryptUserID and the encryptPassword sent by the frontend;
步骤S7,使用与上述非对称加密算法的公钥相匹配的私钥对上述encryptUserID和上述encryptPassword分别进行解密,得到上述userID、randKeyA、timestampA、上述password、randKeyB和timestampB;Step S7: Use the private key that matches the public key of the asymmetric encryption algorithm to decrypt the encryptUserID and the encryptPassword, respectively, to obtain the userID, randKeyA, timestampA, the password, randKeyB, and timestampB;
步骤S8,分别判断上述timestampA与上述timestampB是否相同,上述randKeyA与上述randKeyB是否相同;Step S8, respectively determining whether the timestampA and the timestampB are the same, and whether the randKeyA and the randKeyB are the same;
步骤S9,若上述timestampA与上述timestampB相同,且上述randKeyA与上述randKeyB相同,则对上述userID和上述Password进行认证,并判断是否认证成功;Step S9, if the timestampA is the same as the timestampB, and the randKeyA is the same as the randKeyB, then the userID and the Password are authenticated, and it is determined whether the authentication is successful;
步骤S10,若是,则予以认证通过;Step S10, if yes, the authentication is passed;
步骤S11,若否,则不予认证通过。Step S11, if not, the authentication is not passed.
如上述步骤S6所述,后端接收前端传输过来的encryptUserID和encryptPassword,其中,后端可以是系统的后台服务器。As described in step S6, the back-end receives the encryptUserID and encryptPassword transmitted from the front-end, where the back-end may be the back-end server of the system.
如上述步骤S7所述,使用与上述非对称加密算法的公钥相匹配的私钥对上述encryptUserID进行解密As described in step S7 above, use the private key that matches the public key of the above asymmetric encryption algorithm to decrypt the above encryptUserID
私钥指数priExp:245358043478B1E7BDE620A115930AA801723EFB1823D2AD23D519053DC00F7B47C4373ABC7D3869A59F3AC8DB7D16ABB0161541EBCB295CEBEE1EDD85C54075988AA1064FADDFCC5FE14851AB193A097719A159952F5D514B98CE4CADEE421DF0996638312F6563B4E64387006F0CCE4797A3929339171CC41D448B9BE4706042D0B042D5C72D550C89699E745C5B6A3C2BC8D8175A5319D41338C67304593C826F1898BC5C153B831102476F2C7600FBD8222F43614B60CB857B7D912303E33BCCE56F661CADF55AE9F0D905AFB2FA62ECC1D32AF08A79AC9F211D29388083309C9CF23F76594D0F1A5138B1687E57DE7901967AD74FA5C104F1AFB5C0C151;Private key index priExp: 245358043478B1E7BDE620A115930AA801723EFB1823D2AD23D519053DC00F7B47C4373ABC7D3869A59F3AC8DB7D16ABB0161541EBCB295CEBEE1EDD85C54075988AA1064FADDFCC5FE14851AB193A097719A159952F5D514B98CE4CADEE421DF0996638312F6563B4E64387006F0CCE4797A3929339171CC41D448B9BE4706042D0B042D5C72D550C89699E745C5B6A3C2BC8D8175A5319D41338C67304593C826F1898BC5C153B831102476F2C7600FBD8222F43614B60CB857B7D912303E33BCCE56F661CADF55AE9F0D905AFB2FA62ECC1D32AF08A79AC9F211D29388083309C9CF23F76594D0F1A5138B1687E57DE7901967AD74FA5C104F1AFB5C0C151;
私钥模module: A67DF0337FAF559163BCBA89EE597C2DB0F17CEF87F4E0F476216C44831369504876B78FEB848DFD352BB598615B81C26D1027AC8481116BE40DBA6BD34A92524412936EDA2C6D402D81119DB33F180551DB1762B5F367B0AB319290C546A12B6483F65C55B6BFF19337FDCD79DE78A815725E9AE9FDA48C0FDCEBD6AFD8F9BC1BA254F93D8B189A7C8F6D205C5715B9C82F1EAEC1AA4D7BEE8679D58A0DB8AE4ED24B5B1942EE893BF4B2343D50F5CB38D4C38544D56E1C1877B6629A53BCCEB91B994A316BFE408E93359B3DDD3DDA4C96A26433C62A9E4C7332ADABDF148B6593B3F37621E921B21CF9B4D9AE9344D827C286F5671D0F3B582C5FEFCD4467;Private mode module: A67DF0337FAF559163BCBA89EE597C2DB0F17CEF87F4E0F476216C44831369504876B78FEB848DFD352BB598615B81C26D1027AC8481116BE40DBA6BD34A92524412936EDA2C6D402D81119DB33F180551DB1762B5F367B0AB319290C546A12B6483F65C55B6BFF19337FDCD79DE78A815725E9AE9FDA48C0FDCEBD6AFD8F9BC1BA254F93D8B189A7C8F6D205C5715B9C82F1EAEC1AA4D7BEE8679D58A0DB8AE4ED24B5B1942EE893BF4B2343D50F5CB38D4C38544D56E1C1877B6629A53BCCEB91B994A316BFE408E93359B3DDD3DDA4C96A26433C62A9E4C7332ADABDF148B6593B3F37621E921B21CF9B4D9AE9344D827C286F5671D0F3B582C5FEFCD4467;
解密后得到userID=zhangsan;randKeyA=2b162f8e38a045d78ed5606c8bdbea3a;timestampA= 1541057401。After decryption, userID=zhangsan; randKeyA=2b162f8e38a045d78ed5606c8bdbea3a; timestampA= 1541057401.
使用与上述非对称加密算法的公钥相匹配的私钥对上述encryptPassword进行解密,解密后得到password=1541057401;randKeyB=2b162f8e38a045d78ed5606c8bdbea3a;timestampB=1541057401。Use the private key that matches the public key of the asymmetric encryption algorithm to decrypt the above encryptPassword, after decryption, we get password=1541057401; randKeyB=2b162f8e38a045d78ed5606c8bdbea3a; timestampB=1541057401.
如果是由同一前端所生成的随机值randKey和获取的时间戳timestamp而得来的encryptUserID和encryptPassword,那么它们经过与上述非对称加密算法的公钥相匹配的私钥解密后,所得的randKeyA与randKeyB应该是相同的,所得的timestampA与timestampB也应该是相同的,如果有任一组不相等,则说明是encryptUserID和encryptPassword不是同一请求产生,很有可能是编造的。所以,在上述步骤S8中,分别判断上述timestampA与上述timestampB是否相同,上述randKeyA与上述randKeyB是否相同。If encryptUserID and encryptPassword are derived from the random value randKey generated by the same front-end and the obtained timestamp timestamp, then they are decrypted by the private key that matches the public key of the asymmetric encryption algorithm, and the resulting randKeyA and randKeyB It should be the same, and the timestampA and timestampB obtained should also be the same. If any group is not equal, it means that the encryptUserID and encryptPassword are not generated by the same request, and it is likely to be fabricated. Therefore, in the above step S8, it is determined whether the timestampA and the timestampB are the same, and whether the randKeyA and the randKeyB are the same.
如上述步骤S9所述,如果经过经过以上判断得出的判断结果是,timestampA与timestampB相同,且randKeyA与randKeyB相同,则说明对于UserID和Password的加密没有问题,encryptUserID和encryptPassword是同一请求所产生,则进一步对userID和所述Password进行认证,并判断是否认证成功。如上述步骤S10所述,如果userID和Password,均通过认证,则予以认证通过,从而允许前端用户进入后端/后台服务系统进行相关操作。如上述步骤S11所述,如果userID和Password,任一个没有通过认证,则不予认证通过,向前端返回认证失败的提示。As mentioned in step S9 above, if the judgment result obtained after the above judgment is that timestampA is the same as timestampB, and randKeyA is the same as randKeyB, it means that there is no problem with the encryption of UserID and Password, and encryptUserID and encryptPassword are generated by the same request. Then the userID and the Password are further authenticated, and it is judged whether the authentication is successful. As described in step S10 above, if both the userID and Password pass the authentication, the authentication is passed, thereby allowing the front-end user to enter the back-end/back-end service system to perform related operations. As mentioned in step S11 above, if either of the userID and Password fails the authentication, the authentication is not passed, and a prompt of authentication failure is returned to the front end.
本方案通过在前端产生随机key值randKey并获取当前时间戳timestamp,利用randKey和timestamp拼接成encryptKey,利用分隔符将encryptKey分别与userID及password进行拼接,并经过非对称算法进行加密得到encryptUserID和encryptPassword;后端通过非对称算法对encryptUserID和encryptPassword进行逆向解析,获得timestampA、timestampB、randKeyA和randKeyB,判断解析后所得到的随机key值及时间戳是否分别对应相等,如果分别对应相等,再对用户名和密码进行认证;通过对encryptUserID和encryptPassword隐藏的随机key值及时间戳进行交叉认证,来提高认证的安全性,从而避免因用户名和加密后的密码密文泄露,而通过用户名和密码密文直接骗取后端认证的不安全认证情况,提高认证的安全性。This solution generates a random key value randKey on the front end and obtains the current timestamp timestamp, uses randKey and timestamp to splice into an encryptKey, uses a separator to splice the encryptKey with userID and password respectively, and encrypts it through an asymmetric algorithm to obtain encryptUserID and encryptPassword; The back-end uses an asymmetric algorithm to reversely analyze encryptUserID and encryptPassword to obtain timestampA, timestampB, randKeyA, and randKeyB, and judge whether the random key value and timestamp obtained after parsing correspond to the same value. If they correspond to the same value, then the username and password are Perform authentication; cross-authenticate the hidden random key values and timestamps of encryptUserID and encryptPassword to improve the security of authentication, so as to avoid the leakage of the user name and encrypted password ciphertext, and the user name and password ciphertext are directly defrauded The insecure authentication situation of end authentication improves the security of authentication.
在一实施例中,上述分别判断上述timestampA与上述timestampB是否相同,上述randKeyA与上述randKeyB是否相同的步骤S8之前,还包括:In an embodiment, before step S8 of separately determining whether the timestampA and the timestampB are the same, and whether the randKeyA and the randKeyB are the same, the method further includes:
步骤S801,获取timestampServer,上述timestampServer是后端获取的当前时间;Step S801: Obtain a timestampServer, where the above timestampServer is the current time obtained by the backend;
步骤S802,计算上述timestampServer与上述imestampA或上述timestampB时间差值的绝对值m;Step S802: Calculate the absolute value m of the time difference between the aforementioned timestampServer and the aforementioned imestampA or the aforementioned timestampB;
步骤S803,判断上述绝对值m是否大于设定阈值timeThreshold;Step S803, judging whether the above-mentioned absolute value m is greater than a set threshold timeThreshold;
步骤S804,若是,则不予认证通过;Step S804, if yes, the authentication is not passed;
步骤S805,若否,则生成执行“分别判断上述timestampA与所述timestampB是否相同,上述randKeyA与上述randKeyB是否相同”的命令。Step S805, if not, generate and execute a command of "respectively judge whether the timestampA and the timestampB are the same, and whether the randKeyA and the randKeyB are the same".
为了进一步保证认证的安全,可以在对encryptUserID和encryptPassword解析之后,判断前端时间戳timestamp与后端当前时间timestampServer的差值是否在合理的范围内,这里姑且认为前端时间戳timestamp与解析encryptUserID所得的timestampA及解析encryptPassword所得的timestampB是相同的。In order to further ensure the security of authentication, after analyzing encryptUserID and encryptPassword, it can be judged whether the difference between the front-end timestamp timestamp and the back-end current time timestampServer is within a reasonable range. Here, let’s consider the front-end timestamp timestamp and timestampA obtained by parsing encryptUserID. The timestampB obtained by parsing encryptPassword is the same.
如上述步骤S801和步骤S802所述,后端获取当前时间timestampServer,计算上述timestampServer与上述timestampA或上述timestampB时间差值的绝对值m。因为这里默认timestampA和timestampB都是等于前端加密时生成的timestamp,所以,通过计算timestampServer与timestampA或timestampB任一个时间差值的绝对值m,即相当于计算了timestampServer与timestamp时间差值的绝对值,算式可表示为m=Math.abs(timestampServer-timestamp)。As described in steps S801 and S802, the backend obtains the current time timestampServer, and calculates the absolute value m of the time difference between the timestampServer and the timestampA or timestampB. Because here the default timestampA and timestampB are equal to the timestamp generated during the front-end encryption, so by calculating the absolute value m of the time difference between timestampServer and timestampA or timestampB, it is equivalent to calculating the absolute value of the time difference between timestampServer and timestamp. The formula can be expressed as m=Math.abs(timestampServer-timestamp).
如上述步骤S803所述,判断上述绝对值m是否大于设定阈值timeThreshold,设定阈值timeThreshold是是根据前端生成时间戳timstamp对用户名userID和密码Password进行加密到认证服务端对加密后的encryptUserID和encryptPassword进行解密所需要的合理的计算机处理时间,如timeThreshold=60秒。As described in step S803, it is determined whether the absolute value m is greater than the set threshold timeThreshold. The set threshold timeThreshold is based on the front-end generating timestamp timstamp to encrypt the user name userID and password Password to the authentication server to encrypt the encrypted userID and The reasonable computer processing time required for encryptPassword to decrypt, such as timeThreshold=60 seconds.
如上述步骤S804所述,如果timestampServer与timestampA或timestampB任一个时间差值的绝对值m大于设定阈值timeThreshold,则认为从加密到认证解密的时间超过了合理的计算机处理时间,说明密文有可能是很早之前产生的,也有可能是泄露了,则不予认证通过,直接向前端返回认证失败的提示,并结束认证,从而提高认证的安全有效。As mentioned in step S804 above, if the absolute value m of the time difference between timestampServer and timestampA or timestampB is greater than the set threshold timeThreshold, it is considered that the time from encryption to authentication and decryption exceeds a reasonable computer processing time, indicating that the ciphertext is possible If it is generated a long time ago, or it may be leaked, the authentication will not be passed, and a prompt of authentication failure will be directly returned to the front end, and the authentication will be ended, thereby improving the safety and effectiveness of the authentication.
如上述步骤S805所述,如果timestampServer与timestampA或timestampB任一个时间差值的绝对值m不大于设定阈值timeThreshold,则认为从加密到认证解密的时间在合理的计算机处理时间内,说明密文的产生时间没有可疑性,则生成执行“分别判断所述timestampA与所述timestampB是否相同,所述randKeyA与所述randKeyB是否相同”的命令,从而进入下一步的判断所述timestampA与所述timestampB是否相同以及所述randKeyA与所述randKeyB是否相同的步骤S8。As described in step S805 above, if the absolute value m of the time difference between timestampServer and timestampA or timestampB is not greater than the set threshold timeThreshold, it is considered that the time from encryption to authentication and decryption is within a reasonable computer processing time, indicating the ciphertext If the generation time is not suspicious, generate and execute the command "respectively determine whether the timestampA and the timestampB are the same, and whether the randKeyA and the randKeyB are the same", so as to enter the next step to determine whether the timestampA and the timestampB are the same And step S8 of whether the randKeyA and the randKeyB are the same.
在一实施例中,上述分别判断上述timestampA与上述timestampB是否相同,上述randKeyA与上述randKeyB是否相同的步骤S8之前,还包括:In an embodiment, before step S8 of separately determining whether the timestampA and the timestampB are the same, and whether the randKeyA and the randKeyB are the same, the method further includes:
步骤S806,获取上述randKey;Step S806, obtain the aforementioned randKey;
步骤S807,判断上述randKey是否与上述randKeyA或上述randKeyB相同;Step S807: Determine whether the above randKey is the same as the above randKeyA or the above randKeyB;
步骤S808,若否,则不予认证通过;Step S808, if not, the authentication is not passed;
步骤S809,若是,则生成执行“分别判断所述timestampA与所述timestampB是否相同,所述randKeyA与所述randKeyB是否相同”的命令。Step S809, if yes, generate and execute a command of "respectively judging whether the timestampA and the timestampB are the same, and whether the randKeyA and the randKeyB are the same".
为了进一步确保生成encryptUserID和encryptPassword所用的离散值是前端所产生离散值,从而保证认证的安全性,可通过判断对encryptUserID和encryptPassword解密后所得的randKeyA或randKeyB是否与前端原本所生成randKey相同的方式来认证。如上述步骤S806所述,后端获取前端传送的randKey。可以在前端传输encryptUserID和encryptPassword时,将randKey也一同传输给后端,从而后端可以获取前端传送的randKey,以备下一步的判断使用。In order to further ensure that the discrete values used to generate encryptUserID and encryptPassword are those generated by the front-end, so as to ensure the security of authentication, it can be determined whether the randKeyA or randKeyB obtained after decrypting encryptUserID and encryptPassword is the same as the original randKey generated by the front-end. Certification. As described in step S806 above, the back end obtains the randKey transmitted by the front end. When the encryptUserID and encryptPassword are transmitted at the front end, the randKey is also transmitted to the back end, so that the back end can obtain the randKey transmitted by the front end for use in the next judgment.
如上述步骤S807所述,判断上述randKey是否与上述randKeyA或上述randKeyB相同。后端对encryptUserID和encryptPassword解密之后,得到userID、randKeyA、timestampA、上述password、randKeyB和timestampB,这里姑且认为randKeyA与randKeyB相同。所以,可以将上述获取的randKey与randKeyA或randKeyB任一个进行对比,判断是否相同。As described in the foregoing step S807, it is determined whether the foregoing randKey is the same as the foregoing randKeyA or the foregoing randKeyB. After the backend decrypts the encryptUserID and encryptPassword, it obtains userID, randKeyA, timestampA, the above password, randKeyB, and timestampB. Let us assume that randKeyA and randKeyB are the same. Therefore, the randKey obtained above can be compared with either randKeyA or randKeyB to determine whether they are the same.
如上述步骤S808所述,如果randKey与randKeyA或randKeyB的对比结果是不相同,则说明用于生成encryptUserID的离散值randKeyA或用于生成encryptPassword的离散值randKeyB不是前端原始生成的randKey,也就说明很有可能是编造或假冒的离散值。在这种情况下,不予认证通过,直接向前端返回认证失败的提示,并结束认证,从而提高认证的安全有效。As mentioned in step S808 above, if the comparison result of randKey and randKeyA or randKeyB is not the same, it means that the discrete value randKeyA used to generate encryptUserID or the discrete value randKeyB used to generate encryptPassword is not the original randKey generated by the front-end. There may be discrete values that are fabricated or faked. In this case, the authentication is not passed, and the prompt of authentication failure is directly returned to the front end, and the authentication is ended, thereby improving the safety and effectiveness of authentication.
如上述步骤S809所述,如果randKey与randKeyA或randKeyB的对比结果是相同,则说明生成encryptUserID或encryptPassword的randKeyA或randKeyB是前端原始生成的randKey。在这种情况下,认为用于生成encryptUserID的离散值randKeyA或用于生成encryptPassword的离散值randKeyB没有问题,则生成执行“分别判断所述timestampA与所述timestampB是否相同,所述randKeyA与所述randKeyB是否相同”的命令,从而进入对应的认证步骤。As described in step S809 above, if the comparison result of randKey and randKeyA or randKeyB is the same, it means that randKeyA or randKeyB that generates encryptUserID or encryptPassword is the original randKey generated by the front end. In this case, it is considered that there is no problem with the discrete value randKeyA used to generate the encryptUserID or the discrete value randKeyB used to generate the encryptPassword, then the generation and execution "judge whether the timestampA and the timestampB are the same, the randKeyA and the randKeyB Is the same" command to enter the corresponding authentication step.
在一实施例中,上述分别判断上述timestampA与上述timestampB是否相同,上述randKeyA与上述randKeyB是否相同的步骤S8之前,还包括:In an embodiment, before step S8 of separately determining whether the timestampA and the timestampB are the same, and whether the randKeyA and the randKeyB are the same, the method further includes:
步骤S810,获取上述timestamp;Step S810, obtain the aforementioned timestamp;
步骤S811,判断上述timestamp是否与上述timestampA或上述timestampB相同;Step S811: Determine whether the timestamp is the same as the timestampA or timestampB;
步骤S812,若否,则不予认证通过;Step S812, if not, the authentication is not passed;
步骤S813,若是,则生成执行“分别判断所述timestampA与所述timestampB是否相同,所述randKeyA与所述randKeyB是否相同”的命令。Step S813, if yes, generate a command to execute "respectively determine whether the timestampA and the timestampB are the same, and whether the randKeyA and the randKeyB are the same".
为了进一步确保生成encryptUserID和encryptPassword所用的时间戳是前端所产生时间戳,从而保证认证的安全性,可通过判断对encryptUserID和encryptPassword解密后所得的timestampA或timestampB是否与前端原本所获取timestamp相同的方式来认证。如上述步骤S810所述,后端获取前端传送的timestamp。可以在前端传输encryptUserID和encryptPassword时,将timestamp也一同传输给后端,从而后端可以获取前端传送的timestamp,以备下一步的判断使用。In order to further ensure that the timestamps used to generate encryptUserID and encryptPassword are the timestamps generated by the front-end, so as to ensure the security of authentication, you can determine whether the timestampA or timestampB obtained after decrypting encryptUserID and encryptPassword is the same as the timestamp originally obtained by the front-end. Certification. As described in step S810 above, the backend obtains the timestamp transmitted by the frontend. When encryptUserID and encryptPassword are transmitted at the front end, the timestamp is also transmitted to the back end, so that the back end can obtain the timestamp transmitted by the front end for use in the next judgment.
如上述步骤S811所述,判断timestamp是否与timestampA或timestampB相同。后端对encryptUserID和encryptPassword解密之后,得到userID、timestampA、timestampA、上述password、timestampB和timestampB,这里姑且认为timestampA与timestampB相同。所以,可以将上述获取的timestamp与timestampA或timestampB任一个进行对比,判断是否相同。As described in step S811 above, it is determined whether timestamp is the same as timestampA or timestampB. After the backend decrypts the encryptUserID and encryptPassword, it obtains userID, timestampA, timestampA, the above password, timestampB, and timestampB. Here, let us assume that timestampA is the same as timestampB. Therefore, the timestamp obtained above can be compared with either timestampA or timestampB to determine whether they are the same.
如上述步骤S812所述,如果timestamp与timestampA或timestampB的对比结果是不相同,则说明用于生成encryptUserID的时间戳timestampA或用于生成encryptPassword的时间戳timestampB不是前端原始生成的timestamp,也就说明很有可能是编造或假冒的时间戳。在这种情况下,不予认证通过,直接向前端返回认证失败的提示,并结束认证,从而提高认证的安全有效。As mentioned in step S812 above, if the comparison result of timestamp and timestampA or timestampB is not the same, it means that the timestamp timestampA used to generate encryptUserID or the timestamp timestampB used to generate encryptPassword is not the timestamp originally generated by the front-end. It may be a fabricated or fake time stamp. In this case, the authentication is not passed, and the prompt of authentication failure is directly returned to the front end, and the authentication is ended, thereby improving the safety and effectiveness of authentication.
如上述步骤S813所述,如果timestamp与timestampA或timestampB的对比结果是相同,则说明生成encryptUserID的timestampA或生成encryptPassword的timestampB是前端原始生成的timestamp。在这种情况下,认为用于生成encryptUserID的时间戳timestampA或用于生成encryptPassword的时间戳timestampB没有问题,则生成执行“分别判断所述timestampA与所述timestampB是否相同,所述timestampA与所述timestampB是否相同”的命令,从而进入对应的认证步骤。As described in step S813 above, if the comparison result of timestamp and timestampA or timestampB is the same, it means that timestampA for generating encryptUserID or timestampB for generating encryptPassword is the timestamp originally generated by the front end. In this case, it is considered that there is no problem with the timestamp timestampA used to generate the encryptUserID or the timestamp timestampB used to generate the encryptPassword, then the generation execution "determines whether the timestampA and timestampB are the same, the timestampA and timestampB are the same. Is the same" command to enter the corresponding authentication step.
在一个实施例中,上述不予认证通过的步骤S11、S804、S808或S812之后,还包括:In an embodiment, after the above steps S11, S804, S808 or S812 for not being authenticated, the method further includes:
步骤S814,记录连续认证失败的次数;Step S814, record the number of consecutive authentication failures;
步骤S815,判断上述连续认证失败的次数是否达到设定次数;Step S815: It is judged whether the number of consecutive authentication failures mentioned above reaches a set number of times;
步骤S816,若是,则暂停后续预设时间内的认证工作。Step S816, if yes, suspend the subsequent authentication work within the preset time.
如上述步骤S814所述,如果认证的结果是不予认证通过,即认证失败,则记录连续认证失败的次数,任何一次认证成功,则后续认证需重新计算连续认证失败的次数。如上述步骤S8015所述,判断上述连续认证失败的次数是否达到设定次数,设定次数如3次或5次等。如上述步骤S8016所述,当连续认证失败的次数达到设定次数(如5次),则暂停后续预定时间段(如1天)内的认证工作。出现连续多次认证失败的情况,可能是有人恶意尝试进入系统,通过这种本方案暂停后续预定时间段内的认证工作,避免恶意尝试进入系统,而造成损失,提高认证的安全性。As described in step S814 above, if the result of the authentication is that the authentication is not passed, that is, the authentication fails, the number of consecutive authentication failures is recorded. If any authentication succeeds, the subsequent authentication needs to recalculate the number of consecutive authentication failures. As described in step S8015, it is determined whether the number of consecutive authentication failures reaches a set number, such as 3 or 5 times. As described in step S8016 above, when the number of consecutive authentication failures reaches the set number (for example, 5 times), the authentication work in the subsequent predetermined time period (for example, 1 day) is suspended. In the case of multiple consecutive authentication failures, it may be that someone maliciously attempts to enter the system. Through this solution, the subsequent authentication work within a predetermined time period is suspended to avoid malicious attempts to enter the system and cause losses, and to improve the security of authentication.
在一实施例中,上述暂停后续预设时间内的认证工作的步骤S8016之后,包括:In an embodiment, after the step S8016 of suspending the subsequent authentication work within the preset time, the method includes:
步骤S8017,向管理人员发出预警提示。In step S8017, an early warning is issued to the management personnel.
如上述步骤S8017所述,如果连续认证失败的次数是否达到设定次数,则暂停后续预定时间段内的认证工作的同时,向管理人员发出预警提示,预警提示可以通过短信等方式发送至管理人员随身携带的移动终端或固定的监视系统,从而提醒管理人员,有人试图非法进入该(需安全认证的)系统,方便管理人员及时知晓和监视相关情况并采取措施,避免产生损失。As described in step S8017 above, if the number of consecutive authentication failures reaches the set number, the subsequent authentication work within the predetermined time period will be suspended, and an early warning reminder will be sent to the manager. The warning reminder can be sent to the manager by means of SMS, etc. A mobile terminal or a fixed monitoring system that you carry with you to remind the management personnel that someone is trying to enter the system (requiring safety certification) illegally, so that the management personnel can know and monitor the relevant situation in time and take measures to avoid losses.
在一实施例中,上述暂停后续预设时间内的认证工作的步骤S8016之后,还包括:In an embodiment, after the step S8016 of suspending the subsequent authentication work within the preset time, the method further includes:
步骤S8018,发送控制上述打开所述前端的摄像头拍摄所述前端的操作者头像的指令给所述前端。Step S8018: Send an instruction to control the front end to turn on the front end camera to shoot the front end operator's portrait to the front end.
如步骤S8018所述,如果连续认证失败的次数是否达到设定次数,则暂停后续预定时间段内的认证工作的同时,发送控制打开前端的摄像头拍摄前端的操作者头像的指令给前端,打开前端摄像头,拍摄前端操作者头像。从而,在有人试图非法进入系统时,抓取操作者面部特征,在系统万一被非法进入,造成损失的情况下,为查找侵入系统者或立案调查等提供线索。拍摄获取的前端操作者头像,可以储存在本地,也可以发送至远端监控系统,以备随时查看或远端监视。As described in step S8018, if the number of consecutive authentication failures reaches the set number, then while suspending the subsequent authentication work within the predetermined period of time, send an instruction to control the front-end camera to shoot the front-end operator's portrait to the front-end, open the front-end The camera takes a picture of the front-end operator. Therefore, when someone tries to enter the system illegally, the facial features of the operator are captured, and in case the system is illegally entered, causing losses, it can provide clues for finding the intruder or filing a case for investigation. The front-end operator's avatar captured by shooting can be stored locally or sent to a remote monitoring system for viewing or remote monitoring at any time.
参照图3,本申请一实施例中还提供了一种基于时间戳的加密及认证系统,包括前端10和后端20;3, an embodiment of the present application also provides a timestamp-based encryption and authentication system, including a front end 10 and a back end 20;
上述前端10,用于获取加密指令,上述加密指令是由前端用户操作而产生;The aforementioned front-end 10 is used to obtain encrypted instructions, and the aforementioned encrypted instructions are generated by operations of front-end users;
生成randKey,并获取timestamp,其中,randKey是前端产生的一个随机key值,timestamp是当前时间戳;Generate randKey and get timestamp, where randKey is a random key value generated by the front end, and timestamp is the current timestamp;
将上述randKey和所述timestamp通过第一预置分隔符拼接起来,形成encryptKey;Splicing the above randKey and the timestamp through the first preset separator to form an encryptKey;
获取userID和password,将上述userID和上述encryptKey通过第二预置分隔符拼接起来,形成contactUserID;将上述password与上述encryptKey通过第三预置分隔符拼接起来,形成contactPassword;其中,userID是用户名;Obtain userID and password, join the above userID and the above encryptKey through the second preset separator to form contactUserID; join the above password and the above encryptKey through the third preset separator to form contactPassword; where userID is the user name;
对上述contactUserID和上述contactPassword使用非对称加密算法分别进行加密,得到encryptUserID和encryptPassword;Encrypt the above contactUserID and the above contactPassword using an asymmetric encryption algorithm to obtain encryptUserID and encryptPassword;
将上述encryptUserID和上述encryptPassword传输到后端;Transmit the above encryptUserID and the above encryptPassword to the backend;
上述后端20,用于接收上述前端10发送的上述encryptUserID和上述encryptPassword;The back end 20 is configured to receive the encryptUserID and the encryptPassword sent by the front end 10;
使用与上述非对称加密算法的公钥相匹配的私钥对上述encryptUserID和上述encryptPassword分别进行解密,得到上述userID、randKeyA、timestampA、上述password、randKeyB和timestampB,上述后端预先配置所述私钥;Use a private key that matches the public key of the asymmetric encryption algorithm to decrypt the encryptUserID and the encryptPassword, respectively, to obtain the userID, randKeyA, timestampA, the password, randKeyB, and timestampB, the backend pre-configures the private key;
分别判断上述timestampA与上述timestampB是否相同,上述randKeyA与上述randKeyB是否相同;Determine whether the timestampA and the timestampB are the same, and whether the randKeyA and the randKeyB are the same;
若上述timestampA与上述timestampB相同,且上述randKeyA与上述randKeyB相同,则对上述userID和上述Password进行认证,并判断是否认证成功;If the aforementioned timestampA is the same as the aforementioned timestampB, and the aforementioned randKeyA is the same as the aforementioned randKeyB, then the aforementioned userID and the aforementioned Password are authenticated, and it is determined whether the authentication is successful;
若是,则予以认证通过;If yes, it shall be certified;
若否,则不予认证通过。If not, it will not be certified.
参照图4,本申请实施例中还提供一种计算机设备,该计算机设备可以是服务器,其内部结构可以如图4所示。该计算机设备包括通过系统总线连接的处理器、存储器、网络接口和数据库。其中,该计算机设计的处理器用于提供计算和控制能力。该计算机设备的存储器包括存储介质、内存储器,所述存储介质可以是易失性存储介质,也可以是非易失性存储介质。该存储介质存储有操作系统、计算机程序和数据库。该内存储器为存储介质中的操作系统和计算机程序的运行提供环境。该计算机设备的数据库用于存储前端传输来的encryptUserID、encryptPassword、randKey、timestamp等数据。该计算机设备的网络接口用于与外部的终端通过网络连接通信。该计算机程序被处理器执行时以实现一种上述基于时间戳的加密方法或基于时间戳的认证方法。Referring to FIG. 4, an embodiment of the present application also provides a computer device. The computer device may be a server, and its internal structure may be as shown in FIG. 4. The computer equipment includes a processor, a memory, a network interface and a database connected by a system bus. Among them, the computer designed processor is used to provide calculation and control capabilities. The memory of the computer device includes a storage medium and an internal memory. The storage medium may be a volatile storage medium or a non-volatile storage medium. The storage medium stores an operating system, a computer program, and a database. The internal memory provides an environment for the operation of the operating system and computer programs in the storage medium. The database of the computer equipment is used to store the encryptedUserID, encryptPassword, randKey, timestamp and other data transmitted from the front end. The network interface of the computer device is used to communicate with an external terminal through a network connection. The computer program is executed by the processor to implement the above-mentioned timestamp-based encryption method or the timestamp-based authentication method.
本领域技术人员可以理解,图4中示出的结构,仅仅是与本申请方案相关的部分结构的框图,并不构成对本申请方案所应用于其上的计算机设备的限定。Those skilled in the art can understand that the structure shown in FIG. 4 is only a block diagram of a part of the structure related to the solution of the present application, and does not constitute a limitation on the computer device to which the solution of the present application is applied.
本申请一实施例还提供一种计算机可读存储介质,该计算机可读存储介质可以是易失性计算机可读存储介质,也可以是非易失性计算机可读存储介质。计算机可读存储介质上存储有计算机程序,计算机程序被处理器执行时实现上述一种基于时间戳的加密方法或上述一种基于时间戳的认证方法。An embodiment of the present application further provides a computer-readable storage medium. The computer-readable storage medium may be a volatile computer-readable storage medium or a non-volatile computer-readable storage medium. A computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, the above-mentioned time-stamp-based encryption method or the above-mentioned time-stamp-based authentication method is implemented.
本领域普通技术人员可以理解实现上述实施例方法中的全部或部分流程,是可以通过计算机程序来指令相关的硬件来完成,上述的计算机程序可存储与一存储介质中,该存储介质可以是非易性存储介质,也可以是非易失性存储介质,该计算机程序在执行时,可包括如上述各方法的实施例的流程。其中,本申请所提供的和实施例中所使用的对存储器、存储、数据库或其它介质的任何引用,均可包括非易失性和/或易失性存储器。非易失性存储器可以包括只读存储器(ROM)、可编程ROM(PROM)、电可编程ROM(EPROM)、电可擦除可编程ROM(EEPROM)或闪存。易失性存储器可包括随机存取存储器(RAM)或者外部高速缓冲存储器。作为说明而非局限,RAM通过多种形式可得,诸如静态RAM(SRAM)、动态RAM(DRAM)、同步DRAM(SDRAM)、双速据率SDRAM(SSRSDRAM)、增强型SDRAM(ESDRAM)、同步链路(Synchlink)DRAM(SLDRAM)、存储器总线(Rambus)直接RAM(RDRAM)、直接存储器总线动态RAM(DRDRAM)、以及存储器总线动态RAM(RDRAM)等。Persons of ordinary skill in the art can understand that all or part of the processes in the above-mentioned embodiment methods can be implemented by computer programs instructing relevant hardware. The above-mentioned computer programs can be stored in a storage medium, which can be non-transitory The storage medium may also be a non-volatile storage medium, and when the computer program is executed, it may include the processes of the above-mentioned method embodiments. Wherein, any reference to memory, storage, database or other media provided in this application and used in the embodiments may include non-volatile and/or volatile memory. Non-volatile memory may include read-only memory (ROM), programmable ROM (PROM), electrically programmable ROM (EPROM), electrically erasable programmable ROM (EEPROM), or flash memory. Volatile memory may include random access memory (RAM) or external cache memory. As an illustration and not a limitation, RAM is available in many forms, such as static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), dual-rate SDRAM (SSRSDRAM), enhanced SDRAM (ESDRAM), synchronous Link (Synchlink) DRAM (SLDRAM), memory bus (Rambus) direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM), etc.
需要说明的是,在本文中,术语“包括”、“包含”或者其任何其它变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、装置、物品或者方法不仅包括那些要素,而且还包括没有明确列出的其它要素,或者是还包括为这种过程、装置、物品或者方法所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括该要素的过程、装置、物品或者方法中还存在另外的相同要素。It should be noted that, in this article, the terms "including", "including" or any other variations thereof are intended to cover non-exclusive inclusion, so that a process, device, article or method including a series of elements not only includes those elements, It also includes other elements that are not explicitly listed, or elements inherent to the process, device, article, or method. If there are no more restrictions, the element defined by the sentence "including a..." does not exclude the existence of other identical elements in the process, device, article, or method that includes the element.
以上所述仅为本申请的优选实施例,并非因此限制本申请的专利范围,凡是利用本申请说明书及附图内容所作的等效结构或等效流程变换,或直接或间接运用在其它相关的技术领域,均同理包括在本申请的专利保护范围内。The above are only the preferred embodiments of this application, and do not limit the scope of this application. Any equivalent structure or equivalent process transformation made using the content of the description and drawings of this application, or directly or indirectly applied to other related The technical field is equally included in the scope of patent protection of this application.