CN106330817A - Webpage access method, device and terminal - Google Patents
Webpage access method, device and terminal Download PDFInfo
- Publication number
- CN106330817A CN106330817A CN201510337702.3A CN201510337702A CN106330817A CN 106330817 A CN106330817 A CN 106330817A CN 201510337702 A CN201510337702 A CN 201510337702A CN 106330817 A CN106330817 A CN 106330817A
- Authority
- CN
- China
- Prior art keywords
- target web
- described target
- web
- acquired
- object content
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1483—Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Information Transfer Between Computers (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the invention provides a webpage access method, device and terminal. The method comprises the steps that when an access request for a target webpage is detected, the target content and signature information of the target webpage are acquired, wherein the signature information of the target webpage is acquired by encrypting the source content of the target webpage through a preset encryption algorithm; security verification is performed on the acquired target content of the target webpage according to the signature information of the target webpage; and the acquired target content of the target webpage is outputted if verification is successful. Security verification can be performed on the webpage content of the target webpage requested for accessing so that forging or tampering of the webpage content of the target webpage can be prevented, the security of webpage accessing can be enhanced and the reliability of webpage accessing can be enhanced.
Description
Technical field
The present invention relates to Internet technical field, be specifically related to technical field of webpage processing, particularly relate to one
Web access method, device and terminal.
Background technology
Along with the development of Internet technology, such as the use of the terminal such as mobile phone, wearable device is increasingly extensive.
User can utilize the various types of webpage of terminal access to carry out internetwork operation, includes but not limited to: visits
Ask login page to carry out register, access pay the page to carry out delivery operation etc., this is to the Internet
The safety of operation proposes higher demand, and at present, many malicious attacker can use fishing webpage to inveigle
User, such as: forge login page or the private data of enrollment page trick user, or forge payment page
Face or transfer page gain user's wealth etc. by cheating.Existing main for the security verification during web page access
It is to identify technology based on URL (Uniform Resource Locator, URL), particularly as follows:
Identify whether the URL of current web page is malice URL, and if it is output safety is reminded;Such as: if request
Access login page, then obtain the URL of the login page being asked access, it is judged that whether this URL is malice
URL, the most then think that this login page, for the malice page, forbids accessing this login page defeated
Go out safety prompt function.But, have now been found that many malicious attacker can on the basis of the official URL of webpage,
Directly distort the content of some Internet service webpages, such as directly distort in the login page that official provides
Such as HTML (Hypertext Markup Language, HTML) code, JS (JavaScript,
A kind of literal translation formula script) content of pages such as script, or directly distort in the payment page that official provides
The such as content of pages of HTML code, JS script etc., etc., in the face of this type of situation prior art cannot be
Web page access provides safety guarantee, reduces the reliability of web page access.
Summary of the invention
The embodiment of the present invention provides a kind of Web access method, device and terminal, can be to the mesh being asked access
The content of pages of mark webpage carries out security verification, prevents the content of pages of target web to be forged or distort,
Promote the safety of web page access, promote the reliability of web page access.
Embodiment of the present invention first aspect provides a kind of Web access method, it may include:
When the access request for target web being detected, obtain object content and the label of described target web
Name information, in the signing messages of described target web is the employing predetermined encryption algorithm source to described target web
Hold and be encrypted acquisition;
The object content of acquired described target web is pacified by the signing messages according to described target web
Whole school tests;
If verifying successfully, the object content of the described target web acquired in output.
Embodiment of the present invention second aspect provides a kind of web page access device, it may include:
Acquiring unit, for when the access request for target web being detected, obtains described target web
Object content and signing messages, the signing messages of described target web for use predetermined encryption algorithm to described
The source contents of target web is encrypted acquisition;
Verification unit, is used for the signing messages according to described target web to acquired described target web
Object content carries out safety check;
Access unit, if for verifying successfully, the object content of the described target web acquired in output.
The embodiment of the present invention third aspect provides a kind of terminal, it may include the webpage described in above-mentioned second aspect is visited
Ask device.
Implement the embodiment of the present invention, have the advantages that
The embodiment of the present invention, when the access request for target web being detected, obtains the target of target web
Content and the source contents according to target web encrypt the signing messages obtained, and use this signing messages to acquired
The object content of target web carry out security verification, and export target web after safety check success
Object content;By the content of pages of target web is carried out security verification, can effectively prevent malice from attacking
The content of pages of target web is forged or is distorted by the person of hitting, and promotes the safety of web page access, promotes net
The reliability of access to web page.
Accompanying drawing explanation
In order to be illustrated more clearly that the embodiment of the present invention or technical scheme of the prior art, below will be to enforcement
In example or description of the prior art, the required accompanying drawing used is briefly described, it should be apparent that, describe below
In accompanying drawing be only some embodiments of the present invention, for those of ordinary skill in the art, do not paying
On the premise of going out creative work, it is also possible to obtain other accompanying drawing according to these accompanying drawings.
The flow chart of a kind of Web access method that Fig. 1 provides for the embodiment of the present invention;
The flow chart of the another kind of Web access method that Fig. 2 provides for the embodiment of the present invention;
The structural representation of a kind of web page access device that Fig. 3 provides for the embodiment of the present invention;
Fig. 4 is the structural representation of the embodiment of the acquiring unit shown in Fig. 3;
Fig. 5 is the structural representation of the embodiment of the verification unit shown in Fig. 3;
Fig. 6 is the structural representation of the embodiment of the decryption processing unit shown in Fig. 5;
Fig. 7 is the structural representation of the embodiment of the content comparing unit shown in Fig. 5.
Detailed description of the invention
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clearly
Chu, be fully described by, it is clear that described embodiment be only a part of embodiment of the present invention rather than
Whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art are not making creation
The every other embodiment obtained under property work premise, broadly falls into the scope of protection of the invention.
In the embodiment of the present invention, terminal can be PC (Personal Computer, personal computer), notes
The equipment such as this computer, mobile phone, PAD (panel computer), intelligence wearable device.The embodiment of the present invention uses
Asked the signing messages that the source contents of the target web of access is corresponding, the target to acquired target web
Content carries out security verification, exports the object content of target web after safety check success;By to mesh
The content of pages of mark webpage carries out security verification, can effectively prevent the content of pages of target web to be forged
Or distort, promote the safety of web page access, promote the reliability of web page access.
Based on foregoing description, below in conjunction with accompanying drawing 1-accompanying drawing 2, the web page access that the embodiment of the present invention is provided
Method describes in detail.It should be noted that the flow process of the method for following accompanying drawing 1-accompanying drawing 2 can be by this
Performed by the web page access device that inventive embodiments provides, this device can be the application program in terminal, example
As: the security application etc. in terminal.
Refer to Fig. 1, for the flow chart of a kind of Web access method that the embodiment of the present invention provides;The method can
Comprise the following steps S101-step S103.
S101, when the access request for target web being detected, obtains in the target of described target web
Holding and signing messages, the signing messages of described target web is for using predetermined encryption algorithm to described target web
Source contents be encrypted acquisition.
User can utilize the various types of webpage of terminal access to carry out internetwork operation, includes but not limited to:
Access login page, to carry out register, accesses enrollment page and operates to carry out registration, accesses the payment page
To carry out delivery operation, or access transfer page to carry out transferring accounts operation etc..If user needs to access mesh
Mark webpage, then can send the access request for target web to terminal, can carry mesh in this access request
The mark (such as the URL of target web) of mark webpage, such as: user can be by clicking on target web in the terminal
URL link initiate for the access request of target web, or, user can be in the browser address of terminal
The URL exporting target web in hurdle initiates the access request for target web.In this step, when detecting
User send for the access request of target web time, obtain object content and the signature of described target web
Information, the signing messages of described target web is to use the predetermined encryption algorithm source contents to described target web
It is encrypted acquisition.It should be noted that described predetermined encryption algorithm can be carried out according to actual needs
Set, it may include but be not limited to: Hash (Hash) algorithm, symmetric encipherment algorithm, rivest, shamir, adelman
Etc..
S102, according to the signing messages of the described target web object content to acquired described target web
Carry out safety check.
The signing messages of described target web is to use predetermined encryption algorithm to enter the source contents of described target web
Row encryption obtains, then, the signing messages of described target web is carried out corresponding decryption processing, then
The source contents of described target web can be obtained.Wherein, the source contents of described target web refers to by described target
The content of pages of the described target web that Web page developer or server official issue, say, that described mesh
The source contents of mark webpage is forged without malicious attacker or distorts, the content of pages of safety.Wherein, institute
The object content of the described target web obtained refers to the content of pages that terminal obtains according to access request, due to
The source contents of target web maliciously may be attacked before terminal obtains or in acquisition process after official issues
The person of hitting forges or distorts, and therefore, the object content of acquired described target web may be non-security page
Face content.In this step, the source of described target web can be obtained according to the signing messages of described target web
Content, then according to source contents, acquired object content is carried out security verification, it is possible to confirm institute exactly
The safety of the object content obtained, thus ensure the safety of web page access.
S103, if verifying successfully, the object content of the described target web acquired in output.
If verifying successfully, show the object content of acquired target web and the source contents of described target web
Unanimously, the source contents of described target web is not maliciously forged or is distorted, and acquired object content belongs to peace
Full content, then, terminal can export the object content of acquired described target web, enters for user
The corresponding internetwork operation of row.
Referring to Fig. 1 again, alternatively, the method for the present embodiment also can comprise the steps of S104.
S104, if verifying unsuccessfully, output safety information, described safety instruction information is forbidden for prompting
Access described target web.
If verifying unsuccessfully, show the object content of acquired target web and the source contents of described target web
Inconsistent, the source contents of described target web is maliciously forged or is distorted, and acquired object content belongs to
Non secure content, then, terminal can access this non-peace with output safety information to remind user to forbid
Full target web, thus ensure the safety of web page access process.
The embodiment of the present invention, when the access request for target web being detected, obtains the target of target web
Content and the source contents according to target web encrypt the signing messages obtained, and use this signing messages to acquired
The object content of target web carry out security verification, and export target web after safety check success
Object content;By the content of pages of target web is carried out security verification, can effectively prevent malice from attacking
The content of pages of target web is forged or is distorted by the person of hitting, and promotes the safety of web page access, promotes net
The reliability of access to web page.
Refer to Fig. 2, for the flow chart of the another kind of Web access method that the embodiment of the present invention provides;The method
S201-step S208 can be comprised the following steps.
S201, when the access request for target web being detected, forwards described for target to server
The access request of webpage, carries the mark of described target web in described access request, make described server root
According to the identifier lookup of described target web and return object content and the signing messages of described target web.
Server side can use predetermined encryption algorithm to be encrypted the source contents of webpage in advance, it is thus achieved that
Signing messages.It should be noted that described predetermined encryption algorithm can be set according to actual needs, can
Include but not limited to: hash algorithm, symmetric encipherment algorithm, rivest, shamir, adelman etc..In implementing,
Web database can be set up in server side, and this web database includes the mark of at least one webpage, often
Individual banner is to should the content of pages of webpage and signing messages.
User can utilize the various types of webpage of terminal access to carry out internetwork operation, includes but not limited to:
Access login page, to carry out register, accesses enrollment page and operates to carry out registration, accesses the payment page
To carry out delivery operation, or access transfer page to carry out transferring accounts operation etc..If user needs to access mesh
Mark webpage, then can send the access request for target web to terminal, can carry mesh in this access request
The mark (such as the URL of target web) of mark webpage, such as: user can be by clicking on target web in the terminal
URL link initiate for the access request of target web, or, user can be in the browser address of terminal
The URL exporting target web in hurdle initiates the access request for target web.In this step, when detecting
User send for the access request of target web time, this access request can be forwarded to server by terminal,
Server can search the content of pages of target web as object content from the web database pre-build
It is back to terminal, and the signing messages of this target web can be returned in the lump.
S202, receives object content and the signing messages of the described target web that described server returns.
Step S201-step S202 of the present embodiment can be the tool of step S101 in embodiment illustrated in fig. 1
Body refinement step.
S203, uses described predetermined encryption algorithm that the signing messages of described target web is decrypted process;
If the success of described decryption processing, proceed to perform step S204;If the failure of described decryption processing, proceed to perform step
Rapid S207.
The signing messages of described target web is to use predetermined encryption algorithm to enter the source contents of described target web
Row encryption obtains, then, the signing messages of described target web is carried out corresponding decryption processing, then
The source contents of described target web can be obtained.Wherein, the source contents of described target web refers to by described target
The content of pages of the described target web that Web page developer or server official issue, say, that described mesh
The source contents of mark webpage is forged without malicious attacker or distorts, the content of pages of safety.Wherein, institute
The object content of the described target web obtained refers to the content of pages that terminal obtains according to access request, due to
The source contents of target web maliciously may be attacked before terminal obtains or in acquisition process after official issues
The person of hitting forges or distorts, and therefore, the object content of acquired described target web may be non-security page
Face content.
In the present embodiment, described predetermined encryption algorithm can be digest algorithm and rivest, shamir, adelman;Described
Digest algorithm can include but not limited to: MD5 (Message Digest Algorithm 5, Message Digest 5
5th edition) algorithm or SHA1 (Secure Hash Algorithm, Secure Hash Algorithm) algorithm;Described non-
Symmetric encipherment algorithm may include but be not limited to: RSA (a kind of public key encryption algorithm) algorithm or ECC are (oval
AES) algorithm.The signing messages of described target web is: use described digest algorithm to described target
The source contents of webpage carries out calculating and obtains original hash value, and uses the private that described rivest, shamir, adelman specifies
Key is encrypted acquisition to described original hash value.Assume to use HMac_Svr to represent original hash value,
SignSvr is used to represent described signing messages;So, first server side can use digest algorithm to target network
The source contents of page carries out being calculated HMac_Svr, then uses the private key Key01 that rivest, shamir, adelman specifies
HMac_Svr is encrypted and obtains SignSvr.
This step S203 specifically can comprise the following steps s11-step s13:
S11, the signing messages of described target web is carried out by the PKI using described rivest, shamir, adelman to specify
Decryption processing.Assuming that the PKI that described rivest, shamir, adelman specifies is Key02, this step needs to use
Key02 is decrypted process to SignSvr.
S12, if successful decryption obtains described original hash value, then decryption processing success;Otherwise, decryption processing
Failure.
If using Key02 SignSvr successful decryption then can be obtained HMac_Svr.If used
SignSvr is deciphered unsuccessfully by Key02, i.e. cannot be successfully obtained HMac_Svr, in showing acquired target
The content of pages that Rong Weiyi is maliciously forged or distorts, acquired object content belongs to non secure content.
S204, the object content of the described target web acquired in comparison with the source contents of described target web is
No unanimously;If consistent, proceed to perform step S205;If inconsistent, proceed to perform step S207.
If consistent, show that the source contents of described target web is not maliciously forged or distort, acquired target
Content belongs to secure content;If inconsistent, show that the source contents of described target web is maliciously forged or usurped
Changing, acquired object content belongs to non secure content.
This step S204 specifically can comprise the following steps s21-step s23.
S21, uses described digest algorithm to calculate the object content of acquired described target web, obtains
Obtain target hashed value.
Assuming that described target hashed value uses HMac_Client to represent, in this step, terminal needs to use and clothes
The object content of acquired described target web is calculated by the digest algorithm that business device consults, it is thus achieved that
HMac_Client。
S22, if described target hashed value is equal with described original hash value, then acquired described target web
Object content consistent with the source contents of described target web.If HMac_Client and HMac_Client
Equal, then show that the object content of acquired described target web is consistent with the source contents of described target web.
S23, if described target hashed value and described original hash value, then acquired described target web
Object content inconsistent with the source contents of described target web.If HMac_Client and HMac_Client
, then the object content of acquired described target web is inconsistent with the source contents of described target web.
S205, verifies successfully.
S206, the object content of the described target web acquired in output;Terminate afterwards.
In step S205-step S206, if verifying successfully, show the object content of acquired target web
Consistent with the source contents of described target web, the source contents of described target web is not maliciously forged or is distorted,
Acquired object content belongs to secure content, then, the mesh of acquired described target web can be exported
Mark content, carries out corresponding internetwork operation for user.
S207, verifies unsuccessfully.
S208, output safety information, described safety instruction information forbids accessing described target for prompting
Webpage;Terminate afterwards.
In step S205-step S206, if verifying unsuccessfully, show the object content of acquired target web
Inconsistent with the source contents of described target web, the source contents of described target web is maliciously forged or is distorted,
Acquired object content belongs to non secure content, then, can be with output safety information, to remind use
Family forbids accessing this non-security target web, thus ensures the safety of web page access process.
The embodiment of the present invention, when the access request for target web being detected, obtains the target of target web
Content and the source contents according to target web encrypt the signing messages obtained, and use this signing messages to acquired
The object content of target web carry out security verification, and export target web after safety check success
Object content;By the content of pages of target web is carried out security verification, can effectively prevent malice from attacking
The content of pages of target web is forged or is distorted by the person of hitting, and promotes the safety of web page access, promotes net
The reliability of access to web page.
Below in conjunction with accompanying drawing 3-accompanying drawing 7, the web page access device providing the embodiment of the present invention is situated between in detail
Continue.It should be noted that following device can be the application program in terminal, such as: the peace in terminal
Full application programs etc., to be applied to performing the Web access method shown in above-mentioned accompanying drawing 1-accompanying drawing 2.
Refer to Fig. 3, for the structural representation of a kind of web page access device that the embodiment of the present invention provides;This dress
Put and comprise the steps that acquiring unit 101, verification unit 102 and access unit 103.
Acquiring unit 101, for when the access request for target web being detected, obtains described target network
The object content of page and signing messages, the signing messages of described target web is for using predetermined encryption algorithm to institute
The source contents stating target web is encrypted acquisition.
User can utilize the various types of webpage of terminal access to carry out internetwork operation, includes but not limited to:
Access login page, to carry out register, accesses enrollment page and operates to carry out registration, accesses the payment page
To carry out delivery operation, or access transfer page to carry out transferring accounts operation etc..If user needs to access mesh
Mark webpage, then can send the access request for target web to terminal, can carry mesh in this access request
The mark (such as the URL of target web) of mark webpage, such as: user can be by clicking on target web in the terminal
URL link initiate for the access request of target web, or, user can be in the browser address of terminal
The URL exporting target web in hurdle initiates the access request for target web.When detecting what user sent
During for the access request of target web, described acquiring unit 101 is discovered and seized in the target taking described target web
Holding and signing messages, the signing messages of described target web is for using predetermined encryption algorithm to described target web
Source contents be encrypted acquisition.It should be noted that described predetermined encryption algorithm can be according to reality
Needs are set, it may include but be not limited to: hash algorithm, symmetric encipherment algorithm, rivest, shamir, adelman
Etc..
Verification unit 102, is used for the signing messages according to described target web to acquired described target web
Object content carry out safety check.
The signing messages of described target web is to use predetermined encryption algorithm to enter the source contents of described target web
Row encryption obtains, then, the signing messages of described target web is carried out corresponding decryption processing, then
The source contents of described target web can be obtained.Wherein, the source contents of described target web refers to by described target
The content of pages of the described target web that Web page developer or server official issue, say, that described mesh
The source contents of mark webpage is forged without malicious attacker or distorts, the content of pages of safety.Wherein, institute
The object content of the described target web obtained refers to the content of pages that terminal obtains according to access request, due to
The source contents of target web maliciously may be attacked before terminal obtains or in acquisition process after official issues
The person of hitting forges or distorts, and therefore, the object content of acquired described target web may be non-security page
Face content.Described verification unit 102 can obtain described target network according to the signing messages of described target web
The source contents of page, then according to source contents, acquired object content is carried out security verification, it is possible to exactly
The safety of the object content acquired in confirmation, thus ensure the safety of web page access.
Access unit 103, if for verifying successfully, the object content of the described target web acquired in output.
If verifying successfully, show the object content of acquired target web and the source contents of described target web
Unanimously, the source contents of described target web is not maliciously forged or is distorted, and acquired object content belongs to peace
Full content, then, described access unit 103 can export the object content of acquired described target web,
Corresponding internetwork operation is carried out for user.
Referring to Fig. 3 again, alternatively, this device may also include that safety instruction unit 104.
Safety instruction unit 104, if for verifying unsuccessfully, output safety information, described safety instruction is believed
Breath is forbidden accessing described target web for prompting.
If verifying unsuccessfully, show the object content of acquired target web and the source contents of described target web
Inconsistent, the source contents of described target web is maliciously forged or is distorted, and acquired object content belongs to
Non secure content, then, described safety instruction unit 104 can be with output safety information, to remind use
Family forbids accessing this non-security target web, thus ensures the safety of web page access process.
The embodiment of the present invention, when the access request for target web being detected, obtains the target of target web
Content and the source contents according to target web encrypt the signing messages obtained, and use this signing messages to acquired
The object content of target web carry out security verification, and export target web after safety check success
Object content;By the content of pages of target web is carried out security verification, can effectively prevent malice from attacking
The content of pages of target web is forged or is distorted by the person of hitting, and promotes the safety of web page access, promotes net
The reliability of access to web page.
Refer to Fig. 4, for the structural representation of the embodiment of the acquiring unit shown in Fig. 3;This acquiring unit
101 comprise the steps that request unit 1001 and receive unit 1002.
Request unit 1001, for when the access request for target web being detected, forwards to server
The described access request for target web, carries the mark of described target web, makes in described access request
Described server is according to the identifier lookup of described target web the object content and the label that return described target web
Name information.
Server side can use predetermined encryption algorithm to be encrypted the source contents of webpage in advance, it is thus achieved that
Signing messages.It should be noted that described predetermined encryption algorithm can be set according to actual needs, can
Include but not limited to: hash algorithm, symmetric encipherment algorithm, rivest, shamir, adelman etc..In implementing,
Web database can be set up in server side, and this web database includes the mark of at least one webpage, often
Individual banner is to should the content of pages of webpage and signing messages.
User can utilize the various types of webpage of terminal access to carry out internetwork operation, includes but not limited to:
Access login page, to carry out register, accesses enrollment page and operates to carry out registration, accesses the payment page
To carry out delivery operation, or access transfer page to carry out transferring accounts operation etc..If user needs to access mesh
Mark webpage, then can send the access request for target web to terminal, can carry mesh in this access request
The mark (such as the URL of target web) of mark webpage, such as: user can be by clicking on target web in the terminal
URL link initiate for the access request of target web, or, user can be in the browser address of terminal
The URL exporting target web in hurdle initiates the access request for target web.When detecting what user sent
During for the access request of target web, this access request can be forwarded to server by described request unit 1001,
Server can search the content of pages of target web as object content from the web database pre-build
It is back to terminal, and the signing messages of this target web can be returned in the lump.
Receive unit 1002, for receiving object content and the label of the described target web that described server returns
Name information.
The embodiment of the present invention, when the access request for target web being detected, obtains the target of target web
Content and the source contents according to target web encrypt the signing messages obtained, and use this signing messages to acquired
The object content of target web carry out security verification, and export target web after safety check success
Object content;By the content of pages of target web is carried out security verification, can effectively prevent malice from attacking
The content of pages of target web is forged or is distorted by the person of hitting, and promotes the safety of web page access, promotes net
The reliability of access to web page.
Refer to Fig. 5, for the structural representation of the embodiment of the verification unit shown in Fig. 3;This verification unit
102 comprise the steps that decryption processing unit 2001, content comparing unit 2002 and the first check results confirmation unit
2003。
Decryption processing unit 2001, for using the described predetermined encryption algorithm A.L.S. to described target web
Breath is decrypted process.
The signing messages of described target web is to use predetermined encryption algorithm to enter the source contents of described target web
Row encryption obtains, then, the signing messages of described target web is entered by described decryption processing unit 2001
The decryption processing that row is corresponding, then can obtain the source contents of described target web.Wherein, described target web
Source contents refer to the page of described target web issued by described target web developer or server official in
Hold, say, that the source contents of described target web is forged without malicious attacker or distorts, safety
Content of pages.Wherein, the object content of acquired described target web refers to that terminal is according to access request
The content of pages obtained, owing to the source contents of target web may be after official issues, before terminal obtains
Or acquisition process is forged by malicious attacker or distorts, therefore, the target of acquired described target web
Content may be non-security content of pages.
Content comparing unit 2002, if for the success of described decryption processing, the then described target acquired in comparison
The object content of webpage is the most consistent with the source contents of described target web.
If consistent, show that the source contents of described target web is not maliciously forged or distort, acquired target
Content belongs to secure content;If inconsistent, show that the source contents of described target web is maliciously forged or usurped
Changing, acquired object content belongs to non secure content.
First check results confirmation unit 2003, if for acquired described target web object content with
The source contents of described target web is consistent, then verify successfully.
Referring to Fig. 5 again, alternatively, this verification unit 102 may also include that the second check results confirmation unit
2004。
Second check results confirmation unit 2004, if for the failure of described decryption processing, then verifying failure;Or
Person, if the object content for acquired described target web is inconsistent with the source contents of described target web,
Then verify failure.
The embodiment of the present invention, when the access request for target web being detected, obtains the target of target web
Content and the source contents according to target web encrypt the signing messages obtained, and use this signing messages to acquired
The object content of target web carry out security verification, and export target web after safety check success
Object content;By the content of pages of target web is carried out security verification, can effectively prevent malice from attacking
The content of pages of target web is forged or is distorted by the person of hitting, and promotes the safety of web page access, promotes net
The reliability of access to web page.
Refer to Fig. 6, for the structural representation of the embodiment of the decryption processing unit shown in Fig. 5;At this deciphering
Reason unit 2001 comprises the steps that asymmetric decryption unit 2111 and deciphering results verification unit 2112.
Asymmetric decryption unit 2111, the PKI being used for using described rivest, shamir, adelman to specify is to described mesh
The signing messages of mark webpage is decrypted process.
In the present embodiment, described predetermined encryption algorithm can be digest algorithm and rivest, shamir, adelman;Described
Digest algorithm can include but not limited to: MD5 algorithm or SHA1 algorithm;Described rivest, shamir, adelman can
Include but not limited to: RSA Algorithm or ECC algorithm.The signing messages of described target web is: use described
Digest algorithm the source contents of described target web is carried out calculate obtain original hash value, and use described non-right
The private key claiming AES to specify is encrypted acquisition to described original hash value.Assume to use
HMac_Svr represents original hash value, uses SignSvr to represent described signing messages;So, server side
First can use digest algorithm that the source contents of target web is calculated HMac_Svr, then use non-right
HMac_Svr is encrypted and obtains SignSvr by the private key Key01 claiming AES to specify.Assume described non-
The PKI that symmetric encipherment algorithm specifies is Key02, and described asymmetric decryption unit 2111 needs to use Key02
SignSvr is decrypted process.
Decrypted result confirmation unit 2112, if successful decryption obtains described original hash value, then decryption processing becomes
Merit;Otherwise, decryption processing failure.
If using Key02 SignSvr successful decryption then can be obtained HMac_Svr.If used
SignSvr is deciphered unsuccessfully by Key02, i.e. cannot be successfully obtained HMac_Svr, in showing acquired target
The content of pages that Rong Weiyi is maliciously forged or distorts, acquired object content belongs to non secure content.
The embodiment of the present invention, when the access request for target web being detected, obtains the target of target web
Content and the source contents according to target web encrypt the signing messages obtained, and use this signing messages to acquired
The object content of target web carry out security verification, and export target web after safety check success
Object content;By the content of pages of target web is carried out security verification, can effectively prevent malice from attacking
The content of pages of target web is forged or is distorted by the person of hitting, and promotes the safety of web page access, promotes net
The reliability of access to web page.
Refer to Fig. 7, for the structural representation of the embodiment of the content comparing unit shown in Fig. 5;This content ratio
Unit 2002 is comprised the steps that computing unit 2221 and content comparison confirmation unit 2222.
Computing unit 2221, for using described digest algorithm in the target of acquired described target web
Hold and calculate, it is thus achieved that target hashed value.
Description according to Fig. 5-embodiment illustrated in fig. 6, it is assumed that described target hashed value uses HMac_Client
Representing, described computing unit 2221 needs to use and the digest algorithm that consults of server is to described in acquired
The object content of target web calculates, it is thus achieved that HMac_Client.
Content comparison confirmation unit 2222, if equal with described original hash value for described target hashed value,
The object content of then acquired described target web is consistent with the source contents of described target web, or, use
If in described target hashed value and described original hash value, the then target of acquired described target web
Content is inconsistent with the source contents of described target web.
If HMac_Client with HMac_Client is equal, then show the mesh of acquired described target web
Mark content is consistent with the source contents of described target web.If HMac_Client Yu HMac_Client,
The object content of then acquired described target web is inconsistent with the source contents of described target web.
The embodiment of the present invention, when the access request for target web being detected, obtains the target of target web
Content and the source contents according to target web encrypt the signing messages obtained, and use this signing messages to acquired
The object content of target web carry out security verification, and export target web after safety check success
Object content;By the content of pages of target web is carried out security verification, can effectively prevent malice from attacking
The content of pages of target web is forged or is distorted by the person of hitting, and promotes the safety of web page access, promotes net
The reliability of access to web page.
The embodiment of the invention also discloses a kind of terminal, this terminal can include web page access device, this device
26S Proteasome Structure and Function can be found in the associated description of the attached embodiment illustrated in fig. 7 of accompanying drawing 3-, is not repeated herein.Concrete real
In Xian, this device can be the application program in terminal, such as: the security application etc. in terminal.Need
It is noted that the terminal disclosed in the present embodiment can also be applied to the side shown in above-mentioned accompanying drawing 1-accompanying drawing 2
In method.
The embodiment of the present invention, when the access request for target web being detected, obtains the target of target web
Content and the source contents according to target web encrypt the signing messages obtained, and use this signing messages to acquired
The object content of target web carry out security verification, and export target web after safety check success
Object content;By the content of pages of target web is carried out security verification, can effectively prevent malice from attacking
The content of pages of target web is forged or is distorted by the person of hitting, and promotes the safety of web page access, promotes net
The reliability of access to web page.
One of ordinary skill in the art will appreciate that all or part of flow process realizing in above-described embodiment method,
Can be by computer program and complete to instruct relevant hardware, described program can be stored in a calculating
In machine read/write memory medium, this program is upon execution, it may include such as the flow process of the embodiment of above-mentioned each method.
Wherein, described storage medium can be magnetic disc, CD, read-only store-memory body (Read-Only Memory,
Or random store-memory body (Random Access Memory, RAM) etc. ROM).
Above disclosed be only present pre-ferred embodiments, certainly can not with this limit the present invention it
Interest field, the equivalent variations therefore made according to the claims in the present invention, still belong to the scope that the present invention is contained.
Claims (17)
1. a Web access method, it is characterised in that including:
When the access request for target web being detected, obtain object content and the label of described target web
Name information, in the signing messages of described target web is the employing predetermined encryption algorithm source to described target web
Hold and be encrypted acquisition;
The object content of acquired described target web is pacified by the signing messages according to described target web
Whole school tests;
If verifying successfully, the object content of the described target web acquired in output.
2. the method for claim 1, it is characterised in that described when detecting for target web
During access request, obtain object content and the signing messages of described target web, including:
When the access request for target web being detected, forward described for target web to server
Access request, carries the mark of described target web in described access request, make described server according to described
The identifier lookup of target web also returns object content and the signing messages of described target web;
Receive object content and the signing messages of the described target web that described server returns.
3. method as claimed in claim 2, it is characterised in that the described signature according to described target web
Information carries out safety check to the object content of acquired described target web, including:
Use described predetermined encryption algorithm that the signing messages of described target web is decrypted process;
If the success of described decryption processing, the then object content of the described target web acquired in comparison and described mesh
The source contents of mark webpage is the most consistent;
If the object content of acquired described target web is consistent with the source contents of described target web, then school
Test successfully.
4. method as claimed in claim 3, it is characterised in that the described signature according to described target web
Information carries out safety check to the object content of acquired described target web, also includes:
If the failure of described decryption processing, then verify failure;Or,
If the object content of acquired described target web is inconsistent with the source contents of described target web, then
Verify unsuccessfully.
5. method as claimed in claim 3, it is characterised in that described predetermined encryption algorithm is digest algorithm
And rivest, shamir, adelman;
The signing messages of described target web is: use the described digest algorithm source contents to described target web
Carry out calculating and obtain original hash value, and use private key that described rivest, shamir, adelman specifies to described original
Hashed value is encrypted acquisition.
6. method as claimed in claim 5, it is characterised in that described employing described predetermined encryption algorithm pair
The signing messages of described target web is decrypted process, including:
The signing messages of described target web is decrypted by the PKI using described rivest, shamir, adelman to specify
Process;
If successful decryption obtains described original hash value, then decryption processing success;Otherwise, decryption processing failure.
7. method as claimed in claim 6, it is characterised in that the described target network acquired in described comparison
The object content of page is the most consistent with the source contents of described target web, including:
Use described digest algorithm that the object content of acquired described target web is calculated, it is thus achieved that mesh
Mark hashed value;
If described target hashed value is equal with described original hash value, then the mesh of acquired described target web
Mark content is consistent with the source contents of described target web;
If described target hashed value and described original hash value, the then mesh of acquired described target web
Mark content is inconsistent with the source contents of described target web.
8. the method as described in any one of claim 1-7, it is characterised in that also include:
If verifying unsuccessfully, output safety information, described safety instruction information forbids accessing institute for prompting
State target web.
9. a web page access device, it is characterised in that including:
Acquiring unit, for when the access request for target web being detected, obtains described target web
Object content and signing messages, the signing messages of described target web for use predetermined encryption algorithm to described
The source contents of target web is encrypted acquisition;
Verification unit, is used for the signing messages according to described target web to acquired described target web
Object content carries out safety check;
Access unit, if for verifying successfully, the object content of the described target web acquired in output.
10. device as claimed in claim 9, it is characterised in that described acquiring unit includes:
Request unit, for when the access request for target web being detected, forwards described to server
For the access request of target web, described access request is carried the mark of described target web, make described
Server is according to the identifier lookup of described target web the object content and the A.L.S. that return described target web
Breath;
Receive unit, for receiving object content and the A.L.S. of the described target web that described server returns
Breath.
11. devices as claimed in claim 10, it is characterised in that described verification unit includes:
Decryption processing unit, for using described predetermined encryption algorithm to enter the signing messages of described target web
Row decryption processing;
Content comparing unit, if for the success of described decryption processing, the then described target web acquired in comparison
Object content the most consistent with the source contents of described target web;
First check results confirmation unit, if being used for the object content of acquired described target web with described
The source contents of target web is consistent, then verify successfully.
12. devices as claimed in claim 11, it is characterised in that described verification unit also includes:
Second check results confirmation unit, if for the failure of described decryption processing, then verifying failure;Or,
If the object content for acquired described target web is inconsistent with the source contents of described target web, then
Verify unsuccessfully.
13. devices as claimed in claim 11, it is characterised in that described predetermined encryption algorithm is calculated for summary
Method and rivest, shamir, adelman;
The signing messages of described target web is: use the described digest algorithm source contents to described target web
Carry out calculating and obtain original hash value, and use private key that described rivest, shamir, adelman specifies to described original
Hashed value is encrypted acquisition.
14. devices as claimed in claim 13, it is characterised in that described decryption processing unit includes:
Asymmetric decryption unit, the PKI being used for using described rivest, shamir, adelman to specify is to described target network
The signing messages of page is decrypted process;
Decrypted result confirmation unit, if successful decryption obtains described original hash value, then decryption processing success;
Otherwise, decryption processing failure.
15. devices as claimed in claim 14, it is characterised in that described content comparing unit includes:
Computing unit, for using described digest algorithm to enter the object content of acquired described target web
Row calculates, it is thus achieved that target hashed value;
Content comparison confirmation unit, if equal with described original hash value for described target hashed value, then institute
The object content of the described target web obtained is consistent with the source contents of described target web, or, if for
Described target hashed value and described original hash value, then the object content of acquired described target web
Inconsistent with the source contents of described target web.
16. devices as described in any one of claim 9-15, it is characterised in that also include:
Safety instruction unit, if for verifying unsuccessfully, output safety information, described safety instruction information
Forbid accessing described target web for prompting.
17. 1 kinds of terminals, it is characterised in that include the web page access as described in any one of claim 9-16
Device.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510337702.3A CN106330817A (en) | 2015-06-17 | 2015-06-17 | Webpage access method, device and terminal |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510337702.3A CN106330817A (en) | 2015-06-17 | 2015-06-17 | Webpage access method, device and terminal |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106330817A true CN106330817A (en) | 2017-01-11 |
Family
ID=57732354
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510337702.3A Pending CN106330817A (en) | 2015-06-17 | 2015-06-17 | Webpage access method, device and terminal |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106330817A (en) |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107423639A (en) * | 2017-04-21 | 2017-12-01 | 深圳前海微众银行股份有限公司 | webpage tamper monitoring method and device |
CN107547524A (en) * | 2017-08-09 | 2018-01-05 | 百度在线网络技术(北京)有限公司 | A kind of page detection method, device and equipment |
CN109474563A (en) * | 2017-09-08 | 2019-03-15 | 阿里巴巴集团控股有限公司 | Processing, providing method, client and the server of file stream |
CN110457628A (en) * | 2019-07-05 | 2019-11-15 | 平安国际智慧城市科技股份有限公司 | Webpage edition correcting method, device, equipment and storage medium |
CN110460588A (en) * | 2018-05-31 | 2019-11-15 | 腾讯科技(深圳)有限公司 | Realize method, apparatus, the computer system and storage medium of Information Authentication |
CN112507389A (en) * | 2020-10-28 | 2021-03-16 | 西安四叶草信息技术有限公司 | Webpage data processing method and device |
CN112579998A (en) * | 2019-09-30 | 2021-03-30 | 北京京东尚科信息技术有限公司 | Webpage access method, management system and electronic equipment in information interaction platform |
CN114070576A (en) * | 2020-08-07 | 2022-02-18 | 腾讯科技(深圳)有限公司 | Content display method, content generation method, device, equipment and storage medium |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101795276A (en) * | 2010-02-09 | 2010-08-04 | 戴宇星 | Static webpage anti-tampering system and method based on digital signatures |
CN102110198A (en) * | 2009-12-28 | 2011-06-29 | 北京安码科技有限公司 | Anti-counterfeiting method for web page |
CN102111267A (en) * | 2009-12-28 | 2011-06-29 | 北京安码科技有限公司 | Website safety protection method based on digital signature and system adopting same |
-
2015
- 2015-06-17 CN CN201510337702.3A patent/CN106330817A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102110198A (en) * | 2009-12-28 | 2011-06-29 | 北京安码科技有限公司 | Anti-counterfeiting method for web page |
CN102111267A (en) * | 2009-12-28 | 2011-06-29 | 北京安码科技有限公司 | Website safety protection method based on digital signature and system adopting same |
CN101795276A (en) * | 2010-02-09 | 2010-08-04 | 戴宇星 | Static webpage anti-tampering system and method based on digital signatures |
Cited By (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107423639A (en) * | 2017-04-21 | 2017-12-01 | 深圳前海微众银行股份有限公司 | webpage tamper monitoring method and device |
CN107423639B (en) * | 2017-04-21 | 2021-04-23 | 深圳前海微众银行股份有限公司 | Webpage tampering monitoring method and device |
CN107547524A (en) * | 2017-08-09 | 2018-01-05 | 百度在线网络技术(北京)有限公司 | A kind of page detection method, device and equipment |
CN109474563A (en) * | 2017-09-08 | 2019-03-15 | 阿里巴巴集团控股有限公司 | Processing, providing method, client and the server of file stream |
CN110460588A (en) * | 2018-05-31 | 2019-11-15 | 腾讯科技(深圳)有限公司 | Realize method, apparatus, the computer system and storage medium of Information Authentication |
CN110460588B (en) * | 2018-05-31 | 2022-11-22 | 腾讯科技(深圳)有限公司 | Method, device, computer system and storage medium for realizing information verification |
CN110457628A (en) * | 2019-07-05 | 2019-11-15 | 平安国际智慧城市科技股份有限公司 | Webpage edition correcting method, device, equipment and storage medium |
CN112579998A (en) * | 2019-09-30 | 2021-03-30 | 北京京东尚科信息技术有限公司 | Webpage access method, management system and electronic equipment in information interaction platform |
CN112579998B (en) * | 2019-09-30 | 2023-09-26 | 北京京东尚科信息技术有限公司 | Webpage access method, management system and electronic equipment in information interaction platform |
CN114070576A (en) * | 2020-08-07 | 2022-02-18 | 腾讯科技(深圳)有限公司 | Content display method, content generation method, device, equipment and storage medium |
CN114070576B (en) * | 2020-08-07 | 2024-03-08 | 腾讯科技(深圳)有限公司 | A content display method a content generation method a device(s) apparatus and storage medium |
CN112507389A (en) * | 2020-10-28 | 2021-03-16 | 西安四叶草信息技术有限公司 | Webpage data processing method and device |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106330817A (en) | Webpage access method, device and terminal | |
US9998438B2 (en) | Verifying the security of a remote server | |
US9563764B2 (en) | Method and apparatus for performing authentication between applications | |
US8312520B2 (en) | Methods and systems to detect attacks on internet transactions | |
US8880885B2 (en) | Mutual authentication schemes | |
CN106991298B (en) | Access method of application program to interface, authorization request method and device | |
CN112333198A (en) | Secure cross-domain login method, system and server | |
CN106612180A (en) | Method and device for realizing session identifier synchronization | |
KR101744747B1 (en) | Mobile terminal, terminal and method for authentication using security cookie | |
US11418499B2 (en) | Password security | |
US20080229109A1 (en) | Human-recognizable cryptographic keys | |
CN112866228B (en) | Method and device for controlling unauthorized access of web system | |
CN109995776B (en) | Internet data verification method and system | |
CN106897761A (en) | A kind of two-dimensional code generation method and device | |
EP4092984A1 (en) | Data processing method and apparatus, device and medium | |
CN115580413B (en) | Zero-trust multi-party data fusion calculation method and device | |
CN114244522A (en) | Information protection method and device, electronic equipment and computer readable storage medium | |
TW201539239A (en) | Server, user device, and method of interaction between user device and server | |
CN109657170B (en) | Webpage loading method and device, computer equipment and storage medium | |
CN109889344A (en) | The transmission method and computer readable storage medium of terminal, data | |
CN116049802B (en) | Application single sign-on method, system, computer equipment and storage medium | |
CN114124440B (en) | Secure transmission method, apparatus, computer device and storage medium | |
CN106130996B (en) | A kind of website attack protection verifying system and method | |
CN110399706B (en) | Authorization authentication method, device and computer system | |
CN114065170A (en) | Method and device for acquiring platform identity certificate and server |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170111 |
|
RJ01 | Rejection of invention patent application after publication |