[go: up one dir, main page]

CN108600264A - A kind of encrypting and decrypting method and credit Verification System applied to credit certification - Google Patents

A kind of encrypting and decrypting method and credit Verification System applied to credit certification Download PDF

Info

Publication number
CN108600264A
CN108600264A CN201810437742.9A CN201810437742A CN108600264A CN 108600264 A CN108600264 A CN 108600264A CN 201810437742 A CN201810437742 A CN 201810437742A CN 108600264 A CN108600264 A CN 108600264A
Authority
CN
China
Prior art keywords
parameter
secret key
credit
service
key token
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810437742.9A
Other languages
Chinese (zh)
Other versions
CN108600264B (en
Inventor
柳长庆
曾明
高原
孙强
代红
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Julong Co Ltd
Original Assignee
Julong Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Julong Co Ltd filed Critical Julong Co Ltd
Priority to CN201810437742.9A priority Critical patent/CN108600264B/en
Publication of CN108600264A publication Critical patent/CN108600264A/en
Application granted granted Critical
Publication of CN108600264B publication Critical patent/CN108600264B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention discloses a kind of encrypting and decrypting method and credit Verification System applied to credit certification, the encrypting and decrypting method, including, S1, asked to service client transmission interface by credit client;S2, trigger parameter blocker;S3, service-number parameter corresponding to credit client is obtained by the parameter blocker;S4, secret key token parameter is obtained;S5, the interface requests parameter is received by service client;S6, statement triggering fore filter is explained according to certification;S7, judge whether authentication result can be by credit service authentication.Credit Verification System, including, credit client, parameter blocker, service client, fore filter and credit service authentication unit.The present invention makes the safety higher of credit certification.

