CN114866320A - Method, device, equipment and storage medium for preventing url parameter from being tampered - Google Patents

Method, device, equipment and storage medium for preventing url parameter from being tampered Download PDF

Info

Publication number
CN114866320A
CN114866320A CN202210486660.XA CN202210486660A CN114866320A CN 114866320 A CN114866320 A CN 114866320A CN 202210486660 A CN202210486660 A CN 202210486660A CN 114866320 A CN114866320 A CN 114866320A
Authority
CN
China
Prior art keywords
url
service data
service
data string
timestamp
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210486660.XA
Other languages
Chinese (zh)
Inventor
覃贝贝
彭娟
农倩倩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Bank of China Ltd
Original Assignee
Bank of China Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Bank of China Ltd filed Critical Bank of China Ltd
Priority to CN202210486660.XA priority Critical patent/CN114866320A/en
Publication of CN114866320A publication Critical patent/CN114866320A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3249Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using RSA or related signature schemes, e.g. Rabin scheme
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/121Timestamp

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to the technical field of network security, and discloses a method, a device, equipment and a storage medium for preventing url parameter from being tampered, wherein the method comprises the steps of generating a timestamp when a service data string is received; determining a signature character string according to the timestamp and the service data string; generating a url according to the service data string, the timestamp and the signature character string; the url is sent to the operator, so that the operator executes the service corresponding to the service data string after the verification of the signature character string and the time stamp in the url is completed.

Description

Method, device, equipment and storage medium for preventing url parameter from being tampered
Technical Field
The invention relates to the technical field of network security, in particular to a method, a device, equipment and a storage medium for preventing url parameter from being tampered.
Background
This section is intended to provide a background or context to the embodiments of the invention that are recited in the claims. The description herein is not admitted to be prior art by inclusion in this section.
At present, in order to make small and medium-sized enterprises obtain loans quickly, banks often need to cooperate with partners in business scenes such as popular financial before-loan marketing and the like. The medium and small-sized enterprises fill in business data such as personal information or enterprise requirements through the cooperation party, the cooperation party sends the business data to the bank, and the bank can rapidly pay for the medium and small-sized enterprises according to the business data, so that the urgent need of the medium and small-sized enterprises is solved.
When the partner and the bank (the operator) transmit the business data, the form filled by the small and medium enterprises is usually split into a plurality of urls for transmission.
In the existing scheme for preventing falsification based on url transfer data, a partner usually extracts specific information in a url, a string to be signed is formed by the specific information, a signature is generated for the string to be signed by using a specific algorithm, the signature information is sent to an operator, the operator decrypts the signature to obtain the specific information, and corresponding operations are performed according to the specific information, such as paying money for small and medium enterprises, and the like.
Disclosure of Invention
The embodiment of the invention provides a method for preventing url parameters from being tampered, which is used for reducing the risk that the parameters in the url are tampered when data are transmitted through the url, and comprises the following steps:
generating a timestamp when receiving the service data string;
determining a signature character string according to the timestamp and the service data string;
generating a url according to the service data string, the timestamp and the signature character string;
and sending the url to an operator, so that the operator executes the service corresponding to the service data string after finishing verifying the signature character string and the timestamp in the url.
As one embodiment herein, before generating the timestamp when receiving the traffic data string, the method includes:
acquiring service data, wherein the service data is input by a user according to a url template associated with a service to be requested;
and converting the service data into the service data string according to the data filling format of the url template.
As an embodiment herein, the determining a signature string according to the timestamp and the service data string includes:
generating a character string to be signed according to the timestamp and the service data string;
acquiring a service-related private key according to the service-related field in the url template;
and performing signature operation on the character string to be signed according to a preset service-related private key to obtain a signature character string.
As an embodiment herein, the obtaining a service-related private key according to a service-related field in the url template includes:
determining a service scene corresponding to the service related field;
and traversing a private key table according to the service scene to obtain the service-related private key, wherein the private key table represents the mapping relation between the service scene and the service-related private key.
As an embodiment herein, the generating a url from the transaction data string, the timestamp, and the signature string includes:
and sequentially filling the timestamp and the signature character string into the service data string in the url template in a key-value pair mode to generate the url.
In another aspect, an apparatus for preventing url parameter from being tampered is provided herein, which is applied to a partner, and includes:
the time stamp generating unit is used for generating a time stamp when receiving the service data string;
a character string determining unit, configured to determine a signature character string according to the timestamp and the service data string;
a url generating unit, configured to generate a url according to the service data string, the timestamp, and the signature string;
and the sending unit is used for sending the url to an operator so that the operator executes the service corresponding to the service data string after finishing verifying the signature character string and the time stamp in the url.
In another aspect, a method for preventing url parameters from being tampered is provided herein, which is applied to an operator, and includes:
acquiring a url sent by a partner, wherein the url comprises a service data string, a timestamp and a signature character string;
decrypting the signature character string in the url to obtain a timestamp and a service data string;
judging whether the time stamp and the service data string obtained by decryption are the same as the service data string and the time stamp in the url, and judging whether the time stamp in the url meets a time threshold value;
and if the judgment result is yes, executing the service corresponding to the service data string in the url.
In another aspect, a device for preventing url parameter from being tampered is provided herein, which is applied to an operator, and includes:
the system comprises an acquisition unit, a processing unit and a processing unit, wherein the acquisition unit is used for acquiring a url sent by a partner, and the url comprises a service data string, a timestamp and a signature character string;
the decryption unit is used for decrypting the signature character string in the url to obtain a timestamp and a service data string;
the judging unit is used for judging whether the time stamp and the service data string obtained by decryption are the same as the service data string and the time stamp in the url and judging whether the time stamp in the url meets a time threshold value;
and the execution unit is used for executing the service corresponding to the service data string in the url if the judgment results are yes.
In another aspect, a computer apparatus is also provided herein, comprising a memory, a processor, and a computer program stored on the memory and executable on the processor, the processor implementing any of the methods when executing the computer program.
In another aspect, a computer-readable storage medium is also provided herein, which stores a computer program that, when executed by a processor, implements any of the methods.
In the embodiment of the invention, compared with the technical scheme for preventing violent tampering in the prior art, the time stamp is added when the url is generated, so that the url has timeliness, the violent tampering usually needs longer time, after the url has the timeliness, and after the url is violently tampered, whether the url is effective or not can be judged through the timeliness of the url, and the influence on a partner caused by modifying some parameters of the url after the url is violently tampered is reduced.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts. In the drawings:
FIG. 1 is an overall system diagram of url parameter tamper resistance in an embodiment of the present invention;
FIG. 2 is a diagram illustrating a method for tamper-proofing url parameters applied to a partner according to an embodiment of the present invention;
FIG. 3 is a schematic diagram of an apparatus for preventing url parameters of a partner from being tampered according to an embodiment of the present invention;
fig. 4 is a schematic diagram illustrating a method for tamper-proofing a url parameter applied to an operator according to an embodiment of the present invention;
FIG. 5 is a schematic diagram of a url parameter tamper-proofing apparatus applied to an operator according to an embodiment of the present invention;
FIG. 6 is a data flow diagram illustrating the tamper-proofing of url parameters according to an embodiment of the present invention;
FIG. 7 is a diagram of a computer according to an embodiment of the present invention.
Description of the symbols of the drawings:
101. a partner;
102. an operator;
301. a time stamp generating unit;
302. a character string determination unit;
303. a url generation unit;
304. a transmitting unit;
501. an acquisition unit;
502. a decryption unit;
503. a judgment unit;
504. an execution unit;
702. a computer device;
704. a processor;
706. a memory;
708. a drive mechanism;
710. an input/output module;
712. an input device;
714. an output device;
716. a presentation device;
718. a graphical user interface;
720. a network interface;
722. a communication link;
724. a communication bus.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the embodiments of the present invention are further described in detail below with reference to the accompanying drawings. The exemplary embodiments and descriptions of the present invention are provided to explain the present invention, but not to limit the present invention.
At present, in order to make small and medium-sized enterprises obtain loans quickly, banks often need to cooperate with partners in business scenes such as popular financial before-loan marketing and the like. The medium and small-sized enterprises fill in business data such as personal information or enterprise requirements through the cooperation party, the cooperation party sends the business data to the bank, and the bank can rapidly pay for the medium and small-sized enterprises according to the business data, so that the urgent need of the medium and small-sized enterprises is solved.
The overall system diagram of url parameter tamper-proofing as shown in fig. 1 comprises a partner 101 and an operator 102.
The partner 101 is used for operating a partner system, the partner system comprises an external platform and the like which establish a cooperative relationship with a bank and sign an agreement, for example, a unit (the unit signs an agreement with the bank and is a partner of the bank) needs large-batch purchasing equipment, when a bill needs to be paid in the process of purchasing the equipment, the unit needs to make a loan, a url template sent by the bank in advance can be found through the partner, service data and the like needing the loan are filled according to service related fields on the url template, the service data comprises payment sensitive information such as loan amount, personal information, fund use and the like, and after the completion of the filling, various service data in the url are encrypted and sent to the bank.
And the operator 102 is used for receiving the url sent by each partner 101, wherein the operator 102 comprises a bank operating an operating system, and the bank decrypts the url and sends the loan to the unit of the partner 101 according to the service data in the url.
The partner 101 and the operator 102 may be connected through a network cable, and it should be noted that the services of the partner 101 and the operator 102 include loan and account opening.
The url generation process is simple, and when the url is transmitted to the operator 102 through the partner 101, the url may be subjected to malicious attack, so that the service data in the url is tampered, for example, when a unit wishes to make a loan of 10w, when the unit is tampered, the loan amount of the unit is modified to 1w, and the bill of the unit cannot be paid for the first time, so that the capacity of the unit cannot meet the demand, and the subsequent serious result is caused.
Therefore, a method for preventing url parameters from being tampered is provided, which can solve the problem that the url is encrypted to prevent the occurrence of an accident that an operator receives the tampered url, and as shown in fig. 2, a schematic diagram of the method for preventing url parameters from being tampered applied to a partner includes:
step 201, generating a time stamp when receiving the service data string.
Step 202, determining a signature character string according to the timestamp and the service data string.
And 203, generating a url according to the service data string, the timestamp and the signature character string.
And step 204, sending the url to an operator, so that the operator executes the service corresponding to the service data string after finishing the verification of the signature character string and the timestamp in the url.
Through the mode, the url is enabled to have effectiveness by adding the timestamp when the url is generated, because violent tampering usually needs a long time, and the url is enabled to have ineffectiveness, after the url is violently tampered, whether the url is effective can be judged through the aging of the url, and the influence of modifying certain parameters of the url on an operator after violent tampering is reduced.
In this step, when the service data string is obtained, a timestamp may be generated, and in this context, the timestamp may be generated by a partner using the total number of seconds from 1970, 1/1 (00: 00: 00GMT) to the current time in greenwich mean time, and the generation manner is, for example, Java language: long timestamp ═ new Date (). getTime ().
As one embodiment herein, before generating the timestamp when receiving the traffic data string, the method includes:
acquiring service data, wherein the service data is input by a user according to a url template associated with a service to be requested;
and converting the service data into the service data string according to the data filling format of the url template.
In this step, in order to reduce the communication cost between the partner and the operator and reduce the labor of operators of both parties, the operator may send the url template to the partner in advance before executing the url parameter tamper-proofing method of this document.
It should be noted that the url template includes a fixed field and a field to be filled, the fixed field corresponds to a service with a request of the user, for example, the user needs to request a loan, the url template includes at least a loan field and a loan amount field, the user needs to fill in an amount actually needed for the loan after the loan amount field, and for convenience of description, the content to be filled in by the user may be referred to as service data. Each fixed field may be named as a fixed parameter herein, and the filled-in service data and the fixed field are collectively referred to as a service data string, for example, the service data string orderId 0001& channel ABC, where 0001& channel may represent the loan amount, and the right side ABC represents the amount filled in by the user, and in this context, for example, 5w, the service data string orderId 0001& channel 50000.
In this document, the loan amount viewed by the user is text, the number is input, and the loan amount is converted into an english field (an immutable fixed field) according to a preset code conversion method, and the number (service data) input by the user is assigned with the english field.
It should be noted that, not only each url may be encrypted, but also a form composed of a plurality of urls may be encrypted. When the form is encrypted, the form may be first split into a plurality of urls, and finally each url is encrypted, which is not limited herein.
As an embodiment herein, the determining a signature string according to the timestamp and the service data string includes:
generating a character string to be signed according to the timestamp and the service data string;
acquiring a service-related private key according to the service-related field in the url template;
and performing signature operation on the character string to be signed according to a preset service-related private key to obtain a signature character string.
In this step, the timestamp and the service data string may be sequentially spliced to obtain a character string to be signed, for example, orderId 0001& channel & ABC & timestamp 1646998305, it should be noted that, by means of sequential splicing, the method may be in accordance with a code decryption method, after the timestamp and the service data string are generated into a signature character string according to a certain rule splicing (poor splicing or interval splicing), when an operator needs to decrypt the signature character string, a splicing rule of a partner needs to be obtained, although url may be further encrypted, the operator may have contact with a large number of partners, when each operator has its splicing rule, the operator needs to simultaneously store the splicing rules of all partners, which requires a large amount of data storage space of the operator, and is also difficult to maintain subsequently, so a sequential splicing manner is selected herein, a string to be signed has been generated.
In the url template, a fixed field is provided, and the fixed field has related service information characterizing the url template, and for convenience of description, the related service information may be referred to as a service related field, for example, a field "? 001? ","? 001? "001 in" characterizes the url template's business, and in embodiments herein 001 may correspond to loan business if there is a field in the url template's first place? 002? ","? 002? "002 characterizes the url template transaction, in this embodiment, 002 may correspond to an account opening transaction, it should be noted that an account opening means characterizing an account number for withdrawal or remittance, for example, a unit a is added with a bank account number.
As an embodiment of this document, the step of performing signature operation on the to-be-signed character string according to a preset service-related private key to obtain a signature character string includes:
in the text, an asymmetric encryption algorithm is selected to adopt an international public algorithm RSA, the hash algorithm selects SHA256, a secret key with the length of 2048 bits generates a secret key (comprising a private key and a public key), when a first private key is generated, loan service 001 and the private key can be associated, then the private key is generated again, account opening service 002 and the private key are associated, all association relations are recorded in a table, and a private key table is generated. And generating a public key table by using the public key corresponding to the private key in the same way, and sending the public key table to the operator.
As an embodiment herein, the obtaining a service-related private key according to a service-related field in the url template includes:
determining a service scene corresponding to the service related field;
and traversing a private key table according to the service scene to obtain the service-related private key, wherein the private key table represents the mapping relation between the service scene and the service-related private key.
In this step, a business related field in the url template is determined, which is the text content visible to the user, e.g. loan, and a business scenario is determined from the loan, e.g. 001.
And querying a private key table by 001, acquiring a pre-generated private key after traversal, and encrypting the character string to be signed by the private key.
Specifically, the partner performs signature operation on the string to be signed "orderId 0001& channel & ABC & timestamp 1646998305" by using an agreed algorithm and a public key, such as an international public algorithm RSA, to generate signature, and calculates the signature by using a corresponding method in a Java. The signature string is referred to herein as a signature string.
As one embodiment herein, the generating a url from the transaction data string, the timestamp, and the signature string includes:
and sequentially filling the timestamp and the signature character string into the service data string in the url template in a key value pair (key value) mode, and then generating the url.
In this step, each fixed field has its corresponding key value in the url, and the service data string, the timestamp and the signature string may be sequentially filled in the assigned position in the key value according to the key value, for example, the right side position of the last equal sign in orderId 0001& channel & ABC & timestamp 1646998305.
Fig. 3 is a schematic diagram of a device for preventing url parameters of a partner from being tampered, which includes:
a timestamp generating unit 301, configured to generate a timestamp when receiving the service data string.
A character string determining unit 302, configured to determine a signature character string according to the timestamp and the service data string.
A url generating unit 303, configured to generate a url according to the service data string, the timestamp, and the signature string.
A sending unit 304, configured to send the url to an operator, so that the operator executes a service corresponding to the service data string after completing verification of the signature character string and the timestamp in the url.
The url generation method described above requires the operator to perform corresponding coordination with the url, so as to prevent the parameters in the url from being tampered with by 1.
Fig. 4 is a schematic diagram of a method for tamper-proofing url parameters applied to an operator, including:
step 401, acquiring a url sent by a partner, wherein the url includes a service data string, a timestamp and a signature character string;
step 402, decrypting the signature character string in the url to obtain a timestamp and a service data string;
step 403, judging whether the decrypted timestamp and the decrypted service data string are the same as the service data string and the timestamp in the url, and judging whether the timestamp in the url meets a time threshold;
and step 404, if the judgment result is yes, executing the service corresponding to the service data string in the url.
In this step, in the generated url, there are three types of data strings, that is, encrypted signature character string, there are two parts in the signature character string, the first part is service data string, the second part is time stamp, the second type is time stamp, the third type is service data string, in order to prevent parameter in url from being tampered, the operator firstly decrypts the signature character string to obtain decrypted service data string and decrypted time stamp, at this time, it is not determined whether time stamp and service data string outside the signature character string in url are changed, so the decrypted service data string and decrypted time stamp are compared with time stamp and service data string, when it is determined that both parameters are completely consistent, it is determined whether time stamp satisfies time threshold, if it is determined that there is inconsistent parameter in both parameters, the operator is authorized to determine that url digital identity of partner is abnormal, and refusing to execute the service corresponding to the service data string. For convenience of explanation, a method applied to operator's url parameter tamper resistance is provided herein.
It should be noted that, when decrypting the encrypted data string, the same manner as that used for encrypting the data string to be encrypted may be selected, for example, a service scenario corresponding to the service data string in the url is determined (the above content of the specific determination manner is given by way of detailed description, which is not repeated herein), the public key is obtained by traversing the public key table sent by the partner in advance according to the service scenario, and after the public key is obtained, the public key may be used for decryption, so as to obtain the timestamp and the service data string.
It should be noted that the time threshold herein may be selected from 5min, 10min, 20min, and the like, which is not limited herein, for example, if the timestamp is 600000, it is determined whether a time difference between the decryption time and the timestamp 600000 exceeds a set threshold.
Fig. 5 is a schematic diagram of a device for preventing url parameters of an operator from being tampered, including:
an obtaining unit 501, configured to obtain a url sent by a partner, where the url includes a service data string, a timestamp, and a signature string.
A decryption unit 502, configured to decrypt the signature string in the url to obtain a timestamp and a service data string.
The determining unit 503 is configured to determine whether the decrypted timestamp and the decrypted service data string are the same as the service data string and the timestamp in the url, and determine whether the timestamp in the url meets a time threshold.
An executing unit 504, configured to execute a service corresponding to the service data string in the url if the determination result is yes.
Fig. 6 shows a data flow diagram of url parameter tamper resistance, which includes:
step 601, the operator 102 sends several url templates.
Step 602, the partner 101 generates a private key table and a public key table according to the url template, and sends the public key table to the operator 601.
Step 603, the partner 101 fills service data into the url template.
Step 604, the partner 101 generates a timestamp according to the filling time, and obtains the private key from the private key table according to the url template.
Step 605, the partner 101 generates url according to the timestamp, the service data and the private key and sends the url to the operator 102.
Step 606, the operator 102 obtains the public key according to the url service, and performs url self-comparison verification after the url is decrypted.
In step 607, the operator 102 determines whether both the self-verification result and the timestamp satisfy the setting requirement, and if so, executes step 608.
Step 608, the operator 102 executes the corresponding service according to the url.
As shown in fig. 7, for a computer device provided for embodiments herein, the computer device 702 may include one or more processors 704, such as one or more Central Processing Units (CPUs), each of which may implement one or more hardware threads. The computer device 702 may also include any memory 707 for storing any kind of information, such as code, settings, data, etc. For example, and without limitation, the memory 707 can include any one or more of the following in combination: any type of RAM, any type of ROM, flash memory devices, hard disks, optical disks, etc. More generally, any memory may use any technology to store information. Further, any memory may provide volatile or non-volatile retention of information. Further, any memory may represent fixed or removable components of computer device 702. In one case, when the processor 704 executes associated instructions that are stored in any memory or combination of memories, the computer device 702 can perform any of the operations of the associated instructions. The computer device 702 also includes one or more drive mechanisms 708, such as a hard disk drive mechanism, an optical disk drive mechanism, or the like, for interacting with any memory.
Computer device 702 can also include an input/output module 710(I/O) for receiving various inputs (via input device 712) and for providing various outputs (via output device 714)). One particular output mechanism may include a presentation device 717 and an associated Graphical User Interface (GUI) 718. In other embodiments, input/output module 710(I/O), input device 712, and output device 714 may also not be included, as only one computer device in a network. Computer device 702 can also include one or more network interfaces 720 for exchanging data with other devices via one or more communication links 722. One or more communication buses 724 couple the above-described components together.
Communication link 722 may be implemented in any manner, such as over a local area network, a wide area network (e.g., the Internet), a point-to-point connection, etc., or any combination thereof. Communication link 722 may include any combination of hardwired links, wireless links, routers, gateway functions, name servers, etc., governed by any protocol or combination of protocols.
The embodiment of the invention also provides a computer readable storage medium, wherein a computer program is stored in the computer readable storage medium, and when the computer program is executed by a processor, the method for preventing the url parameter from being tampered is realized.
An embodiment of the present invention further provides a computer program product, where the computer program product includes a computer program, and when the computer program is executed by a processor, the method for preventing the url parameter from being tampered is implemented.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The above-mentioned embodiments are intended to illustrate the objects, technical solutions and advantages of the present invention in further detail, and it should be understood that the above-mentioned embodiments are only exemplary embodiments of the present invention, and are not intended to limit the scope of the present invention, and any modifications, equivalent substitutions, improvements and the like made within the spirit and principle of the present invention should be included in the scope of the present invention.

Claims (10)

1. A method for url parameter tamper resistance, applied to a partner, comprising:
generating a timestamp when receiving the service data string;
determining a signature character string according to the timestamp and the service data string;
generating a url according to the service data string, the timestamp and the signature character string;
and sending the url to an operator, so that the operator executes the service corresponding to the service data string after finishing the verification of the signature character string and the timestamp in the url.
2. The method of url parameter tamper-proofing according to claim 1, before generating the time stamp upon receiving the traffic data string, comprising:
acquiring service data, wherein the service data is input by a user according to a url template associated with a service to be requested;
and converting the service data into the service data string according to the data filling format of the url template.
3. The method of url parameter tamper-proofing according to claim 2, wherein said determining a signature string from said timestamp and said transaction data string comprises:
generating a character string to be signed according to the timestamp and the service data string;
acquiring a service-related private key according to the service-related field in the url template;
and performing signature operation on the character string to be signed according to a preset service-related private key to obtain a signature character string.
4. The method for tamper-proofing url parameters according to claim 3, wherein said obtaining the service-related private key according to the service-related field in the url template comprises:
determining a service scene corresponding to the service related field;
and traversing a private key table according to the service scene to obtain the service-related private key, wherein the private key table represents the mapping relation between the service scene and the service-related private key.
5. The method of url parameter tamper-proofing according to claim 2, wherein said generating a url from the traffic data string, the timestamp, and the signature string comprises:
and sequentially filling the timestamp and the signature character string into the service data string in the url template in a key-value pair mode to generate the url.
6. A url parameter tamper-resistant apparatus, applied to a partner, comprising:
the time stamp generating unit is used for generating a time stamp when receiving the service data string;
a character string determining unit, configured to determine a signature character string according to the timestamp and the service data string;
a url generating unit, configured to generate a url according to the service data string, the timestamp, and the signature string;
and the sending unit is used for sending the url to an operator so that the operator executes the service corresponding to the service data string after finishing verifying the signature character string and the time stamp in the url.
7. A method for tamper-proofing url parameters, applied to an operator, includes:
acquiring a url sent by a partner, wherein the url comprises a service data string, a timestamp and a signature character string;
decrypting the signature character string in the url to obtain a timestamp and a service data string;
judging whether the time stamp and the service data string obtained by decryption are the same as the service data string and the time stamp in the url, and judging whether the time stamp in the url meets a time threshold value;
and if the judgment result is yes, executing the service corresponding to the service data string in the url.
8. A device for preventing url parameter from being tampered, which is applied to an operator and comprises:
the system comprises an acquisition unit, a processing unit and a processing unit, wherein the acquisition unit is used for acquiring a url sent by a partner, and the url comprises a service data string, a timestamp and a signature character string;
the decryption unit is used for decrypting the signature character string in the url to obtain a timestamp and a service data string;
the judging unit is used for judging whether the time stamp and the service data string obtained by decryption are the same as the service data string and the time stamp in the url and judging whether the time stamp in the url meets a time threshold value;
and the execution unit is used for executing the service corresponding to the service data string in the url if the judgment results are yes.
9. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the method of any one of claims 1 to 5 or 7 when executing the computer program.
10. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the method of any one of claims 1 to 5 or 7.
CN202210486660.XA 2022-05-06 2022-05-06 Method, device, equipment and storage medium for preventing url parameter from being tampered Pending CN114866320A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210486660.XA CN114866320A (en) 2022-05-06 2022-05-06 Method, device, equipment and storage medium for preventing url parameter from being tampered

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210486660.XA CN114866320A (en) 2022-05-06 2022-05-06 Method, device, equipment and storage medium for preventing url parameter from being tampered

Publications (1)

Publication Number Publication Date
CN114866320A true CN114866320A (en) 2022-08-05

Family

ID=82636341

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210486660.XA Pending CN114866320A (en) 2022-05-06 2022-05-06 Method, device, equipment and storage medium for preventing url parameter from being tampered

Country Status (1)

Country Link
CN (1) CN114866320A (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106559219A (en) * 2015-09-29 2017-04-05 卓望数码技术(深圳)有限公司 A kind of digital signature method and system and its intelligent terminal and operation system
CN107465510A (en) * 2017-01-23 2017-12-12 北京思特奇信息技术股份有限公司 A kind of processing method and processing system of service security multiplexing
CN109525613A (en) * 2019-01-16 2019-03-26 湖南快乐阳光互动娱乐传媒有限公司 A kind of demand processing system and method
CN110032895A (en) * 2019-04-22 2019-07-19 湖南快乐阳光互动娱乐传媒有限公司 Request processing method, processing unit and requests verification method, verifying device
CN111447150A (en) * 2020-02-29 2020-07-24 中国平安财产保险股份有限公司 Access request current limiting method, server and storage medium

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106559219A (en) * 2015-09-29 2017-04-05 卓望数码技术(深圳)有限公司 A kind of digital signature method and system and its intelligent terminal and operation system
CN107465510A (en) * 2017-01-23 2017-12-12 北京思特奇信息技术股份有限公司 A kind of processing method and processing system of service security multiplexing
CN109525613A (en) * 2019-01-16 2019-03-26 湖南快乐阳光互动娱乐传媒有限公司 A kind of demand processing system and method
CN110032895A (en) * 2019-04-22 2019-07-19 湖南快乐阳光互动娱乐传媒有限公司 Request processing method, processing unit and requests verification method, verifying device
CN111447150A (en) * 2020-02-29 2020-07-24 中国平安财产保险股份有限公司 Access request current limiting method, server and storage medium

Similar Documents

Publication Publication Date Title
CN110009356B (en) A kind of business datum cochain method and its system based on block chain
CN111414650B (en) Order processing method and system based on blockchain storage certificate
CN109067528B (en) Password operation method, work key creation method, password service platform and equipment
US20120246476A1 (en) Multi-application smart card, and system and method for multi-application management of smart card
CN112507363A (en) Data supervision method, device and equipment based on block chain and storage medium
US20090077373A1 (en) System and method for providing verified information regarding a networked site
CN109995776B (en) Internet data verification method and system
KR20080098372A (en) Account linking with privacy keys
EP1403839A1 (en) Data originality validating method and system
CN107171787B (en) Data blind signing and storing method and system based on multiple Hash algorithm
CN111131416A (en) Business service providing method and device, storage medium and electronic device
GB2515057A (en) System and Method for Obtaining a Digital Signature
EP4092984A1 (en) Data processing method and apparatus, device and medium
CN115580413B (en) Zero-trust multi-party data fusion calculation method and device
CN112435026A (en) Method and device for protecting file transaction information by using zero-knowledge proof and electronic equipment
CN101212301B (en) Authentication device and method
KR101318154B1 (en) Method of providing image-based user authentication for shared documents, and computer-readable recording medium for the same
CN112347516A (en) Asset certification method and device based on block chain
CN111681141A (en) File authentication method, file authentication device and terminal equipment
CN114866320A (en) Method, device, equipment and storage medium for preventing url parameter from being tampered
CN111343170B (en) Electronic signing method and system
CN115001828A (en) Secure access method, system, electronic device and medium for transaction data
CN112491777B (en) Cross-block chain identity authentication method, computer equipment and readable storage medium
CN111415148A (en) Method and device for non-inductive payment, electronic equipment and storage medium
CN111160888A (en) Payment method based on zero knowledge proof

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination