CN106330817A - Webpage access method, device and terminal - Google Patents

Webpage access method, device and terminal Download PDF

Info

Publication number
CN106330817A
CN106330817A CN201510337702.3A CN201510337702A CN106330817A CN 106330817 A CN106330817 A CN 106330817A CN 201510337702 A CN201510337702 A CN 201510337702A CN 106330817 A CN106330817 A CN 106330817A
Authority
CN
China
Prior art keywords
target web
described target
web
acquired
object content
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201510337702.3A
Other languages
Chinese (zh)
Inventor
童磊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Shenzhen Co Ltd
Original Assignee
Tencent Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Shenzhen Co Ltd filed Critical Tencent Technology Shenzhen Co Ltd
Priority to CN201510337702.3A priority Critical patent/CN106330817A/en
Publication of CN106330817A publication Critical patent/CN106330817A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1483Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Information Transfer Between Computers (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the invention provides a webpage access method, device and terminal. The method comprises the steps that when an access request for a target webpage is detected, the target content and signature information of the target webpage are acquired, wherein the signature information of the target webpage is acquired by encrypting the source content of the target webpage through a preset encryption algorithm; security verification is performed on the acquired target content of the target webpage according to the signature information of the target webpage; and the acquired target content of the target webpage is outputted if verification is successful. Security verification can be performed on the webpage content of the target webpage requested for accessing so that forging or tampering of the webpage content of the target webpage can be prevented, the security of webpage accessing can be enhanced and the reliability of webpage accessing can be enhanced.

Description

A kind of Web access method, device and terminal
Technical field
The present invention relates to Internet technical field, be specifically related to technical field of webpage processing, particularly relate to one Web access method, device and terminal.
Background technology
Along with the development of Internet technology, such as the use of the terminal such as mobile phone, wearable device is increasingly extensive. User can utilize the various types of webpage of terminal access to carry out internetwork operation, includes but not limited to: visits Ask login page to carry out register, access pay the page to carry out delivery operation etc., this is to the Internet The safety of operation proposes higher demand, and at present, many malicious attacker can use fishing webpage to inveigle User, such as: forge login page or the private data of enrollment page trick user, or forge payment page Face or transfer page gain user's wealth etc. by cheating.Existing main for the security verification during web page access It is to identify technology based on URL (Uniform Resource Locator, URL), particularly as follows: Identify whether the URL of current web page is malice URL, and if it is output safety is reminded;Such as: if request Access login page, then obtain the URL of the login page being asked access, it is judged that whether this URL is malice URL, the most then think that this login page, for the malice page, forbids accessing this login page defeated Go out safety prompt function.But, have now been found that many malicious attacker can on the basis of the official URL of webpage, Directly distort the content of some Internet service webpages, such as directly distort in the login page that official provides Such as HTML (Hypertext Markup Language, HTML) code, JS (JavaScript, A kind of literal translation formula script) content of pages such as script, or directly distort in the payment page that official provides The such as content of pages of HTML code, JS script etc., etc., in the face of this type of situation prior art cannot be Web page access provides safety guarantee, reduces the reliability of web page access.
Summary of the invention
The embodiment of the present invention provides a kind of Web access method, device and terminal, can be to the mesh being asked access The content of pages of mark webpage carries out security verification, prevents the content of pages of target web to be forged or distort, Promote the safety of web page access, promote the reliability of web page access.
Embodiment of the present invention first aspect provides a kind of Web access method, it may include:
When the access request for target web being detected, obtain object content and the label of described target web Name information, in the signing messages of described target web is the employing predetermined encryption algorithm source to described target web Hold and be encrypted acquisition;
The object content of acquired described target web is pacified by the signing messages according to described target web Whole school tests;
If verifying successfully, the object content of the described target web acquired in output.
Embodiment of the present invention second aspect provides a kind of web page access device, it may include:
Acquiring unit, for when the access request for target web being detected, obtains described target web Object content and signing messages, the signing messages of described target web for use predetermined encryption algorithm to described The source contents of target web is encrypted acquisition;
Verification unit, is used for the signing messages according to described target web to acquired described target web Object content carries out safety check;
Access unit, if for verifying successfully, the object content of the described target web acquired in output.
The embodiment of the present invention third aspect provides a kind of terminal, it may include the webpage described in above-mentioned second aspect is visited Ask device.
Implement the embodiment of the present invention, have the advantages that
The embodiment of the present invention, when the access request for target web being detected, obtains the target of target web Content and the source contents according to target web encrypt the signing messages obtained, and use this signing messages to acquired The object content of target web carry out security verification, and export target web after safety check success Object content;By the content of pages of target web is carried out security verification, can effectively prevent malice from attacking The content of pages of target web is forged or is distorted by the person of hitting, and promotes the safety of web page access, promotes net The reliability of access to web page.
Accompanying drawing explanation
In order to be illustrated more clearly that the embodiment of the present invention or technical scheme of the prior art, below will be to enforcement In example or description of the prior art, the required accompanying drawing used is briefly described, it should be apparent that, describe below In accompanying drawing be only some embodiments of the present invention, for those of ordinary skill in the art, do not paying On the premise of going out creative work, it is also possible to obtain other accompanying drawing according to these accompanying drawings.
The flow chart of a kind of Web access method that Fig. 1 provides for the embodiment of the present invention;
The flow chart of the another kind of Web access method that Fig. 2 provides for the embodiment of the present invention;
The structural representation of a kind of web page access device that Fig. 3 provides for the embodiment of the present invention;
Fig. 4 is the structural representation of the embodiment of the acquiring unit shown in Fig. 3;
Fig. 5 is the structural representation of the embodiment of the verification unit shown in Fig. 3;
Fig. 6 is the structural representation of the embodiment of the decryption processing unit shown in Fig. 5;
Fig. 7 is the structural representation of the embodiment of the content comparing unit shown in Fig. 5.
Detailed description of the invention
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clearly Chu, be fully described by, it is clear that described embodiment be only a part of embodiment of the present invention rather than Whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art are not making creation The every other embodiment obtained under property work premise, broadly falls into the scope of protection of the invention.
In the embodiment of the present invention, terminal can be PC (Personal Computer, personal computer), notes The equipment such as this computer, mobile phone, PAD (panel computer), intelligence wearable device.The embodiment of the present invention uses Asked the signing messages that the source contents of the target web of access is corresponding, the target to acquired target web Content carries out security verification, exports the object content of target web after safety check success;By to mesh The content of pages of mark webpage carries out security verification, can effectively prevent the content of pages of target web to be forged Or distort, promote the safety of web page access, promote the reliability of web page access.
Based on foregoing description, below in conjunction with accompanying drawing 1-accompanying drawing 2, the web page access that the embodiment of the present invention is provided Method describes in detail.It should be noted that the flow process of the method for following accompanying drawing 1-accompanying drawing 2 can be by this Performed by the web page access device that inventive embodiments provides, this device can be the application program in terminal, example As: the security application etc. in terminal.
Refer to Fig. 1, for the flow chart of a kind of Web access method that the embodiment of the present invention provides;The method can Comprise the following steps S101-step S103.
S101, when the access request for target web being detected, obtains in the target of described target web Holding and signing messages, the signing messages of described target web is for using predetermined encryption algorithm to described target web Source contents be encrypted acquisition.
User can utilize the various types of webpage of terminal access to carry out internetwork operation, includes but not limited to: Access login page, to carry out register, accesses enrollment page and operates to carry out registration, accesses the payment page To carry out delivery operation, or access transfer page to carry out transferring accounts operation etc..If user needs to access mesh Mark webpage, then can send the access request for target web to terminal, can carry mesh in this access request The mark (such as the URL of target web) of mark webpage, such as: user can be by clicking on target web in the terminal URL link initiate for the access request of target web, or, user can be in the browser address of terminal The URL exporting target web in hurdle initiates the access request for target web.In this step, when detecting User send for the access request of target web time, obtain object content and the signature of described target web Information, the signing messages of described target web is to use the predetermined encryption algorithm source contents to described target web It is encrypted acquisition.It should be noted that described predetermined encryption algorithm can be carried out according to actual needs Set, it may include but be not limited to: Hash (Hash) algorithm, symmetric encipherment algorithm, rivest, shamir, adelman Etc..
S102, according to the signing messages of the described target web object content to acquired described target web Carry out safety check.
The signing messages of described target web is to use predetermined encryption algorithm to enter the source contents of described target web Row encryption obtains, then, the signing messages of described target web is carried out corresponding decryption processing, then The source contents of described target web can be obtained.Wherein, the source contents of described target web refers to by described target The content of pages of the described target web that Web page developer or server official issue, say, that described mesh The source contents of mark webpage is forged without malicious attacker or distorts, the content of pages of safety.Wherein, institute The object content of the described target web obtained refers to the content of pages that terminal obtains according to access request, due to The source contents of target web maliciously may be attacked before terminal obtains or in acquisition process after official issues The person of hitting forges or distorts, and therefore, the object content of acquired described target web may be non-security page Face content.In this step, the source of described target web can be obtained according to the signing messages of described target web Content, then according to source contents, acquired object content is carried out security verification, it is possible to confirm institute exactly The safety of the object content obtained, thus ensure the safety of web page access.
S103, if verifying successfully, the object content of the described target web acquired in output.
If verifying successfully, show the object content of acquired target web and the source contents of described target web Unanimously, the source contents of described target web is not maliciously forged or is distorted, and acquired object content belongs to peace Full content, then, terminal can export the object content of acquired described target web, enters for user The corresponding internetwork operation of row.
Referring to Fig. 1 again, alternatively, the method for the present embodiment also can comprise the steps of S104.
S104, if verifying unsuccessfully, output safety information, described safety instruction information is forbidden for prompting Access described target web.
If verifying unsuccessfully, show the object content of acquired target web and the source contents of described target web Inconsistent, the source contents of described target web is maliciously forged or is distorted, and acquired object content belongs to Non secure content, then, terminal can access this non-peace with output safety information to remind user to forbid Full target web, thus ensure the safety of web page access process.
The embodiment of the present invention, when the access request for target web being detected, obtains the target of target web Content and the source contents according to target web encrypt the signing messages obtained, and use this signing messages to acquired The object content of target web carry out security verification, and export target web after safety check success Object content;By the content of pages of target web is carried out security verification, can effectively prevent malice from attacking The content of pages of target web is forged or is distorted by the person of hitting, and promotes the safety of web page access, promotes net The reliability of access to web page.
Refer to Fig. 2, for the flow chart of the another kind of Web access method that the embodiment of the present invention provides;The method S201-step S208 can be comprised the following steps.
S201, when the access request for target web being detected, forwards described for target to server The access request of webpage, carries the mark of described target web in described access request, make described server root According to the identifier lookup of described target web and return object content and the signing messages of described target web.
Server side can use predetermined encryption algorithm to be encrypted the source contents of webpage in advance, it is thus achieved that Signing messages.It should be noted that described predetermined encryption algorithm can be set according to actual needs, can Include but not limited to: hash algorithm, symmetric encipherment algorithm, rivest, shamir, adelman etc..In implementing, Web database can be set up in server side, and this web database includes the mark of at least one webpage, often Individual banner is to should the content of pages of webpage and signing messages.
User can utilize the various types of webpage of terminal access to carry out internetwork operation, includes but not limited to: Access login page, to carry out register, accesses enrollment page and operates to carry out registration, accesses the payment page To carry out delivery operation, or access transfer page to carry out transferring accounts operation etc..If user needs to access mesh Mark webpage, then can send the access request for target web to terminal, can carry mesh in this access request The mark (such as the URL of target web) of mark webpage, such as: user can be by clicking on target web in the terminal URL link initiate for the access request of target web, or, user can be in the browser address of terminal The URL exporting target web in hurdle initiates the access request for target web.In this step, when detecting User send for the access request of target web time, this access request can be forwarded to server by terminal, Server can search the content of pages of target web as object content from the web database pre-build It is back to terminal, and the signing messages of this target web can be returned in the lump.
S202, receives object content and the signing messages of the described target web that described server returns.
Step S201-step S202 of the present embodiment can be the tool of step S101 in embodiment illustrated in fig. 1 Body refinement step.
S203, uses described predetermined encryption algorithm that the signing messages of described target web is decrypted process; If the success of described decryption processing, proceed to perform step S204;If the failure of described decryption processing, proceed to perform step Rapid S207.
The signing messages of described target web is to use predetermined encryption algorithm to enter the source contents of described target web Row encryption obtains, then, the signing messages of described target web is carried out corresponding decryption processing, then The source contents of described target web can be obtained.Wherein, the source contents of described target web refers to by described target The content of pages of the described target web that Web page developer or server official issue, say, that described mesh The source contents of mark webpage is forged without malicious attacker or distorts, the content of pages of safety.Wherein, institute The object content of the described target web obtained refers to the content of pages that terminal obtains according to access request, due to The source contents of target web maliciously may be attacked before terminal obtains or in acquisition process after official issues The person of hitting forges or distorts, and therefore, the object content of acquired described target web may be non-security page Face content.
In the present embodiment, described predetermined encryption algorithm can be digest algorithm and rivest, shamir, adelman;Described Digest algorithm can include but not limited to: MD5 (Message Digest Algorithm 5, Message Digest 5 5th edition) algorithm or SHA1 (Secure Hash Algorithm, Secure Hash Algorithm) algorithm;Described non- Symmetric encipherment algorithm may include but be not limited to: RSA (a kind of public key encryption algorithm) algorithm or ECC are (oval AES) algorithm.The signing messages of described target web is: use described digest algorithm to described target The source contents of webpage carries out calculating and obtains original hash value, and uses the private that described rivest, shamir, adelman specifies Key is encrypted acquisition to described original hash value.Assume to use HMac_Svr to represent original hash value, SignSvr is used to represent described signing messages;So, first server side can use digest algorithm to target network The source contents of page carries out being calculated HMac_Svr, then uses the private key Key01 that rivest, shamir, adelman specifies HMac_Svr is encrypted and obtains SignSvr.
This step S203 specifically can comprise the following steps s11-step s13:
S11, the signing messages of described target web is carried out by the PKI using described rivest, shamir, adelman to specify Decryption processing.Assuming that the PKI that described rivest, shamir, adelman specifies is Key02, this step needs to use Key02 is decrypted process to SignSvr.
S12, if successful decryption obtains described original hash value, then decryption processing success;Otherwise, decryption processing Failure.
If using Key02 SignSvr successful decryption then can be obtained HMac_Svr.If used SignSvr is deciphered unsuccessfully by Key02, i.e. cannot be successfully obtained HMac_Svr, in showing acquired target The content of pages that Rong Weiyi is maliciously forged or distorts, acquired object content belongs to non secure content.
S204, the object content of the described target web acquired in comparison with the source contents of described target web is No unanimously;If consistent, proceed to perform step S205;If inconsistent, proceed to perform step S207.
If consistent, show that the source contents of described target web is not maliciously forged or distort, acquired target Content belongs to secure content;If inconsistent, show that the source contents of described target web is maliciously forged or usurped Changing, acquired object content belongs to non secure content.
This step S204 specifically can comprise the following steps s21-step s23.
S21, uses described digest algorithm to calculate the object content of acquired described target web, obtains Obtain target hashed value.
Assuming that described target hashed value uses HMac_Client to represent, in this step, terminal needs to use and clothes The object content of acquired described target web is calculated by the digest algorithm that business device consults, it is thus achieved that HMac_Client。
S22, if described target hashed value is equal with described original hash value, then acquired described target web Object content consistent with the source contents of described target web.If HMac_Client and HMac_Client Equal, then show that the object content of acquired described target web is consistent with the source contents of described target web.
S23, if described target hashed value and described original hash value, then acquired described target web Object content inconsistent with the source contents of described target web.If HMac_Client and HMac_Client , then the object content of acquired described target web is inconsistent with the source contents of described target web.
S205, verifies successfully.
S206, the object content of the described target web acquired in output;Terminate afterwards.
In step S205-step S206, if verifying successfully, show the object content of acquired target web Consistent with the source contents of described target web, the source contents of described target web is not maliciously forged or is distorted, Acquired object content belongs to secure content, then, the mesh of acquired described target web can be exported Mark content, carries out corresponding internetwork operation for user.
S207, verifies unsuccessfully.
S208, output safety information, described safety instruction information forbids accessing described target for prompting Webpage;Terminate afterwards.
In step S205-step S206, if verifying unsuccessfully, show the object content of acquired target web Inconsistent with the source contents of described target web, the source contents of described target web is maliciously forged or is distorted, Acquired object content belongs to non secure content, then, can be with output safety information, to remind use Family forbids accessing this non-security target web, thus ensures the safety of web page access process.
The embodiment of the present invention, when the access request for target web being detected, obtains the target of target web Content and the source contents according to target web encrypt the signing messages obtained, and use this signing messages to acquired The object content of target web carry out security verification, and export target web after safety check success Object content;By the content of pages of target web is carried out security verification, can effectively prevent malice from attacking The content of pages of target web is forged or is distorted by the person of hitting, and promotes the safety of web page access, promotes net The reliability of access to web page.
Below in conjunction with accompanying drawing 3-accompanying drawing 7, the web page access device providing the embodiment of the present invention is situated between in detail Continue.It should be noted that following device can be the application program in terminal, such as: the peace in terminal Full application programs etc., to be applied to performing the Web access method shown in above-mentioned accompanying drawing 1-accompanying drawing 2.
Refer to Fig. 3, for the structural representation of a kind of web page access device that the embodiment of the present invention provides;This dress Put and comprise the steps that acquiring unit 101, verification unit 102 and access unit 103.
Acquiring unit 101, for when the access request for target web being detected, obtains described target network The object content of page and signing messages, the signing messages of described target web is for using predetermined encryption algorithm to institute The source contents stating target web is encrypted acquisition.
User can utilize the various types of webpage of terminal access to carry out internetwork operation, includes but not limited to: Access login page, to carry out register, accesses enrollment page and operates to carry out registration, accesses the payment page To carry out delivery operation, or access transfer page to carry out transferring accounts operation etc..If user needs to access mesh Mark webpage, then can send the access request for target web to terminal, can carry mesh in this access request The mark (such as the URL of target web) of mark webpage, such as: user can be by clicking on target web in the terminal URL link initiate for the access request of target web, or, user can be in the browser address of terminal The URL exporting target web in hurdle initiates the access request for target web.When detecting what user sent During for the access request of target web, described acquiring unit 101 is discovered and seized in the target taking described target web Holding and signing messages, the signing messages of described target web is for using predetermined encryption algorithm to described target web Source contents be encrypted acquisition.It should be noted that described predetermined encryption algorithm can be according to reality Needs are set, it may include but be not limited to: hash algorithm, symmetric encipherment algorithm, rivest, shamir, adelman Etc..
Verification unit 102, is used for the signing messages according to described target web to acquired described target web Object content carry out safety check.
The signing messages of described target web is to use predetermined encryption algorithm to enter the source contents of described target web Row encryption obtains, then, the signing messages of described target web is carried out corresponding decryption processing, then The source contents of described target web can be obtained.Wherein, the source contents of described target web refers to by described target The content of pages of the described target web that Web page developer or server official issue, say, that described mesh The source contents of mark webpage is forged without malicious attacker or distorts, the content of pages of safety.Wherein, institute The object content of the described target web obtained refers to the content of pages that terminal obtains according to access request, due to The source contents of target web maliciously may be attacked before terminal obtains or in acquisition process after official issues The person of hitting forges or distorts, and therefore, the object content of acquired described target web may be non-security page Face content.Described verification unit 102 can obtain described target network according to the signing messages of described target web The source contents of page, then according to source contents, acquired object content is carried out security verification, it is possible to exactly The safety of the object content acquired in confirmation, thus ensure the safety of web page access.
Access unit 103, if for verifying successfully, the object content of the described target web acquired in output.
If verifying successfully, show the object content of acquired target web and the source contents of described target web Unanimously, the source contents of described target web is not maliciously forged or is distorted, and acquired object content belongs to peace Full content, then, described access unit 103 can export the object content of acquired described target web, Corresponding internetwork operation is carried out for user.
Referring to Fig. 3 again, alternatively, this device may also include that safety instruction unit 104.
Safety instruction unit 104, if for verifying unsuccessfully, output safety information, described safety instruction is believed Breath is forbidden accessing described target web for prompting.
If verifying unsuccessfully, show the object content of acquired target web and the source contents of described target web Inconsistent, the source contents of described target web is maliciously forged or is distorted, and acquired object content belongs to Non secure content, then, described safety instruction unit 104 can be with output safety information, to remind use Family forbids accessing this non-security target web, thus ensures the safety of web page access process.
The embodiment of the present invention, when the access request for target web being detected, obtains the target of target web Content and the source contents according to target web encrypt the signing messages obtained, and use this signing messages to acquired The object content of target web carry out security verification, and export target web after safety check success Object content;By the content of pages of target web is carried out security verification, can effectively prevent malice from attacking The content of pages of target web is forged or is distorted by the person of hitting, and promotes the safety of web page access, promotes net The reliability of access to web page.
Refer to Fig. 4, for the structural representation of the embodiment of the acquiring unit shown in Fig. 3;This acquiring unit 101 comprise the steps that request unit 1001 and receive unit 1002.
Request unit 1001, for when the access request for target web being detected, forwards to server The described access request for target web, carries the mark of described target web, makes in described access request Described server is according to the identifier lookup of described target web the object content and the label that return described target web Name information.
Server side can use predetermined encryption algorithm to be encrypted the source contents of webpage in advance, it is thus achieved that Signing messages.It should be noted that described predetermined encryption algorithm can be set according to actual needs, can Include but not limited to: hash algorithm, symmetric encipherment algorithm, rivest, shamir, adelman etc..In implementing, Web database can be set up in server side, and this web database includes the mark of at least one webpage, often Individual banner is to should the content of pages of webpage and signing messages.
User can utilize the various types of webpage of terminal access to carry out internetwork operation, includes but not limited to: Access login page, to carry out register, accesses enrollment page and operates to carry out registration, accesses the payment page To carry out delivery operation, or access transfer page to carry out transferring accounts operation etc..If user needs to access mesh Mark webpage, then can send the access request for target web to terminal, can carry mesh in this access request The mark (such as the URL of target web) of mark webpage, such as: user can be by clicking on target web in the terminal URL link initiate for the access request of target web, or, user can be in the browser address of terminal The URL exporting target web in hurdle initiates the access request for target web.When detecting what user sent During for the access request of target web, this access request can be forwarded to server by described request unit 1001, Server can search the content of pages of target web as object content from the web database pre-build It is back to terminal, and the signing messages of this target web can be returned in the lump.
Receive unit 1002, for receiving object content and the label of the described target web that described server returns Name information.
The embodiment of the present invention, when the access request for target web being detected, obtains the target of target web Content and the source contents according to target web encrypt the signing messages obtained, and use this signing messages to acquired The object content of target web carry out security verification, and export target web after safety check success Object content;By the content of pages of target web is carried out security verification, can effectively prevent malice from attacking The content of pages of target web is forged or is distorted by the person of hitting, and promotes the safety of web page access, promotes net The reliability of access to web page.
Refer to Fig. 5, for the structural representation of the embodiment of the verification unit shown in Fig. 3;This verification unit 102 comprise the steps that decryption processing unit 2001, content comparing unit 2002 and the first check results confirmation unit 2003。
Decryption processing unit 2001, for using the described predetermined encryption algorithm A.L.S. to described target web Breath is decrypted process.
The signing messages of described target web is to use predetermined encryption algorithm to enter the source contents of described target web Row encryption obtains, then, the signing messages of described target web is entered by described decryption processing unit 2001 The decryption processing that row is corresponding, then can obtain the source contents of described target web.Wherein, described target web Source contents refer to the page of described target web issued by described target web developer or server official in Hold, say, that the source contents of described target web is forged without malicious attacker or distorts, safety Content of pages.Wherein, the object content of acquired described target web refers to that terminal is according to access request The content of pages obtained, owing to the source contents of target web may be after official issues, before terminal obtains Or acquisition process is forged by malicious attacker or distorts, therefore, the target of acquired described target web Content may be non-security content of pages.
Content comparing unit 2002, if for the success of described decryption processing, the then described target acquired in comparison The object content of webpage is the most consistent with the source contents of described target web.
If consistent, show that the source contents of described target web is not maliciously forged or distort, acquired target Content belongs to secure content;If inconsistent, show that the source contents of described target web is maliciously forged or usurped Changing, acquired object content belongs to non secure content.
First check results confirmation unit 2003, if for acquired described target web object content with The source contents of described target web is consistent, then verify successfully.
Referring to Fig. 5 again, alternatively, this verification unit 102 may also include that the second check results confirmation unit 2004。
Second check results confirmation unit 2004, if for the failure of described decryption processing, then verifying failure;Or Person, if the object content for acquired described target web is inconsistent with the source contents of described target web, Then verify failure.
The embodiment of the present invention, when the access request for target web being detected, obtains the target of target web Content and the source contents according to target web encrypt the signing messages obtained, and use this signing messages to acquired The object content of target web carry out security verification, and export target web after safety check success Object content;By the content of pages of target web is carried out security verification, can effectively prevent malice from attacking The content of pages of target web is forged or is distorted by the person of hitting, and promotes the safety of web page access, promotes net The reliability of access to web page.
Refer to Fig. 6, for the structural representation of the embodiment of the decryption processing unit shown in Fig. 5;At this deciphering Reason unit 2001 comprises the steps that asymmetric decryption unit 2111 and deciphering results verification unit 2112.
Asymmetric decryption unit 2111, the PKI being used for using described rivest, shamir, adelman to specify is to described mesh The signing messages of mark webpage is decrypted process.
In the present embodiment, described predetermined encryption algorithm can be digest algorithm and rivest, shamir, adelman;Described Digest algorithm can include but not limited to: MD5 algorithm or SHA1 algorithm;Described rivest, shamir, adelman can Include but not limited to: RSA Algorithm or ECC algorithm.The signing messages of described target web is: use described Digest algorithm the source contents of described target web is carried out calculate obtain original hash value, and use described non-right The private key claiming AES to specify is encrypted acquisition to described original hash value.Assume to use HMac_Svr represents original hash value, uses SignSvr to represent described signing messages;So, server side First can use digest algorithm that the source contents of target web is calculated HMac_Svr, then use non-right HMac_Svr is encrypted and obtains SignSvr by the private key Key01 claiming AES to specify.Assume described non- The PKI that symmetric encipherment algorithm specifies is Key02, and described asymmetric decryption unit 2111 needs to use Key02 SignSvr is decrypted process.
Decrypted result confirmation unit 2112, if successful decryption obtains described original hash value, then decryption processing becomes Merit;Otherwise, decryption processing failure.
If using Key02 SignSvr successful decryption then can be obtained HMac_Svr.If used SignSvr is deciphered unsuccessfully by Key02, i.e. cannot be successfully obtained HMac_Svr, in showing acquired target The content of pages that Rong Weiyi is maliciously forged or distorts, acquired object content belongs to non secure content.
The embodiment of the present invention, when the access request for target web being detected, obtains the target of target web Content and the source contents according to target web encrypt the signing messages obtained, and use this signing messages to acquired The object content of target web carry out security verification, and export target web after safety check success Object content;By the content of pages of target web is carried out security verification, can effectively prevent malice from attacking The content of pages of target web is forged or is distorted by the person of hitting, and promotes the safety of web page access, promotes net The reliability of access to web page.
Refer to Fig. 7, for the structural representation of the embodiment of the content comparing unit shown in Fig. 5;This content ratio Unit 2002 is comprised the steps that computing unit 2221 and content comparison confirmation unit 2222.
Computing unit 2221, for using described digest algorithm in the target of acquired described target web Hold and calculate, it is thus achieved that target hashed value.
Description according to Fig. 5-embodiment illustrated in fig. 6, it is assumed that described target hashed value uses HMac_Client Representing, described computing unit 2221 needs to use and the digest algorithm that consults of server is to described in acquired The object content of target web calculates, it is thus achieved that HMac_Client.
Content comparison confirmation unit 2222, if equal with described original hash value for described target hashed value, The object content of then acquired described target web is consistent with the source contents of described target web, or, use If in described target hashed value and described original hash value, the then target of acquired described target web Content is inconsistent with the source contents of described target web.
If HMac_Client with HMac_Client is equal, then show the mesh of acquired described target web Mark content is consistent with the source contents of described target web.If HMac_Client Yu HMac_Client, The object content of then acquired described target web is inconsistent with the source contents of described target web.
The embodiment of the present invention, when the access request for target web being detected, obtains the target of target web Content and the source contents according to target web encrypt the signing messages obtained, and use this signing messages to acquired The object content of target web carry out security verification, and export target web after safety check success Object content;By the content of pages of target web is carried out security verification, can effectively prevent malice from attacking The content of pages of target web is forged or is distorted by the person of hitting, and promotes the safety of web page access, promotes net The reliability of access to web page.
The embodiment of the invention also discloses a kind of terminal, this terminal can include web page access device, this device 26S Proteasome Structure and Function can be found in the associated description of the attached embodiment illustrated in fig. 7 of accompanying drawing 3-, is not repeated herein.Concrete real In Xian, this device can be the application program in terminal, such as: the security application etc. in terminal.Need It is noted that the terminal disclosed in the present embodiment can also be applied to the side shown in above-mentioned accompanying drawing 1-accompanying drawing 2 In method.
The embodiment of the present invention, when the access request for target web being detected, obtains the target of target web Content and the source contents according to target web encrypt the signing messages obtained, and use this signing messages to acquired The object content of target web carry out security verification, and export target web after safety check success Object content;By the content of pages of target web is carried out security verification, can effectively prevent malice from attacking The content of pages of target web is forged or is distorted by the person of hitting, and promotes the safety of web page access, promotes net The reliability of access to web page.
One of ordinary skill in the art will appreciate that all or part of flow process realizing in above-described embodiment method, Can be by computer program and complete to instruct relevant hardware, described program can be stored in a calculating In machine read/write memory medium, this program is upon execution, it may include such as the flow process of the embodiment of above-mentioned each method. Wherein, described storage medium can be magnetic disc, CD, read-only store-memory body (Read-Only Memory, Or random store-memory body (Random Access Memory, RAM) etc. ROM).
Above disclosed be only present pre-ferred embodiments, certainly can not with this limit the present invention it Interest field, the equivalent variations therefore made according to the claims in the present invention, still belong to the scope that the present invention is contained.

Claims (17)

1. a Web access method, it is characterised in that including:
When the access request for target web being detected, obtain object content and the label of described target web Name information, in the signing messages of described target web is the employing predetermined encryption algorithm source to described target web Hold and be encrypted acquisition;
The object content of acquired described target web is pacified by the signing messages according to described target web Whole school tests;
If verifying successfully, the object content of the described target web acquired in output.
2. the method for claim 1, it is characterised in that described when detecting for target web During access request, obtain object content and the signing messages of described target web, including:
When the access request for target web being detected, forward described for target web to server Access request, carries the mark of described target web in described access request, make described server according to described The identifier lookup of target web also returns object content and the signing messages of described target web;
Receive object content and the signing messages of the described target web that described server returns.
3. method as claimed in claim 2, it is characterised in that the described signature according to described target web Information carries out safety check to the object content of acquired described target web, including:
Use described predetermined encryption algorithm that the signing messages of described target web is decrypted process;
If the success of described decryption processing, the then object content of the described target web acquired in comparison and described mesh The source contents of mark webpage is the most consistent;
If the object content of acquired described target web is consistent with the source contents of described target web, then school Test successfully.
4. method as claimed in claim 3, it is characterised in that the described signature according to described target web Information carries out safety check to the object content of acquired described target web, also includes:
If the failure of described decryption processing, then verify failure;Or,
If the object content of acquired described target web is inconsistent with the source contents of described target web, then Verify unsuccessfully.
5. method as claimed in claim 3, it is characterised in that described predetermined encryption algorithm is digest algorithm And rivest, shamir, adelman;
The signing messages of described target web is: use the described digest algorithm source contents to described target web Carry out calculating and obtain original hash value, and use private key that described rivest, shamir, adelman specifies to described original Hashed value is encrypted acquisition.
6. method as claimed in claim 5, it is characterised in that described employing described predetermined encryption algorithm pair The signing messages of described target web is decrypted process, including:
The signing messages of described target web is decrypted by the PKI using described rivest, shamir, adelman to specify Process;
If successful decryption obtains described original hash value, then decryption processing success;Otherwise, decryption processing failure.
7. method as claimed in claim 6, it is characterised in that the described target network acquired in described comparison The object content of page is the most consistent with the source contents of described target web, including:
Use described digest algorithm that the object content of acquired described target web is calculated, it is thus achieved that mesh Mark hashed value;
If described target hashed value is equal with described original hash value, then the mesh of acquired described target web Mark content is consistent with the source contents of described target web;
If described target hashed value and described original hash value, the then mesh of acquired described target web Mark content is inconsistent with the source contents of described target web.
8. the method as described in any one of claim 1-7, it is characterised in that also include:
If verifying unsuccessfully, output safety information, described safety instruction information forbids accessing institute for prompting State target web.
9. a web page access device, it is characterised in that including:
Acquiring unit, for when the access request for target web being detected, obtains described target web Object content and signing messages, the signing messages of described target web for use predetermined encryption algorithm to described The source contents of target web is encrypted acquisition;
Verification unit, is used for the signing messages according to described target web to acquired described target web Object content carries out safety check;
Access unit, if for verifying successfully, the object content of the described target web acquired in output.
10. device as claimed in claim 9, it is characterised in that described acquiring unit includes:
Request unit, for when the access request for target web being detected, forwards described to server For the access request of target web, described access request is carried the mark of described target web, make described Server is according to the identifier lookup of described target web the object content and the A.L.S. that return described target web Breath;
Receive unit, for receiving object content and the A.L.S. of the described target web that described server returns Breath.
11. devices as claimed in claim 10, it is characterised in that described verification unit includes:
Decryption processing unit, for using described predetermined encryption algorithm to enter the signing messages of described target web Row decryption processing;
Content comparing unit, if for the success of described decryption processing, the then described target web acquired in comparison Object content the most consistent with the source contents of described target web;
First check results confirmation unit, if being used for the object content of acquired described target web with described The source contents of target web is consistent, then verify successfully.
12. devices as claimed in claim 11, it is characterised in that described verification unit also includes:
Second check results confirmation unit, if for the failure of described decryption processing, then verifying failure;Or, If the object content for acquired described target web is inconsistent with the source contents of described target web, then Verify unsuccessfully.
13. devices as claimed in claim 11, it is characterised in that described predetermined encryption algorithm is calculated for summary Method and rivest, shamir, adelman;
The signing messages of described target web is: use the described digest algorithm source contents to described target web Carry out calculating and obtain original hash value, and use private key that described rivest, shamir, adelman specifies to described original Hashed value is encrypted acquisition.
14. devices as claimed in claim 13, it is characterised in that described decryption processing unit includes:
Asymmetric decryption unit, the PKI being used for using described rivest, shamir, adelman to specify is to described target network The signing messages of page is decrypted process;
Decrypted result confirmation unit, if successful decryption obtains described original hash value, then decryption processing success; Otherwise, decryption processing failure.
15. devices as claimed in claim 14, it is characterised in that described content comparing unit includes:
Computing unit, for using described digest algorithm to enter the object content of acquired described target web Row calculates, it is thus achieved that target hashed value;
Content comparison confirmation unit, if equal with described original hash value for described target hashed value, then institute The object content of the described target web obtained is consistent with the source contents of described target web, or, if for Described target hashed value and described original hash value, then the object content of acquired described target web Inconsistent with the source contents of described target web.
16. devices as described in any one of claim 9-15, it is characterised in that also include:
Safety instruction unit, if for verifying unsuccessfully, output safety information, described safety instruction information Forbid accessing described target web for prompting.
17. 1 kinds of terminals, it is characterised in that include the web page access as described in any one of claim 9-16 Device.
CN201510337702.3A 2015-06-17 2015-06-17 Webpage access method, device and terminal Pending CN106330817A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510337702.3A CN106330817A (en) 2015-06-17 2015-06-17 Webpage access method, device and terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510337702.3A CN106330817A (en) 2015-06-17 2015-06-17 Webpage access method, device and terminal

Publications (1)

Publication Number Publication Date
CN106330817A true CN106330817A (en) 2017-01-11

Family

ID=57732354

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510337702.3A Pending CN106330817A (en) 2015-06-17 2015-06-17 Webpage access method, device and terminal

Country Status (1)

Country Link
CN (1) CN106330817A (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107423639A (en) * 2017-04-21 2017-12-01 深圳前海微众银行股份有限公司 webpage tamper monitoring method and device
CN107547524A (en) * 2017-08-09 2018-01-05 百度在线网络技术(北京)有限公司 A kind of page detection method, device and equipment
CN109474563A (en) * 2017-09-08 2019-03-15 阿里巴巴集团控股有限公司 Processing, providing method, client and the server of file stream
CN110457628A (en) * 2019-07-05 2019-11-15 平安国际智慧城市科技股份有限公司 Webpage edition correcting method, device, equipment and storage medium
CN110460588A (en) * 2018-05-31 2019-11-15 腾讯科技(深圳)有限公司 Realize method, apparatus, the computer system and storage medium of Information Authentication
CN112507389A (en) * 2020-10-28 2021-03-16 西安四叶草信息技术有限公司 Webpage data processing method and device
CN112579998A (en) * 2019-09-30 2021-03-30 北京京东尚科信息技术有限公司 Webpage access method, management system and electronic equipment in information interaction platform
CN114070576A (en) * 2020-08-07 2022-02-18 腾讯科技(深圳)有限公司 Content display method, content generation method, device, equipment and storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101795276A (en) * 2010-02-09 2010-08-04 戴宇星 Static webpage anti-tampering system and method based on digital signatures
CN102110198A (en) * 2009-12-28 2011-06-29 北京安码科技有限公司 Anti-counterfeiting method for web page
CN102111267A (en) * 2009-12-28 2011-06-29 北京安码科技有限公司 Website safety protection method based on digital signature and system adopting same

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102110198A (en) * 2009-12-28 2011-06-29 北京安码科技有限公司 Anti-counterfeiting method for web page
CN102111267A (en) * 2009-12-28 2011-06-29 北京安码科技有限公司 Website safety protection method based on digital signature and system adopting same
CN101795276A (en) * 2010-02-09 2010-08-04 戴宇星 Static webpage anti-tampering system and method based on digital signatures

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107423639A (en) * 2017-04-21 2017-12-01 深圳前海微众银行股份有限公司 webpage tamper monitoring method and device
CN107423639B (en) * 2017-04-21 2021-04-23 深圳前海微众银行股份有限公司 Webpage tampering monitoring method and device
CN107547524A (en) * 2017-08-09 2018-01-05 百度在线网络技术(北京)有限公司 A kind of page detection method, device and equipment
CN109474563A (en) * 2017-09-08 2019-03-15 阿里巴巴集团控股有限公司 Processing, providing method, client and the server of file stream
CN110460588A (en) * 2018-05-31 2019-11-15 腾讯科技(深圳)有限公司 Realize method, apparatus, the computer system and storage medium of Information Authentication
CN110460588B (en) * 2018-05-31 2022-11-22 腾讯科技(深圳)有限公司 Method, device, computer system and storage medium for realizing information verification
CN110457628A (en) * 2019-07-05 2019-11-15 平安国际智慧城市科技股份有限公司 Webpage edition correcting method, device, equipment and storage medium
CN112579998A (en) * 2019-09-30 2021-03-30 北京京东尚科信息技术有限公司 Webpage access method, management system and electronic equipment in information interaction platform
CN112579998B (en) * 2019-09-30 2023-09-26 北京京东尚科信息技术有限公司 Webpage access method, management system and electronic equipment in information interaction platform
CN114070576A (en) * 2020-08-07 2022-02-18 腾讯科技(深圳)有限公司 Content display method, content generation method, device, equipment and storage medium
CN114070576B (en) * 2020-08-07 2024-03-08 腾讯科技(深圳)有限公司 A content display method a content generation method a device(s) apparatus and storage medium
CN112507389A (en) * 2020-10-28 2021-03-16 西安四叶草信息技术有限公司 Webpage data processing method and device

Similar Documents

Publication Publication Date Title
CN106330817A (en) Webpage access method, device and terminal
US9998438B2 (en) Verifying the security of a remote server
US9563764B2 (en) Method and apparatus for performing authentication between applications
US8312520B2 (en) Methods and systems to detect attacks on internet transactions
US8880885B2 (en) Mutual authentication schemes
CN106991298B (en) Access method of application program to interface, authorization request method and device
CN112333198A (en) Secure cross-domain login method, system and server
CN106612180A (en) Method and device for realizing session identifier synchronization
KR101744747B1 (en) Mobile terminal, terminal and method for authentication using security cookie
US11418499B2 (en) Password security
US20080229109A1 (en) Human-recognizable cryptographic keys
CN112866228B (en) Method and device for controlling unauthorized access of web system
CN109995776B (en) Internet data verification method and system
CN106897761A (en) A kind of two-dimensional code generation method and device
EP4092984A1 (en) Data processing method and apparatus, device and medium
CN115580413B (en) Zero-trust multi-party data fusion calculation method and device
CN114244522A (en) Information protection method and device, electronic equipment and computer readable storage medium
TW201539239A (en) Server, user device, and method of interaction between user device and server
CN109657170B (en) Webpage loading method and device, computer equipment and storage medium
CN109889344A (en) The transmission method and computer readable storage medium of terminal, data
CN116049802B (en) Application single sign-on method, system, computer equipment and storage medium
CN114124440B (en) Secure transmission method, apparatus, computer device and storage medium
CN106130996B (en) A kind of website attack protection verifying system and method
CN110399706B (en) Authorization authentication method, device and computer system
CN114065170A (en) Method and device for acquiring platform identity certificate and server

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20170111

RJ01 Rejection of invention patent application after publication