CN103209161B - A kind of access request processing method and processing device - Google Patents

A kind of access request processing method and processing device Download PDF

Info

Publication number
CN103209161B
CN103209161B CN201210012288.5A CN201210012288A CN103209161B CN 103209161 B CN103209161 B CN 103209161B CN 201210012288 A CN201210012288 A CN 201210012288A CN 103209161 B CN103209161 B CN 103209161B
Authority
CN
China
Prior art keywords
access request
client
access
user
user behavior
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201210012288.5A
Other languages
Chinese (zh)
Other versions
CN103209161A (en
Inventor
张勇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Tencent Computer Systems Co Ltd
Original Assignee
Shenzhen Tencent Computer Systems Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Tencent Computer Systems Co Ltd filed Critical Shenzhen Tencent Computer Systems Co Ltd
Priority to CN201210012288.5A priority Critical patent/CN103209161B/en
Publication of CN103209161A publication Critical patent/CN103209161A/en
Application granted granted Critical
Publication of CN103209161B publication Critical patent/CN103209161B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Abstract

The invention discloses a kind of access request processing method and processing device:When receiving the access request X for not carrying cyphertext strings that client is sent, server generation cyphertext strings, return to client;Access request X receives the access request initiated after the access instruction of user for client;When receiving the access request Y for carrying cyphertext strings that client is sent, server determines whether the cyphertext strings that are carried in access request Y are legal, if not, then refuse this access, if it is, further determining that whether the user behavior data carried in access request Y is legal, if, then to client backward reference as a result, otherwise, refusing this access;User behavior data for client collect since user enter initiate accession page to the behavioral data sent to client in this period of access instruction.Using scheme of the present invention, it is possible to increase server correctly identifies the ability for forging request.

