CN107733923A - A kind of authentication method and system based on message fingerprint - Google Patents
A kind of authentication method and system based on message fingerprint Download PDFInfo
- Publication number
- CN107733923A CN107733923A CN201711178608.3A CN201711178608A CN107733923A CN 107733923 A CN107733923 A CN 107733923A CN 201711178608 A CN201711178608 A CN 201711178608A CN 107733923 A CN107733923 A CN 107733923A
- Authority
- CN
- China
- Prior art keywords
- fingerprint
- authentication
- finger print
- message
- print information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 91
- 238000004891 communication Methods 0.000 claims abstract description 41
- 238000012795 verification Methods 0.000 claims abstract description 8
- 238000000205 computational method Methods 0.000 claims description 41
- 230000000052 comparative effect Effects 0.000 claims description 36
- 238000000605 extraction Methods 0.000 claims description 23
- 238000004364 calculation method Methods 0.000 claims description 18
- 230000004048 modification Effects 0.000 claims description 12
- 238000012986 modification Methods 0.000 claims description 12
- 230000011218 segmentation Effects 0.000 claims description 6
- 230000008859 change Effects 0.000 claims description 5
- 230000005540 biological transmission Effects 0.000 claims description 4
- 238000005520 cutting process Methods 0.000 claims description 3
- 239000000284 extract Substances 0.000 claims 1
- 230000008569 process Effects 0.000 abstract description 7
- 238000005516 engineering process Methods 0.000 abstract description 3
- 238000012546 transfer Methods 0.000 abstract description 2
- 238000013475 authorization Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 4
- 230000007246 mechanism Effects 0.000 description 3
- 238000006243 chemical reaction Methods 0.000 description 1
- 230000004069 differentiation Effects 0.000 description 1
- 235000013399 edible fruits Nutrition 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
Landscapes
- Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Collating Specific Patterns (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a kind of authentication method and system based on message fingerprint, belong to internet authentication correlative technology field;The authentication method includes:Set in advance in user terminal and apply safety check module, gateway module is set at business end, is provided with controller for authentication in a communication network, for establishing and using the communication connection between safety check module and service gateway module;Then in verification process, real time fingerprint calculating is carried out to accessing data flow by application safety check module and service gateway module respectively, and by the transfer of controller for authentication, two finger print informations being calculated are compared in user terminal, if then certification is matched by the way that no person's certification does not pass through.Therefore, the finger print information that the secure connection and application safety check module and service gateway module that herein described authentication method and system based on message fingerprint are built by controller for authentication are calculated can provide safely and effectively communication authentication, improve the reliability and accuracy of communication authentication.
Description
Technical field
The present invention relates to communication authentication correlative technology field, particularly relates to a kind of authentication method based on message fingerprint and is
System.
Background technology
With the popularization of internet, people increasingly be unable to do without internet, while with frequent, the interconnection of internetwork operation
Net safety also increasingly attracts people's attention, and is majority's concern safely particularly with regard to the relevant information in personal communication
One of emphasis.In general, the identity of communication terminal is typically to be identified by MAC Address or IP address on internet, but
Due to being usually provided with the presence of router and NAT device in communication link, this will cause the terminal that is carried in message original
Real MAC address and IP address can be by these apparatus modifications, and then communicating pair is not confirmed uniquely mutually, so that can not phase
Mutually differentiate the true identity of other side;This also just provides chance to network attack person.
Therefore, during the application is realized, inventor has found that prior art at least has problems with:Current is logical
Router present in letter link and NAT device will cause communicating pair to be difficult to accurately and effectively realize unique authentication, and then
Bring potential safety hazard.
The content of the invention
In view of this, it is an object of the invention to propose a kind of authentication method and system based on message fingerprint, Neng Gouti
For safely and effectively communication authentication, the reliability and accuracy of communication authentication are improved.
Based on a kind of above-mentioned purpose authentication method based on message fingerprint provided by the invention, applied to controller for authentication;
Set in advance in user terminal and apply safety check module, gateway module is set at business end, and be provided with a communication network
Controller for authentication, for establishing and using the communication connection between safety check module and service gateway module;
The authentication method based on message fingerprint includes:
With establishing secure connection respectively using the gateway module in safety check module and business end in user terminal;
Receive gateway module and the first fingerprint letter that preset fingerprint computational methods obtain is carried out to Operational Visit data flow
Breath;
First finger print information is sent to using safety check module;
Receive the second fingerprint applied and obtained in safety check module to the first finger print information and local preset fingerprint computational methods
The comparative result of information;
Obtained comparative result is fed back into gateway module, for causing gateway module to sentence according to comparative result
Whether disconnected finger print identifying passes through.
Present invention also provides a kind of authentication method based on message fingerprint, applied to user terminal;Set in advance in user terminal
Put and apply safety check module, gateway module is set at business end, and be provided with controller for authentication in a communication network, be used for
The communication connection established between application safety check module and service gateway module;
The authentication method based on message fingerprint includes:
Secure connection is established with controller for authentication by application safety check module;
The access instruction of user is received, Operational Visit is carried out to the controlled business data flow in business end;
Real time fingerprint calculating is carried out according to preset fingerprint computational methods to Operational Visit data flow by application safety check module,
Obtain the second finger print information;
Receive the first finger print information that the controller for authentication is sent and by the first finger print information and the second finger print information
It is compared;Wherein, second finger print information is that gateway module is calculated according to preset fingerprint Operational Visit data flow
The result of calculation that method obtains;
Comparative result is fed back into controller for authentication;If comparative result is matching, it is anti-that gateway module will be received
The certification of feedback can carry out regular traffic access by information.
Present invention also provides a kind of authentication method based on message fingerprint, applied to business end;Set in advance in user terminal
Put and apply safety check module, gateway module is set at business end, and be provided with controller for authentication in a communication network, be used for
The communication connection established between application safety check module and service gateway module;
The authentication method based on message fingerprint includes:
Secure connection is established by gateway module and controller for authentication;
Receive Operational Visit of the user terminal to controlled business data flow;
Real time fingerprint calculating is carried out according to preset fingerprint computational methods to Operational Visit data flow by gateway module,
Obtain the first finger print information;
First finger print information is sent to controller for authentication;
Receive the first finger print information of the controller for authentication feedback and the comparative result of the second finger print information;
Judge whether to need by finger print identifying according to comparative result, by certification if comparative result is matching, otherwise,
Do not pass through certification.
Optionally, the preset fingerprint computational methods carry out real time fingerprint calculating using continuous message extraction epitome method;
Calculation formula corresponding to the preset fingerprint computational methods is:
Fingerprint=Digest (Pkt1)+Digest (Pkt2)+...+Digest (PktN);
Wherein, Digest is digest algorithm;Pkt1, Pkt2 ... PktN represent that the 1st that application end is sent arrives n-th report
Text;Fingerprint represents the finger print information being calculated.
Optionally, the digest algorithm includes HASH, MD5, SHA-1.
Optionally, the preset fingerprint computational methods carry out real time fingerprint calculating using message superposition extraction epitome method;
Calculation formula corresponding to the preset fingerprint computational methods is:
F1=Digest (Pkt1);
F2=Digest (Pkt2+F1);
…
Fn=Digest (PktN+Fn-1);
Fingerprint=F1+F2+ ...+Fn;
Wherein, Digest is digest algorithm;Pkt1, Pkt2 ... PktN represent that the 1st that application end is sent arrives n-th report
Text;Fn is the finger print information of current n-th of message;Fingerprint represents the finger print information being calculated.
Optionally, the preset fingerprint computational methods carry out real time fingerprint calculating using service agent extraction epitome method;
For same access content, it is divided into different segmentations for different terminal cuttings, it is as follows:
For terminal A:C=PktA1+PktA2+ ...+PktAN;
For terminal B:C=PktB1+PktB2+ ...+PktBN;
Wherein, PktA1 ... PktAN represents to be segmented according to the difference that terminal A is split to obtain;PktB1 ... PktBN represent basis
Terminal B splits obtained different segmentations;C represents to access content;
Then digest calculations are carried out respectively for each terminal, it is as follows:
Fingerprint (A)=Digest (PktA1)+Digest (PktA2)+...+Digest (PktAN)
Wherein, Digest is digest algorithm;Pkt A1 ... PktAN represent to be segmented for the difference that terminal A is split to obtain;
Fingerprint (A) represents the finger print information being calculated for terminal A.
Optionally, the preset fingerprint computational methods carry out real time fingerprint calculating using modification message behavior method;
The modification message behavior method includes:Segment message is selectively abandoned by default rule, and then utilized surplus
Finger print information is calculated based on quantity and the functional relation of time in remaining message;
Or
Change the order of message by default rule, and then order is based on using the message after adjustment and message sequence
Finger print information is calculated with the functional relation of time.
Optionally, the preset fingerprint computational methods are using continuous message extraction epitome method or message superposition extraction summary
When method carries out real time fingerprint calculating, according to default rule, select discrete message and calculated;
Or
Using one kind in continuous message extraction epitome method, message superposition extraction epitome method, service agent extraction epitome method
It is combined with modification message behavior method and finger print information is calculated.
Present invention also provides a kind of Verification System based on message fingerprint, including application safety check module, gateway mould
Block and controller for authentication;The controller for authentication establishes secure connection with application safety check module and service gateway module respectively;
It is described application safety check module, in user side to entering to Operational Visit data flow according to preset fingerprint computational methods
The second finger print information is calculated in row real time fingerprint;And it is additionally operable to receive the first fingerprint letter that the controller for authentication is sent
Breath, while the first finger print information is judged whether to match compared with the second finger print information and comparative result is fed back into certification
Controller;
The gateway module, for being carried out in business side to Operational Visit data flow according to preset fingerprint computational methods
The first finger print information is calculated in real time fingerprint;The first finger print information being calculated is sent to controller for authentication and received
The comparative result of the controller for authentication feedback, then judges whether that certification passes through according to comparative result;
The controller for authentication, for receiving the first finger print information of gateway module transmission and being sent to the application
Safety check module, receive the comparative result sent using safety check module and be sent to gateway module.
From the above it can be seen that authentication method and system provided by the invention based on message fingerprint, by with
Family end sets and sets gateway module using safety check module, at business end, is provided with a communication network while pacifies with application
Examine module and service gateway module controller for authentication;On the one hand communication to carry out private service accurately mandate to recognize
Card, while the fingerprint of related service is calculated respectively by user side and business side and is compared two result of calculations,
And then the automatic authorization mechanism of finger print identifying can be realized, namely enable to user both to be obtained in the state of unaware
Accurate Certificate Authority, and then realize more safe and reliable communications access.Therefore, herein described recognizing based on message fingerprint
Card method and system can provide safely and effectively communication authentication, improve the reliability and accuracy of communication authentication.
Brief description of the drawings
Fig. 1 is one embodiment that the authentication method provided by the invention based on message fingerprint is applied to controller for authentication
Flow chart;
Fig. 2 is the flow of one embodiment that the authentication method provided by the invention based on message fingerprint is applied to user terminal
Figure;
Fig. 3 is the flow of one embodiment that the authentication method provided by the invention based on message fingerprint is applied to business end
Figure;
Fig. 4 is the operation principle schematic diagram of the authentication method provided by the invention based on message fingerprint;
Fig. 5 is the flow chart provided by the invention based on another embodiment of the authentication method of message fingerprint;
Fig. 6 is the structure chart of one embodiment of the Verification System provided by the invention based on message fingerprint.
Embodiment
For the object, technical solutions and advantages of the present invention are more clearly understood, below in conjunction with specific embodiment, and reference
Accompanying drawing, the present invention is described in more detail.
It should be noted that all statements for using " first " and " second " are for differentiation two in the embodiment of the present invention
The non-equal entity of individual same names or non-equal parameter, it is seen that " first " " second " should not only for the convenience of statement
The restriction to the embodiment of the present invention is interpreted as, subsequent embodiment no longer illustrates one by one to this.
The application be directed to currently exist during internet communication certification certification inaccuracy reliability it is not high and
Cause the problem of potential safety hazard be present, propose a kind of communication terminal identity identifying method based on interconnection network packet fingerprint so that
User terminal and the business end for needing to access can realize accurate unique certification, and then improve the safety and reliability of certification.
Shown in reference picture 1, for one of the authentication method provided by the invention based on message fingerprint applied to controller for authentication
The flow chart of individual embodiment.It is a transfer process for controller for authentication, so only needing to ensure information transmission
Accuracy.Therefore safety check module is applied, it is necessary to be set in advance in user terminal, gateway module is set at business end, and
And controller for authentication is provided with a communication network, for establishing and using the communication between safety check module and service gateway module
Connection;
Specifically, the authentication method based on message fingerprint includes:
Step 101, with establishing safety respectively using the gateway module in safety check module and business end in user terminal
Connection;Wherein, it is described establish the process of secure connection using safety check module and service gateway module and controller for authentication both can be with
It is to carry out simultaneously, it is also possible that independently carrying out.In addition, can also be by certain during secure connection is established
Key ensures the reliability and uniqueness of connection.It is of course also possible to the controller for authentication is arranged on user side or business
In side.
Step 102, receive gateway module and preset fingerprint computational methods obtain the is carried out to Operational Visit data flow
One finger print information;Clicked on based on user after accessing a certain content, it will certain access data are triggered, so, using safety check mould
Block and service gateway module can carry out respective fingerprint calculating to Operational Visit data flow respectively;By in user side and industry
Fingerprint computational methods in business side could be arranged to calculation formula identical or with certain conversion relation.
Step 103, first finger print information is sent to using safety check module;
Step 104, receive and apply the first finger print information and local preset fingerprint computational methods are obtained in safety check module
The comparative result of second finger print information;In twin check, when the coincidence degree of finger print information exceedes some threshold value of setting
Matching is then regarded as, for example threshold value is set as 70%.
Step 105, obtained comparative result is fed back into gateway module, for cause gateway module according to than
Relatively result judges whether finger print identifying passes through.As a rule, if the comparative result of two finger print informations is matching, then it represents that
Certification success, otherwise certification is unsuccessful.
Shown in reference picture 2, a reality of user terminal is applied to for the authentication method provided by the invention based on message fingerprint
Apply the flow chart of example.Here need also exist for meeting:Set in advance in user terminal and apply safety check module, service network is set at business end
Module is closed, and is provided with controller for authentication in a communication network, for establishing with applying safety check module and service gateway module
Between communication connection;
The authentication method based on message fingerprint includes:
Step 201, secure connection is established with controller for authentication by application safety check module;
Step 202, the access instruction of user is received, Operational Visit is carried out to the controlled business data flow in business end;
Step 203, Operational Visit data flow is carried out according to preset fingerprint computational methods by application safety check module real-time
Fingerprint calculates, and obtains the second finger print information;
Step 204, the first finger print information that the controller for authentication is sent is received and by the first finger print information and second
Finger print information is compared;Wherein, second finger print information be gateway module to Operational Visit data flow according to default
The result of calculation that fingerprint computational methods obtain;
Step 205, comparative result is fed back into controller for authentication;If comparative result is matching, service network will be received
The certification of module feedback is closed by information, and then regular traffic access can be carried out.
Shown in reference picture 3, a reality at business end is applied to for the authentication method provided by the invention based on message fingerprint
Apply the flow chart of example.Need also exist for meeting to set in user terminal in advance applying safety check module, gateway mould is set at business end
Block, and controller for authentication is provided with a communication network, for establishing and using between safety check module and service gateway module
Communication connection;
The authentication method based on message fingerprint includes:
Step 301, secure connection is established by gateway module and controller for authentication;
Step 302, Operational Visit of the user terminal to controlled business data flow is received;
Step 303, Operational Visit data flow is carried out according to preset fingerprint computational methods by gateway module real-time
Fingerprint calculates, and obtains the first finger print information;
Step 304, first finger print information is sent to controller for authentication;
Step 305, the first finger print information of the controller for authentication feedback and the comparative result of the second finger print information are received;
Step 306, judge whether to need by finger print identifying according to comparative result, by recognizing if comparative result is matching
Card, otherwise, does not pass through certification.
From above-described embodiment, the herein described authentication method based on message fingerprint is applied by being set in user terminal
Safety check module, set at business end gateway module, be provided with a communication network simultaneously with application safety check module and service
Gateway module controller for authentication;On the one hand communication is enabled to the accurate authorization identifying of private service progress, while by using
Family side and business side calculate the fingerprint of related service and are compared two result of calculations respectively, and then can realize and refer to
The automatic authorization mechanism of line certification, namely enable to user both to have obtained accurate certification in the state of unaware and award
Power, and then realize more safe and reliable communications access.Therefore, the herein described authentication method based on message fingerprint can carry
For safely and effectively communication authentication, the reliability and accuracy of communication authentication are improved.
It is the operation principle schematic diagram of the authentication method provided by the invention based on message fingerprint shown in reference picture 4;Fig. 5
For the flow chart provided by the invention based on another embodiment of the authentication method of message fingerprint, namely corresponding flow in Fig. 4
Figure.As seen from the figure, the herein described authentication method based on message fingerprint includes:
Step 401, the application safety check module difference positioned at the gateway module at business end and in user terminal
Secure connection is established with controller for authentication;
Step 402, user opens application, accesses corresponding controlled business in gateway module, and then cause user terminal
Operational Visit data flow is acquired with business end;
Step 403, real time fingerprint calculating is carried out to the controlled business data flow accessed using safety check module;
Step 404, gateway module carries out real time fingerprint calculating to the data flow of Operational Visit, and reports certification control
Device processed;
Step 405, fingerprint result of calculation is handed down to using safety check module by controller for authentication;
Step 406, using safety check module to the finger print information received compared with the finger print information of local computing, such as
Fruit matches, then will the match is successful feedback of the information to controller for authentication;
Step 407, controller for authentication issues that the match is successful result gives gateway module;
Step 408, gateway mark utility cession is by certification, and gateway stops fingerprint and calculated.
In such manner, it is possible to so that suggest a set of safety by gateway module, using safety check module and controller for authentication
Reliable authentication procedure, while the automatic realization in backstage is completely in based on verification process, it can be brought to user more comfortable
Experience.
In the application some optional embodiments, the preset fingerprint computational methods are using continuous message extraction epitome method
Carry out real time fingerprint calculating;Wherein, summary refers to all or part of message content;
Calculation formula corresponding to the preset fingerprint computational methods is:
Fingerprint=Digest (Pkt1)+Digest (Pkt2)+...+Digest (PktN);
Wherein, Digest is digest algorithm;Pkt1, Pkt2 ... PktN represent that the 1st that application end is sent arrives n-th report
Text;Fingerprint represents the finger print information being calculated.Preferably, the Digest digest algorithms include hash algorithm
(HASH), Message Digest Algorithm 5 (Message Digest Algorithm MD5), Secure Hash Algorithm (Secure
Hash Algorithm)。
So, by the continuous N number of message most begun to send out to application, digest calculations conduct will be carried out by message content one by one
Fingerprint, the finger print information of continuous effective can be obtained, and then make it that finger print identifying is more safe and reliable.
In the application some optional embodiments, the preset fingerprint computational methods are using message superposition extraction epitome method
Carry out real time fingerprint calculating;
Continuous N number of message that the message superposition extraction epitome method is most begun to send out to application, using previous message
Summary and current message content carry out digest calculations as fingerprint.Corresponding calculation formula is:
F1=Digest (Pkt1);
F2=Digest (Pkt2+F1);
…
Fn=Digest (PktN+Fn-1);
Fingerprint=F1+F2+ ...+Fn;
Wherein, Digest is digest algorithm;Pkt1, Pkt2 ... PktN represent that the 1st that application end is sent arrives n-th report
Text;Fn is the finger print information of current n-th of message;Fingerprint represents the finger print information being calculated.This method is suitable for
It is reliably connected business, such as TCP traffic.
In the application some optional embodiments, the preset fingerprint computational methods are using service agent extraction epitome method
Carry out real time fingerprint calculating;
When business is a kind of business of similar multicast, both the above method can not distinguish the normal still malice that accesses and visit
Ask, thus the application proposes that another kind by the way of service agent, is acted on behalf of to business on gateway, opened in business
In stage beginning, responded by different frame lengths to the different terminals for accessing same business.Now it is directed to the fingerprint of each terminal
It is ensured that it is unique.Detailed process is as follows:
For same access content, it is divided into different segmentations for different terminal cuttings, it is as follows:
For terminal A:C=PktA1+PktA2+ ...+PktAN;
For terminal B:C=PktB1+PktB2+ ...+PktBN;
Wherein, PktA1 ... PktAN represents to be segmented according to the difference that terminal A is split to obtain;PktB1 ... PktBN represent basis
Terminal B splits obtained different segmentations;C represents to access content;
Then digest calculations are carried out respectively for each terminal, it is as follows:
Fingerprint (A)=Digest (PktA1)+Digest (PktA2)+...+Digest (PktAN)
Wherein, Digest is digest algorithm;Pkt A1 ... PktAN represent to be segmented for the difference that terminal A is split to obtain;
Fingerprint (A) represents the finger print information being calculated for terminal A.
In the application some optional embodiments, the preset fingerprint computational methods are carried out using modification message behavior method
Real time fingerprint calculates;Wherein, message behavior refers to message sequence, message amount;
The modification message behavior method includes:Segment message is selectively abandoned by default rule, and then utilized surplus
Finger print information is calculated based on quantity and the functional relation of time in remaining message;
Or change the order of message by default rule, and then utilize the message and message sequence base after adjustment
Finger print information is calculated in order and the functional relation of time.
So, the message information that attacker can not be required for access authentication can be caused, further improve finger print identifying
Safety and reliability.
In the application some optional embodiments, the preset fingerprint computational methods are using continuous message extraction epitome method
Or during message superposition extraction epitome method progress real time fingerprint calculating, according to default rule, select discrete message and carry out
Calculate;
Or extracted using continuous message in epitome method, message superposition extraction epitome method, service agent extraction epitome method
Finger print information is calculated in a kind of be combined with modification message behavior method.
So, the accuracy and privacy of fingerprint calculating can be further improved by way of combination, and then is caused logical
The communications access process for crossing such certification is more safe and reliable.
It is the structure chart of one embodiment of the Verification System provided by the invention based on message fingerprint shown in reference picture 6.
The Verification System based on message fingerprint includes applying safety check module, gateway module and controller for authentication;It is described to recognize
Card controller establishes secure connection with application safety check module and service gateway module respectively;
It is described application safety check module, in user side to entering to Operational Visit data flow according to preset fingerprint computational methods
The second finger print information is calculated in row real time fingerprint;And it is additionally operable to receive the first fingerprint letter that the controller for authentication is sent
Breath, while the first finger print information is judged whether to match compared with the second finger print information and comparative result is fed back into certification
Controller;
The gateway module, for being carried out in business side to Operational Visit data flow according to preset fingerprint computational methods
The first finger print information is calculated in real time fingerprint;The first finger print information being calculated is sent to controller for authentication and received
The comparative result of the controller for authentication feedback, then judges whether that certification passes through according to comparative result;
The controller for authentication, for receiving the first finger print information of gateway module transmission and being sent to the application
Safety check module, receive the comparative result sent using safety check module and be sent to gateway module.
From any of the above embodiment, authentication method and system described herein based on message fingerprint comprise at least
Advantages below:(1) method proposed by the present invention realizes the accurate mandate to private service;(2) service message fingerprint pair is used
The mode of ratio, realize a kind of automatic authorization mechanism;(3) verification process is to terminal user's unaware, to the usage scenario of application
Do not influence.
Those of ordinary skills in the art should understand that:The discussion of any of the above embodiment is exemplary only, not
It is intended to imply that the scope of the present disclosure (including claim) is limited to these examples;Under the thinking of the present invention, above example
Or can also be combined between the technical characteristic in different embodiments, step can be realized with random order, and exist such as
Many other changes of upper described different aspect of the invention, for simplicity, they are not provided in details.
In addition, to simplify explanation and discussing, and in order to obscure the invention, can in the accompanying drawing provided
To show or can not show that the known power ground with integrated circuit (IC) chip and other parts is connected.Furthermore, it is possible to
Device is shown in block diagram form, to avoid obscuring the invention, and this have also contemplated that following facts, i.e., on this
The details of the embodiment of a little block diagram arrangements be depend highly on the platform that will implement the present invention (that is, these details should
It is completely in the range of the understanding of those skilled in the art).Elaborating detail (for example, circuit) with the description present invention's
In the case of exemplary embodiment, it will be apparent to those skilled in the art that can be in these no details
In the case of or implement the present invention in the case that these details change.Therefore, these descriptions are considered as illustrating
It is property rather than restricted.
Although having been incorporated with specific embodiment of the invention, invention has been described, according to retouching above
State, many replacements of these embodiments, modifications and variations will be apparent for those of ordinary skills.Example
Such as, other memory architectures (for example, dynamic ram (DRAM)) can use discussed embodiment.
Embodiments of the invention be intended to fall within the broad range of appended claims it is all it is such replace,
Modifications and variations.Therefore, within the spirit and principles of the invention, any omission, modification, equivalent substitution, the improvement made
Deng should be included in the scope of the protection.
Claims (10)
1. a kind of authentication method based on message fingerprint, it is characterised in that applied to controller for authentication;Set in advance in user terminal
Using safety check module, gateway module is set at business end, and is provided with controller for authentication in a communication network, for building
Communication connection between vertical and application safety check module and service gateway module;
The authentication method based on message fingerprint includes:
With establishing secure connection respectively using the gateway module in safety check module and business end in user terminal;
Receive gateway module and the first finger print information that preset fingerprint computational methods obtain is carried out to Operational Visit data flow;
First finger print information is sent to using safety check module;
Receive the second finger print information applied and obtained in safety check module to the first finger print information and local preset fingerprint computational methods
Comparative result;
Obtained comparative result is fed back into gateway module, for causing gateway module to judge to refer to according to comparative result
Whether line certification passes through.
2. a kind of authentication method based on message fingerprint, it is characterised in that applied to user terminal;Set and apply in user terminal in advance
Safety check module, gateway module is set at business end, and is provided with controller for authentication in a communication network, for establish with
Using the communication connection between safety check module and service gateway module;
The authentication method based on message fingerprint includes:
Secure connection is established with controller for authentication by application safety check module;
The access instruction of user is received, Operational Visit is carried out to the controlled business data flow in business end;
Real time fingerprint calculating is carried out according to preset fingerprint computational methods to Operational Visit data flow by application safety check module, obtained
Second finger print information;
Receive the first finger print information that the controller for authentication is sent and carry out the first finger print information and the second finger print information
Compare;Wherein, second finger print information be gateway module to Operational Visit data flow according to preset fingerprint computational methods
Obtained result of calculation;
Comparative result is fed back into controller for authentication;If comparative result is matching, gateway module feedback will be received
Certification can carry out regular traffic access by information.
3. a kind of authentication method based on message fingerprint, it is characterised in that applied to business end;Set and apply in user terminal in advance
Safety check module, gateway module is set at business end, and is provided with controller for authentication in a communication network, for establish with
Using the communication connection between safety check module and service gateway module;
The authentication method based on message fingerprint includes:
Secure connection is established by gateway module and controller for authentication;
Receive Operational Visit of the user terminal to controlled business data flow;
Real time fingerprint calculating is carried out according to preset fingerprint computational methods to Operational Visit data flow by gateway module, obtained
First finger print information;
First finger print information is sent to controller for authentication;
Receive the first finger print information of the controller for authentication feedback and the comparative result of the second finger print information;
Judge whether to need by finger print identifying according to comparative result, it is otherwise, obstructed by certification if comparative result is matching
Cross certification.
4. according to the method described in claim any one of 1-3, it is characterised in that the preset fingerprint computational methods are using continuous
Message extraction epitome method carries out real time fingerprint calculating;
Calculation formula corresponding to the preset fingerprint computational methods is:
Fingerprint=Digest (Pkt1)+Digest (Pkt2)+...+Digest (PktN);
Wherein, Digest is digest algorithm;Pkt1, Pkt2 ... PktN represent that the 1st that application end is sent arrives n-th message;
Fingerprint represents the finger print information being calculated.
5. according to the method for claim 4, it is characterised in that the digest algorithm includes HASH, MD5, SHA-1.
6. according to the method described in claim any one of 1-3, it is characterised in that the preset fingerprint computational methods use message
Superposition extraction epitome method carries out real time fingerprint calculating;
Calculation formula corresponding to the preset fingerprint computational methods is:
F1=Digest (Pkt1);
F2=Digest (Pkt2+F1);
…
Fn=Digest (PktN+Fn-1);
Fingerprint=F1+F2+ ...+Fn;
Wherein, Digest is digest algorithm;Pkt1, Pkt2 ... PktN represent that the 1st that application end is sent arrives n-th message;Fn
For the finger print information of current n-th of message;Fingerprint represents the finger print information being calculated.
7. according to the method described in claim any one of 1-3, it is characterised in that the preset fingerprint computational methods use business
Agency's extraction epitome method carries out real time fingerprint calculating;
For same access content, it is divided into different segmentations for different terminal cuttings, it is as follows:
For terminal A:C=PktA1+PktA2+ ...+PktAN;
For terminal B:C=PktB1+PktB2+ ...+PktBN;
Wherein, PktA1 ... PktAN represents to be segmented according to the difference that terminal A is split to obtain;PktB1 ... PktBN are represented according to terminal
B splits obtained different segmentations;C represents to access content;
Then digest calculations are carried out respectively for each terminal, it is as follows:
Fingerprint (A)=Digest (PktA1)+Digest (PktA2)+...+Digest (PktAN)
Wherein, Digest is digest algorithm;Pkt A1 ... PktAN represent to be segmented for the difference that terminal A is split to obtain;
Fingerprint (A) represents the finger print information being calculated for terminal A.
8. according to the method described in claim any one of 1-3, it is characterised in that the preset fingerprint computational methods are using modification
Message behavior method carries out real time fingerprint calculating;
The modification message behavior method includes:Segment message is selectively abandoned by default rule, and then utilizes remaining report
Finger print information is calculated based on quantity and the functional relation of time in text;
Or
By default rule change message order, and then using adjustment after message and message sequence be based on order and when
Between functional relation be calculated finger print information.
9. according to the method described in claim any one of 1-3, it is characterised in that the preset fingerprint computational methods are using continuous
When message extracts epitome method or message superposition extraction epitome method progress real time fingerprint calculating, according to default rule, select non-
Continuous message is calculated;
Or
Using one kind in continuous message extraction epitome method, message superposition extraction epitome method, service agent extraction epitome method with repairing
Change message behavior method and be combined and finger print information is calculated.
A kind of 10. Verification System based on message fingerprint, it is characterised in that including application safety check module, gateway module with
And controller for authentication;The controller for authentication establishes secure connection with application safety check module and service gateway module respectively;
The application safety check module, for real to being carried out to Operational Visit data flow according to preset fingerprint computational methods in user side
The second finger print information is calculated in Shi Zhiwen;And it is additionally operable to receive the first finger print information that the controller for authentication is sent, together
When the first finger print information is judged whether compared with the second finger print information to match and comparative result is fed back into certification control
Device;
The gateway module, it is real-time for being carried out in business side to Operational Visit data flow according to preset fingerprint computational methods
The first finger print information is calculated in fingerprint;The first finger print information being calculated is sent to described in controller for authentication and reception
The comparative result of controller for authentication feedback, then judges whether that certification passes through according to comparative result;
The controller for authentication, described safety check is applied for receiving the first finger print information of gateway module transmission and being sent to
Module, receive the comparative result sent using safety check module and be sent to gateway module.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711178608.3A CN107733923B (en) | 2017-11-23 | 2017-11-23 | Authentication method and system based on message fingerprint |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711178608.3A CN107733923B (en) | 2017-11-23 | 2017-11-23 | Authentication method and system based on message fingerprint |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107733923A true CN107733923A (en) | 2018-02-23 |
| CN107733923B CN107733923B (en) | 2020-01-24 |
Family
ID=61219030
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711178608.3A Active CN107733923B (en) | 2017-11-23 | 2017-11-23 | Authentication method and system based on message fingerprint |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107733923B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115643117A (en) * | 2022-12-23 | 2023-01-24 | 北京六方云信息技术有限公司 | Digital entity identity identification method, device, terminal equipment and storage medium |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101009516A (en) * | 2006-01-26 | 2007-08-01 | 华为技术有限公司 | A method and system for data synchronization |
| CN101605130A (en) * | 2009-07-20 | 2009-12-16 | 杭州华三通信技术有限公司 | Heartbeat handshake method and system |
| US20120303624A1 (en) * | 2011-05-25 | 2012-11-29 | Microsoft Corporation | Dynamic rule reordering for message classification |
| CN105635125A (en) * | 2015-12-25 | 2016-06-01 | 电子科技大学 | Physical layer combined authentication method based on RF fingerprint and channel information |
| CN106302397A (en) * | 2016-07-29 | 2017-01-04 | 北京北信源软件股份有限公司 | A kind of equipment identification system based on device-fingerprint |
| CN106878265A (en) * | 2016-12-21 | 2017-06-20 | 重庆华龙艾迪信息技术有限公司 | A kind of data processing method and device |
| CN107046468A (en) * | 2017-06-14 | 2017-08-15 | 电子科技大学 | A kind of physical layer certification thresholding determines method and system |
-
2017
- 2017-11-23 CN CN201711178608.3A patent/CN107733923B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101009516A (en) * | 2006-01-26 | 2007-08-01 | 华为技术有限公司 | A method and system for data synchronization |
| CN101605130A (en) * | 2009-07-20 | 2009-12-16 | 杭州华三通信技术有限公司 | Heartbeat handshake method and system |
| US20120303624A1 (en) * | 2011-05-25 | 2012-11-29 | Microsoft Corporation | Dynamic rule reordering for message classification |
| CN105635125A (en) * | 2015-12-25 | 2016-06-01 | 电子科技大学 | Physical layer combined authentication method based on RF fingerprint and channel information |
| CN106302397A (en) * | 2016-07-29 | 2017-01-04 | 北京北信源软件股份有限公司 | A kind of equipment identification system based on device-fingerprint |
| CN106878265A (en) * | 2016-12-21 | 2017-06-20 | 重庆华龙艾迪信息技术有限公司 | A kind of data processing method and device |
| CN107046468A (en) * | 2017-06-14 | 2017-08-15 | 电子科技大学 | A kind of physical layer certification thresholding determines method and system |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115643117A (en) * | 2022-12-23 | 2023-01-24 | 北京六方云信息技术有限公司 | Digital entity identity identification method, device, terminal equipment and storage medium |
| CN115643117B (en) * | 2022-12-23 | 2023-03-21 | 北京六方云信息技术有限公司 | Digital entity identity identification method, device, terminal equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107733923B (en) | 2020-01-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101557406B (en) | User terminal authentication method, device and system thereof | |
| CN103841560B (en) | Strengthen the method and apparatus of SIM card reliability | |
| CN108009825A (en) | A kind of identity management system and method based on block chain technology | |
| CN104378382A (en) | Multiple client wireless authentication system and authentication method thereof | |
| CN104618369A (en) | Method, device and system for unique authorization of Internet-of-Things equipment based on OAuth | |
| CN104917727A (en) | Account authentication method, system and apparatus | |
| CN103874069A (en) | MAC authentication device and method of wireless terminal | |
| CN104184583B (en) | Method and system for distributing IP address | |
| CN107040495A (en) | It is a kind of to be applied to industrial communication and the multi-stage combination identity identifying method of business | |
| CN108011873A (en) | A kind of illegal connection determination methods based on set covering | |
| CN107872445A (en) | Access authentication method, equipment and Verification System | |
| CN106612267A (en) | Verification method and verification device | |
| CN107707508A (en) | Applied business recognition methods and device | |
| CN103051594A (en) | Method, network side equipment and system of establishing end-to-end security of marked net | |
| CN107733923A (en) | A kind of authentication method and system based on message fingerprint | |
| CN105592121A (en) | RDP data acquisition apparatus and method | |
| CN107295510A (en) | The method, equipment and system of Home eNodeB access control are realized based on OCSP | |
| CN108834146A (en) | A kind of Bidirectional identity authentication method between terminal and authentication gateway | |
| CN101980477A (en) | Method and device for detecting number of shadow users, and network equipment | |
| CN102811203A (en) | User identity identification method, system and user terminal in Internet | |
| CN106878020A (en) | Network system, the authentication method of the network equipment and device | |
| CN106656504A (en) | Signature device and system and working method thereof | |
| CN114024750B (en) | Gateway access authentication method and device | |
| CN106878378B (en) | Scatter processing method in network communication management | |
| CN109587121A (en) | The management-control method and device of security strategy |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20231124 Address after: Room 307, 3rd Floor, Building 1-5, No.1 Beishatan A, Chaoyang District, Beijing, 100083 Patentee after: Beijing Heyun Shengxing Technology Co.,Ltd. Address before: Room 708, 6 / F, building 1, No.1, Beisha beach, Chaoyang District, Beijing 100083 Patentee before: BEIJING ABLOOMY TECHNOLOGIES, Inc. |
|
| TR01 | Transfer of patent right |