TW201826161A - Method to apply Token to hiding the network service to convert the user ID and the service code into a Token for hiding and protecting the user identity and the user's behavior conducted beforehand - Google Patents

Abstract

The present invention is a method to apply Token to hiding the network service, which converts the user ID and the service code into a Token for hiding and protecting the user identity and the user's behavior conducted beforehand, thereby increasing the security of data transmission. (Claim 1) A client end uses an electronic device to login a server; the server generates a Token according to the corresponding privilege obtained by the client end, the Token comprises the client end identification code at the client end and a service code corresponding to a service item; the server transmits the service item of the privilege corresponding to the client end and the Token to the electronic device; the electronic device selects the service item; the electronic device transmits the Token corresponding to the service item to the server; and the server proceeds the corresponding processing according to the service code of the Token and the client identification code.

Description

Applying tokens to hidden web services

The present invention relates to a method for applying tokens to hidden network services, and particularly to a method for converting a user identification code and a desired behavior into a token to improve the security of data transmission.

In recent years, with the popularity of the Internet, more and more businesses provide various services through the Internet. However, with the rise of the Internet, some criminals have moved their criminal acts to the Internet, deliberating on network vulnerabilities, and opportunistic. Profit from it, so network security is getting more and more attention.

In the past, some people proposed the method of encrypting data to achieve protection. The encryption methods include symmetric encryption and asymmetric encryption. However, if the encryption method and key are cracked, the data content will still be known and used for damage. Therefore, some people have proposed adding a random code mechanism to confuse offenders to make it difficult to discern the content of the data. Others have proposed to add a check code mechanism to ensure that the content of the data has not been modified.

Although the above methods can improve network security, the operation method of network services is basically fixed, that is, to tell users what services are available, append some parameters through the URL, and send data back to the server, or The selected method writes the subsequent execution actions in the selected item, and whether it is the content of the service or the data entered by the user, the delivery will be passed in a clear code. If you do not want to be viewed at will during the transmission process, you need to encrypt the data. If everyone uses the same key for encryption, the security will be very low. To use different keys for different users, Regardless of the encryption method, you need to know the identity of the user before you can encrypt the corresponding key. Therefore, you must know the identity of the user before you can obtain the corresponding key. In the case of the identity of the person, encryption and decryption cannot be performed smoothly.

Even if the data is encrypted, the service selected by the user is presented in clear code, which gives the criminal a chance to focus on some servers that provide specific Internet services (such as the website of a bank) , Shopping platforms, etc.), because the known service content, you can know the information necessary for the execution of its service content, so even if the data is encrypted, you can continue to try various attack methods to crack its content, thereby stealing, tampering or Criminal acts such as counterfeiting, so in addition to protecting data, we should also protect the current network services to prevent people from attacking specific network services. Therefore, it is very important to propose a method to protect data and network service content. necessary.

The main object of the present invention is to provide a method for hiding a network service by applying tokens, which can hide a currently running network service.

A secondary object of the present invention is to provide a method for applying tokens to hidden network services, which uses a code obfuscation algorithm to convert a client identification code and a service code into tokens that cannot be directly understood. Get the current internet service in the token.

Yet another object of the present invention is to provide a method for applying tokens to hidden network services. The token includes a client identification code, so unless the token is lost, the client only needs to log in once and no longer need to log in. Provide account number and password to reduce the chance that the account number and password will be known by a third party.

In order to achieve the above-mentioned object, an embodiment of the present invention discloses a method for applying a token to a hidden network service. The steps include: a client uses an electronic device to log in to a server, and the server according to the client Obtaining the corresponding authority generates a token, the token contains a client identifier of the client and a service code corresponding to a service item, and the server assigns the service item of the authority corresponding to the client and the token Transmitting to the electronic device, the electronic device selecting the service item, the electronic device transmitting the token corresponding to the service item to the server, and the server performing the service code and the client identification code according to the token Handle accordingly.

In an embodiment of the present invention, when a client uses an electronic device to log in to a server, the method includes the following steps: the server sends an initial token to the electronic device, and the initial token includes a message corresponding to the One of the service items logs in the service code of the service, the client enters an account number and a password on the electronic device and transmits the account number, the password, and the initial token to the server, and the server transmits the account number and the The password performs identity verification with a customer database. After the verification is passed, the server generates the token based on the account to obtain corresponding permissions.

In one embodiment of the present invention, the token generation method uses a code obfuscation algorithm to perform character conversion or position exchange.

In an embodiment of the present invention, after the electronic device transmits the token corresponding to the service item to the server, the method includes the following steps: the token uses the code to obfuscate the algorithm to perform inverse program processing from the token; The client identification code and the service code are obtained in the token.

In an embodiment of the present invention, in the step of the server transmitting at least one service item corresponding to the authority of the client and the token to the electronic device, the token is recorded on a website or a web page.

In one embodiment of the present invention, before the electronic device transmits the token corresponding to the service item to the server, it further includes the client inputting information on one of the electronic device corresponding service items.

In one embodiment of the present invention, the token further includes a random code and a check code.

In one embodiment of the present invention, the random code is generated using a random algorithm.

In one embodiment of the present invention, the check code is generated by performing a one-bit operation using the random code, the client identification code, and the service code.

In an embodiment of the present invention, after the electronic device transmits the token corresponding to the service item to the server, it further includes the following steps: the server identifies the token to the client Code, the service code, and the random code to perform the bit operation to generate a verification check code, and then compare whether the check code of the mark is consistent with the verification check code.

In order to make the reviewing committee members have a better understanding and understanding of the features of the present invention and the effects achieved, we would like to provide a better embodiment and a detailed description with the following description:

This implementation case provides a method of applying tokens to hidden network services. The previous technology often transmitted the currently performed network services over the network in a clear manner, so interested people can try to obtain their content for specific network services. Therefore, the present invention proposes to obfuscate the client identification code and the code of the service item to generate a token to prevent people from stealing information. The client ID and service code are hidden and transmitted by tokens, and tokens can be saved on the client. Therefore, unless the tokens are lost, after performing a login verification, there is no need to perform a login action afterwards, which can reduce the account number. And the chance of a password being stolen.

The following describes the flow of the method of using the first embodiment of the present invention to hide the network service. Please refer to the first figure, which is the application of the first embodiment of the present invention to hide the network service. Method flow chart. As shown in the figure, the steps of the method for hiding the network service in the application of this embodiment include:

Step S1: login and connect to a server;

Step S3: the server generates a token;

Step S5: transmitting service items and tokens;

Step S7: Select a service item;

Step S9: transmitting a token corresponding to the service item; and

Step S11: Perform corresponding processing according to the token.

Next, the system required for the method of hiding the network service in order to achieve the application of the invention is described. Please refer to the second figure, which is the system of the method for hiding the network service in the first embodiment of the present invention. schematic diagram. As shown in the figure, the system of the present invention applying the method for hiding network services includes: an electronic device 10, a server 30, and a customer database 301.

One of the above-mentioned electronic devices 10 is various devices that can be connected to a network, such as a desktop computer, a notebook computer, a smart phone, a personal digital assistant, or a feature phone.

One of the above-mentioned customer database 301 may be located in the server 30 or an external server. This is only a preferred embodiment, but the setting method is not limited to this.

The following describes the flow of the method for applying the first embodiment of the present invention to hide the network service. Please refer to the first figure and the second figure. When an electronic device 10 is connected to a server 30 through a network, steps S1 to S11 are performed.

In step S1, when an electronic device 10 is connected to a login page of a server 30, the login page includes an initial token transmitted to the electronic device 10. After the client enters the account and password on the login page, the account, password, and The initial token is transmitted to the server 30.

In one embodiment of the present invention, in step S1, the initial token includes a service code representing a login service.

In step S3, the server 30 obtains a service code from the initial token, and learns that the currently pre-executed service is a login service. The server 30 performs identity verification based on the account number, password, and customer database 301. After passing the identity verification , A corresponding number of tokens will be generated according to the exercisable services corresponding to the account's permissions.

In one embodiment of the present invention, in step S3, the token includes a client identification code and a service code of a corresponding service item, and is generated by a code obfuscation algorithm.

In step S5, the server 30 transmits the exercisable service items and tokens to the electronic device 10 according to the authority of the account.

In one embodiment of the present invention, in step S5, the token is recorded in a web address or a web page.

In step S7, a pre-made service item is selected in the electronic device 10.

In step S9, the electronic device 10 sends a token corresponding to the selected service item to the server 30.

In one embodiment of the present invention, in step S9, the server 30 processes the token as a reverse process of the code obfuscation algorithm, and obtains the client identification code and service code from the token.

In step S11, the server 30 performs corresponding processing according to the service code and the client identification code in the token.

Here, the method of hiding the network service in the application of the first embodiment of the present invention is completed. After the server receives the account and password sent by the client and performs identity verification, it can exercise according to the permissions corresponding to the account The service item generates a token containing the client identification code and the service code. According to the service item selected by the client, the corresponding token is returned to the server, so the server can learn the subsequent actions from the token. Because the client identification code and service code are hidden in the token, it is not easy for people with intentions to guess and crack their data content based on the service items, improving the security of data transmission on the network. It can be applied to the inquiry service after account login, but it is not limited to this application.

Next, the method of applying the second embodiment of the invention to hide the network service will be described. Please refer to the second and third diagrams. The difference between the process of this embodiment and the first embodiment lies in: In the process, the token generated in step S3 further includes a random code and a check code. The random code is generated by a random algorithm. The check code is a random code, a client identification code, and a service code. The operation is generated, and this embodiment includes a step S10.

In step S10, the integrity of the token is checked. After the server 30 receives the transmitted token and performs the inverse procedure of the code obfuscation algorithm, the server 30 obtains the client identification code, service code, and random code from the token. The bit operation generates a verification check code, and then checks whether the check code in the token is consistent with the verification check code to confirm the integrity.

With this embodiment, the random code added to the token is generated differently each time, so the uniqueness of the token can be guaranteed and the content of the token cannot be predicted. The addition of a check code can check whether the token has been tampered with during the transmission of the token. To ensure the integrity of the data, the security of data transmission is further improved.

Next, the method of applying the third embodiment of the invention to the hidden network service will be described. Please refer to the second and fourth figures. The difference between the process of this embodiment and the first embodiment lies in: In the process, steps S71 and S91 replace steps S7 and S9, respectively.

In step S71, selecting a service item and inputting information. After the electronic device 10 selects a pre-made service item, the client needs to fill in an input information according to the selected service item. The input information is for the server 30 to execute Information required for the service.

In step S91, the token and input information corresponding to the service item are transmitted, and the electronic device 10 transmits the token corresponding to the selected service item and the input information selected by the client to the server 30.

With this embodiment, the client sends additional information to the server, which enables the server to perform different services according to the client's needs. It can be applied to applications such as money transfer and electronic payment, but is not limited to this application.

Next, the method of applying the fourth embodiment of the invention to hide the network service will be described. Please refer to the second and fifth figures. The difference between the process of this embodiment and the second embodiment lies in: In the flow, steps S71 and S91 replace steps S7 and S9, respectively. Step S71 is the same as the third embodiment of the flow of step S91, and will not be described again.

However, the above are only preferred embodiments of the present invention, and are not intended to limit the scope of implementation of the present invention. For example, all changes and modifications of the shapes, structures, features, and spirits in accordance with the scope of the patent application for the present invention are made. Shall be included in the scope of patent application of the present invention.

This invention is based on those who are novel, progressive, and available for industrial use. It should meet the patent application requirements stipulated by the Chinese Patent Law. No doubt, the invention patent application was submitted in accordance with the law. prayer.

10‧‧‧ electronic device

30‧‧‧Server

301‧‧‧Customer database

First diagram: It is a flow chart of a method of applying a token to a hidden network service according to a first embodiment of the present invention; Second diagram: It is an application token of a first embodiment of the present invention on a hidden network; Schematic diagram of the system of the road service method; Figure 3: It is a flowchart of the method for hiding the network service application according to a second embodiment of the present invention; Figure 4: It is a third implementation of the present invention The flow chart of the method for hiding the application of the example is shown in the flowchart; and the fifth drawing is a flow chart of the method for hiding the service of the application in the fourth embodiment of the present invention.

Claims (10)

A method for applying tokens to hidden network services, the steps include: a client using an electronic device to log in to a server; the server generates a token according to the client obtaining corresponding permissions, and the token contains the token A client identification code of a client and a service code corresponding to a service item; the server transmitting the service item and the token corresponding to the authority of the client to the electronic device; the electronic device selecting the service item; The electronic device transmits the token corresponding to the service item to the server; and the server performs corresponding processing according to the service code and the client identification code of the token. The method for applying the token in the hidden network service as described in item 1 of the scope of patent application, wherein when a client uses an electronic device to log in to a server, the method includes the following steps: The server sends an initial token to In the electronic device, the initial token includes the service code corresponding to a login service of the service item; the client enters an account and a password in the electronic device and transmits the account, the password, and the initial token to The server; the server performs identity verification of the account and the password with a customer database; and after the verification is passed, the server obtains the corresponding authority based on the account to generate the token. The method of applying a token in a hidden network service as described in item 1 of the scope of patent application, wherein the token generation method is a code obfuscation algorithm for character conversion or location exchange. The method for applying a token in a hidden network service as described in item 3 of the scope of patent application, wherein after the electronic device transmits the token corresponding to the service item to the server, the method includes the following steps: The code obfuscation algorithm performs reverse program processing; and obtains the client identification code and the service code from the token. The method of applying the token in the hidden network service as described in the first patent application scope, wherein the server transmits at least one service item corresponding to the authority of the client and the token to the electronic device. , The token is recorded on a website or a web page. As described in the method of applying patent application for item 1 in the method of hiding network services, before the electronic device transmits the token corresponding to the service item to the server, it further includes the client in The electronic device inputs information corresponding to one of the services. The method of applying a token in the method of hiding network services as described in item 1 of the scope of patent application, wherein the token further includes a random code and a check code. The application method described in item 7 of the scope of patent application is used to hide the network service method, wherein the random code is generated by a random algorithm. The application sign described in item 7 of the scope of patent application is hidden in the method of hiding network services, wherein the check code is generated by performing a one-bit operation using the random code, the client identification code, and the service code. The method for applying the token in the hidden network service as described in item 9 of the scope of the patent application, wherein after the electronic device transmits the token corresponding to the service item to the server, it further includes the following steps: The server performs the bit operation on the client identification code, the service code, and the random code of the token to generate a verification check code; and compares whether the check code of the token is consistent with the verification check code.