CN108965230A - A kind of safety communicating method, system and terminal device - Google Patents
A kind of safety communicating method, system and terminal device Download PDFInfo
- Publication number
- CN108965230A CN108965230A CN201810436553.XA CN201810436553A CN108965230A CN 108965230 A CN108965230 A CN 108965230A CN 201810436553 A CN201810436553 A CN 201810436553A CN 108965230 A CN108965230 A CN 108965230A
- Authority
- CN
- China
- Prior art keywords
- server
- jwt
- client
- request
- signature value
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
- Computer And Data Communications (AREA)
Abstract
The application is suitable for field of communication technology, provide a kind of safety communicating method, system and terminal device, it include: the logging request for receiving client and sending, identity security token JWT is generated according to the logging request, the JWT and the server-side public key are sent to the client, to indicate that the client generates signature value;The service request that the client is sent is received, the JWT and the signature value are verified;If the two passes through verifying, the request data of the service request is returned to the client.By the JWT for generating encryption, and when client sends service request to server-side every time, server-side is sent to using the JWT as a part of service request, establish an information security channel, to guarantee the safety of data transmission, third party's stealing or distorting to data is prevented, server-side verifies JWT therein and signature value to the service request received, it is ensured that requests the legitimacy of certification.
Description
Technical field
The application belongs to field of communication technology more particularly to a kind of safety communicating method, system and terminal device.
Background technique
When accessing server by customer end, generally require to carry out communication authentication, currently used communication authentication to login process
It is an open authorization criteria that method, which has OAuth or Basic Auth etc., OAuth, it allows user that third-party application is allowed to visit
The resource (such as photo, video, contacts list) for asking the secret that the user stores on a certain web services, without by user
Name and password are supplied to third-party application.But it only allows user that third party website can be authorized to access them and is stored in other clothes
Certain specific informations of business supplier, rather than all the elements.Basic Auth then requires to provide user in request API every time
The login password of name and user, therefore, it is very easy to which the information such as the username and password of user are exposed to third-party client
End.Secure communication between the client and server of user cannot ensure.
Summary of the invention
In view of this, the embodiment of the present application provides a kind of safety communicating method, system and terminal device, it is existing to solve
The problem of client and the safety of data transmission in server communication process cannot ensure in technology.
The first aspect of the embodiment of the present application provides a kind of safety communicating method, and the safety communicating method includes:
The logging request that client is sent is received, identity security token JWT, the JWT are generated according to the logging request
In load data have been subjected to encryption;
The JWT and the server-side public key are sent to the client, to indicate that the client generates signature value;
Receive the service request that the client is sent, include the JWT and the signature value in the service request with
And request data;
Verify the JWT and the signature value;
If the two passes through verifying, the request data of the service request is returned to the client.
The second aspect of the embodiment of the present application provides a kind of safety communicating method, and the safety communicating method includes:
Logging request is sent to server-side;
JWT and the server-side public key that the server-side is sent are received, the JWT is that the server-side is stepped on according to
Record request generates;
Signature value is generated according to the public key for stating server-side;
Service request is sent to the server-side, indicates that the server-side verifies the service request.The clothes
It include the JWT, the signature value and request data in business request;
Receive the request data that the server-side is sent.
The third aspect of the embodiment of the present application provides a kind of safe communication system, and the safe communication system includes: clothes
Business end and client;
The server-side includes:
Receiving unit generates identity security according to the logging request and enables for receiving the logging request of client transmission
Load data in board JWT, the JWT has been subjected to encryption;It is also used to receive the service request that the client is sent, institute
State includes the JWT and the signature value and request data in service request;
Transmission unit, for sending the JWT and the server-side public key to the client, to indicate the client
Generate signature value;
Authentication unit, for verifying the JWT and the signature value;If the two passes through verifying, to the client
Return to the request data of the service request.
The client includes:
Request transmitting unit, for sending logging request to server-side;It is also used to send service request to the server-side,
Indicate that the server-side verifies the service request.Comprising the JWT, the signature value and asking in the service request
Seek data;
Generation unit, the public key for stating server-side according to generate signature value;
Data receipt unit, the JWT and the server-side public key sent for receiving the server-side, the JWT is institute
Server-side is stated to be generated according to the logging request;It is also used to receive the request data that the server-side is sent.
The fourth aspect of the embodiment of the present application provides a kind of terminal device, including memory, processor and is stored in
In the memory and the computer program that can run on the processor, when the processor executes the computer program
It realizes such as the step of any one of safety communicating method the method.
5th aspect of the embodiment of the present application provides a kind of computer readable storage medium, the computer-readable storage
Media storage has computer program, is realized when the computer program is executed by processor as any in the safety communicating method
The step of item the method.
Client is with server-side when being communicated in embodiment provided by the present application, and server-side is according to the login of client
Request generates the identity security token JWT of encryption, the JWT and server-side public key is sent collectively to client, so that client
End generates signature value when sending service request to server-side, and server-side receives the service request that client is sent, and to described
The JWT and signature value for including in service request are verified, if the two is verified, it is requested to return to its to client
Data.Pass through the JWT for generating encryption during this, and when client sends service request to server-side every time, it will be described
JWT is sent to server-side as a part of service request, establishes an information security channel, to guarantee the peace of data transmission
Quan Xing, prevents third party's stealing or distorting to data, and server-side verifies JWT and signature therein to the service request received
Value, it is ensured that request the legitimacy of certification.
Detailed description of the invention
It in order to more clearly explain the technical solutions in the embodiments of the present application, below will be to embodiment or description of the prior art
Needed in attached drawing be briefly described, it should be apparent that, the accompanying drawings in the following description is only some of the application
Embodiment for those of ordinary skill in the art without any creative labor, can also be according to these
Attached drawing obtains other attached drawings.
Fig. 1 is the implementation process schematic diagram of safety communicating method provided by the embodiments of the present application;
Fig. 2 is the implementation process schematic diagram for the safety communicating method that another embodiment of the application provides;
Fig. 3 is the schematic diagram of safe communication system provided by the embodiments of the present application;
Fig. 4 is the schematic diagram of terminal device provided by the embodiments of the present application.
Specific embodiment
In being described below, for illustration and not for limitation, the tool of such as particular system structure, technology etc is proposed
Body details, so as to provide a thorough understanding of the present application embodiment.However, it will be clear to one skilled in the art that there is no these specific
The application also may be implemented in the other embodiments of details.In other situations, it omits to well-known system, device, electricity
The detailed description of road and method, so as not to obscure the description of the present application with unnecessary details.
Client is with server-side when being communicated in embodiment provided by the present application, and server-side is according to the login of client
Request generates the identity security token JWT of encryption, the JWT and server-side public key is sent collectively to client, so that client
End generates signature value when sending service request to server-side, and server-side receives the service request that client is sent, and to described
The JWT and signature value for including in service request are verified, if the two is verified, it is requested to return to its to client
Data.
In order to illustrate technical solution described herein, the following is a description of specific embodiments.
Embodiment one:
Fig. 1 shows a kind of implementation process schematic diagram of safety communicating method provided by the embodiments of the present application, and details are as follows:
Step S11, server-side receive the logging request that client is sent, and generate identity security according to the logging request and enable
Load data in board JWT, the JWT has been subjected to encryption;
Client sends logging request to server-side in embodiment provided by the present application, includes client in the logging request
The public key of the user name at end, login password and client;The public key of the client sends to server-side in client and logs in
It is generated before request by Diffie-Hellman algorithm, while generating the private of client by Diffie-Hellman algorithm
Key.The identity security token (Json Web Token, JWT) includes head, load and signature.
It is further, described that identity security token JWT is generated according to the logging request, comprising:
The log-on message of the client is obtained according to the logging request;
The log-on message is encrypted, the signature of identity security token JWT is obtained;
Described in the Encryption Algorithm used according to the signature, the load data and when encrypting the log-on message generates
JWT。
In the step according to the logging request obtain log-on message, the log-on message include client user name,
It further include the contents such as the term of validity of JWT except login password and the public key of client.The JWT include head, load with
And signature.Obtain the signature section of JWT after encrypting the head and the load data, then according to signature section, described step on
The Encryption Algorithm used when record information and the encryption log-on message generates JWT.
It is exemplified below:
The head of JWT is used to describe the most basic information of the JWT, such as algorithm used in the type or signature of JWT, shape
Such as:
"typ":"JWT",
"alg":"HS256"
}
I.e. above-mentioned is a JSON object, and used signature algorithm is HS256 algorithm, encodes it to Base64 to be carried out
Character string afterwards is just at the head (Header) of JWT:
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9
The load includes the log-on message in logging request, such as the term of validity of label originator (i.e. user name), JWT;
A JSON object is described it as first, such as:
{
"iss":"Alice",
"iat":1522292400,
"exp":1522294200,
"aud":"www.example.com",
"sub":"Alice@example",
"from_user":"B",
"target_user":"A"
}
First five field is as defined in the standard of JWT, iss: indicating the label originator of JWT;Sub: indicate JWT towards
User;Aud: it indicates to receive a side of the JWT;Exp (expires): indicating the term of validity of JWT, when being a Unix
Between stab;Iat (issued at): indicate that the JWT's signs and issues the time.JSON object progress [base64 coding] is obtained
Following character string.The character string is referred to as the load (Payload) of JWT.
eyJpc3MiOiJBbGljZSIsImlhdCI6MTUyMjI5MjQwMCwiZXhwIjoxNTIyMjk0MjAwLCJhdWQiOiJ3d
3cuZXhhbXBsZS5jb20iLCJzdWIiOiJhbGljZUBleGFtcGxlL
MNvbSIsImZyb21fdXNlciI6IkIiLCJ0YXJnZXRfdXNlciI6IkEifQ==
It signs (signature)
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJmcm9tX3VzZXIiOiJCIiwidG
FyZ2V0X3VzZXIiOiJBIn0
The character string spliced above is encrypted with HS256 algorithm.Obtain encrypted content:
This part of rSWamyAYwuHCo7IFAgd1oRpSP7nzL7BF5t7ItqpKViM, which is called, does signature section.
The character string of the last signature section is also spliced behind the character string being signed, complete to finally obtain
JWT:
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJmcm9tX3VzZXIiOiJCIiwidG
FyZ2V0X3VzZXIiOiJBIn0.rSWamyAYwuHCo7IFAgd1oRpSP7nzL7BF5t7ItqpKV iM
Step S12, sends the JWT and the server-side public key to the client, with indicate the client to
The server-side generates signature value when sending service request;
In the step, JWT generated and server public key are sent the client by server-side, so that the client
End is generating signature value according to the server-side public key whenever necessary, and when sending service request to server-side by the JWT
It is sent to server-side together included in service request.
Further, the server-side public key and server-side private key are generated according to Diffie-Hellman algorithm.
Step S13 receives the service request that user is sent by the client, includes described in the service request
JWT and the signature value and request data;
Server-side receives the service request that client is sent in embodiment provided by the present application, includes in the service request
Signature value that JWT that client is received from server-side, client are generated according to the local key of client and this time client
The request data at end.The local key of the client is generated according to client private key and server-side public key, the client
Local key is identical as the local key of server-side, and the local key of the server-side is according to the server-side private key and client
Public key generates.
Further, identical algorithm can be used when generating respective local key in client and server-side.
In order to avoid the leakage of key needed for client signature and server-side verifying signature in the step, when formulation logs in
Arranging key rule, negotiates the key with server-side when client is logged in, key agreement then uses Diffie-Hellman close
Key exchange algorithm arranging key.Making communicating pair by exchanging respective public key by the algorithm, to generate shared local close
Key.
Step S14 verifies the JWT and the signature value;
Server-side obtains JWT and signature value therein, by described to the service request received in the embodiment of the present application
JWT to client identity, whether be that effective information such as log in are verified, pass through the conjunction of the label name-value pair this time service request
Method is verified.
Further, the verifying JWT and the signature value, comprising:
Parse the JWT for including in the service request and signature value;
Whether the identity for verifying the user according to the JWT is legal and whether the client logs in the server
Time-out;
If the identity of the user is legal and the client login server has not timed out, according to the server-side
Local key authentication described in signature value it is whether legal, wherein the local key of the server-side is according to the server-side private key
It is generated with the client public key.
In the step, server parses JWT and signature value respectively from the service request received, first passes through JWT pairs
Whether the identity of user legal and the client logs in the server whether time-out is verified, if the two verifying is logical
It crosses, is then verified again by the legitimacy of the local key pair signature value of server-side.
Further, according to the local key authentication institute of the server-side described in another embodiment provided by the present application
Whether legal state signature value, comprising:
According to the service request obtain this time request relevant information, the relevant information include request message content,
One of request method, request API, random number, timestamp are a variety of;
The local key of the relevant information and the server-side is combined, the first combined result is obtained;
Sign test is carried out to the signature value by the sign test method in SM3 algorithm according to first combined result, with true
Whether the fixed signature value is legal.
In the step, server-side receive request after according to the JWT acquisition request message content, request method, request
One of API, random number, timestamp or a variety of relevant informations;By the local key of server-side and the relevant information
According to " body: request message Nei Rong &httpMethod: Qing Qiufangshi &httpURI: request API&nonce: random number &
SecretKey: local Mi Yao ×tamp: timestamp " rule is combined, and obtains the first combined result, and described first
Combined result carries out signature value verifying by the sign test method in SM3 algorithm, finally to determine the service request of client transmission
It is whether legal.
Step S15 returns to the request content of the service request to the client if the two passes through verifying.
In embodiment provided by the present application, if the signature value that the JWT and client are sent passes through verifying, illustrate
The client this service request be legitimate request therefore it is sent to client according to the service request and is requested
Data.
Client is with server-side when being communicated in embodiment provided by the present application, and server-side is according to the login of client
Request generates the identity security token JWT of encryption, the JWT and server-side public key is sent collectively to client, so that client
End generates signature value when sending service request to server-side, and server-side receives the service request that client is sent, and to described
The JWT and signature value for including in service request are verified, if the two is verified, it is requested to return to its to client
Data.Pass through the JWT for generating encryption during this, and when client sends service request to server-side every time, it will be described
JWT is sent to server-side as a part of service request, establishes an information security channel, to guarantee the peace of data transmission
Quan Xing, prevents third party's stealing or distorting to data, and server-side verifies JWT and signature therein to the service request received
Value, it is ensured that request the legitimacy of certification.
Embodiment two:
Corresponding with above-described embodiment one, Fig. 2 shows the realities for the safety communicating method that another embodiment of the application provides
Existing flow diagram, details are as follows:
Step S21 sends logging request to server-side;
Client sends logging request to server-side in the step, so that server-side verifies the logging request,
So that it is determined that whether client can successfully log in the server-side.Include the user name of client in the logging request, step on
Record the public key of password and client;The public key of the client passes through before client sends logging request to server-side
Diffie-Hellman algorithm generates, while the private key of client is generated by Diffie-Hellman algorithm.
Step S22 receives JWT and the server-side public key that the server-side is sent, and the JWT is the server-side root
It is generated according to the logging request;
In the step, client receives the identity security token (Json Web Token, JWT) that server-side is sent,
And the public key of server-side, the server-side public key and server-side private key are generated according to Diffie-Hellman algorithm.It is described
JWT includes head, load and signature.
Step S23 generates signature value according to the server-side public key of stating;
In embodiment provided by the present application, client generates the local of client according to server-side public key and client private key
Key, to generate signature value by the local key.
It is optionally, described that signature value is generated according to the server-side public key, comprising:
The client generates the local key of the client according to the server-side public key and the client private key;
The local key of the relevant information of the service request and the client is subjected to regular combination, obtains second group
Close result;
Second combined result is calculated by the digest algorithm in SM3 algorithm, obtains the signature value.
In the step, when the API of client call service end, random number (nonce), timestamp are added in http request head
(timestamp), three parameters of signature value (sign) request this time for server-side to carry out sign test.Client generates signature value
Process is as follows: content to be signed presses and " body: request message Nei Rong &httpMethod: Qing Qiufangshi &httpURI: asks API&
Nonce: Sui Jishuo &secretKey: local Mi Yao ×tamp: timestamp " rule is combined, and obtains the second combination
As a result, and calculate to the second combined result the signature value of Base64 format using SM3 abstract operation.
Step S24 sends service request to the server-side, indicates that the server-side tests the service request
Card.It include the JWT, the signature value and request data in the service request;
In the step, client sends service request to server-side, so that server-side verifies the service request,
It include the JWT, the signature value and request data in the service request;Server-side to the verification process of service request referring to
Embodiment one.
Step S25 receives the request data that the server-side is sent.
In the step, client waits server-side to the verification result of service request, if being verified, client is waited
It receives server-side and sends back to request data.
Client is with server-side when being communicated in embodiment provided by the present application, and server-side is according to the login of client
Request generates the identity security token JWT of encryption, the JWT and server-side public key is sent collectively to client, so that client
End generates signature value when sending service request to server-side, and server-side receives the service request that client is sent, and to described
The JWT and signature value for including in service request are verified, if the two is verified, it is requested to return to its to client
Data.Pass through the JWT for generating encryption during this, and when client sends service request to server-side every time, it will be described
JWT is sent to server-side as a part of service request, establishes an information security channel, to guarantee the peace of data transmission
Quan Xing, prevents third party's stealing or distorting to data, and server-side verifies JWT and signature therein to the service request received
Value, it is ensured that request the legitimacy of certification.
Embodiment three:
Corresponding to safety communicating method described in foregoing embodiments, it is logical that Fig. 3 shows safety provided by the embodiments of the present application
The structural block diagram of letter system illustrates only part relevant to the embodiment of the present application for ease of description.
Referring to Fig. 3, which includes: server-side 31 and client 32;The server 31 includes receiving list
Member 311, transmission unit 312 and authentication unit 313, the client 32 include: request transmitting unit 321, generation unit 322
And data receipt unit 323, in which:
The server-side 31 includes:
Receiving unit 311 generates identity security according to the logging request for receiving the logging request of client transmission
Load data in token JWT, the JWT has been subjected to encryption;It is also used to receive the service request that the client is sent,
It include the JWT and the signature value and request data in the service request;
Transmission unit 312, for sending the JWT and the server-side public key to the client, to indicate the visitor
Family end generates signature value;
Authentication unit 313, for verifying the JWT and the signature value;If the two passes through verifying, to the client
End returns to the request data of the service request.
Further, the receiving unit 31, comprising:
Module is obtained, for obtaining the log-on message of the client according to the logging request;
Encrypting module obtains the signature of identity security token JWT for encrypting the log-on message;According to it is described signature,
The Encryption Algorithm used when the load data and the encryption log-on message generates the JWT.
Further, the authentication unit 313, comprising:
Parsing module, for parsing the JWT for including in the service request and signature value;
First authentication module, whether the identity for verifying the user according to the JWT legal and the client
Whether overtime log in the server;
Second authentication module, if the identity for the client is legal and the client login server does not surpass
When, then whether the signature value according to the local key authentication of the server-side is legal, wherein the local key of the server-side
It is generated according to the server-side private key and the client public key.
Further, second authentication module, comprising:
Relevant information obtains module, for obtaining the relevant information of this time request, the correlation according to the service request
Information includes one of request message content, request method, request API, random number, timestamp or a variety of;
Composite module obtains first group for the local key of the relevant information and the server-side to be combined
Close result;Sign test is carried out to the signature value by the sign test method in SM3 algorithm according to first combined result, with determination
Whether the signature value is legal.
The client 32 includes:
Request transmitting unit 321, for sending logging request to server-side;It is also used to send service request to the service
End, indicates that the server-side verifies the service request.It include the JWT, the signature value in the service request
And request data;
Generation unit 322, the public key for stating server-side according to generate signature value;
Data receipt unit 323, JWT and the server-side public key, the JWT for receiving the server-side transmission are
The server-side is generated according to the logging request;It is also used to receive the request data that the server-side is sent.
Further, the generation unit 322, comprising:
Local key production module, for generating the client according to the server-side public key and the client private key
Local key;
Computing module, for the local key of the relevant information of the service request and the client to be carried out regular group
It closes, obtains the second combined result;Second combined result is calculated by the digest algorithm in SM3 algorithm, obtains institute
State signature value.
Client is with server-side when being communicated in embodiment provided by the present application, and server-side is according to the login of client
Request generates the identity security token JWT of encryption, the public key of the JWT and server-side is sent collectively to client, so that objective
Family end generates signature value when sending service request to server-side, and server-side receives the service request that client is sent, and to institute
It states the JWT for including in service request and signature value is verified, if the two is verified, returns to it to client and requested
Data.Pass through the JWT for generating encryption during this, and when client sends service request to server-side every time, by institute
A part that JWT is stated as service request is sent to server-side, establishes an information security channel, to guarantee data transmission
Safety, prevents third party's stealing or distorting to data, and server-side verifies JWT and label therein to the service request received
Name value, it is ensured that request the legitimacy of certification.
It should be understood that the size of the serial number of each step is not meant that the order of the execution order in above-described embodiment, each process
Execution sequence should be determined by its function and internal logic, the implementation process without coping with the embodiment of the present application constitutes any limit
It is fixed.
Example IV:
Fig. 4 is the schematic diagram for the terminal device that one embodiment of the application provides.As shown in figure 4, the terminal of the embodiment is set
Standby 4 include: processor 40, memory 41 and are stored in the meter that can be run in the memory 41 and on the processor 40
Calculation machine program 42.The processor 40 is realized when executing the computer program 42 in above-mentioned each safety communicating method embodiment
The step of, such as step S11 to S15 shown in FIG. 1 or step S21 to S25.Alternatively, the processor 40 executes the calculating
The function of each module/unit in above-mentioned each Installation practice, such as server 31 shown in Fig. 3 or client are realized when machine program 42
32 functions.
Illustratively, the computer program 42 can be divided into one or more module/units, it is one or
Multiple module/units are stored in the memory 41, and are executed by the processor 40, to complete the application.Described one
A or multiple module/units can be the series of computation machine program instruction section that can complete specific function, which is used for
Implementation procedure of the computer program 42 in the terminal device 4 is described.For example, the computer program 42 can be divided
It is cut into receiving unit, transmission unit and authentication unit, each unit concrete function is as follows:
Receiving unit generates identity security according to the logging request and enables for receiving the logging request of client transmission
Load data in board JWT, the JWT has been subjected to encryption;It is also used to receive the service request that the client is sent, institute
State includes the JWT and the signature value and request data in service request;
Transmission unit, for sending the JWT and the server-side public key to the client, to indicate the client
Generate signature value;
Authentication unit, for verifying the JWT and the signature value;If the two passes through verifying, to the client
Return to the request data of the service request.
Further, the receiving unit, comprising:
Module is obtained, for obtaining the log-on message of the client according to the logging request;
Encrypting module obtains the signature of identity security token JWT for encrypting the log-on message;According to it is described signature,
The Encryption Algorithm used when the load data and the encryption log-on message generates the JWT.
Further, the authentication unit, comprising:
Parsing module, for parsing the JWT for including in the service request and signature value;
First authentication module, whether the identity for verifying the user according to the JWT legal and the client
Whether overtime log in the server;
Second authentication module, if the identity for the client is legal and the client login server does not surpass
When, then whether the signature value according to the local key authentication of the server-side is legal, wherein the local key of the server-side
It is generated according to the server-side private key and the client public key.
Further, second authentication module, comprising:
Relevant information obtains module, for obtaining the relevant information of this time request, the correlation according to the service request
Information includes one of request message content, request method, request API, random number, timestamp or a variety of;
Composite module obtains first group for the local key of the relevant information and the server-side to be combined
Close result;Sign test is carried out to the signature value by the sign test method in SM3 algorithm according to first combined result, with determination
Whether the signature value is legal.
Or the computer program 42 can be divided into request transmitting unit, generation unit and data receipt unit:
Request transmitting unit, for sending logging request to server-side;It is also used to send service request to the server-side,
Indicate that the server-side verifies the service request.Comprising the JWT, the signature value and asking in the service request
Seek data;
Generation unit, the public key for stating server-side according to generate signature value;
Data receipt unit, the JWT and the server-side public key sent for receiving the server-side, the JWT is institute
Server-side is stated to be generated according to the logging request;It is also used to receive the request data that the server-side is sent.
Further, the generation unit, comprising:
Local key production module, for generating the client according to the server-side public key and the client private key
Local key;
Computing module, for the local key of the relevant information of the service request and the client to be carried out regular group
It closes, obtains the second combined result;Second combined result is calculated by the digest algorithm in SM3 algorithm, obtains institute
State signature value.
The terminal device 4 can be the calculating such as desktop PC, notebook, palm PC and cloud server and set
It is standby.The terminal device may include, but be not limited only to, processor 40, memory 41.It will be understood by those skilled in the art that Fig. 4
The only example of terminal device 4 does not constitute the restriction to terminal device 4, may include than illustrating more or fewer portions
Part perhaps combines certain components or different components, such as the terminal device can also include input-output equipment, net
Network access device, bus etc..
Alleged processor 40 can be central processing unit (Central Processing Unit, CPU), can also be
Other general processors, digital signal processor (Digital Signal Processor, DSP), specific integrated circuit
(Application Specific Integrated Circuit, ASIC), ready-made programmable gate array (Field-
Programmable Gate Array, FPGA) either other programmable logic device, discrete gate or transistor logic,
Discrete hardware components etc..General processor can be microprocessor or the processor is also possible to any conventional processor
Deng.
The memory 41 can be the internal storage unit of the terminal device 4, such as the hard disk or interior of terminal device 4
It deposits.The memory 41 is also possible to the External memory equipment of the terminal device 4, such as be equipped on the terminal device 4
Plug-in type hard disk, intelligent memory card (Smart Media Card, SMC), secure digital (Secure Digital, SD) card dodge
Deposit card (Flash Card) etc..Further, the memory 41 can also both include the storage inside list of the terminal device 4
Member also includes External memory equipment.The memory 41 is for storing needed for the computer program and the terminal device
Other programs and data.The memory 41 can be also used for temporarily storing the data that has exported or will export.
It is apparent to those skilled in the art that for convenience of description and succinctly, only with above-mentioned each function
Can unit, module division progress for example, in practical application, can according to need and by above-mentioned function distribution by different
Functional unit, module are completed, i.e., the internal structure of described device is divided into different functional unit or module, more than completing
The all or part of function of description.Each functional unit in embodiment, module can integrate in one processing unit, can also
To be that each unit physically exists alone, can also be integrated in one unit with two or more units, it is above-mentioned integrated
Unit both can take the form of hardware realization, can also realize in the form of software functional units.In addition, each function list
Member, the specific name of module are also only for convenience of distinguishing each other, the protection scope being not intended to limit this application.Above system
The specific work process of middle unit, module, can refer to corresponding processes in the foregoing method embodiment, and details are not described herein.
In the above-described embodiments, it all emphasizes particularly on different fields to the description of each embodiment, is not described in detail or remembers in some embodiment
The part of load may refer to the associated description of other embodiments.
Those of ordinary skill in the art may be aware that list described in conjunction with the examples disclosed in the embodiments of the present disclosure
Member and algorithm steps can be realized with the combination of electronic hardware or computer software and electronic hardware.These functions are actually
It is implemented in hardware or software, the specific application and design constraint depending on technical solution.Professional technician
Each specific application can be used different methods to achieve the described function, but this realization is it is not considered that exceed
Scope of the present application.
In embodiment provided herein, it should be understood that disclosed device/terminal device and method, it can be with
It realizes by another way.For example, device described above/terminal device embodiment is only schematical, for example, institute
The division of module or unit is stated, only a kind of logical function partition, there may be another division manner in actual implementation, such as
Multiple units or components can be combined or can be integrated into another system, or some features can be ignored or not executed.Separately
A bit, shown or discussed mutual coupling or direct-coupling or communication connection can be through some interfaces, device
Or the INDIRECT COUPLING or communication connection of unit, it can be electrical property, mechanical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit
The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple
In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme
's.
It, can also be in addition, each functional unit in each embodiment of the application can integrate in one processing unit
It is that each unit physically exists alone, can also be integrated in one unit with two or more units.Above-mentioned integrated list
Member both can take the form of hardware realization, can also realize in the form of software functional units.
If the integrated module/unit be realized in the form of SFU software functional unit and as independent product sale or
In use, can store in a computer readable storage medium.Based on this understanding, the application realizes above-mentioned implementation
All or part of the process in example method, can also instruct relevant hardware to complete, the meter by computer program
Calculation machine program can be stored in a computer readable storage medium, the computer program when being executed by processor, it can be achieved that on
The step of stating each embodiment of the method.Wherein, the computer program includes computer program code, the computer program
Code can be source code form, object identification code form, executable file or certain intermediate forms etc..Computer-readable Jie
Matter may include: can carry the computer program code any entity or device, recording medium, USB flash disk, mobile hard disk,
Magnetic disk, CD, computer storage, read-only memory (ROM, Read-Only Memory), random access memory (RAM,
Random Access Memory), electric carrier signal, telecommunication signal and software distribution medium etc..It should be noted that described
The content that computer-readable medium includes can carry out increasing appropriate according to the requirement made laws in jurisdiction with patent practice
Subtract, such as in certain jurisdictions, according to legislation and patent practice, computer-readable medium do not include be electric carrier signal and
Telecommunication signal.
Embodiment described above is only to illustrate the technical solution of the application, rather than its limitations;Although referring to aforementioned reality
Example is applied the application is described in detail, those skilled in the art should understand that: it still can be to aforementioned each
Technical solution documented by embodiment is modified or equivalent replacement of some of the technical features;And these are modified
Or replacement, the spirit and scope of each embodiment technical solution of the application that it does not separate the essence of the corresponding technical solution should all
Comprising within the scope of protection of this application.
Claims (10)
1. a kind of safety communicating method, which is characterized in that the safety communicating method includes:
The logging request that client is sent is received, according in the logging request generation identity security token JWT, the JWT
Load data has been subjected to encryption;
The JWT and the server-side public key are sent to the client, to indicate that the client generates signature value;
The service request that the client is sent is received, includes the JWT and the signature value in the service request and asks
Seek data;
Verify the JWT and the signature value;
If the two passes through verifying, the request data of the service request is returned to the client.
2. safety communicating method as described in claim 1, which is characterized in that described to generate identity peace according to the logging request
Full token JWT, comprising:
The log-on message of the client is obtained according to the logging request;
The log-on message is encrypted, the signature of identity security token JWT is obtained;
The Encryption Algorithm used according to the signature, the load data and when encrypting the log-on message generates the JWT.
3. safety communicating method as described in claim 1, which is characterized in that the verifying JWT and the signature value, packet
It includes:
Parse the JWT for including in the service request and signature value;
Whether the identity for verifying the user according to the JWT is legal and whether the client login server surpasses
When;
If the identity of the client is legal and the client login server has not timed out, according to the server-side
Whether signature value described in local key authentication legal, wherein the local key of the server-side according to the server-side private key and
The client public key generates.
4. safety communicating method as claimed in claim 3, which is characterized in that described to be tested according to the local key of the server-side
Whether legal demonstrate,prove the signature value, comprising:
The relevant information of this time request is obtained according to the service request, the relevant information includes request message content, request
One of mode, request API, random number, timestamp are a variety of;
The local key of the relevant information and the server-side is combined, the first combined result is obtained;
Sign test is carried out to the signature value by the sign test method in SM3 algorithm according to first combined result, to determine
Whether legal state signature value.
5. a kind of safety communicating method, which is characterized in that the safety communicating method includes:
Logging request is sent to server-side;
JWT and the server-side public key that the server-side is sent are received, the JWT is that the server-side is asked according to the login
It seeks survival into;
Signature value is generated according to the server-side public key of stating;
Service request is sent to the server-side, indicates that the server-side verifies the service request.The service is asked
It include the JWT, the signature value and request data in asking;
Receive the request data that the server-side is sent.
6. safety communicating method as claimed in claim 5, which is characterized in that described generated according to the server-side public key is signed
Value, comprising:
The local key of the client is generated according to the server-side public key and client private key;
The local key of the relevant information of the service request and the client is subjected to regular combination, obtains the second combination knot
Fruit;
Second combined result is calculated by the digest algorithm in SM3 algorithm, obtains the signature value.
7. a kind of safe communication system, which is characterized in that the safe communication system includes: server-side and client;
The server-side includes:
Receiving unit generates identity security token according to the logging request for receiving the logging request of client transmission
Load data in JWT, the JWT has been subjected to encryption;It is also used to receive the service request that the client is sent, it is described
It include the JWT and the signature value and request data in service request;
Transmission unit, for sending the JWT and the server-side public key to the client, to indicate that the client generates
Signature value;
Authentication unit, for verifying the JWT and the signature value;If the two passes through verifying, returned to the client
The request data of the service request;
The client includes:
Request transmitting unit, for sending logging request to server-side;It is also used to send service request to the server-side, instruction
The server-side verifies the service request.It include the JWT, the signature value and number of request in the service request
According to;
Generation unit, the public key for stating server-side according to generate signature value;
Data receipt unit, the JWT and the server-side public key sent for receiving the server-side, the JWT is the clothes
Business end is generated according to the logging request;It is also used to receive the request data that the server-side is sent.
8. safe communication system as claimed in claim 7, which is characterized in that the receiving unit, comprising:
Module is obtained, for obtaining the log-on message of the client according to the logging request;
Encrypting module obtains the signature of identity security token JWT for encrypting the log-on message;According to it is described signature, it is described
The Encryption Algorithm used when load data and the encryption log-on message generates the JWT.
9. a kind of terminal device, including memory, processor and storage are in the memory and can be on the processor
The computer program of operation, which is characterized in that the processor realizes such as Claims 1-4 when executing the computer program
The step of any one of any one or the claim 5 or 6 the method.
10. a kind of computer readable storage medium, the computer-readable recording medium storage has computer program, and feature exists
In any one of such as Claims 1-4 of realization or the claim 5 or 6 are any when the computer program is executed by processor
The step of item the method.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810436553.XA CN108965230B (en) | 2018-05-09 | 2018-05-09 | Secure communication method, system and terminal equipment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810436553.XA CN108965230B (en) | 2018-05-09 | 2018-05-09 | Secure communication method, system and terminal equipment |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108965230A true CN108965230A (en) | 2018-12-07 |
CN108965230B CN108965230B (en) | 2021-10-15 |
Family
ID=64499026
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810436553.XA Active CN108965230B (en) | 2018-05-09 | 2018-05-09 | Secure communication method, system and terminal equipment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108965230B (en) |
Cited By (25)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109450649A (en) * | 2018-12-28 | 2019-03-08 | 北京金山安全软件有限公司 | Gateway verification method and device based on application program interface and electronic equipment |
CN109743163A (en) * | 2019-01-03 | 2019-05-10 | 优信拍(北京)信息科技有限公司 | Purview certification method, apparatus and system in micro services framework |
CN110827018A (en) * | 2019-10-11 | 2020-02-21 | 北京如易行科技有限公司 | Method for two-dimensional code intercommunication use between public traffic APP clients |
CN110932844A (en) * | 2019-12-30 | 2020-03-27 | 中科全维科技(苏州)有限公司 | Terminal safety communication method and system for emergency field |
CN111125655A (en) * | 2019-12-20 | 2020-05-08 | 紫光云(南京)数字技术有限公司 | Method for secure communication of OSS-API interface |
CN111225001A (en) * | 2020-03-12 | 2020-06-02 | 北京跨联元焕网络科技有限公司 | Block chain decentralized communication method, electronic equipment and system |
CN111447220A (en) * | 2020-03-26 | 2020-07-24 | 金蝶软件(中国)有限公司 | Authentication information management method, server of application system and computer storage medium |
CN111510300A (en) * | 2020-04-10 | 2020-08-07 | 中国联合网络通信集团有限公司 | Data processing method, device, equipment and computer readable storage medium |
CN111625800A (en) * | 2020-06-05 | 2020-09-04 | 光载互联(杭州)科技有限公司 | Digital identity authentication method and system based on in-vivo detection |
CN111835514A (en) * | 2020-07-23 | 2020-10-27 | 上海英方软件股份有限公司 | Method and system for realizing safe interaction of front-end and back-end separated data |
CN111835523A (en) * | 2020-05-25 | 2020-10-27 | 北京齐尔布莱特科技有限公司 | Data request method, system and computing equipment |
CN111901124A (en) * | 2020-07-29 | 2020-11-06 | 北京天融信网络安全技术有限公司 | Communication safety protection method and device and electronic equipment |
CN112242901A (en) * | 2019-07-16 | 2021-01-19 | 中国移动通信集团浙江有限公司 | Service verification method, device, equipment and computer storage medium |
CN112260838A (en) * | 2020-10-15 | 2021-01-22 | 四川长虹电器股份有限公司 | Automatic renewal authentication method based on JWT (just-before-last-transaction) |
WO2021030545A1 (en) * | 2019-08-13 | 2021-02-18 | Google Llc | Securing browser cookies |
CN112600674A (en) * | 2020-12-04 | 2021-04-02 | 中国农业银行股份有限公司深圳市分行 | User security authentication method and device for front-end and back-end separation system and storage medium |
CN113132363A (en) * | 2021-04-02 | 2021-07-16 | 上海万物新生环保科技集团有限公司 | Front-end and back-end security verification method and equipment |
CN113285807A (en) * | 2021-05-14 | 2021-08-20 | 广东美房智高机器人有限公司 | Method and system for network access authentication of intelligent equipment |
CN113498602A (en) * | 2020-02-06 | 2021-10-12 | 谷歌有限责任公司 | Aggregating encrypted network values |
CN113612774A (en) * | 2021-08-04 | 2021-11-05 | 特瓦特能源科技有限公司 | Network security protection method and related equipment |
CN113746882A (en) * | 2020-05-28 | 2021-12-03 | 支付宝实验室(新加坡)有限公司 | User session information storage method and device and electronic equipment |
CN114124441A (en) * | 2021-09-29 | 2022-03-01 | 上海欧冶金融信息服务股份有限公司 | JWT (just-before-wt) -based client authentication method and system |
CN114143026A (en) * | 2021-10-26 | 2022-03-04 | 福建福诺移动通信技术有限公司 | Data security interface based on asymmetric and symmetric encryption and working method thereof |
CN114268506A (en) * | 2021-12-28 | 2022-04-01 | 优刻得科技股份有限公司 | Method for accessing server side equipment, access side equipment and server side equipment |
CN115001714A (en) * | 2022-07-15 | 2022-09-02 | 中国电信股份有限公司 | Resource access method and device, electronic equipment and storage medium |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101202753A (en) * | 2007-11-29 | 2008-06-18 | 中国电信股份有限公司 | Method and device for accessing plug-in connector applied system by client terminal |
CN102984127A (en) * | 2012-11-05 | 2013-03-20 | 武汉大学 | User-centered mobile internet identity managing and identifying method |
CN103490899A (en) * | 2013-09-27 | 2014-01-01 | 浪潮齐鲁软件产业有限公司 | Application cloud safety certification method based on third-party service |
CN104767731A (en) * | 2015-03-12 | 2015-07-08 | 江苏中天科技软件技术有限公司 | Identity authentication protection method of Restful mobile transaction system |
CN106341429A (en) * | 2016-11-28 | 2017-01-18 | 浙江工业大学 | Authentication method capable of protecting safety of server data |
CN107294920A (en) * | 2016-03-31 | 2017-10-24 | 阿里巴巴集团控股有限公司 | It is a kind of reversely to trust login method and device |
US20180091299A1 (en) * | 2016-09-28 | 2018-03-29 | International Business Machines Corporation | Integrity protected trusted public key token with performance enhancements |
-
2018
- 2018-05-09 CN CN201810436553.XA patent/CN108965230B/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101202753A (en) * | 2007-11-29 | 2008-06-18 | 中国电信股份有限公司 | Method and device for accessing plug-in connector applied system by client terminal |
CN102984127A (en) * | 2012-11-05 | 2013-03-20 | 武汉大学 | User-centered mobile internet identity managing and identifying method |
CN103490899A (en) * | 2013-09-27 | 2014-01-01 | 浪潮齐鲁软件产业有限公司 | Application cloud safety certification method based on third-party service |
CN104767731A (en) * | 2015-03-12 | 2015-07-08 | 江苏中天科技软件技术有限公司 | Identity authentication protection method of Restful mobile transaction system |
CN107294920A (en) * | 2016-03-31 | 2017-10-24 | 阿里巴巴集团控股有限公司 | It is a kind of reversely to trust login method and device |
US20180091299A1 (en) * | 2016-09-28 | 2018-03-29 | International Business Machines Corporation | Integrity protected trusted public key token with performance enhancements |
CN106341429A (en) * | 2016-11-28 | 2017-01-18 | 浙江工业大学 | Authentication method capable of protecting safety of server data |
Cited By (35)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109450649A (en) * | 2018-12-28 | 2019-03-08 | 北京金山安全软件有限公司 | Gateway verification method and device based on application program interface and electronic equipment |
CN109743163A (en) * | 2019-01-03 | 2019-05-10 | 优信拍(北京)信息科技有限公司 | Purview certification method, apparatus and system in micro services framework |
CN112242901A (en) * | 2019-07-16 | 2021-01-19 | 中国移动通信集团浙江有限公司 | Service verification method, device, equipment and computer storage medium |
CN112242901B (en) * | 2019-07-16 | 2023-09-19 | 中国移动通信集团浙江有限公司 | Service verification method, device, equipment and computer storage medium |
WO2021030545A1 (en) * | 2019-08-13 | 2021-02-18 | Google Llc | Securing browser cookies |
US11949688B2 (en) | 2019-08-13 | 2024-04-02 | Google Llc | Securing browser cookies |
CN110827018A (en) * | 2019-10-11 | 2020-02-21 | 北京如易行科技有限公司 | Method for two-dimensional code intercommunication use between public traffic APP clients |
CN111125655A (en) * | 2019-12-20 | 2020-05-08 | 紫光云(南京)数字技术有限公司 | Method for secure communication of OSS-API interface |
CN110932844B (en) * | 2019-12-30 | 2023-06-30 | 中科全维科技(苏州)有限公司 | Emergency field-oriented terminal secure communication method and system |
CN110932844A (en) * | 2019-12-30 | 2020-03-27 | 中科全维科技(苏州)有限公司 | Terminal safety communication method and system for emergency field |
US12021972B2 (en) | 2020-02-06 | 2024-06-25 | Google Llc | Aggregating encrypted network values |
CN113498602A (en) * | 2020-02-06 | 2021-10-12 | 谷歌有限责任公司 | Aggregating encrypted network values |
CN111225001A (en) * | 2020-03-12 | 2020-06-02 | 北京跨联元焕网络科技有限公司 | Block chain decentralized communication method, electronic equipment and system |
CN111447220A (en) * | 2020-03-26 | 2020-07-24 | 金蝶软件(中国)有限公司 | Authentication information management method, server of application system and computer storage medium |
CN111447220B (en) * | 2020-03-26 | 2022-08-23 | 金蝶软件(中国)有限公司 | Authentication information management method, server of application system and computer storage medium |
CN111510300A (en) * | 2020-04-10 | 2020-08-07 | 中国联合网络通信集团有限公司 | Data processing method, device, equipment and computer readable storage medium |
CN111835523A (en) * | 2020-05-25 | 2020-10-27 | 北京齐尔布莱特科技有限公司 | Data request method, system and computing equipment |
CN111835523B (en) * | 2020-05-25 | 2023-05-30 | 北京齐尔布莱特科技有限公司 | Data request method, system and computing device |
CN113746882A (en) * | 2020-05-28 | 2021-12-03 | 支付宝实验室(新加坡)有限公司 | User session information storage method and device and electronic equipment |
CN111625800A (en) * | 2020-06-05 | 2020-09-04 | 光载互联(杭州)科技有限公司 | Digital identity authentication method and system based on in-vivo detection |
CN111835514A (en) * | 2020-07-23 | 2020-10-27 | 上海英方软件股份有限公司 | Method and system for realizing safe interaction of front-end and back-end separated data |
CN111901124A (en) * | 2020-07-29 | 2020-11-06 | 北京天融信网络安全技术有限公司 | Communication safety protection method and device and electronic equipment |
CN111901124B (en) * | 2020-07-29 | 2023-04-18 | 北京天融信网络安全技术有限公司 | Communication safety protection method and device and electronic equipment |
CN112260838A (en) * | 2020-10-15 | 2021-01-22 | 四川长虹电器股份有限公司 | Automatic renewal authentication method based on JWT (just-before-last-transaction) |
CN112600674A (en) * | 2020-12-04 | 2021-04-02 | 中国农业银行股份有限公司深圳市分行 | User security authentication method and device for front-end and back-end separation system and storage medium |
CN113132363A (en) * | 2021-04-02 | 2021-07-16 | 上海万物新生环保科技集团有限公司 | Front-end and back-end security verification method and equipment |
CN113285807A (en) * | 2021-05-14 | 2021-08-20 | 广东美房智高机器人有限公司 | Method and system for network access authentication of intelligent equipment |
CN113612774A (en) * | 2021-08-04 | 2021-11-05 | 特瓦特能源科技有限公司 | Network security protection method and related equipment |
CN114124441B (en) * | 2021-09-29 | 2022-11-15 | 上海欧冶金融信息服务股份有限公司 | JWT (just in time wt) -based client authentication method and system |
CN114124441A (en) * | 2021-09-29 | 2022-03-01 | 上海欧冶金融信息服务股份有限公司 | JWT (just-before-wt) -based client authentication method and system |
CN114143026B (en) * | 2021-10-26 | 2024-01-23 | 福建福诺移动通信技术有限公司 | Data security interface based on asymmetric and symmetric encryption and working method thereof |
CN114143026A (en) * | 2021-10-26 | 2022-03-04 | 福建福诺移动通信技术有限公司 | Data security interface based on asymmetric and symmetric encryption and working method thereof |
CN114268506A (en) * | 2021-12-28 | 2022-04-01 | 优刻得科技股份有限公司 | Method for accessing server side equipment, access side equipment and server side equipment |
CN115001714A (en) * | 2022-07-15 | 2022-09-02 | 中国电信股份有限公司 | Resource access method and device, electronic equipment and storage medium |
CN115001714B (en) * | 2022-07-15 | 2024-03-19 | 中国电信股份有限公司 | Resource access method and device, electronic equipment and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN108965230B (en) | 2021-10-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108965230A (en) | A kind of safety communicating method, system and terminal device | |
Bera et al. | Designing blockchain-based access control protocol in IoT-enabled smart-grid system | |
CN109067539B (en) | Alliance chain transaction method, alliance chain transaction equipment and computer readable storage medium | |
CN102984127B (en) | User-centered mobile internet identity managing and identifying method | |
CN109327477A (en) | Authentication method, device and storage medium | |
CN107425983A (en) | A kind of unified identity authentication method and system platform based on WEB service | |
CN109309565A (en) | A kind of method and device of safety certification | |
Sani et al. | Xyreum: A high-performance and scalable blockchain for iiot security and privacy | |
CN111756530B (en) | Quantum service mobile engine system, network architecture and related equipment | |
CN110493237A (en) | Identity management method, device, computer equipment and storage medium | |
CN109361508A (en) | Data transmission method, electronic equipment and computer readable storage medium | |
Chen et al. | Security analysis and improvement of user authentication framework for cloud computing | |
CN102957584A (en) | Home network equipment management method, control equipment and home network equipment | |
CN106060078A (en) | User information encryption method, user registration method and user validation method applied to cloud platform | |
CN107094156A (en) | A kind of safety communicating method and system based on P2P patterns | |
CN106713236A (en) | End-to-end identity authentication and encryption method based on CPK identifier authentication | |
CN113411187A (en) | Identity authentication method and system, storage medium and processor | |
CN109587100A (en) | A kind of cloud computing platform user authentication process method and system | |
CN111756528A (en) | Quantum session key distribution method and device and communication architecture | |
CN109495458A (en) | A kind of method, system and the associated component of data transmission | |
Yang et al. | Iba: A secure and efficient device-to-device interaction-based authentication scheme for internet of things | |
CN107104804A (en) | A kind of platform integrity verification method and device | |
CN104753879B (en) | Method and system, the method and system of cloud service provider certification terminal of terminal authentication cloud service provider | |
Jiang | Advanced secure user authentication framework for cloud computing | |
Kumar et al. | A secure and efficient authentication protocol for wireless applications in multi-server environment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |