CN113872974B

Movatterモバイル変換

Info

Publication number: CN113872974B
Application number: CN202111148118.5A
Authority: CN
Inventors: 张宗楚
Original assignee: Shenzhen Micropurchase Technology Co ltd
Current assignee: Shenzhen Micropurchase Technology Co ltd
Priority date: 2021-09-29
Filing date: 2021-09-29
Publication date: 2022-09-23
Anticipated expiration: 2041-09-29
Also published as: CN113872974A

Abstract

Translated fromChinese

一种网络会话加密的方法、服务器和计算机可读存储介质，客户端需要获取目标数据时，向服务器发送的服务请求中携带加密的当前令牌和当前时间戳，预先在服务器中存储客户端的加密方式，服务器通过该加密方式，对服务请求进行解密得到当前令牌和当前时间戳。服务器判断当前令牌和当前时间戳是否合法，其中，根据当前时间戳和该时间戳的上一个时间戳进行比较，确定当前时间戳是否合法，若当前令牌和当前时间戳合法，则服务器向客户端发送该目标数据。使得会话过程中进行鉴权的信息随着时间动态变化，非法者很难窃取到正确的令牌，网络会话中的信息不易破解，能够防止网络会话被假冒，提高了网络会话的安全性。技术方案容易实现和测试，实现成本低。

A method for encrypting a network session, a server and a computer-readable storage medium. When a client needs to obtain target data, a service request sent to the server carries an encrypted current token and a current timestamp, and the client's encrypted data is stored in the server in advance. method, the server decrypts the service request through this encryption method to obtain the current token and the current timestamp. The server judges whether the current token and the current timestamp are legal, wherein, according to the comparison between the current timestamp and the previous timestamp of the timestamp, to determine whether the current timestamp is legal, if the current token and the current timestamp are legal, the server sends the The client sends the target data. The authentication information during the session changes dynamically with time, it is difficult for an illegal person to steal the correct token, the information in the network session is not easy to crack, the network session can be prevented from being counterfeited, and the security of the network session is improved. The technical solution is easy to implement and test, and the implementation cost is low.

Description

Translated fromChinese

网络会话加密的方法、服务器和计算机可读存储介质Method, server and computer-readable storage medium for network session encryption

技术领域technical field

本申请涉及通信技术领域，具体涉及网络会话加密的方法、服务器和计算机可读存储介质。The present application relates to the field of communication technologies, and in particular, to a method, server and computer-readable storage medium for network session encryption.

背景技术Background technique

网络会话是指两个或多个网络通信设备之间临时的、交互式的信息交换。会话在某个时间点建立，然后在稍后的某个时间点被结束。A network session refers to a temporary, interactive exchange of information between two or more network communication devices. A session is established at a certain point in time and then ended at a later point in time.

在网络会话建立过程中，服务器在客户端发送的用户信息，例如，用户名和密码，鉴权通过以后，生成令牌(token)。服务器将该令牌发送给客户端，在网络会话过程中，客户端请求目标数据时发送该令牌，以使服务器通过该令牌进行鉴权，鉴权通过则服务器向客户端发送相应的目标数据。In the process of establishing a network session, the server generates a token (token) after the user information sent by the client, such as user name and password, is authenticated. The server sends the token to the client. During the network session, the client sends the token when requesting the target data, so that the server can authenticate through the token. After the authentication is passed, the server sends the corresponding target to the client. data.

然而，在网络会话过程中，令牌若被非法客户端获取到，则非法客户端可以通过该令牌获取到服务器中的目标数据，网络会话的安全性不高。However, during the network session, if the token is acquired by an illegal client, the illegal client can acquire the target data in the server through the token, and the security of the network session is not high.

发明内容SUMMARY OF THE INVENTION

本申请主要解决的技术问题是网络会话的安全性不高。The technical problem mainly solved by this application is that the security of the network session is not high.

根据第一方面，一种实施例中提供一种网络会话加密的方法，包括：According to a first aspect, an embodiment provides a method for encrypting a network session, including:

接收客户端发送的服务请求，所述服务请求用于请求获取目标数据，所述服务请求中携带第一密文；Receive a service request sent by the client, where the service request is used to request acquisition of target data, and the service request carries the first ciphertext;

通过加密算法和密钥对所述第一密文进行解密处理，得到当前令牌和当前时间戳；Decrypt the first ciphertext through an encryption algorithm and a key to obtain a current token and a current timestamp;

判断所述当前令牌和所述当前时间戳是否合法，其中，所述当前时间戳合法的判断条件是：所述当前时间戳晚于或等于所述当前时间戳的上一个时间戳，或者，所述当前时间戳比所述当前时间戳的上一个时间戳早的时间小于等于第一预设时长；Judging whether the current token and the current time stamp are legal, wherein the judgment condition for the legality of the current time stamp is: the current time stamp is later than or equal to the previous time stamp of the current time stamp, or, The time that the current time stamp is earlier than the previous time stamp of the current time stamp is less than or equal to a first preset duration;

若所述当前令牌和所述当前时间戳合法，向所述客户端发送所述目标数据。If the current token and the current timestamp are valid, the target data is sent to the client.

可选的，所述接收客户端发送的服务请求之前，还包括：Optionally, before receiving the service request sent by the client, the method further includes:

接收客户端发送的会话建立请求，所述会话建立请求中包含第二密文；receiving a session establishment request sent by the client, where the session establishment request includes the second ciphertext;

通过加密算法和密钥对所述第二密文进行解密处理，得到用户信息和原始时间戳；Decrypt the second ciphertext through an encryption algorithm and a key to obtain user information and an original timestamp;

对所述用户信息进行鉴权，确定所述用户信息合法，生成原始令牌；Authenticating the user information, determining that the user information is legal, and generating an original token;

通过所述加密算法和密钥对所述原始令牌进行加密处理，得到第三密文；Encrypt the original token with the encryption algorithm and the key to obtain a third ciphertext;

向所述客户端发送会话建立响应，所述会话建立响应中携带所述第三密文，以使所述客户端通过所述加密算法和密钥对所述第三密文进行解密处理，得到所述原始令牌，在网络会话中使用所述原始令牌进行鉴权。Send a session establishment response to the client, where the session establishment response carries the third ciphertext, so that the client decrypts the third ciphertext through the encryption algorithm and the key, and obtains The original token is used for authentication in the network session.

可选的，所述会话建立请求中还包含所述加密算法的标识信息；所述通过加密算法和密钥对所述第二密文进行解密处理，得到用户信息和原始时间戳之前，还包括：Optionally, the session establishment request also includes the identification information of the encryption algorithm; before the second ciphertext is decrypted by the encryption algorithm and the key to obtain the user information and the original timestamp, the method further includes: :

根据所述加密算法的标识信息，获取所述加密算法。Obtain the encryption algorithm according to the identification information of the encryption algorithm.

可选的，所述当前时间戳合法的判断条件是：确定所述当前时间戳比所述当前时间戳的上一个时间戳晚的时长小于第二预设时长，或者，所述当前时间戳比所述当前时间戳的上一个时间戳早的时间小于等于第一预设时长，向所述客户端发送所述目标数据；Optionally, the condition for judging that the current time stamp is legal is: it is determined that the time duration that the current time stamp is later than the previous time stamp of the current time stamp is less than a second preset time duration, or that the current time stamp is longer than the current time stamp. Send the target data to the client when the time earlier than the previous timestamp of the current timestamp is less than or equal to the first preset duration;

所述方法还包括：The method also includes:

确定所述当前时间戳比所述当前时间戳的上一个时间戳晚的时长大于等于第二预设时长，向所述客户端发送重新鉴权消息，所述重新鉴权消息用于指示所述客户端向所述服务器发送用户信息和当前时间戳。Determine that the time duration that the current time stamp is later than the previous time stamp of the current time stamp is greater than or equal to a second preset time duration, and send a re-authentication message to the client, where the re-authentication message is used to indicate the The client sends user information and the current timestamp to the server.

根据第二方面，一种实施例中提供一种网络会话加密的方法，包括：According to a second aspect, an embodiment provides a method for encrypting a network session, including:

获取当前令牌；get the current token;

通过加密算法和密钥对所述当前令牌和当前时间戳进行加密处理，得到第一密文；Encrypting the current token and the current timestamp through an encryption algorithm and a key to obtain a first ciphertext;

向服务器发送服务请求，所述服务请求用于请求获取目标数据，所述服务请求中携带所述第一密文，以使所述服务器通过所述加密算法和所述密钥对所述第一密文进行解密处理，得到所述当前令牌和所述当前时间戳，判断所述当前令牌和所述当前时间戳是否合法，其中，所述当前时间戳合法的判断条件是：所述当前时间戳晚于或等于所述当前时间戳的上一个时间戳，或者，所述当前时间戳比所述当前时间戳的上一个时间戳早的时间小于等于第一预设时长；若所述当前令牌和所述当前时间戳合法，向客户端发送所述目标数据；Send a service request to the server, where the service request is used to request to obtain target data, and the first ciphertext is carried in the service request, so that the server can pair the first ciphertext with the encryption algorithm and the key The ciphertext is decrypted to obtain the current token and the current time stamp, and judge whether the current token and the current time stamp are legal. The timestamp is later than or equal to the previous timestamp of the current timestamp, or the current timestamp is earlier than the previous timestamp of the current timestamp and is less than or equal to the first preset duration; if the current timestamp The token and the current timestamp are valid, and the target data is sent to the client;

接收所述服务器发送的所述目标数据。The target data sent by the server is received.

可选的，所述获取当前令牌包括：Optionally, the obtaining the current token includes:

通过加密算法和密钥对用户信息和原始时间戳进行加密处理，得到第二密文；Encrypt the user information and the original timestamp through the encryption algorithm and key to obtain the second ciphertext;

向服务器发送会话建立请求，所述会话建立请求中包含所述第二密文，以使所述服务器通过所述加密算法和所述密钥对所述第二密文进行解密处理，得到用户信息和原始时间戳，对所述用户信息进行鉴权，确定所述用户信息合法，生成令牌；通过所述目标加密算法和目标密钥对所述令牌进行加密处理，得到第三密文；Send a session establishment request to the server, where the session establishment request includes the second ciphertext, so that the server decrypts the second ciphertext through the encryption algorithm and the key to obtain user information and the original timestamp, authenticate the user information, determine that the user information is legal, and generate a token; encrypt the token through the target encryption algorithm and the target key to obtain a third ciphertext;

接收服务器发送的会话建立响应，所述会话建立响应中携带所述第三密文；receiving a session establishment response sent by the server, where the session establishment response carries the third ciphertext;

客户端通过所述加密算法和所述密钥对所述第三密文进行解密处理，得到当前令牌。The client decrypts the third ciphertext through the encryption algorithm and the key to obtain the current token.

可选的，所述通过加密算法和密钥对用户信息和原始时间戳进行加密处理，得到第二密文之前，还包括：Optionally, before obtaining the second ciphertext by encrypting the user information and the original timestamp with an encryption algorithm and a key, the method further includes:

确定加密算法；determine the encryption algorithm;

所述会话建立请求中还包含所述加密算法的标识信息，以使所述服务器根据所述加密算法的标识信息，获取所述加密算法。The session establishment request further includes identification information of the encryption algorithm, so that the server obtains the encryption algorithm according to the identification information of the encryption algorithm.

可选的，所述确定所述当前时间戳晚于或等于所述当前时间戳的上一个时间戳，或者，所述当前时间戳比所述当前时间戳的上一个时间戳早的时间小于等于第一预设时长，包括：Optionally, the determining that the current time stamp is later than or equal to the previous time stamp of the current time stamp, or the time that the current time stamp is earlier than the previous time stamp of the current time stamp is less than or equal to The first preset duration, including:

确定所述当前时间戳比所述当前时间戳的上一个时间戳晚的时长小于第二预设时长，或者，所述当前时间戳比所述当前时间戳的上一个时间戳早的时间小于等于第一预设时长；It is determined that the time period that the current time stamp is later than the last time stamp of the current time stamp is less than a second preset time period, or that the time period that the current time stamp is earlier than the last time stamp of the current time stamp is less than or equal to the first preset duration;

所述方法还包括：The method also includes:

接收服务器发送的重新鉴权消息，所述重新鉴权消息用于指示所述客户端向所述服务器发送用户信息和当前时间戳，所述重新鉴权消息为服务器在确定所述当前时间戳比所述当前时间戳的上一个时间戳晚的时长大于等于第二预设时长后发送的。Receive a re-authentication message sent by the server, where the re-authentication message is used to instruct the client to send the user information and the current timestamp to the server, and the re-authentication message is for the server to determine the ratio of the current timestamp to the server. It is sent after the time duration of the last time stamp of the current time stamp is greater than or equal to the second preset time duration.

根据第三方面，一种实施例中提供一种服务器，包括：According to a third aspect, an embodiment provides a server, including:

存储器，用于存储程序；memory for storing programs;

处理器，用于通过执行所述存储器存储的程序以实现如上述第一方面任一项所述的方法。A processor, configured to implement the method according to any one of the first aspect above by executing the program stored in the memory.

根据第四方面，一种实施例中提供一种计算机可读存储介质，所述介质上存储有程序，所述程序能够被处理器执行以实现如上述第一方面中任一项所述的方法，如上述第二方面中任一项所述的方法。According to a fourth aspect, an embodiment provides a computer-readable storage medium on which a program is stored, and the program can be executed by a processor to implement the method according to any one of the above-mentioned first aspects , the method according to any one of the above second aspects.

依据上述实施例的网络会话加密的方法、服务器和计算机可读存储介质，由于客户端需要获取目标数据时，向服务器发送的服务请求中携带加密的当前令牌和当前时间戳，预先在服务器中存储客户端的加密方式，服务器通过该加密方式，对服务请求进行解密得到当前令牌和当前时间戳。服务器判断当前令牌和当前时间戳是否合法，其中，根据当前时间戳和该时间戳的上一个时间戳进行比较，确定当前时间戳是否合法，若当前令牌和当前时间戳合法，则服务器向客户端发送该目标数据。从而通过当前令牌和当前时间戳共同来确定服务请求是否合法，由于时间戳具有单调递增特性，服务器每次收到的服务请求中携带的时间戳不相同，使得会话过程中进行鉴权的信息随着时间动态变化，具有时序性，非法者在不了解鉴权机制的情况下，很难窃取到正确的令牌，且冒用鉴权的信息的非法服务请求容易被识别，防止网络会话被假冒，提高了网络会话的安全性。另外，非法这对网络会话中的信息进行解密时需要同时获取到加密算法和密钥，使得网络会话中的信息不易破解，即使非法者获取到了加密算法和密钥，解密得到了当前令牌和当前时间戳，这样也将令非法者产生混淆，无法直接获取到当前令牌，从而提高了网络会话的安全性。再有，本实施例的技术方案容易实现和测试，实现成本比较低。According to the network session encryption method, server and computer-readable storage medium of the above-mentioned embodiments, when the client needs to obtain target data, the service request sent to the server carries the encrypted current token and current timestamp, which are stored in the server in advance. Stores the encryption method of the client, through which the server decrypts the service request to obtain the current token and current timestamp. The server judges whether the current token and the current time stamp are legal, wherein, according to the comparison between the current time stamp and the previous time stamp of the time stamp, to determine whether the current time stamp is legal, if the current token and the current time stamp are legal, the server sends the The client sends the target data. Therefore, the current token and the current timestamp are used to determine whether the service request is legal. Since the timestamp has a monotonically increasing characteristic, the timestamps carried in each service request received by the server are different, which makes the authentication information during the session process. With the dynamic change of time, it is time-sequential. It is difficult for an illegal person to steal the correct token without understanding the authentication mechanism, and the illegal service request fraudulently using the authentication information can be easily identified, preventing the network session from being hacked. Impersonation, which improves the security of network sessions. In addition, when the illegal person decrypts the information in the network session, it needs to obtain the encryption algorithm and key at the same time, which makes the information in the network session difficult to crack. Even if the illegal person obtains the encryption algorithm and key, the current token and key are decrypted. The current timestamp will also confuse illegal persons and cannot directly obtain the current token, thereby improving the security of the network session. Furthermore, the technical solution of this embodiment is easy to implement and test, and the implementation cost is relatively low.

附图说明Description of drawings

图1为本申请实施例提供的一种应用场景示意图；1 is a schematic diagram of an application scenario provided by an embodiment of the present application;

图2为本申请实施例提供的一种网络会话加密的方法的交互示意图；FIG. 2 is an interactive schematic diagram of a method for encrypting a network session provided by an embodiment of the present application;

图3为本申请实施例提供的另一种网络会话加密的方法的交互示意图；3 is an interactive schematic diagram of another method for encrypting a network session provided by an embodiment of the present application;

图4为本申请实施例提供的另一种网络会话加密的方法的交互示意图；FIG. 4 is an interactive schematic diagram of another method for encrypting a network session provided by an embodiment of the present application;

图5为本申请实施例提供的另一种网络会话加密的方法的交互示意图。FIG. 5 is an interactive schematic diagram of another method for encrypting a network session provided by an embodiment of the present application.

具体实施方式Detailed ways

下面通过具体实施方式结合附图对本申请作进一步详细说明。其中不同实施方式中类似元件采用了相关联的类似的元件标号。在以下的实施方式中，很多细节描述是为了使得本申请能被更好的理解。然而，本领域技术人员可以毫不费力的认识到，其中部分特征在不同情况下是可以省略的，或者可以由其他元件、材料、方法所替代。在某些情况下，本申请相关的一些操作并没有在说明书中显示或者描述，这是为了避免本申请的核心部分被过多的描述所淹没，而对于本领域技术人员而言，详细描述这些相关操作并不是必要的，他们根据说明书中的描述以及本领域的一般技术知识即可完整了解相关操作。The present application will be further described in detail below through specific embodiments in conjunction with the accompanying drawings. Wherein similar elements in different embodiments have used associated similar element numbers. In the following embodiments, many details are described so that the present application can be better understood. However, those skilled in the art will readily recognize that some of the features may be omitted under different circumstances, or may be replaced by other elements, materials, and methods. In some cases, some operations related to the present application are not shown or described in the specification, in order to avoid the core part of the present application from being overwhelmed by excessive description, and for those skilled in the art, these are described in detail. The relevant operations are not necessary, and they can fully understand the relevant operations according to the descriptions in the specification and general technical knowledge in the field.

另外，说明书中所描述的特点、操作或者特征可以以任意适当的方式结合形成各种实施方式。同时，方法描述中的各步骤或者动作也可以按照本领域技术人员所能显而易见的方式进行顺序调换或调整。因此，说明书和附图中的各种顺序只是为了清楚描述某一个实施例，并不意味着是必须的顺序，除非另有说明其中某个顺序是必须遵循的。Additionally, the features, acts, or characteristics described in the specification may be combined in any suitable manner to form various embodiments. At the same time, the steps or actions in the method description can also be exchanged or adjusted in order in a manner obvious to those skilled in the art. Therefore, the various sequences in the specification and drawings are only for the purpose of clearly describing a certain embodiment and are not meant to be a necessary order unless otherwise stated, a certain order must be followed.

本文中为部件所编序号本身，例如“第一”、“第二”等，仅用于区分所描述的对象，不具有任何顺序或技术含义。而本申请所说“连接”、“联接”，如无特别说明，均包括直接和间接连接(联接)。The serial numbers themselves, such as "first", "second", etc., for the components herein are only used to distinguish the described objects, and do not have any order or technical meaning. The "connection" and "connection" mentioned in this application, unless otherwise specified, include both direct and indirect connections (connections).

首先介绍本申请中涉及的名词。First, the terms involved in this application are introduced.

网络会话：是指两个或多个网络通信设备之间临时的、交互式的信息交换。会话在某个时间点建立，然后在稍后的某个时间点被结束。已建立的网络会话可能涉及每个方向的多个消息。会话通常是有状态的，也就是至少有一个通信方需要保存当前状态信息并保存关于会话历史的信息，以便能够进行通信，而不是无状态通信，在无状态通信中，通信由具有响应的独立请求组成。Network session: refers to the temporary, interactive exchange of information between two or more network communication devices. A session is established at a certain point in time and then ended at a later point in time. An established network session may involve multiple messages in each direction. Sessions are usually stateful, that is, at least one communicating party needs to keep current state information and keep information about the history of the session in order to be able to communicate, as opposed to stateless communication, where communication is handled by an independent party with a response. Request composition.

令牌：是指由网络会话的一端(通常是服务端，可以简称为S端)生成的一串字符串，以作网络会话的另一端(通常是客户端，可以简称为C端)进行服务请求的一个原始令牌，当C端第一次登录后，S端生成一个原始令牌，将此原始令牌返回给C端，以后客户端只需带上该原始令牌前来请求数据即可，无需再次携带上用户名和密码。Token: refers to a string of strings generated by one end of the network session (usually the server, which can be referred to as the S-side for short) to serve as the other end of the network session (usually the client, which can be referred to as the C-side for short) An original token requested, when the C side logs in for the first time, the S side generates an original token, and returns this original token to the C side. In the future, the client only needs to bring the original token to request data. Yes, you do not need to bring your username and password again.

下面介绍本申请提供的网络会话加密的方法适用的一种网络会话加密系统。The following introduces a network session encryption system to which the method for network session encryption provided by the present application is applicable.

请参见图1，图1为本申请实施例提供的一种应用场景示意图，如图1所示，网络会话加密系统包括：客户端101和服务器102。客户端101与服务器102通过网络连接。客户端101上可以运行应用程序，服务器102上可以存储服务数据。客户端101需要请求内容或者服务功能时，与服务器102建立网络会话，客户端101向服务器102发送服务请求，服务器102根据该服务请求，将服务数据发给客户端101。Please refer to FIG. 1 , which is a schematic diagram of an application scenario provided by an embodiment of the present application. As shown in FIG. 1 , the network session encryption system includes: aclient 101 and aserver 102 . Theclient 101 and theserver 102 are connected through a network. Application programs can be run on theclient 101, and service data can be stored on theserver 102. When theclient 101 needs to request content or service functions, it establishes a network session with theserver 102 , theclient 101 sends a service request to theserver 102 , and theserver 102 sends service data to theclient 101 according to the service request.

在网络会话过程中，服务器102需要确认客户端101具有相应权限，才能将相应服务数据发送给客户端101。在网络会话建立时，客户端101向服务器102发送用户信息，服务器102进行鉴权后，生成令牌，将该令牌发送给客户端101。在后续的网络会话交互过程中，客户端101每次向服务器102发送服务请求时，携带该令牌，服务器102对该令牌进行鉴权，鉴权通过以后，向客户端101发送相应的服务数据。During the network session, theserver 102 needs to confirm that theclient 101 has the corresponding authority before sending the corresponding service data to theclient 101 . When the network session is established, theclient 101 sends user information to theserver 102 , and theserver 102 generates a token after authentication, and sends the token to theclient 101 . In the subsequent network session interaction process, each time theclient 101 sends a service request to theserver 102, it carries the token, and theserver 102 authenticates the token. After the authentication is passed, it sends the corresponding service to theclient 101. data.

其中，客户端可以为手机、智能穿戴设备或平板电脑等用户设备，其上可以运行应用程序等。The client may be a user device such as a mobile phone, a smart wearable device, or a tablet computer, on which applications and the like may be run.

本申请实施例提供的网络会话加密的方法，客户端需要获取目标数据时，向服务器发送服务请求，服务请求中携带加密的当前令牌和当前时间戳，预先在服务器中存储客户端加密方式，服务器通过该加密方式，对服务请求进行解密得到当前令牌和当前时间戳。服务器对当前令牌和当前时间戳进行判断，确定其合法，再根据当前时间戳和该时间戳的上一个时间戳进行比较，从而确定该服务请求是否合法，若确定服务请求合法，则服务器向客户端发送该服务数据。从而通过当前令牌和当前时间戳共同来确定服务请求是否合法，由于时间在变化，服务器每次收到的服务请求中携带的时间戳不相同，使得会话过程中进行鉴权的信息随着时间变化，非法者在不了解鉴权机制的情况下，很难窃取到正确的令牌，且冒用鉴权的信息的非法服务请求容易被识别，提高了网络会话的安全性。In the network session encryption method provided by the embodiment of the present application, when the client needs to obtain target data, it sends a service request to the server, the service request carries the encrypted current token and the current timestamp, and the client encryption method is stored in the server in advance, Through this encryption method, the server decrypts the service request to obtain the current token and the current timestamp. The server judges the current token and the current timestamp to determine whether they are legal, and then compares the current timestamp with the previous timestamp of the timestamp to determine whether the service request is legal. The client sends the service data. Therefore, the current token and the current timestamp are used to determine whether the service request is legal. Since the time changes, the timestamps carried in each service request received by the server are different, so that the authentication information during the session changes with time. It is difficult for an illegal person to steal the correct token without understanding the authentication mechanism, and an illegal service request fraudulently using the authentication information can be easily identified, which improves the security of the network session.

下面以具体的实施例进行详细说明本申请提供的技术方案。The technical solutions provided by the present application are described in detail below with specific examples.

实施例一：Example 1:

请参考图2，图2为本申请实施例提供的一种网络会话加密的方法的交互示意图，本实施例中的客户端可以为上述图1所示实施例中的客户端101，本实施例中的服务器可以为上述图1所示实施例中的服务器102，本实施例的方法包括如下步骤：Please refer to FIG. 2. FIG. 2 is an interactive schematic diagram of a method for encrypting a network session provided by an embodiment of the present application. The client in this embodiment may be theclient 101 in the embodiment shown in FIG. 1. This embodiment The server in can be theserver 102 in the above-mentioned embodiment shown in FIG. 1 , and the method of this embodiment includes the following steps:

S201、客户端获取当前令牌。S201, the client obtains the current token.

其中，客户端获取的当前令牌为服务器生成的。获取的当前令牌可以为网络会话建立时，服务器生成并发送给客户端的。The current token obtained by the client is generated by the server. The obtained current token can be generated by the server and sent to the client when the network session is established.

S202、客户端通过加密算法和密钥对当前令牌和当前时间戳进行加密处理，得到第一密文。S202 , the client performs encryption processing on the current token and the current timestamp by using an encryption algorithm and a key to obtain a first ciphertext.

其中，服务器预先存储了该加密算法和密钥。示例性的，客户端为终端设备上安装的应用程序，为该应用程序提供相关服务的为服务器，在安装的应用程序中，可以预先存储加密算法和密钥，服务器也预先存储该加密算法和密钥。也就是说，该加密算法和密钥为服务器和客户端知晓的。The server pre-stores the encryption algorithm and key. Exemplarily, the client is an application installed on the terminal device, and the server provides related services for the application. In the installed application, the encryption algorithm and key may be pre-stored, and the server also pre-stores the encryption algorithm and key. key. That is, the encryption algorithm and key are known to the server and client.

可选的，加密算法可以为对称或非对称加密算法。Optionally, the encryption algorithm may be a symmetric or asymmetric encryption algorithm.

可选的，密钥可以为一个随机数。Optionally, the key can be a random number.

S203、客户端向服务器发送服务请求。S203, the client sends a service request to the server.

其中，服务请求用于请求获取目标数据，服务请求中携带第一密文。上述目标数据是服务器能够提供的服务数据。The service request is used to request acquisition of target data, and the service request carries the first ciphertext. The above target data is service data that the server can provide.

S204、服务器通过加密算法和密钥对第一密文进行解密处理，得到当前令牌和当前时间戳。S204, the server decrypts the first ciphertext by using the encryption algorithm and the key to obtain the current token and the current timestamp.

服务器通过预先存储的加密算法和密钥对第一密文进行解密处理，得到当前令牌和当前时间戳。The server decrypts the first ciphertext through the pre-stored encryption algorithm and key to obtain the current token and the current timestamp.

S205、服务器判断当前令牌和当前时间戳是否合法。S205, the server judges whether the current token and the current timestamp are legal.

其中，当前时间戳合法的判断条件是：当前时间戳晚于或等于当前时间戳的上一个时间戳，或者，当前时间戳比当前时间戳的上一个时间戳早的时间小于等于第一预设时长。Wherein, the judgment condition for the legality of the current timestamp is: the current timestamp is later than or equal to the previous timestamp of the current timestamp, or the time earlier than the previous timestamp of the current timestamp is less than or equal to the first preset time duration.

其中，服务请求中携带的时间戳为客户端生成服务请求时的时间，当前时间戳为服务器此次从当前收到的服务请求中解密得到的时间戳，当前时间戳的上一个时间戳为服务器对当前收到的服务请求的上一个收到的服务请求进行解密得到的时间戳。The timestamp carried in the service request is the time when the client generates the service request, the current timestamp is the timestamp decrypted by the server from the currently received service request this time, and the last timestamp of the current timestamp is the server The timestamp obtained by decrypting the last received service request of the currently received service request.

其中，第一预设时长为预先设定的，可以为任一时间长度，对此本申请不做限定。示例性的，网络会话可以采用传输控制协议(Transmission Control Protocol，TCP)进行数据传输，网络会话过程中可能出现丢包或者延迟等情况，通常延迟时间在2分钟以内，因此，充分考虑网络会话延迟的情况下，第一预设时长可以设置为2分钟或者3分钟。The first preset duration is preset, and may be any duration, which is not limited in this application. Exemplarily, a network session may use a Transmission Control Protocol (TCP) for data transmission, and packet loss or delay may occur during a network session. Usually, the delay time is within 2 minutes. Therefore, the network session delay should be fully considered. In the case of , the first preset duration can be set to 2 minutes or 3 minutes.

在一些场景中，网络会话过程中通信质量良好，当前时间戳晚于当前时间戳的上一个时间戳。在另一些场景中，网络会话过程中，可能出现丢包或者延迟等通信质量不良的情况，则可以在当前时间戳比当前时间戳的上一个时间戳早的时间小于等于第一预设时长时，认为当前时间戳合法。In some scenarios, the communication quality during the network session is good, and the current timestamp is later than the previous timestamp of the current timestamp. In other scenarios, during the network session, poor communication quality such as packet loss or delay may occur, then the time when the current timestamp is earlier than the previous timestamp of the current timestamp is less than or equal to the first preset duration , the current timestamp is considered valid.

若当前令牌和当前时间戳合法，继续执行S206。若当前令牌和/或当前时间戳不合法，继续执行S207。If the current token and the current timestamp are valid, continue to execute S206. If the current token and/or the current time stamp are invalid, continue to execute S207.

需要说明的是，S205中，判断当前令牌是否合法与判断当前时间戳是否合法的步骤没有先后顺序。可以先判断当前令牌是否法，若当前令牌合法，再判断当前时间戳是否合法；也可以先判断当前时间戳是否法，若当前时间戳合法，再判断当前令牌是否合法；还可以同时判断当前令牌和当前时间戳是否合法，对此，本申请不做限定。It should be noted that, in S205, the steps of judging whether the current token is valid and judging whether the current time stamp is valid have no order. You can first determine whether the current token is legal, if the current token is legal, then determine whether the current timestamp is legal; you can also first determine whether the current timestamp is legal, if the current timestamp is legal, then determine whether the current token is legal; you can also simultaneously It is determined whether the current token and the current timestamp are legal, which is not limited in this application.

其中，先判断当前令牌是否合法，若当前令牌合法，再判断当前时间戳是否合法，若当前令牌不合法，则可以直接确定该服务请求不合法，从而结束当前流程，不向客户端发送目标数据，从而使得判断流程简洁，服务器处理速度快。Among them, first determine whether the current token is legal, if the current token is legal, then determine whether the current timestamp is legal, if the current token is illegal, it can directly determine that the service request is illegal, thus ending the current process, and not to the client Send the target data, so that the judgment process is simple and the server processing speed is fast.

S206、服务器向客户端发送目标数据。S206, the server sends the target data to the client.

当前令牌和当前时间戳均合法，相当于鉴权通过，服务器向客户端发送目标数据。Both the current token and the current timestamp are legal, which means that the authentication is passed, and the server sends the target data to the client.

S207、服务器不向客户端发送目标数据。S207, the server does not send the target data to the client.

当前令牌和当前时间戳中有至少一个不合法时，相当于鉴权未通过，可以确定当前客户端为非法客户端，服务器不向客户端发送相应的目标数据，等待接收客户端发送的下一个服务器请求。When at least one of the current token and the current timestamp is invalid, it means that the authentication has not passed, and it can be determined that the current client is an illegal client. The server does not send the corresponding target data to the client, and waits to receive the following a server request.

本实施例，客户端需要获取目标数据时，向服务器发送服务请求，服务请求中携带加密的当前令牌和当前时间戳，预先在服务器中存储客户端的加密方式，服务器通过该加密方式，对服务请求进行解密得到当前令牌和当前时间戳。服务器判断当前令牌和当前时间戳是否合法，其中，根据当前时间戳和该时间戳的上一个时间戳进行比较，确定当前时间戳是否合法，若当前令牌和当前时间戳合法，则服务器向客户端发送该目标数据。从而通过当前令牌和当前时间戳共同来确定服务请求是否合法，由于时间戳具有单调递增特性，服务器每次收到的服务请求中携带的时间戳不相同，使得会话过程中进行鉴权的信息随着时间动态变化，具有时序性，非法者在不了解鉴权机制的情况下，很难窃取到正确的令牌，且冒用鉴权的信息的非法服务请求容易被识别，防止网络会话被假冒，提高了网络会话的安全性。另外，非法这对网络会话中的信息进行解密时需要同时获取到加密算法和密钥，使得网络会话中的信息不易破解，即使非法者获取到了加密算法和密钥，解密得到了当前令牌和当前时间戳，这样也将令非法者产生混淆，无法直接获取到当前令牌，从而提高了网络会话的安全性。再有，本实施例的技术方案容易实现和测试，实现成本比较低。In this embodiment, when the client needs to obtain the target data, it sends a service request to the server. The service request carries the encrypted current token and current timestamp, and the encryption method of the client is stored in the server in advance. Decrypt the request to get the current token and current timestamp. The server judges whether the current token and the current time stamp are legal, wherein, according to the comparison between the current time stamp and the previous time stamp of the time stamp, to determine whether the current time stamp is legal, if the current token and the current time stamp are legal, the server sends the The client sends the target data. Therefore, the current token and the current timestamp are used to determine whether the service request is legal. Since the timestamp has a monotonically increasing characteristic, the timestamps carried in each service request received by the server are different, which makes the authentication information during the session process. With the dynamic change of time, it is time-sequential. It is difficult for an illegal person to steal the correct token without understanding the authentication mechanism, and the illegal service request fraudulently using the authentication information can be easily identified, preventing the network session from being hacked. Impersonation, which improves the security of network sessions. In addition, when the illegal person decrypts the information in the network session, it needs to obtain the encryption algorithm and key at the same time, which makes the information in the network session difficult to crack. Even if the illegal person obtains the encryption algorithm and key, the current token and key are decrypted. The current timestamp will also confuse illegal persons and cannot directly obtain the current token, thereby improving the security of the network session. Furthermore, the technical solution of this embodiment is easy to implement and test, and the implementation cost is relatively low.

进一步地，若步骤S205中的判断结果为当前令牌和/或当前时间戳不合法时，一种可能的实现方式中，服务器可以不进行处理，即服务器不向客户端发送目标数据；另一种可能时实现方式中，在图2所示实施例的基础上，S207之后，还可以包括如下步骤：Further, if the judgment result in step S205 is that the current token and/or the current time stamp are invalid, in a possible implementation manner, the server may not perform processing, that is, the server does not send the target data to the client; another In a possible implementation manner, on the basis of the embodiment shown in FIG. 2, after S207, the following steps may also be included:

服务器向客户端发送鉴权错误通知。The server sends an authentication error notification to the client.

其中，该鉴权错误通知用于指示服务器无法发送相应的目标数据。The authentication error notification is used to indicate that the server cannot send the corresponding target data.

在一些实施例中，当前时间戳和上一次时间戳之间的间隔时间过长时，为了交互安全，客户端需要重新向服务器发送用户信息进行鉴权，也就是需要重新建立网络会话。下面以图3所示实施例进行详细说明。In some embodiments, when the interval between the current timestamp and the last timestamp is too long, for interaction security, the client needs to re-send user information to the server for authentication, that is, the network session needs to be re-established. A detailed description will be given below with reference to the embodiment shown in FIG. 3 .

请参见图3，图3为本申请实施例提供的另一种网络会话加密的方法的交互示意图，图3是在图2所示实施例的基础上，进一步地，当前时间戳合法的判断条件是：确定当前时间戳比当前时间戳的上一个时间戳晚的时长小于第二预设时长，或者，当前时间戳比当前时间戳的上一个时间戳早的时间小于等于第一预设时长。本实施例的方法还可以包括如下步骤：Please refer to FIG. 3. FIG. 3 is an interactive schematic diagram of another method for encrypting a network session provided by an embodiment of the present application. FIG. 3 is based on the embodiment shown in FIG. Yes: it is determined that the time period that the current timestamp is later than the last timestamp of the current timestamp is less than the second preset period, or the time that the current timestamp is earlier than the last timestamp of the current timestamp is less than or equal to the first preset period. The method of this embodiment may further include the following steps:

S208、判断当前时间戳比当前时间戳的上一个时间戳晚的时长是否大于等于第二预设时长。S208. Determine whether the duration of the current timestamp later than the previous timestamp of the current timestamp is greater than or equal to a second preset duration.

若当前时间戳比当前时间戳的上一个时间戳晚的时长大于等于第二预设时长，继续执行S209。若当前时间戳比当前时间戳的上一个时间戳晚的时长小于第二预设时长，继续执行S207。If the time duration of the current time stamp is greater than or equal to the second preset time duration than the previous time stamp of the current time stamp, continue to perform S209. If the current time stamp is later than the last time stamp of the current time stamp by a time duration smaller than the second preset time duration, continue to perform S207.

S209、服务器向客户端发送重新鉴权消息。S209, the server sends a re-authentication message to the client.

其中，重新鉴权消息用于指示客户端向服务器发送用户信息和当前时间戳。The re-authentication message is used to instruct the client to send the user information and the current timestamp to the server.

其中，第二预设时长为预先设置的，可以1天或者7天等，本申请对此不做限制。The second preset duration is preset, which may be 1 day or 7 days, which is not limited in this application.

本实施例，在当前时间戳和上一次时间戳之间的间隔时间大于等于第二预设时长时，可以认为本次网络会话已经不够安全，服务器可以要求客户端重新发送用户信息和时间戳，以使服务器重新进行鉴权，从而在网络会话长时间没有进行数据交互时，服务器重新进行鉴权，提高了网络会话的安全性。In this embodiment, when the interval between the current timestamp and the last timestamp is greater than or equal to the second preset duration, it may be considered that the current network session is not secure enough, and the server may require the client to resend the user information and timestamp. In order to make the server perform authentication again, when there is no data interaction in the network session for a long time, the server performs the authentication again, which improves the security of the network session.

在一些场景中，网络会话包括建立过程和网络会话交互过程，其中，网络会话交互过程中进行鉴权用的令牌可以为在网络会话建立过程中服务器生成的。下面以图4所示的实施例进行详细说明网络会话的建立过程。In some scenarios, the network session includes an establishment process and a network session interaction process, wherein the token used for authentication in the network session interaction process may be generated by the server during the network session establishment process. The following describes the process of establishing a network session in detail with the embodiment shown in FIG. 4 .

请参见图4，图4为本申请实施例提供的另一种网络会话加密的方法的交互示意图，图4是在图2或图3所示实施例的基础上，进一步地，S201可以通过如下步骤实现：Please refer to FIG. 4. FIG. 4 is an interactive schematic diagram of another method for encrypting a network session provided by an embodiment of the present application. FIG. 4 is based on the embodiment shown in FIG. 2 or FIG. 3. Further, S201 may be performed as follows Steps to achieve:

S2011、客户端通过加密算法和密钥对用户信息和原始时间戳进行加密处理，得到第二密文。S2011, the client performs encryption processing on the user information and the original timestamp by using an encryption algorithm and a key to obtain a second ciphertext.

其中，用户信息为用于鉴权的信息，服务器中存储具有权限的用户的用户信息，例如，用户信息可以为用户名和密码。The user information is information used for authentication, and the server stores user information of a user with authority, for example, the user information may be a user name and a password.

S2012、客户端向服务器发送会话建立请求。S2012, the client sends a session establishment request to the server.

其中，会话建立请求中包含第二密文。The session establishment request includes the second ciphertext.

S2013、服务器通过加密算法和密钥对第二密文进行解密处理，得到用户信息和原始时间戳。S2013, the server decrypts the second ciphertext by using an encryption algorithm and a key to obtain user information and an original timestamp.

其中，服务器存储在网络会话建立的过程中客户端发送的原始时间戳，其中，可以存储该原始时间戳和原始令牌之间的对应关系。从而在网络会话建立以后，客户端首次向服务器发送服务请求以后服务器判断服务请求中的当前时间戳的合法性时，当前时间戳的上一个时间戳为原始时间戳。The server stores the original timestamp sent by the client during the establishment of the network session, wherein the correspondence between the original timestamp and the original token can be stored. Therefore, after the network session is established, when the server judges the validity of the current time stamp in the service request after the client sends the service request to the server for the first time, the previous time stamp of the current time stamp is the original time stamp.

S2014、服务器对用户信息进行鉴权，确定用户信息合法，生成原始令牌。S2014, the server authenticates the user information, determines that the user information is legal, and generates an original token.

S2015、服务器通过加密算法和密钥对原始令牌进行加密处理，得到第三密文。S2015, the server encrypts the original token by using an encryption algorithm and a key to obtain a third ciphertext.

一种可能的实现方式中，服务器通过加密算法和密钥对原始令牌进行加密处理，得到第三密文，也就是第三密文为加密了的原始令牌。In a possible implementation manner, the server encrypts the original token through an encryption algorithm and a key to obtain the third ciphertext, that is, the third ciphertext is the encrypted original token.

另一种可能的实现方式中，服务器通过加密算法和密钥对原始令牌以及原始时间戳进行加密处理，得到第三密文，也就是第三密文为加密了的原始令牌和原始时间戳。In another possible implementation, the server encrypts the original token and the original timestamp through an encryption algorithm and a key to obtain a third ciphertext, that is, the third ciphertext is the encrypted original token and original time stamp.

对原始令牌和原始时间戳加密的方案，即使非法者获取到了加密算法和密钥，截获了第三密文，并对第三密文进行解密处理，得到了原始令牌和原始时间戳共同的信息，非法者并不清楚第三密文中存储了原始时间戳，这样也将令非法者产生混淆，无法直接获取到原始令牌。The scheme of encrypting the original token and the original timestamp, even if the illegal person obtains the encryption algorithm and key, intercepts the third ciphertext, decrypts the third ciphertext, and obtains the original token and the original timestamp. The illegal person does not know that the original timestamp is stored in the third ciphertext, which will also confuse the illegal person and cannot directly obtain the original token.

S2016、服务器向客户端发送会话建立响应。S2016, the server sends a session establishment response to the client.

其中，会话建立响应中携带第三密文。The session establishment response carries the third ciphertext.

S2017、客户端通过加密算法和密钥对第三密文进行解密处理，得到当前令牌。S2017, the client decrypts the third ciphertext through the encryption algorithm and the key to obtain the current token.

本实施例，在网络会话建立过程中，客户端发送的建立请求中除了包含用于鉴权的用户信息以外，还包含了原始时间戳，从而在网络会话建立以后，根据原始时间戳与第一个服务请求中携带的时间戳进行比对，确定第一个服务请求中携带的时间戳的合法性，使得会话过程中进行鉴权的信息随着时间变化，非法者在不了解鉴权机制的情况下，很难窃取到正确的令牌，且冒用鉴权的信息的非法服务请求容易被识别，提高了网络会话的安全性。另外，即使非法者获取到了加密算法和密钥，解密得到了当前令牌和当前时间戳，这样也将令非法者产生混淆，无法直接获取到当前令牌，从而提高了网络会话的安全性。In this embodiment, during the establishment of the network session, the establishment request sent by the client not only includes the user information for authentication, but also includes the original timestamp. Compare the time stamps carried in each service request to determine the validity of the time stamp carried in the first service request, so that the authentication information during the session changes with time. In this case, it is difficult to steal the correct token, and the illegal service request fraudulently using the authentication information is easily identified, which improves the security of the network session. In addition, even if the illegal person obtains the encryption algorithm and key, and decrypts to obtain the current token and the current timestamp, this will confuse the illegal person and cannot directly obtain the current token, thereby improving the security of the network session.

在一些实施例中，可以预先在客户端和服务器中存储多种加密算法以及加密算法对应的标识信息，从而在网络会话建立以及交互过程中选定该多种加密算法中的一种加密算法进行加密和解密处理。In some embodiments, multiple encryption algorithms and identification information corresponding to the encryption algorithms may be stored in the client and the server in advance, so that one encryption algorithm among the multiple encryption algorithms is selected during the network session establishment and interaction process. Encryption and decryption processing.

一种可能的实现方式中，客户端选择一种加密算法，将该加密算法的标识信息发送给服务器。In a possible implementation manner, the client selects an encryption algorithm, and sends the identification information of the encryption algorithm to the server.

另一种可能的实现方式中，客户端在向服务器发送的会话建立请求中携带加密算法的标识信息。其中，该加密算法的标识信息可以不加密或者加密以后直接携带在会话建立请求中；也可以跟用户信息、原始时间戳共同加密得到第二密文。下面以具体的实施例进行详细说明。In another possible implementation manner, the client carries the identification information of the encryption algorithm in the session establishment request sent to the server. The identification information of the encryption algorithm may not be encrypted or may be directly carried in the session establishment request after encryption; the second ciphertext may also be obtained by co-encrypting with the user information and the original timestamp. The following describes in detail with specific embodiments.

请参见图5，图5为本申请实施例提供的另一种网络会话加密的方法的交互示意图，图5是在图4所示实施例的基础上，进一步地，S2011可以通过如下方式实现：Please refer to FIG. 5. FIG. 5 is an interactive schematic diagram of another method for encrypting a network session provided by an embodiment of the present application. FIG. 5 is based on the embodiment shown in FIG. 4. Further, S2011 may be implemented in the following manner:

S20111、客户端通过加密算法和密钥对用户信息、原始时间戳和加密算法的标识信息进行加密处理，得到第二密文。S20111. The client performs encryption processing on the user information, the original timestamp and the identification information of the encryption algorithm by using an encryption algorithm and a key to obtain a second ciphertext.

相应的，S2013之前还可以执行如下步骤S20130：Correspondingly, before S2013, the following steps S20130 may also be performed:

S20130、服务器根据加密算法的标识信息，获取加密算法。S20130. The server obtains the encryption algorithm according to the identification information of the encryption algorithm.

本实施例中，由于客户端发起网络会话，另外，以客户端为应用程序为例，应用程序安装在终端设备中以后，应用程序中固有携带的加密算法不容易进行更新，因此，在网络会话建立时，首先可以由客户端从多种加密算法中选择其中一个加密算法，用于本次网络会话过程中加密和解密处理。客户端选择加密算法以后，获取到该加密算法的标识信息，将该加密算法的标识信息发送给服务器，服务器根据自身存储的加密算法和标识信息之间的对应关系，获取到该加密算法，用于后续加密和解密处理，从而客户端和服务器均知晓该加密算法。In this embodiment, since the client initiates a network session, and the client is an application as an example, after the application is installed in the terminal device, the encryption algorithm inherent in the application cannot be easily updated. During establishment, the client can first select one encryption algorithm from multiple encryption algorithms for encryption and decryption processing during the current network session. After the client selects the encryption algorithm, it obtains the identification information of the encryption algorithm, sends the identification information of the encryption algorithm to the server, and the server obtains the encryption algorithm according to the corresponding relationship between the encryption algorithm and the identification information stored by itself, and uses In subsequent encryption and decryption processing, both the client and the server know the encryption algorithm.

可选的，多个加密算法可以存储为索引表的形式，标识信息可以为索引号。Optionally, multiple encryption algorithms may be stored in the form of an index table, and the identification information may be an index number.

本实施例，通过在客户端和服务器中预先存储加密算法和标识信息之间的对应关系，在网络会话建立过程中，由客户端选择一种加密算法，并将该加密算法的标识信息发送给服务器，服务器根据该标识信息获取到该加密算法，从而使得不同的网络会话使用的加密算法不同，非法者不容易破解加密算法，提高了网络会话的安全性。In this embodiment, by pre-storing the correspondence between the encryption algorithm and the identification information in the client and the server, in the process of establishing a network session, the client selects an encryption algorithm, and sends the identification information of the encryption algorithm to the The server obtains the encryption algorithm according to the identification information, so that different network sessions use different encryption algorithms, and it is not easy for illegal persons to crack the encryption algorithm, thereby improving the security of the network session.

在上述实施例的基础上，进一步地，客户端和服务器也可以同时更新网络会话中的密钥，从而提高网络会话的安全性。On the basis of the above embodiment, further, the client and the server can also update the keys in the network session at the same time, thereby improving the security of the network session.

一种可能的实现方式中，可以通过客户端程序升级的方式，更新密钥。在客户端和服务器建立网络会话的过程中，客户端需要向服务器发送当前程序的版本号，服务器根据该程序的版本号确定其中存储的密钥，从而使用该密钥进行加密和解密处理。In a possible implementation manner, the key can be updated by upgrading the client program. In the process of establishing a network session between the client and the server, the client needs to send the version number of the current program to the server, and the server determines the key stored in the program according to the version number of the program, and uses the key for encryption and decryption processing.

另一种可能的实现方式中，服务器更新的密钥以后，通过加密通信的方式向客户端发送该更新的密钥，以使客户端使用该更新的密钥进行解密和加密处理。In another possible implementation manner, after the server updates the key, the server sends the updated key to the client through encrypted communication, so that the client uses the updated key to perform decryption and encryption processing.

本实施例，通过客户端和服务器同时更新网络会话中的密钥，从而使得非法者即使获取到了密钥，也可以通过低成本的方式更新密钥，密钥更新以后，非法者也无法使用原始密钥进行冒用会话，提高了网络会话的安全性。另外，网络会话中的密钥比较容易更新，实现方式多种且易于实现。In this embodiment, the client and the server update the key in the network session at the same time, so that even if the illegal person obtains the key, he can update the key in a low-cost way. After the key is updated, the illegal person cannot use the original key. The key is used to fraudulently use the session, which improves the security of the network session. In addition, the key in the network session is relatively easy to update, and the implementation methods are various and easy to implement.

实施例二Embodiment 2

本实施例提供一种网络会话加密的方法，本实施例由服务器执行，该服务器可以为上述图1所示的服务器，本实施例的方法包括：This embodiment provides a method for encrypting a network session. This embodiment is executed by a server, and the server may be the server shown in FIG. 1. The method in this embodiment includes:

接收客户端发送的服务请求，服务请求用于请求获取目标数据，服务请求中携带第一密文；Receive the service request sent by the client, the service request is used to request the acquisition of target data, and the service request carries the first ciphertext;

通过加密算法和密钥对第一密文进行解密处理，得到当前令牌和当前时间戳；Decrypt the first ciphertext through the encryption algorithm and the key to obtain the current token and the current timestamp;

判断当前令牌和当前时间戳是否合法，其中，当前时间戳合法的判断条件是：当前时间戳晚于或等于当前时间戳的上一个时间戳，或者，当前时间戳比当前时间戳的上一个时间戳早的时间小于等于第一预设时长；Judging whether the current token and the current timestamp are legal, where the current timestamp is legal if the current timestamp is later than or equal to the previous timestamp of the current timestamp, or the current timestamp is greater than the previous timestamp of the current timestamp The earlier time stamp is less than or equal to the first preset duration;

若当前令牌和当前时间戳合法，向客户端发送目标数据。If the current token and current timestamp are valid, send the target data to the client.

可选的，接收客户端发送的服务请求之前，还包括：Optionally, before receiving the service request sent by the client, it further includes:

接收客户端发送的会话建立请求，会话建立请求中包含第二密文；Receive a session establishment request sent by the client, where the session establishment request includes the second ciphertext;

通过加密算法和密钥对第二密文进行解密处理，得到用户信息和原始时间戳；Decrypt the second ciphertext through the encryption algorithm and the key to obtain the user information and the original timestamp;

对用户信息进行鉴权，确定用户信息合法，生成原始令牌；Authenticate the user information, determine the legality of the user information, and generate the original token;

通过加密算法和密钥对原始令牌进行加密处理，得到第三密文；Encrypt the original token with the encryption algorithm and key to obtain the third ciphertext;

向客户端发送会话建立响应，会话建立响应中携带第三密文，以使客户端通过加密算法和密钥对第三密文进行解密处理，得到原始令牌，在网络会话中使用原始令牌进行鉴权。Send a session establishment response to the client, and the session establishment response carries the third ciphertext, so that the client can decrypt the third ciphertext through the encryption algorithm and key to obtain the original token, and use the original token in the network session Authenticate.

可选的，会话建立请求中还包含加密算法的标识信息；通过加密算法和密钥对第二密文进行解密处理，得到用户信息和原始时间戳之前，还包括：Optionally, the session establishment request also includes the identification information of the encryption algorithm; the second ciphertext is decrypted by the encryption algorithm and the key, and before the user information and the original timestamp are obtained, it also includes:

根据加密算法的标识信息，获取加密算法。Obtain the encryption algorithm according to the identification information of the encryption algorithm.

可选的，当前时间戳合法的判断条件是：确定当前时间戳比当前时间戳的上一个时间戳晚的时长小于第二预设时长，或者，当前时间戳比当前时间戳的上一个时间戳早的时间小于等于第一预设时长，向客户端发送目标数据；Optionally, the judgment condition for the validity of the current timestamp is: it is determined that the duration of the current timestamp later than the previous timestamp of the current timestamp is less than the second preset duration, or the current timestamp is greater than the previous timestamp of the current timestamp. If the early time is less than or equal to the first preset time length, the target data is sent to the client;

方法还包括：Methods also include:

确定当前时间戳比当前时间戳的上一个时间戳晚的时长大于等于第二预设时长，向客户端发送重新鉴权消息，重新鉴权消息用于指示客户端向服务器发送用户信息和当前时间戳。Determine that the duration of the current timestamp is greater than or equal to the second preset duration than the previous timestamp of the current timestamp, and send a re-authentication message to the client. The re-authentication message is used to instruct the client to send the user information and the current time to the server. stamp.

本实施例的方法的原理和效果与实施例一类似，此处不再赘述。The principles and effects of the method in this embodiment are similar to those in the first embodiment, and are not repeated here.

实施例三Embodiment 3

本实施例提供一种网络会话加密的方法，本实施例的方法由客户端执行，该客户端可以为上述图1所示的客户端，包括：This embodiment provides a method for encrypting a network session. The method in this embodiment is executed by a client, and the client may be the client shown in FIG. 1, including:

获取当前令牌；get the current token;

通过加密算法和密钥对当前令牌和当前时间戳进行加密处理，得到第一密文；Encrypt the current token and the current timestamp through the encryption algorithm and key to obtain the first ciphertext;

向服务器发送服务请求，服务请求用于请求获取目标数据，服务请求中携带第一密文，以使服务器通过加密算法和密钥对第一密文进行解密处理，得到当前令牌和当前时间戳，判断当前令牌和当前时间戳是否合法，其中，当前时间戳合法的判断条件是：当前时间戳晚于或等于当前时间戳的上一个时间戳，或者，当前时间戳比当前时间戳的上一个时间戳早的时间小于等于第一预设时长；若当前令牌和当前时间戳合法，向客户端发送目标数据；Send a service request to the server, the service request is used to request the acquisition of target data, and the service request carries the first ciphertext, so that the server can decrypt the first ciphertext through the encryption algorithm and key, and obtain the current token and current timestamp , to determine whether the current token and the current timestamp are legal, where the legal judgment condition of the current timestamp is: the current timestamp is later than or equal to the previous timestamp of the current timestamp, or the current timestamp is greater than the previous timestamp of the current timestamp The time with an earlier timestamp is less than or equal to the first preset duration; if the current token and the current timestamp are valid, the target data is sent to the client;

接收服务器发送的目标数据。Receive the target data sent by the server.

可选的，获取当前令牌，包括：Optionally, get the current token, including:

向服务器发送会话建立请求，会话建立请求中包含第二密文，以使服务器通过加密算法和密钥对第二密文进行解密处理，得到用户信息和原始时间戳，对用户信息进行鉴权，确定用户信息合法，生成令牌；通过目标加密算法和目标密钥对令牌进行加密处理，得到第三密文；Sending a session establishment request to the server, where the session establishment request includes the second ciphertext, so that the server decrypts the second ciphertext through the encryption algorithm and the key, obtains the user information and the original timestamp, and authenticates the user information, Determine the legality of the user information, and generate a token; encrypt the token through the target encryption algorithm and the target key to obtain the third ciphertext;

接收服务器发送的会话建立响应，会话建立响应中携带第三密文；Receive the session establishment response sent by the server, and the session establishment response carries the third ciphertext;

客户端通过加密算法和密钥对第三密文进行解密处理，得到当前令牌。The client decrypts the third ciphertext through the encryption algorithm and key to obtain the current token.

可选的，通过加密算法和密钥对用户信息和原始时间戳进行加密处理，得到第二密文之前，还包括：Optionally, before the second ciphertext is obtained by encrypting the user information and the original timestamp by using an encryption algorithm and a key, the method further includes:

确定加密算法；determine the encryption algorithm;

会话建立请求中还包含加密算法的标识信息，以使服务器根据加密算法的标识信息，获取加密算法。The session establishment request also includes the identification information of the encryption algorithm, so that the server obtains the encryption algorithm according to the identification information of the encryption algorithm.

可选的，确定当前时间戳晚于或等于当前时间戳的上一个时间戳，或者，当前时间戳比当前时间戳的上一个时间戳早的时间小于等于第一预设时长，包括：Optionally, it is determined that the current timestamp is later than or equal to the previous timestamp of the current timestamp, or the time that the current timestamp is earlier than the previous timestamp of the current timestamp is less than or equal to the first preset duration, including:

确定当前时间戳比当前时间戳的上一个时间戳晚的时长小于第二预设时长，或者，当前时间戳比当前时间戳的上一个时间戳早的时间小于等于第一预设时长；It is determined that the time period that the current timestamp is later than the previous timestamp of the current timestamp is less than the second preset period, or the time that the current timestamp is earlier than the previous timestamp of the current timestamp is less than or equal to the first preset period;

本实施例的方法还包括：The method of this embodiment also includes:

接收服务器发送的重新鉴权消息，重新鉴权消息用于指示客户端向服务器发送用户信息和当前时间戳，重新鉴权消息为服务器在确定当前时间戳比当前时间戳的上一个时间戳晚的时长大于等于第二预设时长后发送的。Receive the re-authentication message sent by the server. The re-authentication message is used to instruct the client to send the user information and the current timestamp to the server. The re-authentication message is when the server determines that the current timestamp is later than the previous timestamp of the current timestamp. Sent after the duration is greater than or equal to the second preset duration.

实施例四Embodiment 4

本申请实施例通过一种服务器，包括：The embodiment of the present application uses a server, including:

存储器，用于存储程序；memory for storing programs;

处理器，用于通过执行存储器存储的程序以实现如上述实施例一中任一项的方法。The processor is configured to implement the method according to any one of the foregoing embodiments by executing a program stored in the memory.

本实施例的服务器其实现原理和效果与实施例一类似，此处不再赘述。The implementation principle and effect of the server in this embodiment are similar to those in the first embodiment, and are not repeated here.

实施例五Embodiment 5

本申请实施例提供一种计算机可读存储介质，介质上存储有程序，程序能够被处理器执行以实现如上述实施例一中任一项的方法。An embodiment of the present application provides a computer-readable storage medium, where a program is stored on the medium, and the program can be executed by a processor to implement the method according to any one of the foregoing first embodiment.

本领域技术人员可以理解，上述实施方式中各种方法的全部或部分功能可以通过硬件的方式实现，也可以通过计算机程序的方式实现。当上述实施方式中全部或部分功能通过计算机程序的方式实现时，该程序可以存储于一计算机可读存储介质中，存储介质可以包括：只读存储器、随机存储器、磁盘、光盘、硬盘等，通过计算机执行该程序以实现上述功能。例如，将程序存储在设备的存储器中，当通过处理器执行存储器中程序，即可实现上述全部或部分功能。另外，当上述实施方式中全部或部分功能通过计算机程序的方式实现时，该程序也可以存储在服务器、另一计算机、磁盘、光盘、闪存盘或移动硬盘等存储介质中，通过下载或复制保存到本地设备的存储器中，或对本地设备的系统进行版本更新，当通过处理器执行存储器中的程序时，即可实现上述实施方式中全部或部分功能。Those skilled in the art can understand that all or part of the functions of the various methods in the foregoing embodiments may be implemented by means of hardware or by means of computer programs. When all or part of the functions in the above embodiments are implemented by means of a computer program, the program may be stored in a computer-readable storage medium, and the storage medium may include: read-only memory, random access memory, magnetic disk, optical disk, hard disk, etc. The computer executes the program to realize the above-mentioned functions. For example, the program is stored in the memory of the device, and when the program in the memory is executed by the processor, all or part of the above functions can be realized. In addition, when all or part of the functions in the above-mentioned embodiments are realized by means of a computer program, the program can also be stored in a server, another computer, a magnetic disk, an optical disk, a flash disk or a mobile hard disk and other storage media, and saved by downloading or copying All or part of the functions in the above embodiments can be implemented when the program in the memory is executed by the processor.

以上应用了具体个例对本申请进行阐述，只是用于帮助理解本申请，并不用以限制本申请。对于本申请所属技术领域的技术人员，依据本申请的思想，还可以做出若干简单推演、变形或替换。The above uses specific examples to illustrate the present application, which is only used to help the understanding of the present application, and is not intended to limit the present application. For those skilled in the art to which this application belongs, based on the idea of this application, some simple deductions, modifications or substitutions can also be made.