Multi-encryption method for service provider to transmit service message

A technology for multiple encryption and transmission services, applied in transmission systems and key distribution, can solve problems such as uncontrollable data use, high cracking costs, and long access cycles, and achieve controllable development costs, high cracking costs, and fast online speed Effect

Active Publication Date: 2019-06-14
CHONGQING RURAL COMMERCIAL BANK CO LTD
6 Cites 5 Cited by

AI-Extracted Technical Summary

Problems solved by technology

[0013] The present invention solves the problems in the prior art that the service provider service access to the third party will lead to data leakage, uncontrollable data use, increase in the size of the third-party APP, long access cycle and complicated process, and relatively high development cost. The high problem is to provide multiple encryption methods for the service provider to transmit business messages. When it is applied, the entire H5 application is developed by the service provider, and the data will not leak to any third party, and there is no increase in the size of the third-party APP. For problems...
View more

Method used

Compared with the prior art, the present invention, when applied, the entire H5 application is fully developed by the service provider, and the data will not leak to any third party, and there is no problem of increasing the size of the third-party APP and needing to reissue the version. It only needs to configure a jump in the third-party background, and the entire development cost is controllable. The present invention modifies and synchronizes all access parties together, without perceptual update, fast online speed, strong reusability, flow control, and current limiting and rejection according to key classification of requesting parties. The present invention has the access key first, and then the access key, adding random numbers, hashes, AES encryption algorithms, public key and private key encryption and decryption to increase the complexity, the cracking cost of the whole method is very high, and the security of encryption is improved sex.
In the present invention, AT is consumed at one time, and becomes invalid after VT is generated; the service provider H5 end caches all data in the sessionStorage of the webview of the three-party APP, all using AT as a key to encrypt and then cache. The service method of the service provider is to deploy front-end and back-end separation, isolate the front-end and back-end, the front-end prod...
View more

Abstract

The invention discloses a multi-encryption method for a service provider to transmit a business message. The multi-encryption method comprises a service provider H5 end, a service provider gateway service end, a service provider authentication end and a service provider back end, and all ends are interacted. The method solves the problem that the service provider service accessing the third partyexisting in the prior art existing in the prior art has data leakage, uncontrollable data usage, increasing the size of the third party APP, the long process of the access period is complicated, and the development cost is relatively high. The high problem is to provide multiple encryption methods for the service provider to transmit service messages. When the application is applied, the entire H5application is developed by the service provider. The data cannot be leaked to any third party. The problems of increasing the size of a third-party APP and needing to reissue a version do not exist,only one skip needs to be configured in the background of the third party, complexity is increased through mixing of an access key, a rear access key, a random number, Hash, an AES encryption algorithm, public key private key encryption and decryption and the like, and the whole method is very high in cracking cost.

Application Domain

Key distribution for secure communication

Technology Topic

Service providerThird party +4

Image

  • Multi-encryption method for service provider to transmit service message
  • Multi-encryption method for service provider to transmit service message

Examples

  • Experimental program(1)

Example Embodiment

[0036] Example
[0037] like Figure 1 to Figure 2 As shown, the third-party security access method in the form of H5 application of the service provider includes the third-party backend, the H5 end of the service provider, the gateway server of the service provider, the authentication end of the service provider, and the backend of the service provider. Include the following steps:
[0038] A. The user of the third-party client clicks an entry request to enter the service application provided by the service provider, and notifies the third-party backend of the message;
[0039] B. The third-party backend initiates a request to the service provider to generate an access key AT (Access Token, referred to as AT) through the service provider gateway server, and the service provider generates the access key AT and passes it through the service provider gateway The server returns to the third-party backend;
[0040] C. After the third-party backend receives the encrypted AT, it decrypts the AT, and reverses the AT to get AK (AppKey, AK for short). AK is the asymmetrically encrypted public key of the service provider's gateway server. Open the URL address of the H5 side of the service provider in the third-party webView, and the H5 side of the service provider temporarily stores AT and AK in the sessionStorage of the browser embedded in the third-party APP;
[0041] D. The service provider H5 sends a request to the service provider to generate a visit key VT (Visit Token, referred to as VT) through the service provider gateway server. The parameters of the request include the access key AT, and the access key AT uses random numbers as keys to encrypt;
[0042] E. After receiving the request for generating the access key VT in the step D, the service provider authentication end in the service provider first decrypts the request for generating the access key VT, decrypts the AT and verifies the authenticity of the AT , when AT is true, generate the access key VT and return to the service provider H5 through the service provider gateway server, and invalidate the function of the AT as the access key;
[0043] F. The H5 terminal of the service provider decrypts the VT with random numbers, opens and renders the H5 product page, and carries out various external services of the H5 product;
[0044] G. The H5 end of the service provider initiates a service message request to the back end of the service provider through the server end of the service provider gateway. The request parameters of the service message request are first encrypted with random numbers, then encrypted with VT, and then encrypted with AK;
[0045] H. After receiving the service message request initiated by the H5 terminal of the service provider, the authentication terminal of the service provider decrypts the service message request, decrypts the original real service message parameters, and uses this service message parameter to the service provider The backend initiates a business request and returns the requested data, and the returned message is encrypted with VT and sent back to the H5 end of the service provider;
[0046] I. The H5 terminal of the service provider receives the returned message and uses VT to decrypt the message and render the returned data.
[0047] In the step B, the third-party backend initiates a request to the service provider to generate the access key AT through the service provider gateway server end, and the transfer parameters of the request include the third party's registered account siteId, service key AT in the service provider. The account appId of the H5 side of the provider, and the third-party account userId of the third-party customer.
[0048] In the step B, the service provider generates the access key AT and sends it back to the third-party backend through the service provider gateway server. Register the account siteId and the account appId on the H5 side of the service provider, and then return the encrypted access key AT. The access key AT is reversible.
[0049] The access key AT in the step B includes the asymmetrically encrypted public key AK of the gateway server of the service provider, and the authentication terminal of the service provider stores the asymmetrically encrypted private key SK (SecretKey, SK for short).
[0050] In the step D, the service provider H5 initiates a request to the service provider to generate the access key VT through the service provider gateway server end, and the request parameters of the request include the asymmetrically encrypted public key AK of the service provider gateway server end and access key AT. After the access key AT in the request parameter is encrypted with a random number as a key, the request is encrypted with the asymmetrically encrypted public key AK of the gateway server of the service provider.
[0051] After receiving the request for generating the access key VT in the step E, the specific process for the service provider authentication terminal in the service provider to decrypt the request for generating the access key VT is: the service provider authentication terminal receives the step D After the request in , use the private key SK corresponding to the asymmetrically encrypted public key AK of the gateway server of the service provider to decrypt the request, and then use the decrypted random number as the key to decrypt the AT.
[0052] In the step E, the authentication terminal of the service provider combines the generated access key VT with the siteId of the third party’s registered account at the service provider, the account appId of the service provider’s H5 end, and the three-party account userId of the third party’s client when the AT request was generated before. Store accordingly.
[0053] The service message request in step G also includes the parameter AK, the third party's registered account siteId at the service provider, the account appId of the service provider H5 end, and the third party account userId of the third party's client.
[0054] After receiving the service message request initiated by the service provider H5 in the step H, the specific process for the service provider authentication terminal to decrypt the service message request is: first use the asymmetrically encrypted public key of the service provider gateway server The private key SK corresponding to AK decrypts the requested business message, and then routes it to the corresponding VT according to the siteId of the third party’s registered account on the service provider, the appId of the account appId on the H5 side of the service provider, and the userId of the third-party account of the third-party customer. Decrypt, and then use the decrypted random number to decrypt the original real service message parameters.
[0055] The present invention overcomes the defects in the aforementioned prior art that data leakage occurs when the service provider accesses a third party, uncontrollable use of data, increased third-party APP size, long access period, complex process, and high development costs , the entire H5 application is developed by the service provider. The third party only needs to initiate a request from the background to get a key to the H5 home page of the service provider. The rest of the process has nothing to do with the third party, and the data will not be leaked to any third party. Because it is an H5 application, there is no problem of increasing the size of the third-party APP and needing to republish the version. It only needs to configure a jump in the third-party background, and the entire development cost is controllable. A set of H5 can be developed to access IOS, For Android and H5 terminals, all access parties are synchronized at the same time for each modification, no perceptual update, fast online speed, strong reusability, and flow control. Requesters can be classified and rejected according to the key.
[0056] In terms of security, refer to the mechanism of oauth2.0. First, there is the access key, and then there is the access key. Adding random numbers, hashes, AES encryption algorithms, public key and private key encryption and decryption to increase complexity, each request encryption Signature, decryption key does not go to the request, even if it is useless to capture the packet, you can’t get the VT, you need to crack the third-party APP after reinforcement and shelling, and export the activity of the webview of the third-party Android APP, under the IOS platform, you can only reverse Compiling the entire APP, rewriting all modules, compressing and obfuscating JS files on the H5 side of the service provider, separating the front and back ends, and HTTPS encryption at the network level and preventing CSRF attacks, the whole method is very expensive to crack.
[0057] In the present invention, AT is consumed at one time, and becomes invalid after VT is generated; all data cached in the sessionStorage of the webview of the third-party APP by the service provider H5 end is encrypted with AT as the key and then cached. The service method of the service provider is to deploy front-end and back-end separation, isolate the front-end and back-end, the front-end products are output in the form of SPA, and the separate server uses PM2 for server core load balancing to achieve high response and fast rendering. Frequently changing and public static resource CDN deployment makes user experience faster and smoother.
[0058] Compared with the prior art, the present invention is used when the entire H5 application is developed by the service provider, the data will not be leaked to any third party, and there is no problem of increasing the size of the third-party APP and needing to republish it. The three-party backend can be configured with one jump, and the entire development cost is controllable. The present invention modifies and synchronizes all access parties together, without perceptual update, fast online speed, strong reusability, flow control, and current limiting and rejection according to key classification of requesting parties. The present invention has the access key first, and then the access key, adding random numbers, hashes, AES encryption algorithms, public key and private key encryption and decryption to increase the complexity, the cracking cost of the whole method is very high, and the security of encryption is improved sex.

PUM

no PUM

Description & Claims & Application Information

We can also present the details of the Description, Claims and Application information to help users get a comprehensive understanding of the technical details of the patent, such as background art, summary of invention, brief description of drawings, description of embodiments, and other original content. On the other hand, users can also determine the specific scope of protection of the technology through the list of claims; as well as understand the changes in the life cycle of the technology with the presentation of the patent timeline. Login to view more.

Similar technology patents

A third party secure access method in the form of a service provider H5 application

ActiveCN109831432AControllable development costsonline fast
Owner:CHONGQING RURAL COMMERCIAL BANK CO LTD

Interconnect circuit system, verification system and method

ActiveCN112765925BStrong reusabilityReduce labor costs
Owner:北京燧原智能科技有限公司

Image-text production service platform

InactiveCN103716303Alow costStrong reusability
Owner:SHENYANG INNOVATION & DESIGN SERVICE

Display method for second phase of austenite heat-resisting steel based on dyeing

InactiveCN104655472AStrong reusabilityLittle harm to inspectors and the environment
Owner:XIAN THERMAL POWER RES INST CO LTD

Programmable super-speed advanced setting type frequency divider

PendingCN109672442ASimple circuit structureStrong reusability
Owner:南京胜跃新材料科技有限公司

Classification and recommendation of technical efficacy words

  • Controllable development costs
  • online fast

A third party secure access method in the form of a service provider H5 application

ActiveCN109831432AControllable development costsonline fast
Owner:CHONGQING RURAL COMMERCIAL BANK CO LTD

A third party secure access method in the form of a service provider H5 application

ActiveCN109831432AControllable development costsonline fast
Owner:CHONGQING RURAL COMMERCIAL BANK CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products