CN107979467B - Verification method and device - Google Patents
Verification method and device Download PDFInfo
- Publication number
- CN107979467B CN107979467B CN201610922162.XA CN201610922162A CN107979467B CN 107979467 B CN107979467 B CN 107979467B CN 201610922162 A CN201610922162 A CN 201610922162A CN 107979467 B CN107979467 B CN 107979467B
- Authority
- CN
- China
- Prior art keywords
- verification
- information
- signature
- service request
- signature information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3228—One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
- H04L63/0838—Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Storage Device Security (AREA)
- Computer And Data Communications (AREA)
Abstract
本发明实施例公开了一种验证方法及装置,所述方法用于验证插件或客户端中,包括:自行生成验证码;显示验证码;获取基于所述验证码显示形成的用户输入;基于所述用户输入生成验证结果;基于所述验证结果,向业务服务器发送服务请求。采用本实施例提供的方案,可以验证服务器不参与的情况下,自行生成验证码进行离线验证,从而避免了验证服务器负荷大或故障导致的验证时延大或无法进行验证的现象。
The embodiment of the present invention discloses a verification method and device. The method is used in a verification plug-in or a client, and includes: generating a verification code by itself; displaying the verification code; obtaining user input formed based on the display of the verification code; The user input generates a verification result; based on the verification result, a service request is sent to the service server. With the solution provided in this embodiment, the verification code can be generated by itself for offline verification without the participation of the verification server, thereby avoiding the phenomenon of large verification delay or failure to perform verification caused by heavy load or failure of the verification server.
Description
技术领域technical field
本发明涉及信息技术领域,尤其涉及一种离线验证方法及装置。The invention relates to the field of information technology, and in particular, to an offline verification method and device.
背景技术Background technique
为了保证信息安全和财产安全,设备在执行某一些操作时,可能需要进行验证。通常验证都是依赖验证服务器的。但是若一旦验证服务器出现故障,例如被黑客攻击、超负荷运行的问题,容易导致验证延时大、验证不安全或无法验证的问题,进而导致基于验证的业务操作或应用操作无法进行的问题。In order to ensure information security and property security, the device may need to be authenticated when performing certain operations. Usually authentication is dependent on the authentication server. However, once the verification server fails, such as being attacked by hackers or overloaded, it will easily lead to problems such as large verification delay, unsafe or unverifiable verification, and then lead to problems that verification-based business operations or application operations cannot be performed.
发明内容SUMMARY OF THE INVENTION
有鉴于此,本发明实施例期望提供的验证方法及装置,至少部分解决验证服务器异常或符合过大导致的验证时延大或无法验证的问题。In view of this, the embodiments of the present invention are expected to provide a verification method and apparatus to at least partially solve the problem of long verification delay or failure to verify due to an abnormal verification server or excessive compliance.
为达到上述目的,本发明的技术方案是这样实现的:In order to achieve the above object, the technical scheme of the present invention is achieved in this way:
本发明实施例第一方面提供一种验证方法,用于验证插件或客户端,包括:A first aspect of the embodiments of the present invention provides a verification method for verifying a plug-in or a client, including:
自行生成验证码;Generate verification code by yourself;
显示验证码;Display verification code;
获取基于所述验证码显示形成的用户输入;obtaining user input formed based on the verification code display;
基于所述用户输入生成验证结果;generating a verification result based on the user input;
基于所述验证结果,向业务服务器发送服务请求。Based on the verification result, a service request is sent to the service server.
基于上述方案,所述方法还包括:Based on the above scheme, the method further includes:
向验证服务器请求验证码;Request a verification code from the verification server;
所述自行生成验证码,包括:The self-generated verification code includes:
当所述验证服务器返回异常信息或在预定时间内未收到所述验证服务器返回的验证码时,自行生成验证码。When the verification server returns abnormal information or does not receive the verification code returned by the verification server within a predetermined time, the verification code is automatically generated.
基于上述方案,所述基于所述验证结果,向业务服务器发送服务请求,包括:Based on the above solution, the sending of a service request to the service server based on the verification result includes:
对所述验证结果进行签名处理,生成验证签名信息;Perform signature processing on the verification result to generate verification signature information;
向业务服务器发送包括所述验证签名信息的服务请求;其中,所述验证签名信息用于在满足第一预设条件时,触发所述业务服务器响应所述服务请求。Sending a service request including the verification signature information to the service server; wherein the verification signature information is used to trigger the service server to respond to the service request when a first preset condition is satisfied.
基于上述方案,所述对所述验证结果进行签名处理,生成验证签名信息,包括:Based on the above solution, performing signature processing on the verification result to generate verification signature information, including:
当所述验证结果表示验证通过时,对所述验证结果进行签名处理,获得所述验证签名信息。When the verification result indicates that the verification is passed, signature processing is performed on the verification result to obtain the verification signature information.
基于上述方案,所述对所述验证结果进行签名处理,生成验证签名信息,包括:Based on the above solution, performing signature processing on the verification result to generate verification signature information, including:
获取当前时间的第一时间信息;Get the first time information of the current time;
对所述验证结果和所述第一时间信息进行签名处理,获得所述验证签名信息;其中,所述第一时间信息用于所述业务服务器基于第一时间信息确定是否响应所述服务请求。Perform signature processing on the verification result and the first time information to obtain the verification signature information; wherein the first time information is used by the service server to determine whether to respond to the service request based on the first time information.
基于上述方案,所述对所述验证结果进行签名处理,生成验证签名信息,包括:Based on the above solution, performing signature processing on the verification result to generate verification signature information, including:
获取生成所述服务请求的应用的第一应用签名信息;obtaining the first application signature information of the application that generates the service request;
对所述验证结果和所述应用签名信息进行签名处理,获得所述验证签名信息;所述应用签名信息用于所述业务服务器防止非法应用调用所述。Perform signature processing on the verification result and the application signature information to obtain the verification signature information; the application signature information is used by the service server to prevent illegal applications from calling the application.
基于上述方案,所述对所述验证结果进行签名处理,生成验证签名信息,包括:Based on the above solution, performing signature processing on the verification result to generate verification signature information, including:
获取设备标识信息;Obtain device identification information;
对所述验证结果和所述设备标识信息进行签名处理,获得所述验证签名信息;其中,所述设备标识信息用于所述业务服务器当前服务请求是否来自合法等设备。Perform signature processing on the verification result and the device identification information to obtain the verification signature information; wherein, the device identification information is used for whether the current service request of the service server is from a legal device or the like.
本发明实施例第二方面提供一种验证方法,包括:A second aspect of the embodiments of the present invention provides a verification method, including:
接收基于验证插件或客户端基于验证结果发送的服务请求;其中,所述验证结果为基于所述验证插件或客户端自行生成的验证码形成的;Receive the service request sent based on the verification plug-in or the client based on the verification result; wherein, the verification result is formed based on the verification code generated by the verification plug-in or the client;
当所述服务请求满足第二预设条件时,响应所述服务请求。When the service request satisfies the second preset condition, the service request is responded to.
基于上述方案,所述接收基于验证插件或客户端基于验证结果发送的服务请求,包括:Based on the above solution, the receiving is based on the service request sent by the verification plug-in or the client based on the verification result, including:
接收包括验证签名信息的服务请求;其中,所述验证签名信息是基于自身生成的验证码进行验证的验证结果生成的;Receive a service request that includes verification signature information; wherein, the verification signature information is generated based on the verification result of the verification code generated by itself;
所述方法还包括:The method also includes:
利用验证公钥对所述验证签名信息进行处理,获得第一验证摘要;Use the verification public key to process the verification signature information to obtain a first verification digest;
利用验证私钥对所述验证签名信息进行处理,获得生成所述验证签名信息的原始信息;其中,所述原始信息至少包括所述验证结果;Use the verification private key to process the verification signature information to obtain the original information for generating the verification signature information; wherein, the original information at least includes the verification result;
对所述原始信息进行签名处理,获得第二验证摘要;Perform signature processing on the original information to obtain a second verification digest;
比对所述第一验证摘要和所述第二验证摘要;comparing the first verification digest and the second verification digest;
所述当所述服务请求满足第二预设条件时,响应所述服务请求,包括:The responding to the service request when the service request satisfies the second preset condition includes:
当所述第一验证摘要和所述第二验证摘要一致时,响应所述服务请求。When the first verification digest and the second verification digest are consistent, the service request is responded to.
基于上述方案,所述验证签名信息是基于自身生成的验证码进行验证的验证结果及第一时间信息生成的;Based on the above solution, the verification signature information is generated based on the verification result and the first time information of the verification code generated by the self-generated verification code;
所述原始信息包括所述第一时间信息;the original information includes the first time information;
所述方法还包括:The method also includes:
获取当前时间的第二时间信息;Get the second time information of the current time;
比对第一时间信息和第二时间信息;Compare the first time information with the second time information;
所述当所述第一验证摘要和所述第二验证摘要一致时,响应所述服务请求,包括:When the first verification digest and the second verification digest are consistent, responding to the service request, including:
当所述第一时间信息和第二时间信息对应的时间差在预设范围内,且所述第一验证摘要和所述第二验证摘要一致时,响应所述服务请求。When the time difference corresponding to the first time information and the second time information is within a preset range, and the first verification digest and the second verification digest are consistent, the service request is responded to.
基于上述方案,所述验证签名信息是基于自身生成的验证码进行验证的验证结果及第一应用签名信息生成的;Based on the above solution, the verification signature information is generated based on the verification result of the verification code generated by itself and the first application signature information;
所述对所述原始信息进行签名处理,获得第二验证摘要,包括:The performing signature processing on the original information to obtain a second verification digest, including:
对所述原始信息中的验证结果及合法应用的第二应用签名信息进行签名处理,获得所述第二验证摘要。Perform signature processing on the verification result in the original information and the second application signature information of the legitimate application to obtain the second verification digest.
基于上述方案,所述验证签名信息是基于自身生成的验证码进行验证的验证结果及设备标识信息生成的;Based on the above solution, the verification signature information is generated based on the verification result and device identification information of the verification code generated by itself;
所述原始信息还包括设备标识信息;The original information also includes device identification information;
所述方法还包括:The method also includes:
根据所述设备标识信息验证设备合法性;Verify the legitimacy of the device according to the device identification information;
所述当所述第一验证摘要和所述第二验证摘要一致时,响应所述服务请求,包括:When the first verification digest and the second verification digest are consistent, responding to the service request, including:
当所述设备合法且所述第一验证摘要和所述第二验证摘要一致时,响应所述服务请求。When the device is legitimate and the first verification digest and the second verification digest are consistent, the service request is responded to.
本发明实施例第三方面提供一种验证装置,位于验证插件或客户端中,包括:A third aspect of the embodiments of the present invention provides a verification device, which is located in a verification plug-in or a client, including:
生成单元,用于自行生成验证码;The generation unit is used to generate the verification code by itself;
显示单元,用于显示验证码;A display unit for displaying the verification code;
获取单元,用于获取基于所述验证码显示形成的用户输入;an obtaining unit, configured to obtain user input formed based on the verification code display;
验证单元,用于基于所述用户输入生成验证结果;a verification unit for generating a verification result based on the user input;
发送单元,用于基于所述验证结果,向业务服务器发送服务请求。A sending unit, configured to send a service request to the service server based on the verification result.
基于上述方案,所述发送单元,还用于向验证服务器请求验证码;Based on the above solution, the sending unit is further configured to request a verification code from the verification server;
所述生成单元,具体用于当所述验证服务器返回异常信息或在预定时间内未收到所述验证服务器返回的验证码时,自行生成验证码。The generating unit is specifically configured to generate the verification code by itself when the verification server returns abnormal information or does not receive the verification code returned by the verification server within a predetermined time.
基于上述方案,所述装置还包括:Based on the above solution, the device further includes:
签名单元,用于对所述验证结果进行签名处理,生成验证签名信息;a signature unit, configured to perform signature processing on the verification result, and generate verification signature information;
所述发送单元,具体用于向业务服务器发送包括所述验证签名信息的服务请求;其中,所述验证签名信息用于在满足第一预设条件时,触发所述业务服务器响应所述服务请求。The sending unit is specifically configured to send a service request including the verification signature information to the service server; wherein the verification signature information is used to trigger the service server to respond to the service request when a first preset condition is satisfied .
基于上述方案,所述签名单元,具体用于当所述验证结果表示验证通过时,对所述验证结果进行签名处理,获得所述验证签名信息。Based on the above solution, the signature unit is specifically configured to perform signature processing on the verification result to obtain the verification signature information when the verification result indicates that the verification is passed.
基于上述方案,所述签名单元,具体用于获取当前时间的第一时间信息;对所述验证结果和所述第一时间信息进行签名处理,获得所述验证签名信息;其中,所述第一时间信息用于所述业务服务器基于第一时间信息确定是否响应所述服务请求。Based on the above solution, the signature unit is specifically configured to obtain the first time information of the current time; perform signature processing on the verification result and the first time information to obtain the verification signature information; wherein, the first The time information is used by the service server to determine whether to respond to the service request based on the first time information.
基于上述方案,所述签名单元,具体用于获取生成所述服务请求的应用的第一应用签名信息;对所述验证结果和所述应用签名信息进行签名处理,获得所述验证签名信息;所述应用签名信息用于所述业务服务器防止非法应用调用所述。Based on the above solution, the signature unit is specifically configured to obtain the first application signature information of the application that generates the service request; perform signature processing on the verification result and the application signature information to obtain the verification signature information; The application signature information is used by the service server to prevent illegal applications from calling the application.
基于上述方案,所述签名单元,还用于获取设备标识信息;对所述验证结果和所述设备标识信息进行签名处理,获得所述验证签名信息;其中,所述设备标识信息用于所述业务服务器当前服务请求是否来自合法等设备。Based on the above solution, the signature unit is further configured to acquire device identification information; perform signature processing on the verification result and the device identification information to obtain the verification signature information; wherein the device identification information is used for the Whether the current service request of the business server comes from a legitimate device.
本发明实施例第四方面提供一种验证装置,包括:A fourth aspect of the embodiments of the present invention provides a verification device, including:
接收单元,用于接收包括验证签名信息的服务请求;其中,所述验证签名信息是基于自身生成的验证码进行验证的验证结果生成的;a receiving unit, configured to receive a service request including verification signature information; wherein, the verification signature information is generated based on a verification result verified by a verification code generated by itself;
响应单元,用于当所述服务请求满足第二预设条件时,响应所述服务请求。A response unit, configured to respond to the service request when the service request satisfies a second preset condition.
基于上述方案,所述接收单元,具体用于接收包括验证签名信息的服务请求;其中,所述验证签名信息是基于自身生成的验证码进行验证的验证结果生成的;Based on the above solution, the receiving unit is specifically configured to receive a service request including verification signature information; wherein, the verification signature information is generated based on a verification result verified by a verification code generated by itself;
所述装置还包括:The device also includes:
第一获得单元,用于利用验证公钥对所述验证签名信息进行处理,获得第一验证摘要;a first obtaining unit, configured to process the verification signature information by using the verification public key to obtain a first verification digest;
第二获得单元,用于利用验证私钥对所述验证签名信息进行处理,获得生成所述验证签名信息的原始信息;其中,所述原始信息至少包括所述验证结果;a second obtaining unit, configured to process the verification signature information by using the verification private key to obtain original information for generating the verification signature information; wherein the original information at least includes the verification result;
第三获得单元,用于对所述原始信息进行签名处理,获得第二验证摘要;a third obtaining unit, configured to perform signature processing on the original information to obtain a second verification digest;
比对单元,用于比对所述第一验证摘要和所述第二验证摘要;a comparison unit for comparing the first verification digest and the second verification digest;
所述响应单元,用于当所述第一验证摘要和所述第二验证摘要一致时,响应所述服务请求。The response unit is configured to respond to the service request when the first verification digest and the second verification digest are consistent.
基于上述方案,所述验证签名信息是基于自身生成的验证码进行验证的验证结果及第一时间信息生成的;Based on the above solution, the verification signature information is generated based on the verification result and the first time information of the verification code generated by the self-generated verification code;
所述原始信息包括所述第一时间信息;the original information includes the first time information;
所述比对单元,还用于获取当前时间的第二时间信息;The comparison unit is also used to obtain the second time information of the current time;
比对第一时间信息和第二时间信息;Compare the first time information with the second time information;
所述响应单元,具体用于当所述第一时间信息和第二时间信息对应的时间差在预设范围内,且所述第一验证摘要和所述第二验证摘要一致时,响应所述服务请求。The response unit is specifically configured to respond to the service when the time difference corresponding to the first time information and the second time information is within a preset range, and the first verification digest and the second verification digest are consistent ask.
基于上述方案,所述验证签名信息是基于自身生成的验证码进行验证的验证结果及第一应用签名信息生成的;Based on the above solution, the verification signature information is generated based on the verification result of the verification code generated by itself and the first application signature information;
所述第三获得单元,用于对所述原始信息中的验证信息及合法应用的第二签名信息进行签名处理,获得第二验证摘要。The third obtaining unit is configured to perform signature processing on the verification information in the original information and the second signature information of the legitimate application to obtain a second verification digest.
基于上述方案,所述验证签名信息是基于自身生成的验证码进行验证的验证结果及设备标识信息生成的;Based on the above solution, the verification signature information is generated based on the verification result and device identification information of the verification code generated by itself;
所述原始信息还包括设备标识信息;The original information also includes device identification information;
所述装置还包括:The device also includes:
验证单元,用于根据所述设备标识信息验证设备合法性;a verification unit, configured to verify the legitimacy of the device according to the device identification information;
所述响应单元,还用于当所述设备合法且所述第一验证摘要和所述第二验证摘要一致时,响应所述服务请求。The response unit is further configured to respond to the service request when the device is legal and the first verification digest and the second verification digest are consistent.
本发明实施例提供的验证方法及装置,能够自行生成验证进行验证,获得验证结果;基于验证结果向服务器发送服务请求,这样的话,即便验证服务器异常,验证也可以照常进行,就可以减少因为验证服务器不能及时返回验证码等验证信息导致的验证时延大或无法验证的问题,提高了验证效率和降低无法验证的概率。The verification method and device provided by the embodiments of the present invention can generate verification by themselves to perform verification, and obtain verification results; and send a service request to the server based on the verification results. In this way, even if the verification server is abnormal, verification can be carried out as usual, which can reduce the need for verification. The server cannot return the verification code and other verification information in time, which causes the problem of long verification delay or unverifiable verification, which improves the verification efficiency and reduces the probability of unverifiable verification.
附图说明Description of drawings
图1为本发明实施例提供的第一种验证方法的流程示意图;1 is a schematic flowchart of a first verification method provided by an embodiment of the present invention;
图2为本发明实施例提供的第二种验证方法的流程示意图;2 is a schematic flowchart of a second verification method provided by an embodiment of the present invention;
图3为本发明实施例提供的第一种验证装置的结构示意图;3 is a schematic structural diagram of a first verification device provided by an embodiment of the present invention;
图4为本发明实施例提供的第二种验证装置的结构示意图;4 is a schematic structural diagram of a second verification device provided by an embodiment of the present invention;
图5为本发明实施例提供的以一种验证插件的结构示意图;5 is a schematic structural diagram of a verification plug-in provided by an embodiment of the present invention;
图6为本发明实施例提供的第三种验证方法的流程示意图。FIG. 6 is a schematic flowchart of a third verification method provided by an embodiment of the present invention.
具体实施方式Detailed ways
以下结合说明书附图及具体实施例对本发明的技术方案做进一步的详细阐述。The technical solutions of the present invention will be further elaborated below with reference to the accompanying drawings and specific embodiments of the description.
如图1所示,本实施例提供一种验证方法,用于验证插件或客户端,包括:As shown in FIG. 1, this embodiment provides a verification method for verifying a plug-in or a client, including:
步骤S110:自行生成验证码;Step S110: generate a verification code by itself;
步骤S120:显示验证码;Step S120: display the verification code;
步骤S130:获取基于所述验证码显示形成的用户输入;Step S130: obtaining user input formed based on the verification code display;
步骤S140:基于所述用户输入生成验证结果;Step S140: generating a verification result based on the user input;
步骤S150:基于所述验证结果,向业务服务器发送服务请求。Step S150: Based on the verification result, send a service request to the service server.
本实施例中所述验证方法的执行主体可为运行在客户端中的验证插件或客户端自身的操作系统。The execution subject of the verification method described in this embodiment may be a verification plug-in running in the client or the operating system of the client itself.
在本实施例中验证插件或客户端,将自行生成验证码,并显示验证码;用户看到显示验证码之后,按照与验证码同时或不同时显示的验证提示,输入验证信息,形成所述用户输入。验证插件或客户端将比对用户输入和验证码,从而获得所述验证结果。所述验证结果为真,即表示用户输入与生成的验证码一致,可认为验证结果表示验证通过,否则验证不通过。在步骤S150中将基于验证结果,向业务服务器发送服务请求。例如,当验证通过时,向业务服务器发送服务请求,验证不通过时,不向业务服务器发送服务请求。所述步骤S150还可包括将所述验证结果携带在所述服务请求中发送给业务服务器,方便业务服务器根据验证结果响应所述服务请求。所述验证结果可以以明文的形式或密文的形式携带在所述服务请求中发送给业务服务器。例如,所述验证结果签名处理之后,携带在所述服务请求中发送给业务服务器。In this embodiment, the verification plug-in or client will generate the verification code by itself, and display the verification code; after the user sees the displayed verification code, the user enters the verification information according to the verification prompt displayed at the same time or different from the verification code to form the above-mentioned verification code. User input. The verification plug-in or client will compare the user input with the verification code to obtain the verification result. If the verification result is true, it means that the user input is consistent with the generated verification code, and it can be considered that the verification result indicates that the verification is passed, otherwise the verification fails. In step S150, a service request will be sent to the service server based on the verification result. For example, when the verification is passed, the service request is sent to the service server, and when the verification fails, the service request is not sent to the service server. The step S150 may further include carrying the verification result in the service request and sending it to the service server, so that the service server can respond to the service request according to the verification result. The verification result may be carried in the service request in the form of plaintext or in the form of ciphertext and sent to the service server. For example, after the verification result is signed, it is carried in the service request and sent to the service server.
这里的服务请求可包括登录某一个应用、网站或账号的登录请求、请求执行支付的支付请求、请求授予查看的查看等各种服务请求。业务服务器在接收到所述服务请求之后,通过对验证签名信息的处理,可认为是否验证通过,若验证通过则会响应所述服务请求。The service request here may include various service requests such as a login request for logging in to a certain application, website or account, a payment request for requesting to perform payment, and a viewing request for granting viewing. After receiving the service request, the service server can determine whether the verification is passed by processing the verification signature information, and if the verification is passed, it will respond to the service request.
这样的话,客户端就不用与验证服务器进行交互来进行验证,业务服务器也不用从验证服务器获取验证是否通过的信息。这样的话,就不会产生验证服务器自身出现宕机等异常或超负荷运行时导致的无法验证、验证延时大的问题,进而进一步导致的服务请求的响应时延大的问题。In this way, the client does not need to interact with the verification server for verification, and the business server does not need to obtain information on whether the verification is passed or not from the verification server. In this way, there will be no problems such as failure of verification and large verification delay caused by abnormality such as downtime of the verification server itself or overloaded operation, which will further lead to the problem of large response delay of service requests.
在本实施例中,所述方法还包括:In this embodiment, the method further includes:
向验证服务器请求验证码;Request a verification code from the verification server;
所述步骤S110可包括:The step S110 may include:
当所述验证服务器返回异常信息或在预定时间内未收到所述验证服务器返回的验证码时,自行生成验证码。When the verification server returns abnormal information or does not receive the verification code returned by the verification server within a predetermined time, the verification code is automatically generated.
在本实施例中验证插件或客户端,在进行验证之前,会首先向验证服务器发送请求,以请求验证码。若当前验证服务器异常,可能会向验证插件或客户端恢复异常信息,若验证服务器当前负荷大,可能就会长时间不会响应验证插件或客户端,则此时验证验证插件或客户端将自行生成验证码,而不继续等待验证服务器返回验证码,以提高验证失效,减少验证时延,确保验证顺利进行。In this embodiment, the verification plug-in or client will first send a request to the verification server to request a verification code before performing verification. If the current verification server is abnormal, the abnormal information may be restored to the verification plug-in or client. If the current load of the verification server is heavy, it may not respond to the verification plug-in or client for a long time. At this time, the verification and verification plug-in or client will automatically Generate a verification code instead of waiting for the verification server to return the verification code, so as to improve the verification failure, reduce the verification delay, and ensure the smooth verification.
在一些实施例中,所述步骤S150可包括:In some embodiments, the step S150 may include:
步骤S151:对所述验证结果进行签名处理,生成验证签名信息;Step S151: Perform signature processing on the verification result to generate verification signature information;
步骤S152:向业务服务器发送包括所述验证签名信息的服务请求;其中,所述验证签名信息用于在满足第一预设条件时,触发所述业务服务器响应所述服务请求。Step S152: Send a service request including the verification signature information to the service server; wherein the verification signature information is used to trigger the service server to respond to the service request when a first preset condition is satisfied.
在本实施例中会对所述验证进行签名处理,生成验证签名信息。该验证签名信息会随着服务请求一同发给业务服务器。这样的话,客户端就不用与验证服务器进行交互来进行验证,业务服务器也不用从验证服务器获取验证是否通过的信息。这样的话,就不会产生验证服务器自身出现宕机等异常或超负荷运行时导致的无法验证、验证延时大的问题,进而进一步导致的服务请求的响应时延大的问题。In this embodiment, signature processing is performed on the verification to generate verification signature information. The verification signature information will be sent to the service server along with the service request. In this way, the client does not need to interact with the verification server for verification, and the business server does not need to obtain information on whether the verification is passed or not from the verification server. In this way, there will be no problems such as failure of verification and large verification delay caused by abnormal downtime of the verification server itself or overloaded operation, which further leads to the problem of large response delay of service requests.
在一些实施例中,In some embodiments,
所述步骤S151可包括:The step S151 may include:
当所述验证结果表示验证通过时,对所述验证结果进行签名处理,获得所述验证签名信息。When the verification result indicates that the verification is passed, signature processing is performed on the verification result to obtain the verification signature information.
所述验证结果表示验证通过,即所述验证结果为真,若验证结果为假,显然验证结果不通过。在本实施例中为了减少业务服务器的负荷,仅在验证结果为真的情况下,对验证结果进行签名处理,获得验证签名信息。当所述验证结果表示验证不通过,即所述验证结果为假时,再次自行生成验证码进行下一次验证。The verification result indicates that the verification is passed, that is, the verification result is true, and if the verification result is false, the verification result obviously fails. In this embodiment, in order to reduce the load of the service server, only when the verification result is true, the verification result is signed and the verification signature information is obtained. When the verification result indicates that the verification fails, that is, the verification result is false, the verification code is generated again by itself for the next verification.
在步骤S151中生成验证签名信息时,不局限于对验证结果进行签名处理,还可以将其他信息与验证结果一同进行签名处理,以下提供几种可选方式。When the verification signature information is generated in step S151, it is not limited to perform signature processing on the verification result, and other information can also be subjected to signature processing together with the verification result. Several optional methods are provided below.
可选方式一:Option 1:
所述步骤S151可包括:The step S151 may include:
获取当前时间的第一时间信息;Get the first time information of the current time;
对所述验证结果和所述第一时间信息进行签名处理,获得所述验证签名信息;其中,所述第一时间信息用于所述业务服务器基于第一时间信息确定是否响应所述服务请求。Perform signature processing on the verification result and the first time information to obtain the verification signature information; wherein the first time information is used by the service server to determine whether to respond to the service request based on the first time information.
所述第一时间信息可为时间戳或时刻点等表示当前时间的信息。这样的话,业务服务器接收到所述服务请求之后,可以通过信息处理,获得第一时间信息;业务服务器根据所述第一时间信息,发现该验证签名信息的形成是在很早以前,则可能攻击者获取了之前验证插件或客户端的服务请求发送的,则不响应该服务请求,从而达到防御攻击或因网络混乱导致服务请求的重复响应。The first time information may be information representing the current time, such as a timestamp or a time point. In this case, after the service server receives the service request, it can obtain the first time information through information processing; according to the first time information, the service server finds that the verification signature information was formed a long time ago, and may attack If the user obtains the service request sent by the previous verification plug-in or client, it will not respond to the service request, thereby achieving defense against attacks or repeated responses to service requests caused by network confusion.
在具体实现时,所述步骤S151可为当所述验证结果表示验证通过时,获取当前时间的第一时间信息,避免验证不通过时的无效处理操作。In a specific implementation, the step S151 may be to obtain the first time information of the current time when the verification result indicates that the verification is passed, so as to avoid an invalid processing operation when the verification fails.
可选方式二:Option 2:
所述步骤S151可包括:The step S151 may include:
获取生成所述服务请求的应用的第一应用签名信息;obtaining the first application signature information of the application that generates the service request;
对所述验证结果和所述应用签名信息进行签名处理,获得所述验证签名信息;所述应用签名信息用于所述业务服务器防止非法应用调用所述验证插件或客户端的对应功能形成的非法服务请求。Perform signature processing on the verification result and the application signature information to obtain the verification signature information; the application signature information is used by the business server to prevent illegal applications from calling the verification plug-in or the corresponding function of the client to form illegal services. ask.
这样的话,防止一些并未授权获得使用该验证插件或客户端该功能的应用,或者一些非法应用恶意调用该验证插件或客户端的该功能导致的问题,提升验证安全性。In this way, problems caused by some unauthorized applications that use the function of the verification plug-in or client, or some illegal applications maliciously calling the function of the verification plug-in or client are prevented, and the verification security is improved.
当然,所述步骤S151可为,当验证结果为真时,才获取所述第一应用签名信息,同时对所述验证结果及所述应用签名信息进行签名处理,获得验证签名信息。Of course, the step S151 may be, when the verification result is true, the first application signature information is acquired, and the verification result and the application signature information are signed at the same time to obtain the verification signature information.
可选方式三:Option three:
所述步骤S151可包括:The step S151 may include:
当所述验证结果表示验证通过时,获取设备标识信息;When the verification result indicates that the verification is passed, obtain the device identification information;
对所述验证结果和所述设备标识信息进行签名处理,获得所述验证签名信息;其中,所述设备标识信息用于所述业务服务器当前服务请求是否来自合法等设备。Perform signature processing on the verification result and the device identification information to obtain the verification signature information; wherein, the device identification information is used for whether the current service request of the service server is from a legal device or the like.
例如,所述合法设备可包括真实的设备,有时候所述验证插件可能被安装在虚拟机上,或者授权使用的设备,例如,有些业务仅有付费用户才能时候,这个时候就可以通过所述设备标识信息来识别付费用户。所述用户标识信息可为国际设备标识等标识信息,以免一些非法者利用虚拟机等非法设备盗用服务。For example, the legal device may include a real device, and sometimes the authentication plug-in may be installed on a virtual machine, or a device authorized to use, for example, when some services are only available to paid users, the Device identification information to identify paying users. The user identification information may be identification information such as an international device identification, so as to prevent some illegal persons from using illegal devices such as virtual machines to steal services.
当然本方式中所述步骤S151可同样为在确定出验证结果为真时,再执行获取设备标识信息的步骤。Of course, the step S151 described in this method may also be the step of obtaining the device identification information when it is determined that the verification result is true.
在具体的应用过程中,所述步骤S151可包括:当验证结果通过时,获取第一时间信息、应用签名信息和设备标识信息;在对这些信息进行签名处理,获得所述验证签名信息,方便业务服务器分别根据验证签名信息进行上述处理,确保验证的安全性和可靠性。In a specific application process, the step S151 may include: when the verification result is passed, acquiring the first time information, application signature information and device identification information; performing signature processing on these information to obtain the verification signature information, which is convenient for The service server performs the above processing according to the verification signature information, respectively, to ensure the security and reliability of the verification.
为了提升验证的安全性,还会对所述验证结果进行加密,当然当所述第一时间信息、应用签名信息及所述设备标识信息中的一个或多个与所述验证结果一同进行签名处理时,还可以对这些信息进行加密处理,降低这些信息在传输过程中被窃取获得的概率,提升信息安全性。In order to improve the security of the verification, the verification result will also be encrypted. Of course, when one or more of the first time information, the application signature information and the device identification information are signed together with the verification result At the same time, the information can also be encrypted to reduce the probability of the information being stolen during the transmission process and improve the information security.
如图2所示,本实施例提供一种验证方法,包括:As shown in Figure 2, this embodiment provides a verification method, including:
步骤S210:接收基于验证插件或客户端基于验证结果发送的服务请求;其中,所述验证结果为基于所述验证插件或客户端自行生成的验证码形成的;Step S210: Receive a service request sent based on the verification plug-in or the client based on the verification result; wherein, the verification result is formed based on the verification code generated by the verification plug-in or the client;
步骤S220:当所述服务请求满足第二预设条件时,响应所述服务请求。Step S220: When the service request satisfies the second preset condition, respond to the service request.
本实施例所述验证方法可为应用于业务服务器中方法,业务服务器将从客户端或验证插件直接接收包括验证签名信息的服务请求。The verification method described in this embodiment may be a method applied to a service server, and the service server will directly receive a service request including verification signature information from a client or a verification plug-in.
本实施例中所述服务请求是基于验证结果发送的,而该验证结果是基于验证插件或客户端自行生成的验证码形成的,这样具有验证时延小及服务请求响应及时的特点。The service request in this embodiment is sent based on the verification result, and the verification result is formed based on the verification code generated by the verification plug-in or the client itself, which has the characteristics of small verification delay and timely response to the service request.
所述第二预设条件可包括所述验证结果为真时,响应所述服务请求。例如,所述验证结果可以明文或明文携带在所述服务请求中,这样的话,所述业务服务器就可以查看所述验证结果,并根据验证结果,确定是否响应业务服务。The second preset condition may include responding to the service request when the verification result is true. For example, the verification result may be carried in the service request in plaintext or in plaintext, in this case, the service server can view the verification result and determine whether to respond to the business service according to the verification result.
在一些实施例中,所述步骤S210:接收包括验证签名信息的服务请求;其中,所述验证签名信息是基于自身生成的验证码进行验证的验证结果生成的;In some embodiments, the step S210: receiving a service request including verification signature information; wherein, the verification signature information is generated based on a verification result verified by a verification code generated by itself;
所述步骤S220包括:The step S220 includes:
步骤S221:利用验证公钥对所述验证签名信息进行处理,获得第一验证摘要;Step S221: use the verification public key to process the verification signature information to obtain a first verification digest;
步骤S222:利用验证私钥对所述验证签名信息进行处理,获得生成所述验证签名信息的原始信息;Step S222: Use the verification private key to process the verification signature information to obtain the original information for generating the verification signature information;
步骤S223:对所述原始信息进行签名处理,获得第二验证摘要;Step S223: Perform signature processing on the original information to obtain a second verification digest;
步骤S224:比对所述第一验证摘要和所述第二验证摘要;Step S224: Compare the first verification digest with the second verification digest;
步骤S225:当所述第一验证摘要和所述第二验证摘要一致时,响应所述服务请求。Step S225: When the first verification digest is consistent with the second verification digest, respond to the service request.
在接收到验证签名信息之后,利用验证公钥对验证签名信息进行处理,从而获得验证结果对应的第一验证摘要。After receiving the verification signature information, the verification signature information is processed by using the verification public key, thereby obtaining the first verification digest corresponding to the verification result.
与此同时,业务服务器还会利用验证私钥对所述验证信息进行处理,获得原始信息,这里的原始信息至少博阿凯所述验证结果。在利用哈希函数等处理,对所述原始信息进行信息处理,将得到第二验证摘要。At the same time, the service server will also process the verification information by using the verification private key to obtain the original information, where the original information is at least the verification result described by Boakai. The second verification digest is obtained by performing information processing on the original information by using a hash function or the like.
业务服务器将比对所述第一验证摘要和第二验证摘要,当比对发现这两个摘要一致时,可认为验证结果没有被篡改,故安全性和可靠性得到了保证。在具体的实现过程中,所述验证签名信息是基于表示验证通过的验证结果生成的,或业务服务器获取到所述验证结果,确定验证结果为真的情况下,才响应所述服务请求。The service server will compare the first verification digest with the second verification digest, and when the two digests are found to be consistent, it can be considered that the verification result has not been tampered with, so the security and reliability are guaranteed. In a specific implementation process, the verification signature information is generated based on a verification result indicating that the verification is passed, or the service server responds to the service request only when the verification result is obtained and the verification result is determined to be true.
在一些实施例中,所述验证签名信息是基于自身生成的验证码进行验证的验证结果及第一时间信息生成的;In some embodiments, the verification signature information is generated based on the verification result of the verification code generated by itself and the first time information;
所述原始信息包括所述第一时间信息;the original information includes the first time information;
所述方法还包括:The method also includes:
获取当前时间的第二时间信息;Get the second time information of the current time;
比对第一时间信息和第二时间信息;Compare the first time information with the second time information;
所述步骤S225可包括:The step S225 may include:
当所述第一时间信息和第二时间信息对应的时间差在预设范围内,且所述第一验证摘要和所述第二验证摘要一致时,响应所述服务请求。When the time difference corresponding to the first time information and the second time information is within a preset range, and the first verification digest and the second verification digest are consistent, the service request is responded to.
通常一旦验证签名信息生成,就会立马发送给业务服务器,业务服务器接收到服务请求之后,将会获得一个时间信息。这两个时间信息的时间差应该较小,否则若当前获得的验证签名信息是很久之前就形成的,该验证服务信息被非法者窃取了之后重新使用,可能会导致服务的不安全或服务的重复响应的问题。故在本实施例中所述第一时间信息和第二时间信息都可为时间戳,比对两个时间差,发现两个时间戳对应的时刻点在预设范围内,例如所述时间差可为1分钟、120秒等时间范围时,可认为不存在安全问题,在结合两个验证摘要是否一致,确定是否响应所述服务请求。Usually, once the verification signature information is generated, it will be sent to the business server immediately. After the business server receives the service request, it will obtain time information. The time difference between the two time information should be small. Otherwise, if the currently obtained verification signature information is formed a long time ago, the verification service information is stolen and reused by an illegal person, which may lead to insecurity of the service or duplication of the service. response to the question. Therefore, in this embodiment, both the first time information and the second time information can be timestamps. By comparing the two time differences, it is found that the time points corresponding to the two timestamps are within a preset range. For example, the time difference can be In the time range of 1 minute, 120 seconds, etc., it can be considered that there is no security problem, and it is determined whether to respond to the service request based on whether the two verification digests are consistent.
在一些实施例中,所述验证签名信息是基于自身生成的验证码进行验证的验证结果及第一应用签名信息生成的;所述步骤S225可包括:对所述原始信息中的验证结果及合法应用的第二应用签名信息进行签名处理,获得所述第二验证摘要。由于所述第一验证摘要是基于第一应用签名信息形成的,而第二验证摘要是利用第二验证签名信息替代了第一应用签名信息签名生成的,若验证签名信息未被篡改等非法处理,则第一应用签名信息和第二应用签名信息应该一直,则不会影响两个验证摘要的比对,从而可以防止非法应用的恶意攻击。In some embodiments, the verification signature information is generated based on the verification result of the verification code generated by itself and the first application signature information; the step S225 may include: verifying the verification result and legality in the original information. The second application signature information of the application is subjected to signature processing to obtain the second verification digest. Since the first verification digest is formed based on the first application signature information, and the second verification digest is generated by using the second verification signature information to replace the signature of the first application signature information, if the verification signature information has not been tampered with, illegal processing such as , the signature information of the first application and the signature information of the second application should be the same, so the comparison of the two verification digests will not be affected, so that malicious attacks of illegal applications can be prevented.
在另一些实施例中,所述验证签名信息是基于自身生成的验证码进行验证的验证结果及第一应用签名信息生成的;所述原始信息还包括第一应用签名信息;所述方法还包括:将所述第一应用签名信息与合法应用的第二签名信息进行比对;所述步骤S225可包括:当所述第一应用签名信息和第二应用签名信息比对一致且所述第一验证摘要和所述第二验证摘要一致时,响应所述服务请求。In some other embodiments, the verification signature information is generated based on the verification result of the verification code generated by the self-generated verification code and the first application signature information; the original information further includes the first application signature information; the method further includes : comparing the first application signature information with the second signature information of the legal application; the step S225 may include: when the first application signature information and the second application signature information are compared and consistent and the first application signature information is consistent When the verification digest is consistent with the second verification digest, the service request is responded to.
在本实施例中还会确定所述第一应用签名信息是有验证插件或客户端提供的,所述第二应用签名信息为存储在业务服务器中的。所述业务服务器中存储有其可提供服务的合法应用的应用签名信息,该应用签名信息称之为第二应用签名信息。若所述第一应用签名信息可为第二应用签名信息中的一个,则确认是合法应用发起的服务请求,从而再次提高了验证的安全性和可靠性。In this embodiment, it is also determined that the first application signature information is provided by a verification plug-in or a client, and the second application signature information is stored in the service server. The service server stores application signature information of legitimate applications that can provide services, and the application signature information is referred to as second application signature information. If the first application signature information can be one of the second application signature information, it is confirmed that the service request is initiated by a legitimate application, thereby improving the security and reliability of verification again.
在一些实施例中,所述验证签名信息是基于自身生成的验证码进行验证的验证结果及设备标识信息生成的;所述原始信息还包括设备标识信息;In some embodiments, the verification signature information is generated based on the verification result and device identification information of the verification code generated by itself; the original information also includes device identification information;
所述方法还包括:The method also includes:
根据所述设备标识信息验证设备合法性;Verify the legitimacy of the device according to the device identification information;
所述步骤S225可包括:The step S225 may include:
当所述设备合法且所述第一验证摘要和所述第二验证摘要一致时,响应所述服务请求。When the device is legitimate and the first verification digest and the second verification digest are consistent, the service request is responded to.
在本实施例中通过所述设备标识信息的获取,可知设备的合法性,例如,通过设备是否合法的验证,可确定当前运行所述验证插件的设备或客户端是否是真实的设备而非虚拟机,是否是授权设备等,从而再次确保了验证的安全性和可靠性。In this embodiment, through the acquisition of the device identification information, the legitimacy of the device can be known. For example, through the verification of whether the device is legal, it can be determined whether the device or client currently running the verification plug-in is a real device rather than a virtual device. machine, whether it is an authorized device, etc., thus ensuring the security and reliability of the verification again.
如图3所示,本实施例提供一种验证装置,位于验证插件或客户端中,包括:As shown in FIG. 3, this embodiment provides a verification device, which is located in a verification plug-in or a client, including:
生成单元110,用于自行生成验证码;The generating unit 110 is used to generate the verification code by itself;
显示单元120,用于显示验证码;a display unit 120 for displaying the verification code;
获取单元130,用于获取基于所述验证码显示形成的用户输入;an obtaining unit 130, configured to obtain a user input formed based on the verification code display;
发送单元140,用于基于所述验证结果,向业务服务器发送服务请求。The sending unit 140 is configured to send a service request to the service server based on the verification result.
本实施例所述验证装置可对应于前述的验证插件,或对应于前述客户端具有离线验证功能处理模块。所述验证插件可安装在各种设备中,例如,手机、平板电脑或笔记本电脑或可穿戴式设备等各种电子设备。The verification device in this embodiment may correspond to the aforementioned verification plug-in, or correspond to the aforementioned client with an offline verification function processing module. The verification plug-in can be installed in various devices, for example, various electronic devices such as mobile phones, tablet computers or notebook computers or wearable devices.
所述生成单元110将自用自行生成验证码。这里的验证码可为文本验证码、也可以是图片验证码。于此同时,所述生成单元110还可生成验证提示信息,提示用户进行验证。The generating unit 110 will generate the verification code by itself. The verification code here can be a text verification code or an image verification code. At the same time, the generating unit 110 may also generate verification prompt information to prompt the user to perform verification.
所述显示单元120可对应于各种能够控制显示屏进行显示的结构。所述显示屏可包括液晶显示屏、电子墨水显示屏、投影显示屏或有机发光二极管OLED等显示结构,控制所述验证码的显示。方便用户比对输入。The display unit 120 may correspond to various structures capable of controlling the display screen to display. The display screen may include a display structure such as a liquid crystal display screen, an electronic ink display screen, a projection display screen or an organic light-emitting diode OLED, etc., to control the display of the verification code. It is convenient for users to compare and input.
所述获取单元130可对应于各种人机交互接口,获取各种用户输入。所述人机交互接口可包括键盘、触摸屏或语音输入接口等。The acquiring unit 130 may correspond to various human-computer interaction interfaces and acquire various user inputs. The human-computer interaction interface may include a keyboard, a touch screen or a voice input interface.
所述发送单元140对应于通信接口,这里的通信接口可为无线接口或有线接口,能够方便通信。The sending unit 140 corresponds to a communication interface, where the communication interface can be a wireless interface or a wired interface, which can facilitate communication.
总之,本实施例提供了一种装置,能够不与验证服务器交互的情况下,也不能够进行验证,提升验证效率,减少耽误业务服务器对业务请求的响应现象。In conclusion, this embodiment provides a device that can not perform verification without interacting with the verification server, thereby improving verification efficiency and reducing the phenomenon of delaying the service server's response to the service request.
在一些实施例中,所述发送单元140,还用于向验证服务器请求验证码;In some embodiments, the sending unit 140 is further configured to request a verification code from the verification server;
所述生成单元110,具体用于当所述验证服务器返回异常信息或在预定时间内未收到所述验证服务器返回的验证码时,自行生成验证码。The generating unit 110 is specifically configured to generate a verification code by itself when the verification server returns abnormal information or does not receive the verification code returned by the verification server within a predetermined time.
在本实施例中所述装置,仅有在确定出验证服务器不能及时提供验证码的情况下,才自行生成验证码自行进行验证结果的生成。In the device described in this embodiment, only when it is determined that the verification server cannot provide the verification code in time, the verification code is generated by itself and the verification result is generated by itself.
所述装置还包括:The device also includes:
验证单元,用于基于所述用户输入生成验证结果;a verification unit for generating a verification result based on the user input;
签名单元,用于对所述验证结果进行签名处理,生成验证签名信息;a signature unit, configured to perform signature processing on the verification result, and generate verification signature information;
所述发送单元140,用于向业务服务器发送包括所述验证签名信息的服务请求;其中,所述验证签名信息用于在满足第一预设条件时,触发所述业务服务器响应所述服务请求。The sending unit 140 is configured to send a service request including the verification signature information to the service server; wherein the verification signature information is used to trigger the service server to respond to the service request when a first preset condition is satisfied .
所述验证单元及签名单元,可对应于处理器或处理电路。所述处理器可包括中央处理器、微处理器、数字信号处理器、可编程阵列或应用处理器等。所述处理电路可包括专用集成电路等。所述处理器或处理电路可通过预定代码的执行,实现上述操作。The verification unit and the signature unit may correspond to a processor or a processing circuit. The processor may include a central processing unit, a microprocessor, a digital signal processor, a programmable array, or an application processor, among others. The processing circuit may include an application specific integrated circuit or the like. The processor or processing circuit may implement the above operations through the execution of predetermined codes.
在一些实施例中,所述签名单元,具体用于当所述验证结果表示验证通过时,对所述验证结果进行签名处理,获得所述验证签名信息。在本实施例中为了减少业务服务器的处理负荷,只有在验证结果为真时才进行验证签名信息的处理。在一些实施例中,所述生成单元110,用于当验证结果为假时,再次自行生成验证码,以进行下一次验证。In some embodiments, the signature unit is specifically configured to perform signature processing on the verification result to obtain the verification signature information when the verification result indicates that the verification is passed. In this embodiment, in order to reduce the processing load of the service server, the processing of verifying the signature information is performed only when the verification result is true. In some embodiments, the generating unit 110 is configured to generate a verification code by itself again when the verification result is false for the next verification.
在一些实施例中,所述签名单元,具体用于获取当前时间的第一时间信息;对所述验证结果和所述第一时间信息进行签名处理,获得所述验证签名信息;其中,所述第一时间信息用于所述业务服务器基于第一时间信息确定是否响应所述服务请求。通过所述第一时间信息的签名处理,这样的话,所述业务服务器将获得第一时间信息,防止攻击者窃取验证插件或客户端已使用过的数据,进行再次服务请求,再次提升了安全性,也可以减少网络延迟导致的重复请求问题。In some embodiments, the signature unit is specifically configured to obtain the first time information of the current time; perform signature processing on the verification result and the first time information to obtain the verification signature information; wherein, the The first time information is used for the service server to determine whether to respond to the service request based on the first time information. Through the signature processing of the first time information, in this case, the business server will obtain the first time information, preventing attackers from stealing the data that has been used by the verification plug-in or the client, and making another service request, which improves the security again. , which can also reduce the problem of repeated requests caused by network latency.
在有些实施例中,所述签名单元,具体用于获取生成所述服务请求的应用的第一应用签名信息;对所述验证结果和所述应用签名信息进行签名处理,获得所述验证签名信息;所述应用签名信息用于所述业务服务器防止非法应用调用所述。在本实施例中所述签名单元还通过第一应用签名信息的获取,结合第一应用签名信息生成验证签名信息,这样可以防止非法应用的恶意操作,再次提升了安全性。In some embodiments, the signature unit is specifically configured to acquire first application signature information of an application that generates the service request; perform signature processing on the verification result and the application signature information to obtain the verification signature information ; The application signature information is used by the service server to prevent illegal applications from calling the application. In this embodiment, the signature unit also generates verification signature information by obtaining the signature information of the first application and combining the signature information of the first application, which can prevent malicious operations of illegal applications and improve security again.
在一些实施例中,所述签名单元,还用于获取设备标识信息;对所述验证结果和所述设备标识信息进行签名处理,获得所述验证签名信息;其中,所述设备标识信息用于所述业务服务器当前服务请求是否来自合法等设备。在本实施例中所述验证签名信息是至少基于验证结果及设备标识信息获得,这样方便业务服务器确定是否合法设备发送的服务请求,以再次提升安全性。In some embodiments, the signature unit is further configured to acquire device identification information; perform signature processing on the verification result and the device identification information to obtain the verification signature information; wherein the device identification information is used for Whether the current service request of the service server comes from a legal device or not. In this embodiment, the verification signature information is obtained based on at least the verification result and the device identification information, which facilitates the service server to determine whether the service request is sent by a legitimate device, so as to improve the security again.
如图4所示,本实施例还提供另一种一种验证装置,包括:As shown in FIG. 4 , this embodiment also provides another verification device, including:
接收单元210,用于接收包括验证签名信息的服务请求;其中,所述验证签名信息是基于自身生成的验证码进行验证的验证结果生成的;a receiving unit 210, configured to receive a service request including verification signature information; wherein, the verification signature information is generated based on a verification result of verification by a verification code generated by itself;
响应单元220,用于当所述服务请求满足第二预设条件时,响应所述服务请求。The responding unit 220 is configured to respond to the service request when the service request satisfies the second preset condition.
本实施例所述的验证装置可为应用于业务服务器中的装置。所述接收单元210可包括接收接口,能够接收所述服务请求,该服务请求是携带有验证签名信息的。The verification device described in this embodiment may be a device applied to a service server. The receiving unit 210 may include a receiving interface capable of receiving the service request, where the service request carries verification signature information.
所述响应单元220可对应于处理器或处理电路。所述处理器和处理电路的结构可以参见前述实施例的对应部分,此处就不再重复了。The response unit 220 may correspond to a processor or a processing circuit. For the structures of the processor and the processing circuit, reference may be made to the corresponding parts of the foregoing embodiments, which will not be repeated here.
在有些实施例中,所述接收单元,具体用于接收包括验证签名信息的服务请求;其中,所述验证签名信息是基于自身生成的验证码进行验证的验证结果生成的;所述装置还包括:第一获得单元,用于利用验证公钥对所述验证签名信息进行处理,获得第一验证摘要;第二获得单元,用于利用验证私钥对所述验证签名信息进行处理,获得生成所述验证签名信息的原始信息;其中,所述原始信息至少包括所述验证结果;第三获得单元,用于对所述原始信息进行签名处理,获得第二验证摘要;比对单元,用于比对所述第一验证摘要和所述第二验证摘要;所述响应单元220,用于当所述第一验证摘要和所述第二验证摘要一致时,响应所述服务请求。In some embodiments, the receiving unit is specifically configured to receive a service request including verification signature information; wherein the verification signature information is generated based on a verification result verified by a verification code generated by itself; the apparatus further includes : a first obtaining unit, used to process the verification signature information by using the verification public key to obtain a first verification digest; a second obtaining unit, used to process the verification signature information by using the verification private key, and obtain the generated data. The original information of the verification signature information; wherein, the original information includes at least the verification result; a third obtaining unit is used to perform signature processing on the original information to obtain a second verification digest; a comparison unit is used to compare For the first verification digest and the second verification digest; the response unit 220 is configured to respond to the service request when the first verification digest and the second verification digest are consistent.
第一获得单元、第二获得单元、第三获得单元、比对单元及响应单元220可对应于处理器或处理电路。所述处理器和处理电路的结构可以参见前述实施例的对应部分,此处就不再重复了。The first obtaining unit, the second obtaining unit, the third obtaining unit, the comparing unit, and the responding unit 220 may correspond to a processor or a processing circuit. For the structures of the processor and the processing circuit, reference may be made to the corresponding parts of the foregoing embodiments, which will not be repeated here.
在一些实施例中,所述验证签名信息是基于自身生成的验证码进行验证的验证结果及第一时间信息生成的;所述原始信息包括所述第一时间信息;所述比对单元,还用于获取当前时间的第二时间信息;比对第一时间信息和第二时间信息;所述响应单元220,具体用于当所述第一时间信息和第二时间信息对应的时间差在预设范围内,且所述第一验证摘要和所述第二验证摘要一致时,响应所述服务请求。In some embodiments, the verification signature information is generated based on a verification result of verification code generated by itself and first time information; the original information includes the first time information; the comparison unit further Used to obtain the second time information of the current time; compare the first time information and the second time information; the response unit 220 is specifically used for when the time difference corresponding to the first time information and the second time information is preset When the first verification digest is consistent with the second verification digest, the service request is responded to.
在一些实施例中,所述验证签名信息是基于自身生成的验证码进行验证的验证结果及第一应用签名信息生成的;所述第三获得单元,用于对所述原始信息中的验证信息及合法应用的第二签名信息进行签名处理,获得第二验证摘要。采用这样的方式生成的第二验证摘要,可以对服务请求是否为合法应用发送的进行验证。In some embodiments, the verification signature information is generated based on the verification result of the verification code generated by itself and the first application signature information; the third obtaining unit is configured to verify the verification information in the original information and the second signature information of the legitimate application to perform signature processing to obtain a second verification digest. The second verification digest generated in this way can verify whether the service request is sent by a legitimate application.
在有些实施例中,所述验证签名信息是基于自身生成的验证码进行验证的验证结果及第一应用签名信息生成的;所述原始信息还包括第一应用签名信息;所述比对单元,还用于将所述第一应用签名信息与合法应用的第二签名信息进行比对;所述响应单元220,具体用于当所述第一应用签名信息和第二应用签名信息对一致且所述第一验证摘要和所述第二验证摘要一致时,响应所述服务请求。In some embodiments, the verification signature information is generated based on the verification result of the verification code generated by itself and the first application signature information; the original information further includes the first application signature information; the comparison unit, It is also used to compare the first application signature information with the second signature information of the legal application; the response unit 220 is specifically configured to compare the first application signature information and the second application signature information when the pair of the first application signature information and the second application signature information are consistent and all When the first verification digest and the second verification digest are consistent, the service request is responded to.
在一些实施例中,所述验证签名信息是基于自身生成的验证码进行验证的验证结果及设备标识信息生成的;所述原始信息还包括设备标识信息;所述装置还包括:验证单元,用于根据所述设备标识信息验证设备合法性;所述响应单元220,还用于当所述设备合法且所述第一验证摘要和所述第二验证摘要一致时,响应所述服务请求。这里的验证单元同样可对应于前述的处理器或处理电路。In some embodiments, the verification signature information is generated based on the verification result and device identification information of the verification code generated by itself; the original information further includes device identification information; the apparatus further includes: a verification unit, which uses The response unit 220 is further configured to respond to the service request when the device is legal and the first verification digest and the second verification digest are consistent. The verification unit here can also correspond to the aforementioned processor or processing circuit.
以下结合上述任意实施例提供几个具体示例:Several specific examples are provided below in conjunction with any of the above-mentioned embodiments:
示例一:Example one:
本示例提供一种验证插件。该验证插件可安装客户端中使用。验证插件本地自行生成验证码、提供验证码的展示、收集用户输入以及验证用户输入,如果验证通过,则将验证结果进行数字签名处理,然后向业务服务器发送登录请求;业务服务器对验证结果的数字签名进行验证,确认验证结果的未被篡改,且验证结果来源于可靠的客户端请求。通过上述方案,实现了验证码的本地生成及验证,解决了现有技术中验证服务器因为黑客攻击或机器故障导致宕机的情况下业务无法正常运行的情况,同时业务服务器通过对移动客服端传输数据包括验证结果、时间戳、设备信息、应用签名信息的数字签名进行验证,保障了客户端传输数据的可靠性和完整性,防止被外部篡改的可能。This example provides an authentication plugin. The authentication plug-in can be used in the installation client. The verification plug-in generates the verification code locally, provides the display of the verification code, collects user input, and verifies the user input. If the verification is passed, the verification result will be digitally signed, and then a login request will be sent to the business server; The signature is verified to confirm that the verification result has not been tampered with and that the verification result comes from a reliable client request. Through the above solution, the local generation and verification of the verification code is realized, and the situation in the prior art that the verification server cannot run normally when the verification server is down due to a hacker attack or a machine failure is solved. The data includes verification results, timestamps, device information, and digital signatures of application signature information for verification, which ensures the reliability and integrity of the data transmitted by the client and prevents the possibility of external tampering.
客户端侧的验证插件以软件开发工具包(Software Development Kit,SDK)的形式内嵌在应用中。本实施例提供的客户端可为移动客户端,也可以为固定客户端。The authentication plug-in on the client side is embedded in the application in the form of a software development kit (Software Development Kit, SDK). The client provided in this embodiment may be a mobile client or a fixed client.
如图5所示,所述验证插件包括:As shown in Figure 5, the verification plug-in includes:
验证服务器异常识别模块,用于验证服务器的验证异常识别,具体可用于向验证服务器请求验证码,检测验证服务器的返回信息,若返回异常信息或在预定时间内未得到所述验证码,则认为出现了验证异常;The verification server abnormal identification module is used for verification abnormal identification of the verification server. Specifically, it can be used to request the verification code from the verification server, and detect the return information of the verification server. If the abnormal information is returned or the verification code is not obtained within a predetermined time, it is considered that A validation exception occurred;
验证码生成模块,用于本地自行生成验证码;该验证生成模块相当于前述实施例中的生成单元110;a verification code generation module, used to generate a verification code locally; the verification generation module is equivalent to the generation unit 110 in the foregoing embodiment;
验证码展示模块,用于控制本地生成的验证码的显示;所述验证码展示模块相当于前述的显示单元120;The verification code display module is used to control the display of the verification code generated locally; the verification code display module is equivalent to the aforementioned display unit 120;
用户输入答案收集模块,用于采集用户基于验证码的显示的用户输入;所述用户输入答案收集模块相当于前述获取单元120的组成结构;The user input answer collection module is used to collect the user input based on the display of the verification code; the user input answer collection module is equivalent to the composition structure of the aforementioned obtaining unit 120;
用户输入答案验证模块,用于对用户输入进行验证,形成验证结果;所述用户输入答案验证模块相当于前述的验证单元;The user input answer verification module is used to verify the user input to form a verification result; the user input answer verification module is equivalent to the aforementioned verification unit;
验证结果数字签名模块,用于对表示验证通过的验证结果进行签名处理,形成验证签名信息;所述验证结果数字签名模块,相当于前述的签名单元;The verification result digital signature module is used to perform signature processing on the verification result indicating that the verification is passed to form verification signature information; the verification result digital signature module is equivalent to the aforementioned signature unit;
验证结果加密模块,用于对验证结果进行加密。The verification result encryption module is used to encrypt the verification result.
上述模块都在在由预定文件提供的代码实现,例如,可以由so文件来实现,并已经过混淆处理,防止被恶意破解。The above modules are all implemented in the code provided by the predetermined file, for example, can be implemented by the so file, which has been obfuscated to prevent malicious cracking.
示例二:Example two:
如图6所示,本示例提供一种验证方法包括:As shown in Figure 6, this example provides a verification method including:
步骤1:客户端或验证插件向验证码服务请求验证码。Step 1: The client or the verification plug-in requests the verification code from the verification code service.
步骤2:验证服务器因黑客攻击、机器故障等原因宕机或请求量过多致无法及时响应。Step 2: Verify that the server fails to respond in time due to hacker attacks, machine failures, etc., due to downtime or too many requests.
步骤3:验证服务器返回异常信息,所述异常信息可包括网络连接错误代码,例如连接超时、网络请求不可达等。所述异常代码可包括404等。Step 3: The verification server returns abnormal information, and the abnormal information may include a network connection error code, such as connection timeout, network request unreachable, and the like. The exception code may include 404 and the like.
步骤4:验证插件本地自行生成验证码以及验证码在客户端的展示。Step 4: The verification plug-in generates the verification code locally and displays the verification code on the client side.
步骤5:获取用户输入的验证答案。Step 5: Get the verification answer entered by the user.
步骤6:验证插件对用户输入的验证答案进行验证,得到验证结果。Step 6: The verification plug-in verifies the verification answer input by the user to obtain the verification result.
步骤7:如果验证结果为真表示验证通过,验证插件对验证结果、时间戳、设备指纹信息及应用签名信息进行数字签名,并向业务服务器发送验证请求。这里的设备指纹信息为前述设备标识信息的一种。该步骤具体可包括:验证结果数字签名模块首先获取当前的时间戳、设备指纹信息、应用签名信息。验证结果数字签名模块利用哈希函数生成验证结果、时间戳、设备指纹信息、应用签名信息的摘要,然后通过SDK内存储的安全私钥对摘要进行加密,生成包含有验证结果的数字签名。如果验证结果为假表示验证不通过,验证插件继续生成新的验证码。Step 7: If the verification result is true, the verification is passed, and the verification plug-in digitally signs the verification result, timestamp, device fingerprint information and application signature information, and sends a verification request to the service server. The device fingerprint information here is one of the aforementioned device identification information. This step may specifically include: the verification result digital signature module first obtains the current timestamp, device fingerprint information, and application signature information. The verification result digital signature module uses a hash function to generate a digest of the verification result, timestamp, device fingerprint information, and application signature information, and then encrypts the digest with the secure private key stored in the SDK to generate a digital signature containing the verification result. If the verification result is false, it means that the verification fails, and the verification plug-in continues to generate a new verification code.
步骤8:业务服务器对请求的数据进行验证,确认请求数据的可靠性和完整性。Step 8: The service server verifies the requested data to confirm the reliability and integrity of the requested data.
步骤9:业务服务器返回最终验证结果。Step 9: The business server returns the final verification result.
验证结果为真的情况下,验证插件向业务服务器发送登录请求,具体流程如下:验证插件对验证结果进行加密处理,并将上述包含有验证结果的数字签名、已加密的验证结果、时间戳、设备指纹信息等发送给业务服务器。业务服务器对客户端请求的数据进行处理,其中业务服务器已安全存储用于数字签名验证的公钥、验证结果解密的私钥和应用签名信息,具体步骤:When the verification result is true, the verification plug-in sends a login request to the business server. The specific process is as follows: The device fingerprint information, etc. are sent to the service server. The business server processes the data requested by the client, wherein the business server has securely stored the public key for digital signature verification, the private key for decrypting the verification result, and the application signature information. The specific steps are as follows:
业务服务器对客户端请求的数据进行解析,得到包含有验证结果的数字签名、时间戳、设备指纹信息以及已加密的验证结果等。The service server parses the data requested by the client, and obtains the digital signature, time stamp, device fingerprint information and encrypted verification result containing the verification result.
业务服务器通过本地存储的公钥对请求的包含有验证结果的数字签名进行解密,得到包含有验证结果的摘要。The service server decrypts the requested digital signature containing the verification result through the locally stored public key, and obtains a digest containing the verification result.
业务服务器通过本地存储的私钥对已加密的验证结果进行解密,然后通过哈希函数生成验证结果、时间戳、设备指纹信息、本地存储的应用签名信息的摘要。The business server decrypts the encrypted verification result through the locally stored private key, and then generates a summary of the verification result, timestamp, device fingerprint information, and locally stored application signature information through a hash function.
比较上述步骤分别获得两个摘要是否一致,如果一致说明客户端请求的数据未被篡改,且用户验证码输入答案正确。比对一致的情况下,比较时间戳与业务服务器获取的本地时间戳的差值是否超过120秒,如果超时则验证不通过。通过时间戳的比较,可以有效防止攻击者伪造客户端的数据重复发送登录请求。另一方面比对一致,说明发送登录请求的客户端的签名信息与业务服务器本地的应用签名信息是一致的,有效防止验证插件被恶意应用调用。Compare the above steps to obtain whether the two digests are consistent. If they are consistent, it means that the data requested by the client has not been tampered with, and the user's verification code input answer is correct. If the comparison is consistent, check whether the difference between the time stamp and the local time stamp obtained by the business server exceeds 120 seconds. If it times out, the verification fails. By comparing the timestamps, the attacker can effectively prevent the attacker from forging the client's data to repeatedly send the login request. On the other hand, the comparison is consistent, indicating that the signature information of the client sending the login request is consistent with the local application signature information of the business server, which effectively prevents the verification plug-in from being called by malicious applications.
在本申请所提供的几个实施例中,应该理解到,所揭露的设备和方法,可以通过其它的方式实现。以上所描述的设备实施例仅仅是示意性的,例如,所述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,如:多个单元或组件可以结合,或可以集成到另一个系统,或一些特征可以忽略,或不执行。另外,所显示或讨论的各组成部分相互之间的耦合、或直接耦合、或通信连接可以是通过一些接口,设备或单元的间接耦合或通信连接,可以是电性的、机械的或其它形式的。In the several embodiments provided in this application, it should be understood that the disclosed apparatus and method may be implemented in other manners. The device embodiments described above are only illustrative. For example, the division of the units is only a logical function division. In actual implementation, there may be other division methods. For example, multiple units or components may be combined, or Can be integrated into another system, or some features can be ignored, or not implemented. In addition, the coupling, or direct coupling, or communication connection between the components shown or discussed may be through some interfaces, and the indirect coupling or communication connection of devices or units may be electrical, mechanical or other forms. of.
上述作为分离部件说明的单元可以是、或也可以不是物理上分开的,作为单元显示的部件可以是、或也可以不是物理单元,即可以位于一个地方,也可以分布到多个网络单元上;可以根据实际的需要选择其中的部分或全部单元来实现本实施例方案的目的。The unit described above as a separate component may or may not be physically separated, and the component displayed as a unit may or may not be a physical unit, that is, it may be located in one place or distributed to multiple network units; Some or all of the units may be selected according to actual needs to achieve the purpose of the solution in this embodiment.
另外,在本发明各实施例中的各功能单元可以全部集成在一个处理模块中,也可以是各单元分别单独作为一个单元,也可以两个或两个以上单元集成在一个单元中;上述集成的单元既可以采用硬件的形式实现,也可以采用硬件加软件功能单元的形式实现。In addition, each functional unit in each embodiment of the present invention may all be integrated into one processing module, or each unit may be separately used as a unit, or two or more units may be integrated into one unit; the above-mentioned integration The unit can be implemented either in the form of hardware or in the form of hardware plus software functional units.
本领域普通技术人员可以理解:实现上述方法实施例的全部或部分步骤可以通过程序指令相关的硬件来完成,前述的程序可以存储于一计算机可读取存储介质中,该程序在执行时,执行包括上述方法实施例的步骤;而前述的存储介质包括:移动存储设备、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、磁碟或者光盘等各种可以存储程序代码的介质。Those of ordinary skill in the art can understand that all or part of the steps of implementing the above method embodiments can be completed by program instructions related to hardware, the aforementioned program can be stored in a computer-readable storage medium, and when the program is executed, execute Including the steps of the above-mentioned method embodiment; and the aforementioned storage medium includes: a mobile storage device, a read-only memory (ROM, Read-Only Memory), a random access memory (RAM, Random Access Memory), a magnetic disk or an optical disk and other various A medium on which program code can be stored.
以上所述,仅为本发明的具体实施方式,但本发明的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本发明揭露的技术范围内,可轻易想到变化或替换,都应涵盖在本发明的保护范围之内。因此,本发明的保护范围应以所述权利要求的保护范围为准。The above are only specific embodiments of the present invention, but the protection scope of the present invention is not limited thereto. Any person skilled in the art can easily think of changes or substitutions within the technical scope disclosed by the present invention. should be included within the protection scope of the present invention. Therefore, the protection scope of the present invention should be based on the protection scope of the claims.
Claims (22)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610922162.XA CN107979467B (en) | 2016-10-21 | 2016-10-21 | Verification method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610922162.XA CN107979467B (en) | 2016-10-21 | 2016-10-21 | Verification method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107979467A CN107979467A (en) | 2018-05-01 |
| CN107979467B true CN107979467B (en) | 2020-07-21 |
Family
ID=62004010
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610922162.XA Active CN107979467B (en) | 2016-10-21 | 2016-10-21 | Verification method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107979467B (en) |
Families Citing this family (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110798436B (en) * | 2018-08-03 | 2021-10-12 | 广州小鹏汽车科技有限公司 | Verification code verification method and device |
| CN110808943B (en) * | 2018-08-06 | 2022-04-29 | 中兴通讯股份有限公司 | Client connection emergency management method, client and computer readable storage medium |
| CN109214425B (en) * | 2018-08-07 | 2022-04-12 | 歌尔股份有限公司 | Picture verification method, picture processing method, equipment and system |
| CN109190332A (en) * | 2018-08-15 | 2019-01-11 | 杭州安恒信息技术股份有限公司 | A kind of License Authentication method, system and the relevant device of product |
| CN112214751A (en) * | 2019-07-11 | 2021-01-12 | 上海游昆信息技术有限公司 | Verification code generation method and device |
| US11798342B2 (en) * | 2019-11-25 | 2023-10-24 | International Business Machines Corporation | Managing physical objects using crypto-anchors |
| US11397760B2 (en) | 2019-11-25 | 2022-07-26 | International Business Machines Corporation | Managing relationships between persons and physical objects based on physical fingerprints of the physical objects |
| CN113259319B (en) * | 2021-04-12 | 2023-05-12 | 杭州顶象科技有限公司 | Verification processing method and system |
| CN115296828A (en) * | 2022-03-28 | 2022-11-04 | 广东白云学院 | Verification method, verification device, computer equipment and storage medium |
| TWI876643B (en) * | 2023-07-10 | 2025-03-11 | 岱鐠科技股份有限公司 | Method of operating secure programming system, computer readable recording medium and secure programming system using the same |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102231746A (en) * | 2011-07-11 | 2011-11-02 | 华为技术有限公司 | Method for validating identification information and terminal thereof |
| CN102263792A (en) * | 2011-08-05 | 2011-11-30 | 常钧 | Wireless security key equipment, electronic commerce service system and method |
| CN105933315A (en) * | 2016-04-21 | 2016-09-07 | 浪潮集团有限公司 | Network service security communication method, device and system |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102238193A (en) * | 2011-08-09 | 2011-11-09 | 深圳市德卡科技有限公司 | Data authentication method and system using same |
| US9392456B2 (en) * | 2013-09-24 | 2016-07-12 | Telesign Corporation | Call center SMS verification system and method |
| CN105095705B (en) * | 2015-05-19 | 2018-04-10 | 努比亚技术有限公司 | A kind of information processing method and device |
-
2016
- 2016-10-21 CN CN201610922162.XA patent/CN107979467B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102231746A (en) * | 2011-07-11 | 2011-11-02 | 华为技术有限公司 | Method for validating identification information and terminal thereof |
| CN102263792A (en) * | 2011-08-05 | 2011-11-30 | 常钧 | Wireless security key equipment, electronic commerce service system and method |
| CN105933315A (en) * | 2016-04-21 | 2016-09-07 | 浪潮集团有限公司 | Network service security communication method, device and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107979467A (en) | 2018-05-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107979467B (en) | Verification method and device | |
| KR101759193B1 (en) | Network authentication method for secure electronic transactions | |
| US9838205B2 (en) | Network authentication method for secure electronic transactions | |
| US10742626B2 (en) | Method for key rotation | |
| CN107483415B (en) | A two-way authentication method for sharing electricity interactive system | |
| CN105162764A (en) | Dual authentication method, system and device for SSH safe login | |
| CN111030814A (en) | Key negotiation method and device | |
| CN113852628B (en) | Decentralizing single sign-on method, device and storage medium | |
| CN107645381B (en) | Security verification implementation method and device | |
| CN109040079A (en) | The establishment of live streaming chained address and verification method and related device | |
| JP6387908B2 (en) | Authentication system | |
| TWI526871B (en) | Server, user device, and user device and server interaction method | |
| CN106712959B (en) | method and system for realizing communication security | |
| CN102609656A (en) | USB (universal serial bus) key safety enhancing method and USB key safety enhancing system based on image identification | |
| JP2014048983A (en) | Network connection method and electronic equipment | |
| CN114338201B (en) | Data processing method and device, electronic equipment and storage medium | |
| CN108900595B (en) | Method, apparatus, device and computing medium for accessing cloud storage server data | |
| US8355508B2 (en) | Information processing apparatus, information processing method, and computer readable recording medium | |
| US20150170150A1 (en) | Data verification | |
| CN114745115A (en) | An information transmission method, device, computer equipment and storage medium | |
| HK1199774A1 (en) | Server-based login system, login server and authentication method for the same | |
| CN115580411A (en) | Method, server and client for security verification of token leakage | |
| KR101737925B1 (en) | Method and system for authenticating user based on challenge-response | |
| HK40079473A (en) | Data processing method, apparatus, electronic device and computer-readable storage medium | |
| CN106992976B (en) | Network security management method and server |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |