CN116633611A - Information verification method, device, electronic equipment and storage medium - Google Patents
Information verification method, device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN116633611A CN116633611A CN202310554445.3A CN202310554445A CN116633611A CN 116633611 A CN116633611 A CN 116633611A CN 202310554445 A CN202310554445 A CN 202310554445A CN 116633611 A CN116633611 A CN 116633611A
- Authority
- CN
- China
- Prior art keywords
- token
- target
- service
- information
- encrypted data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012795 verification Methods 0.000 title claims abstract description 102
- 238000000034 method Methods 0.000 title claims abstract description 75
- 230000006870 function Effects 0.000 claims description 26
- 230000004083 survival effect Effects 0.000 claims description 18
- 230000015654 memory Effects 0.000 claims description 15
- 230000008569 process Effects 0.000 description 16
- 238000012545 processing Methods 0.000 description 13
- 238000010586 diagram Methods 0.000 description 11
- 230000002093 peripheral effect Effects 0.000 description 10
- 230000001133 acceleration Effects 0.000 description 9
- 238000004891 communication Methods 0.000 description 7
- 230000003287 optical effect Effects 0.000 description 5
- 238000004590 computer program Methods 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000006978 adaptation Effects 0.000 description 2
- 238000013473 artificial intelligence Methods 0.000 description 2
- 239000000919 ceramic Substances 0.000 description 2
- 230000006835 compression Effects 0.000 description 2
- 238000007906 compression Methods 0.000 description 2
- 238000013500 data storage Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 238000007726 management method Methods 0.000 description 2
- 238000009877 rendering Methods 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 230000033228 biological regulation Effects 0.000 description 1
- 230000007423 decrease Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000004927 fusion Effects 0.000 description 1
- 230000001788 irregular Effects 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 239000000463 material Substances 0.000 description 1
- 230000005055 memory storage Effects 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
- 230000006641 stabilisation Effects 0.000 description 1
- 238000011105 stabilization Methods 0.000 description 1
- 239000010409 thin film Substances 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The disclosure provides an information verification method, an information verification device, electronic equipment and a storage medium, and belongs to the technical field of computers. The method comprises the following steps: under the condition that a service information request of a client is received, a first token in the service information request is acquired, wherein the first token is used for indicating that the client has the authority of acquiring the service information; verifying the first token based on a target key of a target object in a current service, wherein the target object has target authority in the current service; and returning service information to the client in the condition that the first token passes verification. The target secret key in the technical scheme can be obtained through the object with the target authority in the current service, so that the risk of leakage of the target secret key is reduced, the token is further protected from being leaked or forged, the security of the token is improved, and the security guarantee is provided for the subsequent acquisition of service information based on the token.
Description
Technical Field
The disclosure relates to the field of computer technology, and in particular, to an information verification method, an information verification device, electronic equipment and a storage medium.
Background
With the development of computer technology, more and more service information is transmitted on-line. In order to avoid leakage of the transmitted service information, the token in the service information request is usually checked, and the service information is returned only when the check passes. If the token leaks, the service information can be leaked. Thus, securing tokens is an important consideration in the art.
In the related art, a local signing manner is generally adopted. Wherein after the server generates the token, the server signs the token. That is, the server generates a signature value based on a certain encryption algorithm and a key of the service; then adding the signature value to the token; when the token is checked, the signature value is taken out for checking, so that the purpose of checking the token is realized.
However, in the above technical solution, since the encryption algorithm is public, and the key is public for the service provided by the server, that is, the encryption algorithm and the key can be easily obtained by more people, so that the signature value is easily forged, and the security of the token is lower, resulting in leakage of service information.
Disclosure of Invention
The information verification method, the information verification device, the electronic equipment and the storage medium can reduce the risk of target key leakage, further protect the token from leakage or counterfeiting, improve the security of the token and provide security guarantee for obtaining service information based on the token. The technical scheme of the present disclosure is as follows:
according to an aspect of the embodiments of the present disclosure, there is provided an information verification method, the method including:
under the condition that a service information request of a client is received, a first token in the service information request is acquired, wherein the first token is used for indicating that the client has the authority of acquiring the service information;
verifying the first token based on a target key of a target object in a current service, wherein the target object has target authority in the current service;
and returning service information to the client in the condition that the first token passes verification.
According to another aspect of the embodiments of the present disclosure, there is provided an information authentication apparatus including:
a first acquisition unit configured to perform, when a service information request of a client is received, acquisition of a first token in the service information request, the first token being used to indicate that the client has authority to acquire service information;
A verification unit configured to perform verification of the first token based on a target key of a target object in a current service, the target object having a target authority in the current service;
and a transmitting unit configured to perform returning of service information to the client in case the first token passes verification.
In some embodiments, the verification unit is configured to perform obtaining encrypted data in the first token, where the current service turns on an encryption identification function, the encrypted data being a field in the first token that is encrypted based on the target key; decrypting the encrypted data based on the target key; and in the case of successful decryption, determining that the first token passes verification.
In some embodiments, the apparatus further comprises:
a recording unit configured to perform recording of the first token in the event that decryption is unsuccessful;
and the sending unit is configured to return service acquisition failure information to the client.
In some embodiments, the apparatus further comprises:
a second obtaining unit configured to obtain a survival time length of the first token, where the survival time length is used to represent an existing time length of the first token, when the current service does not start the encryption identification function;
A sending unit configured to send a verification request to the target object, where the survival time does not exceed a survival period, the verification request carrying the first token;
and the receiving unit is configured to execute receiving the verification result returned by the target object.
In some embodiments, the apparatus further comprises:
a processing unit configured to perform a comparison of the encrypted data in the first token with stored encrypted data in case the lifetime exceeds the lifetime;
a first determination unit configured to determine that the first token passes authentication in a case where the encrypted data in the first token coincides with the stored encrypted data.
In some embodiments, before receiving the service information request of the client, the apparatus further comprises:
a generation unit configured to perform generation of a second token upon receiving a service login request of the client;
an encryption unit configured to perform encryption of a target field in the second token based on the target key of the target object in the current service, resulting in encrypted data;
And a second determining unit configured to perform determination of the first token based on the encrypted data and an unencrypted field in the second token.
In some embodiments, the apparatus further comprises:
a storage unit configured to perform storage of the encrypted data;
a transmitting unit configured to perform transmitting asynchronous information to a target server, the asynchronous information including the encrypted data, in a case where the encrypted data is not stored successfully;
and the storage unit is also configured to execute the storage of the encrypted data returned by the target server again.
In some embodiments, the apparatus further comprises:
and a transmitting unit configured to perform returning service login failure information to the client in a case where the encrypted data is not stored successfully and a target condition is satisfied.
According to another aspect of the embodiments of the present disclosure, there is provided an electronic device including:
one or more processors;
a memory for storing the processor-executable program code;
wherein the processor is configured to execute the program code to implement the information verification method described above.
According to another aspect of the embodiments of the present disclosure, there is provided a computer-readable storage medium, which when executed by a processor of an electronic device, enables the electronic device to perform the above-described information authentication method.
According to another aspect of the disclosed embodiments, there is provided a computer program product comprising a computer program/instruction which, when executed by a processor, implements the above-described information verification method.
The embodiment of the disclosure provides an information verification method, which can verify a first token in a service information request according to a target key of a target object in a current service when service information of a certain service is requested, and return service data to a client side requesting the service only when the verification is passed; because the target object is the object with the target authority in the current service, namely the target secret key can be obtained through the object with the target authority in the current service, the risk of leakage of the target secret key is reduced, the token is further protected from being leaked or counterfeited, the security of the token is improved, and the security guarantee is provided for obtaining service information based on the token.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the disclosure and together with the description, serve to explain the principles of the disclosure and do not constitute an undue limitation on the disclosure.
Fig. 1 is a schematic diagram illustrating an implementation environment of an information verification method according to an exemplary embodiment.
Fig. 2 is a flow chart illustrating a method of information verification according to an exemplary embodiment.
Fig. 3 is a flowchart illustrating another information verification method according to an exemplary embodiment.
Fig. 4 is a flow chart illustrating a method of generating a first token according to an exemplary embodiment.
Fig. 5 is a flow chart illustrating a method of verifying a first token according to an example embodiment.
Fig. 6 is a block diagram illustrating an information authentication apparatus according to an exemplary embodiment.
Fig. 7 is a block diagram of another information authentication apparatus according to an exemplary embodiment.
Fig. 8 is a block diagram of a terminal according to an exemplary embodiment.
Fig. 9 is a block diagram of a server, according to an example embodiment.
Detailed Description
In order to enable those skilled in the art to better understand the technical solutions of the present disclosure, the technical solutions of the embodiments of the present disclosure will be clearly and completely described below with reference to the accompanying drawings.
It should be noted that the terms "first," "second," and the like in the description and claims of the present disclosure and in the foregoing figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments of the disclosure described herein may be capable of operation in sequences other than those illustrated or described herein. The implementations described in the following exemplary examples are not representative of all implementations consistent with the present disclosure. Rather, they are merely examples of apparatus and methods consistent with some aspects of the present disclosure as detailed in the accompanying claims.
It should be noted that, the information (including but not limited to user equipment information, user personal information, etc.), data (including but not limited to data for analysis, stored data, presented data, etc.), and signals related to the present disclosure are all authorized by the user or are fully authorized by the parties, and the collection, use, and processing of relevant data is required to comply with relevant laws and regulations and standards of relevant countries and regions. For example, the images taken by the lenses referred to in this disclosure are all acquired with sufficient authorization.
In order to facilitate understanding, terms related to the present disclosure are explained below.
Token: refers to an object having the right to perform certain operations, typically an encrypted string generated by a particular encryption algorithm. A token in an embodiment of the present disclosure refers to having the right to obtain service information of a current service.
ACS (Access-Control-Service), access Control Service: access rights control between services is referred to as encryption of service identification, typically using an asymmetrically encrypted private key, decryption of service identification by a public key, userId (user account) being a unique identification of the user.
SDK (Software Development Kit ): refers to the collection of development tools that some software engineers create application software for a particular software package, software framework, hardware platform, operating system, etc. The SDK may be a service provided by a server in embodiments of the present disclosure. The user can acquire the required software package from the server through the SDK account number of the user, so as to develop the project.
Fig. 1 is a schematic diagram illustrating an implementation environment of an information verification method according to an exemplary embodiment. Taking an example in which the electronic device is provided as a server, referring to fig. 1, the implementation environment specifically includes: a terminal 101 and a server 102.
The terminal 101 is at least one of a smart phone, a smart watch, a desktop computer, a laptop computer, an MP3 player, an MP4 player, and a laptop portable computer. The terminal 101 has an application installed and running thereon, and a user can log in the application through the terminal 101 to acquire a service provided by the application. The application may be a browser, a multimedia-like application, an office-like application, or the like, to which embodiments of the present disclosure are not limited. The terminal 101 can be connected to the server 102 through a wireless network or a wired network, and further can transmit a service information request to the server 102 to acquire service information from the server 102. The terminal 101 refers broadly to one of a plurality of terminals, and this embodiment is illustrated with the terminal 101. Those skilled in the art will recognize that the number of terminals may be greater or lesser. For example, the number of the terminals may be several, or the number of the terminals may be tens or hundreds, or more, and the number and the device type of the terminals are not limited in the embodiments of the present disclosure.
Server 102 is at least one of a server, a plurality of servers, a cloud computing platform, and a virtualization center. The server 102 can be connected to the terminal 101 and other terminals via a wireless network or a wired network, and the server 102 can receive a service information request sent by the terminal 101 and verify a token in the service information request. In the case that the authentication is passed, service information is returned to the terminal 101. In some embodiments, the number of servers described above may be greater or lesser, and embodiments of the present disclosure are not limited in this regard. Of course, the server 102 also includes other functional servers to provide more comprehensive and diverse services.
Fig. 2 is a flowchart illustrating an information verification method according to an exemplary embodiment, referring to fig. 2, which is applied to a server, including the steps of:
in step 201, the server obtains a first token in the service information request, where the first token is used to indicate that the client has the right to obtain the service information, in the case that the service information request of the client is received.
In the embodiment of the disclosure, a server receives a service information request sent by a client. The service information request includes a first token. The first token may be a token, which is not limited by the embodiments of the present disclosure. The first token may be issued by the server to the client when the client logs in to the current service for the first time, so as to indicate that the client can obtain service information from the server. Then, each time the client requests service information from the server, the client sends a service information request carrying the first token to the server.
In step 202, the server verifies the first token based on a target key of a target object in the current service, the target object having target rights in the current service.
In the embodiment of the disclosure, the target object may be an account number with target authority in the current service. Optionally, the target object may be a management account, or an account with an account level reaching a target level, which is not limited in the embodiments of the present disclosure. The target authority may be a management authority of the target key, a management authority of the current service, a maintenance authority of the current service, or the like, which is not limited in the embodiment of the present disclosure. The server pulls the target key from the target object of the current service; the first token is then validated against the pulled target key.
In step 203, the server returns service information to the client in case the first token passes the verification.
In the disclosed embodiment, the first token verification pass may indicate that the current client has the right to obtain the service information. When the first token passes the verification, the server returns the service information requested in the service information request to the client.
The embodiment of the disclosure provides an information verification method, which can verify a first token in a service information request according to a target key of a target object in a current service when service information of a certain service is requested, and return service data to a client side requesting the service only when the verification is passed; because the target object is the object with the target authority in the current service, namely the target secret key can be obtained through the object with the target authority in the current service, the risk of leakage of the target secret key is reduced, the token is further protected from being leaked or counterfeited, the security of the token is improved, and the security guarantee is provided for obtaining service information based on the token.
In some embodiments, validating the first token based on the target key of the target object in the current service includes:
under the condition that the current service starts the encryption identification function, acquiring encrypted data in the first token, wherein the encrypted data is an encrypted field based on a target key in the first token;
decrypting the encrypted data based on the target key;
in the event that decryption is successful, it is determined that the first token is authenticated.
According to the scheme provided by the embodiment of the disclosure, as the first token contains the field encrypted by the target key, under the condition that the current service starts the encryption identification function, the encrypted data is decrypted locally at the server according to the target key of the target object, and if the decryption is successful, the encrypted data in the first token is encrypted by the target key of the current service, namely, the first token passes the verification; if the decryption is unsuccessful, the encrypted data in the first token is not encrypted by the target key of the current service, namely the first token is not verified, so that the service information of the current service cannot be acquired; because the target object is the object with the target authority in the current service, namely the target secret key can be obtained through the object with the target authority in the current service, the risk of leakage of the target secret key is reduced, the token is further protected from being leaked or counterfeited, the security of the token is improved, and the security guarantee is provided for obtaining service information based on the token.
In some embodiments, the method further comprises:
recording the first token under the condition that decryption is unsuccessful;
and returning service acquisition failure information to the client.
According to the scheme provided by the embodiment of the disclosure, under the condition that the encrypted data in the first token is not successfully decrypted, the encrypted data in the first token is not encrypted by the target key of the current service, namely the first token is not compliant, so that the service information of the current service cannot be acquired, the first token is recorded, and when the first token is found again later, the first token can be quickly identified without verification again, and the information verification efficiency is improved; and, by returning service acquisition failure information to the client, the user is prompted that the first token is not compliant and the authority of acquiring the service information of the current service is not available.
In some embodiments, in a case where the current service does not turn on the encryption identification function, acquiring a survival time length of the first token, where the survival time length is used to represent an existing time length of the first token;
under the condition that the life time does not exceed the life cycle, sending a verification request to the target object, wherein the verification request carries a first token;
And receiving a verification result returned by the target object.
According to the scheme provided by the embodiment of the disclosure, the first token has an effective period, namely, when the first token is in the effective period, the client can acquire the service information, so that the problem that the client can acquire the service information all the time when the first token is effective in an indefinite period to cause the leakage of the service information is avoided; under the condition that the encryption identification function is not started by the current service and the survival time of the first token does not exceed the survival period, the first token is in the effective period, and remote verification can be carried out through the target object, so that whether the first token is in compliance or not is determined according to a verification result returned by the target object, the aim of placing information verification into an individual account is fulfilled, the risk of target key leakage is reduced, the token is further protected from leakage or counterfeiting, the security of the token is improved, and security guarantee is provided for obtaining service information based on the token later.
In some embodiments, the method further comprises:
comparing the encrypted data in the first token with the stored encrypted data under the condition that the life time exceeds the life cycle;
in the event that the encrypted data in the first token is consistent with the stored encrypted data, a determination is made that the first token is authenticated.
According to the scheme provided by the embodiment of the disclosure, as the encrypted data is obtained by encrypting the target key of the target object in the current service, the target object is the object with the target authority in the current service, namely the target key can be obtained through the object with the target authority in the current service, the risk of target key leakage is reduced, the encrypted data is not easy to forge, the first token is not in the validity period under the condition that the survival time of the first token exceeds the life period, the encrypted data in the first token is compared with the encrypted data stored by the first token, and under the condition that the first token and the encrypted data are consistent, the first token is determined to be compliant, the security of the token is improved, and the security guarantee is provided for the subsequent acquisition of service information based on the token.
In some embodiments, before receiving the service information request of the client, the method further comprises:
generating a second token under the condition that a service login request of the client is received;
encrypting a target field in the second token based on a target key of a target object in the current service to obtain encrypted data;
the first token is determined based on the encrypted data and the unencrypted field in the second token.
According to the scheme provided by the embodiment of the disclosure, under the condition that the client requests to log in the current service, the second token is generated to open the authority of acquiring the service information of the current service to the client, then the target field in the second token is encrypted through the target key of the target object in the current service, so that the first token is obtained, the purpose of encrypting the second token through the target key is achieved, the target key can be obtained through the object with the target authority in the current service, the risk of leakage of the target key is reduced, the token is further protected from being leaked or counterfeited, the security of the token is improved, and the security guarantee is provided for acquiring the service information based on the token.
In some embodiments, the method further comprises:
storing the encrypted data;
sending asynchronous information to the target server under the condition that the encrypted data is not stored successfully, wherein the asynchronous information comprises the encrypted data;
and storing the encrypted data returned by the target server again.
According to the scheme provided by the embodiment of the disclosure, as the network is blocked or the information to be processed by the server at the current time is more, the situation that the storage of the encrypted data is unsuccessful can occur, and under the situation that the storage of the encrypted data is unsuccessful, asynchronous information carrying the encrypted data can be sent to the target server, so that the encrypted data returned by the target server can be stored again when the subsequent network condition is good or the information to be processed by the server at the current time is less, an asynchronous storage mode is realized, a guarantee is provided for the storage of the encrypted data, and the first token can be verified conveniently through the stored encrypted data.
In some embodiments, the method further comprises:
and returning service login failure information to the client under the condition that the encrypted data is not stored successfully and the target condition is met.
According to the scheme provided by the embodiment of the disclosure, when the encrypted data is not stored successfully and the target condition is met, service login failure information is returned to the client, so that the safety of the service information is guaranteed, the user can be prompted timely that the first token is not compliant, the authority of acquiring the service information of the current service is not available, and the information interaction efficiency between the server and the client is improved.
The foregoing fig. 2 is merely a basic flow of the disclosure, and the scheme provided in the disclosure is further described below based on a specific implementation, and fig. 3 is a flowchart of another information verification method according to an exemplary embodiment. Taking the example that the electronic device is provided as a server, see fig. 3, the method comprises:
in step 301, the server generates a second token in case a service login request of the client is received.
In the embodiment of the disclosure, a client sends a service login request to a server to request to login to a service provided by the server. The service login request carries an account number and a password provided by the client. The account number may be an SDK account number, which is not limited by the embodiments of the present disclosure. The server can verify the account and key. And under the condition that the verification is passed, the server determines that the client successfully logs in the current service. The server then generates a second token based on the target encryption algorithm. The target encryption algorithm may be a symmetric encryption algorithm or an asymmetric encryption algorithm, which is not limited by the embodiments of the present disclosure. The second token is used for indicating that the client has the right to acquire the service information.
In step 302, the server encrypts the target field in the second token based on the target key of the target object in the current service, resulting in encrypted data.
In the disclosed embodiment, the server returns the second token directly to the client in the case that there is a hash value in the second token. In the case that the hash value does not exist in the second token, the server pulls the target key from the target object of the current service. Then, the server encrypts the target field in the second token through the target key to obtain encrypted data. The hash value in the second token may be a tokenHash value, which is not limited by the embodiments of the present disclosure. The disclosed embodiments do not limit the location and length of the target field in the second token. The encrypted data may be referred to as CheckPoint. The target key may be updated once every preset period, which is not limited by the embodiments of the present disclosure.
In some embodiments, after generating the encrypted data, the server can store the encrypted data so that the first token can be subsequently verified from the encrypted data. Accordingly, the server stores the encrypted data. Then, in the case where the encrypted data is not stored successfully, the server transmits asynchronous information to the target server, the asynchronous information including the encrypted data. Then, the server stores the encrypted data returned from the target server again. Wherein the server may store the encrypted data in a redis queue, which is not limited by the disclosed embodiments. The redis queue may be deployed in the server, or may be deployed in another server, which is not limited by the embodiments of the present disclosure. According to the scheme provided by the embodiment of the disclosure, as the network is blocked or the information to be processed by the server at the current time is more, the situation that the storage of the encrypted data is unsuccessful can occur, and under the situation that the storage of the encrypted data is unsuccessful, asynchronous information carrying the encrypted data can be sent to the target server, so that the encrypted data returned by the target server can be stored again when the subsequent network condition is good or the information to be processed by the server at the current time is less, an asynchronous storage mode is realized, a guarantee is provided for the storage of the encrypted data, and the first token can be verified conveniently through the stored encrypted data.
Wherein, in storing the encrypted data, when the server is unsuccessful in storing the encrypted data for the first time, the server may repeatedly perform the operation of storing the encrypted data. The embodiments of the present disclosure are not limited in the number of repeated executions. And under the condition that the server does not store successfully for a plurality of times, the server sends asynchronous information to the target server again so as to realize the purpose of asynchronously storing encrypted data. According to the scheme provided by the embodiment of the disclosure, when the encrypted data is not successfully stored, the encrypted data is repeatedly stored for a plurality of times, so that the safety of the encrypted data is ensured, and compared with a mode of asynchronous storage when the encrypted data is once successfully stored, the storage efficiency of the encrypted data can be improved, and the running consumption is saved.
Alternatively, in storing the encrypted data, if the encrypted data is not compliant, the server may not perform the operation of storing the encrypted data. Accordingly, in the case where the encrypted data is not stored successfully and the target condition is satisfied, service login failure information is returned to the client. The target condition may be that the account number of the client corresponding to the encrypted data does not have the authority to acquire the service information, which is not limited in the embodiment of the present disclosure. According to the scheme provided by the embodiment of the disclosure, when the encrypted data is not stored successfully and the target condition is met, service login failure information is returned to the client, so that the safety of the service information is guaranteed, the user can be prompted timely that the first token is not compliant, the authority of acquiring the service information of the current service is not available, and the information interaction efficiency between the server and the client is improved.
In the process of sending the asynchronous information to the target server, the server can firstly send the asynchronous information to the asynchronous queue, and the asynchronous queue sends the asynchronous information to the target server in an asynchronous sending mode. The asynchronous queue may monitor server-generated asynchronous information in real-time, which is not limited by the disclosed embodiments. The asynchronous queue may be deployed in the server, but may also be deployed in other servers, which are not limited by embodiments of the present disclosure.
In the encryption process of step 302, the server may use a corresponding encryption algorithm or may use an asymmetric encryption algorithm, which is not limited in this embodiment of the disclosure. The token of length 296 is encrypted using a symmetric encryption algorithm and an asymmetric encryption algorithm, respectively. After encryption by the symmetric encryption algorithm, the length of the hash value in the token is 20, and the length of the encrypted token is 318, which is increased by 22 lengths compared with the length of the unencrypted token. After encryption by the asymmetric encryption algorithm, the length of the hash value in the token is 307, and the length of the encrypted token is 702, which is 406 lengths more than the length of the unencrypted token. If the traffic in the information sending process is to be saved, encryption can be performed by adopting a symmetric encryption algorithm; if the information security is more important, an asymmetric encryption algorithm can be adopted for encryption.
In step 303, the server determines the first token based on the encrypted data and the unencrypted field in the second token.
In an embodiment of the disclosure, the server generates the first token from the encrypted data and the unencrypted field in the second token. The first token is also used to indicate that the client has the right to obtain the service information. Compared with the second token, the first token is obtained by encrypting the second token, so that the second token is not easy to leak and forge.
In step 304, the server returns a first token to the client.
In the disclosed embodiments, in the case of first token generation, the server sends the first token to the client. The method enables the client to send the first token to the server every time the client requests the service information from the server, so that the server can verify the first token. When the verification is passed, the server returns service information to the client, so that the safety of the service information is ensured.
Steps 301 to 304 described above may be regarded as a process in which the server generates the first token. In order to more clearly describe the process, the process will be described again with reference to the accompanying drawings. Fig. 4 is a flow chart illustrating a method of generating a first token according to an exemplary embodiment. Referring to fig. 4, the process of the server generating the first token includes steps 401 to 410. Step 401, in case that the client successfully logs in to the current service, the server generates a second token. Step 402, the server determines whether the hash value exists in the second token. If the hash value does not exist in the second token, the server performs step 403. Step 403, the server pulls the target key of the target object of the current service, and encrypts the target field in the second token based on the target key, so as to obtain the first token. Step 404, the server stores the encrypted data in the redis queue. Step 405, if the encrypted data is stored successfully, the server returns a first token to the client. Step 406, if the storage fails due to the storage of the encrypted data triggering the target condition, the server returns the service login failure information to the client. The target condition may be referred to as a gray scale switch. If the storage fails but the target condition is not triggered, the server may execute steps 407 to 409 for asynchronous storage. Step 407, the server sends asynchronous information carrying encrypted data to the asynchronous queue. Step 408, the asynchronous queue monitors the asynchronous information generated by the server in real time and sends the asynchronous information to the target server. Step 409, the target server sends the encrypted data to the redis queue for storage. In case the encrypted data storage is successful, the server performs step 410, i.e. the server returns the first token to the client.
In step 305, the server, upon receiving the service information request of the client, obtains a first token in the service information request.
In the embodiment of the disclosure, a server receives a service information request sent by a client. The service information request includes a first token. The first token may be issued by the server to the client when the client logs in to the current service for the first time, so as to indicate that the client can obtain service information from the server. Then, each time the client requests service information from the server, the client sends a service information request carrying the first token to the server.
In step 306, the server verifies the first token based on the target key of the target object in the current service, which has the target rights in the current service.
In the embodiment of the present disclosure, the target object may be a management account, or an account whose account level reaches a target level, which is not limited in the embodiment of the present disclosure. The server can pull the target key of the target object in the current service to the local, and verify the first token locally; the server may also send the first token to the target object, which may remotely authenticate the first token, as in embodiments of the present disclosure.
In some embodiments, the server may verify the first token locally. Accordingly, in the case where the current service turns on the encryption recognition function, the server acquires the encrypted data in the first token. The encrypted data is a field in the first token that is encrypted based on the target key. The server then decrypts the encrypted data based on the target key. Then, in case the decryption is successful, the server determines that the first token verification is passed. Wherein the encryption recognition function is a forced recognition function for encrypted data. That is, once the encryption recognition function is turned on, the server must decrypt the encrypted data to achieve the purpose of recognizing the encrypted data. According to the scheme provided by the embodiment of the disclosure, as the first token contains the field encrypted by the target key, under the condition that the current service starts the encryption identification function, the encrypted data is decrypted locally at the server according to the target key of the target object, and if the decryption is successful, the encrypted data in the first token is encrypted by the target key of the current service, namely, the first token passes the verification; if the decryption is unsuccessful, the encrypted data in the first token is not encrypted by the target key of the current service, namely the first token is not verified, so that the service information of the current service cannot be acquired; because the target object is the object with the target authority in the current service, namely the target secret key can be obtained through the object with the target authority in the current service, the risk of leakage of the target secret key is reduced, the token is further protected from being leaked or counterfeited, the security of the token is improved, and the security guarantee is provided for obtaining service information based on the token.
Wherein the server is capable of recording the first token in case the decryption is unsuccessful. The server then returns service acquisition failure information to the client. The record may be specific content of the current first token, or may be an event that the current first token is not compliant and cannot provide service information to the client, which is not limited in the embodiments of the present disclosure. The server may also alert for the first token to alert an administrator maintaining the current service. According to the scheme provided by the embodiment of the disclosure, under the condition that the encrypted data in the first token is not successfully decrypted, the encrypted data in the first token is not encrypted by the target key of the current service, namely the first token is not compliant, so that the service information of the current service cannot be acquired, the first token is recorded, and when the first token is found again later, the first token can be quickly identified without verification again, and the information verification efficiency is improved; and, by returning service acquisition failure information to the client, the user is prompted that the first token is not compliant and the authority of acquiring the service information of the current service is not available.
In some embodiments, the server may remotely verify the first token through the target object. Accordingly, the server obtains the survival time of the first token under the condition that the current service does not start the encryption identification function. And under the condition that the life time does not exceed the life cycle, the server sends a verification request to the target object, wherein the verification request carries the first token. Then, the server receives the verification result returned by the target object. Wherein the duration of survival is used to represent the length of time that the first token already exists. According to the scheme provided by the embodiment of the disclosure, the first token has an effective period, namely, when the first token is in the effective period, the client can acquire the service information, so that the problem that the client can acquire the service information all the time when the first token is effective in an indefinite period to cause the leakage of the service information is avoided; under the condition that the encryption identification function is not started by the current service and the survival time of the first token does not exceed the survival period, the first token is in the effective period, and remote verification can be carried out through the target object, so that whether the first token is in compliance or not is determined according to a verification result returned by the target object, the aim of placing information verification into an individual account is fulfilled, the risk of target key leakage is reduced, the token is further protected from leakage or counterfeiting, the security of the token is improved, and security guarantee is provided for obtaining service information based on the token later.
And under the condition that the life time exceeds the life cycle, the server compares the encrypted data in the first token with the stored encrypted data. Then, in the case where the encrypted data in the first token is consistent with the stored encrypted data, the server determines that the first token is authenticated. According to the scheme provided by the embodiment of the disclosure, as the encrypted data is obtained by encrypting the target key of the target object in the current service, the target object is the object with the target authority in the current service, namely the target key can be obtained through the object with the target authority in the current service, the risk of target key leakage is reduced, the encrypted data is not easy to forge, the first token is not in the validity period under the condition that the survival time of the first token exceeds the life period, the encrypted data in the first token is compared with the encrypted data stored by the first token, and under the condition that the first token and the encrypted data are consistent, the first token is determined to be compliant, the security of the token is improved, and the security guarantee is provided for the subsequent acquisition of service information based on the token.
In step 307, the server returns service information to the client in case the first token passes the verification.
In the disclosed embodiment, the first token verification pass may indicate that the current client has the right to obtain the service information. When the first token passes the verification, the server returns the service information requested in the service information request to the client. When the first token is not verified, the server may perform recording or alarming on the first token, which is not limited by the embodiments of the present disclosure. The server may also return service acquisition failure information to the client to intercept the service acquisition request.
Steps 305 to 307 described above may be regarded as a process in which the server verifies the first token. In order to more clearly describe the process, the process will be described again with reference to the accompanying drawings. Fig. 5 is a flow chart illustrating a method of verifying a first token according to an example embodiment. Referring to fig. 5, the process of the server generating the first token includes steps 501 to 524. Step 501, a client item server sends a service information request. Step 502, the server obtains the first token in the service information request and starts verification. Step 503, the server determines whether the encryption identification function of the current service is on.
In the case where the encryption recognition function of the current service is turned on, steps 504 to 510 are performed. Step 504, the server pulls the target key of the target object of the current service. Step 505, the server locally verifies the encrypted data in the first token based on the target key. In case the authentication is passed, the server performs step 506, i.e. returns service information to the client. In the case of authentication failure, the server performs steps 507 to 510. Step 507, the server alarms for the first token. Step 508, the server records the first token in a log. Step 509, the server deletes the first token stored previously from the redis queue in an asynchronous manner. Step 510, the server returns service acquisition failure information to the client.
In the case where the encryption recognition function of the current service is not turned on, steps 511 to 524 are performed. Step 511, the server determines whether the first token is in a life cycle.
In the case of a first token for a life cycle, the server performs steps 512 to 518. Step 512, the server sends a verification request carrying the first token to the target object, so as to remotely verify the first token through the target object. Step 513, the server receives the verification result. In the case that the verification is passed, the server performs step 514 to return service information to the client. In the event that the authentication fails, the server performs steps 515 to 518. The process from step 515 to step 518 is the same as the process from step 507 to step 510, and will not be described again here.
In the event that the first token is not within the lifecycle, the server performs steps 519 through 524. Step 519, the server verifies whether the encrypted data in the first token matches the stored encrypted data. In case the two agree, the server performs step 520 to return service information to the client. In the case where the two are not identical, the server performs steps 521 to 524. Steps 521 to 524 are the same as steps 507 to 510, and are not described herein.
The embodiment of the disclosure provides an information verification method, which can verify a first token in a service information request according to a target key of a target object in a current service when service information of a certain service is requested, and return service data to a client side requesting the service only when the verification is passed; the target object is the object with the target authority in the current service, namely the target secret key can be obtained through the object with the target authority in the current service, so that the risk of leakage of the target secret key is reduced, the token is further protected from being leaked or forged, the security of the token is improved, under different conditions, different verification modes are adopted for verification, the fact that the whole verification process can intercept the forged first token is ensured, and the security guarantee is provided for the subsequent acquisition of service information based on the token.
Any combination of the above-mentioned optional solutions may be adopted to form an optional embodiment of the present disclosure, which is not described herein in detail.
Fig. 6 is a block diagram illustrating an information authentication apparatus according to an exemplary embodiment. Referring to fig. 6, the apparatus includes: a first acquisition unit 601, a verification unit 602, and a transmission unit 603.
A first obtaining unit 601 configured to perform obtaining, when a service information request of a client is received, a first token in the service information request, the first token being used to indicate that the client has a right to obtain service information;
a verification unit 602 configured to perform verification of the first token based on a target key of a target object in the current service, the target object having a target authority in the current service;
the sending unit 603 is configured to perform returning of service information to the client in case the first token authentication is passed.
The embodiment of the disclosure provides an information verification device, which can verify a first token in a service information request according to a target key of a target object in a current service when service information of a certain service is requested, and returns service data to a client side requesting the service only when the verification is passed; the target object is the object with the target authority in the current service, namely the target secret key can be obtained through the object with the target authority in the current service, so that the risk of leakage of the target secret key is reduced, the token is further protected from being leaked or forged, the security of the token is improved, under different conditions, different verification modes are adopted for verification, the fact that the whole verification process can intercept the forged first token is ensured, and the security guarantee is provided for the subsequent acquisition of service information based on the token.
In some embodiments, fig. 7 is a block diagram of another information verification apparatus shown according to an example embodiment. Referring to fig. 7, a verification unit 602 configured to perform obtaining encrypted data in the first token, which is a field in the first token encrypted based on the target key, in a case where the current service turns on the encryption identification function; decrypting the encrypted data based on the target key; in the event that decryption is successful, it is determined that the first token is authenticated.
In some embodiments, with continued reference to fig. 7, the apparatus further comprises:
a recording unit 604 configured to perform recording of the first token in case the decryption is unsuccessful;
the sending unit 603 is configured to perform returning of service acquisition failure information to the client.
In some embodiments, with continued reference to fig. 7, the apparatus further comprises:
a second obtaining unit 605 configured to obtain a survival time length of the first token, where the present service does not turn on the encryption identification function, the survival time length being used to represent an existing time length of the first token;
a sending unit 603 configured to send a verification request to the target object, where the lifetime does not exceed the lifetime, the verification request carrying the first token;
The receiving unit 606 is configured to perform the verification result returned by the receiving target object.
In some embodiments, with continued reference to fig. 7, the apparatus further comprises:
a processing unit 607 configured to perform a comparison of the encrypted data in the first token with the stored encrypted data in case the lifetime exceeds the lifetime;
a first determining unit 608 configured to determine that the first token passes verification in case the encrypted data in the first token coincides with the stored encrypted data.
In some embodiments, with continued reference to fig. 7, the apparatus further comprises:
a generation unit 609 configured to generate a second token in the case of receiving a service login request of the client;
an encryption unit 610 configured to perform encryption of a target field in the second token based on a target key of a target object in the current service, resulting in encrypted data;
the second determining unit 611 is configured to perform determining the first token based on the encrypted data and the unencrypted field in the second token.
In some embodiments, with continued reference to fig. 7, the apparatus further comprises:
a storage unit 612 configured to perform storage of the encrypted data;
A transmitting unit 603 configured to perform transmission of asynchronous information to the target server, the asynchronous information including encrypted data, in a case where the encrypted data is not stored successfully;
the storage unit 612 is further configured to perform storage of the encrypted data returned from the target server again.
In some embodiments, the sending unit 603 is configured to perform returning service login failure information to the client in case the encrypted data is not stored successfully and the target condition is met.
It should be noted that, in the information verification apparatus provided in the foregoing embodiment, only the division of the functional units is used for illustration when verifying the token, and in practical application, the foregoing functional allocation may be performed by different functional units according to needs, that is, the internal structure of the electronic device is divided into different functional units, so as to complete all or part of the functions described above. In addition, the information verification device and the information verification method provided in the foregoing embodiments belong to the same concept, and specific implementation processes of the information verification device and the information verification method are detailed in the method embodiments and are not repeated herein.
The specific manner in which the various modules perform the operations in the apparatus of the above embodiments have been described in detail in connection with the embodiments of the method, and will not be described in detail herein.
Fig. 8 is a block diagram of a terminal 800, shown in accordance with an exemplary embodiment, when the electronic device is provided as a terminal. Fig. 8 shows a block diagram of a terminal 800 according to an exemplary embodiment of the present disclosure. The terminal 800 may be: a smart phone, a tablet computer, an MP3 player (Moving Picture Experts Group Audio Layer III, motion picture expert compression standard audio plane 3), an MP4 (Moving Picture Experts Group Audio Layer IV, motion picture expert compression standard audio plane 4) player, a notebook computer, or a desktop computer. Terminal 800 may also be referred to by other names of user devices, portable terminals, laptop terminals, desktop terminals, and the like.
In general, the terminal 800 includes: a processor 801 and a memory 802.
Processor 801 may include one or more processing cores, such as a 4-core processor, an 8-core processor, and the like. The processor 801 may be implemented in at least one hardware form of DSP (Digital Signal Processing ), FPGA (Field-Programmable Gate Array, field programmable gate array), PLA (Programmable Logic Array ). The processor 801 may also include a main processor, which is a processor for processing data in an awake state, also referred to as a CPU (Central Processing Unit ), and a coprocessor; a coprocessor is a low-power processor for processing data in a standby state. In some embodiments, the processor 801 may integrate a GPU (Graphics Processing Unit, image processor) for rendering and rendering of content required to be displayed by the display screen. In some embodiments, the processor 801 may also include an AI (Artificial Intelligence ) processor for processing computing operations related to machine learning.
Memory 802 may include one or more computer-readable storage media, which may be non-transitory. Memory 802 may also include high-speed random access memory, as well as non-volatile memory, such as one or more magnetic disk storage devices, flash memory storage devices. In some embodiments, a non-transitory computer readable storage medium in memory 802 is used to store at least one program code for execution by processor 801 to implement the information verification method provided by the method embodiments in the present disclosure.
In some embodiments, the terminal 800 may further optionally include: a peripheral interface 803, and at least one peripheral. The processor 801, the memory 802, and the peripheral interface 803 may be connected by a bus or signal line. Individual peripheral devices may be connected to the peripheral device interface 803 by buses, signal lines, or a circuit board. Specifically, the peripheral device includes: at least one of radio frequency circuitry 804, a display 805, a camera assembly 806, audio circuitry 807, a positioning assembly 808, and a power supply 809.
Peripheral interface 803 may be used to connect at least one Input/Output (I/O) related peripheral to processor 801 and memory 802. In some embodiments, processor 801, memory 802, and peripheral interface 803 are integrated on the same chip or circuit board; in some other embodiments, either or both of the processor 801, the memory 802, and the peripheral interface 803 may be implemented on separate chips or circuit boards, which is not limited in this embodiment.
The Radio Frequency circuit 804 is configured to receive and transmit RF (Radio Frequency) signals, also known as electromagnetic signals. The radio frequency circuit 804 communicates with a communication network and other communication devices via electromagnetic signals. The radio frequency circuit 804 converts an electrical signal into an electromagnetic signal for transmission, or converts a received electromagnetic signal into an electrical signal. Optionally, the radio frequency circuit 804 includes: antenna systems, RF transceivers, one or more amplifiers, tuners, oscillators, digital signal processors, codec chipsets, subscriber identity module cards, and so forth. The radio frequency circuitry 804 may communicate with other terminals via at least one wireless communication protocol. The wireless communication protocol includes, but is not limited to: metropolitan area networks, various generations of mobile communication networks (2G, 3G, 4G, and 5G), wireless local area networks, and/or WiFi (Wireless Fidelity ) networks. In some embodiments, the radio frequency circuitry 804 may also include NFC (Near Field Communication, short range wireless communication) related circuitry, which is not limited by the present disclosure.
The display 805 is used to display a UI (User Interface). The UI may include graphics, text, icons, video, and any combination thereof. When the display 805 is a touch display, the display 805 also has the ability to collect touch signals at or above the surface of the display 805. The touch signal may be input as a control signal to the processor 801 for processing. At this time, the display 805 may also be used to provide virtual buttons and/or virtual keyboards, also referred to as soft buttons and/or soft keyboards. In some embodiments, the display 805 may be one, providing a front panel of the terminal 800; in other embodiments, the display 805 may be at least two, respectively disposed on different surfaces of the terminal 800 or in a folded design; in still other embodiments, the display 805 may be a flexible display disposed on a curved surface or a folded surface of the terminal 800. Even more, the display 805 may be arranged in an irregular pattern other than rectangular, i.e., a shaped screen. The display 805 may be made of LCD (Liquid Crystal Display ), OLED (Organic Light-Emitting Diode) or other materials.
The camera assembly 806 is used to capture images or video. Optionally, the camera assembly 806 includes a front camera and a rear camera. Typically, the front camera is disposed on the front panel of the terminal and the rear camera is disposed on the rear surface of the terminal. In some embodiments, the at least two rear cameras are any one of a main camera, a depth camera, a wide-angle camera and a tele camera, so as to realize that the main camera and the depth camera are fused to realize a background blurring function, and the main camera and the wide-angle camera are fused to realize a panoramic shooting and Virtual Reality (VR) shooting function or other fusion shooting functions. In some embodiments, the camera assembly 806 may also include a flash. The flash lamp can be a single-color temperature flash lamp or a double-color temperature flash lamp. The dual-color temperature flash lamp refers to a combination of a warm light flash lamp and a cold light flash lamp, and can be used for light compensation under different color temperatures.
Audio circuitry 807 may include a microphone and a speaker. The microphone is used for collecting sound waves of users and the environment, converting the sound waves into electric signals, inputting the electric signals to the processor 801 for processing, or inputting the electric signals to the radio frequency circuit 804 for voice communication. For stereo acquisition or noise reduction purposes, a plurality of microphones may be respectively disposed at different portions of the terminal 800. The microphone may also be an array microphone or an omni-directional pickup microphone. The speaker is used to convert electrical signals from the processor 801 or the radio frequency circuit 804 into sound waves. The speaker may be a conventional thin film speaker or a piezoelectric ceramic speaker. When the speaker is a piezoelectric ceramic speaker, not only the electric signal can be converted into a sound wave audible to humans, but also the electric signal can be converted into a sound wave inaudible to humans for ranging and other purposes. In some embodiments, audio circuit 807 may also include a headphone jack.
The location component 808 is utilized to locate the current geographic location of the terminal 800 to enable navigation or LBS (Location Based Service, location-based services). The positioning component 808 may be a positioning component based on the United states GPS (Global Positioning System ), the Beidou system of China, the Granati system of Russia, or the Galileo system of the European Union.
A power supply 809 is used to power the various components in the terminal 800. The power supply 809 may be an alternating current, direct current, disposable battery, or rechargeable battery. When the power supply 809 includes a rechargeable battery, the rechargeable battery may support wired or wireless charging. The rechargeable battery may also be used to support fast charge technology.
In some embodiments, the terminal 800 also includes one or more sensors 810. The one or more sensors 810 include, but are not limited to: acceleration sensor 811, gyroscope sensor 812, pressure sensor 813, fingerprint sensor 814, optical sensor 815, and proximity sensor 816.
The acceleration sensor 811 can detect the magnitudes of accelerations on three coordinate axes of the coordinate system established with the terminal 800. For example, the acceleration sensor 811 may be used to detect components of gravitational acceleration in three coordinate axes. The processor 801 may control the display screen 805 to display a user interface in a landscape view or a portrait view based on the gravitational acceleration signal acquired by the acceleration sensor 811. Acceleration sensor 811 may also be used for the acquisition of motion data of a game or user.
The gyro sensor 812 may detect a body direction and a rotation angle of the terminal 800, and the gyro sensor 812 may collect a 3D motion of the user to the terminal 800 in cooperation with the acceleration sensor 811. The processor 801 may implement the following functions based on the data collected by the gyro sensor 812: motion sensing (e.g., changing UI according to a tilting operation by a user), image stabilization at shooting, game control, and inertial navigation.
The pressure sensor 813 may be disposed at a side frame of the terminal 800 and/or at a lower layer of the display 805. When the pressure sensor 813 is disposed on a side frame of the terminal 800, a grip signal of the terminal 800 by a user may be detected, and the processor 801 performs left-right hand recognition or shortcut operation according to the grip signal collected by the pressure sensor 813. When the pressure sensor 813 is disposed at the lower layer of the display screen 805, the processor 801 controls the operability control on the UI interface according to the pressure operation of the user on the display screen 805. The operability controls include at least one of a button control, a scroll bar control, an icon control, and a menu control.
The fingerprint sensor 814 is used to collect a fingerprint of a user, and the processor 801 identifies the identity of the user based on the fingerprint collected by the fingerprint sensor 814, or the fingerprint sensor 814 identifies the identity of the user based on the collected fingerprint. Upon recognizing that the user's identity is a trusted identity, the processor 801 authorizes the user to perform relevant sensitive operations including unlocking the screen, viewing encrypted information, downloading software, paying for and changing settings, etc. The fingerprint sensor 814 may be provided on the front, back, or side of the terminal 800. When a physical key or vendor Logo is provided on the terminal 800, the fingerprint sensor 814 may be integrated with the physical key or vendor Logo.
The optical sensor 815 is used to collect the ambient light intensity. In one embodiment, the processor 801 may control the display brightness of the display screen 805 based on the intensity of ambient light collected by the optical sensor 815. Specifically, when the intensity of the ambient light is high, the display brightness of the display screen 805 is turned up; when the ambient light intensity is low, the display brightness of the display screen 805 is turned down. In another embodiment, the processor 801 may also dynamically adjust the shooting parameters of the camera module 806 based on the ambient light intensity collected by the optical sensor 815.
A proximity sensor 816, also referred to as a distance sensor, is typically provided on the front panel of the terminal 800. The proximity sensor 816 is used to collect the distance between the user and the front of the terminal 800. In one embodiment, when the proximity sensor 816 detects that the distance between the user and the front of the terminal 800 gradually decreases, the processor 801 controls the display 805 to switch from the bright screen state to the off screen state; when the proximity sensor 816 detects that the distance between the user and the front surface of the terminal 800 gradually increases, the processor 801 controls the display 805 to switch from the off-screen state to the on-screen state.
Those skilled in the art will appreciate that the structure shown in fig. 8 is not limiting and that more or fewer components than shown may be included or certain components may be combined or a different arrangement of components may be employed.
When the electronic device is provided as a server, fig. 9 is a block diagram illustrating a server 900 according to an exemplary embodiment, where the server 900 may have a relatively large difference due to configuration or performance, and may include one or more processors (Central Processing Units, CPU) 901 and one or more memories 902, where at least one program code is stored in the memories 902 and is loaded and executed by the processor 901 to implement the information verification method provided in the above-described respective method embodiments. Of course, the server may also have a wired or wireless network interface, a keyboard, an input/output interface, etc. to perform input/output, and the server 900 may also include other components for implementing the functions of the device, which are not described herein.
In an exemplary embodiment, a computer readable storage medium is also provided, such as a memory 802 or a memory 902, comprising instructions executable by the processor 801 of the terminal 800 or the processor 901 of the server 900 to perform the above-described method. Alternatively, the computer readable storage medium may be ROM, random Access Memory (RAM), CD-ROM, magnetic tape, floppy disk, optical data storage device, etc.
A computer program product comprising computer programs/instructions which when executed by a processor implement the above-described information verification method.
Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure disclosed herein. This disclosure is intended to cover any adaptations, uses, or adaptations of the disclosure following the general principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.
It is to be understood that the present disclosure is not limited to the precise arrangements and instrumentalities shown in the drawings, and that various modifications and changes may be effected without departing from the scope thereof. The scope of the present disclosure is limited only by the appended claims.
Claims (11)
1. An information verification method, the method comprising:
under the condition that a service information request of a client is received, a first token in the service information request is acquired, wherein the first token is used for indicating that the client has the authority of acquiring the service information;
Verifying the first token based on a target key of a target object in a current service, wherein the target object has target authority in the current service;
and returning service information to the client in the condition that the first token passes verification.
2. The information verification method according to claim 1, wherein the verifying the first token based on the target key of the target object in the current service includes:
acquiring encrypted data in the first token under the condition that the current service starts an encryption identification function, wherein the encrypted data is an encrypted field based on the target key in the first token;
decrypting the encrypted data based on the target key;
and in the case of successful decryption, determining that the first token passes verification.
3. The information authentication method according to claim 2, characterized in that the method further comprises:
recording the first token under the condition that decryption is unsuccessful;
and returning service acquisition failure information to the client.
4. The information authentication method according to claim 2, characterized in that the method further comprises:
Acquiring the survival time length of the first token under the condition that the current service does not start the encryption identification function, wherein the survival time length is used for representing the existing time length of the first token;
sending a verification request to the target object under the condition that the life time does not exceed the life cycle, wherein the verification request carries the first token;
and receiving a verification result returned by the target object.
5. The information authentication method according to claim 4, characterized in that the method further comprises:
comparing the encrypted data in the first token with stored encrypted data under the condition that the life time exceeds the life cycle;
in the event that the encrypted data in the first token is consistent with the stored encrypted data, determining that the first token is authenticated.
6. The information verification method according to claim 1, wherein before receiving the service information request of the client, the method further comprises:
generating a second token under the condition that a service login request of the client is received;
encrypting a target field in the second token based on the target key of the target object in the current service to obtain encrypted data;
The first token is determined based on the encrypted data and an unencrypted field in the second token.
7. The information authentication method according to claim 6, characterized in that the method further comprises:
storing the encrypted data;
sending asynchronous information to a target server under the condition that the encrypted data is not stored successfully, wherein the asynchronous information comprises the encrypted data;
and storing the encrypted data returned by the target server again.
8. The information authentication method according to claim 7, characterized in that the method further comprises:
and returning service login failure information to the client under the condition that the encrypted data is not successfully stored and the target condition is met.
9. An information verification apparatus, characterized in that the apparatus comprises:
a first acquisition unit configured to perform, when a service information request of a client is received, acquisition of a first token in the service information request, the first token being used to indicate that the client has authority to acquire service information;
a verification unit configured to perform verification of the first token based on a target key of a target object in a current service, the target object having a target authority in the current service;
And a transmitting unit configured to perform returning of service information to the client in case the first token passes verification.
10. An electronic device, the electronic device comprising:
one or more processors;
a memory for storing the processor-executable program code;
wherein the processor is configured to execute the program code to implement the information verification method of any one of claims 1 to 8.
11. A computer readable storage medium, characterized in that instructions in the computer readable storage medium, when executed by a processor of an electronic device, enable the electronic device to perform the information authentication method according to any one of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310554445.3A CN116633611A (en) | 2023-05-16 | 2023-05-16 | Information verification method, device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310554445.3A CN116633611A (en) | 2023-05-16 | 2023-05-16 | Information verification method, device, electronic equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116633611A true CN116633611A (en) | 2023-08-22 |
Family
ID=87609252
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310554445.3A Pending CN116633611A (en) | 2023-05-16 | 2023-05-16 | Information verification method, device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116633611A (en) |
-
2023
- 2023-05-16 CN CN202310554445.3A patent/CN116633611A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111444528B (en) | Data security protection method, device and storage medium | |
| WO2021120793A1 (en) | Face image transmission method and apparatus, numerical value transfer method and apparatus, and electronic device | |
| CN110245144B (en) | Protocol data management method, device, storage medium and system | |
| CN110689460B (en) | Traffic accident data processing method, device, equipment and medium based on block chain | |
| CN109615515B (en) | Credit right certificate transfer method, device, electronic equipment and storage medium | |
| CN108769992B (en) | User authentication method, device, terminal and storage medium | |
| CN111506884A (en) | User invitation method, device, computer equipment and computer readable storage medium | |
| CN107959727B (en) | Method and device for communication between webpage and client | |
| CN110365501B (en) | Method and device for group joining processing based on graphic code | |
| CN110598386B (en) | Block chain-based data processing method, device, equipment and storage medium | |
| CN111404991A (en) | Method, device, electronic equipment and medium for acquiring cloud service | |
| CN111062323A (en) | Face image transmission method, numerical value transfer method, device and electronic equipment | |
| CN110677262B (en) | Information notarization method, device and system based on blockchain | |
| CN111193702B (en) | Method and device for data encryption transmission | |
| CN115495169B (en) | Data acquisition and page generation methods, devices, equipment and readable storage medium | |
| CN110738491A (en) | Numerical value transferring method, system, device, terminal and storage medium | |
| CN113630405B (en) | Network access authentication method and device, electronic equipment and storage medium | |
| CN114124405B (en) | Service processing method, system, computer equipment and computer readable storage medium | |
| CN112528311B (en) | Data management method, device and terminal | |
| CN115329309A (en) | Verification method, verification device, electronic equipment and storage medium | |
| CN110555924B (en) | Method and device for unlocking processing | |
| CN111131619B (en) | Account switching processing method, device and system | |
| CN112764824B (en) | Method, device, equipment and storage medium for triggering identity verification in application program | |
| CN108683684B (en) | Method, device and system for logging in target instant messaging application | |
| CN116633611A (en) | Information verification method, device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |