CN103532988A

CN103532988A - Web page access control method, related devices and system

Info

Publication number: CN103532988A
Application number: CN201310557723.7A
Authority: CN
Inventors: 黄骅; 邵付东; 王琰; 潘丽
Original assignee: Tencent Technology Shenzhen Co Ltd
Current assignee: Tencent Technology Shenzhen Co Ltd
Priority date: 2013-10-31
Filing date: 2013-10-31
Publication date: 2014-01-22
Also published as: WO2015062326A1

Abstract

An embodiment of the invention discloses a web page access control method, related devices and a system. The web page access control method comprises steps as follows: a user terminal acquires a web page source code from a site server; a script corresponding to route information is acquired, wherein a script tag embedded in the web page source code contains the route information; the script is called to send N links contained by the web page source code to a first security cloud server; the script is called to receive security level information corresponding to the N links from the first security cloud server; and the script is called for access control of the N links based on security levels described in the security level information corresponding to the N links. By means of the technical scheme provided by the embodiment of the invention, malicious link defensive flexibility and reliability can be enhanced.

Description

Page access control method and relevant apparatus and system

Technical field

The present invention relates to network security technology field, be specifically related to page access control method and relevant apparatus and system.

Background technology

Be accompanied by the development of Internet technology, it is more and more that the kind of computer virus also becomes.

For example, increasing user starts to carry out various Information Sharings on the net, and wherein forum is exactly a platform that can carry out information interchange, discussion for a large number of users.But just due to the Information Communication of forum this specific character rapidly; lawless person usually Hui forum sends out malice link and lures user to click; reach the final purpose of obtaining interests, sell fast on the net as discuz drenching apparatus, discuz advertisement robot etc. also exactly explanation to inveigle user clicks on links be to obtain abundant interests.

In general forum, do not distinguish at present the function of linking secure, what can help that user distinguishes malice link is only local some security classes software (as Tengxun's computer housekeeper).The principle of fail-safe software is to initiate web when request user, by local detection logic or be to send out inquiry request to Website server to judge whether safety of Client-initiated request.

The present inventor finds in research and practice process, at least there is following technical problem in prior art: traditional security firm has only considered safe inquiry basic, but therefore consideration meeting has not increased the contingency that user's internet behavior is obstructed.For example, owing to pointing out the security information of accessed link mainly to rely on local security software, can local security software normally move just becomes the most important factor whether user is invaded, once fail-safe software is out of joint, user will lose identification safe web page whether ability completely so, now user probably has access to malice website, simultaneously, uncertainty due to this province of local security software, if there is problem in the process of processing request, so possible user opens webpage and is a problem.

Summary of the invention

The embodiment of the present invention provides page access control method and relevant apparatus and system, to strengthening flexibility and the reliability to malice link defence.

First aspect present invention provides a kind of page access control method, can comprise:

User terminal slave site server obtains page source code;

The script that acquisition approach information is corresponding, wherein, the script tag embedding in described page source code comprises described routing information;

Call described script and send to the first secure cloud server N the link that described page source code packages contains;

Call described script and receive described N the safety level information that link is corresponding from described the first secure cloud server, and call described script and based on described N, link safe class that corresponding safety level information is described and link to described N the control that conducts interviews.

Second aspect present invention provides a kind of page access control method, can comprise:

Secure cloud server is to script corresponding to user terminal transmit path information, and wherein, described routing information is the routing information that the script tag that embeds in the page source code that obtains of described user terminal slave site server comprises;

Receive described user terminal and call N the link that described page source code packages that described script sends contains;

Determine described N the safety level information that link is corresponding;

To described user terminal, send described N the safety level information that link is corresponding, so that described user terminal, calling after described script receives described N safety level information corresponding to link, calls described script and links to described N the control that conducts interviews based on described N link safe class that corresponding safety level information is described.

Third aspect present invention provides a kind of page access control method, can comprise:

Server in station sends page source code to user terminal;

The routing information that script tag based on embedding in described page source code comprises, obtains corresponding script from the second secure cloud server;

To described user terminal, send described script;

To the first secure cloud server, send described N link, and after receiving the safety level information corresponding from described N link of the first secure cloud server, to described user terminal, send described N the safety level information that link is corresponding, so that described user terminal is calling after described script receives described N safety level information corresponding to link, call described script and to described N, link the control that conducts interviews based on described N link safe class that corresponding safety level information is described, wherein, described the first secure cloud server and described the second secure cloud server are identical or different.

Fourth aspect present invention provides a kind of user terminal, can comprise:

Source code acquiring unit, obtains page source code for slave site server;

Script acquiring unit, for script corresponding to acquisition approach information, wherein, the script tag embedding in described page source code comprises described routing information;

Transmitting element, sends to the first secure cloud server N the link that described page source code packages contains for calling described script;

Receiving element, receives described N the safety level information that link is corresponding from described the first secure cloud server for calling described script;

Control unit, links to described N the control that conducts interviews based on described N link safe class that corresponding safety level information is described for calling described script.

Fifth aspect present invention provides a kind of secure cloud server, can comprise:

The first transmitting element, for to script corresponding to user terminal transmit path information, wherein, described routing information is the routing information that the script tag that embeds in the page source code that obtains of described user terminal slave site server comprises;

Receiving element, calls for receiving described user terminal N the link that described page source code packages that described script sends contains;

Determining unit, for determining described N the safety level information that link is corresponding;

The second transmitting element, for send described N the safety level information that link is corresponding to described user terminal, so that described user terminal, calling after described script receives described N safety level information corresponding to link, calls described script and links to described N the control that conducts interviews based on described N link safe class that corresponding safety level information is described.

Sixth aspect present invention provides a kind of server in station, can comprise:

The first transmitting element, for sending page source code to user terminal;

Script acquiring unit, the routing information comprising for the script tag embedding based on described page source code, obtains corresponding script from the second secure cloud server;

The second transmitting element, for sending described script to described user terminal;

The 3rd transmitting element, for sending described N link to the first secure cloud server, and after described receiving element receives the safety level information corresponding from described N link of the first secure cloud server, to described user terminal, send described N the safety level information that link is corresponding, so that described user terminal is calling after described script receives described N safety level information corresponding to link, call described script and to described N, link the control that conducts interviews based on described N link safe class that corresponding safety level information is described, wherein, described the first secure cloud server and described the second secure cloud server are identical or different.

Seventh aspect present invention provides a kind of communication system, can comprise:

User terminal, server in station and the first secure cloud server,

Wherein, described server in station, for sending page source code to user terminal;

User terminal, for obtaining described page source code from described server in station; The script that acquisition approach information is corresponding, wherein, the script tag embedding in described page source code comprises described routing information; Call described script and send to described the first secure cloud server N the link that described page source code packages contains; Call described script and receive described N the safety level information that link is corresponding from described the first secure cloud server, and call described script and based on described N, link safe class that corresponding safety level information is described and link to described N the control that conducts interviews.

Therefore among some embodiments of the present invention, user terminal slave site server obtains page source code, the script that user terminal acquisition approach information is corresponding, wherein, the script tag embedding in above-mentioned page source code comprises described routing information; Call above-mentioned script and send to the first secure cloud server N the link that above-mentioned page source code packages contains; Call above-mentioned script and receive above-mentioned N the safety level information that link is corresponding from the first secure cloud server, and call above-mentioned script and based on above-mentioned N, link safe class that corresponding safety level information is described and link to above-mentioned N the control that conducts interviews.Because user terminal is that network side obtains the corresponding script of routing information in page source code and page source code, calling this script asks the first secure cloud server to determine the safe class of N the link that this page source code packages contains, call this script and to above-mentioned N, link the control that conducts interviews based on above-mentioned N link safe class that corresponding safety level information is described, based on this mechanism, user terminal just can be realized protection page source code and comprises malice and link without antivirus software is installed in advance, be conducive to promote defence capability, be conducive to remove the crisis of losing efficacy and bringing because of antivirus software in user terminal, this has strengthened flexibility and the reliability of user terminal to malice link defence to a great extent, and script and page source code are corresponding relations, and specific aim and reliability are strong, be conducive to further strengthen flexibility and the reliability of user terminal to malice link defence.

Accompanying drawing explanation

In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, to the accompanying drawing of required use in embodiment or description of the Prior Art be briefly described below, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skills, do not paying under the prerequisite of creative work, can also obtain according to these accompanying drawings other accompanying drawing.

Fig. 1 is the schematic flow sheet that the embodiment of the present invention provides a kind of page access control method;

Fig. 2 is the schematic flow sheet that the embodiment of the present invention provides another kind of page access control method;

Fig. 3 is the schematic flow sheet that the embodiment of the present invention provides another kind of page access control method;

Fig. 4 is the schematic flow sheet that the embodiment of the present invention provides another kind of page access control method;

Fig. 5 is the schematic flow sheet that the embodiment of the present invention provides another kind of page access control method;

Fig. 6 is the schematic flow sheet that the embodiment of the present invention provides another kind of page access control method;

Fig. 7 is the schematic flow sheet that the embodiment of the present invention provides another kind of page access control method;

Fig. 8 is the schematic flow sheet that the embodiment of the present invention provides another kind of page access control method;

Fig. 9 is the schematic diagram of a kind of user terminal of providing of the embodiment of the present invention;

Figure 10 is the schematic diagram of a kind of secure cloud server of providing of the embodiment of the present invention;

Figure 11 is the schematic diagram of a kind of server in station of providing of the embodiment of the present invention;

Figure 12 is the schematic diagram of a kind of user terminal of providing of the embodiment of the present invention;

Figure 13 is the schematic diagram of a kind of secure cloud server of providing of the embodiment of the present invention;

Figure 14 is the schematic diagram of a kind of server in station of providing of the embodiment of the present invention;

Figure 15 is the schematic diagram of a kind of mobile communication terminal of providing of the embodiment of the present invention;

Figure 16 is the schematic diagram of a kind of communication system of providing of the embodiment of the present invention;

Figure 17 is the schematic diagram of the another kind of communication system that provides of the embodiment of the present invention.

Embodiment

In order to make those skilled in the art person understand better the present invention program, below in conjunction with the accompanying drawing in the embodiment of the present invention, technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is only the embodiment of a part of the present invention, rather than whole embodiment.Embodiment based in the present invention, those of ordinary skills, not making the every other embodiment obtaining under creative work prerequisite, should belong to the scope of protection of the invention.

Below be elaborated respectively.

Term " first " in specification of the present invention and claims and above-mentioned accompanying drawing, " second ", " the 3rd " " 4th " etc. (if existence) are for distinguishing similar object, and needn't be for describing specific order or precedence.The data that should be appreciated that such use suitably can exchanged in situation, so as embodiments of the invention described herein for example can with except diagram here or describe those order enforcement.In addition, term " comprises " and " having " and their any distortion, intention is to cover not exclusive comprising, for example, those steps or unit that the process that has comprised series of steps or unit, method, system, product or equipment are not necessarily limited to clearly list, but can comprise clearly do not list or for these processes, method, product or equipment intrinsic other step or unit.

An embodiment of a kind of page access control method of the present invention, wherein, this kind of page access control method can comprise: user terminal slave site server obtains page source code; The script that acquisition approach information is corresponding, wherein, the script tag embedding in above-mentioned page source code comprises described routing information; Call above-mentioned script and send to the first secure cloud server N the link that above-mentioned page source code packages contains; Call above-mentioned script and receive above-mentioned N the safety level information that link is corresponding from the first secure cloud server, and call above-mentioned script and based on above-mentioned N, link safe class that corresponding safety level information is described and link to above-mentioned N the control that conducts interviews.

First refer to Fig. 1, Fig. 1 is the schematic flow sheet of a kind of page access control method of providing of the embodiment of the present invention.As shown in Figure 1, a kind of page access control method that the embodiment of the present invention provides can comprise following content:

101, user terminal slave site server obtains page source code.

Wherein, page source code can be for example the page source code of certain the post page or other page of news pages or discuz forum.

102, script corresponding to user terminal acquisition approach information, wherein, the script tag embedding in above-mentioned page source code comprises described routing information.

Wherein, the routing information that the script tag embedding in above-mentioned page source code comprises points to the script of storing in the second secure cloud server, and the path of this script is the described path of routing information that the script tag that embeds in above-mentioned page source code comprises.Wherein, the routing information of mentioning in various embodiments of the present invention can be URL(uniform resource locator) (URL, Uniform Resource Locator) or other is for describing the information in path.

In some embodiments of the invention, script corresponding to user terminal acquisition approach information can comprise: user terminal obtains from the second secure cloud server the script that this routing information is corresponding based on routing information, and (for example user terminal can cross-domain communication mode, based on routing information, from the second secure cloud server, obtains the script that this routing information is corresponding.Or, user terminal can send to server in station by routing information, with indication server in station, based on this routing information, from the second secure cloud server, obtain the script that this routing information is corresponding, server in station is transmitted to user terminal by script corresponding to this routing information); Or user terminal receives script corresponding to routing information that above-mentioned server in station sends, wherein, above-mentioned server in station obtains from the second secure cloud server the script that this routing information is corresponding based on above-mentioned routing information.Certainly, user terminal also can obtain script corresponding to above-mentioned routing information of storing in the second secure cloud server by alternate manner.

103, user terminal calls above-mentioned script and sends to the first secure cloud server N the link that above-mentioned page source code packages contains.

104, user terminal calls above-mentioned script and receives above-mentioned N the safety level information that link is corresponding from the first secure cloud server, and calls above-mentioned script and based on above-mentioned N, link safe class that corresponding safety level information is described and link to above-mentioned N the control that conducts interviews.

Wherein, the first secure cloud server and the second secure cloud server are identical or different.

In some embodiments of the invention, above-mentionedly call above-mentioned script and send to the first secure cloud server N the link that above-mentioned page source code packages contains, can comprise: call above-mentioned script and send to above-mentioned server in station N the link that above-mentioned page source code packages contains, and to the first secure cloud server, send N the link that above-mentioned page source code packages contains by above-mentioned server in station.

In other embodiment of the present invention, above-mentionedly call above-mentioned script and send to the first secure cloud server N the link that above-mentioned page source code packages contains, can comprise: call above-mentioned script and to the first secure cloud server, send N the link that above-mentioned page source code packages contains in cross-domain communication mode (the first secure cloud server and user terminal conventionally in not same area).Under this scene, the path of N link arrival the first secure cloud server that the above-mentioned page source code packages that user terminal sends contains is without through above-mentioned server in station.

In some embodiments of the invention, the linking secure record of the first secure cloud server in can query safe cloud database, determines the corresponding safety level information of N link according to Query Result; Or the first secure cloud server also can real-time inspection N the fail safe of link, according to the fail safe of the N checking link, determine N the corresponding safety level information linking.The first secure cloud server determines that the mode of the corresponding safety level information of N link is diversified, repeats no more herein.

In some embodiments of the invention, above-mentionedly call above-mentioned script and based on above-mentioned N link safe class that corresponding safety level information is described, above-mentioned N the link control that conducts interviews is comprised: in the page corresponding to above-mentioned page source code of displaying, bandwagon effect by the displaying content of each link in above-mentioned N link in the above-mentioned page, plays up that each links the corresponding bandwagon effect of safe class that corresponding safety level information is described with this.

In other embodiment of the present invention, above-mentionedly call above-mentioned script and to above-mentioned N, link the control that conducts interviews based on above-mentioned N link safe class that corresponding safety level information is described, comprise: in the page corresponding to the above-mentioned page source code of showing, when mouse is suspended to the display location of the first displaying content linking in above-mentioned N link, demonstration and first links the corresponding indicating risk of safe class that corresponding safety level information is described.

In other embodiment of the present invention, above-mentionedly call above-mentioned script and based on above-mentioned N link safe class that corresponding safety level information is described, above-mentioned N the link control that conducts interviews is comprised: among the page corresponding to above-mentioned page source code of displaying, when user selects the displaying content of the second link in above-mentioned N link, if the corresponding safety level information of the second link is described the prevention access consideration of the compound setting of safe class, stop the access to the second link.

Certainly, user terminal also can pass through alternate manner, calls above-mentioned script and to above-mentioned N, links the control that conducts interviews based on above-mentioned N link safe class that corresponding safety level information is described, and gives an example no longer one by one herein.

In some embodiments of the invention, user terminal calls the public library that above-mentioned script uses and adopts closure method of calling to call; Or above-mentioned script is javascript script, wherein, above-mentioned javascript script is registered in the extension object of corresponding javascript as prototype member.Certainly, above-mentioned script also can be the script of other form.Be understandable that, because script will embed among the webpage source code of different server in station, the situation that likely there will be script to conflict with the internal logic of server in station, the concept that for example javascript script does not wrap as java, again or this NameSpace concept of c++, c#, therefore in the embodiment of the present invention, consider, can be registered in the extension object of corresponding javascript javascript script as prototype member, be conducive to like this to guarantee that the javascript script that loads can not conflict mutually with function in the former page and variable etc.Or, because script may need to call third party library, equally also may conflict with some naming methods of page source code, in the embodiment of the present invention, consider, calling the public library that above-mentioned script (as javascript script) used adopts closure method of calling to call, so, the variable that still can use former storehouse to state in all code logic of closure inside, and can not affect the logic outside closure.Above-mentioned processing mode all can solve preferably introduces script collision problem afterwards.

Therefore the present embodiment user terminal slave site server obtains page source code, the script that user terminal acquisition approach information is corresponding, wherein, the script tag embedding in above-mentioned page source code comprises described routing information; Call above-mentioned script and send to the first secure cloud server N the link that above-mentioned page source code packages contains; Call above-mentioned script and receive above-mentioned N the safety level information that link is corresponding from the first secure cloud server, and call above-mentioned script and based on above-mentioned N, link safe class that corresponding safety level information is described and link to above-mentioned N the control that conducts interviews.Because user terminal is that network side obtains the corresponding script of routing information in page source code and page source code, calling this script asks the first secure cloud server to determine the safe class of N the link that this page source code packages contains, call this script and to above-mentioned N, link the control that conducts interviews based on above-mentioned N link safe class that corresponding safety level information is described, based on this mechanism, user terminal just can be realized protection page source code and comprises malice and link without antivirus software is installed in advance, be conducive to promote defence capability, be conducive to remove the crisis of losing efficacy and bringing because of antivirus software in user terminal, this has strengthened flexibility and the reliability of user terminal to malice link defence to a great extent, and script and page source code are corresponding relations, and specific aim and reliability are strong, be conducive to further strengthen flexibility and the reliability of user terminal to malice link defence.

For ease of better understanding and implement the above-mentioned aspect of the embodiment of the present invention, below by giving an example, several application scenarioss are described further.

Refer to Fig. 2, Fig. 2 is the schematic flow sheet of the another kind of page access control method that provides of the embodiment of the present invention.As shown in Figure 2, the another kind of page access control method that the embodiment of the present invention provides can comprise following content:

201, user terminal slave site server obtains page source code.

202, user terminal is resolved the page source code obtaining, with the routing information that script tag was comprised that obtains embedding in page source code.

203, user terminal, based on routing information obtained above, obtains corresponding script in cross-domain communication mode from the second secure cloud server.

Wherein, the routing information that the script tag embedding in above-mentioned page source code comprises points to the script of storing in the second secure cloud server, and the path of this script is the described path of routing information that the script tag that embeds in above-mentioned page source code comprises.

204, user terminal calls above-mentioned script, in cross-domain communication mode, to the first secure cloud server, sends N the link that above-mentioned page source code packages contains.

205, the first secure cloud server is determined the corresponding safety level information of N link; And send above-mentioned N the corresponding safety level information linking to user terminal, wherein, the first secure cloud server and the second secure cloud server are identical or different.

206, user terminal calls above-mentioned script and receives above-mentioned N the safety level information that link is corresponding from the first secure cloud server, and calls above-mentioned script and based on above-mentioned N, link safe class that corresponding safety level information is described and link to above-mentioned N the control that conducts interviews.

In other embodiment of the present invention, above-mentionedly call above-mentioned script and based on above-mentioned N link safe class that corresponding safety level information is described, above-mentioned N the link control that conducts interviews is comprised: in the page corresponding to above-mentioned page source code of displaying, when mouse is suspended to the display location of the first displaying content linking in above-mentioned N link, demonstration and first links the corresponding indicating risk of safe class that corresponding safety level information is described.

In some embodiments of the invention, if the content that link represents is Chinese, can be considered and likely appear in one piece of article, now the above-mentioned script of the adjustable use of user terminal provides mouseover to show and before link, does not add icon to guarantee user's the smoothness of browsing article; If link actual address with link represented mail returned on ground of incorrect address, the content www.baidu.com that for example link represents, but actual link address is www.qq.com, represent to have risk, user terminal is adjustable, and the above-mentioned script of use is pointed out prudent access etc. when mouseover; If be linked as dangerous link, user terminal is adjustable all there is dangerous icon in any situation in the above-mentioned script of use.

Further, in order to process wrong report situation, the first secure cloud server also can carry out automation secondary detection to the wrong report data of user terminal to send up, and after detecting, data are synchronized to secure cloud database immediately, with guarantee this be linked at wrong report and process after the very first time can normally return to safe condition.And one links the content representing is likely to change in real time, therefore the first secure cloud server can regularly carry out flyback processing to data, and user can be correctly informed in the change of the safe condition that the change of assurance linked contents causes.For using the user terminal inquiry linking request of the first secure cloud server unsuccessfully to cause representing abnormal situation, the first secure cloud server can be by the headers such as ip, host name of request, accurately navigate to be the request of which website process occurred abnormal, after problem to be determined, can revise code on line, and can gray scale or full dose etc. mode issue the leak on fix line.

Therefore the present embodiment user terminal slave site server obtains page source code, the script that user terminal acquisition approach information is corresponding, wherein, the script tag embedding in above-mentioned page source code comprises described routing information; Call above-mentioned script and send to the first secure cloud server N the link that above-mentioned page source code packages contains; Call above-mentioned script and receive above-mentioned N the safety level information that link is corresponding from the first secure cloud server, call above-mentioned script and to above-mentioned N, link the control that conducts interviews based on above-mentioned N link safe class that corresponding safety level information is described.Because user terminal is that network side obtains the corresponding script of routing information in page source code and page source code, calling this script asks the first secure cloud server to determine the safe class of N the link that this page source code packages contains, call this script and to above-mentioned N, link the control that conducts interviews based on above-mentioned N link safe class that corresponding safety level information is described, based on this mechanism, user terminal just can be realized protection page source code and comprises malice and link without antivirus software is installed in advance, be conducive to promote defence capability, be conducive to remove the crisis of losing efficacy and bringing because of antivirus software in user terminal, this has just strengthened flexibility and the reliability of user terminal to malice link defence to a great extent, and script and page source code are corresponding relations, and specific aim and reliability are strong, be conducive to further strengthen flexibility and the reliability of user terminal to malice link defence.

Refer to Fig. 3, Fig. 3 is the schematic flow sheet of the another kind of page access control method that provides of the embodiment of the present invention.As shown in Figure 3, the another kind of page access control method that the embodiment of the present invention provides can comprise following content:

301, user terminal slave site server obtains page source code.

302, user terminal is resolved the page source code obtaining, with the routing information that script tag was comprised that obtains embedding in page source code.

303, user terminal sends the routing information obtaining to server in station.

304, the above-mentioned routing information of server in station based on from user terminal, obtains corresponding script from the second secure cloud server.

Wherein, the routing information that the script tag embedding in above-mentioned page source code comprises points to the script in the second secure cloud server, and the path of this script is the described path of routing information that the script tag that embeds in above-mentioned page source code comprises.

305, server in station sends the above-mentioned script obtaining from the second secure cloud server to user terminal.

306, user terminal calls above-mentioned script, in cross-domain communication mode, to the first secure cloud server, sends N the link that above-mentioned page source code packages contains.

307, the first secure cloud server is determined the corresponding safety level information of N link; And send above-mentioned N the corresponding safety level information linking to user terminal, wherein, the first secure cloud server and the second secure cloud server are identical or different.

308, user terminal calls above-mentioned script and receives above-mentioned N the safety level information that link is corresponding from the first secure cloud server, and calls above-mentioned script and based on above-mentioned N, link safe class that corresponding safety level information is described and link to above-mentioned N the control that conducts interviews.

Refer to Fig. 4, Fig. 4 is the schematic flow sheet of the another kind of page access control method that provides of the embodiment of the present invention.As shown in Figure 4, the another kind of page access control method that the embodiment of the present invention provides can comprise following content:

401, user terminal slave site server obtains page source code.

402, user terminal is resolved the page source code obtaining, with the routing information that script tag was comprised that obtains embedding in page source code.

403, user terminal sends the routing information obtaining to server in station.

404, the above-mentioned routing information of server in station based on from user terminal, obtains corresponding script from the second secure cloud server.

405, server in station sends the above-mentioned script obtaining from the second secure cloud server to user terminal.

406, user terminal calls above-mentioned script and sends to server in station N the link that above-mentioned page source code packages contains.

In some cases, javascript script is cross-domain in ie may eject dialog box prompting, affect user friendly, for example can be used in server in station deploy the php script of transfer, user terminal calls the php script that javascript script can call with server in station and communicates by letter, and php script and secure cloud server that server in station calls communicate.So, due to what really initiate request, be server in station, not only javascript script does not have cross-domain prompting, and secure cloud server can obtain unified server in station ip, can conveniently form the strategy that carrys out limiting access with ip.

The server of considering each website is difference to some extent, in some embodiments of the invention, server in station calls php script and secure cloud server communication is, can call file_get_contents function, this function is to belong to php java standard library, and all php versions all can be with this function.Or, can use the expanding library curl of php.The Curl expansion of Php is the storehouse of special simulation url behavior, and get, the post request of provided functional simulation url can be provided.Compare the function with file_get_contents, curl can do to asked url domain name mapping buffer memory, the request of the webpage under same domain name or picture is only needed to a dns inquiry, this has greatly reduced the number of times of domain name mapping inquiry, may be better than file_get_contents at aspect of performance curl.

407, server in station sends to the first secure cloud server N the link that the above-mentioned page source code packages from user terminal contains.

408, the first secure cloud server is determined the corresponding safety level information of N link, and to server in station, sends the corresponding safety level information of above-mentioned N link, and wherein, the first secure cloud server and the second secure cloud server are identical or different.

409, server in station sends the corresponding safety level information of above-mentioned N link to user terminal.

410, user terminal calls above-mentioned script and receives above-mentioned N the safety level information that link is corresponding from the first secure cloud server, and calls above-mentioned script and based on above-mentioned N, link safe class that corresponding safety level information is described and link to above-mentioned N the control that conducts interviews.

Refer to Fig. 5, Fig. 5 is the schematic flow sheet of the another kind of page access control method that provides of the embodiment of the present invention.As shown in Figure 5, the another kind of page access control method that the embodiment of the present invention provides can comprise following content:

501, user terminal slave site server obtains page source code.

502, server in station is resolved above-mentioned page source code, with the routing information that script tag was comprised that obtains embedding in page source code.

503, the above-mentioned routing information of server in station based on obtaining, obtains corresponding script from the second secure cloud server.

504, server in station sends the above-mentioned script obtaining from the second secure cloud server to user terminal.

505, user terminal calls above-mentioned script and sends to server in station N the link that above-mentioned page source code packages contains.

506, server in station sends to the first secure cloud server N the link that the above-mentioned page source code packages from user terminal contains.

507, the first secure cloud server is determined the corresponding safety level information of N link, and to server in station, sends the corresponding safety level information of above-mentioned N link, and wherein, the first secure cloud server and the second secure cloud server are identical or different.

508, server in station sends the corresponding safety level information of above-mentioned N link to user terminal.

509, user terminal calls above-mentioned script and receives above-mentioned N the safety level information that link is corresponding from the first secure cloud server, and calls above-mentioned script and based on above-mentioned N, link safe class that corresponding safety level information is described and link to above-mentioned N the control that conducts interviews.

Refer to Fig. 6, Fig. 6 is the schematic flow sheet of the another kind of page access control method that provides of the embodiment of the present invention.As shown in Figure 6, the another kind of page access control method that the embodiment of the present invention provides can comprise following content:

601, user terminal slave site server obtains page source code.

602, server in station is resolved above-mentioned page source code, with the routing information that script tag was comprised that obtains embedding in page source code.

603, the above-mentioned routing information of server in station based on obtaining, obtains corresponding script from the second secure cloud server.

604, server in station sends the above-mentioned script obtaining from the second secure cloud server to user terminal.

605, user terminal calls above-mentioned script, in cross-domain communication mode, to the first secure cloud server, sends N the link that above-mentioned page source code packages contains.

606, the first secure cloud server is determined the corresponding safety level information of N link; And send above-mentioned N the corresponding safety level information linking to user terminal, wherein, the first secure cloud server and the second secure cloud server are identical or different.

607, user terminal calls above-mentioned script and receives above-mentioned N the safety level information that link is corresponding from the first secure cloud server, and calls above-mentioned script and based on above-mentioned N, link safe class that corresponding safety level information is described and link to above-mentioned N the control that conducts interviews.

First refer to Fig. 7, Fig. 7 is the schematic flow sheet of a kind of page access control method of providing of the embodiment of the present invention.As shown in Figure 7, a kind of page access control method that the embodiment of the present invention provides can comprise following content:

701, secure cloud server is to script corresponding to user terminal transmit path information, and wherein, above-mentioned routing information is the routing information that the script tag that embeds in the page source code that obtains of above-mentioned user terminal slave site server comprises.

702, secure cloud server receives above-mentioned user terminal and calls N the link that above-mentioned page source code packages that above-mentioned script sends contains.

703, secure cloud server is determined above-mentioned N the safety level information that link is corresponding.

In some embodiments of the invention, the linking secure record of secure cloud server in can query safe cloud database, determines the corresponding safety level information of N link according to Query Result; Or secure cloud server also can real-time inspection N the fail safe of link, according to the fail safe of the N checking link, determine N the corresponding safety level information linking.Secure cloud server determines that the mode of the corresponding safety level information of N link is diversified, repeats no more herein.

704, secure cloud server sends above-mentioned N the safety level information that link is corresponding to above-mentioned user terminal, so that above-mentioned user terminal, calling after above-mentioned script receives above-mentioned N safety level information corresponding to link, calls above-mentioned script and links to above-mentioned N the control that conducts interviews based on above-mentioned N link safe class that corresponding safety level information is described.

In some embodiments of the invention, the script corresponding to user terminal transmit path information can comprise: to script corresponding to above-mentioned server in station transmit path information, and to user terminal, send the script that above-mentioned routing information is corresponding by above-mentioned server in station; Or, in cross-domain communication mode, to above-mentioned user terminal, send the script that above-mentioned routing information is corresponding.

In some embodiments of the invention, above-mentionedly to above-mentioned user terminal, send above-mentioned N safety level information corresponding to link, can comprise: to above-mentioned server in station, send above-mentioned N the safety level information that link is corresponding, and to above-mentioned user terminal, send above-mentioned N the safety level information that link is corresponding by above-mentioned server in station; Or, in cross-domain communication mode, to above-mentioned user terminal, send above-mentioned N the safety level information that link is corresponding.

Therefore user terminal slave site server obtains page source code in the present embodiment, secure cloud server is to script corresponding to user terminal transmit path information, and wherein, the script tag embedding in above-mentioned page source code comprises described routing information; Secure cloud server receives above-mentioned user terminal and calls N the link that above-mentioned page source code packages that above-mentioned script sends contains; Secure cloud server determines that above-mentioned N safety level information secure cloud server corresponding to link sends above-mentioned N the safety level information that link is corresponding to above-mentioned user terminal, so that above-mentioned user terminal, calling after above-mentioned script receives above-mentioned N safety level information corresponding to link, calls above-mentioned script and links to above-mentioned N the control that conducts interviews based on above-mentioned N link safe class that corresponding safety level information is described.Because user terminal is that network side obtains the corresponding script of routing information in page source code and page source code, calling this script asks the first secure cloud server to determine the safe class of N the link that this page source code packages contains, call this script and to above-mentioned N, link the control that conducts interviews based on above-mentioned N link safe class that corresponding safety level information is described, based on this mechanism, user terminal just can be realized protection page source code and comprises malice and link without antivirus software is installed in advance, be conducive to promote defence capability, be conducive to remove the crisis bringing because antivirus software in user terminal lost efficacy, this has strengthened flexibility and the reliability of user terminal to malice link defence to a great extent, and script and page source code are corresponding relations, and specific aim and reliability are strong, be conducive to further strengthen flexibility and the reliability of user terminal to malice link defence.

First refer to Fig. 8, Fig. 8 is the schematic flow sheet of a kind of page access control method of providing of the embodiment of the present invention.As shown in Figure 8, a kind of page access control method that the embodiment of the present invention provides can comprise following content:

801, server in station sends page source code to user terminal.

802, the routing information that the script tag of server in station based on embedding in above-mentioned page source code comprises obtains corresponding script from the second secure cloud server.

In some embodiments of the invention, user terminal can send to server in station by routing information, indication server in station obtains from the second secure cloud server the script that this routing information is corresponding based on this routing information, and server in station is transmitted to user terminal by script corresponding to this routing information; Or server in station can resolve page source code, the routing information that the script tag that obtains embedding in page source code comprises, the routing information based on obtaining obtains corresponding script from the second secure cloud server.

In some embodiments of the invention, the routing information that script tag based on embedding in above-mentioned page source code comprises, from the second secure cloud server, obtain corresponding script, comprise: after the routing information that the script tag embedding in receiving the above-mentioned page source code of above-mentioned user terminal transmission comprises, the routing information that script tag based on embedding in above-mentioned page source code comprises, obtains corresponding script from the second secure cloud server; Or, can, in the script tag embedding after acquisition approach information, based on above-mentioned routing information, from the second secure cloud server, obtain corresponding script from above-mentioned page source code.

803, server in station sends above-mentioned script to above-mentioned user terminal.

804, server in station receives above-mentioned user terminal and calls N the link that above-mentioned page source code packages that above-mentioned script sends contains.

805, server in station sends above-mentioned N link to the first secure cloud server, and after receiving the safety level information corresponding from above-mentioned N link of the first secure cloud server, to above-mentioned user terminal, send above-mentioned N the safety level information that link is corresponding, so that above-mentioned user terminal is calling after above-mentioned script receives above-mentioned N safety level information corresponding to link, call above-mentioned script and to above-mentioned N, link the control that conducts interviews based on above-mentioned N link safe class that corresponding safety level information is described, wherein, the first secure cloud server and the second secure cloud server are identical or different.

Therefore the present embodiment user terminal slave site server obtains page source code and script corresponding to routing information, wherein, the script tag embedding in above-mentioned page source code comprises described routing information, server in station receives above-mentioned user terminal and calls N the link that above-mentioned page source code packages that above-mentioned script sends contains, server in station sends above-mentioned N link to the first secure cloud server, and after receiving the safety level information corresponding from above-mentioned N link of the first secure cloud server, to above-mentioned user terminal, send above-mentioned N the safety level information that link is corresponding, so that above-mentioned user terminal is calling after above-mentioned script receives above-mentioned N safety level information corresponding to link, call above-mentioned script and to above-mentioned N, link the control that conducts interviews based on above-mentioned N link safe class that corresponding safety level information is described, wherein, the first secure cloud server and the second secure cloud server are identical or different.Because user terminal is that network side obtains the corresponding script of routing information in page source code and page source code, calling this script asks the first secure cloud server to determine the safe class of N the link that this page source code packages contains, call this script and to above-mentioned N, link the control that conducts interviews based on above-mentioned N link safe class that corresponding safety level information is described, based on this mechanism, user terminal just can be realized protection page source code and comprises malice and link without antivirus software is installed in advance, be conducive to promote defence capability, be conducive to remove the crisis of losing efficacy and bringing because of antivirus software in user terminal, this has strengthened flexibility and the reliability of user terminal to malice link defence to a great extent, and script and page source code are corresponding relations, and specific aim and reliability are strong, be conducive to further strengthen flexibility and the reliability of user terminal to malice link defence.

For ease of better implementing the such scheme of the embodiment of the present invention, be also provided for implementing the relevant apparatus of such scheme below.

Referring to Fig. 9, the embodiment of the present invention provides a kind of user terminal 900, can comprise:

Source code acquiring unit 910, script acquiring unit 920, transmitting element 930, receiving element 940 and control unit 950.

Source code acquiring unit 910, obtains page source code for slave site server.

Script acquiring unit 920, for script corresponding to acquisition approach information, wherein, the script tag embedding in above-mentioned page source code comprises above-mentioned routing information.

Transmitting element 930, sends to the first secure cloud server N the link that above-mentioned page source code packages contains for calling above-mentioned script.

Receiving element 940, receives above-mentioned N the safety level information that link is corresponding from the first secure cloud server for calling above-mentioned script.

Control unit 950, links to above-mentioned N the control that conducts interviews based on above-mentioned N link safe class that corresponding safety level information is described for calling above-mentioned script, and wherein, the first secure cloud server and the second secure cloud server are identical or different.

In some embodiments of the invention, script acquiring unit 920 specifically for, based on routing information, from the second secure cloud server, obtain the script that above-mentioned routing information is corresponding; Or, receive script corresponding to above-mentioned routing information that above-mentioned server in station sends, wherein, above-mentioned server in station obtains from the second secure cloud server the script that above-mentioned routing information is corresponding based on above-mentioned routing information.

In some embodiments of the invention, script corresponding to script acquiring unit 920 acquisition approach information can comprise: (for example script acquiring unit 920 can cross-domain communication mode, based on routing information, from the second secure cloud server, obtains the script that this routing information is corresponding based on routing information, from the second secure cloud server, to obtain the script that this routing information is corresponding.Or, script acquiring unit 920 can send to server in station by routing information, with indication server in station, based on this routing information, from the second secure cloud server, obtain the script that this routing information is corresponding, server in station is transmitted to user terminal 900 by script corresponding to this routing information); Or script acquiring unit 920 can receive script corresponding to routing information that above-mentioned server in station sends, wherein, above-mentioned server in station obtains from the second secure cloud server the script that this routing information is corresponding based on above-mentioned routing information.Certainly, script acquiring unit 920 also can obtain script corresponding to above-mentioned routing information of storing in the second secure cloud server by alternate manner.

In some embodiments of the invention, transmitting element 930 specifically for, call above-mentioned script and to the first secure cloud server, send N the link that above-mentioned page source code packages contains in cross-domain communication mode; Or, call above-mentioned script and send to above-mentioned server in station N the link that above-mentioned page source code packages contains, and to the first secure cloud server, send N the link that above-mentioned page source code packages contains by above-mentioned server in station.

In some embodiments of the invention, control unit 950 specifically for, in the page corresponding to the above-mentioned page source code of showing, bandwagon effect by the displaying content of each link in above-mentioned N link in the above-mentioned page, plays up that each links the corresponding bandwagon effect of safe class that corresponding safety level information is described with this; Or, in the page corresponding to the above-mentioned page source code of showing, when mouse is suspended to the display location of the first displaying content linking in above-mentioned N link, demonstration and first links the corresponding indicating risk of safe class that corresponding safety level information is described, wherein, first be linked as N any one link in link; Or, among the page corresponding to the above-mentioned page source code of showing, when user selects the displaying content of the second link in above-mentioned N link, if the corresponding safety level information of the second link is described the prevention access consideration of the compound setting of safe class, stop the access to the second link, wherein, second be linked as N any one link in link.

Be understandable that, the function of each functional module of the user terminal 900 of the present embodiment can be according to the method specific implementation in said method embodiment, and its specific implementation process can, with reference to the associated description of said method embodiment, repeat no more herein.

Referring to Figure 10, a kind of secure cloud server 1000 that the embodiment of the present invention provides, can comprise: the first transmitting element 1010, receiving element 1020, determining unit 1030 and the second transmitting element 1040.

The first transmitting element 1010, for to script corresponding to user terminal transmit path information, wherein, above-mentioned routing information is the routing information that the script tag that embeds in the page source code that obtains of above-mentioned user terminal slave site server comprises;

Receiving element 1020, calls for receiving above-mentioned user terminal N the link that above-mentioned page source code packages that above-mentioned script sends contains;

Determining unit 1030, for determining above-mentioned N the safety level information that link is corresponding.

The second transmitting element 1040, for send above-mentioned N the safety level information that link is corresponding to above-mentioned user terminal, so that above-mentioned user terminal, calling after above-mentioned script receives above-mentioned N safety level information corresponding to link, calls above-mentioned script and links to above-mentioned N the control that conducts interviews based on above-mentioned N link safe class that corresponding safety level information is described.

In some embodiments of the invention, the first transmitting element 1010 can be specifically for, to script corresponding to above-mentioned server in station transmit path information, and to user terminal, sends the script that above-mentioned routing information is corresponding by above-mentioned server in station; Or, in cross-domain communication mode, to above-mentioned user terminal, send the script that above-mentioned routing information is corresponding.

In some embodiments of the invention, the second transmitting element 1040 can be specifically for, to above-mentioned server in station, send above-mentioned N the safety level information that link is corresponding, and to above-mentioned user terminal, send above-mentioned N the safety level information that link is corresponding by above-mentioned server in station; Or to above-mentioned user terminal, send above-mentioned N the safety level information that link is corresponding in cross-domain communication mode.

In some embodiments of the invention, the linking secure record of determining unit 1030 in can query safe cloud database, determines the corresponding safety level information of N link according to Query Result; Or determining unit 1030 also can real-time inspection N the fail safe of link, according to the fail safe of the N checking link, determine N the corresponding safety level information linking.Determining unit 1030 determines that the mode of the corresponding safety level information of N link is diversified, repeats no more herein.

Be understandable that, the function of each functional module of the secure cloud server 1000 of the present embodiment can be according to the method specific implementation in said method embodiment, and its specific implementation process can, with reference to the associated description of said method embodiment, repeat no more herein.

Referring to Figure 11, a kind of server in station 1100 that the embodiment of the present invention provides, can comprise: the first transmitting element 1110, script acquiring unit 1120, the second transmitting element 1130, receiving element 1140 and the 3rd transmitting element 1150.

The first transmitting element 1110, for sending page source code to user terminal;

Script acquiring unit 1120, the routing information comprising for the script tag embedding based on above-mentioned page source code, obtains corresponding script from the second secure cloud server;

The second transmitting element 1130, for sending above-mentioned script to above-mentioned user terminal;

Receiving element 1140, calls for receiving above-mentioned user terminal N the link that above-mentioned page source code packages that above-mentioned script sends contains;

The 3rd transmitting element 1150, for sending above-mentioned N link to the first secure cloud server, and after above-mentioned receiving element receives the safety level information corresponding from above-mentioned N link of the first secure cloud server, to above-mentioned user terminal, send above-mentioned N the safety level information that link is corresponding, so that above-mentioned user terminal is calling after above-mentioned script receives above-mentioned N safety level information corresponding to link, call above-mentioned script and to above-mentioned N, link the control that conducts interviews based on above-mentioned N link safe class that corresponding safety level information is described, wherein, the first secure cloud server is identical or different with the second secure cloud server.

In some embodiments of the invention, script acquiring unit 1120 can be specifically for, after the routing information that the script tag embedding in receiving the above-mentioned page source code of above-mentioned user terminal transmission comprises, the routing information that script tag based on embedding in above-mentioned page source code comprises, obtains corresponding script from the second secure cloud server; Or, in the script tag embedding, after acquisition approach information, based on above-mentioned routing information, from the second secure cloud server, obtain corresponding script from above-mentioned page source code.

Be understandable that, the function of each functional module of the server in station 1000 of the present embodiment can be according to the method specific implementation in said method embodiment, and its specific implementation process can, with reference to the associated description of said method embodiment, repeat no more herein.

Figure 12 has described the structure of a kind of user terminal 1200 that the embodiment of the present invention provides, user terminal 1200 comprises: at least 1 processor 1201, CPU for example, at least one network interface 1204 or other user interfaces 1203, memory 1205, at least one communication bus 1202.Communication bus 1202 is for realizing the connection communication between these assemblies.This user terminal 1200 optionally comprises user interface 1203, comprises display, keyboard or pointing device (as mouse, trace ball (trackball), touch-sensitive plate or touch sensitive display screen).Memory 1205 may comprise high-speed RAM memory, also may also comprise non-unsettled memory (non-volatile memory), for example at least one magnetic disc store etc.Memory 1205 optionally can comprise at least one and be positioned at the storage device away from aforementioned processing device 1201.

In some embodiments, memory 1205 has been stored following element, executable module or data structure, or their subset, or their superset:

Operating system 12051, comprises various system programs, for realizing various basic businesses and processing hardware based task;

Application program module 12052, comprises various application programs, for realizing various applied business.

In application program module 12052, can include but not limited to source code acquiring unit 910, script acquiring unit 920, transmitting element 930, receiving element 940 and control unit 950.

Corresponding module in application program module 12052 in the specific implementation of each module embodiment shown in Figure 9, is not repeated herein.

In some embodiments of the invention, by calling program or the instruction of memory 1205 storages, processor 1201 obtains page source code for slave site server; The script that acquisition approach information is corresponding, wherein, the script tag embedding in above-mentioned page source code comprises described routing information; Call above-mentioned script and send to the first secure cloud server N the link that above-mentioned page source code packages contains; Call above-mentioned script and receive above-mentioned N the safety level information that link is corresponding from the first secure cloud server, and call above-mentioned script and based on above-mentioned N, link safe class that corresponding safety level information is described and link to above-mentioned N the control that conducts interviews.

In some embodiments of the invention, script corresponding to processor 1201 acquisition approach information comprises: (for example processor 1201 can cross-domain communication mode, based on routing information, from the second secure cloud server, obtains the script that this routing information is corresponding based on routing information, from the second secure cloud server, to obtain the script that this routing information is corresponding.Or, processor 1201 can send to server in station by routing information, with indication server in station, based on this routing information, from the second secure cloud server, obtain the script that this routing information is corresponding, server in station is transmitted to user terminal 1200 by script corresponding to this routing information); Or the script corresponding to routing information of the above-mentioned server in station transmission of processor 1201 reception, wherein, above-mentioned server in station obtains from the second secure cloud server the script that this routing information is corresponding based on above-mentioned routing information.Certainly, processor 1201 also can obtain script corresponding to above-mentioned routing information of storing in the second secure cloud server by alternate manner.

In some embodiments of the invention, processor 1201 calls above-mentioned script and sends to the first secure cloud server N the link that above-mentioned page source code packages contains, can comprise: call above-mentioned script and send to above-mentioned server in station N the link that above-mentioned page source code packages contains, and to the first secure cloud server, send N the link that above-mentioned page source code packages contains by above-mentioned server in station.

In other embodiment of the present invention, processor 1201 calls above-mentioned script and sends to the first secure cloud server N the link that above-mentioned page source code packages contains, and can comprise: call above-mentioned script and to the first secure cloud server, send N the link that above-mentioned page source code packages contains in cross-domain communication mode (the first secure cloud server and user terminal conventionally in not same area).Under this scene, the path of N link arrival the first secure cloud server that the above-mentioned page source code packages that processor 1201 sends contains is without through above-mentioned server in station.

In some embodiments of the invention, processor 1201 calls above-mentioned script and based on above-mentioned N link safe class that corresponding safety level information is described, above-mentioned N the link control that conducts interviews is comprised: in the page corresponding to above-mentioned page source code of displaying, bandwagon effect by the displaying content of each link in above-mentioned N link in the above-mentioned page, plays up that each links the corresponding bandwagon effect of safe class that corresponding safety level information is described with this.

In other embodiment of the present invention, processor 1201 calls above-mentioned script and to above-mentioned N, links the control that conducts interviews based on above-mentioned N link safe class that corresponding safety level information is described, comprise: in the page corresponding to the above-mentioned page source code of showing, when mouse is suspended to the display location of the first displaying content linking in above-mentioned N link, demonstration and first links the corresponding indicating risk of safe class that corresponding safety level information is described.

In the other embodiment of the present invention, processor 1201 calls above-mentioned script and based on above-mentioned N link safe class that corresponding safety level information is described, above-mentioned N the link control that conducts interviews is comprised: among the page corresponding to above-mentioned page source code of displaying, when user selects the displaying content of the second link in above-mentioned N link, if the corresponding safety level information of the second link is described the prevention access consideration of the compound setting of safe class, stop the access to the second link.

In some embodiments of the invention, processor 1201 calls the public library that above-mentioned script uses and adopts closure method of calling to call; Or above-mentioned script is javascript script, wherein, above-mentioned javascript script is registered in the extension object of corresponding javascript as prototype member.Certainly, above-mentioned script also can be the script of other form.Be understandable that, because script will embed among the webpage source code of different server in station, the situation that likely there will be script to conflict with the internal logic of server in station, the concept that for example javascript script does not wrap as java, again or this NameSpace concept of c++, c#, therefore in the embodiment of the present invention, consider, can be registered in the extension object of corresponding javascript javascript script as prototype member, be conducive to like this to guarantee that the javascript script that loads can not conflict mutually with function in the former page and variable etc.Or, because script may need to call third party library, equally also may conflict with some naming methods of page source code, in the embodiment of the present invention, consider, processor 1201 calls the public library that above-mentioned script uses and adopts closure method of calling to call, so, the variable that still can use former storehouse to state in all code logic of closure inside, and can not affect logic outside closure.Above-mentioned processing mode all can solve preferably introduces script collision problem afterwards.

Be understandable that, the function of each function element of the user terminal 1200 of the present embodiment can be according to the method specific implementation in said method embodiment, and its specific implementation process can, with reference to the associated description of said method embodiment, repeat no more herein.

Figure 13 has described the structure of a kind of secure cloud server 1300 that the embodiment of the present invention provides, secure cloud server 1300 comprises: at least 1 processor 1301, CPU for example, at least one network interface 1304 or other user interfaces 1303, memory 1305, at least one communication bus 1302.Communication bus 1302 is for realizing the connection communication between these assemblies.Wherein, this secure cloud server 1300 optionally comprises user interface 1303, comprises display, keyboard or pointing device (for example mouse, trace ball (trackball), touch-sensitive plate or touch sensitive display screen).Memory 1305 may comprise high-speed RAM memory, also may also comprise non-unsettled memory (non-volatile memory), for example at least one magnetic disc store.Memory 1305 optionally can comprise at least one and be positioned at the storage device away from aforementioned processing device 1301.

In some embodiments, memory 1305 has been stored following element, executable module or data structure, or their subset, or their superset:

Operating system 13051, comprises various system programs, for realizing various basic businesses and processing hardware based task;

Application program module 13052, comprises various application programs, for realizing various applied business.

In application program module 13052, include but not limited to the first transmitting element 1010, receiving element 1020 and determining unit 1030 and the second transmitting element 1040.

Corresponding module in application program module 13052 in the specific implementation of each module embodiment shown in Figure 10, is not repeated herein.

In some embodiments of the invention, by calling program or the instruction of memory 1305 storages, processor 1301 can be used for to script corresponding to user terminal transmit path information, wherein, above-mentioned routing information is the routing information that the script tag that embeds in the page source code that obtains of above-mentioned user terminal slave site server comprises; Receive above-mentioned user terminal and call N the link that above-mentioned page source code packages that above-mentioned script sends contains; Determine above-mentioned N the safety level information that link is corresponding; To above-mentioned user terminal, send above-mentioned N the safety level information that link is corresponding, so that above-mentioned user terminal, calling after above-mentioned script receives above-mentioned N safety level information corresponding to link, calls above-mentioned script and links to above-mentioned N the control that conducts interviews based on above-mentioned N link safe class that corresponding safety level information is described.

In some embodiments of the invention, the linking secure record of processor 1301 in can query safe cloud database, determines the corresponding safety level information of N link according to Query Result; Or processor 1301 also can real-time inspection N the fail safe of link, according to the fail safe of the N checking link, determine N the corresponding safety level information linking.Processor 1301 determines that the mode of the corresponding safety level information of N link is diversified, repeats no more herein.

In some embodiments of the invention, processor 1301 can comprise to script corresponding to user terminal transmit path information: processor 1301 is to script corresponding to above-mentioned server in station transmit path information, and to user terminal, sends the script that above-mentioned routing information is corresponding by above-mentioned server in station; Or processor 1301 sends to above-mentioned user terminal the script that above-mentioned routing information is corresponding in cross-domain communication mode.

In some embodiments of the invention, processor 1301 is above-mentioned sends above-mentioned N the safety level information that link is corresponding to above-mentioned user terminal, can comprise: processor 1301 sends above-mentioned N the safety level information that link is corresponding to above-mentioned server in station, and to above-mentioned user terminal, send above-mentioned N the safety level information that link is corresponding by above-mentioned server in station; Or processor 1301 sends above-mentioned N the safety level information that link is corresponding in cross-domain communication mode to above-mentioned user terminal.

Be understandable that, the function of each function element of the secure cloud server 1300 of the present embodiment can be according to the method specific implementation in said method embodiment, and its specific implementation process can, with reference to the associated description of said method embodiment, repeat no more herein.

Figure 14 has described the structure of a kind of server in station 1400 that the embodiment of the present invention provides, server in station 1400 comprises: at least 1 processor 1401, CPU for example, at least one network interface 1404 or other user interfaces 1403, memory 1405, at least one communication bus 1402.Communication bus 1402 is for realizing the connection communication between these assemblies.Wherein, this server in station 1400 optionally comprises user interface 1403, comprises display, keyboard or pointing device (for example mouse, trace ball (trackball), touch-sensitive plate or touch sensitive display screen).Memory 1405 may comprise high-speed RAM memory, also may also comprise non-unsettled memory (non-volatile memory), for example at least one magnetic disc store.Memory 1405 optionally can comprise at least one and be positioned at the storage device away from aforementioned processing device 1401.

In some embodiments, memory 1405 has been stored following element, executable module or data structure, or their subset, or their superset:

Operating system 14051, comprises various system programs, for realizing various basic businesses and processing hardware based task;

Application program module 14052, comprises various application programs, for realizing various applied business.

In application program module 14052, include but not limited to the first transmitting element 1110, script acquiring unit 1120, the second transmitting element 1130, receiving element 1140 and the 3rd transmitting element 1150.

Corresponding module in application program module 14052 in the specific implementation of each module embodiment shown in Figure 11, is not repeated herein.

In some embodiments of the invention, by calling program or the instruction of memory 1405 storages, processor 1401 can be used for sending page source code to user terminal, the routing information that script tag based on embedding in above-mentioned page source code comprises obtains corresponding script from the second secure cloud server, to above-mentioned user terminal, send above-mentioned script, receive above-mentioned user terminal and call N the link that above-mentioned page source code packages that above-mentioned script sends contains, to the first secure cloud server, send above-mentioned N link, and after receiving the safety level information corresponding from above-mentioned N link of the first secure cloud server, to above-mentioned user terminal, send above-mentioned N the safety level information that link is corresponding, so that above-mentioned user terminal is calling after above-mentioned script receives above-mentioned N safety level information corresponding to link, call above-mentioned script and to above-mentioned N, link the control that conducts interviews based on above-mentioned N link safe class that corresponding safety level information is described, wherein the first secure cloud server and the second secure cloud server are identical or different.

In some embodiments of the invention, the routing information that the script tag of processor 1401 based on embedding in above-mentioned page source code comprises, from the second secure cloud server, obtain corresponding script, can comprise: after the routing information that the script tag embedding in receiving the above-mentioned page source code of above-mentioned user terminal transmission comprises, the routing information that script tag based on embedding in above-mentioned page source code comprises, obtains corresponding script from the second secure cloud server; Or, can, in the script tag embedding after acquisition approach information, based on above-mentioned routing information, from the second secure cloud server, obtain corresponding script from above-mentioned page source code.

Be understandable that, the function of each functional module of the server in station 1400 of the present embodiment can be according to the method specific implementation in said method embodiment, and its specific implementation process can, with reference to the associated description of said method embodiment, repeat no more herein.

The embodiment of the present invention also provides a kind of communication terminal 1500, and wherein, communication terminal 1500 can be used for realizing the part or all of function of user terminal in above-described embodiment.As shown in figure 15, for ease of explanation, only show the part that some may be relevant to the embodiment of the present invention, the concrete ins and outs of part do not disclose, and please refer to embodiment of the present invention method part.

With reference to Figure 15, communication terminal 1500 comprises radio frequency (Radio Frequency, RF) parts such as circuit 1510, memory 1520, input unit 1530, Wireless Fidelity (wireless fidelity, WiFi) module 1570, display unit 1540, transducer 1550, voicefrequency circuit 1560, processor 1580 and power supply 1590.

Wherein, it will be understood by those skilled in the art that communication terminal 1500 structures shown in Figure 15 do not form the restriction to mobile phone, can comprise the parts more more or less than diagram, or combine some parts, or different parts are arranged.

RF circuit 1510 be used in receive and send messages or communication process in, the reception of signal and transmission, especially, after the downlink information of base station is received, process to processor 1580; In addition, the up data of design are sent to base station.Conventionally, RF circuit can include but not limited to antenna, at least 1 amplifier, transceiver, coupler, low noise amplifier (Low Noise Amplifier, LNA), duplexer etc.In addition RF circuit 1510 can also be by radio communication and network and other devices communicatings.Above-mentioned radio communication can be used arbitrary communication standard or agreement, include but not limited to global system for mobile communications (Global System of Mobile communication, GSM), general packet radio service (General Packet Radio Service, GPRS), code division multiple access (Code Division Multiple Access, CDMA), Wideband Code Division Multiple Access (WCDMA) (Wideband Code Division Multiple Access, WCDMA), Long Term Evolution (Long Term Evolution, LTE)), Short Message Service (Short Messaging Service, SMS), Email etc.

Wherein, memory 1520 can be used for storing software program and module, and processor 1580 is stored in software program and the module of memory 1520 by operation, thereby carries out various function application and the data processing of mobile phone.Memory 1520 can mainly comprise storage program district and storage data field, wherein, and the application program (as sound-playing function, image player function etc.) that storage program district can storage operation system, at least one function is required etc.; The data (as voice data, phone directory etc.) that create according to the use of mobile phone etc. can be stored in storage data field.In addition, memory 1520 can comprise high-speed random access memory, can also comprise nonvolatile memory, for example at least one disk memory, flush memory device or other volatile solid-state parts.

Input unit 1530 can be used for receiving numeral or the character information of input, and generation arranges with the user of communication terminal 1500 and function is controlled relevant key signals input.Particularly, input unit 1530 can comprise contact panel 1531 and other input equipments 1532.Contact panel 1531, also referred to as touch-screen, can collect user or near touch operation (using any applicable object or near the operations of annex on contact panel 1531 or contact panel 1531 such as finger, stylus such as user) thereon, and drive corresponding jockey according to predefined formula.Optionally, contact panel 1531 can comprise touch detecting apparatus and two parts of touch controller.Wherein, touch detecting apparatus detects user's touch orientation, and detects the signal that touch operation is brought, and sends signal to touch controller; Touch controller receives touch information from touch detecting apparatus, and converts it to contact coordinate, then gives processor 1580, and the order that energy receiving processor 1580 is sent is also carried out.In addition, can adopt the polytypes such as resistance-type, condenser type, infrared ray and surface acoustic wave to realize contact panel 1531.Except contact panel 1531, input unit 1530 can also comprise other input equipments 1532.Particularly, other input equipments 1532 can include but not limited to one or more in physical keyboard, function key (controlling button, switch key etc. such as volume), trace ball, mouse, action bars etc.

Wherein, display unit 1540 can be used for showing the information inputted by user or the various menus of the information that offers user and mobile phone.Display unit 1540 can comprise display floater 1541, optionally, can adopt the forms such as liquid crystal display (Liquid Crystal Display, LCD), Organic Light Emitting Diode (Organic Light-Emitting Diode, OLED) to configure display floater 1541.Further, contact panel 1531 can cover display floater 1541, when contact panel 1531 detect thereon or near touch operation after, send processor 1580 to determine the type of touch event, corresponding vision output is provided according to the type of touch event with preprocessor 1580 on display floater 1541.Although in Figure 15, contact panel 1531 and display floater 1541 be as two independently parts realize input and the input function of mobile phone, but in certain embodiments, can contact panel 1531 and display floater 1541 is integrated and realize the input and output function of mobile phone.

Wherein, communication terminal 1500 also can comprise at least one transducer 1550, such as optical sensor, motion sensor and other transducers.Particularly, optical sensor can comprise ambient light sensor and proximity transducer, and wherein, ambient light sensor can regulate according to the light and shade of ambient light the brightness of display floater 1541, proximity transducer can, when mobile phone moves in one's ear, cut out display floater 1541 and/or backlight.A kind of as motion sensor; accelerometer sensor can detect the acceleration magnitude that (is generally three axles) in all directions; when static, can detect size and the direction of gravity, can be used for identifying application (such as horizontal/vertical screen switching, dependent game, magnetometer pose calibrating), Vibration identification correlation function (such as pedometer, knock) of mobile phone attitude etc.; As for mobile phone other transducers such as configurable gyroscope, barometer, hygrometer, thermometer and infrared ray sensor also, do not repeat them here.

Voicefrequency circuit 1560, loud speaker 1561, microphone 1562 can provide the audio interface between user and mobile phone.Voicefrequency circuit 1560 can be transferred to loud speaker 1561 by the signal of telecommunication after the voice data conversion receiving, and is converted to voice signal exports by loud speaker 1561; On the other hand, microphone 1562 is converted to the signal of telecommunication by the voice signal of collection, after being received by voicefrequency circuit 1560, be converted to voice data, after again voice data output processor 1580 being processed, through RF circuit 1510, to send to such as another mobile phone, or export voice data to memory 1520 to further process.

WiFi belongs to short range wireless transmission technology, mobile phone by WiFi module 1570 can help that user sends and receive e-mail, browsing page and access streaming video etc., it provides wireless broadband internet access for user.Although Figure 15 shows WiFi module 1570, be understandable that, it does not belong to must forming of communication terminal 1500, completely can be as required in not changing the essential scope of invention and omit.

Processor 1580 is control centres of mobile phone, utilize the various piece of various interface and the whole mobile phone of connection, by moving or carry out software program and/or the module being stored in memory 1520, and call the data that are stored in memory 1520, carry out various functions and the deal with data of mobile phone, thereby mobile phone is carried out to integral monitoring.Optionally, processor 1580 can comprise one or more processing units; Preferably, processor 1580 can integrated application processor and modem processor, and wherein, application processor is mainly processed operating system, user interface and application program etc., and modem processor is mainly processed radio communication.

Be understandable that, above-mentioned modem processor also can not be integrated in processor 1580.

Communication terminal 1500 also comprises that the power supply 1590(powering to all parts is such as battery).

Preferably, power supply can be connected with processor 1580 logics by power-supply management system, thereby realizes the functions such as management charging, electric discharge and power managed by power-supply management system.Although not shown, communication terminal 1500 can also comprise camera, bluetooth module etc., does not repeat them here.

Wherein, processor 1580 can be used for slave site server and obtains page source code; The script that acquisition approach information is corresponding, wherein, the script tag embedding in above-mentioned page source code comprises described routing information; Call above-mentioned script and send to the first secure cloud server N the link that above-mentioned page source code packages contains; Call above-mentioned script and receive above-mentioned N the safety level information that link is corresponding from the first secure cloud server, and call above-mentioned script and based on above-mentioned N, link safe class that corresponding safety level information is described and link to above-mentioned N the control that conducts interviews.

Wherein, the routing information that the script tag embedding in above-mentioned page source code comprises points to the script of storing in the second secure cloud server, and the path of this script is the described path of routing information that the script tag that embeds in above-mentioned page source code comprises.Wherein, the routing information of mentioning in various embodiments of the present invention can be URL or other is for describing the information in path.

In some embodiments of the invention, script corresponding to processor 1580 acquisition approach information specifically can comprise: (for example processor 1580 can cross-domain communication mode, based on routing information, from the second secure cloud server, obtains the script that this routing information is corresponding based on routing information, from the second secure cloud server, to obtain the script that this routing information is corresponding.Or, processor 1580 can send to server in station by routing information, with indication server in station, based on this routing information, from the second secure cloud server, obtain the script that this routing information is corresponding, server in station is transmitted to communication terminal 1500 by script corresponding to this routing information); Or the script corresponding to routing information of the above-mentioned server in station transmission of processor 1580 reception, wherein, above-mentioned server in station obtains from the second secure cloud server the script that this routing information is corresponding based on above-mentioned routing information.Certainly processor 1580 also can obtain script corresponding to above-mentioned routing information of storing in the second secure cloud server by alternate manner.

In some embodiments of the invention, processor 1580 is above-mentioned to be called above-mentioned script and sends to the first secure cloud server N the link that above-mentioned page source code packages contains, can comprise: call above-mentioned script and send to above-mentioned server in station N the link that above-mentioned page source code packages contains, and to the first secure cloud server, send N the link that above-mentioned page source code packages contains by above-mentioned server in station.

In other embodiment of the present invention, processor 1580 is above-mentioned to be called above-mentioned script and sends to the first secure cloud server N the link that above-mentioned page source code packages contains, and can comprise: call above-mentioned script and to the first secure cloud server, send N the link that above-mentioned page source code packages contains in cross-domain communication mode (the first secure cloud server and communication terminal 1500 conventionally in not same area).Under this scene, the path of N link arrival the first secure cloud server that the above-mentioned page source code packages that communication terminal sends contains is without through above-mentioned server in station.

In some embodiments of the invention, processor 1580 calls above-mentioned script and based on above-mentioned N link safe class that corresponding safety level information is described, above-mentioned N the link control that conducts interviews is comprised: in the page corresponding to above-mentioned page source code of displaying, bandwagon effect by the displaying content of each link in above-mentioned N link in the above-mentioned page, plays up that each links the corresponding bandwagon effect of safe class that corresponding safety level information is described with this.

In other embodiment of the present invention, processor 1580 calls above-mentioned script and based on above-mentioned N link safe class that corresponding safety level information is described, above-mentioned N the link control that conducts interviews is comprised: in the page corresponding to above-mentioned page source code of displaying, when mouse is suspended to the display location of the first displaying content linking in above-mentioned N link, demonstration and first links the corresponding indicating risk of safe class that corresponding safety level information is described.

In the other embodiment of the present invention, processor 1580 calls above-mentioned script and based on above-mentioned N link safe class that corresponding safety level information is described, above-mentioned N the link control that conducts interviews is comprised: among the page corresponding to above-mentioned page source code of displaying, when user selects the displaying content of the second link in above-mentioned N link, if the corresponding safety level information of the second link is described the prevention access consideration of the compound setting of safe class, stop the access to the second link.

Certainly, communication terminal also can pass through alternate manner, calls above-mentioned script and to above-mentioned N, links the control that conducts interviews based on above-mentioned N link safe class that corresponding safety level information is described, and gives an example no longer one by one herein.

In some embodiments of the invention, communication terminal calls the public library that above-mentioned script uses and adopts closure method of calling to call; Or above-mentioned script is javascript script, wherein, above-mentioned javascript script is registered in the extension object of corresponding javascript as prototype member.Certainly, above-mentioned script also can be the script of other form.Be understandable that, because script will embed among the webpage source code of different server in station, the situation that likely there will be script to conflict with the internal logic of server in station, the concept that for example javascript script does not wrap as java, again or this NameSpace concept of c++, c#, therefore in the embodiment of the present invention, consider, can be registered in the extension object of corresponding javascript javascript script as prototype member, be conducive to like this to guarantee that the javascript script that loads can not conflict mutually with function in the former page and variable etc.Or, because script may need to call third party library, equally also may conflict with some naming methods of page source code, in the embodiment of the present invention, consider, calling the public library that above-mentioned script (as javascript script) used adopts closure method of calling to call, so, the variable that still can use former storehouse to state in all code logic of closure inside, and can not affect the logic outside closure.Above-mentioned processing mode all can solve preferably introduces script collision problem afterwards.

Therefore the present embodiment communication terminal slave site server obtains page source code, the script that communication terminal acquisition approach information is corresponding, wherein, the script tag embedding in above-mentioned page source code comprises described routing information; Call above-mentioned script and send to the first secure cloud server N the link that above-mentioned page source code packages contains; Call above-mentioned script and receive above-mentioned N the safety level information that link is corresponding from the first secure cloud server, and call above-mentioned script and based on above-mentioned N, link safe class that corresponding safety level information is described and link to above-mentioned N the control that conducts interviews.Because communication terminal is that network side obtains the corresponding script of routing information in page source code and page source code, calling this script asks the first secure cloud server to determine the safe class of N the link that this page source code packages contains, call this script and to above-mentioned N, link the control that conducts interviews based on above-mentioned N link safe class that corresponding safety level information is described, based on this mechanism, communication terminal just can be realized protection page source code and comprises malice and link without antivirus software is installed in advance, be conducive to promote defence capability, be conducive to remove the crisis of losing efficacy and bringing because of antivirus software in communication terminal, this has strengthened flexibility and the reliability of communication terminal to malice link defence to a great extent, and script and page source code are corresponding relations, and specific aim and reliability are strong, be conducive to further strengthen flexibility and the reliability of communication terminal to malice link defence.

Referring to Figure 16, the embodiment of the present invention, also provide a kind of communication system, can comprise:

User terminal 1610, server in station 1620 and the first secure cloud server 1630.

Wherein, server in station 1620, for sending page source code to user terminal 1610;

User terminal 1610, obtains above-mentioned page source code for slave site server 1620; The script that acquisition approach information is corresponding, the script tag embedding in above-mentioned page source code comprises above-mentioned routing information; Call above-mentioned script and send to the first secure cloud server N the link that above-mentioned page source code packages contains; Call above-mentioned script and receive above-mentioned N the safety level information that link is corresponding from the first secure cloud server, and call above-mentioned script and based on above-mentioned N, link safe class that corresponding safety level information is described and link to above-mentioned N the control that conducts interviews.

Wherein, server in station 1620 can be used for, and to user terminal 1610, sends above-mentioned script, receive user terminal 1610 and call N the link that above-mentioned page source code packages that above-mentioned script sends contains, to the first secure cloud server 1630, send above-mentioned N link, and after receiving the safety level information corresponding from above-mentioned N link of the first secure cloud server, to above-mentioned user terminal, send above-mentioned N the safety level information that link is corresponding, so that above-mentioned user terminal is calling after above-mentioned script receives above-mentioned N safety level information corresponding to link, call above-mentioned script and to above-mentioned N, link the control that conducts interviews based on above-mentioned N link safe class that corresponding safety level information is described, wherein, the first secure cloud server and the second secure cloud server are identical or different.

In some embodiments of the invention, script corresponding to user terminal 1610 acquisition approach information specifically can comprise: (for example user terminal 1610 can cross-domain communication mode, based on routing information, from the second secure cloud server, obtains the script that this routing information is corresponding based on routing information, from the second secure cloud server, to obtain the script that this routing information is corresponding.Or, user terminal 1610 can send to server in station by routing information, with indication server in station 1620, based on this routing information, from the second secure cloud server, obtain the script that this routing information is corresponding, server in station 1620 is transmitted to user terminal 1610 by script corresponding to this routing information); Or the script corresponding to routing information of the above-mentioned server in station transmission of user terminal 1610 reception, wherein, above-mentioned server in station 1620 obtains from the second secure cloud server the script that this routing information is corresponding based on above-mentioned routing information.Certainly, user terminal also can obtain script corresponding to above-mentioned routing information of storing in the second secure cloud server by alternate manner.

In some embodiments of the invention, the linking secure record of the first secure cloud server 1630 in can query safe cloud database, determines the corresponding safety level information of N link according to Query Result; Or the first secure cloud server also can real-time inspection N the fail safe of link, according to the fail safe of the N checking link, determine N the corresponding safety level information linking.The first secure cloud server determines that the mode of the corresponding safety level information of N link is diversified, repeats no more herein.

In some embodiments of the invention, user terminal 1610 calls the public library that above-mentioned script uses and adopts closure method of calling to call; Or above-mentioned script is javascript script, wherein, above-mentioned javascript script is registered in the extension object of corresponding javascript as prototype member.Certainly, above-mentioned script also can be the script of other form.Be understandable that, because script will embed among the webpage source code of different server in station, the situation that likely there will be script to conflict with the internal logic of server in station, the concept that for example javascript script does not wrap as java, again or this NameSpace concept of c++, c#, therefore in the embodiment of the present invention, consider, can be registered in the extension object of corresponding javascript javascript script as prototype member, be conducive to like this to guarantee that the javascript script that loads can not conflict mutually with function in the former page and variable etc.Or, because script may need to call third party library, equally also may conflict with some naming methods of page source code, in the embodiment of the present invention, consider, calling the public library that above-mentioned script (as javascript script) used adopts closure method of calling to call, so, the variable that still can use former storehouse to state in all code logic of closure inside, and can not affect the logic outside closure.Above-mentioned processing mode all can solve preferably introduces script collision problem afterwards.

Wherein, the user terminal 1610 of the present embodiment can be used for realizing the part or all of function of above-mentioned any one user terminal; The server in station 1620 of the present embodiment can be used for realizing the part or all of function of above-mentioned any one server in station; The first secure cloud server 1630 of the present embodiment can be used for realizing the part or all of function of above-mentioned any one secure cloud server.

Referring to Figure 17, the embodiment of the present invention, also provide a kind of communication system, can comprise:

Server in station 1710, the first secure cloud server 1720 and the second secure cloud server 1730.

Wherein, server in station 1710 is for sending page source code to user terminal, to user terminal, send page source code, the routing information that script tag based on embedding in above-mentioned page source code comprises obtains corresponding script from the second secure cloud server 1730, to above-mentioned user terminal, send above-mentioned script, receive above-mentioned user terminal and call N the link that above-mentioned page source code packages that above-mentioned script sends contains, to the first secure cloud server 1720, send above-mentioned N link, and after receiving the safety level information corresponding from above-mentioned N link of the first secure cloud server, to above-mentioned user terminal, send above-mentioned N the safety level information that link is corresponding, so that above-mentioned user terminal is calling after above-mentioned script receives above-mentioned N safety level information corresponding to link, call above-mentioned script and to above-mentioned N, link the control that conducts interviews based on above-mentioned N link safe class that corresponding safety level information is described, wherein, the first secure cloud server 1720 and the second secure cloud server 1730 are identical or different.

Wherein, user terminal, obtains above-mentioned page source code for slave site server 1710; The script that acquisition approach information is corresponding, the script tag embedding in above-mentioned page source code comprises above-mentioned routing information; Call above-mentioned script and send to the first secure cloud server 1730 N the link that above-mentioned page source code packages contains; Call above-mentioned script and receive above-mentioned N the safety level information that link is corresponding from the first secure cloud server 1730, and call above-mentioned script and based on above-mentioned N, link safe class that corresponding safety level information is described and link to above-mentioned N the control that conducts interviews.

In some embodiments of the invention, the linking secure record of the first secure cloud server 1720 in can query safe cloud database, determines the corresponding safety level information of N link according to Query Result; Or the first secure cloud server 1720 also can real-time inspection N the fail safe of link, according to the fail safe of the N checking link, determine N the corresponding safety level information linking.The first secure cloud server 1720 determines that the mode of the corresponding safety level information of N link is diversified, repeats no more herein.

The embodiment of the present invention also provides a kind of computer-readable storage medium, and wherein, this computer-readable storage medium can have program stored therein, and this program comprises the part or all of step of the page access control method of recording in said method embodiment while carrying out.

It should be noted that, for aforesaid each embodiment of the method, for simple description, therefore it is all expressed as to a series of combination of actions, but those skilled in the art should know, the present invention is not subject to the restriction of described sequence of movement, because according to the present invention, some step can adopt other orders or carry out simultaneously.Secondly, those skilled in the art also should know, the embodiment described in specification all belongs to preferred embodiment, and related action and module might not be that the present invention is necessary.

In the above-described embodiments, the description of each embodiment is all emphasized particularly on different fields, in certain embodiment, there is no the part of detailed description, can be referring to the associated description of other embodiment.

In the several embodiment that provide in the application, should be understood that disclosed device can be realized by another way.For example, device embodiment described above is only schematic, the for example division of described unit, be only that a kind of logic function is divided, during actual realization, can there is other dividing mode, for example a plurality of unit or assembly can in conjunction with or can be integrated into another system, or some features can ignore, or do not carry out.Another point, shown or discussed coupling each other or direct-coupling or communication connection can be by some interfaces, indirect coupling or the communication connection of device or unit can be electrical or other form.

The described unit as separating component explanation can or can not be also physically to separate, and the parts that show as unit can be or can not be also physical locations, can be positioned at a place, or also can be distributed in a plurality of network element.Can select according to the actual needs some or all of unit wherein to realize the object of the present embodiment scheme.

In addition, each functional unit in each embodiment of the present invention can be integrated in a processing unit, can be also that the independent physics of unit exists, and also can be integrated in a unit two or more unit.Above-mentioned integrated unit both can adopt the form of hardware to realize, and also can adopt the form of SFU software functional unit to realize.

If the form of SFU software functional unit of usining described integrated unit realizes and during as production marketing independently or use, can be stored in a computer read/write memory medium.Understanding based on such, the all or part of of the part that technical scheme of the present invention contributes to prior art in essence in other words or this technical scheme can embody with the form of software product, this computer software product is stored in a storage medium, comprises that some instructions are with so that a computer equipment (can be personal computer, server or the network equipment etc.) is carried out all or part of step of method described in each embodiment of the present invention.And aforesaid storage medium comprises: various media that can be program code stored such as USB flash disk, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), portable hard drive, magnetic disc or CDs.

The above, above embodiment only, in order to technical scheme of the present invention to be described, is not intended to limit; Although the present invention is had been described in detail with reference to previous embodiment, those of ordinary skill in the art is to be understood that: its technical scheme that still can record aforementioned each embodiment is modified, or part technical characterictic is wherein equal to replacement; And these modifications or replacement do not make the essence of appropriate technical solution depart from the spirit and scope of various embodiments of the present invention technical scheme.

Claims

1. a page access control method, is characterized in that, comprising:

User terminal slave site server obtains page source code;

2. method according to claim 1, is characterized in that,

Script corresponding to described acquisition approach information, comprising: based on routing information, from the second secure cloud server, obtain the script that described routing information is corresponding; Or, receive script corresponding to routing information that described server in station sends, wherein, described server in station obtains from the second secure cloud server the script that described routing information is corresponding based on described routing information.

3. method according to claim 1, is characterized in that,

Describedly call described script and send to the first secure cloud server N the link that described page source code packages contains, comprise: call described script and send to described server in station N the link that described page source code packages contains, and to the first secure cloud server, send N the link that described page source code packages contains by described server in station.

4. method according to claim 1, is characterized in that,

Describedly call described script and to the first secure cloud server, send N the link that described page source code packages contains and comprise: call described script and to the first secure cloud server, send N the link that described page source code packages contains in cross-domain communication mode.

5. according to the method described in claim 1 to 4 any one, it is characterized in that, describedly call described script and based on described N link safe class that corresponding safety level information is described, described N the link control that conducts interviews is comprised: in the page corresponding to described page source code of displaying, bandwagon effect by the displaying content of each link in described N link in the described page, plays up that each links the corresponding bandwagon effect of safe class that corresponding safety level information is described with this.

6. according to the method described in claim 1 to 4 any one, it is characterized in that, describedly call described script and to described N, link the control that conducts interviews based on described N link safe class that corresponding safety level information is described, comprise: in the page corresponding to the described page source code of showing, when mouse is suspended to the display location of the first displaying content linking in described N link, demonstration and described first links the corresponding indicating risk of safe class that corresponding safety level information is described.

7. according to the method described in claim 1 to 4 any one, it is characterized in that,

Describedly call described script and to described N, link the control that conducts interviews based on described N link safe class that corresponding safety level information is described, comprise: among the page corresponding to the described page source code of showing, when user selects the displaying content of the second link in described N link, if the corresponding safety level information of described the second link is described the prevention access consideration of the compound setting of safe class, stop the access to described the second link.

8. according to the method described in claim 1 to 4 any one, it is characterized in that,

Calling the public library that described script uses adopts closure method of calling to call;

Or,

Described script is javascript script, and wherein, described javascript script is registered in the extension object of corresponding javascript as prototype member.

9. a page access control method, is characterized in that, comprising:

Determine described N the safety level information that link is corresponding;

10. method according to claim 9, it is characterized in that, describedly to script corresponding to user terminal transmit path information, comprise: to script corresponding to described server in station transmit path information, and to user terminal, send the script that described routing information is corresponding by described server in station; Or, in cross-domain communication mode, to described user terminal, send the script that described routing information is corresponding.

11. according to the method described in claim 9 or 10, it is characterized in that, describedly to described user terminal, send described N safety level information corresponding to link, comprise: to described server in station, send described N the safety level information that link is corresponding, and to described user terminal, send described N the safety level information that link is corresponding by described server in station; Or, in cross-domain communication mode, to described user terminal, send described N the safety level information that link is corresponding.

12. 1 kinds of page access control methods, is characterized in that, comprising:

Server in station sends page source code to user terminal;

To described user terminal, send described script;

13. methods according to claim 12, is characterized in that,

The routing information that the described script tag based on embedding in described page source code comprises, from the second secure cloud server, obtain corresponding script, comprise: after the routing information that the script tag embedding in receiving the described page source code of described user terminal transmission comprises, the routing information that script tag based on embedding in described page source code comprises, obtains corresponding script from the second secure cloud server; Or after acquisition approach information, based on described routing information, from the second secure cloud server, obtain corresponding script from described page source code in the script tag embedding.

14. 1 kinds of user terminals, is characterized in that, comprising:

Source code acquiring unit, obtains page source code for slave site server;

15. user terminals according to claim 14, is characterized in that,

Described script acquiring unit specifically for, based on routing information, from the second secure cloud server, obtain the script that described routing information is corresponding; Or, receive script corresponding to described routing information that described server in station sends, wherein, described server in station obtains from the second secure cloud server the script that described routing information is corresponding based on described routing information.

16. user terminals according to claim 14, is characterized in that,

Described transmitting element specifically for, call described script and to the first secure cloud server, send N the link that described page source code packages contains in cross-domain communication mode; Or, call described script and send to described server in station N the link that described page source code packages contains, and to the first secure cloud server, send N the link that described page source code packages contains by described server in station.

17. according to claim 14 to the user terminal described in 16 any one, it is characterized in that, described control unit specifically for, in the page corresponding to the described page source code of showing, bandwagon effect by the displaying content of each link in described N link in the described page, plays up that each links the corresponding bandwagon effect of safe class that corresponding safety level information is described with this.

18. according to claim 14 to the user terminal described in 16 any one, it is characterized in that, described control unit specifically for, in the page corresponding to the described page source code of showing, when mouse is suspended to the display location of the first displaying content linking in described N link, demonstration and described first links the corresponding indicating risk of safe class that corresponding safety level information is described.

19. according to claim 14 to the user terminal described in 16 any one, it is characterized in that, described control unit specifically for, among the page corresponding to the described page source code of showing, when user selects the displaying content of the second link in described N link, if the corresponding safety level information of described the second link is described the prevention access consideration of the compound setting of safe class, stop the access to described the second link.

20. 1 kinds of secure cloud servers, is characterized in that, comprising:

21. secure cloud servers according to claim 20, it is characterized in that, described the first transmitting element specifically for, to script corresponding to described server in station transmit path information, and to user terminal, send the script that described routing information is corresponding by described server in station; Or, in cross-domain communication mode, to described user terminal, send the script that described routing information is corresponding.

22. according to the secure cloud server described in claim 20 or 21, it is characterized in that,

Described the second transmitting element specifically for, to described server in station, send described N safety level information corresponding to link, and by described server in station, to described user terminal, send described N and link corresponding safety level information; Or to described user terminal, send described N the safety level information that link is corresponding in cross-domain communication mode.

23. 1 kinds of server in station, is characterized in that, comprising:

The first transmitting element, for sending page source code to user terminal;

24. server in station according to claim 23, is characterized in that,

Described script acquiring unit specifically for, after the routing information that the script tag embedding in receiving the described page source code of described user terminal transmission comprises, the routing information that script tag based on embedding in described page source code comprises, obtains corresponding script from the second secure cloud server; Or, in the script tag embedding, after acquisition approach information, based on described routing information, from the second secure cloud server, obtain corresponding script from described page source code.

25. 1 kinds of communication systems, is characterized in that, comprising:

User terminal, server in station and the first secure cloud server,