CN103209161A - Method and device for processing access requests - Google Patents
Method and device for processing access requests Download PDFInfo
- Publication number
- CN103209161A CN103209161A CN2012100122885A CN201210012288A CN103209161A CN 103209161 A CN103209161 A CN 103209161A CN 2012100122885 A CN2012100122885 A CN 2012100122885A CN 201210012288 A CN201210012288 A CN 201210012288A CN 103209161 A CN103209161 A CN 103209161A
- Authority
- CN
- China
- Prior art keywords
- access request
- user
- behavior data
- access
- client
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Information Transfer Between Computers (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a method and a device for processing access requests. The method comprises that a server generates a ciphertext string and returns the ciphertext string to a client side when receiving the access request X without the ciphertext string, which is sent by the client side; the access request X is an access request which is initiated after the client side receives an access instruction of a user; the server determines whether a ciphertext string carried in the access request Y is legal or not when receiving the access request Y with the ciphertext string, which is sent by the client side, if the ciphertext string carried in the access request Y is not legal, the access at this time is rejected, if the ciphertext string carried in the access request Y is legal, the server further determines whether user behavior data carried in the access request Y are legal or not, if the user behavior data carried in the access request Y are legal, the server returns an access result to the client side, and if the user behavior data carried in the access request Y are not legal, the access at this time is rejected; and the user behavior data are behavior data collected by the client side in the period from accessing of an access initiating page by the user to sending of the access instruction to the client side by the user. By the aid of the method and the device, the capability of the server for correct identification of forgery requests can be improved.
Description
Technical field
The present invention relates to network technology, particularly a kind of access request processing method and a kind of access request processing unit.
Background technology
Existing based on browser/server (B/S, Browser/Server) in the application program of framework, when client receives user's access instruction, can handle in such a way:
1) user end to server sends access request;
2) server returns to client according to information and cryptographic algorithm generation cyphertext strings such as the client ip that carries in the access request that receives and access times;
3) client sends access request to server again, wherein need carry client ip and access time etc. equally, also needs to carry described cyphertext strings simultaneously;
4) whether the cyphertext strings that receives of server authentication is legal, if, then to client backward reference result, otherwise, this visit refused.
Follow-up, if client receives user's access instruction again, then repeat above-mentioned steps 1)~4).
Step 2) in, server can utilize client ip, access time and Message Digest 55 (MD5, Message Digest Algorithm) to generate cyphertext strings.Because the access time of carrying in the access request that server receives is all inequality at every turn, even therefore at same client, each cyphertext strings that generates also can be different.
In actual applications, under some situation, once then can get access to the virtual objects of some etc. such as every visit, so for the certain user, for obtaining these article, but do not think to send one after another access instruction, namely certain code or software can be installed in client, its effect is after the user sends access instruction, and subsequent client namely can automatically constantly be initiated access request to server.
Specifically, namely work as the user and send access instruction, execution of step 1) and 2) after, client is continuous repeated execution of steps 3 automatically)~4), this obviously is inequitable for the user of other normal running.
Though client is continuous repeated execution of steps 3 automatically)~4) process can have certain problem in actual applications, be that client can only get access to a cyphertext strings from server side, and this cyphertext strings namely can lose efficacy after using once, but, the mode that existing server generates cyphertext strings is all relatively fixed usually, as described above utilize client ip, access time and MD5 algorithm generate cyphertext strings, in case this generating mode is cracked, and client ip and access time are known, and client can oneself generate the required cyphertext strings of each visit so.
Usually, the cyphertext strings that client oneself is generated is called the cyphertext strings of forgery, the access request that carries the cyphertext strings of forgery is called the request of forgery, and for server, need has a kind of mode to help it and improve the ability that correctly identifies the request of forgery.
Summary of the invention
In view of this, the invention provides a kind of access request processing method and a kind of access request processing unit, can improve the ability that server correctly identifies the request of forgery.
For achieving the above object, technical scheme of the present invention is achieved in that
A kind of access request processing method comprises:
When receive that client sends do not carry the access request X of cyphertext strings the time, server generates cyphertext strings, returns to described client; Access request X is that described client receives the access request of initiating behind user's the access instruction;
When receive that described client sends carry the access request Y of cyphertext strings the time, described server determines whether the cyphertext strings of carrying among the access request Y is legal, if not, then refuse this visit, if determine further then whether the user behavior data that carries among the access request Y is legal, if, then to described client backward reference result, otherwise, this visit refused; Described user behavior data is that entering from the user of collecting of described client initiated accession page and begun to send the behavioral data of access instruction in this time period to described client.
A kind of access request processing unit comprises:
First processing module, be used for when receive that client sends do not carry the access request X of cyphertext strings the time, the generation cyphertext strings returns to described client; Access request X is that described client receives the access request of initiating behind user's the access instruction;
Second processing module, be used for when receive that described client sends carry the access request Y of cyphertext strings the time, determine whether the cyphertext strings of carrying among the access request Y is legal, if not, then refuse this visit, if, determine further then whether the user behavior data that carries among the access request Y is legal, if, then to described client backward reference result, otherwise, refuse this visit; Described user behavior data is that entering from the user of collecting of described client initiated accession page and begun to send the behavioral data of access instruction in this time period to described client.
As seen, adopt scheme of the present invention, have only when the cyphertext strings of carrying in the access request that receives and user behavior data are all legal, server just can be to client backward reference result, otherwise, namely can refuse this visit, think that namely access request is the request of forging, because user behavior data normally is difficult to forgery, therefore, than prior art, scheme of the present invention can improve the ability that server correctly identifies the request of forgery preferably.
Description of drawings
Fig. 1 is the flow chart of access request processing method embodiment of the present invention.
Fig. 2 is the composition structural representation of access request processing unit embodiment of the present invention.
Embodiment
At problems of the prior art, the access request processing scheme among the present invention after a kind of improvement of proposition.
For make technical scheme of the present invention clearer, understand, below with reference to the accompanying drawing embodiment that develops simultaneously, scheme of the present invention is described in further detail.
Fig. 1 is the flow chart of access request processing method embodiment of the present invention.As shown in Figure 1, may further comprise the steps:
Step 11: when receive that client sends do not carry the access request X of cyphertext strings the time, server generates cyphertext strings, and returns to client; Access request X is that client receives the access request of initiating behind user's the access instruction.
Behind the access instruction that receives the user, client can send access request to server, and wherein portability has information such as client ip and access time; After server receives this access request, can generate cyphertext strings according to information such as the client ip that wherein carries and access time and cryptographic algorithm, and the key string that generates is returned to client.
Step 12: when receive that client sends carry the access request Y of cyphertext strings the time, server determines whether the cyphertext strings of carrying among the access request Y is legal, if not, then refuse this visit, if determine further then whether the user behavior data that carries among the access request Y is legal, if, then to client backward reference result, otherwise, this visit refused; User behavior data is that entering from the user of collecting of client initiated accession page and begun to send the behavioral data of access instruction in this time period to client.
Need to prove, for distinguishing the access request that does not carry the access request of cyphertext strings and carry cyphertext strings, among the present invention, the access request that does not carry cyphertext strings is called access request X, the access request that carries cyphertext strings is called access request Y.
The user need enter into the initiation accession page, could initiate visit, enter into the initiation accession page from the user, send access instruction up to the user to client, client need be gathered the user behavior data of user in this time period, such as, user's mouse motion track, how to gather and be prior art.
In actual applications; after the user enters the initiation accession page; its mouse can rest on a certain position in the page; this position can be described as original position; when the user need send access instruction to client; usually can click a certain button in the page, so, mouse is the mouse moving track from the track that original position moves to button positions.
After server receives access request Y, determine at first whether the cyphertext strings of wherein carrying is legal, how determining that cyphertext strings is whether legal is prior art, if not, then refuses this visit, if, determine further then whether the user behavior data that wherein carries is legal, if, then to client backward reference result, if not, then refuse this visit.
The user behavior data that carries among the authentication-access request Y legal being decided according to the actual requirements whether how, such as: when user behavior data is user's mouse motion track, can calculate the departure of the user's mouse motion track that carries among the access request Y and user's mouse motion track model of preserving in advance, if this departure is less than predetermined threshold, determine that then the user behavior data that carries among the access request Y is legal, otherwise, illegal.User's mouse motion track model can obtain by the sample training of some, how to obtain being prior art, and same, how the calculation deviation amount also is prior art, and in addition, the concrete value of described threshold value can be decided according to the actual requirements.
As can be seen, (namely do not have the forgery behavior) under the normal condition, after the user initiated access instruction to client, client can send access request X to server, and correspondingly, server can generate a cyphertext strings, returns to client; Afterwards, user end to server sends access request Y, wherein carries cyphertext strings and user behavior data, if all legal, then server can be to client backward reference result; Again, if client receives user's access instruction again, then can repeat the process of above-mentioned transmission access request X and access request Y.
But, bring in the forgery access request by the client if desired, so, said process namely becomes: receive user's access instruction when client after, send access request X to server, correspondingly, server can generate a cyphertext strings, returns to client; Afterwards, user end to server sends access request Y, wherein carries cyphertext strings and user behavior data, and this user behavior data is the user behavior data that client truly collects, if all legal, then server can be to client backward reference result; Again, client sends access request Y to server again, wherein carry the cyphertext strings of forgery and the user behavior data of forgery, similarly, subsequent client sends access request Y to server at every turn, all needs to forge a new cyphertext strings and a new user behavior data, as a rule, user behavior data is to be difficult to forge, in case find that it is illegal, server can be refused corresponding visit.
In actual applications, also this situation might appear, be that client does not need all to forge a new user behavior data at every turn, but preserve one or more user behavior datas that truly collect (namely no longer preserving after using up usually), like this, when the access request Y that follow-up each transmission is forged, can select in the user behavior data of preserving that truly collects respectively for use, certainly, if only preserved one, then can only be always with this, like this, when server receives this class access request Y, will think that user behavior data wherein is legal, thereby the request of will forging misdeems and is legitimate request.
But it is actual, usually, the each initial position of mouse all is different, and the track that at every turn moves to button positions from initial position also all is different, therefore, under the normal condition, it all is different usually that client sends to the user behavior data that carries among the access request Y of server at every turn.
Like this, at above-mentioned situation, can adopt following processing mode: after every process scheduled duration, namely the access request Y that sends in this duration at same client once checks, if find all identically greater than the user behavior data that carries among N the access request Y, then the visit result with these access request Y correspondence deactivates, and N is positive integer, such as, virtual objects withdrawal that the user is got access to etc.The concrete value of described scheduled duration and the concrete value of N all can be decided according to the actual requirements.
Such as, the user is every successfully once to be visited, and then can reward its 10 virtual gold coins, and suppose that the user has sent 4 by client and forged request, the user behavior data that wherein carries is all identical, and has finally all got access to award, so, then 40 virtual gold coins of user are given in recoverable award.
So far, namely finished introduction about the inventive method embodiment.
Based on above-mentioned introduction, Fig. 2 is the composition structural representation of access request processing unit embodiment of the present invention.As shown in Figure 2, comprising:
First processing module, be used for when receive that client sends do not carry the access request X of cyphertext strings the time, the generation cyphertext strings returns to client; Access request X is that client receives the access request of initiating behind user's the access instruction;
Second processing module, be used for when receive that client sends carry the access request Y of cyphertext strings the time, determine whether the cyphertext strings of carrying among the access request Y is legal, if not, then refuse this visit, if, determine further then whether the user behavior data that carries among the access request Y is legal, if, then to client backward reference result, otherwise, refuse this visit; User behavior data is that entering from the user of collecting of client initiated accession page and begun to send the behavioral data of access instruction in this time period to client.
Wherein, user behavior data can comprise: user's mouse motion track.
Correspondingly, second processing module is calculated the departure of the user's mouse motion track that carries among the access request Y and user's mouse motion track model of preserving in advance, if this departure, determines then that the user behavior data that carries among the access request Y is legal less than predetermined threshold, otherwise, illegal.
Second processing module also can be further used for, every through scheduled duration, namely the access request Y that sends in this duration at same client once checks, if find all identical greater than the user behavior data that carries among N the access request Y, then the visit result with these access request Y correspondence deactivates, and N is positive integer.
In actual applications, device shown in Figure 2 is generally server.
The concrete workflow of device embodiment shown in Figure 2 please refer to the respective description among the method embodiment shown in Figure 1, repeats no more herein.
The above only is preferred embodiment of the present invention, and is in order to limit the present invention, within the spirit and principles in the present invention not all, any modification of making, is equal to replacement, improvement etc., all should be included within the scope of protection of the invention.
Claims (8)
1. an access request processing method is characterized in that, comprising:
When receive that client sends do not carry the access request X of cyphertext strings the time, server generates cyphertext strings, returns to described client; Access request X is that described client receives the access request of initiating behind user's the access instruction;
When receive that described client sends carry the access request Y of cyphertext strings the time, described server determines whether the cyphertext strings of carrying among the access request Y is legal, if not, then refuse this visit, if determine further then whether the user behavior data that carries among the access request Y is legal, if, then to described client backward reference result, otherwise, this visit refused; Described user behavior data is that entering from the user of collecting of described client initiated accession page and begun to send the behavioral data of access instruction in this time period to described client.
2. method according to claim 1 is characterized in that, described user behavior data comprises: user's mouse motion track.
3. method according to claim 2 is characterized in that, whether the user behavior data that carries among described definite access request Y legal comprising:
Calculate the departure of the user's mouse motion track that carries among the access request Y and user's mouse motion track model of preserving in advance, if this departure, determines then that the user behavior data that carries among the access request Y is legal less than predetermined threshold, otherwise, illegal.
4. according to claim 1,2 or 3 described methods, it is characterized in that this method further comprises:
Every through scheduled duration, the access request Y that sends in this duration at same client once checks, if find all identically greater than the user behavior data that carries among N the access request Y, then the visit result with these access request Y correspondence deactivates, and N is positive integer.
5. an access request processing unit is characterized in that, comprising:
First processing module, be used for when receive that client sends do not carry the access request X of cyphertext strings the time, the generation cyphertext strings returns to described client; Access request X is that described client receives the access request of initiating behind user's the access instruction;
Second processing module, be used for when receive that described client sends carry the access request Y of cyphertext strings the time, determine whether the cyphertext strings of carrying among the access request Y is legal, if not, then refuse this visit, if, determine further then whether the user behavior data that carries among the access request Y is legal, if, then to described client backward reference result, otherwise, refuse this visit; Described user behavior data is that entering from the user of collecting of described client initiated accession page and begun to send the behavioral data of access instruction in this time period to described client.
6. device according to claim 5 is characterized in that, described user behavior data comprises: user's mouse motion track.
7. device according to claim 6, it is characterized in that, described second processing module is calculated the departure of the user's mouse motion track that carries among the access request Y and user's mouse motion track model of preserving in advance, if this departure is less than predetermined threshold, determine that then the user behavior data that carries among the access request Y is legal, otherwise, illegal.
8. according to claim 5,6 or 7 described devices, it is characterized in that, described second processing module is further used for, every through scheduled duration, the access request Y that sends in this duration at same client once checks, if find all identically greater than the user behavior data that carries among N the access request Y, then the visit result with these access request Y correspondence deactivates, and N is positive integer.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210012288.5A CN103209161B (en) | 2012-01-16 | 2012-01-16 | A kind of access request processing method and processing device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210012288.5A CN103209161B (en) | 2012-01-16 | 2012-01-16 | A kind of access request processing method and processing device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103209161A true CN103209161A (en) | 2013-07-17 |
| CN103209161B CN103209161B (en) | 2018-05-04 |
Family
ID=48756247
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210012288.5A Active CN103209161B (en) | 2012-01-16 | 2012-01-16 | A kind of access request processing method and processing device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103209161B (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103716327A (en) * | 2014-01-03 | 2014-04-09 | 天地融科技股份有限公司 | Operation request processing method and system |
| CN104519069A (en) * | 2014-12-27 | 2015-04-15 | 广州华多网络科技有限公司 | Method and device for intercepting resource requests |
| CN105046124A (en) * | 2015-07-31 | 2015-11-11 | 小米科技有限责任公司 | Security protection method and apparatus |
| CN103716327B (en) * | 2014-01-03 | 2016-11-30 | 天地融科技股份有限公司 | A kind of operation requests processing method and system |
| CN108494759A (en) * | 2018-03-14 | 2018-09-04 | 北京思特奇信息技术股份有限公司 | A kind of access request processing method, system, equipment and storage medium |
| CN114285648A (en) * | 2021-12-27 | 2022-04-05 | 中国工商银行股份有限公司 | Network access data processing method and device |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1517889A (en) * | 2003-01-14 | 2004-08-04 | 盖内蒂克瓦尔有限公司 | Keyboard device with authentication function for user and ints method |
| US20050223234A1 (en) * | 2002-01-19 | 2005-10-06 | Mcowan Peter W | Authentication systems |
| CN1957355A (en) * | 2004-04-01 | 2007-05-02 | 道夫·雅各布森 | Mouse performance identification |
| CN101159715A (en) * | 2007-11-16 | 2008-04-09 | 腾讯科技(深圳)有限公司 | Safety information checking method and safety information checking device and client terminal |
| CN101478401A (en) * | 2009-01-21 | 2009-07-08 | 东北大学 | Authentication method and system based on key stroke characteristic recognition |
| CN101557287A (en) * | 2008-04-07 | 2009-10-14 | 冀连有 | Method for identity identification according to characteristics of user keystroke |
| CN101674184A (en) * | 2009-10-19 | 2010-03-17 | 北京微通新成网络科技有限公司 | Identity recognition method based on user keystroke characteristic |
| CN101827106A (en) * | 2010-04-29 | 2010-09-08 | 华为技术有限公司 | DHCP safety communication method, device and system |
| CN101833619A (en) * | 2010-04-29 | 2010-09-15 | 西安交通大学 | Method for judging identity based on keyboard-mouse crossed certification |
| WO2011050514A1 (en) * | 2009-10-26 | 2011-05-05 | Sheng Yongxiang | Security keyboard and authorization usage method thereof |
| CN102164033A (en) * | 2010-02-24 | 2011-08-24 | 腾讯科技(深圳)有限公司 | Method, device and system for preventing services from being attacked |
-
2012
- 2012-01-16 CN CN201210012288.5A patent/CN103209161B/en active Active
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050223234A1 (en) * | 2002-01-19 | 2005-10-06 | Mcowan Peter W | Authentication systems |
| CN1517889A (en) * | 2003-01-14 | 2004-08-04 | 盖内蒂克瓦尔有限公司 | Keyboard device with authentication function for user and ints method |
| CN1957355A (en) * | 2004-04-01 | 2007-05-02 | 道夫·雅各布森 | Mouse performance identification |
| CN101159715A (en) * | 2007-11-16 | 2008-04-09 | 腾讯科技(深圳)有限公司 | Safety information checking method and safety information checking device and client terminal |
| CN101557287A (en) * | 2008-04-07 | 2009-10-14 | 冀连有 | Method for identity identification according to characteristics of user keystroke |
| CN101478401A (en) * | 2009-01-21 | 2009-07-08 | 东北大学 | Authentication method and system based on key stroke characteristic recognition |
| CN101674184A (en) * | 2009-10-19 | 2010-03-17 | 北京微通新成网络科技有限公司 | Identity recognition method based on user keystroke characteristic |
| WO2011050514A1 (en) * | 2009-10-26 | 2011-05-05 | Sheng Yongxiang | Security keyboard and authorization usage method thereof |
| CN102164033A (en) * | 2010-02-24 | 2011-08-24 | 腾讯科技(深圳)有限公司 | Method, device and system for preventing services from being attacked |
| CN101827106A (en) * | 2010-04-29 | 2010-09-08 | 华为技术有限公司 | DHCP safety communication method, device and system |
| CN101833619A (en) * | 2010-04-29 | 2010-09-15 | 西安交通大学 | Method for judging identity based on keyboard-mouse crossed certification |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103716327A (en) * | 2014-01-03 | 2014-04-09 | 天地融科技股份有限公司 | Operation request processing method and system |
| CN103716327B (en) * | 2014-01-03 | 2016-11-30 | 天地融科技股份有限公司 | A kind of operation requests processing method and system |
| CN104519069A (en) * | 2014-12-27 | 2015-04-15 | 广州华多网络科技有限公司 | Method and device for intercepting resource requests |
| CN105046124A (en) * | 2015-07-31 | 2015-11-11 | 小米科技有限责任公司 | Security protection method and apparatus |
| CN108494759A (en) * | 2018-03-14 | 2018-09-04 | 北京思特奇信息技术股份有限公司 | A kind of access request processing method, system, equipment and storage medium |
| CN108494759B (en) * | 2018-03-14 | 2021-06-01 | 北京思特奇信息技术股份有限公司 | Access request processing method, system, device and storage medium |
| CN114285648A (en) * | 2021-12-27 | 2022-04-05 | 中国工商银行股份有限公司 | Network access data processing method and device |
| CN114285648B (en) * | 2021-12-27 | 2024-01-30 | 中国工商银行股份有限公司 | Network access data processing method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103209161B (en) | 2018-05-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP2691848B1 (en) | Determining machine behavior | |
| Durrani et al. | Volunteer computing: requirements, challenges, and solutions | |
| CN102968600B (en) | Full life-cycle management method for sensitive data file based on fingerprint information implantation | |
| KR20190022431A (en) | Training Method of Random Forest Model, Electronic Apparatus and Storage Medium | |
| CN104318138A (en) | Method and device for verifying identity of user | |
| CN103443781A (en) | Data delivery | |
| JP5728567B2 (en) | How to convert web from 2D to 3D | |
| CN103294939B (en) | For the method and system of virtual avatar authentication | |
| CN102624677A (en) | Method and server for monitoring network user behavior | |
| CN104580364A (en) | Resource sharing method and device | |
| CN105100032A (en) | Method and apparatus for preventing resource steal | |
| CN105827406A (en) | Identity verification method, identity verification device, and identity verification system | |
| CN113015974A (en) | Verifiable consent for privacy protection | |
| KR102022058B1 (en) | Method and system for detecting counterfeit of web page | |
| CN103139182A (en) | Method, client end, server and system allowing user to visit | |
| CN104994092A (en) | Service request processing method, terminal browser and anti-attack server | |
| EP2901290A1 (en) | Detecting malicious advertisements using source code analysis | |
| CN103701783A (en) | Preprocessing unit, data processing system consisting of same, and processing method | |
| CN109885790B (en) | Method and device for acquiring satisfaction evaluation data | |
| CN103209161A (en) | Method and device for processing access requests | |
| CN111460394A (en) | Copyright file verification method and device and computer readable storage medium | |
| CN110324350A (en) | Identity identifying method and server based on the non-sensitive sensing data in mobile terminal | |
| CN110581841B (en) | Back-end anti-crawler method | |
| CN101984620A (en) | Codebook generating method and convert communication system | |
| CN102571694A (en) | Computer performance optimizing system and method of computer |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |