CN112149069A - Generation method, use method and device of authorization check character string - Google Patents
Generation method, use method and device of authorization check character string Download PDFInfo
- Publication number
- CN112149069A CN112149069A CN201910570470.4A CN201910570470A CN112149069A CN 112149069 A CN112149069 A CN 112149069A CN 201910570470 A CN201910570470 A CN 201910570470A CN 112149069 A CN112149069 A CN 112149069A
- Authority
- CN
- China
- Prior art keywords
- field
- user operation
- fields
- character string
- authorization check
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Document Processing Apparatus (AREA)
Abstract
The invention relates to a method and a device for generating and using an authorization check character string, relating to an authentication check technology. Disclosed herein is a method for generating an authorization check string, including: respectively encoding authorization verification information corresponding to user operation to obtain at least a creation time field and a unique identification field, wherein the creation time field indicates occurrence time of the user operation, and the unique identification field indicates identification information corresponding to the user operation; distributing a random number for the user operation, and coding the random number to obtain a random field; calculating all fields generated according to the authorization verification information corresponding to the user operation and random fields to obtain a verification code field; and combining all the fields according to a preset mode to generate an authorization check character string for indicating authorization check information corresponding to the current user operation. The operation of calling the authorization check information is omitted, and the authentication process is simplified.
Description
Technical Field
The present disclosure relates to authentication verification technologies, and in particular, to a generation and usage scheme for an authorization verification string.
Background
In the related art, the following method is generally adopted for obtaining the authorization check information:
the front end requests for operating user authority and access operation actions one by one, acquires data from a client, compares the acquired data with stored user data through calculation, checks authority range and validity, and further confirms whether current operation can be performed or not.
And secondly, when the front end calls the authority information of the current user, the back end is adopted to encrypt and return data, the front end obtains the data of the user from the back end and then decrypts the data, and then comparison and confirmation of the authority range and the legality are still carried out in the same way as the first mode.
And thirdly, when the request is carried out, transmitting the representative mark of the current operation user to the back end in a cookie mode, then carrying out calculation and request on the lower-layer storage device or the cache device by the back end, then checking whether the current user has the authority and the legality of the request by the back end, and if the current user is legal, successfully requesting and returning result information corresponding to the request. The authentication information in this manner is obtained by calling the storage device or the third party interface.
Disclosure of Invention
In order to overcome the problems in the related art, the invention provides a generation method, a use method and a device of an authorization check character string.
According to a first aspect herein, there is provided a method of generating an authorization check string, comprising:
respectively encoding authorization verification information corresponding to user operation to obtain at least a creation time field and a unique identification field, wherein the creation time field indicates occurrence time of the user operation, and the unique identification field indicates identification information corresponding to the user operation;
distributing a random number for the user operation, and coding the random number to obtain a random field;
calculating all fields generated according to the authorization verification information corresponding to the user operation and random fields to obtain a verification code field;
and combining all the fields according to a preset mode to generate an authorization check character string for indicating authorization check information corresponding to the current user operation.
Optionally, in the method, the combining all the fields according to a preset manner to generate an authorization check character string includes:
and sequentially combining all the fields according to a set sequence, adding preset fixed characters between each field, and finally generating an authorization check character string.
Optionally, in the foregoing method, when the authorization check information corresponding to the user operation is encoded, one or more of the following fields are further obtained:
an expiration time field indicating an expiration time of the user operation;
a redundancy field indicating a module, product line, or other identifier involved in a user operation;
a type field indicating the type of service the user operation relates to.
Optionally, in the method, before combining all the fields according to a preset manner, the method further includes:
generating an extension identifier according to extension information of authorization verification corresponding to user operation, wherein the extension information of authorization verification comprises information associated with the user operation;
at this time, all the fields are combined according to a preset mode to generate an authorization check character string, including:
and combining all the fields and the extended identifier according to a preset mode to generate an authorization check character string.
Optionally, in the foregoing method, when the authorization check information corresponding to the user operation is encoded respectively, the authorization check information is encoded according to a preset encoding manner to obtain a plurality of fields, where the preset encoding manner corresponding to each field is the same or different.
According to another aspect herein, there is provided a method of using an authorization check string, comprising:
splitting the acquired authorization check character string according to a preset mode, and obtaining at least a random field, a creation time field, a unique identification field and a check code field after splitting;
and if the other fields in the authorization check character string are determined to be correct and valid through the check code field, decoding the creation time field and the unique identification field obtained by splitting respectively to obtain the occurrence time of the user operation and the identification information corresponding to the user operation, wherein the occurrence time of the user operation and the identification information corresponding to the user operation belong to the authorization check information corresponding to the user operation.
Optionally, in the foregoing method, the splitting the authorized check character string in a preset manner, and obtaining at least a random field, a creation time field, a unique identification field, and a check code field after the splitting includes:
searching preset fixed characters in the authorization check character string, taking each searched fixed character as a division identifier, splitting the authorization check character string into a plurality of fields, wherein the plurality of fields obtained through splitting at least comprise a random field, a creation time field, a unique identification field and a check code field, and each field obtained through splitting does not contain the fixed character.
Optionally, in the above method, the obtained authorized verification character string is split according to a preset manner, and after the obtained authorized verification character string is split, one or more of the following fields are obtained:
an expiration time field indicating an expiration time of the user operation;
a redundancy field indicating a module, product line, or other identifier involved in a user operation;
a type field indicating the type of service the user operation relates to.
Optionally, in the above method, the obtained authorization check character string is split according to a preset manner, and an extension identifier is further obtained after the splitting, where the extension identifier is used to indicate extension information of authorization check corresponding to a user operation, and the extension information of authorization check includes information associated with the user operation.
Optionally, in the foregoing method, decoding the fields obtained by splitting respectively includes:
and respectively decoding the fields obtained by splitting according to a preset decoding mode, wherein the preset decoding modes corresponding to each field are the same or different.
According to another aspect of this document, there is provided an apparatus for generating an authorization check string, including:
the first coding module is used for coding authorization check information corresponding to user operation respectively to obtain at least a creation time field and a unique identification field, wherein the creation time field indicates the occurrence time of the user operation, and the unique identification field indicates identification information corresponding to the user operation;
the second coding module is used for distributing a random number for the user operation and coding the random number to obtain a random field;
the check code generation module is used for calculating all fields obtained by the first coding module and the second coding module to obtain a check code field;
and the character string generating module is used for combining all the fields obtained by the first coding module, the second coding module and the check code generating module according to a preset mode to generate an authorization check character string used for indicating authorization check information corresponding to the current user operation.
Optionally, in the above apparatus, the generating module of the character string combines all fields obtained by the first encoding module, the second encoding module, and the check code generating module according to a preset manner to generate the authorized check character string, including:
and combining all the obtained fields of the first coding module, the second coding module and the check code generating module in sequence according to a set sequence, adding preset fixed characters between each field, and finally generating an authorization check character string.
Optionally, in the above apparatus, when the first module respectively encodes the authorization check information corresponding to the user operation, one or more of the following fields are further obtained:
an expiration time field indicating an expiration time of the user operation;
a redundancy field indicating a module, product line, or other identifier involved in a user operation;
a type field indicating the type of service the user operation relates to.
Optionally, in the above apparatus, before the character string generating module combines all fields obtained by the first encoding module, the second encoding module, and the check code generating module according to a preset manner, the method further includes:
generating an extension identifier according to extension information of authorization verification corresponding to user operation, wherein the extension information of authorization verification comprises information associated with the user operation;
at this time, all the fields obtained by the first coding module, the second coding module and the check code generating module are combined according to a preset mode to generate an authorization check character string, including:
and combining all the fields and the extended identifier obtained by the first coding module, the second coding module and the check code generating module according to a preset mode to generate an authorization check character string.
Optionally, in the above apparatus, when the first encoding module encodes the authorization check information corresponding to the user operation, the first encoding module encodes the authorization check information according to a preset encoding method to obtain a plurality of fields, where the preset encoding method corresponding to each field is the same or different.
According to another aspect herein, there is provided an apparatus for using an authorization check character string, including:
the splitting module splits the acquired authorization check character string according to a preset mode, and at least obtains a random field, a creation time field, a unique identification field and a check code field after splitting;
and the decoding module is used for decoding the split creation time field and the unique identification field respectively to obtain the occurrence time of the user operation and the identification information corresponding to the user operation if the other fields in the authorization check character string are determined to be correct and valid through the check code field, wherein the occurrence time of the user operation and the identification information corresponding to the user operation belong to the authorization check information corresponding to the user operation.
Optionally, in the above apparatus, the splitting module splits the authorized check character string according to a preset manner, and obtains at least a random field, a creation time field, a unique identification field, and a check code field after splitting, including:
searching preset fixed characters in the authorization check character string, taking each searched fixed character as a division identifier, splitting the authorization check character string into a plurality of fields, wherein the plurality of fields obtained through splitting at least comprise a random field, a creation time field, a unique identification field and a check code field, and each field obtained through splitting does not contain the fixed character.
Optionally, in the above apparatus, the splitting module splits the obtained authorized check character string according to a preset manner, and after splitting, one or more of the following fields are obtained:
an expiration time field indicating an expiration time of the user operation;
a redundancy field indicating a module, product line, or other identifier involved in a user operation;
a type field indicating the type of service the user operation relates to.
Optionally, in the apparatus, the splitting module splits the obtained authorized check character string according to a preset manner, and obtains an extension identifier after the splitting, where the extension identifier is used to indicate extension information of authorized check corresponding to a user operation, and the extension information of authorized check includes information associated with the user operation.
Optionally, in the above apparatus, the decoding module respectively decodes the split fields, and includes:
and respectively decoding the fields obtained by splitting according to a preset decoding mode, wherein the preset decoding modes corresponding to each field are the same or different.
According to another aspect herein, there is provided a computer readable storage medium having stored thereon a computer program which, when executed, implements the steps of the method of generating an authorization check string as described above, or which, when executed, implements the steps of the method of using a method of authorizing a check string as described above.
According to another aspect of the present document, there is provided a computer device comprising a processor, a memory and a computer program stored on the memory, the processor implementing the steps of the method for generating an authorization check string as described above when executing the computer program, or implementing the steps of the method for using an authorization check string as described above when executing the computer program.
The character string is generated by encoding the user authorization check information (including the authority of user operation and the data of legality), so that for the authentication party, the operation of calling the authorization check information is omitted, and the authentication process is simplified.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the invention as claimed.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, are included to provide a further understanding of the disclosure, and are incorporated in and constitute a part of this specification. In the drawings:
fig. 1 is a flow chart illustrating a method for generating an authorization check string according to an exemplary embodiment.
FIG. 2 is a flow diagram illustrating a method for using an authorization check string in accordance with an exemplary embodiment.
Fig. 3 is a schematic structural diagram illustrating an apparatus for generating an authorization check string according to an exemplary embodiment.
Fig. 4 is a schematic structural diagram illustrating a device for using an authorization check character string according to an exemplary embodiment.
Detailed Description
To make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the drawings of the embodiments of the present invention, and it is obvious that the described embodiments are some but not all of the embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments herein without making any creative effort, shall fall within the scope of protection. It should be noted that the embodiments and features of the embodiments may be arbitrarily combined with each other without conflict.
Fig. 1 is a flowchart illustrating a method for generating an authorization check string according to an exemplary embodiment, including the following operations:
step S11, obtaining authorization verification information corresponding to user operation;
herein, the authorization check information corresponding to the user operation may be used to check the authority and validity of the operation.
Step S12, coding the obtained authorization check information according to a preset mode respectively, and obtaining a plurality of fields after coding;
herein, the plurality of fields obtained according to the authorization check information at least include: a creation time field and a unique identification field.
Wherein the creation time field may indicate occurrence time information of the user operation. For example, a millisecond timestamp of an authorization check character string generated by a device, a service or a system in the authorization check information may be used as occurrence time information of user operation, and the millisecond timestamp is encoded, and the creation time field is obtained after the millisecond timestamp is encoded.
The unique identification field may indicate identification information corresponding to a user operation. For example, the unique identifier of the authorization check character string in a certain dimension may be used as the identifier information corresponding to the user operation, and the unique identifier field may be obtained after encoding.
According to the fields generated by the authorization check information, besides the necessary creation time field and the unique identification field, any one or more of three fields of an expiration time field, a redundancy field and a type field can be added according to the requirements under different application scenarios.
For example, for a time-sensitive scenario (software usage authorization time limit or picture anti-theft chain validity period), an expiration time field may be added, which may indicate the expiration time of the user operation, e.g., the expiration time of the string request may be encoded as the expiration time of the user operation, resulting in the expiration time field.
For the scene that the module, the product line or other identifiers related to the user operation need to be identified, the redundant field can be obtained by encoding according to the specific information of the module, the product line or other identifiers related to the user operation.
For the service type (such as test, on-line, etc.) related to the user operation, which needs to be indicated, the type field can be obtained by encoding according to the specific service type information related to the user operation.
And when more information needs to be identified in a complex scene, encoding can be performed according to different information to obtain a corresponding field. In particular, the definitions for generating the various fields in the authorization check string can be seen in table 1.
TABLE 1 table of contents of definitions of fields that can generate authorization check strings
In table 1, "random field" is a necessary field that can be used to generate a unique string that is sufficiently confusing to effectively prevent brute force attempts, so the field suggests that a larger number is randomly generated, such as random numbers ranging from 100000000 to 999999999.
The "expiration time" is an optional field, but is useful for some scenarios, such as picture linking for a pickproof chain. If the character string with the expiration time is taken as the request parameter, the legality of a request can be ensured to be specified according to actual needs, so that an external user can be prevented from stealing resources through links.
The "redundant field" and the "type" are unnecessary fields, and can be distinguished according to the use and the type of the generated character string, the system or the machine identifier to which the generated character string belongs, and other dimensions. Namely, the product line, the department, the purpose of use, the system for generating the character string and the like which are involved in the operation of the user can be simply and conveniently judged through the 'redundant field' and the 'type'.
The 'creation time' is a necessary field, can be the time for generating the character string identification, and because the character string is directly exposed to the outside and can be easily taken by a malicious user, the field containing the creation time can effectively prevent the malicious user from carrying out a large number of violent attempts according to the field for a long time.
The 'unique identification' is a necessary field and is the most important content field representing the character string. For example, the request is for a user, then this field may identify the user's unique identification ID. For example, if the user action is for a blog article, then this field may identify a unique identification blog _ id for the blog article. For example, if the request is for the name of an authorized client, the field may be encoded in base64 and then used, and for chinese, the field may be encoded in base64 and then modified according to a certain rule, for example, a "suffix after encoding and generating" base64 "or" suffix "is subjected to a secondary replacement process with a rule, so that guessing by a malicious user can be effectively avoided from the character string itself.
The "check code" is a necessary field, which is calculated by taking the first few required fields as a code string and then by an internally agreed hash algorithm, i.e., the check code may be a hash value calculated by combining the fields after the fields are coded. An excellent hash algorithm such as sha256 and md5 can be adopted, a unique check code can be effectively generated, and the check code can be intercepted according to actual needs, so that the basis for checking whether the whole character string is correct or not can be provided.
Where the fields of table 1 regarding the numeric type require a binary translation, 36 binary (36 binary is 0-9, a-z) is used in this example. A62-ary representation (62-ary is 0-9, a-Z, A-Z) may also be used, as desired. Of course, a certain offset may be added according to actual situations, such as adding or subtracting a certain value to or from the original value, or adding some variation characters, etc., which is not particularly limited herein.
As can also be seen from table 1, in the process of encoding the authorization check information corresponding to the user operation to obtain the above fields, the same or different encoding modes may be used for different authorization check information. For example, if the occurrence time information of the user operation is a millisecond timestamp, the millisecond timestamp may be encoded in a binary conversion manner to obtain the creation time field. And when the identification information corresponding to the user operation is the user identification, the user identification can be coded according to a certain algorithm to obtain the unique identification field.
Step S13, distributing random numbers for user operation, coding the random numbers to obtain random fields;
wherein, one random number indicated by the random field may be an integer, which may be used for generation of the string check code.
Step S14, calculating according to all the fields obtained in the steps S12 and S13 to obtain a check code field;
and step S15, combining the obtained fields according to a preset mode to generate a character string.
In this example, the obtained multiple fields may be sequentially combined according to a set order, a preset fixed character is added between each group of fields to identify a division position between different fields (that is, the fixed character is inserted between different fields as a division identifier), and finally, an authorization check character string is generated.
For different service operations related to user operations, the number of fields carried by the authorization check character string may be different, and thus the position order of each field may be different. At this time, the preset mode adopted when combining the fields can configure the corresponding field position sequence for different services. Thus, when generating the authorization check character string, the position sequence of each field in the preset mode can be changed according to different business operations. For example, when the user operation relates to a certain type of service, the generated authorization check string only needs to include four necessary fields, namely a random field, creation time, a unique identifier and a check code field, and the combination of the four fields can be combined according to the first position sequence in the preset manner. When the number of fields carried by the generated authorization check character string is more than four fields, the fields can be determined to be sequentially combined at corresponding field positions in a preset mode according to the specific service related to the user operation.
In addition, in the generation process of the character string, an extension identifier may be further added to the character string, and the extension identifier may occupy 1 or more bits and is used to indicate extension information of the authorization check, where the extension information of the authorization check may be regarded as information associated with the authorization check. For example, an extension identifier may be added at the beginning or end of the string to indicate the rights of the client user, etc. The extension identifier may also be used as a reserved bit, which may be used to indicate information related to a specific authorization check in a subsequent extended service operation.
FIG. 2 is a flow diagram illustrating a method for using an authorization check string in accordance with an exemplary embodiment, including the operations of:
step S21, obtaining an authorization check character string;
in this step, the authorization check character string may be obtained from the server side, or issued by other network element devices.
Step S22, splitting the authorization check character string according to a preset mode to obtain a plurality of fields;
in this document, a fixed character splitting character string mode may be adopted, that is, preset fixed characters are searched from a character string, each searched fixed character is used as a division identifier, and the character string may be split into a plurality of fields. The fixed characters are only used for distinguishing different fields, so that each field obtained by splitting does not contain the fixed characters.
When the fields are obtained by splitting in the character string, the position sequence of the fields can be determined according to the service related to the user operation, and the obtained fields are confirmed, so that the corresponding coding mode can be correspondingly decoded according to the fields in the following.
And step S23, verifying whether the residual fields are correct and valid according to the obtained check code fields, entering step S24 if the residual fields are verified to be correct and valid, and ending the process if the residual fields are verified to be incorrect or invalid.
The check code field is a hash value obtained by combining all fields except the check code field in the character string so as to check the authenticity of all other fields.
And step S24, analyzing each field of the character string to obtain authorization check information corresponding to each group of fields.
In this example, the plurality of fields obtained by splitting the authorization check string at least include a random field, creation time, a unique identifier, and a check code.
The data obtained by analyzing the random field may be a random integer.
After the creation time field is parsed, time information of the user operation may be obtained, for example, a millisecond timestamp of the device or service or system generating the character string.
After the unique identification field is analyzed, a unique identifier in a certain dimension of the character string can be obtained, for example, the unique identifier representing the dimension of the user can be an actual ID of the user.
Besides the fields, for requirements under different application scenarios and extended requirements, on the basis of the four fields, the authorization check string may further include one or more of the following fields:
expiration time, redundant fields, type.
The field of the expiration time is analyzed, the expiration time of the user operation, for example, the expiration time containing the character string request, can be obtained, and the field is particularly suitable for software use authorization and the validity period of the picture anti-theft chain.
And analyzing the redundant field to obtain the module, product line or other identifiers related to the user operation.
The type field is analyzed, the service type related to the user operation can be obtained, for example, the type of the string request, such as test, online, etc., can be obtained.
When the authorization check character string contains other fields except the random field, the creation time, the unique identifier and the check code, the analysis mode of each field in the current character string can be determined according to different business operations related to user operation, and the analysis is carried out.
In addition, after obtaining a plurality of fields from the authorization check character string according to the method, an extension identifier can be obtained from the character string, and the extension identifier can occupy 1 or more bits and is used for indicating extension information of authorization check. For example, the extension identifier may be obtained from the beginning or the end of the character string, and is used for indicating the authority of the client user and the like. The extension identifier may also be used as a reserved bit, which may be used to indicate information related to a specific authorization check in a subsequent extended service operation.
Fig. 3 is a block diagram illustrating an apparatus for generating an authorization check string according to an exemplary embodiment, which may be built in a server, may be placed on a client side, or may be a separate apparatus separated from the server and the client side, and includes a first encoding module, a second encoding module, a check code generating module, and a string generating module.
The first encoding module is used for respectively encoding the authorization verification information corresponding to the user operation to obtain at least a creation time field and a unique identification field, wherein the creation time field can indicate the occurrence time of the user operation, and the unique identification field can indicate the identification information corresponding to the user operation;
the second coding module is used for distributing random numbers for user operation, and coding the random numbers to obtain random fields;
the check code generation module is used for calculating all fields obtained by the first coding module and the second coding module to obtain a check code field;
and the character string generating module is used for combining all the fields generated by the first coding module, the second coding module and the check code generating module according to a preset mode to generate an authorization check character string used for indicating authorization check information corresponding to the current user operation.
The character string generating module can sequentially combine all the obtained fields according to a set sequence, and adds preset fixed characters between each group of fields as dividing marks among different fields to finally generate the authorization check character string.
As can be seen from the functions of the modules of the above device, the encoded fields at least include the following four fields (which can be considered as necessary fields): a random field, a creation time, a unique identifier, and a check code. On the basis of the four fields, the first encoding module can also add one or more fields according to different requirements of different scenes, for example, the expiration time of the user operation can be encoded to generate an expiration time field. Modules, product lines, or other identifiers involved in user operations may be encoded to generate redundant fields. The type of service to which the user action relates may also be encoded to generate a type field.
With regard to the apparatus in the above-described embodiment, the specific manner in which each module performs the operation has been described in detail in the embodiment related to the method, and will not be elaborated here.
Fig. 4 is a block diagram illustrating a device for using an authorization check string according to an exemplary embodiment, where the device may be built in a server, may be placed on a client side, or may be a separate device separated from the server and the client side, and includes a splitting module and a decoding module.
The splitting module is configured to execute, split the character string according to a preset mode, and obtain a plurality of fields;
the preset mode adopted by the splitting module when the authorization check character string is split can be known in advance or configured in advance. For example, if fixed characters are pre-configured as intervals between different fields, preset fixed characters can be searched in a character string, each searched fixed character is used as a division identifier, and the character string is divided into a plurality of groups of fields. The fixed characters are only used for splitting the fields and have no actual meanings, so that each group of fields obtained by splitting does not contain the fixed characters.
Taking the most basic case as an example, the splitting module splits the authorization check character string into a plurality of fields, which at least include: random field, creation time, unique identification and check code. On the basis of the most basic situation, according to the requirements of different application scenarios, other authorization check information can be indicated in the authorization check character string, and at this time, a plurality of fields obtained by splitting the authorization check character string can also include any one or more of expiration time, redundant fields and types.
And the decoding module is configured to execute, and respectively perform analysis operation on the obtained fields according to a preset mode to obtain information corresponding to each field, namely authorization check information corresponding to user operation.
Taking the most basic case as an example, the multiple fields obtained by splitting the authorization check character string at least include: when the four necessary fields of the random field, the creation time, the unique identifier and the check code are used, the decoding module can firstly determine whether other fields in the authorized check character string are all correct and valid through the check code field, and when the fields are determined to be correct and valid, the creation time field and the unique identifier field obtained through splitting are respectively decoded. Wherein, according to the analysis of the creation time field, the occurrence time of the user operation can be obtained. According to the analysis of the unique identification field, identification information corresponding to the user operation can be obtained.
With regard to the apparatus in the above-described embodiment, the specific manner in which each module performs the operation has been described in detail in the embodiment related to the method, and will not be elaborated here.
As can be seen from the above examples of the method, the generation of the authorization check character string according to the technical solution herein may be in the form of a system or a method, including generating an unreadable character string that is encoded according to data transmitted in actual use in the forward direction, and reversely decoding the original data transmitted by the character string that is originally generated from the unreadable character string, while ensuring that the character string that is illegally forged is directly returned to be invalid or illegal when being reversely decoded.
Based on this, the present example provides a computer-readable storage medium having stored thereon a computer program that, when executed, implements the steps of the generation method of the authorization check character string as given in the above example; or a computer program when executed implements the steps of the method of using an authorization check string as given in the above example.
The specific manner in which the method steps are performed by the computer program in the computer-readable storage medium in the above-described embodiments has been described in detail in relation to the embodiments of the method, and will not be described in detail herein.
The present example provides a computer device comprising a processor, a memory and a computer program stored on said memory, the steps of the method for generating an authorization check string as given in the above example being implemented when the computer program is executed by the processor; or the steps of the method of using the authorization check string as given in the above example, when executed by a processor.
The specific manner in which the method steps are executed by the processor in the computer device in the above-described embodiment has been described in detail in relation to the embodiment of the method, and will not be elaborated upon here.
It can be seen from the above embodiments that the technical scheme disclosed herein has a simple authentication process for the client, and the network security is more reliable, and is particularly suitable for scenarios such as software use authorization, picture anti-theft chain validity period, access operation authority verification, and the like. The authorization check character string adopted by the technical scheme disclosed by the invention has simpler encryption and decryption operations, so that the resources of a CPU are used rarely and IO is not used, and the resource use is greatly saved.
As will be appreciated by one skilled in the art, the embodiments herein may be provided as a method, apparatus (device), or computer program product. Accordingly, the present disclosure may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present disclosure may take the form of a computer program product embodied on one or more computer-usable storage media having computer-usable program code embodied in the medium. Computer storage media includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data, including, but not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, Digital Versatile Disks (DVD) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can be accessed by the computer, and the like. In addition, communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media as known to those skilled in the art.
The present disclosure is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (devices) and computer program products according to embodiments herein. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that an article or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such article or apparatus. Without further limitation, an element defined by the phrase "comprising … …" does not exclude the presence of additional like elements in the article or device comprising the element.
While the preferred embodiments herein have been described, additional variations and modifications of these embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. It is therefore intended that the following appended claims be interpreted as including the preferred embodiments and all such alterations and modifications as fall within the scope of this disclosure.
It will be apparent to those skilled in the art that various changes and modifications may be made herein without departing from the spirit and scope thereof. Thus, it is intended that such changes and modifications be included herein, provided they come within the scope of the appended claims and their equivalents.
Claims (22)
1. A method for generating an authorization check string, the method comprising:
respectively encoding authorization verification information corresponding to user operation to obtain at least a creation time field and a unique identification field, wherein the creation time field indicates occurrence time of the user operation, and the unique identification field indicates identification information corresponding to the user operation;
distributing a random number for the user operation, and coding the random number to obtain a random field;
calculating all fields generated according to the authorization verification information corresponding to the user operation and random fields to obtain a verification code field;
and combining all the fields according to a preset mode to generate an authorization check character string for indicating authorization check information corresponding to the current user operation.
2. The method according to claim 1, wherein the combining all the fields according to a preset manner to generate an authorization check string comprises:
and sequentially combining all the fields according to a set sequence, adding preset fixed characters between each field, and finally generating an authorization check character string.
3. The method according to claim 1 or 2, wherein when the authorization check information corresponding to the user operation is encoded respectively, one or more of the following fields are obtained:
an expiration time field indicating an expiration time of the user operation;
a redundancy field indicating a module, product line, or other identifier involved in a user operation;
a type field indicating the type of service the user operation relates to.
4. The method according to claim 3, wherein before combining all the fields according to a predetermined manner, the method further comprises:
generating an extension identifier according to extension information of authorization verification corresponding to user operation, wherein the extension information of authorization verification comprises information associated with the user operation;
at this time, all the fields are combined according to a preset mode to generate an authorization check character string, including:
and combining all the fields and the extended identifier according to a preset mode to generate an authorization check character string.
5. The method according to claim 4, wherein when the authorization check information corresponding to the user operation is encoded, the authorization check information is encoded according to a preset encoding method to obtain a plurality of fields, wherein the preset encoding method corresponding to each field is the same or different.
6. A method for using an authorization check string, the method comprising:
splitting the acquired authorization check character string according to a preset mode, and obtaining at least a random field, a creation time field, a unique identification field and a check code field after splitting;
and if the other fields in the authorization check character string are determined to be correct and valid through the check code field, decoding the creation time field and the unique identification field obtained by splitting respectively to obtain the occurrence time of the user operation and the identification information corresponding to the user operation, wherein the occurrence time of the user operation and the identification information corresponding to the user operation belong to the authorization check information corresponding to the user operation.
7. The method according to claim 6, wherein the splitting the authorized check string in a preset manner, and obtaining at least a random field, a creation time field, a unique identification field, and a check code field after the splitting comprises:
searching preset fixed characters in the authorization check character string, taking each searched fixed character as a division identifier, splitting the authorization check character string into a plurality of fields, wherein the plurality of fields obtained through splitting at least comprise a random field, a creation time field, a unique identification field and a check code field, and each field obtained through splitting does not contain the fixed character.
8. The method according to claim 6 or 7, wherein the obtained authorized check character string is split according to a preset mode, and one or more of the following fields are obtained after splitting:
an expiration time field indicating an expiration time of the user operation;
a redundancy field indicating a module, product line, or other identifier involved in a user operation;
a type field indicating the type of service the user operation relates to.
9. The method of claim 8,
splitting the obtained authorization check character string according to a preset mode, and obtaining an extension identifier after splitting, wherein the extension identifier is used for indicating extension information of authorization check corresponding to user operation, and the extension information of authorization check comprises information associated with the user operation.
10. The method of claim 8, wherein decoding the split fields separately comprises:
and respectively decoding the fields obtained by splitting according to a preset decoding mode, wherein the preset decoding modes corresponding to each field are the same or different.
11. An apparatus for generating an authorization check string, comprising:
the first coding module is used for coding authorization check information corresponding to user operation respectively to obtain at least a creation time field and a unique identification field, wherein the creation time field indicates the occurrence time of the user operation, and the unique identification field indicates identification information corresponding to the user operation;
the second coding module is used for distributing a random number for the user operation and coding the random number to obtain a random field;
the check code generation module is used for calculating all fields obtained by the first coding module and the second coding module to obtain a check code field;
and the character string generating module is used for combining all the fields obtained by the first coding module, the second coding module and the check code generating module according to a preset mode to generate an authorization check character string used for indicating authorization check information corresponding to the current user operation.
12. The apparatus according to claim 11, wherein the character string generating module combines all fields obtained by the first encoding module, the second encoding module, and the check code generating module according to a preset manner to generate an authorized check character string, and includes:
and combining all the obtained fields of the first coding module, the second coding module and the check code generating module in sequence according to a set sequence, adding preset fixed characters between each field, and finally generating an authorization check character string.
13. The apparatus according to claim 11 or 12, wherein the first module, when encoding the authorization check information corresponding to the user operation, further obtains one or more of the following fields:
an expiration time field indicating an expiration time of the user operation;
a redundancy field indicating a module, product line, or other identifier involved in a user operation;
a type field indicating the type of service the user operation relates to.
14. The apparatus of claim 13, wherein before the character string generating module combines all fields obtained by the first encoding module, the second encoding module, and the check code generating module according to a preset manner, the character string generating module further comprises:
generating an extension identifier according to extension information of authorization verification corresponding to user operation, wherein the extension information of authorization verification comprises information associated with the user operation;
at this time, all the fields obtained by the first coding module, the second coding module and the check code generating module are combined according to a preset mode to generate an authorization check character string, including:
and combining all the fields and the extended identifier obtained by the first coding module, the second coding module and the check code generating module according to a preset mode to generate an authorization check character string.
15. The apparatus according to claim 14, wherein the first encoding module encodes the authorization check information according to a preset encoding method to obtain a plurality of fields when encoding the authorization check information corresponding to the user operation, respectively, and the preset encoding method corresponding to each field is the same or different.
16. An apparatus for using an authorized check string, comprising:
the splitting module splits the acquired authorization check character string according to a preset mode, and at least obtains a random field, a creation time field, a unique identification field and a check code field after splitting;
and the decoding module is used for decoding the split creation time field and the unique identification field respectively to obtain the occurrence time of the user operation and the identification information corresponding to the user operation if the other fields in the authorization check character string are determined to be correct and valid through the check code field, wherein the occurrence time of the user operation and the identification information corresponding to the user operation belong to the authorization check information corresponding to the user operation.
17. The apparatus according to claim 16, wherein the splitting module splits the authorized check character string according to a preset manner, and obtains at least a random field, a creation time field, a unique identification field, and a check code field after splitting, including:
searching preset fixed characters in the authorization check character string, taking each searched fixed character as a division identifier, splitting the authorization check character string into a plurality of fields, wherein the plurality of fields obtained through splitting at least comprise a random field, a creation time field, a unique identification field and a check code field, and each field obtained through splitting does not contain the fixed character.
18. The apparatus according to claim 16 or 17, wherein the splitting module splits the obtained authorized check character string according to a preset manner, and obtains one or more of the following fields after splitting:
an expiration time field indicating an expiration time of the user operation;
a redundancy field indicating a module, product line, or other identifier involved in a user operation;
a type field indicating the type of service the user operation relates to.
19. The apparatus of claim 18,
the splitting module splits the acquired authorization check character string according to a preset mode, and obtains an extension identifier after splitting, wherein the extension identifier is used for indicating extension information of authorization check corresponding to user operation, and the extension information of authorization check comprises information associated with the user operation.
20. The apparatus of claim 18, wherein the decoding module decodes the split fields respectively, and comprises:
and respectively decoding the fields obtained by splitting according to a preset decoding mode, wherein the preset decoding modes corresponding to each field are the same or different.
21. A computer-readable storage medium, on which a computer program is stored, characterized in that the computer program, when executed, implements the steps of the method according to any one of claims 1-5; or which when executed performs the steps of the method of any one of claims 6 to 10.
22. A computer device comprising a processor, a memory and a computer program stored on the memory, characterized in that,
the processor, when executing the computer program, implementing the steps of the method according to any of claims 1-5; or
The processor, when executing the computer program, realizes the steps of the method according to any of claims 6-10.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910570470.4A CN112149069A (en) | 2019-06-27 | 2019-06-27 | Generation method, use method and device of authorization check character string |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910570470.4A CN112149069A (en) | 2019-06-27 | 2019-06-27 | Generation method, use method and device of authorization check character string |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112149069A true CN112149069A (en) | 2020-12-29 |
Family
ID=73868872
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910570470.4A Pending CN112149069A (en) | 2019-06-27 | 2019-06-27 | Generation method, use method and device of authorization check character string |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112149069A (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105450413A (en) * | 2014-08-19 | 2016-03-30 | 阿里巴巴集团控股有限公司 | Password-setting method, device, and system |
| CN107579968A (en) * | 2017-08-30 | 2018-01-12 | 武汉斗鱼网络科技有限公司 | Video flowing address detection method, device and server |
| CN107800819A (en) * | 2017-11-17 | 2018-03-13 | 深圳市泉眼网络科技有限公司 | A kind of generation method of file identification, device and server |
| CN109462602A (en) * | 2018-12-13 | 2019-03-12 | 平安普惠企业管理有限公司 | Log-on message storage method, login validation method, device, equipment and medium |
-
2019
- 2019-06-27 CN CN201910570470.4A patent/CN112149069A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105450413A (en) * | 2014-08-19 | 2016-03-30 | 阿里巴巴集团控股有限公司 | Password-setting method, device, and system |
| CN107579968A (en) * | 2017-08-30 | 2018-01-12 | 武汉斗鱼网络科技有限公司 | Video flowing address detection method, device and server |
| CN107800819A (en) * | 2017-11-17 | 2018-03-13 | 深圳市泉眼网络科技有限公司 | A kind of generation method of file identification, device and server |
| CN109462602A (en) * | 2018-12-13 | 2019-03-12 | 平安普惠企业管理有限公司 | Log-on message storage method, login validation method, device, equipment and medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11979505B2 (en) | File acquisition method and device based on two-dimensional code and two-dimensional code generating method | |
| CN112671720B (en) | Token construction method, device and equipment for cloud platform resource access control | |
| JPH0816104A (en) | Method and device for verifying information security with dispersed collator | |
| CN111818088A (en) | Authorization mode management method and device, computer equipment and readable storage medium | |
| CN113676332B (en) | Two-dimensional code authentication method, communication device and storage medium | |
| CN114756895B (en) | Hidden trace data verification method and system based on homomorphic encryption | |
| CN106572076A (en) | Web service access method, client side and server side | |
| CN113348455A (en) | Apparatus and method for providing authentication, non-repudiation, managed access, and twin discrimination of data using data control signatures | |
| CN115842680B (en) | Network identity authentication management method and system | |
| CN112149068A (en) | Access-based authorization verification method, information generation method and device, and server | |
| CN114244530A (en) | Resource access method and device, electronic equipment and computer readable storage medium | |
| CN115333803A (en) | User password encryption processing method, device, equipment and storage medium | |
| US7739500B2 (en) | Method and system for consistent recognition of ongoing digital relationships | |
| CN108933766B (en) | Method and client for improving equipment ID security | |
| CN111314059B (en) | Processing method, device and equipment for account authority proxy and readable storage medium | |
| CN116647345A (en) | Method and device for generating permission token, storage medium and computer equipment | |
| CN108600266B (en) | Statement filtering authentication method and system | |
| CN115002141B (en) | File storage method and device based on block chain | |
| CN107370728B (en) | Instant license generation and verification system and method based on electronic license library | |
| CN115567271A (en) | Authentication method and device, page skip method and device, electronic equipment and medium | |
| CN115085999A (en) | Identity authentication method, system, computer device and storage medium | |
| CN115811412A (en) | Communication method and device, SIM card, electronic equipment and terminal equipment | |
| CN112149069A (en) | Generation method, use method and device of authorization check character string | |
| CN115022042A (en) | Compliance code verification method for protecting data privacy and computer readable medium | |
| CN114401117A (en) | Account login verification system based on block chain |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |