CN103209161B - A kind of access request processing method and processing device - Google Patents
A kind of access request processing method and processing device Download PDFInfo
- Publication number
- CN103209161B CN103209161B CN201210012288.5A CN201210012288A CN103209161B CN 103209161 B CN103209161 B CN 103209161B CN 201210012288 A CN201210012288 A CN 201210012288A CN 103209161 B CN103209161 B CN 103209161B
- Authority
- CN
- China
- Prior art keywords
- access request
- client
- access
- user
- user behavior
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The invention discloses a kind of access request processing method and processing device:When receiving the access request X for not carrying cyphertext strings that client is sent, server generation cyphertext strings, return to client;Access request X receives the access request initiated after the access instruction of user for client;When receiving the access request Y for carrying cyphertext strings that client is sent, server determines whether the cyphertext strings that are carried in access request Y are legal, if not, then refuse this access, if it is, further determining that whether the user behavior data carried in access request Y is legal, if, then to client backward reference as a result, otherwise, refusing this access;User behavior data for client collect since user enter initiate accession page to the behavioral data sent to client in this period of access instruction.Using scheme of the present invention, it is possible to increase server correctly identifies the ability for forging request.
Description
Technical field
The present invention relates to network technology, more particularly to a kind of access request processing method and a kind of access request processing dress
Put.
Background technology
In the existing application program based on browser/server (B/S, Browser/Server) framework, when client terminates
When receiving the access instruction of user, it can be handled in the following way:
1) user end to server sends access request;
2) server is according to information and encryptions such as the client ips and access time carried in the access request received
Algorithm generates cyphertext strings, returns to client;
3) client sends access request to server again, wherein also needing to carry client ip and access time
Deng, while also need to carry the cyphertext strings;
4) whether the cyphertext strings that server authentication receives are legal, if it is, to client backward reference as a result, no
Then, this access is refused.
Subsequently, if client receives the access instruction of user again, repeat the above steps 1)~4).
In step 2), server can utilize client ip, access time and Message Digest 55 (MD5, Message
Digest Algorithm) generate cyphertext strings.The access time carried in the access request received every time due to server
Differ, therefore even if being directed to same client, the cyphertext strings generated every time also can be different.
Accessing once can then get a certain number of virtual objects etc.,
So for certain user, to obtain these articles, but be not desired to send access instruction one after another, i.e., can be in client
Middle certain code of installation or software, it is after user sends an access instruction that it, which is acted on, and subsequent client i.e. can automatically not
Break and initiate access request to server.
Specifically, i.e., when user sends access instruction, execution of step 1) and 2) after, client can be automatically constantly heavy
Step 3)~4 are performed again), this is substantially inequitable for the user of other normal operatings.
Although client automatically constantly repeats step 3)~4) process can exist in practical applications it is certain
Problem, i.e. client can only get a cyphertext strings from server side, and the cyphertext strings can fail after a single use, but
It is that the mode of existing server generation cyphertext strings is usually all that comparison is fixed, utilization client ip as described above, access
Time and MD5 algorithms generate cyphertext strings, once the generating mode is cracked, and client ip and access time are known
, then client oneself can access required cyphertext strings every time to generate.
In general, the cyphertext strings that the cyphertext strings of client oneself generation are known as forging, will carry the cyphertext strings of forgery
Access request is known as forging request, and, it is necessary to have a kind of mode to help its raising correctly to identify puppet for server
Make the ability of request.
The content of the invention
In view of this, can the present invention provides a kind of access request processing method and a kind of access request processing unit
Improve server and correctly identify the ability for forging request.
To reach above-mentioned purpose, the technical proposal of the invention is realized in this way:
A kind of access request processing method, including:
When receiving the access request X for not carrying cyphertext strings that client is sent, server generation cyphertext strings, are returned
Back to the client;Access request X receives the access request initiated after the access instruction of user for the client;
When receiving the access request Y for carrying cyphertext strings that the client is sent, the server determines to visit
Ask whether the cyphertext strings carried in request Y are legal, if it is not, then refusing this access, if it is, further determining that access please
Ask the user behavior data carried in Y whether legal, if it is, to the client backward reference as a result, otherwise, refusal is originally
Secondary access;The user behavior data for the client collect since user enter initiate accession page to described
Client sends the behavioral data in this period of access instruction.
A kind of access request processing unit, including:
First processing module, for when receiving the access request X for not carrying cyphertext strings that client is sent, giving birth to
Into cyphertext strings, the client is returned to;Access request X receives the visit initiated after the access instruction of user for the client
Ask request;
Second processing module, for when receiving the access request Y for carrying cyphertext strings that the client is sent,
Determine whether the cyphertext strings that are carried in access request Y are legal, if it is not, then refusing this access, if it is, further determining that
Whether the user behavior data carried in access request Y is legal, if it is, to the client backward reference as a result, otherwise,
Refuse this access;The user behavior data for the client collect since user enter initiate accession page to
The behavioral data in this period of access instruction is sent to the client.
As it can be seen that using scheme of the present invention, only when the cyphertext strings and user's row that are carried in the access request received
For data it is legal when, server can just be thought to visit to client backward reference as a result, otherwise, i.e., can refuse this access
It is to forge request to ask request, since user behavior data is generally difficult to what is forged, compared with the prior art, the present invention
The scheme can preferably improve server and correctly identify the ability for forging request.
Brief description of the drawings
Fig. 1 is the flow chart of access request processing method embodiment of the present invention.
Fig. 2 is the composition structure diagram of access request processing unit embodiment of the present invention.
Embodiment
For problems of the prior art, a kind of improved access request processing scheme is proposed in the present invention.
To make technical scheme clearer, clear, develop simultaneously embodiment referring to the drawings, to of the present invention
Scheme is described in further detail.
Fig. 1 is the flow chart of access request processing method embodiment of the present invention.As shown in Figure 1, comprise the following steps:
Step 11:When receiving the access request X for not carrying cyphertext strings that client is sent, server generation is close
Text string, and return to client;Access request X receives the access request initiated after the access instruction of user for client.
After the access instruction of user is received, client can send access request to server, wherein visitor can be carried
The information such as family end IP and access time;, can be according to the client ip and visit wherein carried after server receives the access request
Ask the information such as time and Encryption Algorithm generation cyphertext strings, and the key string of generation is returned into client.
Step 12:When receiving the access request Y for carrying cyphertext strings that client is sent, server determines to access
Whether the cyphertext strings carried in request Y are legal, if it is not, then refusing this access, if it is, further determining that access request
Whether the user behavior data carried in Y is legal, if it is, to client backward reference as a result, otherwise, refusing this visit
Ask;User behavior data for client collect since user enter initiate accession page refer to sending access to client
Make the behavioral data in this period.
It should be noted that asked for the access that differentiation does not carry the access request of cyphertext strings and carries cyphertext strings
Ask, in the present invention, the access request for not carrying cyphertext strings is known as access request X, the access request of cyphertext strings will be carried
Referred to as access request Y.
User needs to enter initiation accession page, could initiate to access, since user enters initiation accession page,
Until user sends access instruction to client, client needs to gather user behavior data of the user within this period,
Such as user's mouse motion track, how to gather as the prior art.
In practical applications, after user, which enters, initiates accession page, its mouse can rest on a certain position in the page,
The position can be described as initial position, when user needs to send access instruction to client, it will usually click on a certain in the page
Button, then, mouse from initial position be moved to button position track be mouse motion track.
After server receives access request Y, it is first determined whether the cyphertext strings wherein carried are legal, how to determine ciphertext
It is the prior art that whether string is legal, if it is not, then refusing this access, if it is, further determining that the user wherein carried
Whether behavioral data is legal, if it is, to client backward reference as a result, if it is not, then refusing this access.
How whether the user behavior data that carries is legal in authentication-access request Y is decided according to the actual requirements, such as:
When user behavior data is user's mouse motion track, can calculate user's mouse motion track for being carried in access request Y with
The departure of the user's mouse motion track model pre-saved, if the departure is less than predetermined threshold, it is determined that accessing please
Ask the user behavior data carried in Y legal, it is otherwise, illegal.User's mouse motion track model can be by a certain number of
Sample training obtains, and how to obtain as the prior art, equally, how to calculate departure is also the prior art, in addition, the threshold value
Specific value can be decided according to the actual requirements.
As can be seen that under normal circumstances (i.e. there is no forgery behavior), after user initiates access instruction to client, visitor
Family end can send access request X to server, and correspondingly, server can generate a cyphertext strings, return to client;Afterwards,
User end to server sends access request Y, wherein carrying cyphertext strings and user behavior data, if legal, services
Device can be to client backward reference result;Followed by, if client receives the access instruction of user again, can repeat
State the process for sending access request X and access request Y.
But if necessary to forge access request by client, then, the above process is changed into:When client receives
To after the access instruction of user, access request X is sent to server, correspondingly, server can generate a cyphertext strings, return to
Client;Afterwards, user end to server sends access request Y, wherein cyphertext strings and user behavior data are carried, the user
Behavioral data is the user behavior data that client truly collects, if legal, server can be returned to client and visited
Ask result;Followed by, client sends access request Y to server again, wherein carrying cyphertext strings and the forgery of forgery
User behavior data, similarly, subsequent client sends access request Y to server every time, be required to forge one it is new
Cyphertext strings and a new user behavior data, usually, it is difficult to forge that user behavior data, which is, once find that it does not conform to
Method, server are rejected by accessing accordingly.
In practical applications, it is also possible to such case occur, i.e. client need not forge a new use every time
Family behavioral data, but preserve one or more user behavior datas truly collected and (no longer protected after being usually finished
Deposit), in this way, in the access request Y that transmission is forged follow-up every time, the user's row truly collected preserved can be selected respectively
For one in data, certainly, if only saving one, can only always with this, in this way, when server receives this
During class access request Y, it just will be considered that user behavior data therein is legal, so as to be misdeemed request is forged as legitimate request.
But for reality, in general, each initial position of mouse is all different, and it is moved to every time from initial position
The track of button position is also all different, and therefore, under normal circumstances, client is sent to the access request Y of server every time
The user behavior data of middle carrying is usually all different.
In this way, it is directed to the above situation, you can use following processing mode:Every after scheduled duration, i.e., for same
Client access request Y transmitted in the duration is once checked, is carried if it find that being more than in N number of access request Y
User behavior data all same, then by these access requests Y it is corresponding access result deactivate, N is positive integer, such as, will
Virtual objects withdrawal that user gets etc..The specific value of the scheduled duration and the specific value of N can be according to reality
Depending on needing.
For example user is often successfully once accessed, then its 10 virtual gold coins can be rewarded, and assume that user passes through client
End have sent 4 and forge request, wherein the user behavior data all same carried, and finally got reward, then, then
Recoverable 40 virtual gold coins for being awarded to user.
So far, that is, the introduction on the method for the present invention embodiment is completed.
Based on above-mentioned introduction, Fig. 2 is the composition structure diagram of access request processing unit embodiment of the present invention.Such as Fig. 2
It is shown, including:
First processing module, for when receiving the access request X for not carrying cyphertext strings that client is sent, giving birth to
Into cyphertext strings, client is returned to;Access request X receives the access request initiated after the access instruction of user for client;
Second processing module, for when receiving the access request Y for carrying cyphertext strings that client is sent, determining
Whether the cyphertext strings carried in access request Y are legal, if it is not, then refusing this access, if it is, further determining that access
Whether the user behavior data carried in request Y is legal, if it is, to client backward reference as a result, otherwise, refusing this
Access;User behavior data sends access since user enters initiation accession page for what client collected to client
Instruct the behavioral data in this period.
Wherein, user behavior data may include:User's mouse motion track.
Correspondingly, Second processing module calculates the user's mouse motion track carried in access request Y and pre-saves
The departure of user's mouse motion track model, if the departure is less than predetermined threshold, it is determined that carried in access request Y
User behavior data is legal, otherwise, illegal.
Second processing module can be further used for, often by scheduled duration, i.e., for same client in the duration
Transmitted access request Y is once checked, if it find that equal more than the user behavior data carried in N number of access request Y
It is identical, then the corresponding results that access of these access requests Y are deactivated, N is positive integer.
In practical applications, Fig. 2 shown devices are usually server.
The specific workflow of Fig. 2 shown device embodiments refer to the respective description in embodiment of the method shown in Fig. 1, this
Place repeats no more.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the invention, all essences in the present invention
God and any modification, equivalent substitution, improvement and etc. within principle, done, should be included within the scope of protection of the invention.
Claims (6)
- A kind of 1. access request processing method, it is characterised in that including:When receiving the access request X for not carrying cyphertext strings that client is sent, server generation cyphertext strings, return to The client;Access request X receives the access request initiated after the access instruction of user for the client;When receiving the access request Y for carrying cyphertext strings and user behavior data that the client is sent, the clothes Business device determines whether the cyphertext strings that are carried in access request Y are legal, if it is not, then refusing this access, if it is, further Determine whether the user behavior data that is carried in access request Y legal, if it is, to the client backward reference as a result, Otherwise, this access is refused;The user behavior data enters initiation accession page for what the client collected from user Start to the behavioral data sent to the client in this period of access instruction;Wherein, the user behavior data is a normal access request behavior for legal expression user behavior;This method further comprises:Often pass through scheduled duration, once checked for same client access request Y transmitted in the duration, if It was found that more than the user behavior data all same carried in N number of access request Y, then corresponding access of these access requests Y is tied Fruit deactivates, and N is positive integer.
- 2. according to the method described in claim 1, it is characterized in that, the user behavior data includes:User's mouse moving rail Mark.
- 3. the according to the method described in claim 2, it is characterized in that, user behavior number carried in the definite access request Y According to whether it is legal including:Calculate the inclined of the user's mouse motion track carried in access request Y and the user's mouse motion track model pre-saved Residual quantity, if the departure is less than predetermined threshold, it is determined that the user behavior data carried in access request Y is legal, otherwise, no It is legal.
- A kind of 4. access request processing unit, it is characterised in that including:First processing module, for when receiving the access request X for not carrying cyphertext strings that client is sent, generation to be close Text string, returns to the client;Access request X receives the access initiated after the access instruction of user for the client please Ask;Second processing module, for working as the visit for carrying cyphertext strings and user behavior data for receiving the client and sending When asking request Y, determine whether the cyphertext strings that are carried in access request Y are legal, if it is not, then refuse this access, if it is, Further determine that whether the user behavior data carried in access request Y is legal, if it is, to the client backward reference As a result, otherwise, refuse this access;The user behavior data enters initiation access for what the client collected from user The page starts to the behavioral data sent to the client in this period of access instruction;Wherein, the user behavior data is a normal access request behavior for legal expression user behavior;The Second processing module is further used for, often by scheduled duration, for same client in the duration it is transmitted Access request Y once checked, if it find that more than the user behavior data all same carried in N number of access request Y, then The corresponding results that access of these access requests Y are deactivated, N is positive integer.
- 5. device according to claim 4, it is characterised in that the user behavior data includes:User's mouse moving rail Mark.
- 6. device according to claim 5, it is characterised in that the Second processing module calculates to be carried in access request Y User's mouse motion track and the departure of user's mouse motion track model that pre-saves, if the departure be less than it is pre- Determine threshold value, it is determined that the user behavior data carried in access request Y is legal, otherwise, illegal.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201210012288.5A CN103209161B (en) | 2012-01-16 | 2012-01-16 | A kind of access request processing method and processing device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201210012288.5A CN103209161B (en) | 2012-01-16 | 2012-01-16 | A kind of access request processing method and processing device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103209161A CN103209161A (en) | 2013-07-17 |
CN103209161B true CN103209161B (en) | 2018-05-04 |
Family
ID=48756247
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201210012288.5A Active CN103209161B (en) | 2012-01-16 | 2012-01-16 | A kind of access request processing method and processing device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103209161B (en) |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104519069A (en) * | 2014-12-27 | 2015-04-15 | 广州华多网络科技有限公司 | Method and device for intercepting resource requests |
CN105046124A (en) * | 2015-07-31 | 2015-11-11 | 小米科技有限责任公司 | Security protection method and apparatus |
CN108494759B (en) * | 2018-03-14 | 2021-06-01 | 北京思特奇信息技术股份有限公司 | Access request processing method, system, device and storage medium |
CN114285648B (en) * | 2021-12-27 | 2024-01-30 | 中国工商银行股份有限公司 | Network access data processing method and device |
Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1517889A (en) * | 2003-01-14 | 2004-08-04 | 盖内蒂克瓦尔有限公司 | Keyboard device with authentication function for user and ints method |
CN1957355A (en) * | 2004-04-01 | 2007-05-02 | 道夫·雅各布森 | Mouse performance identification |
CN101159715A (en) * | 2007-11-16 | 2008-04-09 | 腾讯科技(深圳)有限公司 | Safety information checking method and safety information checking device and client terminal |
CN101478401A (en) * | 2009-01-21 | 2009-07-08 | 东北大学 | Authentication method and system based on key stroke characteristic recognition |
CN101557287A (en) * | 2008-04-07 | 2009-10-14 | 冀连有 | Method for identity identification according to characteristics of user keystroke |
CN101674184A (en) * | 2009-10-19 | 2010-03-17 | 北京微通新成网络科技有限公司 | Identity recognition method based on user keystroke characteristic |
CN101827106A (en) * | 2010-04-29 | 2010-09-08 | 华为技术有限公司 | DHCP safety communication method, device and system |
CN101833619A (en) * | 2010-04-29 | 2010-09-15 | 西安交通大学 | Method for judging identity based on keyboard-mouse crossed certification |
WO2011050514A1 (en) * | 2009-10-26 | 2011-05-05 | Sheng Yongxiang | Security keyboard and authorization usage method thereof |
CN102164033A (en) * | 2010-02-24 | 2011-08-24 | 腾讯科技(深圳)有限公司 | Method, device and system for preventing services from being attacked |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB0201232D0 (en) * | 2002-01-19 | 2002-03-06 | Queen Mary & Westfield College | Authentication systems |
-
2012
- 2012-01-16 CN CN201210012288.5A patent/CN103209161B/en active Active
Patent Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1517889A (en) * | 2003-01-14 | 2004-08-04 | 盖内蒂克瓦尔有限公司 | Keyboard device with authentication function for user and ints method |
CN1957355A (en) * | 2004-04-01 | 2007-05-02 | 道夫·雅各布森 | Mouse performance identification |
CN101159715A (en) * | 2007-11-16 | 2008-04-09 | 腾讯科技(深圳)有限公司 | Safety information checking method and safety information checking device and client terminal |
CN101557287A (en) * | 2008-04-07 | 2009-10-14 | 冀连有 | Method for identity identification according to characteristics of user keystroke |
CN101478401A (en) * | 2009-01-21 | 2009-07-08 | 东北大学 | Authentication method and system based on key stroke characteristic recognition |
CN101674184A (en) * | 2009-10-19 | 2010-03-17 | 北京微通新成网络科技有限公司 | Identity recognition method based on user keystroke characteristic |
WO2011050514A1 (en) * | 2009-10-26 | 2011-05-05 | Sheng Yongxiang | Security keyboard and authorization usage method thereof |
CN102164033A (en) * | 2010-02-24 | 2011-08-24 | 腾讯科技(深圳)有限公司 | Method, device and system for preventing services from being attacked |
CN101827106A (en) * | 2010-04-29 | 2010-09-08 | 华为技术有限公司 | DHCP safety communication method, device and system |
CN101833619A (en) * | 2010-04-29 | 2010-09-15 | 西安交通大学 | Method for judging identity based on keyboard-mouse crossed certification |
Also Published As
Publication number | Publication date |
---|---|
CN103209161A (en) | 2013-07-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105897782B (en) | A kind of processing method and processing device of the call request for interface | |
US10432652B1 (en) | Methods for detecting and mitigating malicious network behavior and devices thereof | |
CN103944900B (en) | It is a kind of that attack prevention method and its device are asked across station based on encryption | |
US8984292B2 (en) | Keyed human interactive proof players | |
CN102480490B (en) | Method for preventing CSRF attack and equipment thereof | |
CN104092811B (en) | Mobile terminal information download method, system, terminal device and server | |
TWI515588B (en) | Machine behavior determination method, web browser and web server | |
CN103957436B (en) | A kind of video anti-stealing link method based on OTT business | |
CN106487747B (en) | User identification method, system, device and processing method, device | |
US9641535B2 (en) | Apparatus and data processing systems for accessing an object | |
CN104202162B (en) | A kind of system logged in based on mobile phone and login method | |
CN103916244A (en) | Verification method and device | |
CN103209161B (en) | A kind of access request processing method and processing device | |
Mehra et al. | Mitigating denial of service attack using CAPTCHA mechanism | |
Koduru et al. | Detection of economic denial of sustainability using time spent on a web page in cloud | |
CN106713276B (en) | A kind of data capture method and its system based on authorization identifying | |
CN106357694A (en) | Method and device for processing access request | |
CN107454041A (en) | Prevent the method and device that server is attacked | |
CN113569263A (en) | Secure processing method and device for cross-private-domain data and electronic equipment | |
CN108600145A (en) | A kind of method and device of determining ddos attack equipment | |
CN105429978B (en) | Data access method, equipment and system | |
CN106713242A (en) | Data request processing method and device | |
CN105141642B (en) | A kind of method and device preventing illegal user's behavior | |
CN106888200B (en) | Identification association method, information sending method and device | |
CN108200450A (en) | A kind of determining method, apparatus, electronic equipment and medium for paying close attention to legitimacy |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |