CN102684884B - A kind of Portal Web server and the method preventing from forging the request of rolling off the production line thereof - Google Patents
A kind of Portal Web server and the method preventing from forging the request of rolling off the production line thereof Download PDFInfo
- Publication number
- CN102684884B CN102684884B CN201210165280.2A CN201210165280A CN102684884B CN 102684884 B CN102684884 B CN 102684884B CN 201210165280 A CN201210165280 A CN 201210165280A CN 102684884 B CN102684884 B CN 102684884B
- Authority
- CN
- China
- Prior art keywords
- user
- string
- encryption
- encryption string
- address
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
Described Portal Web server preserves a fixed key, a random key is generated for each user by certification, and carry out, according to described random key and fixed key, the encryption string that twice encryption generation is final, and described encryption string carried in response message, be sent to user, if the request of user is rolled off the production line carries encryption string information, then push away deciphering to described encryption string is counter, parse the source IP address of its correspondence, it is compared with the source IP address of user in message, if it is consistent, then allow user offline, if it is inconsistent, then it is considered the request message forged, not response.The technical scheme that the application provides has liberated the internal memory of Portal server greatly, improves its performance and work efficiency.
Description
Technical field
The present invention relates to gate verification, particularly relate to Portal certification and prevent from forging the technology of the request of rolling off the production line.
Background technology
Portal certification is also commonly referred to as web authentication, typically Portal authentication website is referred to as portal website.During unauthenticated user online, equipment forces user to sign in particular station, and user can be with free access service therein.When user needs to access the out of Memory in the Internet, it is necessary to be authenticated in portal website, only certification just can access Internet resources by rear.
User can actively access known Portal authentication website, and input username and password is authenticated, and the mode of this beginning Portal certification is referred to as active certification.Whereas if user attempts to access other outer nets by HTTP, will be forced to access Portal authentication website, thus start Portal verification process, this mode is referred to as forcible authentication.
In forcible authentication, user can use client and browser two ways to initiate certification.When user uses browser to initiate Portal certification, access request through BAS equipment user is redirected on the PortalWeb certification homepage of Portal system, user in certification homepage input authentication information submit to after, via PortalWeb and PortalServer server, the authentication information of user is passed to BAS equipment, then communicate is authenticated and charging BAS with aaa server (also referred to as Radius server) again, if certification is passed through, BAS can open the path of user and the Internet, and user can access the Internet.
Portal Web server side is in order to safeguard the information of online user, after user is asked by certification, generates the one-to-one relationship of IP address and encryption string, the user reached the standard grade response to request, preserves a in the server simultaneously.If there being user to ask to roll off the production line, the IP address of self need to carried in the message that request is rolled off the production line and corresponding encryption string.After portal Web server receives request message, according to IP address and the corresponding encryption string of the user parsed in request message, the IP address deposited with self compares with encryption string, if unanimously, agrees to its request of rolling off the production line;Otherwise, not roll off the production line.
In actual application, often there is memory headroom and the problem of performance deficiency in portal Web server, especially in there is a large number of users amount certification environment, portal Web server needs abundant memory headroom to deposit the corresponding relation of substantial amounts of IP address and encryption string, and user reaches the standard grade to roll off the production line and also makes the memory headroom of portal Web server face internal memory release and the test of the problem such as refreshing.
Summary of the invention
In view of this, the application provides a kind of portal Web server, and for the access client in network is carried out door access authentication, described server includes authentication module, encrypting module and comparison module, wherein,
Authentication module, described authentication module is for receiving the certification logging request of user, and after user is by certification, notice encrypting module calculates corresponding encryption string according to source IP address and the default encryption rule of user.
Described encrypting module is used for storing fixed key, and produce random key for each certification user, after source IP address according to user combines random key generation original encryption string, according to default ruled synthesis character string, generate final encryption string further according to fixed key, and described encryption string is carried in response message, be sent to certification user;
Described comparison module is for after receiving the request message that rolls off the production line that user sends, the encryption string carried in the described request message that rolls off the production line is decoded by the fixed key and the anti-ciphering process that pushes away that preserve according to encrypting module, parse this source IP address corresponding to encryption string, and the IP address carried in request message with user compares, if consistent, then allow user offline, if inconsistent, then it is considered counterfeit message, not response.
Described comparison module one step is used for, if not carrying described encryption string information in described request message, the most directly thinks that it is to forge request message, not response.
Based on same thought, the application also provides for a kind of method preventing and forging the request of rolling off the production line, and in Portal certification, described method includes:
Step A:PortalWeb server preserves fixed key, generates a random key for each user by certification, and is encrypted the IP address of described user according to described random key, obtains an original encryption string;For described original encryption string, according to default ruled synthesis character string, then it is encrypted for described composite characters string by described fixed key, generates final encryption string, and described encryption string is carried in response message, be sent to user;
Step B:PortalWeb server receives the request of rolling off the production line from user, check and whether the message of user carries encryption string information, if there being encryption string information, then push away deciphering to described encryption string is counter, parse the source IP address of its correspondence, it is compared with the source IP address of user in message, if consistent, then allow user offline, if inconsistent, then it is considered the request message forged, not response.
Step C:PortalWeb server receives the http logging request from user browser, and through checking, after user is allowed to access, IP address and default encryption rule according to user are encrypted string and calculate.
Wherein, the rule preset of described composite characters string is: encryption string+random key+key length.
According to the fixed key that portal Web server self preserves, encryption string is decrypted, the composite characters string obtained;
The length that two, end according to described composite characters string represents, intercepts the character of random key part from back to front from described composite characters string, and the described remaining character portion of composite characters string is then original encryption string;
With described random key, described original encryption string is decrypted, obtains the IP address of described user.
The application passes through such scheme so that portal Web server is except a fixed key, it is not necessary to the information that the IP address of cache user is gone here and there with corresponding encryption.Also avoid the concurrent problem such as its potential low memory and release refreshing, be greatly improved performance and the efficiency of portal Web server.
Accompanying drawing explanation
Fig. 1 is a kind of portal Web server comprising modules schematic diagram that the application provides.
Fig. 2 is the method flow diagram of a kind of embodiment that the application provides.
Fig. 3 is the application scenarios figure of a kind of embodiment that the application provides.
Detailed description of the invention
In a kind of embodiment of the application, provide a kind of portal Web server, as shown in Figure 1, described portal Web server includes authentication module, encrypting module and comparison module, wherein, described authentication module is for receiving the certification logging request of user, and after user is by certification, notice encrypting module calculates encryption string according to the source IP address of user;Described encrypting module is used for storing fixed key, and produce random key for each certification user, after source IP address according to certification user combines random key generation original encryption string, according to default encryption rule composite characters string, further according to fixed key described composite characters serially added the encryption string that close generation is final, and described encryption string is carried in the cookie of response message, be sent to certification user;Described comparison module is for after receiving the request message that rolls off the production line that user sends, if described request message does not carries described encryption string information, the most directly think that it is to forge request message, not response, if carrying described encryption string information, the fixed key and the anti-ciphering process that pushes away of default encryption rule that then preserve according to encrypting module are decoded, parse this source IP address corresponding to encryption string, and the IP address carried in request message with user compares, if it is consistent, then allow user offline, if it is inconsistent, then it is considered counterfeit message, not response.
In a kind of embodiment that the application provides, the workflow of the modules of portal Web server is as in figure 2 it is shown, specifically include:
Step 11, portal Web server receives the http logging request from user browser, first passes through authentication module checking, and if the verification passes, then user is allowed to access, and records the IP address of certification user simultaneously.
Step 12, preserves fixed key, generates a random key for each user by certification in the encrypting module of portal Web server, and combines the source IP address of described user according to described random key and be encrypted, and obtains an original encryption string;For described original encryption string, further according to default encryption rule composite characters string, such as: synthesize a character string by the mode of " encryption string+random key+key length ", it is encrypted for described composite characters string by a fixed key again, generate final encryption string, and described encryption string is carried in there is response message that every kind of browser is all supported, proceeding internal memory rank Cookie characteristic, be sent to user.Here the composition rule of character string can define according to user and arrange, as long as the random key of user can be carried and can recognize that corresponding data when decoding, this is for those skilled in the art, multiple rule is had to arrange flexibly in actual use, this is no longer repeated by the application one by one, and composition rule is not intended that the restriction of the application provided herein.
Step 13, portal Web server receives the http request of rolling off the production line from user, is checked by comparison module and whether carries encryption string information in the message of user, if it is not, be considered the message forged, not response;If there being encryption string information, then push away deciphering to described encryption string is counter, parse the source IP address of its correspondence, it is compared with the source IP address of user in message, if unanimously, then allows user offline, if it is inconsistent, be considered the request message forged, not response.
Wherein, deciphering for described encryption string is resolved by the anti-ciphering process that pushes away, encryption string is decrypted by the fixed key first preserved according to portal Web server self, available composite characters string, and during above-mentioned generation encryption string, the length of composite characters string synthesizes with set form according to preset rules, so synthesis character string can be resolved according to default rule, confidential information is added: random key and the original encryption string after random key is encrypted before being synthesized, further according to random key, original encryption string is decrypted, then can obtain initial data: the source IP address of user.As a example by " encryption string+random key+key length " synthesis mode of above-mentioned ciphering process, last two of described composite characters string, identify is the length of random key, the when of deciphering, according to above-mentioned composition rule, can be from the length that two, the end of described composite characters string represents, the character of random key part is intercepted from back to front from described composite characters string, that described remaining character portion of composite characters string is then original encryption string, with described random key, described original encryption string is decrypted, thus obtain the data of original encryption: the source IP address of user.
In the application scenarios as shown in Figure 3 that the present invention provides, specifically include following steps:
Step 21, portal Web server have received the logging request that user terminal browser sends, Portalweb server is after user is by certification, calculate the code value that this user is corresponding, and in response message, the cookie information of described code is carried in interpolation, such as: Set-Cookie:code=ERTWERTDGDFG==;Wherein, the value of code is based on the request message source IP address encryption string sent by certification user received.
Wherein, the generating mode of code value:
One random key (such as ABCD) of portal Web server stochastic generation, to the IP(of the user that reaches the standard grade such as: 1.2.3.4) be encrypted, first an original encryption string (such as: asdfsfsfs) is obtained, then, composition rule one character string (such as: ABCDasdfsfsfs04) of synthesis according to default " encryption string+random key+key length ", re-use fixed key in portal Web server synthesis character string is encrypted, obtain final code encryption string (such as: ERTWERTDGDFG==).
Step 22, user terminal receives the response message of Portalweb server, specification according to http protocol, user browser can obtain the code information of cookie in response message and be saved in browser process internal memory, if it means that this process initiates any request to Portalweb again all can carry this information.Such as: code=ERTWERTDGDFG==;
Step 23, Portalweb server receives the http request of rolling off the production line of user, if not having code information, it is believed that is the request of rolling off the production line forged, directly refuses;If there is code information, being then decoded, decoded content is consistent with message source address, then carry out operation of rolling off the production line, otherwise it is assumed that be the http request of rolling off the production line forged, refuses.
The application passes through such scheme, the confidential information that adds making the certification user ultimately generated is disperseed to store in a distributed manner in the browser internal memory of each user terminal, and at portal Web server end except a fixed key, it is not necessary to the information that the IP address of cache user is gone here and there with corresponding encryption.Also avoid the concurrent problem such as its potential low memory and release refreshing, be greatly improved performance and the efficiency of portal Web server.
The above is only the present invention preferably implementation, and any amendment based on the spiritual equivalent made of the present invention all should be covered by scope of the presently claimed invention.
Claims (9)
1. a portal Web server, for carrying out door access authentication to the client in network, it is characterised in that described server includes encrypting module and comparison module, wherein,
Described encrypting module is used for storing fixed key, and produces the encryption string corresponding with this certification user's source IP address for each certification user, and is carried by described encryption string and be sent to certification user in response message;
Described comparison module is for after receiving the request message that rolls off the production line that user sends, the encryption string carried in the described request message that rolls off the production line is decoded by the fixed key and the anti-ciphering process that pushes away that preserve according to encrypting module, parse this source IP address corresponding to encryption string, and the IP address carried in request message with user compares, if consistent, then allow user offline, if inconsistent, then it is considered counterfeit message, not response;
Wherein, described carrying is sent to the encryption string of certification user particular by following manner realization in response message, described encrypting module produces random key according to its fixed key stored, after each user authentication passes through, after source IP address according to user combines random key generation original encryption string, according to default ruled synthesis character string, generate final encryption string further according to the encryption of described fixed key.
Server the most according to claim 1, it is characterized in that, described server farther includes authentication module, described authentication module is for receiving the certification logging request of user, after user is by certification, notice encrypting module calculates corresponding encryption string according to source IP address and the default encryption rule of user.
Server the most according to claim 1, it is characterised in that described comparison module one step is used for, if not carrying described encryption string information in described request message, the most directly thinks that it is to forge request message, not response.
4. the method preventing from forging the request of rolling off the production line, in Portal certification, it is characterised in that described method includes:
Step A:PortalWeb server preserves fixed key, and produces the encryption string corresponding with this certification user's source IP address for each certification user, and is carried by described encryption string and be sent to certification user in response message;
Step B:PortalWeb server receives the request of rolling off the production line from user, check and whether the message of user carries encryption string information, if there being encryption string information, then push away deciphering to described encryption string is counter, parse the source IP address of its correspondence, it is compared with the source IP address of user in message, if consistent, then allow user offline, if inconsistent, then it is considered the request message forged, not response;
Wherein, described step A is sent to the encryption string of certification user particular by following manner realization, described portal Web server produces random key according to its fixed key stored, after each user authentication passes through, after source IP address according to user combines random key generation original encryption string, according to default ruled synthesis character string, generate final encryption string further according to the encryption of described fixed key.
Method the most according to claim 4, it is characterised in that described step A is sent to the encryption string of certification user and specifically carries in the cookie of described response message.
Method the most according to claim 4, it is characterised in that the rule preset of described composite characters string is: encryption string+random key+key length.
Method the most according to claim 4, it is characterised in that in described step B to user offline request message carries encryption go here and there the anti-decrypting process pushed away particularly as follows:
According to the fixed key that portal Web server self preserves, encryption string is decrypted, the composite characters string obtained;
The length that two, end according to described composite characters string represents, intercepts the character of random key part from back to front from described composite characters string, and the described remaining character portion of composite characters string is then original encryption string;
With described random key, described original encryption string is decrypted, obtains the source IP address of described user.
Method the most according to claim 4, it is characterised in that in described step B,
When portal Web server receives the request of rolling off the production line from user, check and whether the message of user carries encryption string information, without encryption string information, then it is assumed that be the request message forged, not response.
Method the most according to claim 4, it is characterised in that described method takes a step forward in step A and includes:
Step C:PortalWeb server receives the http logging request from user browser, and through checking, after user is allowed to access, source IP address and default encryption rule according to user are encrypted string and calculate.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210165280.2A CN102684884B (en) | 2012-05-24 | 2012-05-24 | A kind of Portal Web server and the method preventing from forging the request of rolling off the production line thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210165280.2A CN102684884B (en) | 2012-05-24 | 2012-05-24 | A kind of Portal Web server and the method preventing from forging the request of rolling off the production line thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102684884A CN102684884A (en) | 2012-09-19 |
| CN102684884B true CN102684884B (en) | 2016-08-03 |
Family
ID=46816287
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210165280.2A Active CN102684884B (en) | 2012-05-24 | 2012-05-24 | A kind of Portal Web server and the method preventing from forging the request of rolling off the production line thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102684884B (en) |
Families Citing this family (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103001770B (en) * | 2012-10-24 | 2016-06-01 | 北京奇虎科技有限公司 | A kind of user rs authentication method, server and system |
| CN102882897A (en) * | 2012-10-31 | 2013-01-16 | 杭州迪普科技有限公司 | Cookie protecting method and device |
| CN104683490B (en) * | 2013-11-27 | 2018-05-04 | 华为技术有限公司 | The recovery method and device of Internet protocol address |
| CN106549925A (en) * | 2015-09-23 | 2017-03-29 | 阿里巴巴集团控股有限公司 | Prevent method, the apparatus and system of cross-site request forgery |
| CN107592316B (en) * | 2017-09-20 | 2018-08-31 | 山东渔翁信息技术股份有限公司 | A kind of ciphering and deciphering device and method |
| CN109617895A (en) * | 2018-12-27 | 2019-04-12 | 东莞见达信息技术有限公司 | Access safety control method and system |
| CN111698080B (en) * | 2019-03-14 | 2024-03-15 | 西安诺瓦星云科技股份有限公司 | Program file export and import method and device and multimedia playing box |
| CN111818038B (en) * | 2020-07-01 | 2023-01-31 | 拉扎斯网络科技(上海)有限公司 | Network data acquisition and identification method and device |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1588853A (en) * | 2004-07-13 | 2005-03-02 | 中国工商银行 | Uniform identication method and system based on network |
| CN101163000A (en) * | 2006-10-13 | 2008-04-16 | 中兴通讯股份有限公司 | Secondary authentication method and system |
| CN101360021A (en) * | 2008-10-14 | 2009-02-04 | 中国电信股份有限公司 | Monitoring method and system for wireless wideband user status |
| CN101959186A (en) * | 2009-07-20 | 2011-01-26 | 中国移动通信集团山东有限公司 | Log-off processing method, system and device for WLAN (Wireless Local Area Network) user |
| CN102065067A (en) * | 2009-11-11 | 2011-05-18 | 杭州华三通信技术有限公司 | Method and device for preventing replay attack between portal server and client |
-
2012
- 2012-05-24 CN CN201210165280.2A patent/CN102684884B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1588853A (en) * | 2004-07-13 | 2005-03-02 | 中国工商银行 | Uniform identication method and system based on network |
| CN101163000A (en) * | 2006-10-13 | 2008-04-16 | 中兴通讯股份有限公司 | Secondary authentication method and system |
| CN101360021A (en) * | 2008-10-14 | 2009-02-04 | 中国电信股份有限公司 | Monitoring method and system for wireless wideband user status |
| CN101959186A (en) * | 2009-07-20 | 2011-01-26 | 中国移动通信集团山东有限公司 | Log-off processing method, system and device for WLAN (Wireless Local Area Network) user |
| CN102065067A (en) * | 2009-11-11 | 2011-05-18 | 杭州华三通信技术有限公司 | Method and device for preventing replay attack between portal server and client |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102684884A (en) | 2012-09-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102684884B (en) | A kind of Portal Web server and the method preventing from forging the request of rolling off the production line thereof | |
| CN110493261B (en) | Verification code obtaining method based on block chain, client, server and storage medium | |
| CN109922077B (en) | Identity authentication method and system based on block chain | |
| CN103944900B (en) | It is a kind of that attack prevention method and its device are asked across station based on encryption | |
| EP2304636B1 (en) | Mobile device assisted secure computer network communications | |
| CN107493162A (en) | The implementation method and device of block chain node | |
| CN102142961B (en) | Method, device and system for authenticating gateway, node and server | |
| CN101401465B (en) | Method and system for recursive authentication in a mobile network | |
| CN101640682B (en) | Method for improving safety of Web service | |
| CN104009989B (en) | A kind of anti-stealing link method of media file, system and server | |
| CN107948736A (en) | A kind of audio and video preservation of evidence method and system | |
| CN113067699B (en) | Data sharing method and device based on quantum key and computer equipment | |
| CN105141602A (en) | File ownership proof method based on convergence encryption | |
| CN104618334A (en) | Method and system for generating and verifying dynamic two-dimensional code | |
| CN110224976B (en) | Encrypted communication method, device and computer readable storage medium | |
| CN105812366A (en) | Server, anti-crawler system and anti-crawler verification method | |
| CN104580248A (en) | Secured logon method for variable secret key encryption under HTTP | |
| CN105025019A (en) | Data safety sharing method | |
| CN106934628A (en) | The generation verification method and system of a kind of passive anti-fake two-dimension code | |
| CN107918731A (en) | Method and apparatus for controlling the authority to access to open interface | |
| CN106470103B (en) | Method and system for sending encrypted URL request by client | |
| CN102821098A (en) | System and method for self-dissolving instant messaging under cloud environment | |
| CN106899610A (en) | A kind of checking code verification method without storage | |
| CN106549909A (en) | A kind of authority checking method and apparatus | |
| CN107172027A (en) | Certificate management method, storage device, storage medium and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address | ||
| CP03 | Change of name, title or address |
Address after: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Patentee after: Xinhua three Technology Co., Ltd. Address before: 310053 Hangzhou science and Technology Development Zone, Zhejiang high tech park, No. six and road, No. 310 Patentee before: Huasan Communication Technology Co., Ltd. |