Description

A kind of encrypting and decrypting method and credit Verification System applied to credit certification
Technical field
The present invention relates to a kind of Encryption Algorithm, specifically a kind of encrypting and decrypting method applied to credit certification and award Believe Verification System.
Background technology
Currently, with internet+deep development, software systems have been deep among the different scenes of industry-by-industry, Incident is that contact between different system is more close.Therefore, various cloud platforms, combined system, single-sign-on services Etc. coming into being, also more frequently with the communication between plateform system between system, to the safety and reliability to communication It is required that just height more.Wherein, the service refers to that original monomer software systems are split as different functional units, is passed through Contract dependence between service, communication with one another form complete system application, and the service under the unified platform can lead to each other Letter, can also be communicated, such as browser software end, Android system software end, apple system with the non-credit service outside platform System software end, client machine system software end etc..But whether being which kind of communication mode, before obtaining execution communication request, it is ensured that The safety of request, reliability are all necessary premise.
Currently, in the prior art for cross-platform unified certification demand, usually using single-sign-on solution, and Verification System needs a certificate server, and the server-side must be the browser application independently disposed;The server-side master Be responsible for the certification work to user, interacted with database and certification after jumped in a manner of redirection corresponding requests picture Face.Authentication Client and the common deployment of system client application, protection is authenticated in a manner of filtering to shielded resource. For accessing each request of locked resource, whether client all can include user credential in analysis request parameter, if do not had Have, then carries out client certificate or server side authentication;Usually in practical application scene, single-sign-on needs and permission controller chassis Frame is used in combination, by taking ApacheShiro (JAVA security frameworks) as an example.Security framework is believed using user conversation cache user certification Breath also means that client needs to store User Status caching.Client secure frame makes requests on certification using cache information, One group of interface statement is provided simultaneously, Authority Verification description can be carried out to interface, Authority Verification be carried out by blocker, by rear It is accessed into line interface.
In summary, for cross-platform unified certification demand, a certificate server independently disposed is needed, then This there is the distributed deployment scheme of cross-region, and certificate server deployment way is fixed, and network constraint is strong, and load is equal The drawbacks such as weighing apparatus or distributed schemes complexity.The Encryption Algorithm safety of existing credit Verification System is low simultaneously, is easy to be replicated, It is unfavorable for credit client and client service.
Invention content
In view of existing cross-platform unified certification technology there are the drawbacks of, the present invention provides one kind be applied to credit certification Credit encrypting and decrypting method, the technical issues of effectively to solve mentioned in background technology.
A kind of encrypting and decrypting method applied to credit certification includes the following steps:
S1, it is asked to service client transmission interface by credit client;
S2, interface requests parameter and trigger parameter blocker, wherein institute are parsed from the interface requests received Interface call parameters of the interface requests parameter for identification corresponding to the interface to be asked of credit client are stated, the parameter is blocked It cuts device to be encapsulated into the data dictionary data structure for the interface requests parameter to be sent for parameters for authentication will to be encrypted automatically, institute It states encryption parameters for authentication and includes at least secret key token parameter;
S3, service-number parameter corresponding to credit client is obtained by the parameter blocker, and encapsulates the interface Required parameter is to constitute corresponding data dictionary data structure;
S4, secret key token parameter is obtained, and adds service in the data dictionary data structure of the interface requests parameter The interface requests parameter is sent after number parameter and acquired secret key token parameter, wherein the secret key token parameter It is parameter ciphertext and the service-number parameter to be encrypted acquired parameter, the parameter ciphertext is from credit client It is extracted in preset dynamic parameter dictionary;
S5, the interface requests parameter is received by service client;
S6, statement triggering fore filter is explained according to certification, wherein the certification explains statement in interface requests Required parameter is filtered certification, and the certification explains statement for confirming based on the note authenticating tag corresponding to request interface The filtering identifying algorithm executed needed for fore filter, the note authenticating tag have a variety of tag attributes, each label Attribute corresponds to a kind of filtering identifying algorithm being preset in fore filter, and each request interface respectively corresponds to certain The note authenticating tag of one attribute;The fore filter is for extracting secret key token parameter from the interface requests parameter And it is authenticated based on set automated validation mechanism and provides authentication result;
S7, judge whether authentication result can be to execute interface and return the result, otherwise thrown by credit service authentication Go out abnormal authentification failure, the credit service authentication is for being decrypted key token parameter and being judged after successful decryption from secret The service-number parameter extracted in key token parameter, which whether there is, to be locally registered in preset in table.
The acquisition methods following steps of secret key token parameter described in the step S4:
S41:Using the preset dynamic parameter dictionary of credit client as initiation parameter, and obtain its order parameter word Allusion quotation;
S42:Character string conversion is carried out to the order parameter dictionary, obtains parameter character string;
S43:Asymmetric encryption is carried out to the parameter character string, obtains parameter ciphertext;
S44:Symmetric cryptography is carried out to service-number parameter using the parameter ciphertext as auxiliary parameter, after being encrypted Secret key token byte arrays;
S45:Transcoding is carried out to the secret key token byte arrays, obtains secret key token parameter.
The decryption method following steps that secret key token parameter is decrypted in the step S7:
S71, using the preset dynamic parameter dictionary of the credit client as initiation parameter, and obtain its it is described orderly Parameter Dictionary;
S72, character string conversion is carried out to the order parameter dictionary, obtains parameter character string;
S73, asymmetric encryption is carried out to the parameter character string, obtains parameter ciphertext;
S74, byte arrays conversion is carried out to the parameter ciphertext, obtains parameter ciphertext byte arrays;
S75, the secret key token parameter is decoded, obtains secret key token byte arrays;
S76, symmetry algorithm decryption is carried out to the secret key token byte arrays using the parameter ciphertext byte arrays, obtained To service-number byte arrays;
S77, character string conversion is carried out to service-number byte arrays, obtains service-number.
A kind of credit Verification System, including:
Credit client is used to, when transmission interface is asked, outgoing interface is parsed from the interface requests received Required parameter, while trigger parameter intercepting system, the interface requests parameter connecing of being asked of credit client for identification Interface call parameters corresponding to mouthful;
The parameter blocker, for obtaining secret key token parameter, and in the data dictionary number of the interface requests parameter According to sending the interface requests parameter after adding service-number parameter and acquired secret key token parameter in structure;It is described secret Key token parameter to parameter ciphertext and the service-number parameter by being encrypted to obtain;The parameter ciphertext is from credit visitor It is extracted in the preset dynamic parameter dictionary in family end;
Service client, for receiving the interface requests parameter and executing the interface requests parameter;
Fore filter explains statement in interface requests for explaining statement trigger action according to certification by certification Required parameter be filtered certification, the certification explains statement for true based on the note authenticating tag corresponding to request interface Recognize the filtering identifying algorithm executed needed for fore filter, the note authenticating tag has a variety of tag attributes, each mark Label attribute corresponds to a kind of filtering identifying algorithm being preset in fore filter, and each request interface respectively corresponds to The note authenticating tag of a certain attribute;The fore filter is additionally operable to extract secret key token from the interface requests parameter Parameter is simultaneously authenticated based on set automated validation mechanism and provides authentication result;
Credit service authentication unit for secret key token parameter to be decrypted, and judges after successful decryption from secret key Service-number parameter in token parameter at institute's extraction, which whether there is, to be locally registered in preset in table, the if it is service Client executing.
The parameter blocker includes the first parameter acquiring unit for obtaining secret key token parameter comprising:
First parameter initialization module is used for using the preset dynamic parameter dictionary of the credit client as initialization Parameter simultaneously obtains its order parameter dictionary;
First character string conversion module is used to carry out character string conversion to the order parameter dictionary to obtain parameter word Symbol string;
First encrypting module is used to carry out asymmetric encryption to the parameter character string to obtain parameter ciphertext;
Second encrypting module is used to use the parameter ciphertext to be carried out symmetrically to service-number parameter as auxiliary parameter Encryption is to obtain encrypted secret key token byte arrays;
Transcoding module is used to carry out transcoding to the secret key token byte arrays to obtain secret key token parameter.
The parameter blocker further includes the first data supplementing unit, is used for the service-number parameter and passes through The secret key token parameter that first parameter acquiring unit obtains is added in the data dictionary data structure of the interface requests parameter.
The credit service authentication unit includes the first service for obtaining service parameter in the secret key token parameter Number acquiring unit comprising:
Second parameter initialization module is used for the dynamic parameter dictionary preset to the credit client as initialization Parameter simultaneously obtains its order parameter dictionary;
Second character string conversion module is used to carry out character string conversion to the order parameter dictionary to obtain parameter word Symbol string;
Third encrypting module is used to carry out asymmetric encryption to the parameter character string to obtain parameter ciphertext;
First byte arrays conversion module is used to carry out byte arrays conversion to the parameter ciphertext close to obtain parameter Literary byte arrays;
First decoder module is used to be decoded the secret key token parameter to obtain secret key token byte arrays;
First deciphering module is used to carry out the secret key token byte arrays using the parameter ciphertext byte arrays Symmetry algorithm is decrypted to obtain service-number byte arrays;
Third character string conversion module is used to carry out character string conversion to the service-number byte arrays to be taken Business number.
The credit service authentication unit further includes the first judging unit, is used to judge to be carried from secret key token parameter The service-number parameter at the place of taking, which whether there is, to be locally registered in preset in table.
Open Network in face of internet, the credit client token Encryption Algorithm designed in technical solution, uses The Hybrid Encryption of symmetric and unsymmetric Encryption Algorithm and ciphertext such as obscure at the modes.Meanwhile because using required parameter and random time Stamp is used as necessary encryption parameter, therefore ciphertext possesses the characteristic of dynamic random, and ciphertext is unreadable, not fully reversible, and can not It replicates, safety higher.Therefore, it is desirable to by intercepting the ciphertext effectively asked, the mode of required parameter is changed, malice is initiated Illegal request is mechanism that can not be through safety certification.It is a kind of to recognize applied to the encrypting and decrypting method of credit certification and credit Card system makes the safety higher of credit certification.
The present invention can be widely popularized in credit field based on the above reasons.
Description of the drawings
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below There is attached drawing needed in technology description to do simply to introduce, it should be apparent that, the accompanying drawings in the following description is this hair Some bright embodiments for those of ordinary skill in the art without having to pay creative labor, can be with Obtain other attached drawings according to these attached drawings.
Fig. 1 is credit Verification System flow chart in the specific embodiment of the invention.
Fig. 2 is parameter blocker structural schematic diagram in the specific embodiment of the invention.
Fig. 3 is the first parameter acquiring unit structural schematic diagram in the specific embodiment of the invention.
Fig. 4 is credit service authentication cellular construction schematic diagram in the specific embodiment of the invention.
Fig. 5 is first service number structural schematic diagram in the specific embodiment of the invention.
Specific implementation mode
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention In attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is A part of the embodiment of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art The every other embodiment obtained without making creative work, shall fall within the protection scope of the present invention.
Embodiment 1
A kind of encrypting and decrypting method applied to credit certification includes the following steps:
S1, it is asked to service client transmission interface by credit client;
S2, interface requests parameter and trigger parameter blocker, wherein institute are parsed from the interface requests received Interface call parameters of the interface requests parameter for identification corresponding to the interface to be asked of credit client are stated, the parameter is blocked It cuts device to be encapsulated into the data dictionary data structure for the interface requests parameter to be sent for parameters for authentication will to be encrypted automatically, institute It states encryption parameters for authentication and includes at least secret key token parameter;
S3, service-number parameter corresponding to credit client is obtained by the parameter blocker, and encapsulates the interface Required parameter is to constitute corresponding data dictionary data structure;
S4, secret key token parameter is obtained, and adds service in the data dictionary data structure of the interface requests parameter The interface requests parameter is sent after number parameter and acquired secret key token parameter, wherein the secret key token parameter It is parameter ciphertext and the service-number parameter to be encrypted acquired parameter, the parameter ciphertext is from credit client It is extracted in preset dynamic parameter dictionary;
Wherein, the acquisition methods following steps of the secret key token parameter:
S41:Using the preset dynamic parameter dictionary of credit client as initiation parameter, and obtain its order parameter word Allusion quotation;
S42:Character string conversion is carried out to the order parameter dictionary, JSON preferably is carried out to the order parameter dictionary Format string is converted, and parameter character string is obtained, and deletes " [" with "] " characters all in parameter character string;
S43:Asymmetric encryption is carried out to the parameter character string, SHA-1 Encryption Algorithm is preferably used, it is close to obtain parameter Text;
S44:Symmetric cryptography is carried out to service-number parameter using the parameter ciphertext as auxiliary parameter, it is preferred to use AES encryption algorithm obtains encrypted secret key token byte arrays;
S45:Transcoding is carried out to the secret key token byte arrays, Base64 preferably is carried out to secret key token byte arrays Transcoding obtains secret key token parameter.
S5, the interface requests parameter is received by service client;
S6, statement triggering fore filter is explained according to certification, wherein the certification explains statement in interface requests Required parameter is filtered certification, and the certification explains statement for confirming based on the note authenticating tag corresponding to request interface The filtering identifying algorithm executed needed for fore filter, the note authenticating tag have a variety of tag attributes, each label Attribute corresponds to a kind of filtering identifying algorithm being preset in fore filter, and each request interface respectively corresponds to certain The note authenticating tag of one attribute;The fore filter is for extracting secret key token parameter from the interface requests parameter And it is authenticated based on set automated validation mechanism and provides authentication result;The automated validation mechanism judges the secret key Whether token parameter is empty, if it is empty then throw exception, and authentification failure, then certification success, provides authentication result if not empty;
S7, judge whether authentication result can be to execute interface and return the result, otherwise thrown by credit service authentication Go out abnormal authentification failure, the credit service authentication is for being decrypted key token parameter and being judged after successful decryption from secret The service-number parameter extracted in key token parameter, which whether there is, to be locally registered in preset in table.
Wherein, decryption method following steps secret key token parameter being decrypted:
S71, using the preset dynamic parameter dictionary of the credit client as initiation parameter, and obtain its it is described orderly Parameter Dictionary;
S72, character string conversion is carried out to the order parameter dictionary, JSON preferably is carried out to the order parameter dictionary Format string is converted, and parameter character string is obtained;
S73, asymmetric encryption is carried out to the parameter character string, it is preferred to use it is close to obtain parameter for SHA-1 Encryption Algorithm Text;
S74, byte arrays conversion is carried out to the parameter ciphertext, obtains parameter ciphertext byte arrays;
S75, the secret key token parameter is decoded, Base64 solutions preferably is carried out to the secret key token parameter Code, obtains secret key token byte arrays;
S76, symmetry algorithm decryption is carried out to the secret key token byte arrays using the parameter ciphertext byte arrays, obtained To service-number byte arrays;
S77, character string conversion is carried out to service-number byte arrays, obtains service-number.
Embodiment 2
As shown in Figs. 1-5, a kind of credit Verification System, including:
Credit client is used to, when transmission interface is asked, outgoing interface is parsed from the interface requests received Required parameter, while trigger parameter intercepting system, the interface requests parameter connecing of being asked of credit client for identification Interface call parameters corresponding to mouthful;
The parameter blocker, for obtaining secret key token parameter, and in the data dictionary number of the interface requests parameter According to sending the interface requests parameter after adding service-number parameter and acquired secret key token parameter in structure;It is described secret Key token parameter to parameter ciphertext and the service-number parameter by being encrypted to obtain;The parameter ciphertext is from credit visitor It is extracted in the preset dynamic parameter dictionary in family end;
Service client, for receiving the interface requests parameter and executing the interface requests parameter;
Fore filter explains statement in interface requests for explaining statement trigger action according to certification by certification Required parameter be filtered certification, the certification explains statement for true based on the note authenticating tag corresponding to request interface Recognize the filtering identifying algorithm executed needed for fore filter, the note authenticating tag has a variety of tag attributes, each mark Label attribute corresponds to a kind of filtering identifying algorithm being preset in fore filter, and each request interface respectively corresponds to The note authenticating tag of a certain attribute;The fore filter is additionally operable to extract secret key token from the interface requests parameter Parameter is simultaneously authenticated based on set automated validation mechanism and provides authentication result;
Credit service authentication unit for secret key token parameter to be decrypted, and judges after successful decryption from secret key Service-number parameter in token parameter at institute's extraction, which whether there is, to be locally registered in preset in table, the if it is service Client executing.
The parameter blocker includes the first parameter acquiring unit for obtaining secret key token parameter comprising:
First parameter initialization module is used for using the preset dynamic parameter dictionary of the credit client as initialization Parameter simultaneously obtains its order parameter dictionary;
First character string conversion module is used to carry out character string conversion to the order parameter dictionary to obtain parameter word Symbol string, preferably carries out JSON format string conversions, and delete all in parameter character string to the order parameter dictionary " [" with "] " character;
First encrypting module is used to carry out asymmetric encryption to obtain parameter ciphertext, preferably to the parameter character string The rivest, shamir, adelman use SHA-1 Encryption Algorithm;
Second encrypting module is used to use the parameter ciphertext to be carried out symmetrically to service-number parameter as auxiliary parameter To obtain encrypted secret key token byte arrays, the preferably described symmetric cryptography uses AES encryption algorithm for encryption;
Transcoding module is used to carry out transcoding to obtain secret key token parameter, preferably to the secret key token byte arrays Ground carries out Base64 transcodings to secret key token byte arrays.
The parameter blocker further includes the first data supplementing unit, is used for the service-number parameter and passes through The secret key token parameter that first parameter acquiring unit obtains is added in the data dictionary data structure of the interface requests parameter.
The credit service authentication unit includes the first service for obtaining service parameter in the secret key token parameter Number acquiring unit comprising:
Second parameter initialization module is used for the dynamic parameter dictionary preset to the credit client as initialization Parameter simultaneously obtains its order parameter dictionary;
Second character string conversion module is used to carry out character string conversion to the order parameter dictionary to obtain parameter word Symbol string, preferably carries out JSON format string conversions to the order parameter dictionary;
Third encrypting module is used to carry out asymmetric encryption to obtain parameter ciphertext, preferably to the parameter character string The ground asymmetric encryption uses SHA-1 Encryption Algorithm;
First byte arrays conversion module is used to carry out byte arrays conversion to the parameter ciphertext close to obtain parameter Literary byte arrays;
First decoder module is used to be decoded the secret key token parameter to obtain secret key token byte arrays, Base64 decodings preferably are carried out to the secret key token parameter;
First deciphering module is used to carry out the secret key token byte arrays using the parameter ciphertext byte arrays Symmetry algorithm is decrypted to obtain service-number byte arrays;
Third character string conversion module is used to carry out character string conversion to the service-number byte arrays to be taken Business number.
The credit service authentication unit further includes the first judging unit, is used to judge to be carried from secret key token parameter The service-number parameter at the place of taking, which whether there is, to be locally registered in preset in table.
Open Network in face of internet, the credit client token Encryption Algorithm designed in technical solution, uses The Hybrid Encryption of symmetric and unsymmetric Encryption Algorithm and ciphertext such as obscure at the modes.Meanwhile because using required parameter and random time Stamp is used as necessary encryption parameter, therefore ciphertext possesses the characteristic of dynamic random, and ciphertext is unreadable, not fully reversible, and can not It replicates, safety higher.Therefore, it is desirable to by intercepting the ciphertext effectively asked, the mode of required parameter is changed, malice is initiated Illegal request is mechanism that can not be through safety certification.It is a kind of to recognize applied to the encrypting and decrypting method of credit certification and credit Card system makes the safety higher of credit certification.
Embodiment 3
Embodiment 3 is being explained further to the filtering identifying algorithm in embodiment 1 and embodiment 2:
The note authenticating tag foundation in step S6 and embodiment 2 in embodiment 1 involved by fore filter Interface authentication demand is defined as following several properties:Its include but not limited to credit service authentication label, tourist's authenticating tag, Login authentication label, role's authenticating tag and purview certification label.
It also to be built and the server receiving terminal before the request of credit user end to server receiving terminal transmission interface The User Status data structure to match, wherein the User Status data structure is used to provide for filtering verification process required User state information, and be integrated into together with the required parameter in interface requests data packet and sent to server receiving terminal, The required parameter is written into the certification secret key used for server side authentication and service secret key;The user state information is extremely Include user right voucher, user basic information and permissions data less, the user right voucher is used in stateless session Under the conditions of obtain the keyword of user's Entered state unique mark, that is, user state information;The permissions data includes role's coding Data and access authorization for resource coded data.
Filtering identifying algorithm corresponding to the credit service authentication label includes the following steps:
(101), it obtains the certification secret key in required parameter and judges whether the required parameter is empty, be then throw exception Otherwise authentification failure carries out in next step,;
(102), corresponding Services Code example is obtained from set interface parameters dictionary and to delete the certification secret The attribute information of key;
(103), it is based on credit server-side token decipherment algorithm, after being decrypted the certification secret key to be decrypted The Services Code of client;
(104), judge whether the Services Code is empty, be then throw exception authentification failure, otherwise carry out in next step;
(105), judge that the Services Code whether there is in set local credit web services registry, otherwise dish out Abnormal authentification failure;
(106), determine corresponding to request interface note authenticating tag attribute, that is, allow by Services Code number Group;
(107) if, the array length of Services Code array be 0, it is determined that can authenticate and pass through for any credit service;
(108), the Services Code array in circulation step (106), and judge whether and the client of step (103) The identical value of Services Code, be to confirm that certification passes through, otherwise throw exception authentification failure.
The note tag attributes further include self-defined authenticating tag.
Finally it should be noted that:The above embodiments are only used to illustrate the technical solution of the present invention., rather than its limitations;To the greatest extent Present invention has been described in detail with reference to the aforementioned embodiments for pipe, it will be understood by those of ordinary skill in the art that:Its according to So can with technical scheme described in the above embodiments is modified, either to which part or all technical features into Row equivalent replacement;And these modifications or replacements, various embodiments of the present invention technology that it does not separate the essence of the corresponding technical solution The range of scheme.

Claims (8)

1. a kind of encrypting and decrypting method applied to credit certification, which is characterized in that include the following steps:
S1, it is asked to service client transmission interface by credit client;
S2, interface requests parameter and trigger parameter blocker are parsed from the interface requests received, wherein described connect Mouthful required parameter interface call parameters corresponding to the interface to be asked of credit client for identification, the parameter blocker It is described to add for encryption parameters for authentication to be encapsulated into the data dictionary data structure for the interface requests parameter to be sent automatically Close parameters for authentication includes at least secret key token parameter;
S3, service-number parameter corresponding to credit client is obtained by the parameter blocker, and encapsulates the interface requests Parameter is to constitute corresponding data dictionary data structure;
S4, secret key token parameter is obtained, and service-number is added in the data dictionary data structure of the interface requests parameter The interface requests parameter is sent after parameter and acquired secret key token parameter, wherein the secret key token parameter is pair Acquired parameter is encrypted with the service-number parameter in parameter ciphertext, and the parameter ciphertext is preset from credit client Dynamic parameter dictionary in extract;
S5, the interface requests parameter is received by service client;
S6, statement triggering fore filter is explained according to certification, wherein the certification explains statement to the request in interface requests Parameter is filtered certification, and it is preposition for being confirmed based on the note authenticating tag corresponding to request interface that statement is explained in the certification The filtering identifying algorithm executed needed for filter, the note authenticating tag have a variety of tag attributes, each tag attributes A kind of corresponding filtering identifying algorithm being preset in fore filter, and each request interface respectively corresponds to a certain category The note authenticating tag of property;The fore filter is for extracting secret key token parameter and base from the interface requests parameter It is authenticated in set automated validation mechanism and provides authentication result;
S7, judge whether authentication result can be to execute interface and return the result, otherwise dished out different by credit service authentication Normal authentification failure, the credit service authentication is for being decrypted secret key token parameter and being judged after successful decryption from secret key The service-number parameter extracted in token parameter, which whether there is, to be locally registered in preset in table.
2. a kind of encrypting and decrypting method applied to credit certification according to claim 1, it is characterised in that:In the step The acquisition methods following steps of secret key token parameter described in rapid S4:
S41:Using the preset dynamic parameter dictionary of credit client as initiation parameter, and obtain its order parameter dictionary;
S42:Character string conversion is carried out to the order parameter dictionary, obtains parameter character string;
S43:Asymmetric encryption is carried out to the parameter character string, obtains parameter ciphertext;
S44:Symmetric cryptography is carried out to service-number parameter using the parameter ciphertext as auxiliary parameter, is obtained encrypted secret Key token byte arrays;
S45:Transcoding is carried out to the secret key token byte arrays, obtains secret key token parameter.
3. a kind of encrypting and decrypting method applied to credit certification according to claim 1 or 2, it is characterised in that:Institute State the decryption method following steps that secret key token parameter is decrypted in step S7:
S71, using the preset dynamic parameter dictionary of the credit client as initiation parameter, and obtain its order parameter Dictionary;
S72, character string conversion is carried out to the order parameter dictionary, obtains parameter character string;
S73, asymmetric encryption is carried out to the parameter character string, obtains parameter ciphertext;
S74, byte arrays conversion is carried out to the parameter ciphertext, obtains parameter ciphertext byte arrays;
S75, the secret key token parameter is decoded, obtains secret key token byte arrays;
S76, symmetry algorithm decryption is carried out to the secret key token byte arrays using the parameter ciphertext byte arrays, is taken Business number byte arrays;
S77, character string conversion is carried out to service-number byte arrays, obtains service-number.
4. a kind of credit Verification System, which is characterized in that including:
Credit client is used to, when transmission interface is asked, interface requests are parsed from the interface requests received Parameter, while trigger parameter intercepting system, the interface requests parameter interface to be asked of credit client institute for identification Corresponding interface call parameters;
The parameter blocker, for obtaining secret key token parameter, and in the data dictionary data knot of the interface requests parameter The interface requests parameter is sent after adding service-number parameter and acquired secret key token parameter in structure;The secret key enables Board parameter to parameter ciphertext and the service-number parameter by being encrypted to obtain;The parameter ciphertext is from credit client It is extracted in preset dynamic parameter dictionary;
Service client, for receiving the interface requests parameter and executing the interface requests parameter;
Fore filter explains statement to asking in interface requests for explaining statement trigger action according to certification by certification Parameter is asked to be filtered certification, before the certification explains statement for confirming based on the note authenticating tag corresponding to request interface The filtering identifying algorithm executed needed for filter is set, the note authenticating tag has a variety of tag attributes, each label category Property corresponds to a kind of filtering identifying algorithm being preset in fore filter, and each request interface respectively correspond to it is a certain The note authenticating tag of attribute;The fore filter is additionally operable to extract secret key token parameter from the interface requests parameter And it is authenticated based on set automated validation mechanism and provides authentication result;
Credit service authentication unit for secret key token parameter to be decrypted, and judges after successful decryption from secret key token Service-number parameter in parameter at institute's extraction, which whether there is, to be locally registered in preset in table, if it is the services client End executes.
5. credit Verification System according to claim 4, it is characterised in that:The parameter blocker includes secret for obtaining First parameter acquiring unit of key token parameter comprising:
First parameter initialization module is used for using the preset dynamic parameter dictionary of the credit client as initiation parameter And obtain its order parameter dictionary;
First character string conversion module is used to carry out character string conversion to the order parameter dictionary to obtain parameter character String;
First encrypting module is used to carry out asymmetric encryption to the parameter character string to obtain parameter ciphertext;
Second encrypting module is used to use the parameter ciphertext to carry out symmetric cryptography to service-number parameter as auxiliary parameter To obtain encrypted secret key token byte arrays;
Transcoding module is used to carry out transcoding to the secret key token byte arrays to obtain secret key token parameter.
6. credit Verification System according to claim 5, it is characterised in that:The parameter blocker further includes the first data Additional unit, is used to add the service-number parameter and the secret key token parameter obtained by the first parameter acquiring unit It adds in the data dictionary data structure of the interface requests parameter.
7. credit Verification System according to claim 4 or 5, it is characterised in that:The credit service authentication unit includes First service number acquiring unit for obtaining service parameter in the secret key token parameter comprising:
Second parameter initialization module is used for the dynamic parameter dictionary preset to the credit client as initiation parameter And obtain its order parameter dictionary;
Second character string conversion module is used to carry out character string conversion to the order parameter dictionary to obtain parameter character String;
Third encrypting module is used to carry out asymmetric encryption to the parameter character string to obtain parameter ciphertext;
First byte arrays conversion module is used to carry out byte arrays conversion to the parameter ciphertext to obtain parameter ciphertext word Joint number group;
First decoder module is used to be decoded the secret key token parameter to obtain secret key token byte arrays;
First deciphering module is used to carry out the secret key token byte arrays using the parameter ciphertext byte arrays symmetrical Algorithm is decrypted to obtain service-number byte arrays;
Third character string conversion module is used to carry out character string conversion to the service-number byte arrays to compile to obtain service Number.
8. the credit Verification System according to claim 4 or 7, it is characterised in that:The credit service authentication unit also wraps The first judging unit is included, is used to judge to whether there is in preset from the service-number parameter in secret key token parameter at institute's extraction Be locally registered in table.
CN201810437742.9A 2018-05-09 2018-05-09 Encryption and decryption method applied to credit authorization and credit authorization system Active CN108600264B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810437742.9A CN108600264B (en) 2018-05-09 2018-05-09 Encryption and decryption method applied to credit authorization and credit authorization system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810437742.9A CN108600264B (en) 2018-05-09 2018-05-09 Encryption and decryption method applied to credit authorization and credit authorization system

Publications (2)

Publication Number Publication Date
CN108600264A true CN108600264A (en) 2018-09-28
CN108600264B CN108600264B (en) 2020-10-02

Family

ID=63636554

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810437742.9A Active CN108600264B (en) 2018-05-09 2018-05-09 Encryption and decryption method applied to credit authorization and credit authorization system

Country Status (1)

Country Link
CN (1) CN108600264B (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20020070623A (en) * 2001-03-02 2002-09-10 송우아이엔티 주식회사 System and method for intermediating credit information, and storage media having program source thereof
CN101132281A (en) * 2007-09-18 2008-02-27 刘亚梅 Network security authentication system for preventing key from stealing
CN101499904A (en) * 2008-02-01 2009-08-05 华为技术有限公司 Method, apparatus and system for safe interface call
CN103701761A (en) * 2012-09-28 2014-04-02 中国电信股份有限公司 Authentication method for invoking open interface and system
CN104104738A (en) * 2014-08-06 2014-10-15 江苏瑞中数据股份有限公司 FTP-based (file transfer protocol-based) data exchange system
CN104424678A (en) * 2013-08-30 2015-03-18 聚龙股份有限公司 Electronic password lock system and control method thereof
CN104901928A (en) * 2014-03-07 2015-09-09 中国移动通信集团浙江有限公司 Data interaction method, device and system

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20020070623A (en) * 2001-03-02 2002-09-10 송우아이엔티 주식회사 System and method for intermediating credit information, and storage media having program source thereof
CN101132281A (en) * 2007-09-18 2008-02-27 刘亚梅 Network security authentication system for preventing key from stealing
CN101499904A (en) * 2008-02-01 2009-08-05 华为技术有限公司 Method, apparatus and system for safe interface call
CN103701761A (en) * 2012-09-28 2014-04-02 中国电信股份有限公司 Authentication method for invoking open interface and system
CN104424678A (en) * 2013-08-30 2015-03-18 聚龙股份有限公司 Electronic password lock system and control method thereof
CN104901928A (en) * 2014-03-07 2015-09-09 中国移动通信集团浙江有限公司 Data interaction method, device and system
CN104104738A (en) * 2014-08-06 2014-10-15 江苏瑞中数据股份有限公司 FTP-based (file transfer protocol-based) data exchange system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
刘俊: ""软件开发开放API接口的安全处理"", 《信息与电脑(理论版)》 *

Also Published As

Publication number Publication date
CN108600264B (en) 2020-10-02

Similar Documents

Publication Publication Date Title
CN101183932B (en) Security identification system of wireless application service and login and entry method thereof
CN102006271B (en) IP address secure multi-channel authentication for online transactions
CN108600203A (en) Secure Single Sign-on method based on Cookie and its unified certification service system
US9497630B2 (en) Enhanced manageability in wireless data communication systems
EP1615097B1 (en) Dual-path-pre-approval authentication method
US20050188219A1 (en) Method and a system for communication between a terminal and at least one communication equipment
CN107294916B (en) Single-point logging method, single-sign-on terminal and single-node login system
CN107534651A (en) The safe transmission of Session ID during service authentication
CN107113613B (en) Server, mobile terminal, network real-name authentication system and method
US20130232560A1 (en) Method, device and system for verifying communication sessions
EP1264490B1 (en) Method for establishing the authenticity of the identity of a service user and device for carrying out the method
US20210234850A1 (en) System and method for accessing encrypted data remotely
CN103249045A (en) Identification method, device and system
CN108600268A (en) A kind of encrypting and decrypting method applied to non-credit certification and non-credit Verification System
CN106330829A (en) Method and system for realizing single signing on by using middleware
CN108985037A (en) A kind of auth method, registration terminal and system
CN103516524A (en) Security authentication method and system
CN108616540A (en) A kind of platform authentication method and system filtering certification with statement formula based on cross-platform Encryption Algorithm
CN109862009A (en) A kind of client identity method of calibration and device
CN102264068B (en) Shared key consultation method, system, network platform and terminal
CN108111518A (en) A kind of single-point logging method and system based on security password proxy server
CN105187417B (en) Authority acquiring method and apparatus
CN108600266A (en) A kind of statement filtering authentication method and Verification System
CN108462671A (en) A kind of authentication protection method and system based on reverse proxy
CN106453259A (en) Internet finance safety link realization method based on block chaining encryption technology

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant