CN109194484A - A kind of cross-domain transmission method of token based on shared key - Google Patents
A kind of cross-domain transmission method of token based on shared key Download PDFInfo
- Publication number
- CN109194484A CN109194484A CN201810922170.3A CN201810922170A CN109194484A CN 109194484 A CN109194484 A CN 109194484A CN 201810922170 A CN201810922170 A CN 201810922170A CN 109194484 A CN109194484 A CN 109194484A
- Authority
- CN
- China
- Prior art keywords
- key
- algorithm
- security parameter
- visitor
- interviewee
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/085—Secret sharing or secret splitting, e.g. threshold schemes
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Lock And Its Accessories (AREA)
Abstract
The cross-domain transmission method of a kind of token based on shared key provided by the invention, when two security domains carry out cross-domain access, interviewee is before sending target spoke to visitor, the public key that the private key generated using preset algorithm according to preconfigured security parameter and at random and visitor are sent obtains the first shared key, and target spoke is encrypted using the first shared key, and encrypted target spoke is sent to visitor, the public key that the private key and interviewee that visitor recycles preset algorithm to generate according to preconfigured security parameter and at random are sent obtains the second shared key, and encrypted target spoke is decrypted using the second shared key.This method can effectively ensure the safety of the first shared key and the second shared key, and then can effectively ensure the safety of target spoke, be attacked using target spoke interviewee to can effectively avoid third party.
Description
Technical field
The present invention relates to cross-domain access technique fields, more particularly, to a kind of cross-domain biography of the token based on shared key
Transmission method.
Background technique
With the fast development of network technology, IT application in enterprises it is universal, a large amount of application system is answered in enterprise
With, the types of applications system in management enterprise for convenience, application system all carried out multilevel and multi-domain management by most enterprises,
This has just drawn a series of the problem of cross-domain access.
In cross-domain access, authentication is foundation stone, is safe basis.After user passes through authentication, authentication service
Identity token can be issued to user, user can be carried out cross-domain access after holding identity token.But identity token is in cross-domain mistake
There is the risk kidnapped by third party in journey, once illegally kidnapped by third party, third party can rely on true identity
Token launches a offensive to application system and network, it will comes with serious consequence.
Therefore, the protection transmitted between token security domain is just particularly important.
Summary of the invention
The present invention is caused to pacify to overcome between security domain in the prior art token transmission to exist by the risk that third party kidnaps
Universe is easy the problem of being attacked, and provides a kind of cross-domain transmission method of the token based on shared key.
On the one hand, the present invention provides a kind of cross-domain transmission method of the token based on shared key, comprising:
The ID authentication request that visitor sends is received, the ID authentication request is authenticated, if authenticating successfully,
Generate target spoke;
A random number is generated according to system time, as the first private key, using preset first algorithm according to described the
One private key and preconfigured first security parameter obtain the first public key;
First public key is sent to the visitor so that the visitor according to system time generate one with
Machine number is joined as the second private key, and using preset second algorithm according to second private key and preconfigured second safety
Number obtains the second public key;
The second public key that the visitor sends is received, using preset third algorithm according to second public key and first
Private key and the first security parameter obtain the first shared key, are added according to first shared key to the target spoke
It is close, encrypted target spoke is sent to the visitor so that the visitor using preset 4th algorithm according to
First public key and the second private key and the second security parameter obtain the second shared key, and according to second shared key
Encrypted target spoke is decrypted;
Wherein, first security parameter is identical with second security parameter, and first algorithm and described second is calculated
Method is identical, and the third algorithm is identical with the 4th algorithm.
Preferably, described to utilize preset first algorithm according to first private key and preconfigured first security parameter
The first public key is obtained, before further include:
It is pre-configured with first security parameter, and presets first algorithm and third algorithm.
Preferably, first security parameter and the second security parameter include the primitive root and additional parameter of prime number, prime number.
Preferably, first algorithm and the second algorithm are as follows:
Key=gRmod p;
Wherein, key is public key;R is private key;P is prime number;G is the primitive root of prime number p.
Preferably, the third algorithm and the 4th algorithm are as follows:
Share key=keyRmod p+m;
Wherein, Share key is shared key;Key is public key;R is private key;P is prime number;G is the primitive root of prime number p;M is
Additional parameter.
On the one hand, the present invention provides a kind of cross-domain transmission method of the token based on shared key, comprising:
ID authentication request is sent to interviewee, so that the interviewee authenticates the ID authentication request,
And target spoke is generated after authenticating successfully, and a random number is generated according to system time, as the first private key, using pre-
If the first algorithm the first public key is obtained according to first private key and preconfigured first security parameter;
The first public key that the interviewee sends is received, a random number is generated according to system time, as the second private key,
The second public key is obtained according to second private key and preconfigured second security parameter using preset second algorithm;
Second public key is sent to the interviewee so that the interviewee using preset third algorithm according to
Second public key and the first private key and the first security parameter obtain the first shared key, and according to first shared key
The target spoke is encrypted;
Receive the encrypted target spoke that interviewee sends, using preset 4th algorithm according to first public key and
Second private key and the second security parameter obtain the second shared key, are enabled according to second shared key to encrypted target
Board is decrypted;
Wherein, first security parameter is identical with second security parameter, and first algorithm and described second is calculated
Method is identical, and the third algorithm is identical with the 4th algorithm.
Preferably, described to utilize preset second algorithm according to second private key and preconfigured second security parameter
The second public key is obtained, before further include:
It is pre-configured with second security parameter, and presets second algorithm and the 4th algorithm.
Preferably, first security parameter and the second security parameter include the primitive root and additional parameter of prime number, prime number.
On the one hand, the present invention provides a kind of electronic equipment, comprising:
At least one processor;And
At least one processor being connect with the processor communication, in which:
The memory is stored with the program instruction that can be executed by the processor, and the processor calls described program to refer to
Enable the interviewee end transmission method for being able to carry out the cross-domain transmission method of token based on shared key and its any alternative embodiment
The method.
On the one hand, the present invention provides a kind of electronic equipment, comprising:
At least one processor;And
At least one processor being connect with the processor communication, in which:
The memory is stored with the program instruction that can be executed by the processor, and the processor calls described program to refer to
Enable the visitor end transmission method for being able to carry out the cross-domain transmission method of token based on shared key and its any alternative embodiment
The method.
The cross-domain transmission method of a kind of token based on shared key provided by the invention, when two security domains carry out cross-domain visit
When asking, interviewee before sending target spoke to visitor, using preset algorithm according to preconfigured security parameter and
The public key that the private key generated at random and visitor send obtains the first shared key, and is enabled using the first shared key to target
Board is encrypted, and encrypted target spoke is sent to visitor, and visitor recycles preset algorithm according to matching in advance
The public key that the security parameter set and the private key generated at random and interviewee send obtains the second shared key, and total using second
Target spoke after enjoying key pair encryption is decrypted.Interviewee and the pre-set security parameter of visitor and calculation in this method
Method correspond to it is identical, so as to effectively ensure generate the first shared key it is identical with the second shared key, while first share it is close
The generation of key and the second shared key respectively depend on interviewee and the preconfigured security parameter of visitor and algorithm and with
The private key that machine generates, can effectively ensure the safety of the first shared key and the second shared key, and then can effectively ensure target
The safety of token attacks interviewee using target spoke to can effectively avoid third party.
Detailed description of the invention
Fig. 1 is a kind of overall flow signal of the cross-domain transmission method of token based on shared key of the embodiment of the present invention
Figure;
Fig. 2 is a kind of overall flow signal of the cross-domain transmission method of token based on shared key of the embodiment of the present invention
Figure;
Fig. 3 is a kind of structural framing schematic diagram of interviewee end electronic equipment of the embodiment of the present invention;
Fig. 4 is a kind of structural framing schematic diagram of visitor end electronic equipment of the embodiment of the present invention.
Specific embodiment
With reference to the accompanying drawings and examples, specific embodiments of the present invention will be described in further detail.Implement below
Example is not intended to limit the scope of the invention for illustrating the present invention.
It should be noted that in cross-domain access, two security domains for carrying out cross-domain access are respectively visitor and interviewed
Person.When visitor needs to carry out cross-domain access to interviewee, visitor needs to interviewee's transmission ID authentication request, then by
Interviewee authenticates the ID authentication request of visitor, if authenticating successfully, issues token to visitor, i.e., by interviewee
Token is transferred to visitor.In order to realize the safe transmission of token, the present invention provide it is a kind of based on the token of shared key across
Domain transmission method.
The present embodiment using interviewee as executing subject, to the cross-domain transmission method of the token based on shared key of the invention into
Row illustrates.Fig. 1 is that a kind of overall flow of the cross-domain transmission method of token based on shared key of the embodiment of the present invention is shown
It is intended to, as shown in Figure 1, the present invention provides a kind of cross-domain transmission method of the token based on shared key, comprising:
S1 receives the ID authentication request that visitor sends, authenticates to ID authentication request, if authenticating successfully,
Generate target spoke;
Specifically, when visitor needs to access to interviewee, visitor need to send identity to interviewee and recognize first
Card request authenticates the ID authentication request after interviewee receives the ID authentication request of visitor's transmission, if certification
Success, then generate the corresponding identity token of visitor, as target spoke.Visitor can be to interviewee by the target spoke
It accesses.
S2 generates a random number according to system time, as the first private key, using preset first algorithm according to first
Private key and preconfigured first security parameter obtain the first public key;
Specifically, target spoke need to be sent to visitor after generating target spoke by interviewee.In order to ensure target order
The safe transmission of board, in the present embodiment, interviewee need to add target spoke before target spoke is sent to visitor
It is close.
Firstly, interviewee generates a random number according to system time, and using the random number as the first private key.In this base
On plinth, interviewee is calculated according to the first private key and preconfigured first security parameter using preset first algorithm and obtains first
Public key.
First public key is sent to visitor by S3, so that visitor generates a random number according to system time, as
Second private key, and the second public affairs are obtained according to the second private key and preconfigured second security parameter using preset second algorithm
Key;
Specifically, the first public key is sent to visitor after calculating the first public key of acquisition by interviewee.Visitor is receiving
After the first public key sent to interviewee, that is, it can determine whether that interviewee exchanges public key intentionally at this time.On this basis, visitor according to
System time generates a random number, and using the random number as the second private key, recycles preset second algorithm according to second
Private key and preconfigured second security parameter obtain the second public key.Visitor is after calculating and obtaining the second public key, then by second
Public key is sent to interviewee.
S4 receives the second public key that visitor sends, using preset third algorithm according to the second public key and the first private key
And first security parameter obtain the first shared key, target spoke is encrypted according to the first shared key, after encryption
Target spoke be sent to visitor so that visitor using preset 4th algorithm according to the first public key and the second private key with
And second security parameter obtain the second shared key, and encrypted target spoke is decrypted according to the second shared key;
Wherein, the first security parameter and the second security parameter are identical, and the first algorithm and the second algorithm are identical, third algorithm and
4th algorithm is identical.
Specifically, interviewee receives the second public key that visitor sends, and using preset third algorithm according to the second public affairs
Key and the first private key and the first security parameter, which calculate, obtains the first shared key.After calculating the first shared key of acquisition, by
Visit person encrypts target spoke further according to the first shared key, and encrypted target spoke is sent to visitor.
Visitor is after the encrypted target spoke for receiving interviewee's transmission, in order to solve to target spoke
It is close, at this point, visitor recycles preset 4th algorithm to be obtained according to the first public key and the second private key and the second security parameter
Second shared key, and finally encrypted target spoke is decrypted according to the second shared key.Visitor as a result,
It is accessed by the target spoke after decryption to interviewee.
It should be noted that the first security parameter, the first algorithm and third algorithm in above method step are interviewed
Person end is pre-set, and the second security parameter, the second algorithm and the 4th algorithm are pre-set at visitor end.In addition, this
In embodiment, the first security parameter and the second security parameter are identical, and the first algorithm and the second algorithm are identical, third algorithm and the 4th
Algorithm is identical, thus, it can be ensured that the second shared key that the first shared key and visitor end that interviewee end generates generate
It is identical.On the basis of ensuring that the first shared key and the second shared key are identical, when interviewee uses the first shared key pair
When target spoke is encrypted and is transferred to visitor, visitor then available identical with the first shared key second share it is close
Encrypted target spoke is decrypted in key.
It is understood that the first shared key is that interviewee end is public according to second using third algorithm in the present embodiment
Key and the first private key and the first security parameter calculate acquisition, and the second public key therein is that visitor end utilizes the second algorithm
It is obtained according to the second private key and the second security parameter.As can be seen that the generation of the first shared key depends on the first security parameter
With the second security parameter, the first private key and the second private key and the second algorithm and third algorithm.That is, for interviewee end,
First shared key obtains first that need to depend on itself preconfigured first security parameter, third algorithm and generate at random
Private key, and transmitted except the first security parameter, third algorithm and the not oriented interviewee of the first private key, i.e., third party at all can not
The first shared key of acquisition can not be calculated by obtaining the first security parameter, third algorithm and the first private key namely third party at all.By
This, can effectively ensure the safety of the first shared key.Similarly, it can also effectively ensure the safety of the second shared key.
On the basis of the above, interviewee target spoke is encrypted using the first shared key and be transferred to visitor it
Afterwards, it even if third party has intercepted encrypted target spoke, is shared since third party can not obtain the first shared key and second
Key, therefore third party can not also be decrypted target spoke, can effectively ensure the safety of target spoke, and then can be effective
Third party is avoided to attack using target spoke interviewee.
The cross-domain transmission method of a kind of token based on shared key provided by the invention, when two security domains carry out cross-domain visit
When asking, interviewee before sending target spoke to visitor, using preset algorithm according to preconfigured security parameter and
The public key that the private key generated at random and visitor send obtains the first shared key, and is enabled using the first shared key to target
Board is encrypted, and encrypted target spoke is sent to visitor, and visitor recycles preset algorithm according to matching in advance
The public key that the security parameter set and the private key generated at random and interviewee send obtains the second shared key, and total using second
Target spoke after enjoying key pair encryption is decrypted.Interviewee and the pre-set security parameter of visitor and calculation in this method
Method correspond to it is identical, so as to effectively ensure generate the first shared key it is identical with the second shared key, while first share it is close
The generation of key and the second shared key respectively depend on interviewee and the preconfigured security parameter of visitor and algorithm and with
The private key that machine generates, can effectively ensure the safety of the first shared key and the second shared key, and then can effectively ensure target
The safety of token attacks interviewee using target spoke to can effectively avoid third party.
Based on any of the above-described embodiment, a kind of cross-domain transmission method of the token based on shared key is provided, utilization is preset
First algorithm obtains the first public key according to the first private key and preconfigured first security parameter, before further include: be pre-configured with
First security parameter, and preset the first algorithm and third algorithm.
Specifically, in the present embodiment, interviewee using preset first algorithm according to the first private key and preconfigured
It before first security parameter obtains the first public key, also needs to be pre-configured with the first security parameter, and presets the first algorithm and the
Three algorithms.Accordingly, visitor end also needs to be pre-configured with the second security parameter, and presets the second algorithm and third algorithm.
Wherein, the first security parameter and the second security parameter are identical, and the first algorithm and the second algorithm are identical, and third algorithm and the 4th is calculated
Method is identical.
The cross-domain transmission method of a kind of token based on shared key provided by the invention, interviewee and visitor are carrying out mesh
Before marking token transmission, also needs that identical security parameter and algorithm is respectively configured at interviewee end and visitor end in advance, can have
The second shared key that effect ensures that the first shared key of interviewee's generation and visitor generate is identical.
Based on any of the above-described embodiment, a kind of cross-domain transmission method of the token based on shared key, the first safety ginseng are provided
Several and the second security parameter includes the primitive root and additional parameter of prime number, prime number.
Specifically, in the present embodiment, interviewee and preconfigured first security parameter of visitor and the second security parameter
Identical, and the first security parameter and the second security parameter respectively include three parameters, one of parameter is prime number, and the prime number
Prevailing value is larger, which is the foundation stone for guaranteeing to carry out safe transmission between interviewee and visitor.In addition, the prime number needs
Interviewee and visitor negotiate determination, and specific value can be configured according to actual needs, be not specifically limited herein.True
, can be using the primitive root of the prime number as another parameter after having determined prime number, while also needing to determine an additional parameter.That is, the first peace
Population parameter and the second security parameter respectively include prime number, the primitive root of prime number and additional parameter totally three parameters.
The cross-domain transmission method of a kind of token based on shared key provided by the invention, the first security parameter and the second safety
Parameter includes the primitive root and additional parameter of prime number, prime number, identical by being respectively configured in advance at interviewee end and visitor end
Security parameter, the second shared key that can effectively ensure that the first shared key of interviewee's generation and visitor generate are identical.
Based on any of the above-described embodiment, provide a kind of cross-domain transmission method of the token based on shared key, the first algorithm and
Second algorithm are as follows:
Key=gRmod p;
Wherein, key is public key;R is private key;P is prime number;G is the primitive root of prime number p.
Specifically, in the present embodiment, interviewee and visitor both ends preset the first algorithm and the second algorithm respectively, and
First algorithm and the second algorithm are identical.First algorithm and the second algorithm are as follows:
Key=gRmod p;
Wherein, key is public key;R is private key;P is prime number;G is the primitive root of prime number p.
According to above-mentioned algorithm it is found that for interviewee, the first public key is according to the first private key and the first security parameter
In prime number and prime number primitive root determine;For visitor, the second public key is according to the second private key and the second safety ginseng
What the primitive root of prime number and prime number in number determined.
Based on any of the above-described embodiment, provide a kind of cross-domain transmission method of the token based on shared key, third algorithm and
4th algorithm are as follows:
Share key=keyRmod p+m;
Wherein, Share key is shared key;Key is public key;R is private key;P is prime number;G is the primitive root of prime number p;M is
Additional parameter.
Specifically, in the present embodiment, interviewee and visitor both ends preset third algorithm and the 4th algorithm respectively, and
Third algorithm is identical with the 4th algorithm.Third algorithm and the 4th algorithm are as follows:
Share key=keyRmod p+m;
Wherein, Share key is shared key;Key is public key;R is private key;P is prime number;G is the primitive root of prime number p;M is
Additional parameter.
According to above-mentioned algorithm it is found that for interviewee, the first shared key is according to the second public key and the first private key
And first all parameters included by security parameter determine;For visitor, the second shared key is according to first
All parameters included by public key and the second private key and the second security parameter determine.
In order to facilitate understanding in above method embodiment the first shared key and the second shared key calculating process, now with
Following examples are specifically described:
Assuming that prime number p included in the first security parameter and the second security parameter of interviewee and the configuration of visitor both ends
It is 97;The primitive root g of prime number is 5;Additional parameter is 10.Simultaneously, it is assumed that the first private key that interviewee end generates at random is 36, second
Private key is 58.
On the basis of the above, interviewee end calculates the first public key keya=5^36mod 97=50mod 97=obtained
50;Visitor end calculates the second public key keyb=5^58mod 97=44mod 97=44 obtained.
Further, interviewee end calculates the first shared key share_key 1=44^36mod 97+10=obtained
75mod 97+10=85;Visitor end calculates the second shared key share_key 2=50^58mod 97+10=obtained
75mod 97+10=85.
As can be seen that by interviewee end and visitor end finally calculate the first shared key of acquisition and second share it is close
Key is identical.On this basis, interviewee encrypts target spoke using the first shared key, and encrypted target is enabled
Board is sent to visitor, and visitor then can use the second shared key identical with the first shared key to encrypted target
Token is decrypted.
The present embodiment using visitor as executing subject, to the cross-domain transmission method of the token based on shared key of the invention into
Row illustrates.Fig. 2 is that a kind of overall flow of the cross-domain transmission method of token based on shared key of the embodiment of the present invention is shown
It is intended to, as shown in Fig. 2, the present invention provides a kind of cross-domain transmission method of the token based on shared key, comprising:
S1 sends ID authentication request to interviewee, so that interviewee authenticates ID authentication request, and is recognizing
Target spoke is generated after demonstrate,proving successfully, and a random number is generated according to system time, as the first private key, utilizes preset the
One algorithm obtains the first public key according to the first private key and preconfigured first security parameter;
Specifically, when visitor needs to access to interviewee, visitor need to send identity to interviewee and recognize first
Card request authenticates the ID authentication request after interviewee receives the ID authentication request of visitor's transmission, if certification
Success, then generate the corresponding identity token of visitor, as target spoke.Visitor can be to interviewee by the target spoke
It accesses.
Target spoke need to be sent to visitor after generating target spoke by interviewee.In order to ensure the peace of target spoke
Complete to transmit, in the present embodiment, interviewee need to encrypt target spoke before target spoke is sent to visitor.Tool
Body, interviewee generates a random number according to system time, and using the random number as the first private key.On this basis, by
Visit person is calculated according to the first private key and preconfigured first security parameter using preset first algorithm and obtains the first public key.
S2, receives the first public key that interviewee sends, and generates a random number according to system time, as the second private key,
The second public key is obtained according to the second private key and preconfigured second security parameter using preset second algorithm;
Specifically, the first public key is sent to visitor after calculating the first public key of acquisition by interviewee.Visitor is receiving
After the first public key sent to interviewee, that is, it can determine whether that interviewee exchanges public key intentionally at this time.On this basis, visitor according to
System time generates a random number, and using the random number as the second private key, recycles preset second algorithm according to second
Private key and preconfigured second security parameter obtain the second public key.
Second public key is sent to interviewee by S3, so that interviewee is using preset third algorithm according to the second public key
The first shared key is obtained with the first private key and the first security parameter, and target spoke is added according to the first shared key
It is close;
Specifically, visitor is sent to interviewee after calculating the second public key of acquisition, then by the second public key.Interviewee receives
The second public key that visitor sends, and joined using preset third algorithm according to the second public key and the first private key and the first safety
Number, which calculates, obtains the first shared key.After calculating the first shared key of acquisition, interviewee is further according to the first shared key to mesh
Mark token is encrypted, and encrypted target spoke is sent to visitor.
S4 receives the encrypted target spoke that interviewee sends, using preset 4th algorithm according to the first public key and
Second private key and the second security parameter obtain the second shared key, according to the second shared key to encrypted target spoke into
Row decryption;
Wherein, the first security parameter and the second security parameter are identical, and the first algorithm and the second algorithm are identical, third algorithm and
4th algorithm is identical.
Specifically, visitor is after the encrypted target spoke for receiving interviewee's transmission, in order to target spoke
It is decrypted, at this point, visitor recycles preset 4th algorithm to be joined according to the first public key and the second private key and the second safety
Number obtains the second shared key, and finally encrypted target spoke is decrypted according to the second shared key.It accesses as a result,
Person can access to interviewee by the target spoke after decryption.
It should be noted that the first security parameter, the first algorithm and third algorithm in above method step are interviewed
Person end is pre-set, and the second security parameter, the second algorithm and the 4th algorithm are pre-set at visitor end.In addition, this
In embodiment, the first security parameter and the second security parameter are identical, and the first algorithm and the second algorithm are identical, third algorithm and the 4th
Algorithm is identical, thus, it can be ensured that the second shared key that the first shared key and visitor end that interviewee end generates generate
It is identical.On the basis of ensuring that the first shared key and the second shared key are identical, when interviewee uses the first shared key pair
When target spoke is encrypted and is transferred to visitor, visitor then available identical with the first shared key second share it is close
Encrypted target spoke is decrypted in key.
It is understood that the first shared key is that interviewee end is public according to second using third algorithm in the present embodiment
Key and the first private key and the first security parameter calculate acquisition, and the second public key therein is that visitor end utilizes the second algorithm
It is obtained according to the second private key and the second security parameter.As can be seen that the generation of the first shared key depends on the first security parameter
With the second security parameter, the first private key and the second private key and the second algorithm and third algorithm.That is, for interviewee end,
First shared key obtains first that need to depend on itself preconfigured first security parameter, third algorithm and generate at random
Private key, and transmitted except the first security parameter, third algorithm and the not oriented interviewee of the first private key, i.e., third party at all can not
The first shared key of acquisition can not be calculated by obtaining the first security parameter, third algorithm and the first private key namely third party at all.By
This, can effectively ensure the safety of the first shared key.Similarly, it can also effectively ensure the safety of the second shared key.
On the basis of the above, interviewee target spoke is encrypted using the first shared key and be transferred to visitor it
Afterwards, it even if third party has intercepted encrypted target spoke, is shared since third party can not obtain the first shared key and second
Key, therefore third party can not also be decrypted target spoke, can effectively ensure the safety of target spoke, and then can be effective
Third party is avoided to attack using target spoke interviewee.
The cross-domain transmission method of a kind of token based on shared key provided by the invention, when two security domains carry out cross-domain visit
When asking, interviewee before sending target spoke to visitor, using preset algorithm according to preconfigured security parameter and
The public key that the private key generated at random and visitor send obtains the first shared key, and is enabled using the first shared key to target
Board is encrypted, and encrypted target spoke is sent to visitor, and visitor recycles preset algorithm according to matching in advance
The public key that the security parameter set and the private key generated at random and interviewee send obtains the second shared key, and total using second
Target spoke after enjoying key pair encryption is decrypted.Interviewee and the pre-set security parameter of visitor and calculation in this method
Method correspond to it is identical, so as to effectively ensure generate the first shared key it is identical with the second shared key, while first share it is close
The generation of key and the second shared key respectively depend on interviewee and the preconfigured security parameter of visitor and algorithm and with
The private key that machine generates, can effectively ensure the safety of the first shared key and the second shared key, and then can effectively ensure target
The safety of token attacks interviewee using target spoke to can effectively avoid third party.
Based on any of the above-described embodiment, a kind of cross-domain transmission method of the token based on shared key is provided, utilization is preset
Second algorithm obtains the second public key according to the second private key and preconfigured second security parameter, before further include: be pre-configured with
Second security parameter, and preset the second algorithm and the 4th algorithm.
Specifically, in the present embodiment, visitor using preset second algorithm according to the second private key and preconfigured
It before second security parameter obtains the second public key, also needs to be pre-configured with the second security parameter, and presets the second algorithm and the
Four algorithms.Accordingly, interviewee end also needs to be pre-configured with the first security parameter, and presets the first algorithm and third algorithm.
Wherein, the first security parameter and the second security parameter are identical, and the first algorithm and the second algorithm are identical, and third algorithm and the 4th is calculated
Method is identical.
The cross-domain transmission method of a kind of token based on shared key provided by the invention, interviewee and visitor are carrying out mesh
Before marking token transmission, also needs that identical security parameter and algorithm is respectively configured at interviewee end and visitor end in advance, can have
The second shared key that effect ensures that the first shared key of interviewee's generation and visitor generate is identical.
Based on any of the above-described embodiment, a kind of cross-domain transmission method of the token based on shared key, the first safety ginseng are provided
Several and the second security parameter includes the primitive root and additional parameter of prime number, prime number.
Specifically, in the present embodiment, interviewee and preconfigured first security parameter of visitor and the second security parameter
Identical, and the first security parameter and the second security parameter respectively include three parameters, one of parameter is prime number, and the prime number
Prevailing value is larger, which is the foundation stone for guaranteeing to carry out safe transmission between interviewee and visitor.In addition, the prime number needs
Interviewee and visitor negotiate determination, and specific value can be configured according to actual needs, be not specifically limited herein.True
, can be using the primitive root of the prime number as another parameter after having determined prime number, while also needing to determine an additional parameter.That is, the first peace
Population parameter and the second security parameter respectively include prime number, the primitive root of prime number and additional parameter totally three parameters.
The cross-domain transmission method of a kind of token based on shared key provided by the invention, the first security parameter and the second safety
Parameter includes the primitive root and additional parameter of prime number, prime number, identical by being respectively configured in advance at interviewee end and visitor end
Security parameter, the second shared key that can effectively ensure that the first shared key of interviewee's generation and visitor generate are identical.
Fig. 3 shows a kind of structural block diagram of interviewee end electronic equipment of the embodiment of the present invention.Referring to Fig. 3, the electronics
Equipment, comprising: processor (processor) 31, memory (memory) 32 and bus 33;Wherein, it the processor 31 and deposits
Reservoir 32 completes mutual communication by the bus 33;The processor 31 is used to call the program in the memory 32
Instruction, to execute method provided by the embodiment of the method for above-mentioned interviewee end, for example, receive the identity that visitor sends and recognize
Card request, authenticates ID authentication request, if authenticating successfully, generates target spoke;One is generated according to system time
Random number is obtained using preset first algorithm according to the first private key and preconfigured first security parameter as the first private key
Obtain the first public key;First public key is sent to visitor, so that visitor generates a random number according to system time, as
Second private key, and the second public affairs are obtained according to the second private key and preconfigured second security parameter using preset second algorithm
Key;The second public key that visitor sends is received, using preset third algorithm according to the second public key and the first private key and first
Security parameter obtains the first shared key, is encrypted according to the first shared key to target spoke, encrypted target is enabled
Board is sent to visitor, so that visitor is pacified using preset 4th algorithm according to the first public key and the second private key and second
Population parameter obtains the second shared key, and encrypted target spoke is decrypted according to the second shared key.
Fig. 4 shows a kind of structural block diagram of visitor end electronic equipment of the embodiment of the present invention.Referring to Fig. 4, the electronics
Equipment, comprising: processor (processor) 41, memory (memory) 42 and bus 43;Wherein, it the processor 41 and deposits
Reservoir 42 completes mutual communication by the bus 43;The processor 41 is used to call the program in the memory 42
Instruction, to execute method provided by the embodiment of the method for above-mentioned visitor end, for example, send authentication to interviewee and ask
It asks, so that interviewee authenticates ID authentication request, and generates target spoke after authenticating successfully, and according to system
Time generates a random number, as the first private key, using preset first algorithm according to the first private key and preconfigured the
One security parameter obtains the first public key;The first public key that interviewee sends is received, a random number is generated according to system time, is made
For the second private key, the second public affairs are obtained according to the second private key and preconfigured second security parameter using preset second algorithm
Key;Second public key is sent to interviewee, so that interviewee is private according to the second public key and first using preset third algorithm
Key and the first security parameter obtain the first shared key, and are encrypted according to the first shared key to target spoke;It receives
The encrypted target spoke that interviewee sends, using preset 4th algorithm according to the first public key and the second private key and second
Security parameter obtains the second shared key, and encrypted target spoke is decrypted according to the second shared key.
The present embodiment discloses a kind of computer program product, and the computer program product includes being stored in non-transient calculating
Computer program on machine readable storage medium storing program for executing, the computer program include program instruction, when described program instruction is calculated
When machine executes, computer is able to carry out method provided by the embodiment of the method for above-mentioned interviewee end, for example, receives visitor
The ID authentication request of transmission, authenticates ID authentication request, if authenticating successfully, generates target spoke;According to system
Time generates a random number, as the first private key, using preset first algorithm according to the first private key and preconfigured the
One security parameter obtains the first public key;First public key is sent to visitor, so that visitor generates one according to system time
A random number is joined as the second private key, and using preset second algorithm according to the second private key and preconfigured second safety
Number obtains the second public key;The second public key that visitor sends is received, using preset third algorithm according to the second public key and first
Private key and the first security parameter obtain the first shared key, are encrypted, will be added to target spoke according to the first shared key
Target spoke after close is sent to visitor, so that visitor is private according to the first public key and second using preset 4th algorithm
Key and the second security parameter obtain the second shared key, and are solved according to the second shared key to encrypted target spoke
It is close.
The present embodiment discloses a kind of computer program product, and the computer program product includes being stored in non-transient calculating
Computer program on machine readable storage medium storing program for executing, the computer program include program instruction, when described program instruction is calculated
When machine executes, computer is able to carry out method provided by the embodiment of the method for above-mentioned visitor end, for example, sends out to interviewee
ID authentication request is sent, so that interviewee authenticates ID authentication request, and target is generated after authenticating successfully and enables
Board, an and random number is generated according to system time, as the first private key, using preset first algorithm according to the first private key and
Preconfigured first security parameter obtains the first public key;The first public key that interviewee sends is received, is generated according to system time
One random number is joined using preset second algorithm according to the second private key and preconfigured second safety as the second private key
Number obtains the second public key;Second public key is sent to interviewee, so that interviewee is using preset third algorithm according to second
Public key and the first private key and the first security parameter obtain the first shared key, and according to the first shared key to target spoke into
Row encryption;The encrypted target spoke that interviewee sends is received, using preset 4th algorithm according to the first public key and second
Private key and the second security parameter obtain the second shared key, are solved according to the second shared key to encrypted target spoke
It is close.
The present embodiment provides a kind of non-transient computer readable storage medium, the non-transient computer readable storage medium
Computer instruction is stored, the computer instruction makes the computer execute side provided by the embodiment of the method for above-mentioned interviewee end
Method, for example, the ID authentication request that visitor sends is received, ID authentication request is authenticated, if authenticating successfully,
Generate target spoke;A random number is generated according to system time, as the first private key, using preset first algorithm according to the
One private key and preconfigured first security parameter obtain the first public key;First public key is sent to visitor, so that access
Person generates a random number according to system time, as the second private key, and using preset second algorithm according to the second private key and
Preconfigured second security parameter obtains the second public key;The second public key that visitor sends is received, is calculated using preset third
Method obtains the first shared key according to the second public key and the first private key and the first security parameter, according to the first shared key to mesh
Mark token is encrypted, and encrypted target spoke is sent to visitor, so that visitor utilizes preset 4th algorithm
The second shared key is obtained according to the first public key and the second private key and the second security parameter, and according to the second shared key to adding
Target spoke after close is decrypted.
The present embodiment provides a kind of non-transient computer readable storage medium, the non-transient computer readable storage medium
Computer instruction is stored, the computer instruction makes the computer execute side provided by the embodiment of the method for above-mentioned visitor end
Method, for example, ID authentication request is sent to interviewee, so that interviewee authenticates ID authentication request, and
Target spoke is generated after authenticating successfully, and a random number is generated according to system time, and as the first private key, utilization is preset
First algorithm obtains the first public key according to the first private key and preconfigured first security parameter;Receive interviewee sends first
Public key generates a random number according to system time, as the second private key, using preset second algorithm according to the second private key and
Preconfigured second security parameter obtains the second public key;Second public key is sent to interviewee, so that interviewee is using in advance
If third algorithm the first shared key is obtained according to the second public key and the first private key and the first security parameter, and according to first
Shared key encrypts target spoke;The encrypted target spoke that interviewee sends is received, is calculated using the preset 4th
Method obtains the second shared key according to the first public key and the second private key and the second security parameter, according to the second shared key to adding
Target spoke after close is decrypted.
Those of ordinary skill in the art will appreciate that: realize that all or part of the steps of above method embodiment can pass through
The relevant hardware of program instruction is completed, and program above-mentioned can be stored in a computer readable storage medium, the program
When being executed, step including the steps of the foregoing method embodiments is executed;And storage medium above-mentioned includes: ROM, RAM, magnetic disk or light
The various media that can store program code such as disk.
The embodiments such as electronic equipment described above are only schematical, wherein it is described as illustrated by the separation member
Unit may or may not be physically separated, and component shown as a unit may or may not be object
Manage unit, it can it is in one place, or may be distributed over multiple network units.It can select according to the actual needs
Some or all of the modules therein is selected to achieve the purpose of the solution of this embodiment.Those of ordinary skill in the art are not paying wound
In the case where the labour for the property made, it can understand and implement.
Through the above description of the embodiments, those skilled in the art can be understood that each embodiment can
It realizes by means of software and necessary general hardware platform, naturally it is also possible to pass through hardware.Based on this understanding, on
Stating technical solution, substantially the part that contributes to existing technology can be embodied in the form of software products in other words, should
Computer software product may be stored in a computer readable storage medium, such as ROM/RAM, magnetic disk, CD, including several fingers
It enables and using so that a computer equipment (can be personal computer, server or the network equipment etc.) executes each implementation
Method described in certain parts of example or embodiment.
Finally, the present processes are only preferable embodiment, it is not intended to limit the scope of the present invention.It is all
Within the spirit and principles in the present invention, any modification, equivalent replacement, improvement and so on should be included in protection of the invention
Within the scope of.
Claims (10)
1. a kind of cross-domain transmission method of token based on shared key characterized by comprising
The ID authentication request that visitor sends is received, the ID authentication request is authenticated, if authenticating successfully, is generated
Target spoke;
A random number is generated according to system time, it is private according to described first using preset first algorithm as the first private key
Key and preconfigured first security parameter obtain the first public key;
First public key is sent to the visitor, so that the visitor generates one at random according to system time
Number, as the second private key, and using preset second algorithm according to second private key and preconfigured second security parameter
Obtain the second public key;
The second public key that the visitor sends is received, using preset third algorithm according to second public key and the first private key
And first security parameter obtain the first shared key, the target spoke is encrypted according to first shared key,
Encrypted target spoke is sent to the visitor, so that the visitor is using preset 4th algorithm according to
First public key and the second private key and the second security parameter obtain the second shared key, and according to second shared key to adding
Target spoke after close is decrypted;
Wherein, first security parameter is identical with second security parameter, first algorithm and the second algorithm phase
Together, the third algorithm is identical with the 4th algorithm.
2. the method according to claim 1, wherein described private according to described first using preset first algorithm
Key and preconfigured first security parameter obtain the first public key, before further include:
It is pre-configured with first security parameter, and presets first algorithm and third algorithm.
3. the method according to claim 1, wherein first security parameter and the second security parameter include element
The primitive root and additional parameter of number, prime number.
4. according to the method described in claim 3, it is characterized in that, first algorithm and the second algorithm are as follows:
Key=gRmod p;
Wherein, key is public key;R is private key;P is prime number;G is the primitive root of prime number p.
5. according to the method described in claim 3, it is characterized in that, the third algorithm and the 4th algorithm are as follows:
Share key=keyRmod p+m;
Wherein, Share key is shared key;Key is public key;R is private key;P is prime number;G is the primitive root of prime number p;M is additional
Parameter.
6. a kind of cross-domain transmission method of token based on shared key characterized by comprising
ID authentication request is sent to interviewee, so that the interviewee authenticates the ID authentication request, and
Target spoke is generated after authenticating successfully, and a random number is generated according to system time, and as the first private key, utilization is preset
First algorithm obtains the first public key according to first private key and preconfigured first security parameter;
The first public key that the interviewee sends is received, a random number is generated according to system time, as the second private key, is utilized
Preset second algorithm obtains the second public key according to second private key and preconfigured second security parameter;
Second public key is sent to the interviewee, so that the interviewee is using preset third algorithm according to
Second public key and the first private key and the first security parameter obtain the first shared key, and according to first shared key to institute
Target spoke is stated to be encrypted;
The encrypted target spoke that interviewee sends is received, using preset 4th algorithm according to first public key and second
Private key and the second security parameter obtain the second shared key, according to second shared key to encrypted target spoke into
Row decryption;
Wherein, first security parameter is identical with second security parameter, first algorithm and the second algorithm phase
Together, the third algorithm is identical with the 4th algorithm.
7. according to the method described in claim 6, it is characterized in that, described private according to described second using preset second algorithm
Key and preconfigured second security parameter obtain the second public key, before further include:
It is pre-configured with second security parameter, and presets second algorithm and the 4th algorithm.
8. according to the method described in claim 6, it is characterized in that, first security parameter and the second security parameter include element
The primitive root and additional parameter of number, prime number.
9. a kind of electronic equipment characterized by comprising
At least one processor;And
At least one processor being connect with the processor communication, in which:
The memory is stored with the program instruction that can be executed by the processor, and the processor calls described program to instruct energy
Enough execute method as claimed in claim 1 to 5.
10. a kind of electronic equipment characterized by comprising
At least one processor;And
At least one processor being connect with the processor communication, in which:
The memory is stored with the program instruction that can be executed by the processor, and the processor calls described program to instruct energy
Enough methods executed as described in claim 6 to 8 is any.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810922170.3A CN109194484A (en) | 2018-08-14 | 2018-08-14 | A kind of cross-domain transmission method of token based on shared key |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810922170.3A CN109194484A (en) | 2018-08-14 | 2018-08-14 | A kind of cross-domain transmission method of token based on shared key |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109194484A true CN109194484A (en) | 2019-01-11 |
Family
ID=64921442
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810922170.3A Pending CN109194484A (en) | 2018-08-14 | 2018-08-14 | A kind of cross-domain transmission method of token based on shared key |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109194484A (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2020233033A1 (en) * | 2019-05-20 | 2020-11-26 | 深圳壹账通智能科技有限公司 | Information interaction method, device and storage medium |
CN112565189A (en) * | 2020-11-04 | 2021-03-26 | 国网安徽省电力有限公司信息通信分公司 | Access control system based on cloud computing data security |
CN113114627A (en) * | 2021-03-19 | 2021-07-13 | 京东数科海益信息科技有限公司 | Secure data interaction method and system based on key exchange |
CN113950802A (en) * | 2019-08-22 | 2022-01-18 | 华为技术有限公司 | Gateway apparatus and method for performing site-to-site communication |
CN114389833A (en) * | 2020-10-02 | 2022-04-22 | 辉达公司 | Token-based zero-touch registration for provisioning edge computing applications |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1477810A (en) * | 2003-06-12 | 2004-02-25 | 上海格尔软件股份有限公司 | Dynamic password authentication method based on digital certificate implement |
US20160070894A1 (en) * | 2014-09-07 | 2016-03-10 | Michael Boodaei | Authentication method and system using password as the authentication key |
CN105791359A (en) * | 2014-12-24 | 2016-07-20 | 慧贤网智有限公司 | Internet of things system and data interaction method |
CN107104888A (en) * | 2017-06-09 | 2017-08-29 | 成都轻车快马网络科技有限公司 | A kind of safe instant communicating method |
CN108092776A (en) * | 2017-12-04 | 2018-05-29 | 南京南瑞信息通信科技有限公司 | A kind of authentication server and authentication token |
-
2018
- 2018-08-14 CN CN201810922170.3A patent/CN109194484A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1477810A (en) * | 2003-06-12 | 2004-02-25 | 上海格尔软件股份有限公司 | Dynamic password authentication method based on digital certificate implement |
US20160070894A1 (en) * | 2014-09-07 | 2016-03-10 | Michael Boodaei | Authentication method and system using password as the authentication key |
CN105791359A (en) * | 2014-12-24 | 2016-07-20 | 慧贤网智有限公司 | Internet of things system and data interaction method |
CN107104888A (en) * | 2017-06-09 | 2017-08-29 | 成都轻车快马网络科技有限公司 | A kind of safe instant communicating method |
CN108092776A (en) * | 2017-12-04 | 2018-05-29 | 南京南瑞信息通信科技有限公司 | A kind of authentication server and authentication token |
Non-Patent Citations (1)
Title |
---|
刘清堂、章光琼: "Diffie-Hellman算法", 《标准化教育资源的版权保护机制研究》 * |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2020233033A1 (en) * | 2019-05-20 | 2020-11-26 | 深圳壹账通智能科技有限公司 | Information interaction method, device and storage medium |
CN113950802A (en) * | 2019-08-22 | 2022-01-18 | 华为技术有限公司 | Gateway apparatus and method for performing site-to-site communication |
CN113950802B (en) * | 2019-08-22 | 2023-09-01 | 华为云计算技术有限公司 | Gateway device and method for performing site-to-site communication |
CN114389833A (en) * | 2020-10-02 | 2022-04-22 | 辉达公司 | Token-based zero-touch registration for provisioning edge computing applications |
CN112565189A (en) * | 2020-11-04 | 2021-03-26 | 国网安徽省电力有限公司信息通信分公司 | Access control system based on cloud computing data security |
CN113114627A (en) * | 2021-03-19 | 2021-07-13 | 京东数科海益信息科技有限公司 | Secure data interaction method and system based on key exchange |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109309565B (en) | Security authentication method and device | |
JP6990690B2 (en) | Methods and systems implemented by blockchain | |
CN109194484A (en) | A kind of cross-domain transmission method of token based on shared key | |
EP3005608B1 (en) | Authentication | |
CN105007577B (en) | A kind of virtual SIM card parameter management method, mobile terminal and server | |
EP2639997B1 (en) | Method and system for secure access of a first computer to a second computer | |
JP5562687B2 (en) | Securing communications sent by a first user to a second user | |
US8971540B2 (en) | Authentication | |
KR101634158B1 (en) | Method for authenticating identity and generating share key | |
US9106644B2 (en) | Authentication | |
CN109003083A (en) | A kind of ca authentication method, apparatus and electronic equipment based on block chain | |
CN106790090A (en) | Communication means, apparatus and system based on SSL | |
CN105915338B (en) | Generate the method and system of key | |
CA2502134A1 (en) | Inter-authentication method and device | |
CN108768633A (en) | Realize the method and device of information sharing in block chain | |
CN104901809B (en) | Remote authentication protocol method based on password and smart card | |
CN107920052B (en) | Encryption method and intelligent device | |
CN110138548B (en) | Quantum communication service station key negotiation method and system based on asymmetric key pool pair and DH protocol | |
CN112989426B (en) | Authorization authentication method and device, and resource access token acquisition method | |
CN109858201A (en) | A kind of security software pattern switching authorization method, client and server-side | |
CN105577377A (en) | Identity-based authentication method and identity-based authentication system with secret key negotiation | |
CN110505055A (en) | Based on unsymmetrical key pond to and key card outer net access identity authentication method and system | |
CN110176989B (en) | Quantum communication service station identity authentication method and system based on asymmetric key pool | |
Yang et al. | Towards practical anonymous password authentication | |
CN113626794A (en) | Authentication and key agreement method, system and application in client/server mode |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190111 |