CN110177096A - Client certificate method, apparatus, medium and calculating equipment - Google Patents
Client certificate method, apparatus, medium and calculating equipment Download PDFInfo
- Publication number
- CN110177096A CN110177096A CN201910443250.5A CN201910443250A CN110177096A CN 110177096 A CN110177096 A CN 110177096A CN 201910443250 A CN201910443250 A CN 201910443250A CN 110177096 A CN110177096 A CN 110177096A
- Authority
- CN
- China
- Prior art keywords
- client
- web page
- page address
- strategy
- web
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
- H04L63/205—Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Information Transfer Between Computers (AREA)
Abstract
Embodiments of the present invention provide a kind of client certificate method, are applied to security gateway, and the security gateway is used to carry out information forwarding between the client and server.The described method includes: receiving the first web access requests from the client;Determine that the requested web page address of the first web access requests whether there is in web page address set;And when the web page address is present in the web page address set, the first strategy is taken to authenticate the client;When the web page address is not present in the web page address set, the second strategy is taken to authenticate the client;Wherein, first strategy is different from second strategy.Method of the invention can provide a variety of strategies and carry out client certificate, and security gateway is avoided to cause to manslaughter normal client using pure strategy.In addition, embodiments of the present invention provide a kind of client certificate device, medium and calculate equipment.
Description
Technical field
Embodiments of the present invention are related to Internet technical field, more specifically, embodiments of the present invention are related to one kind
Client certificate method, apparatus, medium and calculating equipment.
Background technique
Background that this section is intended to provide an explanation of the embodiments of the present invention set forth in the claims or context.Herein
Description recognizes it is the prior art not because not being included in this section.
In entire internet area, prevention and reply network attack are always an important subject under discussion.CC(Challenge
Collapsar) attack is a kind of method of network attack for server, it simulates the access behavior of normal client, with consumption
Server resource ultimately causes for the purpose of server can not provide service to the greatest extent.The principle of CC attack is relatively simple, it finds can be big
The interface URL of amount consumption server resource, constantly accesses to high frequency, finally exhausts server resource.It is so-called largely to consume
The interface of server resource, for example, a dynamic queries page of web site, page of every access, can all cause backstage to produce
Raw a large amount of database query operations.CC attack is initiated by various attack tools, and in general, these attack tools are real
Now simple, behavioural characteristic is clearly distinguishable from web browser.Therefore, it is necessary to be identified to client to defend CC to attack.
Summary of the invention
In the present context, embodiments of the present invention are intended to provide a kind of client certificate method, apparatus, medium and meter
Equipment is calculated, the source side that can efficiently identify access request is client or attack tool.
In the first aspect of embodiment of the present invention, a kind of client certificate method is provided, is applied to security gateway,
The security gateway is used to carry out information forwarding between the client and server.The described method includes: receiving from institute
State the first web access requests of client;Determine the requested web page address of the first web access requests whether there is in
Web page address set;And when the web page address is present in the web page address set, take the first strategy to the visitor
Family end is authenticated;When the web page address is not present in the web page address set, take the second strategy to the client
End is authenticated;Wherein, first strategy is different from second strategy.
In one embodiment of the invention, first web access requests of the reception from the client it
Before, the method also includes: the web page address set is set, obtains and comes from the service during carrying out information forwarding
At least one response message with the content type in content type set in the response message of device, obtains and comes from the client
At least one access request corresponding at least one described response message at end obtains at least one described access request and is asked
At least one web page address asked, and at least one described web page address is added to the web page address set, to update
The web page address set.
In one embodiment of the invention, the method also includes the content type set is arranged.Wherein, in described
Holding type set includes the content type that at least one support javascript code executes.
In one embodiment of the invention, it is described take first strategy to the client carry out certification include: to institute
First response of the client transmission to first web access requests is stated, first response includes recognizing for the client
First javascript code of card;The second web access requests that the client is sent based on first response are obtained,
Second web access requests include the authentication information of the client;And it is based on the first javascript code,
Verify the authentication information;And after the authentication information is by verifying, second web access requests are forwarded to institute
State server.
In one embodiment of the invention, described to be based on the first javascript code, verify the certification letter
Breath comprises determining that whether the authentication information conforms to a predetermined condition, wherein the predetermined condition is based on described first
Condition determined by javascript code;And when the authentication information meets the predetermined condition, determine the certification
Information Authentication passes through, and otherwise determines that the authentication information verifying does not pass through.
In one embodiment of the invention, described that the second strategy is taken to recognize the client, including according to pre-
If first web access requests are forwarded to the server by rule.
The second aspect of embodiment of the present invention provides a kind of client certificate device.The client certificate device
It is set to security gateway, the security gateway is used to carry out information forwarding between the client and server.Described device
Including client-side information receiving module, the first determining module and authentication module.The client-side information receiving module is for connecing
Receive the first web access requests from the client.First determining module is for determining that first web page access is asked
Requested web page address is asked to whether there is in web page address set.The authentication module in the web page address for being present in
When the web page address set, the first strategy is taken to authenticate the client;Institute is not present in the web page address
When stating web page address set, the second strategy is taken to authenticate the client;Wherein, first strategy and described second
It is tactful different.
In one embodiment of the invention, described device further includes that web page address set obtains module.The webpage
It includes that web page address set setting submodule, the first acquisition submodule, the second acquisition submodule, third obtain that location set, which obtains module,
Submodule and web page address set is taken to update submodule.The web page address set setting submodule is used to come in the reception
The web page address set is set from before the first web access requests of the client.First acquisition submodule is used for
Obtain the content having in the response message from the server in content type set during carrying out information forwarding
At least one response message of type.Second acquisition submodule be used to obtain from the client with described at least one
At least one corresponding access request of a response message.The third acquisition submodule is asked for obtaining at least one described access
Seek at least one requested web page address.The web page address set updates submodule and is used for by least one webpage
Location is added to the web page address set, to update the web page address set.
In one embodiment of the invention, described device further includes content type set setup module.The content class
Type set setup module is for being arranged the content type set, wherein the content type set includes at least one supports
The content type that javascript code executes.
In one embodiment of the invention, it is described take first strategy to the client carry out certification include: to institute
First response of the client transmission to first web access requests is stated, first response includes recognizing for the client
First javascript code of card;The second web access requests that the client is sent based on first response are obtained,
Second web access requests include the authentication information of the client and the access request to institute's web page address;It is based on
The first javascript code, verifies the authentication information;And after the authentication information is by verifying, by described the
Two web access requests are forwarded to the server.
In one embodiment of the invention, described to be based on the first javascript code, verify the certification letter
Breath comprises determining that whether the authentication information conforms to a predetermined condition, wherein the predetermined condition is based on described first
Condition determined by javascript code;And when the authentication information meets the predetermined condition, determine the certification
Information Authentication passes through;Otherwise, it determines the authentication information verifying does not pass through.
In one embodiment of the invention, described that the second strategy is taken to authenticate the client, including according to
First web access requests are forwarded to the server by preset rules.
The third aspect of embodiment of the present invention provides a kind of computer readable storage medium, and being stored thereon with can hold
Row instruction, described instruction make processor execute client certificate method as described above when being executed by processor.
The fourth aspect of embodiment of the present invention provides a kind of calculating equipment.The calculating equipment can including being stored with
The one or more memories and one or more processors executed instruction.Described in one or more of processors execute
Executable instruction, to realize client certificate method as described above.
The client certificate method, apparatus of embodiment, medium and calculating equipment according to the present invention, can ask according to access
Accessed web page address is sought to distinguish the certification policy that client is applicable in, thus selection have targetedly strategy carry out visitor
The identification of family end.Specifically, being identified when the requested web page address of access request is in web page address set using the first strategy
The source side of the access request is client or attack tool;Or when the requested web page address of access request is not in webpage
When address set, identify that the source side of the access request is client or attack tool using the second strategy.
According to some embodiments of the present invention, web page address set can be the client institute by that can be applicable in the first strategy
The set of the web page address composition of request.To client certificate method, apparatus, medium and meter according to an embodiment of the present invention
Equipment is calculated, it can be to the client that cannot apply or not know whether can be authenticated using the first strategy, using second
Strategy is authenticated, and some clients can be treated as to avoid mistake when only carrying out certification identification by the first strategy attack by this method
Tool is hit to manslaughtering, and then avoids normal access loss caused by manslaughtering of client, is that user brings better body
It tests.
Detailed description of the invention
The following detailed description is read with reference to the accompanying drawings, above-mentioned and other mesh of exemplary embodiment of the invention
, feature and advantage will become prone to understand.In the accompanying drawings, if showing by way of example rather than limitation of the invention
Dry embodiment, in which:
Client certificate method, apparatus, medium and the calculating that Fig. 1 schematically shows embodiment according to the present invention are set
Standby application scenarios;
Fig. 2 schematically shows the flow charts of client certificate method according to an embodiment of the present invention;
Fig. 3 schematically shows the method according to an embodiment of the present invention authenticated using the first strategy to client
Flow chart;
Fig. 4 schematically shows the methods according to an embodiment of the present invention authenticated using the first strategy to client
Scene signal;
Fig. 5 diagrammatically illustrate taken in Fig. 3 first strategy client is authenticated during authentication verification information
Method flow;
Fig. 6 diagrammatically illustrates the flow chart of client certificate method according to another embodiment of the present invention;
Fig. 7 diagrammatically illustrates the scene signal of client certificate method according to another embodiment of the present invention;
Fig. 8 diagrammatically illustrates the block diagram of client certificate device according to an embodiment of the present invention;
Fig. 9 diagrammatically illustrates showing for the program product for being adapted for carrying out client certificate method according to an embodiment of the present invention
Meaning;And
Figure 10 diagrammatically illustrates the calculating equipment for being adapted for carrying out client certificate method according to an embodiment of the present invention
Block diagram.
In the accompanying drawings, identical or corresponding label indicates identical or corresponding part.
Specific embodiment
The principle and spirit of the invention are described below with reference to several illustrative embodiments.It should be appreciated that providing this
A little embodiments are used for the purpose of making those skilled in the art can better understand that realizing the present invention in turn, and be not with any
Mode limits the scope of the invention.On the contrary, these embodiments are provided so that this disclosure will be more thorough and complete, and energy
It is enough that the scope of the present disclosure is completely communicated to those skilled in the art.
One skilled in the art will appreciate that embodiments of the present invention can be implemented as a kind of system, device, equipment, method
Or computer program product.Therefore, the present disclosure may be embodied in the following forms, it may be assumed that complete hardware, complete software
The form that (including firmware, resident software, microcode etc.) or hardware and software combine.
Embodiment according to the present invention proposes a kind of client certificate method, apparatus applied to security gateway, is situated between
Matter and calculating equipment.
Herein, it is to be understood that any number of elements in the description and the appended drawings is used to example rather than limits,
And any name is only used for distinguishing, without any restrictions meaning.
Below with reference to several representative embodiments of the invention, the principle and spirit of the present invention are explained in detail.
Summary of the invention
The inventors discovered that when carrying out certification identification to client with defending against network attacks, if certification recognition strategy mistake
In single and stringent, it will result in some clients normally accessed and manslaughtered.Therefore, it is necessary to be had according to different clients
Pointedly select corresponding certification policy.For example, can be according to wherein requested web page address to different access requests
It is distinguish, is authenticated by different strategies, it to a certain extent can be to avoid client caused by single authentication strategy
Manslaughter problem.
After introduced the basic principles of the present invention, lower mask body introduces various non-limiting embodiment party of the invention
Formula.
Application scenarios overview
Referring initially to Fig. 1.
Client certificate method, apparatus, medium and the calculating that Fig. 1 schematically shows embodiment according to the present invention are set
Standby application scenarios.
As shown in Figure 1, the application scenarios include terminal device 11, security gateway 12 and server 13.Terminal device 11, peace
Network connection can be passed through between full gateway 12 and server 13.Various applications clients can be installed in terminal device 11
(abbreviation client), such as shopping class application, web browser applications, searching class application, instant messaging tools, mailbox client
(merely illustrative) such as end, social platform softwares.Security gateway 12 between the client and server 13 for carrying out information
Forwarding.
Terminal device 11 can be the various electronic equipments with display screen and supported web page browsing, including but not limited to
Smart phone, tablet computer, pocket computer on knee and desktop computer etc..
User can be by operating the client in terminal device 11, so that user end to server sends user
Access request.Wherein, which first reaches security gateway 12, is forwarded to server 13 again by security gateway 12.
The response message that server 13 returns also first reaches security gateway 12, then is forwarded to the visitor in terminal device 11 through security gateway 12
Family end.
In some embodiments, security gateway 12 can carry out safety verification to the information of forwarding.For example, when for service
When the access frequency of device 13 is higher than preset warning value, security gateway 12 can be carried out the access request for accessing the server 13
Safety verification is prevented by this method wherein being let pass access request from the client for meeting safety requirements according to verification result
The network attacks such as model CC attack.For example, may also be operated by malicious user in terminal device 11 and be equipped with attack tool.Safety
Gateway 11 can execute the client certificate method of the embodiment of the present invention, to identify the access request for the server 13 to be sent to
Or actually source side's client attack tool.For being identified as the access request from attack tool, security gateway
12 will directly abandon the access request.For being identified as the access request from client, security gateway 12 can should
Access request is forwarded to server 13.
It should be understood that Fig. 1 is only illustrative, terminal device therein, security gateway and server number etc. only
It is schematical.According to needs are realized, any number of terminal device, security gateway and server can have.
Illustrative methods
Below with reference to the application scenarios of Fig. 1, the visitor of illustrative embodiments according to the present invention is described with reference to Fig. 2~Fig. 7
Family end authentication method.It should be noted that above-mentioned application scenarios are merely for convenience of understanding spirit and principles of the present invention and showing
Out, embodiments of the present invention are not limited in this respect.On the contrary, embodiments of the present invention can be applied to it is applicable
Any scene.
Fig. 2 schematically shows the flow charts of client certificate method according to an embodiment of the present invention.
As shown in Fig. 2, the client certificate method may include operation S210, operation S220, operation S230A and operation
S230B.The client certificate method is applied to security gateway 12.
In operation S210, the first web access requests from client are received.
In operation S220, determine that the requested web page address of the first web access requests whether there is in web page address set
In.
In operation S230A, when web page address is present in web page address set, the first strategy is taken to recognize client
Card.It is actually preset according to business that the web page address set can be designer, is also possible to security gateway 12 in day
It is obtained in normal information repeating process by learning records, it can be with reference to the associated description below with respect to Fig. 6~Fig. 7 to this.
In operation S230B, when web page address is not present in web page address set, the second strategy is taken to carry out client
Certification, wherein the first strategy is different from the second strategy.According to some embodiments of the present invention, which for example can be
Safety detection strategy conventional in the art, which, which for example can be, carries out processing analysis for emerging client
Security strategy.
According to an embodiment of the invention, the web page address that can be accessed according to access request is applicable in distinguish client
Certification policy, so that selection has targetedly, strategy identifies client, avoids using single certification policy
Cause some clients to be manslaughtered, and then avoid normal access loss caused by manslaughtering of client, is brought for user
Preferably experience.
According to one embodiment of present invention, which can be the safety verification plan based on JavaScript code
Slightly, which can be other strategies different from the safety verification based on JavaScript code.
For example, second strategy can be limitation to the forwarding frequency of the access request of particular webpage address.Such as
Second strategy, which can be, first imported into data flow for access request of the requested web page address not in web page address set
In system, and the source side of access request is authenticated by big data analysis processing in data flow system be client or attack
Hit tool.For example, warning value is higher than to the access frequency of some web page address if found after handling by big data analysis,
And these access both from the same source side, then the source side can be confirmed as attack tool, and correspondingly this is attacked
Hitting access request transmitted by tool will be dropped.
Fig. 3 schematically show in operation S230A according to an embodiment of the present invention using first strategy to client into
The flow chart of the method for row certification.Fig. 4 schematically shows according to an embodiment of the present invention tactful to visitor using first in Fig. 3
The scene for the method that family end is authenticated is illustrated.
Specifically, Fig. 3 and Fig. 4 illustrates the implementation process of the safety verification strategy based on JavaScript code.Below
The realization of the safety verification strategy based on JavaScript code is described in conjunction with Fig. 3 and Fig. 4.Implementation according to the present invention
Example, operation S230A may include operation S301~operation S304.
Firstly, security gateway 12 receives client (being mounted in terminal device 11) hair in operation S201 as previously described
The first web access requests (that is, resquest1 in Fig. 4) sent.
Then security gateway 12 is sent to client to the first web access requests resquest1's in operation S301
First response response1.First response response1 may include first for being authenticated to client
Javascript code.In first javascript generation, may include the logic for generating some information, wherein some information example
It such as can be cookie.
Then security gateway 12 can obtain what client was sent based on the first response response1 in operation S302
Second web access requests resquest2, the second web access requests resquest2 include client authentication information (for example,
The cookie that the information that client includes according to the first javascript code generates logic and generates is carried in resquest2);
Security gateway 12 is based on the first javascript code verification authentication information, Yi Ji in operation S303 later
It operates in S304, the second web access requests resquest2 is forwarded to server 13 after authentication information is by verifying.Its
In, the specific implementation for operating S303 can refer to the signal of Fig. 5.
Fig. 5 is diagrammatically illustrated to operate in Fig. 3 during S303 takes the first strategy to authenticate client and be verified
The method flow of authentication information.
As shown in figure 5, operation S303 may include operation S501 and operation S502 or operation S503.
In operation S501, determine whether authentication information (for example, the cookie carried in resquest2) meets predetermined item
Part, wherein the predetermined condition is the condition based on determined by the first javascript code.The predetermined condition for example can be base
The range of the cookie value determined by the first javascript code or for example can be execution this first
Javascript code obtains certain numerical value.
Then determine that authentication information is verified when authentication information conforms to a predetermined condition in operation S502.Or it is grasping
Make S503, when authentication information does not meet predetermined condition, determines that authentication information verifying does not pass through.
For example, security gateway 12 can generate a cookie according to included in the first javascript code
Logic, to verify whether cookie included in resquest2 conforms to a predetermined condition.Such as the first Javascript code
The logic for one cookie of generation for being included is to generate the odd numbered sequences including 5 characters, then security gateway 12 can be verified
Cookie included in resquest2 whether include 5 characters odd numbered sequences.
If cookie included in verifying resquest2 conforms to a predetermined condition, then it is assumed that included in resquest2
Cookie be verified.At this time security gateway 12 can determine resquest1 and resquest2 all derive from client rather than
Attack tool.In this way, resquest2 can be forwarded to server 13 (that is, security gateway 12 is to server 13 by security gateway 12
Send resquest3).Hereafter, security gateway 12 is after receiving server 13 based on the response response3 of resquest3,
Response3 can be transmitted to client (that is, security gateway 12 sends response2 to client).Client receives
After response2, primary access is just completed.
If cookie included in verifying resquest2 does not meet predetermined condition, then it is assumed that wrapped in resquest2
The cookie verifying contained does not pass through.Security gateway 12 can determine that resquest1 and resquest2 derive from attack work at this time
Tool.At this point, security gateway 12 can abandon resquest2.In some embodiments, if the source side of resquest1 is to attack
Tool is hit, after the first javascript code is gone back in the rebound of security gateway 12, is held since attack tool may not have code
Row ability, thus will not have resquest2 generation, then there will not be resquest2 reaches security gateway.
It can be seen that the safety verification strategy based on JavaScript code, which can be directed to, can execute JavaScript generation
The client (for example, part web browser) of code is authenticated.This kind of web browser has a feature: can execute response letter
JavaScript code in breath, and the various interactions with server 13 are realized according to code logic.
For summarizing, the safety verification strategy based on JavaScript code is: security gateway 12 rebounds one section
JavaScript code (that is, first JavaScript code) gives client, if client can execute first
JavaScript code, client re-initiate an access for according to the logic of the first JavaScript code
Resquest2, and take the cookie for executing the first JavaScript code and generating.Security gateway 12 receives client hair
The request resquest2 to come over, checks whether the cookie carried in resquest2 conforms to a predetermined condition.If it is pre- to meet this
Fixed condition, the server 13 that resquest2 agency will be requested to be forwarded to rear end.If the cookie carried in resquest2 is not
Meet the predetermined condition (for example, cookie is not present or is worth incorrect), then abandon request resquest1 and
Resquest2 (if there is).
In general, attack tool receives the first JavaScript generation in the response1 of the rebound of security gateway 12
After code, because not having JavaScript code executive capability, JavaScript code can be directly abandoned, it is also just not subsequent
The behavior of request resquest2 is initiated again.Therefore, it when applying the safety verification strategy based on JavaScript code, attacks
All requests for hitting tool will be unable to reach the server 13 of rear end, can not generate attack effect.
However, with the development of internet technology, web page starts asynchronization, and a large amount of ajax request is in web page
Occur.After client issues ajax request, if it is expected that response message be a paragraph format data, but security gateway
Rebound is gone back one section of JavaScript code when 12 safety verification strategy based on JavaScript code, and client is by nothing at this time
Method handles the JavaScript code.Therefore, the client requested for sending such as ajax, if using being based on
Attack tool can be erroneously interpreted as when the safety verification strategy of JavaScript code.
It is tested according to an embodiment of the invention, web page address set can be by being applicable in the safety based on JavaScript code
The set at least part web page address composition that the client of card strategy is requested access to.To according to embodiments of the present invention
Client certificate method, for be not suitable for the safety verification strategy based on JavaScript code client, can use
Second strategy is authenticated.
According to an embodiment of the invention, operation S230B in take second strategy client is authenticated, can be according to
First web access requests are forwarded to server 13 by preset rules.For example, only including first net in security gateway 12
In the case that access to web page is requested, it can directly forward the first web access requests to server 13.Alternatively, in security gateway 12
In the case where currently containing multiple first web access requests, then forward the first web access requests to clothes according to restriction frequency
Business device 13.The restriction frequency, which for example can be 1s only, allows 1 the first web access requests to pass through.Implementation according to the present invention
Example, when the second strategy of application authenticates client, even if access request derives from attack tool, also due to limiting frequency
The limitation of rate and server 13 can not be attacked by modes such as resource exhaustions, to protect the safety of server 13.
Fig. 6 diagrammatically illustrates the flow chart of client certificate method according to another embodiment of the present invention.
As shown in fig. 6, another embodiment according to the present invention, the client certificate method in addition to operation S210, operation S220,
It operates except S230A and operation S230B, can also include operation S610~operation S660.Wherein, implementation according to the present invention
Example, operation S610~operation S660 can be executed before operating S210.
In operation S610, web page address set is set.
In operation S620, set content type set, wherein content type set includes at least one supports
The content type that javascript code executes.Operating S620 in Fig. 6 and executing after operating S610 is only a kind of example.One
In a little embodiments, operate between S620 and operation S610 without specific successive logical order.
No matter client is web page or app (application program), about distinct interface URL in server 13 (that is, net
Page address) response contents, have a prior implicit agreement.Client can use response contents according to this agreement.
For example, the response of the interface URI1 of server 13 is format data, request the client of the resource of URI1 that can parse this number
According to, and shown according to the intention of client oneself.The response of the interface URI2 of server 13 is html code, request
The client of the resource of URI2 can be gone to parse and be shown to response message with the code requirement of html.According to http protocol specification,
The response message of server 13 can clearly identify the money of the network in response message in the Content-type field on the head http
The type (for example, being text/html or image/jpeg etc.) in source.
According to an embodiment of the invention, the content type is in the response message response of the return of server 13 for marking
Know the content type Content-Type of Internet resources.Content type Content-Type refers to Content- present in webpage
Type, for defining the type of Internet resources and the coding of webpage, determine client will in the form of what, what coding read this
A file.Common Content-Type has: text/html, image/jpeg, audio/mp3, video/mpeg or
Application/json etc..Wherein, a kind of content type for supporting javascript code to execute of text/html.
Later in operation S630, acquisition has in the response message from server 13 during carrying out information forwarding
At least one response message of content type in content type set.Then operation S640, obtain from client with
At least one corresponding access request of at least one response message.Then it in operation S650, obtains at least one access and asks
Seek at least one requested web page address.And in operation S660, which is added to web page address
Set, to update web page address set.
According to one embodiment of present invention, it operates in S630~operation S650 to the web page address in web page address set
Learning records and update can be in the case where security gateway 12 is in non-authentication state, by 12 learning records of security gateway and update
's.Security gateway 12 is under non-authentication state and for example can be, in the case where being less than warning value to the amount of access of server 13,
Security gateway 12 can only carry out information forwarding and the certification without client.Simultaneously in view of the malicious access to server 13
Non- is routinely event, therefore the access data being under non-authentication state based on security gateway 12 can be obtained more fully
To web page address set.
According to an embodiment of the invention, the web page address set that is arranged can be empty set in operation S610, or can also be with
Including initial several web page addresses.Then, in operation S630~operation S650, on 12 self study server 13 of security gateway
The content type of Internet resources provided by each interface URI (that is, web page address), and will support holding for javascript code
Capable web page address is added in web page address set.
In this way, belonging to the web page address for the web page address in access request when needing to authenticate client
Access request in set can be authenticated by the safety verification strategy based on JavaScript code, be sent with determining
Access request is client or malicious attack tool.The web page address collection is not belonging to for the web page address in access request
Access request in conjunction then authenticates client using the second strategy.In this way, it is possible to according to the difference of client and
Corresponding certification policy is pointedly used, the safety verification strategy using single based on JavaScript code is avoided and leads
Some clients are caused to be manslaughtered.
Fig. 7 diagrammatically illustrates the scene signal of client certificate method according to another embodiment of the present invention.
As shown in fig. 7, client certificate method according to an embodiment of the present invention, security gateway 12 is carrying out information forwarding
In the process, Content-type in the response message response of the server 13 received is belonged to the visit of content type set
Ask that the request requested web page address of request is recorded in web page address set, security gateway 12 constantly learns by this method
It can be using the access request of the safety verification strategy based on JavaScript code with updating.
Hereafter, when authenticating to client, the access request of security gateway 12 is passed through for each, first judgement is visited
Ask that requested web page address is whether in the web page address set in request.
If requested web page address is in the web page address set in the access request, it is based on JavaScript generation
The safety verification strategy of the code one section of JavaScript code that rebounds waits the implementing result of client to client, is known with this
The source side of the not access request is client or attack tool (being similar to certification scene shown in Fig. 4).
It is right using the second strategy if requested web page address is not in the web page address set in the access request
Client is authenticated.It can be seen that client certificate method according to an embodiment of the present invention, can be applied to complicated web
Environment solves the problems, such as to be manslaughtered based on client caused by single client certificate strategy.
Exemplary means
After describing the method for exemplary embodiment of the invention, next, with reference to Fig. 8 to the exemplary reality of the present invention
The client certificate device for applying mode is illustrated.
Fig. 8 diagrammatically illustrates the block diagram of client certificate device 800 according to an embodiment of the present invention.
As shown in figure 8, according to an embodiment of the invention, the client certificate device 800 is set to security gateway 12, it is described
Security gateway 12 is used to carry out information forwarding between the client and server 13.The device 800 includes client-side information
Receiving module 810, the first determining module 820 and authentication module 830.The client certificate device 800 can be used for executing ginseng
Examine client certificate method described in Fig. 2~Fig. 7.
The client-side information receiving module 810 can for example execute operation S210, come from the client for receiving
The first web access requests.
First determining module 820 can for example execute operation S220, for determining first web access requests
Requested web page address whether there is in web page address set.
The authentication module 830 can for example execute operation S230A and operation S230B, for depositing in the web page address
When being the web page address set, the first strategy is taken to authenticate the client;And the web page address not
When being present in the web page address set, the second strategy is taken to authenticate the client;Wherein, it is described first strategy with
Second strategy is different.
According to an embodiment of the invention, described take the first strategy to be authenticated (operation S230A) packet to the client
Include: Xiang Suoshu client sends the first response to first web access requests, and first response includes for described
The first javascript code (operation S301) of client certificate;Obtain what the client was sent based on first response
Second web access requests, second web access requests include the authentication information and to institute's webpage of the client
The access request (operation S302) of location;Based on the first javascript code, the authentication information (operation S303) is verified;
And after the authentication information is by verifying, second web access requests are forwarded to the 13 (operation of server
S304)。
According to an embodiment of the invention, described be based on the first javascript code, the authentication information (behaviour is verified
Make S303) comprise determining that whether the authentication information conforms to a predetermined condition, wherein the predetermined condition is based on described first
Condition determined by javascript code (operation S501);And when the authentication information meets the predetermined condition, really
The fixed authentication information is verified (operation S502), otherwise then determines the authentication information verifying not by (operation S503).
According to an embodiment of the invention, described take the second strategy to be authenticated (operation S230B), packet to the client
It includes and first web access requests is forwarded to the server 13 according to preset rules.
According to an embodiment of the invention, described device 800 further includes that web page address set obtains module 840.The webpage
It includes web page address set setting submodule 841, the first acquisition submodule 842, second acquisition that address set, which obtains module 840,
Module 843, third acquisition submodule 844 and web page address set update submodule 845.
The web page address set setting submodule 841 can for example execute operation S610, for coming from the reception
The web page address set is set before the first web access requests of the client.
First acquisition submodule 842 can for example execute operation S630, for obtaining in the mistake for carrying out information forwarding
At least one response letter in response message from the server 13 in journey with the content type in content type set
Breath.
Second acquisition submodule 843 can for example execute operation S640, for obtain from the client with
At least one corresponding access request of described at least one response message.
The third acquisition submodule 844 can for example execute operation S650, ask for obtaining at least one described access
Seek at least one requested web page address.
The web page address set, which updates submodule 845, can for example execute operation S660, for will it is described at least one
Web page address is added to the web page address set, to update the web page address set.
According to an embodiment of the invention, described device 800 further includes content type set setup module 850.The content
Type set setup module 850 can for example execute operation S620, for the content type set to be arranged, wherein in described
Holding type set includes the content type that at least one support javascript code executes.
Exemplary media
After describing the method and apparatus of exemplary embodiment of the invention, next, showing with reference to Fig. 9 the present invention
The medium of example property embodiment is illustrated.
The embodiments of the present invention also provide a kind of computer readable storage mediums, are stored thereon with executable instruction, institute
State instruction makes processor execute the client certificate method with reference to described in Fig. 2~Fig. 7 when being executed by processor.
In some possible embodiments, various aspects of the invention are also implemented as a kind of shape of program product
Formula comprising program code, when described program product is run on the computing device, said program code is for making the calculating
Equipment executes described in above-mentioned " illustrative methods " part of this specification the visitor of various illustrative embodiments according to the present invention
Operation in the authentication method of family end, for example, the calculating equipment can execute operation S210 as shown in Figure 2: reception comes from
First web access requests of the client;Operate S220: with determining the requested webpage of the first web access requests
Location whether there is in web page address set;In operation S230A: when the web page address is present in the web page address set,
It takes the first strategy to authenticate the client, and operation S230B: being not present in the webpage in the web page address
When address set, the second strategy is taken to authenticate the client.Wherein, it is described first strategy with it is described second strategy not
Together.
Described program product can be using any combination of one or more readable mediums.Readable medium can be readable letter
Number medium or readable storage medium storing program for executing.Readable storage medium storing program for executing for example may be-but not limited to-electricity, magnetic, optical, electromagnetic, red
The system of outside line or semiconductor, device or device, or any above combination.The more specific example of readable storage medium storing program for executing
(non exhaustive list) includes: the electrical connection with one or more conducting wires, portable disc, hard disk, random access memory
(RAM), read-only memory (ROM), erasable programmable read only memory (EPROM or flash memory), optical fiber, portable compact disc
Read memory (CD-ROM), light storage device, magnetic memory device or above-mentioned any appropriate combination.
As shown in figure 9, describing the program product for being adapted for carrying out client certificate method according to an embodiment of the present invention
900, can be using portable compact disc read only memory (CD-ROM) and including program code, and equipment can be being calculated,
Such as it is run on PC.However, program product of the invention is without being limited thereto, in this document, readable storage medium storing program for executing can be with
To be any include or the tangible medium of storage program, the program can be commanded execution system, device or device use or
It is in connection.
Readable signal medium may include in a base band or as the data-signal that carrier wave a part is propagated, wherein carrying
Readable program code.The data-signal of this propagation can take various forms, including --- but being not limited to --- electromagnetism letter
Number, optical signal or above-mentioned any appropriate combination.Readable signal medium can also be other than readable storage medium storing program for executing it is any can
Read medium, the readable medium can send, propagate or transmit for by instruction execution system, device or device use or
Program in connection.
The program code for including on readable medium can transmit with any suitable medium, including --- but being not limited to ---
Wirelessly, wired, optical cable, RF etc. or above-mentioned any appropriate combination.
The program for executing operation of the present invention can be write with any combination of one or more programming languages
Code, described program design language include object oriented program language --- and such as Java, C++ etc. further include routine
Procedural programming language --- such as " C ", language or similar programming language.Program code can fully exist
It executes in user calculating equipment, partly execute on a user device, executing, as an independent software package partially in user
Upper side point is calculated to execute or execute in remote computing device or server completely on a remote computing.It is relating to
And in the situation of remote computing device, remote computing device can pass through the network of any kind --- including local area network (LAN)
Or wide area network (WAN) one is connected to user calculating equipment, or, it may be connected to external computing device (such as utilize internet
Service provider is connected by internet).
Exemplary computer device
After method, medium and the device for describing exemplary embodiment of the invention, next, with reference to Figure 10 to this
The calculating equipment of invention illustrative embodiments is illustrated.
The embodiment of the invention also provides a kind of calculating equipment.The calculating equipment include one or more memories, with
And one or more processors.One or more of memories are stored with executable instruction.One or more of processing
Device executes the executable instruction, refers to client certificate method described in Fig. 2~Fig. 7 to realize.
The embodiment of the invention also provides a kind of calculating equipment.Person of ordinary skill in the field is it is understood that this hair
Bright various aspects can be implemented as system, method or program product.Therefore, various aspects of the invention can be implemented as
Following form, it may be assumed that complete hardware embodiment, complete Software Implementation (including firmware, microcode etc.) or hardware and
The embodiment that software aspects combine, may be collectively referred to as circuit, " module " or " system " here.
In some possible embodiments, calculating equipment according to the present invention can include at least at least one processing
Device and at least one processor.Wherein, the processor is stored with program code, when said program code is by the processing
Device execute when so that the processor execute it is various according to the present invention described in above-mentioned " illustrative methods " part of this specification
Step in the client certificate method of illustrative embodiments.For example, the processor can execute behaviour as shown in Figure 2
Make S210: receiving the first web access requests from the client;Operation S220: first web access requests are determined
Requested web page address whether there is in web page address set;In operation S230A: being present in the net in the web page address
When page address set, take first strategy the client is authenticated, and operation S230B: the web page address not
When being present in the web page address set, the second strategy is taken to authenticate the client.Wherein, it is described first strategy with
Second strategy is different.
The calculating equipment for being adapted for carrying out client certificate method according to an embodiment of the present invention is described referring to Figure 10
1000.Calculating equipment 1000 as shown in Figure 10 is only an example, function to the embodiment of the present invention and should not use model
Shroud carrys out any restrictions.
As shown in Figure 10, equipment 1000 is calculated to show in the form of universal computing device.The component for calculating equipment 1000 can
To include but is not limited to: at least one above-mentioned processor 1010, at least one above-mentioned processor 1020, the different system components of connection
The bus 1030 of (including processor 1020 and processor 1010).
Bus 730 includes data/address bus, control bus and address bus.
Processor 1020 may include the readable medium of form of volatile memory, such as random access memory (RAM)
1021 and/or cache memory 1022, it can further include read-only memory (ROM) 1023.
Reservoir 1020 can also include program/utility with one group of (at least one) program module 1024
1025, such program module 1024 includes but is not limited to: operating system, one or more application program, other program moulds
It may include the realization of network environment in block and program data, each of these examples or certain combination.
Calculating equipment 1000 can also be with one or more external equipments 1040 (such as keyboard, sensing equipment, bluetooth equipment
Deng) communication, can also be enabled a user to one or more with calculate equipment 1000 interact equipment communication, and/or with make
Calculate any equipment (such as router, modulation /demodulation that equipment 1000 can be communicated with one or more of the other calculating equipment
Device etc.) communication.This communication can be carried out by input/output (I/0) interface 1050.Also, it calculates equipment 1000 may be used also
To pass through network adapter 1060 and one or more network (such as local area network (LAN), wide area network (WAN) and/or public network
Network, such as internet) communication.As shown, other moulds of the network adapter 1060 by bus 1030 and calculating equipment 1000
Block communication.It should be understood that other hardware and/or software module are used although not shown in the drawings, can combine and calculate equipment 1000,
Including but not limited to: microcode, device driver, redundant processor, external disk drive array, RAID system, magnetic tape drive
Device and data backup storage system etc..
It should be noted that although being referred to several units/modules or subelement/module of device in the above detailed description,
But it is this division be only exemplary it is not enforceable.In fact, embodiment according to the present invention, above-described
The feature and function of two or more units/modules can embody in a units/modules.Conversely, above-described one
The feature and function of a units/modules can be to be embodied by multiple units/modules with further division.
In addition, although describing the operation of the method for the present invention in the accompanying drawings with particular order, this do not require that or
Hint must execute these operations in this particular order, or have to carry out shown in whole operation be just able to achieve it is desired
As a result.Additionally or alternatively, it is convenient to omit multiple steps are merged into a step and executed by certain steps, and/or by one
Step is decomposed into execution of multiple steps.
Although detailed description of the preferred embodimentsthe spirit and principles of the present invention are described by reference to several, it should be appreciated that, this
It is not limited to the specific embodiments disclosed for invention, does not also mean that the feature in these aspects cannot to the division of various aspects
Combination is benefited to carry out, this to divide the convenience merely to statement.The present invention is directed to cover appended claims spirit and
Included various modifications and equivalent arrangements in range.
Claims (14)
1. a kind of client certificate method, is applied to security gateway, the security gateway is used in the client and server
Between carry out information forwarding, which comprises
Receive the first web access requests from the client;
Determine that the requested web page address of the first web access requests whether there is in web page address set;And
When the web page address is present in the web page address set, the first strategy is taken to authenticate the client;
When the web page address is not present in the web page address set, the second strategy is taken to authenticate the client;
Wherein, first strategy is different from second strategy.
2. according to the method described in claim 1, wherein, in first web access requests of the reception from the client
Before, the method also includes:
The web page address set is set;
Obtaining has in content type set in the response message from the server during carrying out information forwarding
At least one response message of content type;
Obtain at least one access request corresponding at least one described response message from the client;
Obtain at least one requested web page address of at least one described access request;And
At least one described web page address is added to the web page address set, to update the web page address set.
3. according to the method described in claim 2, wherein, the method also includes:
The content type set is set, wherein the content type set includes at least one support javascript code
The content type of execution.
4. method according to claim 1 or 3, wherein described that the first strategy is taken to carry out certification packet to the client
It includes:
The first response to first web access requests is sent to the client, first response includes for described
First javascript code of client certificate;
Obtain the second web access requests that the client is sent based on first response, second web access requests
Authentication information including the client;
Based on the first javascript code, the authentication information is verified;And
After the authentication information is by verifying, second web access requests are forwarded to the server.
5. it is described to be based on the first javascript code according to the method described in claim 4, wherein, recognize described in verifying
Demonstrate,proving information includes:
Determine whether the authentication information conforms to a predetermined condition, wherein the predetermined condition is based on the first javascript
Condition determined by code;And
When the authentication information meets the predetermined condition, determine that the authentication information is verified;Otherwise, it determines described recognize
Card Information Authentication does not pass through.
6. method according to claim 1 or 3, wherein described that the second strategy is taken to carry out certification packet to the client
It includes:
First web access requests are forwarded to the server according to preset rules.
7. a kind of client certificate device, is set to security gateway, the security gateway is used in the client and server
Between carry out information forwarding, described device includes:
Client-side information receiving module, for receiving the first web access requests from the client;
First determining module, for determining the requested web page address of the first web access requests with the presence or absence of in webpage
Location set;And
Authentication module, for when the web page address is present in the web page address set, taking the first strategy to the visitor
Family end is authenticated;When the web page address is not present in the web page address set, take the second strategy to the client
End is authenticated;Wherein, first strategy is different from second strategy.
8. device according to claim 7, wherein described device further includes that web page address set obtains module, comprising:
Submodule is arranged in web page address set, for before first web access requests of the reception from the client
The web page address set is set;
First acquisition submodule has in the response message from the server during carrying out information forwarding for obtaining
There is at least one response message of the content type in content type set;
Second acquisition submodule, for obtaining corresponding at least one described response message at least one from the client
A access request;
Third acquisition submodule, for obtaining at least one requested web page address of at least one described access request;And
Web page address set updates submodule, at least one described web page address to be added to the web page address set,
To update the web page address set.
9. device according to claim 8, wherein described device further include:
Content type set setup module, for the content type set to be arranged, wherein the content type set includes extremely
A kind of few content type for supporting javascript code to execute.
10. the device according to claim 7 or 9, wherein described that the first strategy is taken to carry out certification packet to the client
It includes:
The first response to first web access requests is sent to the client, first response includes for described
First javascript code of client certificate;
Obtain the second web access requests that the client is sent based on first response, second web access requests
Authentication information including the client and the access request to institute's web page address;
Based on the first javascript code, the authentication information is verified;And
After the authentication information is by verifying, second web access requests are forwarded to the server.
11. device according to claim 10, wherein it is described to be based on the first javascript code, described in verifying
Authentication information includes:
Determine whether the authentication information conforms to a predetermined condition, wherein the predetermined condition is based on the first javascript
Condition determined by code;
When the authentication information meets the predetermined condition, determine that the authentication information is verified;Otherwise, it determines described recognize
Card Information Authentication does not pass through.
12. the device according to claim 7 or 9, wherein described that the second strategy is taken to carry out certification packet to the client
It includes:
First web access requests are forwarded to the server according to preset rules.
13. a kind of computer readable storage medium, is stored thereon with executable instruction, described instruction makes when being executed by processor
Processor executes client certificate method described in any one according to claim 1~6.
14. a kind of calculating equipment, comprising:
One or more memories, are stored with executable instruction;
One or more processors execute the executable instruction, to realize described in any one according to claim 1~6
Client certificate method.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910443250.5A CN110177096B (en) | 2019-05-24 | 2019-05-24 | Client authentication method, device, medium and computing equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910443250.5A CN110177096B (en) | 2019-05-24 | 2019-05-24 | Client authentication method, device, medium and computing equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110177096A true CN110177096A (en) | 2019-08-27 |
| CN110177096B CN110177096B (en) | 2021-09-07 |
Family
ID=67695915
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910443250.5A Active CN110177096B (en) | 2019-05-24 | 2019-05-24 | Client authentication method, device, medium and computing equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110177096B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113761507A (en) * | 2020-10-30 | 2021-12-07 | 北京沃东天骏信息技术有限公司 | Authentication method and device |
| CN114143056A (en) * | 2021-11-24 | 2022-03-04 | 上海派拉软件股份有限公司 | Terminal access method and device, electronic equipment and storage medium |
Citations (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101854335A (en) * | 2009-03-30 | 2010-10-06 | 华为技术有限公司 | Method, system and network device for filtration |
| CN103685294A (en) * | 2013-12-20 | 2014-03-26 | 北京奇虎科技有限公司 | Method and device for identifying attack sources of denial of service attack |
| CN103929498A (en) * | 2014-05-05 | 2014-07-16 | 北京京东尚科信息技术有限公司 | Method and device for processing client requests |
| US20140359108A1 (en) * | 2013-05-31 | 2014-12-04 | Sungard Availability Services, Lp | Xml based generic unix discovery framework |
| CN105100084A (en) * | 2015-07-07 | 2015-11-25 | 中国科学院计算技术研究所 | Method and system for preventing cross-site request forgery attack |
| CN105162793A (en) * | 2015-09-23 | 2015-12-16 | 上海云盾信息技术有限公司 | Method and apparatus for defending against network attacks |
| CN105897694A (en) * | 2016-03-25 | 2016-08-24 | 网宿科技股份有限公司 | Session identification method and system of client |
| CN105978933A (en) * | 2016-04-25 | 2016-09-28 | 青岛海信电器股份有限公司 | Webpage request method, webpage response method, terminal, server, and webpage request and response system |
| CN106105139A (en) * | 2014-03-07 | 2016-11-09 | 微软技术许可有限责任公司 | The automatic detection of the authentication method being carried out by gateway |
| CN107426243A (en) * | 2017-08-28 | 2017-12-01 | 北京奇安信科技有限公司 | A kind of network safety protection method and device |
| CN108055241A (en) * | 2017-11-15 | 2018-05-18 | 滨州市工商行政管理局 | A kind of defence method and system of CC attacks |
| CN108965251A (en) * | 2018-06-08 | 2018-12-07 | 广州大学 | A kind of safe mobile phone guard system that cloud combines |
| CN109510815A (en) * | 2018-10-19 | 2019-03-22 | 杭州安恒信息技术股份有限公司 | A kind of multistage detection method for phishing site and detection system based on supervised learning |
-
2019
- 2019-05-24 CN CN201910443250.5A patent/CN110177096B/en active Active
Patent Citations (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101854335A (en) * | 2009-03-30 | 2010-10-06 | 华为技术有限公司 | Method, system and network device for filtration |
| US20140359108A1 (en) * | 2013-05-31 | 2014-12-04 | Sungard Availability Services, Lp | Xml based generic unix discovery framework |
| CN103685294A (en) * | 2013-12-20 | 2014-03-26 | 北京奇虎科技有限公司 | Method and device for identifying attack sources of denial of service attack |
| CN106105139A (en) * | 2014-03-07 | 2016-11-09 | 微软技术许可有限责任公司 | The automatic detection of the authentication method being carried out by gateway |
| CN103929498A (en) * | 2014-05-05 | 2014-07-16 | 北京京东尚科信息技术有限公司 | Method and device for processing client requests |
| CN105100084A (en) * | 2015-07-07 | 2015-11-25 | 中国科学院计算技术研究所 | Method and system for preventing cross-site request forgery attack |
| CN105162793A (en) * | 2015-09-23 | 2015-12-16 | 上海云盾信息技术有限公司 | Method and apparatus for defending against network attacks |
| CN105897694A (en) * | 2016-03-25 | 2016-08-24 | 网宿科技股份有限公司 | Session identification method and system of client |
| CN105978933A (en) * | 2016-04-25 | 2016-09-28 | 青岛海信电器股份有限公司 | Webpage request method, webpage response method, terminal, server, and webpage request and response system |
| CN107426243A (en) * | 2017-08-28 | 2017-12-01 | 北京奇安信科技有限公司 | A kind of network safety protection method and device |
| CN108055241A (en) * | 2017-11-15 | 2018-05-18 | 滨州市工商行政管理局 | A kind of defence method and system of CC attacks |
| CN108965251A (en) * | 2018-06-08 | 2018-12-07 | 广州大学 | A kind of safe mobile phone guard system that cloud combines |
| CN109510815A (en) * | 2018-10-19 | 2019-03-22 | 杭州安恒信息技术股份有限公司 | A kind of multistage detection method for phishing site and detection system based on supervised learning |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113761507A (en) * | 2020-10-30 | 2021-12-07 | 北京沃东天骏信息技术有限公司 | Authentication method and device |
| CN114143056A (en) * | 2021-11-24 | 2022-03-04 | 上海派拉软件股份有限公司 | Terminal access method and device, electronic equipment and storage medium |
| CN114143056B (en) * | 2021-11-24 | 2024-04-05 | 上海派拉软件股份有限公司 | Terminal access method and device, electronic equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110177096B (en) | 2021-09-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106302546B (en) | The method and apparatus for realizing server access | |
| CN104113549B (en) | A kind of platform authorization method, platform service end and applications client and system | |
| CN104113551B (en) | A kind of platform authorization method, platform service end and applications client and system | |
| CN108200099B (en) | Mobile application, personal status relationship management | |
| CN104584480B (en) | Cloud assisted method for application safety verification and service | |
| CN103916244B (en) | Verification method and device | |
| US20180196875A1 (en) | Determining repeat website users via browser uniqueness tracking | |
| CN103428179B (en) | A kind of log in the method for many domain names website, system and device | |
| CN103368913A (en) | Account login method, apparatus and system, and network server | |
| CN105897696B (en) | A kind of terminal, server-side and terminal access management method | |
| CN109408250A (en) | Call application programming interface API approach, device, electronic equipment | |
| CN109981664A (en) | Website logging method, device and the realization device of page end | |
| CN109861968A (en) | Resource access control method, device, computer equipment and storage medium | |
| CN106919634A (en) | Across the method and web browser of Application share data | |
| CN107040518A (en) | A kind of private clound server log method and system | |
| CN102316080A (en) | Function for supporting anonymous verification of central authentication service in same master domain | |
| CN113938886A (en) | Identity authentication platform test method, device, equipment and storage medium | |
| CN109274705A (en) | Service providing method, apparatus and system based on user identity | |
| CN113569263A (en) | Secure processing method and device for cross-private-domain data and electronic equipment | |
| CN104375935B (en) | The test method and device of SQL injection attack | |
| CN110177096A (en) | Client certificate method, apparatus, medium and calculating equipment | |
| CN109495458A (en) | A kind of method, system and the associated component of data transmission | |
| CN112260983B (en) | Identity authentication method, device, equipment and computer readable storage medium | |
| CN106888248B (en) | For obtaining the method and apparatus of user access activity information | |
| CN108141434B (en) | Providing multi-factor authentication credentials via device notifications |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |