CN100562016C - A kind of WEB service anti-stealing link method - Google Patents
A kind of WEB service anti-stealing link method Download PDFInfo
- Publication number
- CN100562016C CN100562016C CNB2006100181657A CN200610018165A CN100562016C CN 100562016 C CN100562016 C CN 100562016C CN B2006100181657 A CNB2006100181657 A CN B2006100181657A CN 200610018165 A CN200610018165 A CN 200610018165A CN 100562016 C CN100562016 C CN 100562016C
- Authority
- CN
- China
- Prior art keywords
- url
- key
- web
- web server
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Information Transfer Between Computers (AREA)
Abstract
The present invention relates to a kind of WEB service anti-stealing link method, this method relates to WEB portal website, WEB server, cipher key distribution server.In the WEB service; utilize the URL of WEB door issue to carry user profile; and utilize the AES cryptographic algorithm to protect the user profile; in case guaranteeing has field to be modified among the URL; will encrypt the back to AES and produce different fields; guarantee that simultaneously same file constantly clicked by same user in difference, the URL of generation was inequality when perhaps identical file was clicked by different user in the identical moment.Because the URL encrypted secret key is covert and can upgrades over time, thus key can not be cracked substantially, thereby guarantee the not stolen chain of the URL that presents on the WEB door, the legitimate interests of protection operator and validated user are not encroached on.
Description
Technical field
The present invention relates to the anti-stealing link method of WEB service.
Background technology
In traditional web (network) service, because hyperlink URL (uniform resource locator) pointed is constant and be directly exposed in the browser, therefore effective mechanism to subscription authentication can not be provided, the easy stolen chain of the URL that makes the ISP provide, typically steal chain and comprise following several situation:
1, other webpage is issued hyperlink without permission privately and is pointed to legal URL.
2, non-registered users is visited the URL that the registered user just can visit without permission.
3, the user visits the not URL of issue by change URL.
4, the user crosses after date at legal URL and also attempts to visit this URL.
Existing web service model is as follows: the resource that is linked to appointment by a hyperlink on the web page that the service provider generates (comprises the web page, file, URL such as audio and video information), the user is by clicking the resource that this hyperlink visits appointment.The shortcoming of doing like this is: the user can obtain the URL of specific resources easily by checking modes such as web page source code, and generates the hyperlink of pointing to this URL on other web page.This makes the user just directly to visit the resource of wanting by the web page that access services provider provides, and this authentication to the web service all has a significant impact with chargeing.
How to prevent the access request that these are illegal, guarantee that validated user and service provider's rights and interests are the problem to be solved in the present invention.
Summary of the invention
The objective of the invention is at deficiency of the prior art, a kind of WEB service anti-stealing link method is provided, provide a kind of WEB service system to prevent invalid user stealing URL mechanism in the framework of related protocol, this method has following advantage:
1, prevents that the URL that the user's modification door presents from also inserting the WEB server by amended URL;
2, stop disabled user's access request;
3, prevent the robber chain of unauthorized other website to this website resource.
Technical scheme of the present invention is: a kind of WEB service anti-stealing link method is characterized in that:
The cipher key distribution server that uses WEB portal website and WEB server and increase newly makes up jointly encrypts URL, utilize IETF RFC2396 agreement about in URL, inserting the regulation of out of Memory, in the URL that door presents, add user's IP, timestamp information during click, make in difference constantly same media file, URL when being visited by different user is inequality, guarantees that each URL can only be that a specific user is used in a period of time; Simultaneously, in URL, also add AES cryptographic check string, prevent that URL is modified above content.
This method prevents stolen chain of URL and rewriting by increasing by user profile and timestamp information and encrypting the ciphertext character string of forming through AES and guarantee to use the user's of this URL legitimacy also can guarantee that the user can't revise the URL that the WEB door provides in the URL that WEB service is issued; Compare by the additional information character string among the URL that the user is asked to insert, check URL and user's legitimacy,, guarantee that the just rights of operator and validated user is not encroached on for legal users provides WEB service.
Aforesaid WEB service anti-stealing link method, it is characterized in that: in order to prevent in the said method that the key of AES is cracked in the AES cryptographic algorithm, increase a cipher key distribution server, be used for according to certain specific mechanism, produce new key and be distributed to WEB portal website and the WEB server in the back at interval in a period of time.
A kind of WEB service anti-stealing link method is characterized in that comprising: the cipher key distribution flow process, encrypt the URL product process, and encrypt URL and check flow process;
The cipher key distribution flow process mainly may further comprise the steps:
1. the cipher key distribution startup of server generates key according to certain rule, opens the key management watcher thread according to the configuration of webmaster, waits for the connection of WEB server, and this moment, the WEB server list of cipher key distribution server was empty;
2. behind the WEB startup of server,, initiate to connect, send secret key request message, reply message, obtain key from the key of receiving to the cipher key distribution port of cipher key distribution server according to the configuration of webmaster;
3. the WEB server of cipher key distribution server timing in the WEB server list sends key and replys message;
4. after the WEB server is received and is replied message, need be with the key request timer restart, in addition, the WEB server also needs key and current key that key is replied in the message are compared, if key is identical, does not then do other processing; If key difference, WEB server are in certain time length, this certain time length is made by oneself by the WEB server, uses new and old key to be decrypted simultaneously to URL, avoids changing after the new key to the legal URL deciphering of the part of using old key failure;
Encrypt the URL product process and on the WEB door, carry out, mainly may further comprise the steps:
1. generate expressly extra information field according to user profile, comprising: the timestamp information when user's IP and click;
2. with user's IP and the timestamp information when clicking add among the original URL, generate the URL that comprises additional information;
3. generate the Hash check strings according to the URL that comprises additional information;
4. use the key of receiving from the cipher key distribution server to carry out the AES encryption to the Hash check strings;
5. the string that will encrypt the back generation is incorporated into the URL that comprises additional information, and this URL is presented on door;
Encrypt URL inspection flow process and on the WEB server, carry out, mainly may further comprise the steps:
1. from the URL that receives, obtain comprising the URL of additional information;
2. the IP among the URL that receives is compared with the IP of user's reality, if do not conform to, just explanation is illegal user, and WEB server just refusal this time inserts request;
3. with time in the timestamp field among the URL that receives and current time contrast, if differ above certain value, with regard to explanation with the current time
This URL is expired, and WEB server just refusal this time inserts request;
4. according to the key that obtains from the cipher key distribution server URL that comprises additional information is encrypted, obtain the encrypted characters string;
5. the encrypted characters string that generates is compared with the encrypted characters string among the URL that receives, if identical, just think legal URL, if different, just think that URL was modified, WEB server just refusal this time inserts request.
Beneficial effect
The present invention can effectively prevent robber's chain and the modification to URL in the WEB service, effectively protect the interests of operator and WEB service provider and validated user not encroached on.And the present invention also can be applied in other service based on WEB, as streaming media service etc.
Description of drawings
Fig. 1 is the cipher key distribution process flow diagram of the embodiment of the invention.
Fig. 2 is the key updating process flow chart of the embodiment of the invention.
Embodiment
The embodiment that URL is encrypted is as follows:
A. generate the added field among the URL: the IP address that the user uses.
B. generate the added field among the URL: the time stamp that generates when the user clicks (being accurate to second).
C. generate the added field among the URL: through the Hash string of aes algorithm encryption.
D. the added field ” ﹠amp that A-D is generated; " be connected among the URL, its form is " rtsp: //hostip (: port)/filepath/filename? ip﹠amp; Timestamp﹠amp; AES string "
The generative process of wherein encrypting string among the process D comprises:
1, the field “ ﹠amp that A and B are generated; " connect, promptly generate ip﹠amp; The character string of timestamp form.
2, the character string that generates in 1 and media file are deposited original URL passes through "? " be connected, generate " rtsp: //hostip (: port)/and filepath/filename? ip﹠amp; Timestamp " string of form.Wherein " rtsp: //hostip (: port)/and filepath/filename " be original URL.
3, the string that obtains in 2 is got its Hash check code.
4, the Hash check code that obtains in 3 is carried out AES and encrypt, obtain final encryption string.Wherein the key of AES cryptographic algorithm generates according to certain rule and certain interval, and is known by WEB door and WEB server simultaneously.
The concrete enforcement of cipher key distribution flow process is as follows among Fig. 1:
1, generates key behind the cipher key distribution startup of server.
2, the WEB door starts back connection cipher key distribution server and obtains current key.
3, connect cipher key distribution server and obtain current key behind the WEB startup of server.
The concrete enforcement of key updating flow process is as follows among Fig. 2:
1, the cipher key distribution server regularly produces new key.
1, the cipher key distribution server initiatively is handed down to the WEB door with new key.
2, the cipher key distribution server also initiatively is handed down to the WEB server with new key.
As seen, WEB service anti-stealing link method of the present invention has following feature from the foregoing description:
1, the URL time stamp difference of different doors constantly generation will cause last cryptographic Hash string difference, thereby can effectively prevent to steal chain.
2, different user has different IP, and different IP also can cause cryptographic Hash string difference.
3, the AES encryption key regularly upgrades, and effectively prevents to crack the attack of key.
4, after the WEB server is received the URL that the user asks, carry out computing, obtain new AES and encrypt string, encrypt string with original AFS and compare, whether be modified thereby know URL according to the process of aforementioned A-C.
5, the form of encryption URL meets the requirement of IETF RFC2396 agreement fully, can not have any impact to normal WEB flow process.
Method of the present invention relates to WEB portal website, WEB server, cipher key distribution server.In the WEB service; utilize the URL of WEB door issue to carry user profile; and utilize the AES cryptographic algorithm to protect the user profile; in case guaranteeing has field to be modified among the URL; will encrypt the back to AES and produce different fields; guarantee that simultaneously same file constantly clicked by same user in difference, the URL of generation was inequality when perhaps identical file was clicked by different user in the identical moment.Because the URL encrypted secret key is covert and can upgrades over time, thus key can not be cracked substantially, thereby guarantee the not stolen chain of the URL that presents on the WEB door, the legitimate interests of protection operator and validated user are not encroached on.。And the present invention also can be applied in other service based on WEB, as streaming media service etc.
Above the invention has been described in conjunction with example, should point out, those skilled in the art can make the change on various forms of and the details, and do not depart from the spirit and scope of the present invention that are indicated in the appended claims.
Claims (1)
1, a kind of WEB service anti-stealing link method is characterized in that comprising: the cipher key distribution flow process, encrypt the URL product process, and encrypt URL and check flow process;
The cipher key distribution flow process mainly may further comprise the steps:
1. the cipher key distribution startup of server generates key according to certain rule, opens the key management watcher thread according to the configuration of webmaster, waits for the connection of WEB server, and this moment, the WEB server list of cipher key distribution server was empty;
2. behind the WEB startup of server,, initiate to connect, send secret key request message, reply message, obtain key from the key of receiving to the cipher key distribution port of cipher key distribution server according to the configuration of webmaster;
3. the WEB server of cipher key distribution server timing in the WEB server list sends key and replys message;
4. after the WEB server is received and is replied message, need be with the key request timer restart, in addition, the WEB server also needs key and current key that key is replied in the message are compared, if key is identical, does not then do other processing; If key difference, WEB server are in certain time length, this certain time length is made by oneself by the WEB server, uses new and old key to be decrypted simultaneously to URL, avoids changing after the new key to the legal URL deciphering of the part of using old key failure; Encrypt the URL product process and on the WEB door, carry out, mainly may further comprise the steps:
1. generate expressly extra information field according to user profile, comprising: the timestamp information when user's IP and click;
2. with user's IP and the timestamp information when clicking add among the original URL, generate the URL that comprises additional information;
3. generate the Hash check strings according to the URL that comprises additional information;
4. use the key of receiving from the cipher key distribution server to carry out the AES encryption to the Hash check strings;
5. the string that will encrypt the back generation is incorporated into the URL that comprises additional information, and this URL is presented on door; Encrypt URL inspection flow process and on the WEB server, carry out, mainly may further comprise the steps:
1. from the URL that receives, obtain comprising the URL of additional information;
2. the IP among the URL that receives is compared with the IP of user's reality, if do not conform to, just explanation is illegal user, and WEB server just refusal this time inserts request;
3. with time in the timestamp field among the URL that receives and current time contrast, if differ above certain value, with regard to explanation with the current time
This URL is expired, and WEB server just refusal this time inserts request;
4. according to the key that obtains from the cipher key distribution server URL that comprises additional information is encrypted, obtain the encrypted characters string;
5. the encrypted characters string that generates is compared with the encrypted characters string among the URL that receives, if identical, just think legal URL, if different, just think that URL was modified, WEB server just refusal this time inserts request.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2006100181657A CN100562016C (en) | 2006-01-16 | 2006-01-16 | A kind of WEB service anti-stealing link method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2006100181657A CN100562016C (en) | 2006-01-16 | 2006-01-16 | A kind of WEB service anti-stealing link method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1801824A CN1801824A (en) | 2006-07-12 |
| CN100562016C true CN100562016C (en) | 2009-11-18 |
Family
ID=36811578
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2006100181657A Expired - Fee Related CN100562016C (en) | 2006-01-16 | 2006-01-16 | A kind of WEB service anti-stealing link method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100562016C (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101815061B (en) * | 2009-02-23 | 2015-01-07 | 传线网络科技(上海)有限公司 | Anti-stealing link system of internet content delivery network |
Families Citing this family (31)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101815060B (en) * | 2009-02-23 | 2015-01-07 | 传线网络科技(上海)有限公司 | Anti-stealing link method of internet content delivery network |
| CN101695164A (en) * | 2009-09-28 | 2010-04-14 | 华为技术有限公司 | Verification method, device and system for controlling resource access |
| CN101729857A (en) * | 2009-11-24 | 2010-06-09 | 中兴通讯股份有限公司 | Method for accessing video service and video playing system |
| CN101997878A (en) * | 2010-11-23 | 2011-03-30 | 蓝汛网络科技(北京)有限公司 | Method, device and system for verifying domain name link |
| CN102594771B (en) * | 2011-01-07 | 2015-02-25 | 北京开心人信息技术有限公司 | Method and system for filtering abnormally clicked advertisement |
| CN102025749B (en) * | 2011-01-18 | 2013-12-11 | 中国联合网络通信集团有限公司 | Anti-theft method of mobile streaming media service |
| CN102111750A (en) * | 2011-02-25 | 2011-06-29 | 中兴通讯股份有限公司 | Method and system for downloading content |
| CN102946392B (en) * | 2012-11-15 | 2016-05-11 | 亚信科技(中国)有限公司 | A kind of url data encrypted transmission method and system |
| CN104283903B (en) * | 2013-07-01 | 2019-04-12 | 深圳市腾讯计算机系统有限公司 | The method for down loading and device of file |
| CN104283845B (en) * | 2013-07-03 | 2017-10-27 | 中国电信股份有限公司 | Anti-stealing link method and system and CDN server and client |
| CN104426663A (en) * | 2013-09-07 | 2015-03-18 | 镇江金软计算机科技有限责任公司 | Method for encrypting URL (uniform resource locator) address |
| CN103701796A (en) * | 2013-12-23 | 2014-04-02 | 山东中创软件商用中间件股份有限公司 | Hotlink protection system and method on basis of HASH technology |
| CN104471918B (en) | 2014-03-24 | 2017-11-03 | 华为技术有限公司 | Document down loading method, device and system |
| CN104980771A (en) * | 2014-04-09 | 2015-10-14 | 中国电信股份有限公司 | Method and system for stream media-on-demand through internet protocol television (IPTV) |
| CN104009989B (en) * | 2014-05-22 | 2018-02-16 | Tcl集团股份有限公司 | A kind of anti-stealing link method of media file, system and server |
| CN105282090B (en) * | 2014-06-03 | 2018-11-27 | 江南大学 | A kind of open URL scrambled method of anti-unauthorized access on internet |
| CN104144161B (en) * | 2014-07-08 | 2017-03-22 | 北京彩云动力教育科技有限公司 | Interacting method and system for client side and WEB server side |
| CN104378363B (en) * | 2014-10-30 | 2017-09-15 | 中国科学院信息工程研究所 | A kind of dynamic application address conversion method and its gateway system |
| CN104301332B (en) * | 2014-10-31 | 2017-10-27 | 成都卫士通信息产业股份有限公司 | A kind of key distribution system based on wireless cascade |
| CN104378379B (en) * | 2014-11-26 | 2018-10-16 | 北京奇艺世纪科技有限公司 | A kind of digital content encrypted transmission method, equipment and system |
| CN104580210B (en) * | 2015-01-04 | 2018-09-11 | 杭州华为数字技术有限公司 | Anti-stealing link method, antitheft chain component under cloud platform environment and cloud platform |
| CN105307052B (en) * | 2015-10-27 | 2018-09-25 | 无锡天脉聚源传媒科技有限公司 | A kind of video request processing method and processing device |
| CN105392051B (en) * | 2015-10-27 | 2019-03-19 | 无锡天脉聚源传媒科技有限公司 | A kind of video request processing method and processing device |
| CN105871827A (en) * | 2016-03-28 | 2016-08-17 | 乐视控股(北京)有限公司 | Anti-leech method and system |
| CN107294921A (en) * | 2016-03-31 | 2017-10-24 | 阿里巴巴集团控股有限公司 | The processing method and processing device that a kind of web terminal is accessed |
| CN106130979A (en) * | 2016-06-27 | 2016-11-16 | 武汉斗鱼网络科技有限公司 | Server system of defense based on mobile terminal APP and server defence method |
| CN108512815B (en) * | 2017-02-28 | 2021-12-10 | 腾讯科技(北京)有限公司 | Anti-theft chain detection method, anti-theft chain detection device and server |
| CN106973310A (en) * | 2017-04-13 | 2017-07-21 | 中国联合网络通信集团有限公司 | The player method of Streaming Media, EPG server and CDN server in a kind of IPTV system |
| CN107846405B (en) * | 2017-10-31 | 2020-11-10 | 北京百悟科技有限公司 | Control system for internal and external network file mutual access and implementation method |
| CN110213054B (en) * | 2018-02-28 | 2020-06-23 | 贵州白山云科技股份有限公司 | Anti-stealing-link method and server |
| CN114884730B (en) * | 2022-05-07 | 2023-12-29 | 深信服科技股份有限公司 | Request detection method, device, equipment and readable storage medium |
-
2006
- 2006-01-16 CN CNB2006100181657A patent/CN100562016C/en not_active Expired - Fee Related
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101815061B (en) * | 2009-02-23 | 2015-01-07 | 传线网络科技(上海)有限公司 | Anti-stealing link system of internet content delivery network |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1801824A (en) | 2006-07-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100562016C (en) | A kind of WEB service anti-stealing link method | |
| TWI620087B (en) | Authorization server, authorization method and computer program product thereof | |
| US9607132B2 (en) | Token-based validation method for segmented content delivery | |
| US8464049B2 (en) | Method and system of accessing copy-prevented encrypted data resources over a network | |
| CN1992594B (en) | URL extension method for streaming media system | |
| US7685416B2 (en) | Enabling content security in a distributed system | |
| EP2798809B1 (en) | Dynamic pseudonymization method for user data profiling networks and user data profiling network implementing the method | |
| CN101065768B (en) | Digital rights management in a distributed network | |
| CN110995418B (en) | Cloud storage authentication method and system, edge computing server and user router | |
| US20080270578A1 (en) | Method, Device And Data Download System For Controlling Effectiveness Of A Download Transaction | |
| CN105027130A (en) | Delayed data access | |
| TW201215070A (en) | Key Management Systems and methods for shared secret ciphers | |
| WO2002077747A2 (en) | Distributed, scalable cryptographic access control | |
| US20220417241A1 (en) | Methods, Systems, and Devices for Server Control of Client Authorization Proof of Possession | |
| US9258115B2 (en) | Securing information exchanged via a network | |
| US10015143B1 (en) | Methods for securing one or more license entitlement grants and devices thereof | |
| KR100648830B1 (en) | System and method for updating software in real time | |
| KR20070120413A (en) | Method for processing contents and contents trust status management system for drm interoperability system | |
| KR100811050B1 (en) | An efficient key distribution method for digital contents distribution | |
| WO2023144499A1 (en) | Methods, systems, and devices for server control of client authorization proof of possession | |
| WO2023144500A1 (en) | Methods, systems, and devices for server control of client authorization proof of possession | |
| CN117093959A (en) | Software product authorization method, system, equipment and medium | |
| CN118245984A (en) | CAD software use authority verification method, device, equipment and storage medium | |
| CN116248372A (en) | Cache tampering preventing method based on Web content encryption | |
| CN110610362A (en) | Hash algorithm payment encryption method and system based on block chain |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20091118 Termination date: 20150116 |
|
| EXPY | Termination of patent right or utility model |