Description

A kind of access request processing method and processing device
Technical field
The present invention relates to network technology, more particularly to a kind of access request processing method and a kind of access request processing dress Put.
Background technology
In the existing application program based on browser/server (B/S, Browser/Server) framework, when client terminates When receiving the access instruction of user, it can be handled in the following way:
1) user end to server sends access request;
2) server is according to information and encryptions such as the client ips and access time carried in the access request received Algorithm generates cyphertext strings, returns to client;
3) client sends access request to server again, wherein also needing to carry client ip and access time Deng, while also need to carry the cyphertext strings;
4) whether the cyphertext strings that server authentication receives are legal, if it is, to client backward reference as a result, no Then, this access is refused.
Subsequently, if client receives the access instruction of user again, repeat the above steps 1)~4).
In step 2), server can utilize client ip, access time and Message Digest 55 (MD5, Message Digest Algorithm) generate cyphertext strings.The access time carried in the access request received every time due to server Differ, therefore even if being directed to same client, the cyphertext strings generated every time also can be different.
Accessing once can then get a certain number of virtual objects etc., So for certain user, to obtain these articles, but be not desired to send access instruction one after another, i.e., can be in client Middle certain code of installation or software, it is after user sends an access instruction that it, which is acted on, and subsequent client i.e. can automatically not Break and initiate access request to server.
Specifically, i.e., when user sends access instruction, execution of step 1) and 2) after, client can be automatically constantly heavy Step 3)~4 are performed again), this is substantially inequitable for the user of other normal operatings.
Although client automatically constantly repeats step 3)~4) process can exist in practical applications it is certain Problem, i.e. client can only get a cyphertext strings from server side, and the cyphertext strings can fail after a single use, but It is that the mode of existing server generation cyphertext strings is usually all that comparison is fixed, utilization client ip as described above, access Time and MD5 algorithms generate cyphertext strings, once the generating mode is cracked, and client ip and access time are known , then client oneself can access required cyphertext strings every time to generate.
In general, the cyphertext strings that the cyphertext strings of client oneself generation are known as forging, will carry the cyphertext strings of forgery Access request is known as forging request, and, it is necessary to have a kind of mode to help its raising correctly to identify puppet for server Make the ability of request.
The content of the invention
In view of this, can the present invention provides a kind of access request processing method and a kind of access request processing unit Improve server and correctly identify the ability for forging request.
To reach above-mentioned purpose, the technical proposal of the invention is realized in this way:
A kind of access request processing method, including:
When receiving the access request X for not carrying cyphertext strings that client is sent, server generation cyphertext strings, are returned Back to the client;Access request X receives the access request initiated after the access instruction of user for the client;
When receiving the access request Y for carrying cyphertext strings that the client is sent, the server determines to visit Ask whether the cyphertext strings carried in request Y are legal, if it is not, then refusing this access, if it is, further determining that access please Ask the user behavior data carried in Y whether legal, if it is, to the client backward reference as a result, otherwise, refusal is originally Secondary access;The user behavior data for the client collect since user enter initiate accession page to described Client sends the behavioral data in this period of access instruction.
A kind of access request processing unit, including:
First processing module, for when receiving the access request X for not carrying cyphertext strings that client is sent, giving birth to Into cyphertext strings, the client is returned to;Access request X receives the visit initiated after the access instruction of user for the client Ask request;
Second processing module, for when receiving the access request Y for carrying cyphertext strings that the client is sent, Determine whether the cyphertext strings that are carried in access request Y are legal, if it is not, then refusing this access, if it is, further determining that Whether the user behavior data carried in access request Y is legal, if it is, to the client backward reference as a result, otherwise, Refuse this access;The user behavior data for the client collect since user enter initiate accession page to The behavioral data in this period of access instruction is sent to the client.
As it can be seen that using scheme of the present invention, only when the cyphertext strings and user's row that are carried in the access request received For data it is legal when, server can just be thought to visit to client backward reference as a result, otherwise, i.e., can refuse this access It is to forge request to ask request, since user behavior data is generally difficult to what is forged, compared with the prior art, the present invention The scheme can preferably improve server and correctly identify the ability for forging request.
Brief description of the drawings
Fig. 1 is the flow chart of access request processing method embodiment of the present invention.
Fig. 2 is the composition structure diagram of access request processing unit embodiment of the present invention.
Embodiment
For problems of the prior art, a kind of improved access request processing scheme is proposed in the present invention.
To make technical scheme clearer, clear, develop simultaneously embodiment referring to the drawings, to of the present invention Scheme is described in further detail.
Fig. 1 is the flow chart of access request processing method embodiment of the present invention.As shown in Figure 1, comprise the following steps:
Step 11:When receiving the access request X for not carrying cyphertext strings that client is sent, server generation is close Text string, and return to client;Access request X receives the access request initiated after the access instruction of user for client.
After the access instruction of user is received, client can send access request to server, wherein visitor can be carried The information such as family end IP and access time;, can be according to the client ip and visit wherein carried after server receives the access request Ask the information such as time and Encryption Algorithm generation cyphertext strings, and the key string of generation is returned into client.
Step 12:When receiving the access request Y for carrying cyphertext strings that client is sent, server determines to access Whether the cyphertext strings carried in request Y are legal, if it is not, then refusing this access, if it is, further determining that access request Whether the user behavior data carried in Y is legal, if it is, to client backward reference as a result, otherwise, refusing this visit Ask;User behavior data for client collect since user enter initiate accession page refer to sending access to client Make the behavioral data in this period.
It should be noted that asked for the access that differentiation does not carry the access request of cyphertext strings and carries cyphertext strings Ask, in the present invention, the access request for not carrying cyphertext strings is known as access request X, the access request of cyphertext strings will be carried Referred to as access request Y.
User needs to enter initiation accession page, could initiate to access, since user enters initiation accession page, Until user sends access instruction to client, client needs to gather user behavior data of the user within this period, Such as user's mouse motion track, how to gather as the prior art.
In practical applications, after user, which enters, initiates accession page, its mouse can rest on a certain position in the page, The position can be described as initial position, when user needs to send access instruction to client, it will usually click on a certain in the page Button, then, mouse from initial position be moved to button position track be mouse motion track.
After server receives access request Y, it is first determined whether the cyphertext strings wherein carried are legal, how to determine ciphertext It is the prior art that whether string is legal, if it is not, then refusing this access, if it is, further determining that the user wherein carried Whether behavioral data is legal, if it is, to client backward reference as a result, if it is not, then refusing this access.
How whether the user behavior data that carries is legal in authentication-access request Y is decided according to the actual requirements, such as: When user behavior data is user's mouse motion track, can calculate user's mouse motion track for being carried in access request Y with The departure of the user's mouse motion track model pre-saved, if the departure is less than predetermined threshold, it is determined that accessing please Ask the user behavior data carried in Y legal, it is otherwise, illegal.User's mouse motion track model can be by a certain number of Sample training obtains, and how to obtain as the prior art, equally, how to calculate departure is also the prior art, in addition, the threshold value Specific value can be decided according to the actual requirements.
As can be seen that under normal circumstances (i.e. there is no forgery behavior), after user initiates access instruction to client, visitor Family end can send access request X to server, and correspondingly, server can generate a cyphertext strings, return to client;Afterwards, User end to server sends access request Y, wherein carrying cyphertext strings and user behavior data, if legal, services Device can be to client backward reference result;Followed by, if client receives the access instruction of user again, can repeat State the process for sending access request X and access request Y.
But if necessary to forge access request by client, then, the above process is changed into:When client receives To after the access instruction of user, access request X is sent to server, correspondingly, server can generate a cyphertext strings, return to Client;Afterwards, user end to server sends access request Y, wherein cyphertext strings and user behavior data are carried, the user Behavioral data is the user behavior data that client truly collects, if legal, server can be returned to client and visited Ask result;Followed by, client sends access request Y to server again, wherein carrying cyphertext strings and the forgery of forgery User behavior data, similarly, subsequent client sends access request Y to server every time, be required to forge one it is new Cyphertext strings and a new user behavior data, usually, it is difficult to forge that user behavior data, which is, once find that it does not conform to Method, server are rejected by accessing accordingly.
In practical applications, it is also possible to such case occur, i.e. client need not forge a new use every time Family behavioral data, but preserve one or more user behavior datas truly collected and (no longer protected after being usually finished Deposit), in this way, in the access request Y that transmission is forged follow-up every time, the user's row truly collected preserved can be selected respectively For one in data, certainly, if only saving one, can only always with this, in this way, when server receives this During class access request Y, it just will be considered that user behavior data therein is legal, so as to be misdeemed request is forged as legitimate request.
But for reality, in general, each initial position of mouse is all different, and it is moved to every time from initial position The track of button position is also all different, and therefore, under normal circumstances, client is sent to the access request Y of server every time The user behavior data of middle carrying is usually all different.
In this way, it is directed to the above situation, you can use following processing mode:Every after scheduled duration, i.e., for same Client access request Y transmitted in the duration is once checked, is carried if it find that being more than in N number of access request Y User behavior data all same, then by these access requests Y it is corresponding access result deactivate, N is positive integer, such as, will Virtual objects withdrawal that user gets etc..The specific value of the scheduled duration and the specific value of N can be according to reality Depending on needing.
For example user is often successfully once accessed, then its 10 virtual gold coins can be rewarded, and assume that user passes through client End have sent 4 and forge request, wherein the user behavior data all same carried, and finally got reward, then, then Recoverable 40 virtual gold coins for being awarded to user.
So far, that is, the introduction on the method for the present invention embodiment is completed.
Based on above-mentioned introduction, Fig. 2 is the composition structure diagram of access request processing unit embodiment of the present invention.Such as Fig. 2 It is shown, including:
First processing module, for when receiving the access request X for not carrying cyphertext strings that client is sent, giving birth to Into cyphertext strings, client is returned to;Access request X receives the access request initiated after the access instruction of user for client;
Second processing module, for when receiving the access request Y for carrying cyphertext strings that client is sent, determining Whether the cyphertext strings carried in access request Y are legal, if it is not, then refusing this access, if it is, further determining that access Whether the user behavior data carried in request Y is legal, if it is, to client backward reference as a result, otherwise, refusing this Access;User behavior data sends access since user enters initiation accession page for what client collected to client Instruct the behavioral data in this period.
Wherein, user behavior data may include:User's mouse motion track.
Correspondingly, Second processing module calculates the user's mouse motion track carried in access request Y and pre-saves The departure of user's mouse motion track model, if the departure is less than predetermined threshold, it is determined that carried in access request Y User behavior data is legal, otherwise, illegal.
Second processing module can be further used for, often by scheduled duration, i.e., for same client in the duration Transmitted access request Y is once checked, if it find that equal more than the user behavior data carried in N number of access request Y It is identical, then the corresponding results that access of these access requests Y are deactivated, N is positive integer.
In practical applications, Fig. 2 shown devices are usually server.
The specific workflow of Fig. 2 shown device embodiments refer to the respective description in embodiment of the method shown in Fig. 1, this Place repeats no more.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the invention, all essences in the present invention God and any modification, equivalent substitution, improvement and etc. within principle, done, should be included within the scope of protection of the invention.

Claims (6)

  1. A kind of 1. access request processing method, it is characterised in that including:
    When receiving the access request X for not carrying cyphertext strings that client is sent, server generation cyphertext strings, return to The client;Access request X receives the access request initiated after the access instruction of user for the client;
    When receiving the access request Y for carrying cyphertext strings and user behavior data that the client is sent, the clothes Business device determines whether the cyphertext strings that are carried in access request Y are legal, if it is not, then refusing this access, if it is, further Determine whether the user behavior data that is carried in access request Y legal, if it is, to the client backward reference as a result, Otherwise, this access is refused;The user behavior data enters initiation accession page for what the client collected from user Start to the behavioral data sent to the client in this period of access instruction;
    Wherein, the user behavior data is a normal access request behavior for legal expression user behavior;
    This method further comprises:
    Often pass through scheduled duration, once checked for same client access request Y transmitted in the duration, if It was found that more than the user behavior data all same carried in N number of access request Y, then corresponding access of these access requests Y is tied Fruit deactivates, and N is positive integer.
  2. 2. according to the method described in claim 1, it is characterized in that, the user behavior data includes:User's mouse moving rail Mark.
  3. 3. the according to the method described in claim 2, it is characterized in that, user behavior number carried in the definite access request Y According to whether it is legal including:
    Calculate the inclined of the user's mouse motion track carried in access request Y and the user's mouse motion track model pre-saved Residual quantity, if the departure is less than predetermined threshold, it is determined that the user behavior data carried in access request Y is legal, otherwise, no It is legal.
  4. A kind of 4. access request processing unit, it is characterised in that including:
    First processing module, for when receiving the access request X for not carrying cyphertext strings that client is sent, generation to be close Text string, returns to the client;Access request X receives the access initiated after the access instruction of user for the client please Ask;
    Second processing module, for working as the visit for carrying cyphertext strings and user behavior data for receiving the client and sending When asking request Y, determine whether the cyphertext strings that are carried in access request Y are legal, if it is not, then refuse this access, if it is, Further determine that whether the user behavior data carried in access request Y is legal, if it is, to the client backward reference As a result, otherwise, refuse this access;The user behavior data enters initiation access for what the client collected from user The page starts to the behavioral data sent to the client in this period of access instruction;
    Wherein, the user behavior data is a normal access request behavior for legal expression user behavior;
    The Second processing module is further used for, often by scheduled duration, for same client in the duration it is transmitted Access request Y once checked, if it find that more than the user behavior data all same carried in N number of access request Y, then The corresponding results that access of these access requests Y are deactivated, N is positive integer.
  5. 5. device according to claim 4, it is characterised in that the user behavior data includes:User's mouse moving rail Mark.
  6. 6. device according to claim 5, it is characterised in that the Second processing module calculates to be carried in access request Y User's mouse motion track and the departure of user's mouse motion track model that pre-saves, if the departure be less than it is pre- Determine threshold value, it is determined that the user behavior data carried in access request Y is legal, otherwise, illegal.
CN201210012288.5A 2012-01-16 2012-01-16 A kind of access request processing method and processing device Active CN103209161B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201210012288.5A CN103209161B (en) 2012-01-16 2012-01-16 A kind of access request processing method and processing device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201210012288.5A CN103209161B (en) 2012-01-16 2012-01-16 A kind of access request processing method and processing device

Publications (2)

Publication Number Publication Date
CN103209161A CN103209161A (en) 2013-07-17
CN103209161B true CN103209161B (en) 2018-05-04

Family

ID=48756247

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201210012288.5A Active CN103209161B (en) 2012-01-16 2012-01-16 A kind of access request processing method and processing device

Country Status (1)

Country Link
CN (1) CN103209161B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104519069A (en) * 2014-12-27 2015-04-15 广州华多网络科技有限公司 Method and device for intercepting resource requests
CN105046124A (en) * 2015-07-31 2015-11-11 小米科技有限责任公司 Security protection method and apparatus
CN108494759B (en) * 2018-03-14 2021-06-01 北京思特奇信息技术股份有限公司 Access request processing method, system, device and storage medium
CN114285648B (en) * 2021-12-27 2024-01-30 中国工商银行股份有限公司 Network access data processing method and device

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1517889A (en) * 2003-01-14 2004-08-04 盖内蒂克瓦尔有限公司 Keyboard device with authentication function for user and ints method
CN1957355A (en) * 2004-04-01 2007-05-02 道夫·雅各布森 Mouse performance identification
CN101159715A (en) * 2007-11-16 2008-04-09 腾讯科技(深圳)有限公司 Safety information checking method and safety information checking device and client terminal
CN101478401A (en) * 2009-01-21 2009-07-08 东北大学 Authentication method and system based on key stroke characteristic recognition
CN101557287A (en) * 2008-04-07 2009-10-14 冀连有 Method for identity identification according to characteristics of user keystroke
CN101674184A (en) * 2009-10-19 2010-03-17 北京微通新成网络科技有限公司 Identity recognition method based on user keystroke characteristic
CN101827106A (en) * 2010-04-29 2010-09-08 华为技术有限公司 DHCP safety communication method, device and system
CN101833619A (en) * 2010-04-29 2010-09-15 西安交通大学 Method for judging identity based on keyboard-mouse crossed certification
WO2011050514A1 (en) * 2009-10-26 2011-05-05 Sheng Yongxiang Security keyboard and authorization usage method thereof
CN102164033A (en) * 2010-02-24 2011-08-24 腾讯科技(深圳)有限公司 Method, device and system for preventing services from being attacked

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB0201232D0 (en) * 2002-01-19 2002-03-06 Queen Mary & Westfield College Authentication systems

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1517889A (en) * 2003-01-14 2004-08-04 盖内蒂克瓦尔有限公司 Keyboard device with authentication function for user and ints method
CN1957355A (en) * 2004-04-01 2007-05-02 道夫·雅各布森 Mouse performance identification
CN101159715A (en) * 2007-11-16 2008-04-09 腾讯科技(深圳)有限公司 Safety information checking method and safety information checking device and client terminal
CN101557287A (en) * 2008-04-07 2009-10-14 冀连有 Method for identity identification according to characteristics of user keystroke
CN101478401A (en) * 2009-01-21 2009-07-08 东北大学 Authentication method and system based on key stroke characteristic recognition
CN101674184A (en) * 2009-10-19 2010-03-17 北京微通新成网络科技有限公司 Identity recognition method based on user keystroke characteristic
WO2011050514A1 (en) * 2009-10-26 2011-05-05 Sheng Yongxiang Security keyboard and authorization usage method thereof
CN102164033A (en) * 2010-02-24 2011-08-24 腾讯科技(深圳)有限公司 Method, device and system for preventing services from being attacked
CN101827106A (en) * 2010-04-29 2010-09-08 华为技术有限公司 DHCP safety communication method, device and system
CN101833619A (en) * 2010-04-29 2010-09-15 西安交通大学 Method for judging identity based on keyboard-mouse crossed certification

Also Published As

Publication number Publication date
CN103209161A (en) 2013-07-17

Similar Documents

Publication Publication Date Title
CN105897782B (en) A kind of processing method and processing device of the call request for interface
US10432652B1 (en) Methods for detecting and mitigating malicious network behavior and devices thereof
CN103944900B (en) It is a kind of that attack prevention method and its device are asked across station based on encryption
US8984292B2 (en) Keyed human interactive proof players
CN102480490B (en) Method for preventing CSRF attack and equipment thereof
CN104092811B (en) Mobile terminal information download method, system, terminal device and server
TWI515588B (en) Machine behavior determination method, web browser and web server
CN103957436B (en) A kind of video anti-stealing link method based on OTT business
CN106487747B (en) User identification method, system, device and processing method, device
US9641535B2 (en) Apparatus and data processing systems for accessing an object
CN104202162B (en) A kind of system logged in based on mobile phone and login method
CN103916244A (en) Verification method and device
CN103209161B (en) A kind of access request processing method and processing device
Mehra et al. Mitigating denial of service attack using CAPTCHA mechanism
Koduru et al. Detection of economic denial of sustainability using time spent on a web page in cloud
CN106713276B (en) A kind of data capture method and its system based on authorization identifying
CN106357694A (en) Method and device for processing access request
CN107454041A (en) Prevent the method and device that server is attacked
CN113569263A (en) Secure processing method and device for cross-private-domain data and electronic equipment
CN108600145A (en) A kind of method and device of determining ddos attack equipment
CN105429978B (en) Data access method, equipment and system
CN106713242A (en) Data request processing method and device
CN105141642B (en) A kind of method and device preventing illegal user's behavior
CN106888200B (en) Identification association method, information sending method and device
CN108200450A (en) A kind of determining method, apparatus, electronic equipment and medium for paying close attention to legitimacy

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant