CN108243172B - A method and system for sending verification information - Google Patents
A method and system for sending verification information Download PDFInfo
- Publication number
- CN108243172B CN108243172B CN201611228347.7A CN201611228347A CN108243172B CN 108243172 B CN108243172 B CN 108243172B CN 201611228347 A CN201611228347 A CN 201611228347A CN 108243172 B CN108243172 B CN 108243172B
- Authority
- CN
- China
- Prior art keywords
- request information
- network request
- interface parameter
- information
- string
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000012795 verification Methods 0.000 title claims abstract description 72
- 238000000034 method Methods 0.000 title claims abstract description 68
- 238000004422 calculation algorithm Methods 0.000 claims description 43
- 238000013507 mapping Methods 0.000 claims description 14
- 238000006243 chemical reaction Methods 0.000 claims description 5
- 238000004364 calculation method Methods 0.000 claims 4
- 238000012545 processing Methods 0.000 description 12
- 230000001174 ascending effect Effects 0.000 description 8
- 230000008569 process Effects 0.000 description 5
- 238000004891 communication Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
Description
技术领域technical field
本发明属于通信技术领域,尤其涉及一种发送验证信息的方法及系统。The invention belongs to the technical field of communication, and in particular relates to a method and system for sending verification information.
背景技术Background technique
市场上很多终端的APP是用手机号注册或者登录的,一般在获取手机接收的验证信息之前,需要先输入几个数字或者符号的验证码进行注册或登录。Many terminal APPs on the market are registered or logged in with a mobile phone number. Generally, before obtaining the verification information received by the mobile phone, it is necessary to enter a verification code of several numbers or symbols to register or log in.
而为了避免验证码被频繁或攻击性地发送,现有技术将验证码设计的更为复杂化,验证码上的文字歪歪斜斜的甚至难以辨认,用户输入的时候可能输入错误,对登录或注册APP造成了一定的障碍,从而降低了用户的操作效率。In order to prevent the verification code from being sent frequently or aggressively, the existing technology complicates the design of the verification code, and the text on the verification code is skewed or even difficult to read. Registering an APP creates certain obstacles, thereby reducing the user's operational efficiency.
发明内容SUMMARY OF THE INVENTION
针对现有技术存在的问题,本发明实施例提供了一种发送验证信息的方法及系统,用于解决现有技术中在登录或注册APP时,避免验证码被频繁或者攻击性地发送,导致用户操作效率降低的技术问题。In view of the problems existing in the prior art, the embodiments of the present invention provide a method and system for sending verification information, which are used to solve the problem of avoiding frequent or aggressive sending of verification codes when logging in or registering an APP in the prior art, resulting in The technical problem that the user's operation efficiency is reduced.
本发明提供一种发送验证信息的方法,所述方法包括:The present invention provides a method for sending verification information, the method comprising:
客户端获取第一网络请求信息;The client obtains the first network request information;
根据所述第一网络请求信息生成第二网络请求信息及第一接口参数;将所述第二网络请求信息及所述第一接口参数进行拼接生成第三网络请求信息;generating second network request information and first interface parameters according to the first network request information; splicing the second network request information and the first interface parameters to generate third network request information;
将所述第三网络请求信息发送至服务器,使得所述服务器能基于所述第三网络请求信息计算第二接口参数,并判断所述第一接口参数与所述第二接口参数是否一致,若确定所述第二接口参数及所述第一接口参数一致时,向所述客户端发送所述验证信息;其中,所述第一网络请求信息、所述第二网络请求信息与所述第三网络请求信息为统一资源定位符,且所述第一网络请求信息、所述第二网络请求信息及所述第三网络请求信息不同;所述第一接口参数与所述第二接口参数为令牌值。Send the third network request information to the server, so that the server can calculate the second interface parameter based on the third network request information, and determine whether the first interface parameter is consistent with the second interface parameter, if When it is determined that the second interface parameter and the first interface parameter are consistent, send the verification information to the client; wherein the first network request information, the second network request information and the third The network request information is a uniform resource locator, and the first network request information, the second network request information and the third network request information are different; the first interface parameter and the second interface parameter are card value.
上述方案中,所述根据所述第一网络请求信息生成第二网络请求信息及第一接口参数,包括:In the above solution, generating the second network request information and the first interface parameter according to the first network request information includes:
从字典中获取所述第一网络请求信息中的时间参数字符串;Obtain the time parameter string in the first network request information from the dictionary;
获取所述时间参数字符串的键值key,每个键值对应一个数值;Obtain the key value key of the time parameter string, each key value corresponds to a numerical value;
按照预设的第一排序规则对所述键值进行排序,获取键值数组;Sort the key values according to the preset first sorting rule, and obtain an array of key values;
利用所述键值与所述数值之间的映射关系将所述键值数组转换为所述数值的字符串;Using the mapping relationship between the key value and the numerical value to convert the key value array into a string of the numerical value;
将所述数值的字符串与服务器地址进行拼接获取所述第二网络请求信息;The string of the numerical value is spliced with the server address to obtain the second network request information;
利用对称加密算法从所述第二网络请求信息中获取所述第一接口参数。The first interface parameter is obtained from the second network request information by using a symmetric encryption algorithm.
上述方案中,所述利用对称加密算法从所述第二网络请求信息中获取所述第一接口参数,包括:In the above solution, the using a symmetric encryption algorithm to obtain the first interface parameter from the second network request information includes:
解析所述第二网络请求信息,获取服务器地址及第一查询字符串;Parse the second network request information to obtain the server address and the first query string;
将所述第一查询字符串中的参数按照预设的第二排序规则进行排序,形成所述第二查询字符串;Sort the parameters in the first query string according to a preset second sorting rule to form the second query string;
根据所述第二查询字符串生成第四网络请求信息;generating fourth network request information according to the second query string;
利用对称算法基于所述第四网络请求信息生成摘要信息;Using a symmetric algorithm to generate summary information based on the fourth network request information;
对所述摘要信息进行加密处理;encrypting the digest information;
将预设密钥的明文信息与加密处理后的摘要信息进行拼接,形成所述第一接口参数。The plaintext information of the preset key and the encrypted digest information are spliced to form the first interface parameter.
本发明还提供一种发送验证信息的方法,所述方法包括:The present invention also provides a method for sending verification information, the method comprising:
客户端获取第一网络请求信息;The client obtains the first network request information;
根据所述第一网络请求信息生成第二网络请求信息及第一接口参数;将所述第二网络请求信息及所述第一接口参数进行拼接生成第三网络请求信息,并将所述第三网络请求信息发送至服务器;Generate second network request information and first interface parameters according to the first network request information; combine the second network request information and the first interface parameters to generate third network request information, and combine the third network request information with the third network request information. The network request information is sent to the server;
服务器基于所述第三网络请求信息计算第二接口参数,判断所述第一接口参数与所述第二接口参数是否一致,若确定所述第一接口参数及所述第二接口参数一致时,向所述客户端发送所述验证信息;其中,所述第一网络请求信息、所述第二网络请求信息与所述第三网络请求信息为统一资源定位符,且所述第一网络请求信息、所述第二网络请求信息及所述第三网络请求信息不同;所述第一接口参数与所述第二接口参数为令牌值。The server calculates the second interface parameter based on the third network request information, and determines whether the first interface parameter is consistent with the second interface parameter, and if it is determined that the first interface parameter and the second interface parameter are consistent, Sending the verification information to the client; wherein the first network request information, the second network request information and the third network request information are uniform resource locators, and the first network request information , the second network request information and the third network request information are different; the first interface parameter and the second interface parameter are token values.
上述方案中,所述服务器向所述客户端发送所述验证信息时,按照预设的发送次数进行发送。In the above solution, when the server sends the verification information to the client, the verification information is sent according to a preset number of times of sending.
本发明还提供一种客户端,所述客户端包括:The present invention also provides a client, the client comprising:
获取单元,用于获取第一网络请求信息;an obtaining unit, configured to obtain the first network request information;
第一生成单元,用于根据所述第一网络请求信息生成第二网络请求信息及第一接口参数;第二生成单元,用于根据所述第二网络请求信息及所述第一接口参数生成第三网络请求信息;a first generating unit, configured to generate second network request information and a first interface parameter according to the first network request information; a second generating unit, configured to generate a second network request information and the first interface parameter according to the second network request information The third network requests information;
发送单元,用于将所述第三网络请求信息发送至服务器,使得所述服务器能基于所述第三网络请求信息计算第二接口参数,并当确定所述第二接口参数及所述第一接口参数一致时,向所述客户端发送所述验证信息;其中,所述第一网络请求信息、所述第二网络请求信息与所述第三网络请求信息为统一资源定位符,且所述第一网络请求信息、所述第二网络请求信息及所述第三网络请求信息不同;所述第一接口参数与所述第二接口参数为令牌值。A sending unit, configured to send the third network request information to a server, so that the server can calculate a second interface parameter based on the third network request information, and when determining the second interface parameter and the first interface parameter When the interface parameters are consistent, send the verification information to the client; wherein the first network request information, the second network request information and the third network request information are uniform resource locators, and the The first network request information, the second network request information and the third network request information are different; the first interface parameter and the second interface parameter are token values.
上述方案中,所述第一生成单元包括:In the above scheme, the first generating unit includes:
第一获取子单元,用于从字典中获取所述第一网络请求信息中的时间参数字符串;a first obtaining subunit, used for obtaining the time parameter string in the first network request information from the dictionary;
获取所述时间参数字符串的键值key,每个键值对应一个数值;Obtain the key value key of the time parameter string, each key value corresponds to a numerical value;
按照预设的第一排序规则对所述键值进行排序,获取键值数组;Sort the key values according to the preset first sorting rule, and obtain an array of key values;
转换子单元,用于利用所述键值与所述数值之间的映射关系将所述键值数组转换为所述数值的字符串;a conversion subunit, configured to convert the key value array into a string of the numerical value by utilizing the mapping relationship between the key value and the numerical value;
拼接子单元,用于将所述数值的字符串与服务器地址进行拼接获取所述第二网络请求信息;A splicing subunit, for splicing the string of the numerical value and the server address to obtain the second network request information;
第二获取子单元,用于利用对称加密算法从所述第二网络请求信息中获取所述第一接口参数。A second obtaining subunit, configured to obtain the first interface parameter from the second network request information by using a symmetric encryption algorithm.
上述方案中,所述第二获取子单元利用MD5算法从所述第二网络请求信息中获取所述第一接口参数,包括:In the above solution, the second obtaining subunit obtains the first interface parameter from the second network request information by using the MD5 algorithm, including:
解析所述第二网络请求信息,获取服务器地址及第一查询字符串;Parse the second network request information to obtain the server address and the first query string;
将所述第一查询字符串中的参数按照预设的第二排序规则进行排序,形成所述第二查询字符串;Sort the parameters in the first query string according to a preset second sorting rule to form the second query string;
根据所述第二查询字符串生成第四网络请求信息;generating fourth network request information according to the second query string;
利用对称算法基于所述第四网络请求信息生成摘要信息;Using a symmetric algorithm to generate summary information based on the fourth network request information;
对所述摘要信息进行加密处理;encrypting the digest information;
将预设密钥的明文信息与加密处理后的摘要信息进行拼接,形成所述第一接口参数。The plaintext information of the preset key and the encrypted digest information are spliced to form the first interface parameter.
本发明还提供一种发送验证信息的系统,所述系统包括:The present invention also provides a system for sending verification information, the system comprising:
客户端,用于获取第一网络请求信息;根据所述第一网络请求信息生成第二网络请求信息及第一接口参数;将所述第二网络请求信息及所述第一接口参数进行拼接生成第三网络请求信息,并将所述第三网络请求信息发送至服务器;服务器,用于基于所述第三网络请求信息计算第二接口参数,判断所述第一接口参数与所述第二接口参数是否一致,若确定所述第一接口参数及所述第二接口参数一致时,向所述客户端发送所述验证信息;其中,所述第一网络请求信息、所述第二网络请求信息与所述第三网络请求信息为统一资源定位符,且所述第一网络请求信息、所述第二网络请求信息及所述第三网络请求信息不同;所述第一接口参数与所述第二接口参数为令牌值。The client is used to obtain the first network request information; generate the second network request information and the first interface parameter according to the first network request information; generate the second network request information and the first interface parameter by splicing The third network requests information, and sends the third network request information to the server; the server is configured to calculate the second interface parameter based on the third network request information, and determine the relationship between the first interface parameter and the second interface Whether the parameters are consistent, if it is determined that the first interface parameter and the second interface parameter are consistent, send the verification information to the client; wherein the first network request information and the second network request information and the third network request information is a uniform resource locator, and the first network request information, the second network request information and the third network request information are different; the first interface parameter is different from the third network request information. The second interface parameter is the token value.
上述方案中,所述服务器向所述客户端发送所述验证信息时,按照预设的发送次数进行发送。In the above solution, when the server sends the verification information to the client, the verification information is sent according to a preset number of times of sending.
本发明提供了一种发送验证信息的方法及系统,所述方法包括:客户端获取第一网络请求信息;根据所述第一网络请求信息生成第二网络请求信息及第一接口参数;将所述第二网络请求信息及所述第一接口参数进行拼接生成第三网络请求信息;将所述第三网络请求信息发送至服务器,使得所述服务器能基于所述第三网络请求信息计算第二接口参数,并判断所述第一接口参数与所述第二接口参数是否一致,若确定所述第二接口参数及所述第一接口参数一致时,向所述客户端发送所述验证信息;其中,所述第一网络请求信息、所述第二网络请求信息与所述第三网络请求信息为统一资源定位符,且所述第一网络请求信息、所述第二网络请求信息及所述第三网络请求信息不同;所述第一接口参数与所述第二接口参数为令牌值;如此,即使用户利用脚本软件抓取或更换第一网络请求信息中的电话号码,也不能频繁或攻击性地向该电话号码发送验证信息,因为还需获取到正确的令牌值,才能发送验证信息,这样就降低了恶意重发验证信息的几率,并且也无需输入难以辨认的验证码进行验证,进而提高了用户的操作效率。The present invention provides a method and system for sending verification information. The method includes: obtaining first network request information by a client; generating second network request information and first interface parameters according to the first network request information; The second network request information and the first interface parameters are spliced to generate third network request information; the third network request information is sent to the server, so that the server can calculate the second network request information based on the third network request information. interface parameters, and determine whether the first interface parameters are consistent with the second interface parameters, and if it is determined that the second interface parameters and the first interface parameters are consistent, send the verification information to the client; Wherein, the first network request information, the second network request information and the third network request information are uniform resource locators, and the first network request information, the second network request information and the The third network request information is different; the first interface parameter and the second interface parameter are token values; in this way, even if the user uses script software to grab or change the phone number in the first network request information, it is not possible to frequently or Sending verification information to the phone number aggressively, because the correct token value is still needed to send verification information, which reduces the chance of maliciously resending verification information and eliminates the need to enter illegible verification codes for verification , thereby improving the user's operating efficiency.
附图说明Description of drawings
图1为本发明实施例提供的发送验证信息的系统的整体结构示意图;1 is a schematic diagram of the overall structure of a system for sending verification information provided by an embodiment of the present invention;
图2为本发明实施例提供的发送验证信息的方法流程示意图;2 is a schematic flowchart of a method for sending verification information provided by an embodiment of the present invention;
图3为本发明实施例提供的又一发送验证信息的方法流程示意图3 is a schematic flowchart of another method for sending verification information according to an embodiment of the present invention
图4为本发明实施例提供的客户端的整体结构示意图;FIG. 4 is a schematic diagram of an overall structure of a client according to an embodiment of the present invention;
图5为本发明实施例提供第一生成单元的整体结构示意图。FIG. 5 is a schematic diagram of an overall structure of a first generating unit according to an embodiment of the present invention.
具体实施方式Detailed ways
为了在登录或注册APP时,无需输入难以辨认的验证码进行验证,且利用接收的验证信息进行验证时,降低了恶意重发验证信息的几率,提高用户的操作效率,本发明提供了一种发送验证信息的方法及系统,所述方法包括:客户端获取第一网络请求信息;根据所述第一网络请求信息生成第二网络请求信息及第一接口参数;将所述第二网络请求信息及所述第一接口参数进行拼接生成第三网络请求信息;将所述第三网络请求信息发送至服务器,使得所述服务器能基于所述第三网络请求信息计算第二接口参数,并判断所述第一接口参数与所述第二接口参数是否一致,若确定所述第二接口参数及所述第一接口参数一致时,向所述客户端发送所述验证信息;其中,所述第一网络请求信息、所述第二网络请求信息与所述第三网络请求信息为统一资源定位符,且所述第一网络请求信息、所述第二网络请求信息及所述第三网络请求信息不同;所述第一接口参数与所述第二接口参数为令牌值;In order to log in or register an APP without inputting an illegible verification code for verification, and when using the received verification information for verification, the probability of maliciously re-sending verification information is reduced, and the operation efficiency of the user is improved, the present invention provides a A method and system for sending verification information, the method comprising: obtaining first network request information by a client; generating second network request information and first interface parameters according to the first network request information; and the first interface parameters are spliced to generate third network request information; the third network request information is sent to the server, so that the server can calculate the second interface parameters based on the third network request information, and determine the whether the first interface parameter is consistent with the second interface parameter, and if it is determined that the second interface parameter and the first interface parameter are consistent, send the verification information to the client; wherein the first interface The network request information, the second network request information and the third network request information are uniform resource locators, and the first network request information, the second network request information and the third network request information are different ; The first interface parameter and the second interface parameter are token values;
下面通过附图及具体实施例对本发明的技术方案做进一步的详细说明。The technical solutions of the present invention will be further described in detail below through the accompanying drawings and specific embodiments.
在介绍本发明的方法实施例之前,先介绍本发明实施例中验证系统架构,如图1所示,该系统包括:客户端101和服务器102。服务器102如图1所示,可与N个客户端101实现通信连接,N为自然数,其中,客户端101、服务器102之间的通信方式可以是有线通信,也可以是无线通信,所述客户端101具体可以是智能手机,也可以是平板电脑,还可以是智能穿戴设备等等,本申请对此不作限定。Before introducing the method embodiments of the present invention, the verification system architecture in the embodiments of the present invention is first introduced. As shown in FIG. 1 , the system includes: a
如图2所示,所述客户端101与所述服务器102之间的数据交互过程如下:As shown in FIG. 2, the data interaction process between the
S1,客户端获取第一网络请求信息;根据所述第一网络请求信息生成第二网络请求信息及第一接口参数;根据所述第二网络请求信息及所述第一接口参数生成第三网络请求信息,客户端将所述第三网络请求信息发送至服务器。S1, the client obtains first network request information; generates second network request information and first interface parameters according to the first network request information; generates a third network according to the second network request information and the first interface parameters request information, the client sends the third network request information to the server.
本步骤中,客户端获取第一网络请求信息,获取到第一网络请求信息后,根据所述第一网络请求信息生成第二网络请求信息及第一接口参数,具体包括:In this step, the client obtains the first network request information, and after obtaining the first network request information, generates the second network request information and the first interface parameter according to the first network request information, which specifically includes:
因第一网络请求信息是在字典dict中的,客户端首先从字典dict中获取时间参数的字符串,比如,所述时间参数的字符串可以为e=14696&method=get-code&mobile=1355408****;其中,e,method,mobile是一个字典dict的键值key;1469,get-code,1355408****是字典dict的数值value。其中,所述第一网络请求信息是统一资源定位符URL。Because the first network request information is in the dictionary dict, the client first obtains the time parameter string from the dictionary dict. For example, the time parameter string can be e=14696&method=get-code&mobile=1355408*** *; where e, method, mobile is the key value of a dictionary dict; 1469, get-code, 1355408**** is the numeric value of the dictionary dict. Wherein, the first network request information is a uniform resource locator URL.
当获取到时间参数字符串的所有的键值key后,按照预设的第一排序规则对所述键值key进行排序,获取键值数组;所述第一排序规则可以利用ortedArrayUsingComparator排序方法生成,利用ortedArrayUsingComparator排序方法即可生成一个有顺序的键值数组array。所述键值数组array中的键值key可以是按照升序排序,也可以是按照降序排序,本实施例中是按照升序a-z进行排序。After obtaining all the key value keys of the time parameter string, sort the key value keys according to the preset first sorting rule to obtain a key value array; the first sorting rule can be generated by using the sortedArrayUsingComparator sorting method, Use the sortedArrayUsingComparator sorting method to generate an ordered key-value array array. The key value keys in the key value array array may be sorted in ascending order, or may be sorted in descending order, and in this embodiment, the sorting is in ascending order a-z.
当获取到键值数组后,利用所述键值与所述数值之间的映射关系将所述键值数组转换为所述数值的字符串,将所述数值的字符串与服务器地址进行拼接获取所述第二网络请求信息;利用对称加密算法从所述第二网络请求信息中获取所述第一接口参数。After the key-value array is obtained, the key-value array is converted into a string of the numerical value by using the mapping relationship between the key value and the numerical value, and the string of the numerical value is spliced with the server address to obtain the second network request information; and obtain the first interface parameter from the second network request information by using a symmetric encryption algorithm.
具体地,利用objectAtIndex方法取出键值数组中的第一个键值key1,利用映射关系通过所述第一个键值key1从字典dict中取出第一个数值value1,然后将第一个键值key1和第一个数值value1拼接成一个新的字符串dictvaluestr1;依此类推,将所有的键值都转化为dictvaluestr类型的字符串,最后将所有dictvaluestr类型的字符串进行拼接,形成所述数值的字符串。Specifically, the objectAtIndex method is used to extract the first key value key1 in the key value array, the first value value1 is extracted from the dictionary dict through the first key value key1 by using the mapping relationship, and then the first key value key1 Concatenate with the first value value1 into a new string dictvaluestr1; and so on, convert all key values into strings of type dictvaluestr, and finally concatenate all strings of type dictvaluestr to form the character of the value string.
然后将数值的字符串与服务器地址的path部分进行拼接形成第二网络请求信息Sorturl;其中,所述第二网络请求信息其实也是一个URL,但于所述第一网络请求信息不同;所述服务器地址包括:path部分和查询字符串query_string部分。例如,将dictvaluestr1、dictvaluestr2等字符串与http://服务器地址/api进行拼接即形成第二网络请求信息Sorturl。所述http://服务器地址/api即为所述服务器地址的path部分。Then the numerical string and the path part of the server address are spliced to form the second network request information Sorturl; wherein, the second network request information is actually a URL, but different from the first network request information; the server The address includes: the path part and the query_string part of the query string. For example, the second network request information Sorturl is formed by splicing strings such as dictvaluestr1 and dictvaluestr2 with http://server address/api . The http://server address/api is the path part of the server address.
获取到第二网络请求信息Sorturl后,利用对称加密算法从所述第二网络请求信息中获取所述第一接口参数。其中,所述对称加密算法可以是MD5算法中的getNewToken函数。所述第一接口参数为客户端计算得出的令牌token值。After acquiring the second network request information Sorturl, use a symmetric encryption algorithm to acquire the first interface parameter from the second network request information. The symmetric encryption algorithm may be the getNewToken function in the MD5 algorithm. The first interface parameter is the token value calculated by the client.
具体地,解析所述第二网络请求信息Sorturl,获取服务器地址前半部分path部分及第一查询字符串query_string1;Specifically, the second network request information Sorturl is parsed to obtain the first half path part of the server address and the first query string query_string1;
将所述第一查询字符串query_string1中的参数按照预设的第二排序规则进行排序,然后将第一查询字符串query_string1中的参数按顺序插入“=”和“&”进行加密形成所述第二查询字符串query_string2。其中,所述第二排序规则可以是按照名称排序。Sort the parameters in the first query string query_string1 according to the preset second sorting rule, and then insert the parameters in the first query string query_string1 into "=" and "&" in order to encrypt to form the first query string. The second query string query_string2. Wherein, the second sorting rule may be sorting by name.
根据所述第二查询字符串query_string2生成第四网络请求信息;具体地,利用字符串拼接的方式,拼接服务器地址的前半部分path部分和第二查询字符串query_string2,并在path部分和第二查询字符串部分query_string2之间插入“?”进行加密,形成第四网络请求信息urll。The fourth network request information is generated according to the second query string query_string2; specifically, the first half path part of the server address is spliced with the second query string query_string2 by using the method of string splicing, and the path part and the second query string are spliced together. Insert "?" between the string part query_string2 for encryption to form the fourth network request information urll.
利用对称算法基于更新后的所述第四网络请求信息中的第二查询字符query_string2生成摘要信息digest;其中,所述摘要信息digest中第一个参数是私钥SECRET_KEY,第二个参数即为第四网络请求信息url1。其中,本实施例中的对称算法是HMAC_SHA1算法。A symmetric algorithm is used to generate digest information digest based on the second query character query_string2 in the updated fourth network request information; wherein, the first parameter in the digest information digest is the private key SECRET_KEY, and the second parameter is the first parameter Four network request information url1. The symmetric algorithm in this embodiment is the HMAC_SHA1 algorithm.
获取到摘要信息digest后,对所述摘要信息digest进行加密处理;具体地,对摘要信息digest进行base64编码处理,将编码处理后的摘要信息digest进行安全处理,比如将摘要信息digest中的字符“/”替换成“_”;将字符“+”替换成“-”;当然,这只是其中的一种替换方式,在此不做限定。After obtaining the digest information digest, perform encryption processing on the digest information digest; specifically, perform base64 encoding processing on the digest information digest, and perform security processing on the encoded digest information digest, for example, the characters in the digest information digest are "" /" is replaced with "_"; the character "+" is replaced with "-"; of course, this is only one of the replacement methods, which is not limited here.
最后将预设密钥的明文信息ACCESS_KEY与加密处理后的摘要信息digest进行拼接,所述明文信息与加密处理后的摘要信息digest之间通过“:”连接,形成所述第一接口参数。Finally, the plaintext information ACCESS_KEY of the preset key is spliced with the encrypted digest information digest, and the plaintext information and the encrypted digest information digest are connected by ":" to form the first interface parameter.
当生成第一接口参数之后,根据所述第二网络请求信息Sorturl及所述第一接口参数生成第三网络请求信息;具体地是将第一接口参数Token拼接值所述第二网络请求信息Sorturl之后,即形成所述第三网络请求信息TokenUrl,并将所述第三网络请求信息TokenUrl发送至服务器。其中,所述第三网络请求信息为统一资源定位符,且所述第一网络请求信息、所述第二网络请求信息及所述第三网络请求信息不同。After the first interface parameter is generated, third network request information is generated according to the second network request information Sorturl and the first interface parameter; specifically, the value of the second network request information Sorturl is concatenated with the value of the first interface parameter Token After that, the third network request information TokenUrl is formed, and the third network request information TokenUrl is sent to the server. The third network request information is a uniform resource locator, and the first network request information, the second network request information and the third network request information are different.
比如,所述第三网络请求信息TokenUrl=http://服务器地址/api?e=14696&method=get-code&mobile=1355408****%%%%%&token=********************For example, the third network request information TokenUrl=http://server address/api? e=14696&method=get-code&mobile=1355408****%%%%%&token=********************
S2,服务器基于所述第三网络请求信息计算第二接口参数,判断所述第一接口参数与所述第二接口参数是否一致,若确定所述第一接口参数及所述第二接口参数一致时,向所述客户端发送所述验证信息。S2: The server calculates a second interface parameter based on the third network request information, and determines whether the first interface parameter is consistent with the second interface parameter, and if it is determined that the first interface parameter and the second interface parameter are consistent when the authentication information is sent to the client.
本步骤中,当所述服务器接收到第三网络请求信息TokenUrl后,通过Token关键字对所述第三网络请求信息TokenUrl进行解析,获取第三网络请求信息TokenUrl中Token后的值,基于所述Token后的值利用与客户端获取第一接口参数同样的方法获取第二接口参数,并判断所述第一接口参数与所述第二接口参数是否一致,若确定所述第一接口参数及所述第二接口参数一致时,向所述客户端发送所述验证信息。这里,所述第二接口参数是服务器计算出的令牌token值,因服务器获取第二接口参数与客户端获取第一接口参数的过程一样,在此不再赘述。In this step, after receiving the third network request information TokenUrl, the server parses the third network request information TokenUrl through the Token keyword, and obtains the value after the Token in the third network request information TokenUrl, based on the The value after the Token obtains the second interface parameter in the same way as the client obtains the first interface parameter, and judges whether the first interface parameter is consistent with the second interface parameter. When the parameters of the second interface are consistent, the verification information is sent to the client. Here, the second interface parameter is the token value calculated by the server, because the process of acquiring the second interface parameter by the server is the same as that of the client acquiring the first interface parameter, and details are not repeated here.
并且,在向所述客户端发送验证信息时,为了避免频繁恶意发送,需要按照预设的发送次数进行发送。所述预设的发送次数可以根据实际场景进行设置,本实施例中设置的发送次数为10次。Moreover, when sending the verification information to the client, in order to avoid frequent malicious sending, the sending needs to be performed according to the preset sending times. The preset number of times of sending may be set according to actual scenarios, and the set number of times of sending in this embodiment is 10 times.
实施例二Embodiment 2
本实施例提供一种发送验证信息的方法,所述方法基于客户端侧,如图3所示,所述方法包括:This embodiment provides a method for sending verification information. The method is based on the client side. As shown in FIG. 3 , the method includes:
S301,客户端获取第一网络请求信息;根据所述第一网络请求信息生成第二网络请求信息及第一接口参数。S301, the client obtains first network request information; and generates second network request information and first interface parameters according to the first network request information.
本步骤中,客户端获取第一网络请求信息,获取到第一网络请求信息后,根据所述第一网络请求信息生成第二网络请求信息及第一接口参数,具体包括:In this step, the client obtains the first network request information, and after obtaining the first network request information, generates the second network request information and the first interface parameter according to the first network request information, which specifically includes:
因第一网络请求信息是在字典dict中的,客户端首先从字典dict中获取时间参数的字符串,比如,所述时间参数的字符串可以为e=14696&method=get-code&mobile=1355408****;其中,e,method,mobile是一个字典dict的键值key;1469,get-code,1355408****是字典dict的数值value。其中,所述第一网络请求信息是统一资源定位符URL。Because the first network request information is in the dictionary dict, the client first obtains the time parameter string from the dictionary dict. For example, the time parameter string can be e=14696&method=get-code&mobile=1355408*** *; where e, method, mobile is the key value of a dictionary dict; 1469, get-code, 1355408**** is the numeric value of the dictionary dict. Wherein, the first network request information is a uniform resource locator URL.
当获取到时间参数字符串的所有的键值key后,按照预设的第一排序规则对所述键值key进行排序,获取键值数组;所述第一排序规则可以利用ortedArrayUsingComparator排序方法生成,利用ortedArrayUsingComparator排序方法即可生成一个有顺序的键值数组array。所述键值数组array中的键值key可以是按照升序排序,也可以是按照降序排序,本实施例中是按照升序a-z进行排序。After obtaining all the key value keys of the time parameter string, sort the key value keys according to the preset first sorting rule to obtain a key value array; the first sorting rule can be generated by using the sortedArrayUsingComparator sorting method, Use the sortedArrayUsingComparator sorting method to generate an ordered key-value array array. The key value keys in the key value array array may be sorted in ascending order, or may be sorted in descending order, and in this embodiment, the sorting is in ascending order a-z.
当获取到键值数组后,利用所述键值与所述数值之间的映射关系将所述键值数组转换为所述数值的字符串,将所述数值的字符串与服务器地址进行拼接获取所述第二网络请求信息;利用对称加密算法从所述第二网络请求信息中获取所述第一接口参数。After the key-value array is obtained, the key-value array is converted into a string of the numerical value by using the mapping relationship between the key value and the numerical value, and the string of the numerical value is spliced with the server address to obtain the second network request information; and obtain the first interface parameter from the second network request information by using a symmetric encryption algorithm.
具体地,利用objectAtIndex方法取出键值数组中的第一个键值key1,利用映射关系通过所述第一个键值key1从字典dict中取出第一个数值value1,然后将第一个键值key1和第一个数值value1拼接成一个新的字符串dictvaluestr1;依此类推,将所有的键值都转化为dictvaluestr类型的字符串,最后将所有dictvaluestr类型的字符串进行拼接,形成所述数值的字符串。Specifically, the objectAtIndex method is used to extract the first key value key1 in the key value array, the first value value1 is extracted from the dictionary dict through the first key value key1 by using the mapping relationship, and then the first key value key1 Concatenate with the first value value1 into a new string dictvaluestr1; and so on, convert all key values into strings of type dictvaluestr, and finally concatenate all strings of type dictvaluestr to form the character of the value string.
然后将数值的字符串与服务器地址的path部分进行拼接形成第二网络请求信息Sorturl;其中,所述第二网络请求信息其实也是一个URL,但于所述第一网络请求信息不同;所述服务器地址包括:path部分和查询字符串query_string部分。例如,将dictvaluestr1、dictvaluestr2等字符串与http://服务器地址/api进行拼接即形成第二网络请求信息Sorturl。所述http://服务器地址/api即为所述服务器地址的path部分。Then the numerical string and the path part of the server address are spliced to form the second network request information Sorturl; wherein, the second network request information is actually a URL, but different from the first network request information; the server The address includes: the path part and the query_string part of the query string. For example, the second network request information Sorturl is formed by splicing strings such as dictvaluestr1 and dictvaluestr2 with http://server address/api . The http://server address/api is the path part of the server address.
获取到第二网络请求信息Sorturl后,利用对称加密算法从所述第二网络请求信息中获取所述第一接口参数。其中,所述对称加密算法可以是MD5算法中的getNewToken函数。所述第一接口参数为客户端计算得出的令牌token值。After acquiring the second network request information Sorturl, use a symmetric encryption algorithm to acquire the first interface parameter from the second network request information. The symmetric encryption algorithm may be the getNewToken function in the MD5 algorithm. The first interface parameter is the token value calculated by the client.
具体地,解析所述第二网络请求信息Sorturl,获取服务器地址前半部分path部分及第一查询字符串query_string1;Specifically, the second network request information Sorturl is parsed to obtain the first half path part of the server address and the first query string query_string1;
将所述第一查询字符串query_string1中的参数按照预设的第二排序规则进行排序,然后将第一查询字符串query_string1中的参数按顺序插入“=”和“&”进行加密形成所述第二查询字符串query_string2。其中,所述第二排序规则可以是按照名称排序。Sort the parameters in the first query string query_string1 according to the preset second sorting rule, and then insert the parameters in the first query string query_string1 into "=" and "&" in order to encrypt to form the first query string. The second query string query_string2. Wherein, the second sorting rule may be sorting by name.
根据所述第二查询字符串query_string2生成第四网络请求信息;具体地,利用字符串拼接的方式,拼接服务器地址的前半部分path部分和第二查询字符串query_string2,并在path部分和第二查询字符串部分query_string2之间插入“?”进行加密,形成第四网络请求信息urll。The fourth network request information is generated according to the second query string query_string2; specifically, the first half path part of the server address is spliced with the second query string query_string2 by using the method of string splicing, and the path part and the second query string are spliced together. Insert "?" between the string part query_string2 for encryption to form the fourth network request information urll.
利用对称算法基于更新后的所述第四网络请求信息中的第二查询字符query_string2生成摘要信息digest;其中,所述摘要信息digest中第一个参数是私钥SECRET_KEY,第二个参数即为第四网络请求信息url1。其中,本实施例中的对称算法是HMAC_SHA1算法。A symmetric algorithm is used to generate digest information digest based on the second query character query_string2 in the updated fourth network request information; wherein, the first parameter in the digest information digest is the private key SECRET_KEY, and the second parameter is the first parameter Four network request information url1. The symmetric algorithm in this embodiment is the HMAC_SHA1 algorithm.
获取到摘要信息digest后,对所述摘要信息digest进行加密处理;具体地,对摘要信息digest进行base64编码处理,将编码处理后的摘要信息digest进行安全处理,比如将摘要信息digest中的字符“/”替换成“_”;将字符“+”替换成“-”;当然,这只是其中的一种替换方式,在此不做限定。After obtaining the digest information digest, perform encryption processing on the digest information digest; specifically, perform base64 encoding processing on the digest information digest, and perform security processing on the encoded digest information digest, for example, the characters in the digest information digest are "" /" is replaced with "_"; the character "+" is replaced with "-"; of course, this is only one of the replacement methods, which is not limited here.
最后将预设密钥的明文信息ACCESS_KEY与加密处理后的摘要信息digest进行拼接,所述明文信息与加密处理后的摘要信息digest之间通过“:”连接,形成所述第一接口参数。Finally, the plaintext information ACCESS_KEY of the preset key is spliced with the encrypted digest information digest, and the plaintext information and the encrypted digest information digest are connected by ":" to form the first interface parameter.
S302,根据所述第二网络请求信息及所述第一接口参数生成第三网络请求信息。S302. Generate third network request information according to the second network request information and the first interface parameter.
本步骤中,当生成第一接口参数之后,根据所述第二网络请求信息Sorturl及所述第一接口参数生成第三网络请求信息;具体地是将第一接口参数拼接值所述第二网络请求信息Sorturl之后,即形成所述第三网络请求信息TokenUrl,比如,所述第三网络请求信息TokenUrl=http://服务器地址/api?e=14696&method=get-code&mobile=1355408****%%%%%&token=********************;其中,所述第三网络请求信息为统一资源定位符,且所述第一网络请求信息、所述第二网络请求信息及所述第三网络请求信息不同。In this step, after the first interface parameter is generated, third network request information is generated according to the second network request information Sorturl and the first interface parameter; specifically, the first interface parameter is spliced to the value of the second network request After requesting the information Sorturl, the third network request information TokenUrl is formed, for example, the third network request information TokenUrl=http://server address/api? e=14696&method=get-code&mobile=1355408****%%%%%&token=********************; wherein, the third network requests information is a uniform resource locator, and the first network request information, the second network request information and the third network request information are different.
S303,将所述第三网络请求信息发送至服务器。S303: Send the third network request information to a server.
本步骤中,当客户端生成第三网络请求信息后,并将所述第三网络请求信息TokenUrl发送至服务器。In this step, after the client generates the third network request information, it sends the third network request information TokenUrl to the server.
当所述服务器接收到第三网络请求信息TokenUrl后,通过Token关键字对所述第三网络请求信息TokenUrl进行解析,获取第三网络请求信息TokenUrl中Token后的值,基于所述Token后的值利用与客户端获取第一接口参数Token同样的方法获取第二接口参数,并判断所述第一接口参数与所述第二接口参数是否一致,若确定所述第一接口参数及所述第二接口参数一致时,向所述客户端发送所述验证信息。这里,所述第二接口参数是服务器计算出的令牌token值,因服务器获取第二接口参数与客户端获取第一接口参数的过程一样,在此不再赘述。After receiving the third network request information TokenUrl, the server parses the third network request information TokenUrl through the Token keyword, and obtains the value after the Token in the third network request information TokenUrl, based on the value after the Token Use the same method as the client to obtain the first interface parameter Token to obtain the second interface parameter, and determine whether the first interface parameter and the second interface parameter are consistent, if the first interface parameter and the second interface parameter are determined When the interface parameters are consistent, the verification information is sent to the client. Here, the second interface parameter is the token value calculated by the server, because the process of acquiring the second interface parameter by the server is the same as that of the client acquiring the first interface parameter, and details are not repeated here.
并且,在向所述客户端发送验证信息时,为了避免频繁恶意发送,需要按照预设的发送次数进行发送。所述预设的发送次数可以根据实际场景进行设置,本实施例中设置的发送次数为10次。Moreover, when sending the verification information to the client, in order to avoid frequent malicious sending, the sending needs to be performed according to the preset sending times. The preset number of times of sending may be set according to actual scenarios, and the set number of times of sending in this embodiment is 10 times.
实施例三Embodiment 3
相应于实施例一,本实施例提供了一种发送验证信息的系统,参见图1,所述系统包括:客户端101和服务器102;在发送验证信息时,具体实现如下:Corresponding to the first embodiment, this embodiment provides a system for sending verification information. Referring to FIG. 1, the system includes: a
所述客户端101获取第一网络请求信息,获取到第一网络请求信息后,根据所述第一网络请求信息生成第二网络请求信息及第一接口参数,具体包括:The
因第一网络请求信息URL是在字典dict中的,客户端101首先从字典dict中获取时间参数的字符串,比如,所述时间参数的字符串可以为e=14696&method=get-code&mobile=1355408****;其中,e,method,mobile是一个字典dict的键值key;1469,get-code,1355408****是字典dict的数值value。其中,所述第一网络请求信息是统一资源定位符URL。Because the URL of the first network request information is in the dictionary dict, the
当获取到时间参数字符串的所有的键值key后,按照预设的第一排序规则对所述键值key进行排序,获取键值数组;所述第一排序规则可以利用ortedArrayUsingComparator排序方法生成,利用ortedArrayUsingComparator排序方法即可生成一个有顺序的键值数组array。所述键值数组array中的键值key可以是按照升序排序,也可以是按照降序排序,本实施例中是按照升序a-z进行排序。After obtaining all the key value keys of the time parameter string, sort the key value keys according to the preset first sorting rule to obtain a key value array; the first sorting rule can be generated by using the sortedArrayUsingComparator sorting method, Use the sortedArrayUsingComparator sorting method to generate an ordered key-value array array. The key value keys in the key value array array may be sorted in ascending order, or may be sorted in descending order, and in this embodiment, the sorting is in ascending order a-z.
当获取到键值数组后,利用所述键值与所述数值之间的映射关系将所述键值数组转换为所述数值的字符串,将所述数值的字符串与服务器地址进行拼接获取所述第二网络请求信息;利用对称加密算法从所述第二网络请求信息中获取所述第一接口参数。After the key-value array is obtained, the key-value array is converted into a string of the numerical value by using the mapping relationship between the key value and the numerical value, and the string of the numerical value is spliced with the server address to obtain the second network request information; and obtain the first interface parameter from the second network request information by using a symmetric encryption algorithm.
具体地,利用objectAtIndex方法取出键值数组中的第一个键值key1,利用映射关系通过所述第一个键值key1从字典dict中取出第一个数值value1,然后将第一个键值key1和第一个数值value1拼接成一个新的字符串dictvaluestr1;依此类推,将所有的键值都转化为dictvaluestr类型的字符串,最后将所有dictvaluestr类型的字符串进行拼接,形成所述数值的字符串。Specifically, the objectAtIndex method is used to extract the first key value key1 in the key value array, the first value value1 is extracted from the dictionary dict through the first key value key1 by using the mapping relationship, and then the first key value key1 Concatenate with the first value value1 into a new string dictvaluestr1; and so on, convert all key values into strings of type dictvaluestr, and finally concatenate all strings of type dictvaluestr to form the character of the value string.
然后将数值的字符串与服务器地址的path部分进行拼接形成第二网络请求信息Sorturl;其中,所述第二网络请求信息其实也是一个URL,但于所述第一网络请求信息不同;所述服务器地址包括:path部分和查询字符串query_string部分。例如,将dictvaluestr1、dictvaluestr2等字符串与http://服务器地址/api进行拼接即形成第二网络请求信息Sorturl。所述http://服务器地址/api即为所述服务器地址的path部分。Then the numerical string and the path part of the server address are spliced to form the second network request information Sorturl; wherein, the second network request information is actually a URL, but different from the first network request information; the server The address includes: the path part and the query_string part of the query string. For example, the second network request information Sorturl is formed by splicing strings such as dictvaluestr1 and dictvaluestr2 with http://server address/api . The http://server address/api is the path part of the server address.
获取到第二网络请求信息Sorturl后,利用对称加密算法从所述第二网络请求信息中获取所述第一接口参数。其中,所述对称加密算法可以是MD5算法中的getNewToken函数。所述第一接口参数为客户端计算得出的令牌token值。After acquiring the second network request information Sorturl, use a symmetric encryption algorithm to acquire the first interface parameter from the second network request information. The symmetric encryption algorithm may be the getNewToken function in the MD5 algorithm. The first interface parameter is the token value calculated by the client.
具体地,解析所述第二网络请求信息Sorturl,获取服务器地址前半部分path部分及第一查询字符串query_string1;Specifically, the second network request information Sorturl is parsed to obtain the first half path part of the server address and the first query string query_string1;
将所述第一查询字符串query_string1中的参数按照预设的第二排序规则进行排序,然后将第一查询字符串query_string1中的参数按顺序插入“=”和“&”进行加密形成所述第二查询字符串query_string2。其中,所述第二排序规则可以是按照名称排序。Sort the parameters in the first query string query_string1 according to the preset second sorting rule, and then insert the parameters in the first query string query_string1 into "=" and "&" in order to encrypt to form the first query string. 2. The query string query_string2. Wherein, the second sorting rule may be sorting by name.
根据所述第二查询字符串query_string2生成第四网络请求信息;具体地,利用字符串拼接的方式,拼接服务器地址的前半部分path部分和第二查询字符串query_string2,并在path部分和第二查询字符串部分query_string2之间插入“?”进行加密,形成第四网络请求信息urll。The fourth network request information is generated according to the second query string query_string2; specifically, the first half path part of the server address is spliced with the second query string query_string2 by using the method of string splicing, and the path part and the second query string are spliced together. Insert "?" between the string part query_string2 for encryption to form the fourth network request information urll.
利用对称算法基于更新后的所述第四网络请求信息中的第二查询字符query_string2生成摘要信息digest;其中,所述摘要信息digest中第一个参数是私钥SECRET_KEY,第二个参数即为第四网络请求信息url1。其中,本实施例中的对称算法是HMAC_SHA1算法。A symmetric algorithm is used to generate digest information digest based on the second query character query_string2 in the updated fourth network request information; wherein, the first parameter in the digest information digest is the private key SECRET_KEY, and the second parameter is the first parameter Four network request information url1. The symmetric algorithm in this embodiment is the HMAC_SHA1 algorithm.
获取到摘要信息digest后,对所述摘要信息digest进行加密处理;具体地,对摘要信息digest进行base64编码处理,将编码处理后的摘要信息digest进行安全处理,比如将摘要信息digest中的字符“/”替换成“_”;将字符“+”替换成“-”;当然,这只是其中的一种替换方式,在此不做限定。After obtaining the digest information digest, perform encryption processing on the digest information digest; specifically, perform base64 encoding processing on the digest information digest, and perform security processing on the encoded digest information digest, for example, the characters in the digest information digest are "" /" is replaced with "_"; the character "+" is replaced with "-"; of course, this is only one of the replacement methods, which is not limited here.
最后将预设密钥的明文信息ACCESS_KEY与加密处理后的摘要信息digest进行拼接,所述明文信息与加密处理后的摘要信息digest之间通过“:”连接,形成所述第一接口参数。Finally, the plaintext information ACCESS_KEY of the preset key is spliced with the encrypted digest information digest, and the plaintext information and the encrypted digest information digest are connected by ":" to form the first interface parameter.
当生成第一接口参数之后,根据所述第二网络请求信息Sorturl及所述第一接口参数生成第三网络请求信息;具体地是将第一接口参数拼接值所述第二网络请求信息Sorturl之后,即形成所述第三网络请求信息TokenUrl,并将所述第三网络请求信息TokenUrl发送至服务器。其中,所述第三网络请求信息为统一资源定位符,且所述第一网络请求信息、所述第二网络请求信息及所述第三网络请求信息不同。After the first interface parameter is generated, third network request information is generated according to the second network request information Sorturl and the first interface parameter; specifically, after the first interface parameter is spliced to the second network request information Sorturl , that is, the third network request information TokenUrl is formed, and the third network request information TokenUrl is sent to the server. The third network request information is a uniform resource locator, and the first network request information, the second network request information and the third network request information are different.
比如,所述第三网络请求信息TokenUrl=http://服务器地址/api?e=14696&method=get-code&mobile=1355408****%%%%%&token=********************For example, the third network request information TokenUrl=http://server address/api? e=14696&method=get-code&mobile=1355408****%%%%%&token=********************
当所述服务器102接收到第三网络请求信息TokenUrl后,通过Token关键字对所述第三网络请求信息TokenUrl进行解析,获取第三网络请求信息TokenUrl中Token后的值,基于所述Token后的值利用与客户端获取第一接口参数同样的方法获取第二接口参数,并判断所述第一接口参数与所述第二接口参数是否一致,若确定所述第一接口参数及所述第二接口参数一致时,向所述客户端101发送所述验证信息。这里,所述第二接口参数是服务器计算出的令牌token值,因服务器102获取第二接口参数与客户端101获取第一接口参数的过程一样,在此不再赘述。After receiving the third network request information TokenUrl, the server 102 parses the third network request information TokenUrl through the Token keyword, and obtains the value after the Token in the third network request information TokenUrl, based on the value after the Token The value obtains the second interface parameter by the same method as the client obtains the first interface parameter, and judges whether the first interface parameter and the second interface parameter are consistent, if the first interface parameter and the second interface parameter are determined When the interface parameters are consistent, the verification information is sent to the
并且,在向所述客户端101发送验证信息时,为了避免频繁恶意发送,需要按照预设的发送次数进行发送。所述预设的发送次数可以根据实际场景进行设置,本实施例中设置的发送次数为10次。Moreover, when sending the verification information to the
实施例四Embodiment 4
相应于实施例二,本实施例还提供一种客户端,如图4所示,所述客户端包括:获取单元41、第一生成单元42、第二生成单元43、发送单元44;其中,Corresponding to the second embodiment, this embodiment also provides a client. As shown in FIG. 4 , the client includes: an obtaining unit 41, a first generating unit 42, a second generating unit 43, and a sending unit 44; wherein,
所述获取单元41用于获取第一网络请求信息;因第一网络请求信息是在字典dict中的,客户端首先从字典dict中获取时间参数的字符串,比如,所述时间参数的字符串可以为e=14696&method=get-code&mobile=1355408****;其中,e,method,mobile是一个字典dict的键值key;1469,get-code,1355408****是字典dict的数值value。其中,所述第一网络请求信息是统一资源定位符URL。The obtaining unit 41 is used to obtain the first network request information; because the first network request information is in the dictionary dict, the client first obtains the character string of the time parameter from the dictionary dict, for example, the character string of the time parameter It can be e=14696&method=get-code&mobile=1355408****; wherein, e, method, mobile is the key value of a dictionary dict; 1469, get-code, 1355408**** is the numerical value of the dictionary dict. Wherein, the first network request information is a uniform resource locator URL.
当所述获取单元41获取到第一网络请求信息后,第一生成单元42用于根据所述第一网络请求信息生成第二网络请求信息及第一接口参数。After the acquiring unit 41 acquires the first network request information, the first generating unit 42 is configured to generate the second network request information and the first interface parameter according to the first network request information.
具体地,参见图5,所述第一生成单元42包括:第一获取子单元51、转换子单元52、拼接子单元53及第二获取子单元54;其中,Specifically, referring to FIG. 5 , the first generation unit 42 includes: a first acquisition subunit 51, a conversion subunit 52, a splicing subunit 53 and a second acquisition subunit 54; wherein,
当第一获取子单元51获取到时间参数字符串的所有的键值key后,按照预设的第一排序规则对所述键值key进行排序,获取键值数组;所述第一排序规则可以利用ortedArrayUsingComparator排序方法生成,利用ortedArrayUsingComparator排序方法即可生成一个有顺序的键值数组array。所述键值数组array中的键值key可以是按照升序排序,也可以是按照降序排序,本实施例中是按照升序a-z进行排序。After the first obtaining subunit 51 obtains all the key value keys of the time parameter string, it sorts the key value keys according to the preset first sorting rule, and obtains a key value array; the first sorting rule may be Use ortedArrayUsingComparator sorting method to generate, use ortedArrayUsingComparator sorting method to generate an ordered array of key values. The key value keys in the key value array array may be sorted in ascending order, or may be sorted in descending order, and in this embodiment, the sorting is in ascending order a-z.
当获取到键值数组后,所述转换子单元52利用所述键值与所述数值之间的映射关系将所述键值数组转换为所述数值的字符串,所述拼接子单元53用于将所述数值的字符串与服务器地址进行拼接获取所述第二网络请求信息;所述第二获取子单元54利用对称加密算法从所述第二网络请求信息中获取所述第一接口参数。After acquiring the key value array, the conversion subunit 52 converts the key value array into a string of the numerical value by using the mapping relationship between the key value and the numerical value, and the splicing subunit 53 uses The second network request information is obtained by splicing the string of the numerical value with the server address; the second obtaining subunit 54 uses a symmetric encryption algorithm to obtain the first interface parameter from the second network request information .
具体地,所述转换子单元52利用objectAtIndex方法取出键值数组中的第一个键值key1,利用映射关系通过所述第一个键值key1从字典dict中取出第一个数值value1,然后将第一个键值key1和第一个数值value1拼接成一个新的字符串dictvaluestr1;依此类推,将所有的键值都转化为dictvaluestr类型的字符串,最后将所有dictvaluestr类型的字符串进行拼接,形成所述数值的字符串。Specifically, the conversion subunit 52 uses the objectAtIndex method to retrieve the first key value key1 in the key value array, and uses the mapping relationship to retrieve the first value value1 from the dictionary dict through the first key value key1, and then converts the The first key value key1 and the first value value1 are spliced into a new string dictvaluestr1; and so on, all key values are converted into strings of type dictvaluestr, and finally all strings of type dictvaluestr are spliced together, A string forming the numerical value.
然后所述拼接子单元53将数值的字符串与服务器地址的path部分进行拼接形成第二网络请求信息Sorturl;其中,所述第二网络请求信息其实也是一个URL,但于所述第一网络请求信息不同;所述服务器地址包括:path部分和查询字符串query_string部分。例如,将dictvaluestr1、dictvaluestr2等字符串与http://服务器地址/api进行拼接即形成第二网络请求信息Sorturl。所述http://服务器地址/api即为所述服务器地址的path部分。Then the splicing subunit 53 splices the numerical string and the path part of the server address to form the second network request information Sorturl; wherein, the second network request information is actually a URL, but the first network request The information is different; the server address includes: the path part and the query_string part of the query string. For example, the second network request information Sorturl is formed by splicing strings such as dictvaluestr1 and dictvaluestr2 with http://server address/api . The http://server address/api is the path part of the server address.
当所述第二获取子单元54获取到第二网络请求信息Sorturl后,利用对称加密算法从所述第二网络请求信息中获取所述第一接口参数Token。其中,所述对称加密算法可以是MD5算法中的getNewToken函数。所述第一接口参数为客户端计算得出的令牌token值。After the second obtaining subunit 54 obtains the second network request information Sorturl, it uses a symmetric encryption algorithm to obtain the first interface parameter Token from the second network request information. The symmetric encryption algorithm may be the getNewToken function in the MD5 algorithm. The first interface parameter is the token value calculated by the client.
这里,所述第二获取子单元54获取到第二网络请求信息Sorturl后,利用对称加密算法从所述第二网络请求信息中获取所述第一接口参数Token具体包括:Here, after the second obtaining subunit 54 obtains the second network request information Sorturl, using a symmetric encryption algorithm to obtain the first interface parameter Token from the second network request information specifically includes:
所述第二获取子单元54解析所述第二网络请求信息Sorturl,获取服务器地址前半部分path部分及第一查询字符串query_string1;The second obtaining subunit 54 parses the second network request information Sorturl, and obtains the first half path part of the server address and the first query string query_string1;
将所述第一查询字符串query_string1中的参数按照预设的第二排序规则进行排序,然后将第一查询字符串query_string1中的参数按顺序插入“=”和“&”进行加密形成所述第二查询字符串query_string2。其中,所述第二排序规则可以是按照名称排序。Sort the parameters in the first query string query_string1 according to the preset second sorting rule, and then insert the parameters in the first query string query_string1 into "=" and "&" in order to encrypt to form the first query string. The second query string query_string2. Wherein, the second sorting rule may be sorting by name.
根据所述第二查询字符串query_string2生成第四网络请求信息;具体地,利用字符串拼接的方式,拼接服务器地址的前半部分path部分和第二查询字符串query_string2,并在path部分和第二查询字符串部分query_string2之间插入“?”进行加密,形成第四网络请求信息urll。The fourth network request information is generated according to the second query string query_string2; specifically, the first half path part of the server address is spliced with the second query string query_string2 by using the method of string splicing, and the path part and the second query string are spliced together. Insert "?" between the string part query_string2 for encryption to form the fourth network request information urll.
利用对称算法基于更新后的所述第四网络请求信息中的第二查询字符query_string2生成摘要信息digest;其中,所述摘要信息digest中第一个参数是私钥SECRET_KEY,第二个参数即为第四网络请求信息url1。其中,本实施例中的对称算法是HMAC_SHA1算法。A symmetric algorithm is used to generate digest information digest based on the second query character query_string2 in the updated fourth network request information; wherein, the first parameter in the digest information digest is the private key SECRET_KEY, and the second parameter is the first parameter Four network request information url1. The symmetric algorithm in this embodiment is the HMAC_SHA1 algorithm.
获取到摘要信息digest后,对所述摘要信息digest进行加密处理;具体地,对摘要信息digest进行base64编码处理,将编码处理后的摘要信息digest进行安全处理,比如将摘要信息digest中的字符“/”替换成“_”;将字符“+”替换成“-”;当然,这只是其中的一种替换方式,在此不做限定。After obtaining the digest information digest, perform encryption processing on the digest information digest; specifically, perform base64 encoding processing on the digest information digest, and perform security processing on the encoded digest information digest, for example, the characters in the digest information digest are "" /" is replaced with "_"; the character "+" is replaced with "-"; of course, this is only one of the replacement methods, which is not limited here.
最后将预设密钥的明文信息ACCESS_KEY与加密处理后的摘要信息digest进行拼接,所述明文信息与加密处理后的摘要信息digest之间通过“:”连接,形成所述第一接口参数。Finally, the plaintext information ACCESS_KEY of the preset key is spliced with the encrypted digest information digest, and the plaintext information and the encrypted digest information digest are connected by ":" to form the first interface parameter.
当所述第一生成单元42生成第一接口参数后,第二生成单元43用于根据所述第二网络请求信息及所述第一接口参数生成第三网络请求信息;具体地是将第一接口参数Token拼接值所述第二网络请求信息Sorturl之后,即形成所述第三网络请求信息TokenUrl,其中,所述第三网络请求信息为统一资源定位符,且所述第一网络请求信息、所述第二网络请求信息及所述第三网络请求信息不同。After the first generation unit 42 generates the first interface parameter, the second generation unit 43 is configured to generate third network request information according to the second network request information and the first interface parameter; After the interface parameter Token is concatenated with the second network request information Sorturl, the third network request information TokenUrl is formed, wherein the third network request information is a uniform resource locator, and the first network request information, The second network request information and the third network request information are different.
比如,所述第三网络请求信息TokenUrl=http://服务器地址/api?e=14696&method=get-code&mobile=1355408****%%%%%&token=********************For example, the third network request information TokenUrl=http://server address/api? e=14696&method=get-code&mobile=1355408****%%%%%&token=********************
所述发送单元44用于将所述第三网络请求信息发送至服务器,使得所述服务器能基于所述第三网络请求信息计算第二接口参数,并当确定所述第二接口参数及所述第一接口参数一致时,向所述客户端发送所述验证信息。The sending unit 44 is configured to send the third network request information to the server, so that the server can calculate the second interface parameter based on the third network request information, and when determining the second interface parameter and the When the first interface parameters are consistent, the verification information is sent to the client.
当所述服务器接收到第三网络请求信息TokenUrl后,通过Token关键字对所述第三网络请求信息TokenUrl进行解析,获取第三网络请求信息TokenUrl中Token后的值,基于所述Token后的值利用与客户端获取第一接口参数Token同样的方法获取第二接口参数,并判断所述第一接口参数与所述第二接口参数是否一致,若确定所述第一接口参数及所述第二接口参数一致时,向所述客户端发送所述验证信息。这里,所述第二接口参数是服务器计算出的令牌token值,因服务器获取第二接口参数Token1与客户端获取第一接口参数Token的过程一样,在此不再赘述。After receiving the third network request information TokenUrl, the server parses the third network request information TokenUrl through the Token keyword, and obtains the value after the Token in the third network request information TokenUrl, based on the value after the Token Use the same method as the client to obtain the first interface parameter Token to obtain the second interface parameter, and determine whether the first interface parameter and the second interface parameter are consistent, if the first interface parameter and the second interface parameter are determined When the interface parameters are consistent, the verification information is sent to the client. Here, the second interface parameter is the token value calculated by the server, because the process of acquiring the second interface parameter Token1 by the server is the same as that of the client acquiring the first interface parameter Token, and details are not repeated here.
并且,在向所述客户端发送验证信息时,为了避免频繁恶意发送,需要按照预设的发送次数进行发送。所述预设的发送次数可以根据实际场景进行设置,本实施例中设置的发送次数为10次。Moreover, when sending the verification information to the client, in order to avoid frequent malicious sending, the sending needs to be performed according to the preset sending times. The preset number of times of sending may be set according to actual scenarios, and the set number of times of sending in this embodiment is 10 times.
本发明提供的一个或多个实施例带来的有益效果是:The beneficial effects brought by one or more embodiments provided by the present invention are:
本发明提供了一种发送验证信息的方法及系统,所述方法包括:客户端获取第一网络请求信息;根据所述第一网络请求信息生成第二网络请求信息及第一接口参数;所述第一网络请求信息与所述第二网络请求信息为统一资源定位符,且所述第一网络请求信息与所述第二网络请求信息不同;将所述第二网络请求信息及所述第一接口参数进行拼接生成第三网络请求信息;将所述第三网络请求信息发送至服务器,使得所述服务器能基于所述第三网络请求信息计算第二接口参数,并判断所述第一接口参数与所述第二接口参数是否一致,若确定所述第二接口参数及所述第一接口参数一致时,向所述客户端发送所述验证信息;所述第一接口参数与所述第二接口参数为令牌值;如此,即使用户利用脚本软件抓取并更换第一网络请求信息中的电话号码,也不能频繁或攻击性地向该电话号码发送验证信息,并且,由于预设有发送的次数,即使用户随便编造一个有效的手机号码,不停地进行接收验证信息,但只要超过预设的发送次数时,就会被服务器忽略,这样就降低了恶意重发验证信息的几率,并且也无需输入难以辨认的验证码进行验证,进而提高了用户的操作效率。The present invention provides a method and system for sending verification information. The method includes: acquiring first network request information by a client; generating second network request information and first interface parameters according to the first network request information; The first network request information and the second network request information are uniform resource locators, and the first network request information and the second network request information are different; the second network request information and the first network request information are combined The interface parameters are spliced to generate third network request information; the third network request information is sent to the server, so that the server can calculate the second interface parameter based on the third network request information, and judge the first interface parameter Whether it is consistent with the second interface parameter, if it is determined that the second interface parameter and the first interface parameter are consistent, send the verification information to the client; the first interface parameter is the same as the second interface parameter. The interface parameter is the token value; in this way, even if the user uses the script software to grab and replace the phone number in the first network request information, the verification information cannot be sent to the phone number frequently or aggressively. Even if the user randomly makes up a valid mobile phone number and continuously receives verification information, it will be ignored by the server as long as the preset number of sending times is exceeded, which reduces the probability of maliciously resending verification information, and There is also no need to enter an illegible verification code for verification, thereby improving the user's operational efficiency.
以上所述,仅为本发明的较佳实施例而已,并非用于限定本发明的保护范围,凡在本发明的精神和原则之内所作的任何修改、等同替换和改进等,均应包含在本发明的保护范围之内。The above are only preferred embodiments of the present invention, and are not intended to limit the protection scope of the present invention. Any modifications, equivalent replacements and improvements made within the spirit and principles of the present invention shall be included in the within the protection scope of the present invention.
Claims (8)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611228347.7A CN108243172B (en) | 2016-12-27 | 2016-12-27 | A method and system for sending verification information |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611228347.7A CN108243172B (en) | 2016-12-27 | 2016-12-27 | A method and system for sending verification information |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108243172A CN108243172A (en) | 2018-07-03 |
| CN108243172B true CN108243172B (en) | 2020-08-04 |
Family
ID=62702639
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201611228347.7A Expired - Fee Related CN108243172B (en) | 2016-12-27 | 2016-12-27 | A method and system for sending verification information |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108243172B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112566121B (en) * | 2020-12-09 | 2023-03-24 | 北京深盾科技股份有限公司 | Method for preventing attack, server and storage medium |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101997880A (en) * | 2010-12-01 | 2011-03-30 | 湖南智源信息网络技术开发有限公司 | Method and device for verifying security of network page or interface |
| CN102868533A (en) * | 2012-09-13 | 2013-01-09 | 中科华核电技术研究院有限公司 | Method and system for verifying resource access authorization |
| CN103795692A (en) * | 2012-10-31 | 2014-05-14 | 中国电信股份有限公司 | Open authorization method, open authorization system and authentication and authorization server |
| CN104348849A (en) * | 2013-07-25 | 2015-02-11 | 腾讯科技(深圳)有限公司 | Instant communication key-value data issuing method, server, client and system |
| US9239912B1 (en) * | 2011-12-12 | 2016-01-19 | Google Inc. | Method, manufacture, and apparatus for content protection using authentication data |
| CN105407102A (en) * | 2015-12-10 | 2016-03-16 | 四川长虹电器股份有限公司 | Http request data reliability verification method |
| CN105703910A (en) * | 2016-04-18 | 2016-06-22 | 中邮建技术有限公司 | Dynamic password verifying method based on Wechat service number |
| CN105978878A (en) * | 2016-05-11 | 2016-09-28 | 腾讯科技(深圳)有限公司 | Webpage verification method and device |
| CN106161411A (en) * | 2015-04-27 | 2016-11-23 | 阿里巴巴集团控股有限公司 | A kind of webpage verification using data-hiding technology method and device |
-
2016
- 2016-12-27 CN CN201611228347.7A patent/CN108243172B/en not_active Expired - Fee Related
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101997880A (en) * | 2010-12-01 | 2011-03-30 | 湖南智源信息网络技术开发有限公司 | Method and device for verifying security of network page or interface |
| US9239912B1 (en) * | 2011-12-12 | 2016-01-19 | Google Inc. | Method, manufacture, and apparatus for content protection using authentication data |
| CN102868533A (en) * | 2012-09-13 | 2013-01-09 | 中科华核电技术研究院有限公司 | Method and system for verifying resource access authorization |
| CN103795692A (en) * | 2012-10-31 | 2014-05-14 | 中国电信股份有限公司 | Open authorization method, open authorization system and authentication and authorization server |
| CN104348849A (en) * | 2013-07-25 | 2015-02-11 | 腾讯科技(深圳)有限公司 | Instant communication key-value data issuing method, server, client and system |
| CN106161411A (en) * | 2015-04-27 | 2016-11-23 | 阿里巴巴集团控股有限公司 | A kind of webpage verification using data-hiding technology method and device |
| CN105407102A (en) * | 2015-12-10 | 2016-03-16 | 四川长虹电器股份有限公司 | Http request data reliability verification method |
| CN105703910A (en) * | 2016-04-18 | 2016-06-22 | 中邮建技术有限公司 | Dynamic password verifying method based on Wechat service number |
| CN105978878A (en) * | 2016-05-11 | 2016-09-28 | 腾讯科技(深圳)有限公司 | Webpage verification method and device |
Non-Patent Citations (2)
| Title |
|---|
| 基于验证机制的应用层DDoS攻击防御方法;魏冰,徐震;《计算机工程与设计》;20100326;全文 * |
| 防止恶意频繁发送短信验证码;joshua1830;《http://blog.csdn.net/joshua1830/article/details/51780768》;20160629;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108243172A (en) | 2018-07-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110224999B (en) | Information interaction method and device and storage medium | |
| CN104270338B (en) | Method and system for electronic identity registration and authentication login | |
| Garman et al. | Dancing on the lip of the volcano: Chosen ciphertext attacks on apple {iMessage} | |
| CN109726578B (en) | Dynamic two-dimensional code anti-counterfeiting solution | |
| CN105099692A (en) | Safety verification method, device, server and terminal | |
| CN106911684B (en) | An authentication method and system | |
| CN112511514A (en) | HTTP encrypted transmission method and device, computer equipment and storage medium | |
| CN105827582B (en) | A kind of communication encrypting method, device and system | |
| TW201724878A (en) | Website login method based on mobile phone short message and login system thereof | |
| CN103001770B (en) | A kind of user rs authentication method, server and system | |
| CN105359155B (en) | Using Compression to Break Password Attacks | |
| WO2021179518A1 (en) | Methods and apparatuses for oblivious transfer using trusted environment | |
| CN102685108A (en) | Method and device for adding and deciphering webpage enciphered data | |
| CN110839004A (en) | Method and apparatus for access authentication | |
| KR102421567B1 (en) | Internet access management service server capable of providing internet access management service based on terminal grouping and operating method thereof | |
| CN114650285B (en) | Method for multi-dimensional full-factor monitoring of real estate registration business | |
| CN119853935A (en) | Data transmission method, device, storage medium and equipment | |
| CN110266641B (en) | Information reading method, system, device, and computer-readable storage medium | |
| CN113517982B (en) | Password generation method, password execution method and terminal | |
| CN108270546A (en) | A kind of method and system of information transmission | |
| CN108243172B (en) | A method and system for sending verification information | |
| CN115567271A (en) | Authentication method and device, page skip method and device, electronic equipment and medium | |
| CN112953716B (en) | A method and device for generating and verifying a redemption code | |
| CN113761549B (en) | Interface safety control and verification method and device | |
| CN118473647B (en) | Mail encryption method, mail decryption device and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20200804 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |