Embodiment
Exemplary embodiment of the present disclosure is described below with reference to accompanying drawings in more detail.Although shown exemplary embodiment of the present disclosure in the accompanying drawing, yet should be appreciated that and to realize the disclosure and the embodiment that should do not set forth limits here with various forms.On the contrary, it is in order to understand the disclosure more thoroughly that these embodiment are provided, and can with the scope of the present disclosure complete convey to those skilled in the art.
Referring to Fig. 1, show the structured flowchart of the system of the relevant information that presents according to an embodiment of the invention access websites.
System comprises one or more Network Termination #1 00, first server 200 and second server 300.Each Network Termination #1 00 comprises: browser 110 and security detection equipment 120.
Whether the network address that security detection equipment 120 is suitable for detecting from browser 110 is the malice network address, and testing result is fed back to browser 110.
Browser 110 comprises that Subscriber Interface Module SIM 112, website detection module 114, authentication information present module 116 and prompting display module 118.Authentication information presents module 116 and specifically comprises: auth type acquiring unit 1162, auth type display unit 1164 and business card acquiring unit 1166.
Subscriber Interface Module SIM 112 is suitable for receiving the network address of institute's access websites, and sends the network address that receives to website detection module 114.
Website detection module 114 couples with the security detection equipment 120 of browser 110 place terminals, is suitable for asking security detection equipment 120 to detect the network address that receives from Subscriber Interface Module SIM 112; And receive the testing result that security detection equipment 120 returns, and send testing result to authentication information and present module 116 and prompting display module 118.
Use thus security detection equipment 120 to detect, for example, security detection equipment 120 can be the net shield module in the terminal, and this security detection equipment 120 is arranged in Network Termination #1 00, and independent mutually with browser 110.Security detection equipment 120 can upgrade virus base relatively independently, and can finish the safety detection from the network address of website detection module 114 relatively independently.Like this before judging the various authentication informations of website, whether just can the precheck network address corresponding web page contents safety, thereby strengthened Security of the system.In addition, the security detection equipment 120 that resides on the Network Termination #1 00 can be provided by special fail-safe software provider, and virus base in the security detection equipment 120 that can more upgrade in time has improved the accuracy of the safety detection of access websites thus.
Prompting display module 118 is couple to website detection module 114, when the network address of testing result indication access is the malice network address, shows that the website of accessing is the information of malicious websites.
Information with malicious websites highlights thus, improves user's attention value, and having avoided the user is that the information of malicious websites only shows at the regional area of browser 110 because of access websites, and information is ignored, and the login malicious websites leads to errors.
Authentication information presents module 116 and is couple to website detection module 114, when the testing result of website detection module 114 indicates the network address of access to be non-malice network address, obtain the site certificate information of access websites from first server 200, and present the site certificate information of obtaining.
Thus, avoided because when the access network address is the malice network address, to the failure of first server 200 acquisition request site certificate information, and the network resources waste that causes, when the network address of testing result indication access is non-malice network address, just obtain site certificate information, effectively conserve network resources.
For example, site certificate information comprises auth type, and wherein auth type comprises one of following type at least: security website authenticates and ICP(Web content service provider, Internet Content Provider) the recorded website authentication.
Present in the module 116 at authentication information, auth type acquiring unit 1162 is suitable for sending to first server 200 information of the rhizosphere name in the network address of relevant institute access websites.After first server 200 receives the information of the rhizosphere name in the network address of relevant institute access websites, according to the information searching auth type of this rhizosphere name, and the return authentication type.Subsequently, show the auth type that inquires by auth type display unit 1164.
Thus, by the auth type that obtains, determine the concise and to the point security information of access websites, be convenient to the safe degree of belief that the user determines the website.
In addition, authentication information presents module 116 and also comprises business card acquiring unit 1166, is suitable for obtaining from second server 300 the website business card of website, and shows the website business card that obtains.
The website business card is used for presenting the website identity information, and comprises at least one of following message: the title of web site name, station address, the Type of website, website sponsor, the type of website sponsor, the card number put on record, credit number and the sign by security audit.
For example, business card acquiring unit 1166 sends website business card solicited message to second server 300.Website business card solicited message includes the information of the rhizosphere name in the network address of pass and the auth type of website.The information of the rhizosphere name in the relevant network address comprises the cryptographic Hash of rhizosphere name.Second server 300 obtains the rhizosphere name according to cryptographic Hash, according to rhizosphere name query-relevant data storehouse, obtains the website business card of access websites.
Behind the auth type that obtains the website, if need to obtain the further detailed authentication information of website, then obtain the website business card by business card acquiring unit 1166 from second server 300.With all directly obtain the website business card from second server 300 at every turn and show and compare, in most cases, only auth type just can satisfy user's needs, no longer need further to obtain the website business card, in the present embodiment when the user need to be known the detailed security information in website, just request obtains the website business card, has saved Internet resources.
It is a kind of optional implementation that above-mentioned authentication information presents the structure that module 116 comprises auth type acquiring unit 1162, auth type display unit 1164 and business card acquiring unit 1166, the invention is not restricted to this.Especially, business card acquiring unit 1166 is selectable unit.When needs provide the website business card, be chosen in authentication information and present and except auth type acquiring unit 1162 and auth type display unit 1164, add business card acquiring unit 1166 in the module 116.When not needing to provide the website business card, authentication information presents module 116 and can only comprise: auth type acquiring unit 1162 and auth type display unit 1164.
Said system comprises that the structure of Network Termination #1 00, first server 200 and second server 300 is a kind of optional implementation, the invention is not restricted to this.Especially, second server 300 is option means.When needs provide the website business card, be chosen in and except Network Termination #1 00 and first server 200, add second server 300 in the system.When not needing to provide the website business card, can only comprise Network Termination #1 00 and first server 200 in the system.
Referring to Fig. 2, show the structured flowchart of the system of the relevant information that presents access websites under the concrete according to an embodiment of the invention application scenarios.In this embodiment, first server is cloud server, and second server is website business card server, and the network terminal comprises security detection equipment and browser.Under the concrete application scenarios of present embodiment, security detection equipment is net shield client.Website business card server is connected with ICP recorded website database with the security website database, the website business card of storage security website in security website's database, the website business card of storage ICP recorded website in the ICP recorded website database.
Browser is browser shown in Figure 1.Wherein Subscriber Interface Module SIM 112 is the address field of browser in the present embodiment, receives the network address of the access websites of user's input, and for example URL sends network address to website detection module 114.
Website detection module 114 is suitable for that network address is passed to security detection equipment 120 and carries out safety detection, when testing result indication access network address is the malice network address, indication prompting display module 118 carries out information and shows, when testing result indication access network address is non-malice network address, obtain the rhizosphere name of access network address, send the rhizosphere name to authentication information and present module 116, the indication authentication information presents module 116 and carries out the authentication information demonstration.
Security detection equipment 120 is net shield client, receives the network address that website detection module 114 sends, and according to network address the web page contents of the website of access is carried out the detection that virus is searched, and testing result is returned to website detection module 114.
Prompting display module 118 is couple to website detection module 114, when testing result indication access network address is the malice network address, shows that the website of accessing is the information of malicious websites.For example, as shown in Figure 3, eject alarming page, the suggestion user does not continue access websites, for eye-catching this page can be redness.
Auth type acquiring unit 1162 is couple to website detection module 114, when testing result indication access network address is non-malice network address, the rhizosphere name that receives is carried out the MD5 computing, and the request that will comprise the MD5 value of rhizosphere name sends to cloud server 200 and carries out the auth type inquiry; Receive the Query Result of cloud server 200, send Query Result to auth type display unit 1164 and carry out the auth type displaying.Auth type comprises: security website authenticates with the ICP recorded website and authenticates.
Auth type display unit 1164 is suitable for carrying out auth type according to the Query Result that receives to be showed.
Cloud server 200 is suitable for inquiring about according to the MD5 value of the rhizosphere name of access websites, obtains the auth type of access websites, and the auth type that obtains is returned to auth type acquiring unit 1162.
For example, when cloud server 200 returned the auth type information of ICP recorded website, its result was as follows:
{ icp.info:{d: website rhizosphere name } { t:icp put on record in the Type of website } { v: version number } { p: matched rule } }.
Wherein, icp.info represents that the information of returning is ICP recorded website authentication information.
When cloud server 200 returned the auth type information of security website, its result was as follows:
{ kx.info:{d: website rhizosphere name } { n: web site name } { t: the Type of website during security website authenticates } { pr: website scoring } { v: version number } { p: matched rule } }
Wherein, kx.info represents that the information of returning is security website's authentication information.
If parse security website's authentication information in Query Result, then auth type display unit 1164 shows that before the address field of browser security website authenticates sign 410.For example, before address field, show the Type of website and add " V " expression security website to authenticate, as shown in Figure 4 " V of enterprise ", this is designated security website and authenticates sign 410.For the ease of distinguishing, can be shown in green with identifying, wherein " enterprise " is the Type of website, i.e. the value of information in field { t: the Type of website during the security website authenticates } field.
If parse ICP recorded website authentication information in Query Result, then auth type display unit 1164 shows ICP recorded website authentication sign 510 before the address field of browser.For example, before address field, show the Type of website, wherein do not add " V ", the authentication of expression ICP recorded website, as shown in Figure 5 " government ", this is designated ICP recorded website authentication sign 510, and wherein " government " is the Type of website, i.e. the value of information in { t:icp put on record in the Type of website } field.For the ease of distinguishing, this sign can be shown as blueness.
If in Query Result, do not parse ICP recorded website authentication information, do not parse security website's authentication information yet, then auth type display unit 1164 shows the information that does not get access to open ICP information, as shown in Figure 6.
Alternatively, when not getting access to the auth type of access websites from cloud server, auth type display unit 1164 sends to website business card server 300 with the network address of this access websites, so that website business card server 300 is added up.
Business card acquiring unit 1166 is suitable for receiving the indication of the website business card that presents institute's access websites, sends website business card solicited message to website business card server 300, obtains the website business card that website business card server 300 returns, and shows this website business card.Website business card solicited message includes the rhizosphere name MD5 value of closing in the network address and the auth type of website.The website business card is used for presenting the website identity information, and comprises at least one of following message: the title of web site name, station address, the Type of website, website sponsor, the type of website sponsor, the card number put on record, credit number and the sign by security audit.
As shown in Figure 4 and Figure 5, after the user clicked security website and authenticates sign 410 " V of enterprise " or ICP recorded website authentication sign 510 " governments ", business card acquiring unit 1166 sent website business card solicited messages to website business card server 300.
Website business card server 300 is suitable for parsing according to the MD5 value of rhizosphere name the auth type of website, if auth type is the authentication of ICP recorded website, then inquires about according to the rhizosphere name in ICP recorded website database, gets the website business card; Authenticate if auth type is security website, then in security website's database, inquire about according to the rhizosphere name, get the website business card; The website business card that inquires is returned to business card acquiring unit 1166.
Business card acquiring unit 1166 obtains the website business cards and also shows, shows for example website business card 520 of ICP recorded website shown in the website business card 420 of security website and Fig. 5 as shown in Figure 4 of result.By the website business card of the website of different authentication type is classified, be convenient to carry out fast finding according to the Type of website, improved the speed of query web business card.
Above-mentionedly only present the browser of relevant information of access websites and the exemplary illustration of system for the present invention; the invention is not restricted to this; all any modifications of doing within the spirit and principles in the present invention, be equal to replacement, improvement etc., all be included in protection scope of the present invention.
Referring to Fig. 7, show the flow chart of the method 700 of the relevant information that presents according to an embodiment of the invention access websites at the browser place.The method starts from step S710, in this step, receives the network address of institute's access websites, and the request security detection equipment detects this network address, and receives the testing result that security detection equipment returns.Generally speaking, browser and security detection equipment are arranged in the same network terminal, and independent mutually with browser.Security detection equipment can upgrade virus base relatively independently, and can finish the safety detection to network address relatively independently.Like this before judging the various authentication informations of website, whether just can the precheck network address corresponding web page contents safety, thereby strengthened Security of the system.In addition, the security detection equipment that resides on the network terminal can be provided by special fail-safe software provider, and virus base in the security detection equipment that can more upgrade in time has improved the accuracy of the safety detection of access websites thus.
Subsequently, in step S720, whether the testing result that determining step S710 obtains indicates the network address of access to be the malice network address, if the network address of testing result indication access is the malice network address, then enter step S730, show that wherein institute's access websites is the information of malicious websites.If the judged result at step S720 is that the network address that the testing result indication is accessed is non-malice network address, then enter step S740.
In step S740, obtain the site certificate information of institute's access websites from first server, and show the site certificate information of obtaining.Site certificate information comprises the auth type that obtains, and wherein auth type comprises one of following type at least: security website authenticates and the authentication of ICP recorded website.
For example, a kind of implementation of step S740 is: the information that sends the rhizosphere name in the network address of relevant institute access websites to first server; Obtain the auth type corresponding with the rhizosphere name from first server.Here, the information of the rhizosphere name in the relevant network address can comprise the cryptographic Hash of this rhizosphere name.
After step S740 shows the site certificate information obtain, if the details of this website are further obtained in user's indication, the website business card of website for example, then method enters step S750.In step S750, receive the indication of the website business card that presents institute's access websites, obtain the website business card of website from second server, and show the website business card that obtains.The website business card is used for presenting the website identity information, and comprises at least one of following message: the title of web site name, station address, the Type of website, website sponsor, the type of website sponsor, the card number put on record, credit number and the sign by security audit.
For example, the specific implementation of step S750 is to send website business card solicited message to second server.Website business card solicited message includes the information of the rhizosphere name in the network address of pass and the auth type of website.In like manner, alternatively, the information of the rhizosphere name in the relevant network address can comprise the cryptographic Hash of rhizosphere name.
Above step only presents a kind of execution mode of method of the relevant information of access websites at the browser place for the present invention, the inventive method can realize by other means.Especially, step S750 is optional step, when the user needs the website business card, obtains the website business card by step S750.When not needing to provide the website business card, the inventive method can not comprise step S750.
Referring to Fig. 8, show the flow chart of the method 800 of the relevant information that presents access websites under the concrete according to an embodiment of the invention application scenarios at the browser place.The method can be carried out with reference in the system shown in Figure 2 in the above.Method 800 starts from step S8010, receives the network address of institute's access websites in this step.Then, enter step S8020, send network address to net shield client and detect.
Subsequently, enter step S8030, judge according to testing result among the step S8020 whether the network address of access is the malice network address, if the network address of access is the malice network address, then enter step S8040, show that wherein institute's access websites is the information of malicious websites.For example, the information of demonstration ejects alarming page as shown in Figure 3, and the suggestion user does not continue access websites, for eye-catching this page can be redness.If the network address of access is not the malice network address, then enter step S8050.
In step S8050, obtain the rhizosphere name of access websites according to the network address of access, calculate the MD5 value of rhizosphere name.Enter subsequently step S8060, send the request of obtaining the site certificate type of the MD5 value comprise the rhizosphere name, the auth type that the reception cloud server returns to cloud server.Auth type comprises: security website authenticates with the ICP recorded website and authenticates.For example, when cloud server returned the auth type information of ICP recorded website, its result was as follows:
{ icp.info:{d: website rhizosphere name } { t:icp put on record in the Type of website } { v: version number } { p: matched rule } }.
Wherein, icp.info represents that the information of returning is ICP recorded website authentication information.
When cloud server returned the auth type information of security website, its result was as follows:
{ kx.info:{d: website rhizosphere name } { n: web site name } { t: the Type of website during security website authenticates } { pr: website scoring } { v: version number } { p: matched rule } }
Wherein, kx.info represents that the information of returning is security website's authentication information.
After in step S8060, receiving the auth type that cloud server returns, enter step S8070, whether the auth type that wherein receives among the determining step S8060 is that security website authenticates, namely judge and whether comprise security website's authentication information in the return information, if for security website authenticates, then enter step S8080, if not for security website authenticates, then enter step S8110.
In step S8080, the security website that presents reception in browser authenticates.Show that before the address field of browser security website authenticates sign.For example, before address field, show the Type of website and add " V " expression security website to authenticate, as shown in Figure 4 " V of enterprise ", this is designated security website and authenticates sign 410.For the ease of distinguishing, can be shown in green with identifying, wherein " enterprise " is the Type of website, i.e. the value of information in field { t: the Type of website during the security website authenticates } field.After step S8080 showed the safety certification of obtaining, if safety certification is clicked, then method 800 entered step S8090.In step S8090, send website business card solicited message to website business card server.Website business card solicited message comprises the MD5 value of the rhizosphere name in the network address and the auth type of website.Subsequently, enter step S8100, wherein receive the website business card that website business card server returns, show this website business card.
As shown in Figure 4, after the user clicks security website and authenticates sign 410 " V of enterprise ", send website business card solicited message to website business card server.Website business card server obtains the rhizosphere name by the MD5 value of rhizosphere name, and the auth type that parses the website is safety certification, inquires about according to the rhizosphere name in security website's database of correspondence, gets the website business card, returns the website business card that inquires.Receive the website business card that returns in the browser, show the website business card 420 of security website.
In step S8110, whether the auth type that receives among the determining step S8060 is the authentication of ICP recorded website, namely judge and whether comprise ICP recorded website authentication information in the return information, if be the authentication of ICP recorded website, then enter step S8120, if for the authentication of ICP recorded website, then do not enter step S8150.
In step S8120, in browser, present the ICP recorded website authentication of reception.Before the address field of browser, show ICP recorded website authentication sign.For example, before address field, show the Type of website, wherein do not add " V ", the authentication of expression ICP recorded website, as shown in Figure 5 " government ", this is designated ICP recorded website authentication sign 510, and wherein " government " is the Type of website, i.e. the value of information in { t:icp put on record in the Type of website } field.For the ease of distinguishing, this sign can be shown as blueness.After step S8120 showed the ICP authentication record that obtains, if the ICP authentication record is clicked, then method 800 entered step S8130.In step S8130, send website business card solicited message to website business card server.Website business card solicited message comprises the MD5 value of the rhizosphere name in the network address and the auth type of website.Subsequently, in step S8140, receive the website business card that website business card server returns, show this website business card.
As shown in Figure 5, after the user clicks ICP recorded website authentication sign " government ", send website business card solicited message to website business card server.Website business card server obtains the rhizosphere name by the MD5 value of rhizosphere name, and the auth type that parses the website is the authentication of ICP recorded website, inquires about according to the rhizosphere name in the ICP of correspondence recorded website database, gets the website business card, returns the website business card that inquires.Receive the website business card that returns in the browser, show the website business card 520 of ICP recorded website.
In step S8150, in Query Result, do not parse ICP recorded website authentication information, do not parse security website's authentication information yet, then show the information that does not get access to open ICP information, as shown in Figure 6.
Alternatively, when from cloud server, not getting access to the auth type of access websites, the network address of this access websites is sent to website business card server, so that website business card server is added up.
Thus, by the website business card of the website of different authentication type is classified, be convenient to carry out fast finding according to the Type of website, improved the speed of query web business card.
Intrinsic not relevant with any certain computer, virtual system or miscellaneous equipment with demonstration at this algorithm that provides.Various general-purpose systems also can be with using based on the teaching at this.According to top description, it is apparent constructing the desired structure of this type systematic.In addition, the present invention is not also for any certain programmed language.Should be understood that and to utilize various programming languages to realize content of the present invention described here, and the top description that language-specific is done is in order to disclose preferred forms of the present invention.
In the specification that provides herein, a large amount of details have been described.Yet, can understand, embodiments of the invention can be put into practice in the situation of these details not having.In some instances, be not shown specifically known method, structure and technology, so that not fuzzy understanding of this description.
Similarly, be to be understood that, in order to simplify the disclosure and to help to understand one or more in each inventive aspect, in the description to exemplary embodiment of the present invention, each feature of the present invention is grouped together in single embodiment, figure or the description to it sometimes in the above.Yet the method for the disclosure should be construed to the following intention of reflection: namely the present invention for required protection requires the more feature of feature clearly put down in writing than institute in each claim.Or rather, as following claims reflected, inventive aspect was to be less than all features of the disclosed single embodiment in front.Therefore, follow claims of embodiment and incorporate clearly thus this embodiment into, wherein each claim itself is as independent embodiment of the present invention.
Those skilled in the art are appreciated that and can adaptively change and they are arranged in one or more equipment different from this embodiment the module in the equipment among the embodiment.Can be combined into a module or unit or assembly to the module among the embodiment or unit or assembly, and can be divided into a plurality of submodules or subelement or sub-component to them in addition.In such feature and/or process or unit at least some are mutually repelling, and can adopt any combination to disclosed all features in this specification (comprising claim, summary and the accompanying drawing followed) and so all processes or the unit of disclosed any method or equipment make up.Unless in addition clearly statement, disclosed each feature can be by providing identical, being equal to or the alternative features of similar purpose replaces in this specification (comprising claim, summary and the accompanying drawing followed).
In addition, those skilled in the art can understand, although embodiment more described herein comprise some feature rather than further feature included among other embodiment, the combination of the feature of different embodiment means and is within the scope of the present invention and forms different embodiment.For example, in the following claims, the one of any of embodiment required for protection can be used with compound mode arbitrarily.
All parts embodiment of the present invention can realize with hardware, perhaps realizes with the software module of moving at one or more processor, and perhaps the combination with them realizes.It will be understood by those of skill in the art that and to use in practice microprocessor or digital signal processor (DSP) to realize according to some or all some or repertoire of parts in the equipment of the relevant information that presents access websites of the embodiment of the invention.The present invention can also be embodied as be used to part or all equipment or the device program (for example, computer program and computer program) of carrying out method as described herein.Such realization program of the present invention can be stored on the computer-readable medium, perhaps can have the form of one or more signal.Such signal can be downloaded from internet website and obtain, and perhaps provides at carrier signal, perhaps provides with any other form.
It should be noted above-described embodiment the present invention will be described rather than limit the invention, and those skilled in the art can design alternative embodiment in the situation of the scope that does not break away from claims.In the claims, any reference symbol between bracket should be configured to limitations on claims.Word " comprises " not to be got rid of existence and is not listed in element or step in the claim.Being positioned at word " " before the element or " one " does not get rid of and has a plurality of such elements.The present invention can realize by means of the hardware that includes some different elements and by means of the computer of suitably programming.In having enumerated the unit claim of some devices, several in these devices can be to come imbody by same hardware branch.The use of word first, second and C grade does not represent any order.Can be title with these word explanations.