CN103634307A - Method for certificating webpage content and browser - Google Patents
Method for certificating webpage content and browser Download PDFInfo
- Publication number
- CN103634307A CN103634307A CN201310582960.9A CN201310582960A CN103634307A CN 103634307 A CN103634307 A CN 103634307A CN 201310582960 A CN201310582960 A CN 201310582960A CN 103634307 A CN103634307 A CN 103634307A
- Authority
- CN
- China
- Prior art keywords
- website
- request
- http request
- http
- url
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1483—Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention discloses a method for certificating webpage content and a corresponding browser. The method for certificating the webpage content provided by the embodiment of the invention comprises the steps of setting a secret key on a website server of a website needing anti-fake certification and setting a public key corresponding to the secret key in a browser side; when an HTTP (hyper text transport protocol) request is generated at the browser side, judging whether the website accessed by the HTTP request belongs to a website needing the anti-fake certification; if the website accessed by the HTTP request belongs to the website needing anti-fake certification, sending the HTTP request to the corresponding website server after a request anti-fake parameter is added in the HTTP request; receiving the HTTP response returned by the website server according to the request anti-fake parameter, wherein encryption information generated by the secret key of the website is carried in the HTTP response; decrypting the encryption information in the HTTP response by using the public key of the website and judging whether the HTTP response comes from the certificated website server according to decrypted information.
Description
Technical field
The present invention relates to technical field of the computer network, particularly a kind of method that web page contents is authenticated and browser.
Background technology
HTTPS(Hypertext Transfer Protocol over Secure Socket Layer) be to take the HTTP passage that safety is target, can be referred to as the safety version of HTTP.HTTPS adds SSL (Secure Sockets Layer, SSL) under HTTP, and the foundation for security of HTTPS is exactly SSL.HTTPS is an abstract identifier system (URI scheme), and syntax is http roughly the same: system, and for the HTTP transfer of data of safety.Https:URL shows that it has used HTTP, but HTTPS exists default port and an encryption/authentication layer (between HTTP and TCP) that is different from HTTP.The initial research and development of this system are undertaken by Netscape, and authentication and encipher communication method are provided, and it is widely used in the communication of security sensitive on World Wide Web (WWW) now, for example transaction payment aspect.
Existing browser, when using HTTPS and server end communication, needs first to carry out a handshake procedure with server end, referring to Fig. 1, shows the communication flow schematic diagram that uses HTTPS in existing scheme, and this flow process comprises the steps:
Step 1: browser connects to server end request HTTPS, and then server end returns to certificate to browser side, and this certificate has comprised the PKI for encrypting.
Step 2: browser produces a random key, and this random key is a symmetrical key.
Step 3: browser uses public-key as symmetric key encryption.
Step 4: browser is sent to server end by the symmetric key after encrypting.
Server end can be decrypted by the symmetric key after to the encryption receiving with PKI, obtains symmetric key.By above handshake procedure, browser and server end has all been known the symmetric key that this communication is used, and after handshake procedure finishes, enters step 5.
Step 5: the ciphertext by symmetric key encryption between browser and server end communicates.
Yet, use existing HTTPS agreement to carry out communication and at least have following shortcoming:
1: because the data of each communication have been carried out encryption, so communication speed is slow.
2: the communication of each HTTPS, all comprises and shaking hands and http communication two parts.Due to the flow process that each communication must be shaken hands, cause communication flow complicated, further affected communication speed.
3: some minorities' website or browser are can not support for the website of main HTTPS, for example the website of HTTPS cannot issue to these browsers the PKI of latest edition, thereby cannot carry out https traffic, causes internet security poor.
Summary of the invention
In view of the above problems, the present invention has been proposed to provide a kind of a kind of method that web page contents is authenticated that overcomes the problems referred to above or address the above problem at least in part and corresponding browser.
According to one aspect of the present invention, the embodiment of the present invention provides a kind of method that web page contents is authenticated, and comprising:
In the Website server of website that needs anti-fake certificate, private key is set, and the PKI corresponding with private key in each Website server is set in browser side; When browser adnation becomes HTML (Hypertext Markup Language) HTTP request, judge whether the website of this HTTP request access belongs to the website that needs anti-fake certificate; If the website of HTTP request access belongs to the website that needs anti-fake certificate, in HTTP request, add after the false proof parameter of request, this HTTP request is sent to corresponding Website server; Receive the http response that Website server returns according to the false proof parameter of request, in this http response, carry the enciphered message by the private key generation of website; Utilize the PKI of website to be decrypted the enciphered message in http response, according to decryption information, judge whether http response carrys out the Website server of Self-certified.
Optionally, whether the above-mentioned website that judges this HTTP request access belongs to needs the website of anti-fake certificate to comprise:
In inquiry HTTP request, whether the URL of website to be visited is in the website url list of safeguarding, if, the website that judges HTTP request access belongs to the website that needs anti-fake certificate, if not, judges that the website of HTTP request access does not belong to the website that needs anti-fake certificate.
Optionally, above-mentioned interpolation in HTTP request after the false proof parameter of request, is sent to corresponding Website server by this HTTP request and comprises:
After the false proof parameter of request being added in the request bag of HTTP request, this HTTP request is directly sent to corresponding Website server, or, this HTTP request is sent to corresponding Website server by transfer server.
Optionally, above-mentioned enciphered message is to utilize the private key of website that the URL of HTTP request actual access webpage is encrypted and generated,
The above-mentioned PKI of website that utilizes is decrypted the enciphered message in http response, according to decryption information confirmation http response, comes the Website server of Self-certified to comprise:
Utilize the PKI of website to be decrypted the enciphered message in http response, the URL of the actual access webpage that obtains decrypting;
Whether the URL that judges actual access webpage is consistent with the URL of request access webpage in HTTP request, if so, judges that http response carrys out the Website server of Self-certified, and if not, judgement http response is not carried out the Website server of Self-certified.
Optionally, above-mentioned enciphered message is to utilize the private key of website that the timestamp of the URL of HTTP request actual access webpage and http response is encrypted and generated; The above-mentioned PKI of website that utilizes is decrypted the enciphered message in http response, according to decryption information confirmation http response, comes the Website server of Self-certified to comprise:
Utilize the PKI of website to be decrypted the enciphered message in http response, the URL of actual access webpage that obtains decrypting and the timestamp of http response;
When the difference in the URL of actual access webpage and HTTP request between the timestamp of the consistent and http response of the URL of request access webpage and timestamp that HTTP asks is no more than predetermined difference threshold value, judgement http response is carried out the Website server of Self-certified, otherwise judgement http response is not carried out the Website server of Self-certified.
Optionally, said method also comprises:
When not carrying out the Website server of Self-certified according to decryption information judgement http response, generate the information of access exception, and this information is showed to user.
According to another aspect of the present invention, the embodiment of the present invention also provides a kind of browser, comprising:
Public private key pair setting unit, is suitable for, in the Website server of website that needs anti-fake certificate, private key is set, and the PKI corresponding with private key in each Website server is set in browser side;
Anti-fake certificate start unit, is suitable for, when browser adnation becomes HTTP request, judging whether the website of this HTTP request access belongs to the website that needs anti-fake certificate;
False proof parameter set unit, belongs to if be suitable for the website of HTTP request access the website that needs anti-fake certificate, adds after the false proof parameter of request in HTTP request, and this HTTP request is sent to corresponding Website server;
Receiving element, is suitable for receiving the http response that Website server returns according to the false proof parameter of request, carries the enciphered message by the private key generation of website in this http response;
Deciphering judging unit, is suitable for utilizing the PKI of website to be decrypted the enciphered message in http response, according to decryption information, judges whether http response carrys out the Website server of Self-certified.
Optionally, anti-fake certificate start unit, be suitable for inquiring about the URL of website to be visited in HTTP request whether in the website url list of safeguarding, if, the website that judges described HTTP request access belongs to the website that needs anti-fake certificate, if not, the website that judges HTTP request access does not belong to the website that needs anti-fake certificate.
Optionally, false proof parameter set unit, after being suitable for that the false proof parameter of request is added in the request bag of HTTP request, is directly sent to corresponding Website server by this HTTP request, or, this HTTP request is sent to corresponding Website server by transfer server.
Optionally, above-mentioned enciphered message is to utilize the private key of website that the URL of HTTP request actual access webpage is encrypted and generated.Deciphering judging unit, is also suitable for utilizing the PKI of website to be decrypted the enciphered message in http response, the URL of the actual access webpage that obtains decrypting; Whether the URL that judges actual access webpage is consistent with the URL of request access webpage in HTTP request, if so, judges that http response carrys out the Website server of Self-certified, and if not, judgement http response is not carried out the Website server of Self-certified.
Optionally, above-mentioned enciphered message is to utilize the private key of website that the timestamp of the URL of HTTP request actual access webpage and http response is encrypted and generated.Deciphering judging unit, is also suitable for utilizing the PKI of website to be decrypted the enciphered message in http response, the URL of actual access webpage that obtains decrypting and the timestamp of http response; When the difference in the URL of actual access webpage and HTTP request between the timestamp of the consistent and http response of the URL of request access webpage and timestamp that HTTP asks is no more than predetermined difference threshold value, judgement http response is carried out the Website server of Self-certified, otherwise judgement http response is not carried out the Website server of Self-certified.
Optionally, above-mentioned browser also comprises information display unit, is suitable for, when not carrying out the Website server of Self-certified according to decryption information judgement http response, generating the information of access exception, and this information being showed to user.
From the above mentioned, the embodiment of the present invention provides a kind of novel secure HTTP communication mechanism, make only have preset the browser and server of safe public private key pair could successfully realize the encryption and decryption operation of communication, solve the poor problem of internet security of not supporting HTTPS website to cause due to browser in prior art, guaranteed the fail safe of network communication; And the embodiment of the present invention is screened the website of request access; only to carrying out the website of safeguard protection, carry out the encryption and decryption operation of data; solve existing HTTPS and each communication data is encrypted to the slow problem of communication speed causing; reduce the data volume that needs processing and transmission, improved communication speed.
And the communication mechanism of the secure HTTP that the embodiment of the present invention provides, is guaranteeing under the prerequisite of network security, do not need handshake operation flow process, solve the each communication of existing HTTPS and all must shake hands that the communication that causes is complicated, slow-footed problem, simplified communication flow, improved communication speed.
Above-mentioned explanation is only the general introduction of technical solution of the present invention, in order to better understand technological means of the present invention, and can be implemented according to the content of specification, and for above and other objects of the present invention, feature and advantage can be become apparent, below especially exemplified by the specific embodiment of the present invention.
Accompanying drawing explanation
By reading below detailed description of the preferred embodiment, various other advantage and benefits will become cheer and bright for those of ordinary skills.Accompanying drawing is only for the object of preferred implementation is shown, and do not think limitation of the present invention.And in whole accompanying drawing, by identical reference symbol, represent identical parts.In the accompanying drawings:
Fig. 1 shows the communication flow schematic diagram that uses HTTPS in prior art;
Fig. 2 shows a kind of according to an embodiment of the invention method flow diagram that web page contents is authenticated;
Fig. 3 shows a kind of in accordance with another embodiment of the present invention method flow diagram that web page contents is authenticated;
Fig. 4 returns results page schematic diagram normally while showing the browse request access hao.360.cn website of another embodiment according to the present invention;
When Fig. 5 shows the browse request access hao.360.cn website of another embodiment according to the present invention, webpage is tampered returns results page schematic diagram;
Fig. 6 shows the structural representation of the browser of another embodiment according to the present invention.
Embodiment
Exemplary embodiment of the present disclosure is described below with reference to accompanying drawings in more detail.Although shown exemplary embodiment of the present disclosure in accompanying drawing, yet should be appreciated that and can realize the disclosure and the embodiment that should do not set forth limits here with various forms.On the contrary, it is in order more thoroughly to understand the disclosure that these embodiment are provided, and can by the scope of the present disclosure complete convey to those skilled in the art.
Goal of the invention of the present invention is mainly to realize a kind of light-weighted secure HTTP communication mechanism, when reaching the safety certification effect that HTTPS plays, simplifies communication process, improves communication efficiency.
One embodiment of the invention provides a kind of method that web page contents is authenticated, and referring to Fig. 2, the method comprises the steps:
S200: in the Website server of website that needs anti-fake certificate, private key is set, and the PKI corresponding with private key in each Website server is set in browser side.
S202: when browser adnation becomes HTTP(Hypertext Transfer Protocol, while HTML (Hypertext Markup Language)) asking, whether the website that judges this HTTP request access belongs to the website that needs anti-fake certificate, to enter S204, otherwise, if the website of HTTP request access does not belong to the website that needs anti-fake certificate, directly send this HTTP request, in the present embodiment, mainly to carrying out the scene of anti-fake certificate, describe.
S204: if the website of HTTP request access belongs to the website that needs anti-fake certificate, add in HTTP request after the false proof parameter of request, this HTTP request is sent to corresponding Website server.
In this step by asking false proof parameter to inform that this HTTP request of Website server is to need false proof reply.
S206: receive the http response that Website server returns according to the false proof parameter of request, carry the enciphered message by the private key generation of website in this http response.
Website server knows that according to the false proof parameter of request this communication needs safety anti-fake authentication, and Website server can add enciphered message in http response.
S208: utilize the PKI of website to be decrypted the enciphered message in http response, judge according to decryption information whether http response carrys out the Website server of Self-certified.
When decryption information indication successful decryption, determine that above-mentioned HTTP responds the Website server of Self-certified, the real data that this communication browser gets; When decryption information indication Decryption failures, determine that above-mentioned HTTP response does not carry out the Website server of Self-certified, the real data that this communication browser does not get.
From the above mentioned, the embodiment of the present invention provides a kind of novel secure HTTP communication mechanism, make only have preset the browser and server of safe public private key pair could successfully realize the encryption and decryption operation of communication, solve the poor problem of internet security of not supporting HTTPS website to cause due to browser in prior art, guaranteed the fail safe of network communication; And the embodiment of the present invention is screened the website of request access; only to carrying out the website of safeguard protection, carry out the encryption and decryption operation of data; solve existing HTTPS and each communication data is encrypted to the slow problem of communication speed causing; reduce the data volume that needs processing and transmission, improved communication speed.
And the communication mechanism of the secure HTTP that the embodiment of the present invention provides, is guaranteeing under the prerequisite of network security, do not need handshake operation flow process, solve the each communication of existing HTTPS and all must shake hands that the communication that causes is complicated, slow-footed problem, simplified communication flow, improved communication speed.
Another embodiment of the present invention provides a kind of method that web page contents is authenticated, and referring to Fig. 3, the method comprises the steps:
S300: preset a collection of public private key pair, and pre-stored in browser and Website server respectively.
Can determine a collection of public private key pair with each large main stream website (as Sohu website, Sina website, Baidu website) in advance, PKI in browser side storage main stream website, as PKI being stored in the PKI storehouse table of browser side, at the Website server side storage private key corresponding with PKI of main stream website.
Optionally, under a kind of mode, the different private key that the different web sites server of the present embodiment is used, corresponding browser side is stored respectively the different PKI corresponding from the private key of each Website server, to adapt to the demand of different web sites; Under another kind of mode, the identical private key that the different web sites server of the present embodiment is used, browser side is stored one and the corresponding PKI of this private key, thereby has reduced the data volume that browser side need to be stored, the cryptographic operation in convenient communication.
S302: initiate HTTP request, and judge whether the website of this HTTP request access belongs to the website that needs anti-fake certificate.
Browser side is normally initiated HTTP request, and while whether belonging in the website that judges this HTTP request access the website that needs anti-fake certificate, the information in the information in this HTTP request can being shown with the PKI storehouse of browser side storage is mated.For example, packets of information purse rope station url list in the table of PKI storehouse and the PKI of website, when carrying out judgement, in inquiry HTTP request, whether the URL of website to be visited is in the website url list of safeguarding, if, the website that judges HTTP request access belongs to the website that needs anti-fake certificate, enters S304; If not, judge that the website of HTTP request access does not belong to the website that needs anti-fake certificate, directly send this HTTP request.
S304: add the false proof parameter of request in HTTP request.
False proof parameter joins request in the data packet head of the HTTP request that the match is successful, this asks false proof parameter to indicate this HTTP request to need false proof reply, and the data of returning to this HTTP request need to comprise the enciphered message (false proof part) by the private key generation of website.
In HTTP request, add after the false proof parameter of request, this HTTP request is sent to corresponding Website server, the present embodiment provides following two kinds of send modes, under a kind of mode, after the false proof parameter of request being added in the request bag of HTTP request, this HTTP request is directly sent to corresponding Website server, under another kind of mode, this HTTP request is sent to corresponding Website server by transfer server.By above-mentioned two kinds of send modes, can make this programme be applicable in the different network architectures.
S306: whether the data that judgement is returned comprise false proof part, are to enter S308, otherwise enter S314.Website server is sent to browser side by this http response after false proof part can being joined in the data packet head of http response.From Website server side direction browser side, send the mode of http response, identical with the mode sending from browser side direction Website server side.
Above-mentioned false proof part be the private key that utilizes website in HTTP request for verifying that the data encryption of this request obtains, be a kind of enciphered message.Optionally, for the data of verifying, can be the URL(Uniform Resource Locator of current HTTP request, URL(uniform resource locator)), above-mentioned enciphered message is that Website server utilizes the private key of website that the URL of HTTP request actual access webpage is encrypted and generated.
Consider malice CDN(Content Delivery Network, content distributing network) or gateway route may this URL verification msg of cache be used for data falsification.Optionally, the present embodiment is by timestamp information, as UTC(universal time) timestamp is also as the part of encrypted content, for the data of verifying, comprises URL and the UTC timestamp of current HTTP request.
S308: the data of returning are decrypted with PKI.
Browser side is chosen the PKI corresponding with Website server and is decrypted.While being the URL of HTTP request for the data of verifying, deciphering obtains URL, i.e. deciphering obtains the URL of actual access webpage; While being the URL of HTTP request and UTC timestamp for the data verified, deciphering obtains URL and UTC timestamp.
S310: whether judgement meets expection by the content of PKI deciphering, is to enter S312, otherwise enters S314.
The situation that the http response of returning is comprised to the enciphered message generating according to the URL of HTTP request, the corresponding PKI deciphering of this website for browser side, the URL of the HTTP request of the URL parsing and record is compared, if the content that consistent explanation is returned is real, from real Website server, the content of deciphering meets expection, otherwise the content of deciphering does not conform to expection.
The http response of returning is comprised according to the situation of the enciphered message of the URL of HTTP request and the generation of UTC timestamp, after deciphering, obtain URL and UTC timestamp, at this moment need the time of considering server side and browser side there are differences.UTC timestamp after can secure processing device encrypts and the difference between the UTC timestamp of browser side local record, when the URL after the difference calculating is no more than certain scope and deciphering is identical with the URL of local record, can think that the data of returning are real, the content of deciphering meets expection, otherwise the content of deciphering does not conform to expection.When in the URL of actual access webpage and HTTP request, the difference between the timestamp of the consistent and http response of the URL of request access webpage and timestamp that HTTP asks is no more than predetermined difference threshold value (such as 3600 seconds), judgement http response is carried out the Website server of Self-certified, otherwise judgement http response is not carried out the Website server of Self-certified.
Note: browser side can be carried out record to the information of the HTTP request sending, as information such as the URL of this HTTP request and timestamps.
S312: confirm that the data return are the web page contents that really will access, and by this Web page content revealing to request end (as browser client).
S314: confirm that the data of returning are web page contents of forging, prompting browser client is abnormal.
When not carrying out the Website server of Self-certified according to decryption information judgement http response, generate the information of access exception, and this information is showed to user.
From the above mentioned, the embodiment of the present invention provides a kind of novel secure HTTP communication mechanism, make only have preset the browser and server of safe public private key pair could successfully realize the encryption and decryption operation of communication, solve the poor problem of internet security of not supporting HTTPS website to cause due to browser in prior art, guaranteed the fail safe of network communication; And the embodiment of the present invention is screened the website of request access; only to carrying out the website of safeguard protection, carry out the encryption and decryption operation of data; solve existing HTTPS and each communication data is encrypted to the slow problem of communication speed causing; reduce the data volume that needs processing and transmission, improved communication speed.
And the communication mechanism of the secure HTTP that the embodiment of the present invention provides, is guaranteeing under the prerequisite of network security, do not need handshake operation flow process, solve the each communication of existing HTTPS and all must shake hands that the communication that causes is complicated, slow-footed problem, simplified communication flow, improved communication speed.
Some Internet Service Providers often maliciously distort to return results even and forge and return results.The scene that another embodiment of the present invention is tampered for the webpage in CDNS illustrates the technique effect that the method that web page contents is authenticated of this programme reaches.Distorting of this webpage, is in fact that the HTTP request of browser has been intercepted, and this HTTP request does not send to the Website server of request access, and Website server does not know that browser sent request.In HTTP request, enter after network, by route, domain name mapping or Virtual network operator, directly forged HTTP and returned results, issued browser.Referring to Fig. 4, the browse request that showing the embodiment of the present invention provides returns results page schematic diagram normally while accessing hao.360.cn website; Referring to Fig. 5, while showing the browse request access hao.360.cn website that the embodiment of the present invention provides, webpage is tampered returns results page schematic diagram.The content of pages that square frame marks in Fig. 5 can know, browse request access be hao.360.cn, the content that result is returned is to jump to a main frame (host) to be: the website of http://hbdnserror1.wo.com.cn.Use the solution of the present invention can effectively take precautions against the generation of problems, because returning results of forging cannot provide effective anti-counterfeiting information (enciphered message), browser can be judged the Website server returning results not from true request, can directly point out user error, guarantee the safety of network service.
Another embodiment of the present invention also provides a kind of browser 600, referring to Fig. 6, this browser 600 comprises public private key pair setting unit 610, anti-fake certificate start unit 612, false proof parameter set unit 614, receiving element 616, deciphering judging unit 618 and information display unit 620.Describe respectively below.
Public private key pair setting unit 610, is suitable for, in the Website server of website that needs anti-fake certificate, private key is set, and the PKI corresponding with private key in each Website server is set in browser side.Optionally, under a kind of mode, the different private key that the different web sites server of the present embodiment is used, corresponding browser side is stored respectively the different PKI corresponding from the private key of each Website server, to adapt to the demand of different web sites; Under another kind of mode, the identical private key that the different web sites server of the present embodiment is used, browser side is stored one and the corresponding PKI of this private key, thereby has reduced the data volume that browser side need to be stored, the cryptographic operation in convenient communication.
Anti-fake certificate start unit 612, is suitable for, when browser adnation becomes HTTP request, judging whether the website of this HTTP request access belongs to the website that needs anti-fake certificate.Optionally, anti-fake certificate start unit 612, be suitable for inquiring about the URL of website to be visited in HTTP request whether in the website url list of safeguarding, if, the website that judges described HTTP request access belongs to the website that needs anti-fake certificate, if not, the website that judges HTTP request access does not belong to the website that needs anti-fake certificate.
False proof parameter set unit 614, belongs to if be suitable for the website of HTTP request access the website that needs anti-fake certificate, adds after the false proof parameter of request in HTTP request, and this HTTP request is sent to corresponding Website server.Optionally, false proof parameter set unit 614, after being suitable for that the false proof parameter of request is added in the request bag of HTTP request, is directly sent to corresponding Website server by this HTTP request, or, this HTTP request is sent to corresponding Website server by transfer server.
Receiving element 616, is suitable for receiving the http response that Website server returns according to the false proof parameter of request, carries the enciphered message by the private key generation of website in this http response.Under a kind of mode, this enciphered message is that Website server utilizes the private key of website that the URL of HTTP request actual access webpage is encrypted and generated.Under another kind of mode, this enciphered message is that Website server utilizes the private key of website that the UTC timestamp of the URL of HTTP request actual access webpage and this HTTP request is encrypted and generated.
Deciphering judging unit 618, is suitable for utilizing the PKI of website to be decrypted the enciphered message in http response, according to decryption information, judges whether http response carrys out the Website server of Self-certified.Optionally, under a kind of mode, above-mentioned enciphered message is to utilize the private key of website that the URL of HTTP request actual access webpage is encrypted and generated.Deciphering judging unit 618 is also suitable for utilizing the PKI of website to be decrypted the enciphered message in http response, the URL of the actual access webpage that obtains decrypting; Whether the URL that judges actual access webpage is consistent with the URL of request access webpage in HTTP request, if so, judges that http response carrys out the Website server of Self-certified, and if not, judgement http response is not carried out the Website server of Self-certified.Under another kind of mode, above-mentioned enciphered message is to utilize the private key of website that the timestamp of the URL of HTTP request actual access webpage and http response is encrypted and generated.Deciphering judging unit 618, is also suitable for utilizing the PKI of website to be decrypted the enciphered message in http response, the URL of actual access webpage that obtains decrypting and the timestamp of http response; When the difference in the URL of actual access webpage and HTTP request between the timestamp of the consistent and http response of the URL of request access webpage and timestamp that HTTP asks is no more than predetermined difference threshold value, judgement http response is carried out the Website server of Self-certified, otherwise judgement http response is not carried out the Website server of Self-certified.
From the above mentioned, the embodiment of the present invention provides a kind of novel secure HTTP communication mechanism, make only have preset the browser and server of safe public private key pair could successfully realize the encryption and decryption operation of communication, solve the poor problem of internet security of not supporting HTTPS website to cause due to browser in prior art, guaranteed the fail safe of network communication; And the embodiment of the present invention is screened the website of request access; only to carrying out the website of safeguard protection, carry out the encryption and decryption operation of data; solve existing HTTPS and each communication data is encrypted to the slow problem of communication speed causing; reduce the data volume that needs processing and transmission, improved communication speed.
And the communication mechanism of the secure HTTP that the embodiment of the present invention provides, is guaranteeing under the prerequisite of network security, do not need handshake operation flow process, solve the each communication of existing HTTPS and all must shake hands that the communication that causes is complicated, slow-footed problem, simplified communication flow, improved communication speed.
The algorithm providing at this is intrinsic not relevant to any certain computer, virtual system or miscellaneous equipment with demonstration.Various general-purpose systems also can with based on using together with this teaching.According to description above, it is apparent constructing the desired structure of this type systematic.In addition, the present invention is not also for any certain programmed language.It should be understood that and can utilize various programming languages to realize content of the present invention described here, and the description of above language-specific being done is in order to disclose preferred forms of the present invention.
In the specification that provided herein, a large amount of details have been described.Yet, can understand, embodiments of the invention can not put into practice in the situation that there is no these details.In some instances, be not shown specifically known method, structure and technology, so that not fuzzy understanding of this description.
Similarly, be to be understood that, in order to simplify the disclosure and to help to understand one or more in each inventive aspect, in the above in the description of exemplary embodiment of the present invention, each feature of the present invention is grouped together into single embodiment, figure or sometimes in its description.Yet, the method for the disclosure should be construed to the following intention of reflection: the present invention for required protection requires than the more feature of feature of clearly recording in each claim.Or rather, as reflected in claims below, inventive aspect is to be less than all features of disclosed single embodiment above.Therefore, claims of following embodiment are incorporated to this embodiment thus clearly, and wherein each claim itself is as independent embodiment of the present invention.
Those skilled in the art are appreciated that and can the module in the equipment in embodiment are adaptively changed and they are arranged in one or more equipment different from this embodiment.Module in embodiment or unit or assembly can be combined into a module or unit or assembly, and can put them into a plurality of submodules or subelement or sub-component in addition.At least some in such feature and/or process or unit are mutually repelling, and can adopt any combination to combine all processes or the unit of disclosed all features in this specification (comprising claim, summary and the accompanying drawing followed) and disclosed any method like this or equipment.Unless clearly statement in addition, in this specification (comprising claim, summary and the accompanying drawing followed) disclosed each feature can be by providing identical, be equal to or the alternative features of similar object replaces.
In addition, those skilled in the art can understand, although embodiment more described herein comprise some feature rather than further feature included in other embodiment, the combination of the feature of different embodiment means within scope of the present invention and forms different embodiment.For example, in the following claims, the one of any of embodiment required for protection can be used with compound mode arbitrarily.
All parts embodiment of the present invention can realize with hardware, or realizes with the software module moved on one or more processor, or realizes with their combination.It will be understood by those of skill in the art that and can use in practice microprocessor or digital signal processor (DSP) to realize the some or all functions according to the some or all parts in the browser of the embodiment of the present invention.The present invention for example can also be embodied as, for carrying out part or all equipment or device program (, computer program and computer program) of method as described herein.Realizing program of the present invention and can be stored on computer-readable medium like this, or can there is the form of one or more signal.Such signal can be downloaded and obtain from internet website, or provides on carrier signal, or provides with any other form.
It should be noted above-described embodiment the present invention will be described rather than limit the invention, and those skilled in the art can design alternative embodiment in the situation that do not depart from the scope of claims.In the claims, any reference symbol between bracket should be configured to limitations on claims.Word " comprises " not to be got rid of existence and is not listed as element or step in the claims.Being positioned at word " " before element or " one " does not get rid of and has a plurality of such elements.The present invention can be by means of including the hardware of some different elements and realizing by means of the computer of suitably programming.In having enumerated the unit claim of some devices, several in these devices can be to carry out imbody by same hardware branch.The use of word first, second and C grade does not represent any order.Can be title by these word explanations.
The embodiment of the invention also discloses A1, a kind of method that web page contents is authenticated, comprising:
In the Website server of website that needs anti-fake certificate, private key is set, and the PKI corresponding with private key in each Website server is set in browser side;
When browser adnation becomes HTML (Hypertext Markup Language) HTTP request, judge whether the website of this HTTP request access belongs to the website that needs anti-fake certificate;
If the website of described HTTP request access belongs to the website that needs anti-fake certificate, in described HTTP request, add after the false proof parameter of request, this HTTP request is sent to corresponding Website server;
Receive the http response that described Website server returns according to the false proof parameter of described request, in this http response, carry the enciphered message by the private key generation of website;
Utilize the PKI of described website to be decrypted the enciphered message in described http response, according to decryption information, judge whether described http response carrys out the Website server of Self-certified.
A2, according to the method described in 1, wherein, whether the described website that judges this HTTP request access belongs to needs the website of anti-fake certificate to comprise:
Inquire about the URL of website to be visited in described HTTP request whether in the website url list of safeguarding, if, the website that judges described HTTP request access belongs to the website that needs anti-fake certificate, if not, judges that the website of described HTTP request access does not belong to the website that needs anti-fake certificate.
A3, according to the method described in A1, wherein, described interpolation in described HTTP request after the false proof parameter of request, is sent to corresponding Website server by this HTTP request and comprises:
After the false proof parameter of described request being added in the request bag of HTTP request, this HTTP request is directly sent to corresponding Website server, or, this HTTP request is sent to corresponding Website server by transfer server.
A4, according to the method described in A1, wherein, described enciphered message is that the private key that utilizes website is encrypted and generated the URL of described HTTP request actual access webpage,
The described PKI of described website that utilizes is decrypted the enciphered message in described http response, according to decryption information, confirms that described http response comes the Website server of Self-certified to comprise:
Utilize the PKI of described website to be decrypted the enciphered message in described http response, the URL of the actual access webpage that obtains decrypting;
Whether the URL that judges described actual access webpage is consistent with the URL of request access webpage in described HTTP request, if so, judges that described http response carrys out the Website server of Self-certified, if not, judges that described http response do not carry out the Website server of Self-certified.
A5, according to the method described in A1, wherein, described enciphered message is that the private key that utilizes website is encrypted and generated the timestamp of the URL of described HTTP request actual access webpage and described http response;
The described PKI of described website that utilizes is decrypted the enciphered message in described http response, according to decryption information, confirms that described http response comes the Website server of Self-certified to comprise:
Utilize the PKI of described website to be decrypted the enciphered message in described http response, the URL of actual access webpage that obtains decrypting and the timestamp of described http response;
When the difference between the timestamp that the timestamp of the consistent and described http response of the URL of request access webpage and described HTTP ask in the URL of described actual access webpage and described HTTP request is no more than predetermined difference threshold value, judge that described http response carrys out the Website server of Self-certified, otherwise, judge that described http response do not carry out the Website server of Self-certified.
A6, according to the method described in A1, wherein, described method also comprises:
When judging that according to decryption information described http response is not carried out the Website server of Self-certified, generate the information of access exception, and this information is showed to user.
The embodiment of the invention also discloses B7, a kind of browser, comprising:
Public private key pair setting unit, is suitable for, in the Website server of website that needs anti-fake certificate, private key is set, and the PKI corresponding with private key in each Website server is set in browser side;
Anti-fake certificate start unit, is suitable for, when browser adnation becomes HTML (Hypertext Markup Language) HTTP request, judging whether the website of this HTTP request access belongs to the website that needs anti-fake certificate;
False proof parameter set unit, belongs to if be suitable for the website of described HTTP request access the website that needs anti-fake certificate, in described HTTP request, adds after the false proof parameter of request, and this HTTP request is sent to corresponding Website server;
Receiving element, is suitable for receiving the http response that described Website server returns according to the false proof parameter of described request, carries the enciphered message by the private key generation of website in this http response;
Deciphering judging unit, is suitable for utilizing the PKI of described website to be decrypted the enciphered message in described http response, according to decryption information, judges whether described http response carrys out the Website server of Self-certified.
B8, according to the browser described in B7, wherein, described anti-fake certificate start unit, be suitable for inquiring about the URL of website to be visited in described HTTP request whether in the website url list of safeguarding, if, the website that judges described HTTP request access belongs to the website that needs anti-fake certificate, if not, judges that the website of described HTTP request access does not belong to the website that needs anti-fake certificate.
B9, according to the browser described in B7, wherein, described false proof parameter set unit, after being suitable for that the false proof parameter of described request is added in the request bag of HTTP request, this HTTP request is directly sent to corresponding Website server, or, this HTTP request is sent to corresponding Website server by transfer server.
B10, according to the browser described in B7, wherein, described enciphered message is that the private key that utilizes website is encrypted and generated the URL of described HTTP request actual access webpage,
Described deciphering judging unit, is suitable for utilizing the PKI of described website to be decrypted the enciphered message in described http response, the URL of the actual access webpage that obtains decrypting; Whether the URL that judges described actual access webpage is consistent with the URL of request access webpage in described HTTP request, if so, judges that described http response carrys out the Website server of Self-certified, if not, judges that described http response do not carry out the Website server of Self-certified.
B11, according to the browser described in B7, wherein, described enciphered message is that the private key that utilizes website is encrypted and generated the timestamp of the URL of described HTTP request actual access webpage and described http response;
Described deciphering judging unit, is suitable for utilizing the PKI of described website to be decrypted the enciphered message in described http response, the URL of actual access webpage that obtains decrypting and the timestamp of described http response; When the difference between the timestamp that the timestamp of the consistent and described http response of the URL of request access webpage and described HTTP ask in the URL of described actual access webpage and described HTTP request is no more than predetermined difference threshold value, judge that described http response carrys out the Website server of Self-certified, otherwise, judge that described http response do not carry out the Website server of Self-certified.
B12, according to the browser described in B7, wherein, described browser also comprises information display unit, is suitable for when judging that according to decryption information described http response is not carried out the Website server of Self-certified, generate the information of access exception, and this information is showed to user.
Claims (10)
1. method web page contents being authenticated, comprising:
In the Website server of website that needs anti-fake certificate, private key is set, and the PKI corresponding with private key in each Website server is set in browser side;
When browser adnation becomes HTML (Hypertext Markup Language) HTTP request, judge whether the website of this HTTP request access belongs to the website that needs anti-fake certificate;
If the website of described HTTP request access belongs to the website that needs anti-fake certificate, in described HTTP request, add after the false proof parameter of request, this HTTP request is sent to corresponding Website server;
Receive the http response that described Website server returns according to the false proof parameter of described request, in this http response, carry the enciphered message by the private key generation of website;
Utilize the PKI of described website to be decrypted the enciphered message in described http response, according to decryption information, judge whether described http response carrys out the Website server of Self-certified.
2. method according to claim 1, wherein, whether the described website that judges this HTTP request access belongs to needs the website of anti-fake certificate to comprise:
Inquire about the URL of website to be visited in described HTTP request whether in the website url list of safeguarding, if, the website that judges described HTTP request access belongs to the website that needs anti-fake certificate, if not, judges that the website of described HTTP request access does not belong to the website that needs anti-fake certificate.
3. method according to claim 1 wherein, is describedly added after the false proof parameter of request in described HTTP request, this HTTP request is sent to corresponding Website server and comprises:
After the false proof parameter of described request being added in the request bag of HTTP request, this HTTP request is directly sent to corresponding Website server, or, this HTTP request is sent to corresponding Website server by transfer server.
4. method according to claim 1, wherein, described enciphered message is to utilize the private key of website that the URL of described HTTP request actual access webpage is encrypted and generated,
The described PKI of described website that utilizes is decrypted the enciphered message in described http response, according to decryption information, confirms that described http response comes the Website server of Self-certified to comprise:
Utilize the PKI of described website to be decrypted the enciphered message in described http response, the URL of the actual access webpage that obtains decrypting;
Whether the URL that judges described actual access webpage is consistent with the URL of request access webpage in described HTTP request, if so, judges that described http response carrys out the Website server of Self-certified, if not, judges that described http response do not carry out the Website server of Self-certified.
5. method according to claim 1, wherein, described enciphered message is to utilize the private key of website that the timestamp of the URL of described HTTP request actual access webpage and described http response is encrypted and generated;
The described PKI of described website that utilizes is decrypted the enciphered message in described http response, according to decryption information, confirms that described http response comes the Website server of Self-certified to comprise:
Utilize the PKI of described website to be decrypted the enciphered message in described http response, the URL of actual access webpage that obtains decrypting and the timestamp of described http response;
When the difference between the timestamp that the timestamp of the consistent and described http response of the URL of request access webpage and described HTTP ask in the URL of described actual access webpage and described HTTP request is no more than predetermined difference threshold value, judge that described http response carrys out the Website server of Self-certified, otherwise, judge that described http response do not carry out the Website server of Self-certified.
6. method according to claim 1, wherein, described method also comprises:
When judging that according to decryption information described http response is not carried out the Website server of Self-certified, generate the information of access exception, and this information is showed to user.
7. a browser, comprising:
Public private key pair setting unit, is suitable for, in the Website server of website that needs anti-fake certificate, private key is set, and the PKI corresponding with private key in each Website server is set in browser side;
Anti-fake certificate start unit, is suitable for, when browser adnation becomes HTML (Hypertext Markup Language) HTTP request, judging whether the website of this HTTP request access belongs to the website that needs anti-fake certificate;
False proof parameter set unit, belongs to if be suitable for the website of described HTTP request access the website that needs anti-fake certificate, in described HTTP request, adds after the false proof parameter of request, and this HTTP request is sent to corresponding Website server;
Receiving element, is suitable for receiving the http response that described Website server returns according to the false proof parameter of described request, carries the enciphered message by the private key generation of website in this http response;
Deciphering judging unit, is suitable for utilizing the PKI of described website to be decrypted the enciphered message in described http response, according to decryption information, judges whether described http response carrys out the Website server of Self-certified.
8. browser according to claim 7, wherein, described anti-fake certificate start unit, be suitable for inquiring about the URL of website to be visited in described HTTP request whether in the website url list of safeguarding, if, the website that judges described HTTP request access belongs to the website that needs anti-fake certificate, if not, judges that the website of described HTTP request access does not belong to the website that needs anti-fake certificate.
9. browser according to claim 7, wherein, described false proof parameter set unit, after being suitable for that the false proof parameter of described request is added in the request bag of HTTP request, this HTTP request is directly sent to corresponding Website server, or, this HTTP request is sent to corresponding Website server by transfer server.
10. browser according to claim 7, wherein, described enciphered message is to utilize the private key of website that the URL of described HTTP request actual access webpage is encrypted and generated,
Described deciphering judging unit, is suitable for utilizing the PKI of described website to be decrypted the enciphered message in described http response, the URL of the actual access webpage that obtains decrypting; Whether the URL that judges described actual access webpage is consistent with the URL of request access webpage in described HTTP request, if so, judges that described http response carrys out the Website server of Self-certified, if not, judges that described http response do not carry out the Website server of Self-certified.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310582960.9A CN103634307A (en) | 2013-11-19 | 2013-11-19 | Method for certificating webpage content and browser |
| PCT/CN2014/091468 WO2015074547A1 (en) | 2013-11-19 | 2014-11-18 | Method for authenticating webpage content and browser |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310582960.9A CN103634307A (en) | 2013-11-19 | 2013-11-19 | Method for certificating webpage content and browser |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103634307A true CN103634307A (en) | 2014-03-12 |
Family
ID=50214935
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310582960.9A Pending CN103634307A (en) | 2013-11-19 | 2013-11-19 | Method for certificating webpage content and browser |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN103634307A (en) |
| WO (1) | WO2015074547A1 (en) |
Cited By (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103944900A (en) * | 2014-04-18 | 2014-07-23 | 中国科学院计算技术研究所 | Cross-station request attack defense method and device based on encryption |
| CN104506518A (en) * | 2014-12-22 | 2015-04-08 | 中软信息系统工程有限公司 | Identity authentication method for access control of MIPS (Million Instructions Per Second) platform network system |
| WO2015074547A1 (en) * | 2013-11-19 | 2015-05-28 | 北京奇虎科技有限公司 | Method for authenticating webpage content and browser |
| WO2015158228A1 (en) * | 2014-04-15 | 2015-10-22 | 中国银联股份有限公司 | Server, user equipment, and method for user equipment to interact with server |
| CN105187389A (en) * | 2015-08-07 | 2015-12-23 | 北京思特奇信息技术股份有限公司 | Webpage access method and system based on digital mixed encryption |
| CN105516208A (en) * | 2016-01-28 | 2016-04-20 | 邱铭钗 | WEB site link dynamic hiding method and device capable of effectively preventing network attacks |
| TWI569166B (en) * | 2016-01-05 | 2017-02-01 | 精品科技股份有限公司 | Data verification method |
| CN106533665A (en) * | 2016-10-31 | 2017-03-22 | 北京百度网讯科技有限公司 | Method, system and device for storing website private key plaintext |
| CN106991334A (en) * | 2016-11-24 | 2017-07-28 | 阿里巴巴集团控股有限公司 | A kind of method, system and device of data access |
| CN107295024A (en) * | 2017-08-24 | 2017-10-24 | 四川长虹电器股份有限公司 | It is a kind of to realize the method that web front end is landed safely and accessed |
| CN108400953A (en) * | 2017-02-06 | 2018-08-14 | 中兴通讯股份有限公司 | Control terminal is surfed the Internet and the method for terminal online, router device and terminal |
| CN110149354A (en) * | 2018-02-12 | 2019-08-20 | 北京京东尚科信息技术有限公司 | A kind of encryption and authentication method and device based on https agreement |
| CN110247762A (en) * | 2019-06-20 | 2019-09-17 | 江西金格科技股份有限公司 | A kind of reliable website building method based on SM9 algorithm |
| CN111385270A (en) * | 2018-12-29 | 2020-07-07 | 北京奇虎科技有限公司 | WAF-based network attack detection method and device |
| CN111917787A (en) * | 2020-08-06 | 2020-11-10 | 北京奇艺世纪科技有限公司 | Request detection method and device, electronic equipment and computer-readable storage medium |
| CN115333748A (en) * | 2022-07-26 | 2022-11-11 | 深圳市明源云科技有限公司 | Anti-counterfeiting communication method, system, electronic device and computer readable storage medium |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109918871A (en) * | 2019-03-14 | 2019-06-21 | 福建深空信息技术有限公司 | A kind of the order delivery method and system of information security software |
| CN111680233B (en) * | 2020-06-08 | 2023-08-29 | 北京明略昭辉科技有限公司 | Method and device for generating landing page website, storage medium and electronic equipment |
| CN112039662A (en) * | 2020-08-26 | 2020-12-04 | 山谷网安科技股份有限公司 | Symmetric encryption transmission method for sensitive data in Web application webpage of secret-related unit |
| CN115442438B (en) * | 2022-11-08 | 2023-03-24 | 深圳市华曦达科技股份有限公司 | Data caching method, system and storage medium based on web browser |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101155028A (en) * | 2006-09-26 | 2008-04-02 | 阿里巴巴公司 | Method and system for safe login of website |
| CN103108037A (en) * | 2013-01-22 | 2013-05-15 | 华为技术有限公司 | Communication method, Web server and Web communication system |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103634307A (en) * | 2013-11-19 | 2014-03-12 | 北京奇虎科技有限公司 | Method for certificating webpage content and browser |
-
2013
- 2013-11-19 CN CN201310582960.9A patent/CN103634307A/en active Pending
-
2014
- 2014-11-18 WO PCT/CN2014/091468 patent/WO2015074547A1/en active Application Filing
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101155028A (en) * | 2006-09-26 | 2008-04-02 | 阿里巴巴公司 | Method and system for safe login of website |
| CN103108037A (en) * | 2013-01-22 | 2013-05-15 | 华为技术有限公司 | Communication method, Web server and Web communication system |
Cited By (24)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2015074547A1 (en) * | 2013-11-19 | 2015-05-28 | 北京奇虎科技有限公司 | Method for authenticating webpage content and browser |
| CN105024813B (en) * | 2014-04-15 | 2018-06-22 | 中国银联股份有限公司 | A kind of exchange method of server, user equipment and user equipment and server |
| WO2015158228A1 (en) * | 2014-04-15 | 2015-10-22 | 中国银联股份有限公司 | Server, user equipment, and method for user equipment to interact with server |
| CN105024813A (en) * | 2014-04-15 | 2015-11-04 | 中国银联股份有限公司 | Server, user equipment and interactive method of the user equipment and the server |
| CN103944900A (en) * | 2014-04-18 | 2014-07-23 | 中国科学院计算技术研究所 | Cross-station request attack defense method and device based on encryption |
| CN104506518A (en) * | 2014-12-22 | 2015-04-08 | 中软信息系统工程有限公司 | Identity authentication method for access control of MIPS (Million Instructions Per Second) platform network system |
| CN104506518B (en) * | 2014-12-22 | 2018-07-24 | 中软信息系统工程有限公司 | The identity identifying method of MIPS platform network system access controls |
| CN105187389A (en) * | 2015-08-07 | 2015-12-23 | 北京思特奇信息技术股份有限公司 | Webpage access method and system based on digital mixed encryption |
| CN105187389B (en) * | 2015-08-07 | 2019-01-04 | 北京思特奇信息技术股份有限公司 | A kind of Web access method and system for obscuring encryption based on number |
| TWI569166B (en) * | 2016-01-05 | 2017-02-01 | 精品科技股份有限公司 | Data verification method |
| CN105516208A (en) * | 2016-01-28 | 2016-04-20 | 邱铭钗 | WEB site link dynamic hiding method and device capable of effectively preventing network attacks |
| CN105516208B (en) * | 2016-01-28 | 2018-09-28 | 邱铭钗 | A kind of WEB web site url dynamic hidden methods effectivelying prevent network attack |
| CN106533665A (en) * | 2016-10-31 | 2017-03-22 | 北京百度网讯科技有限公司 | Method, system and device for storing website private key plaintext |
| CN106991334B (en) * | 2016-11-24 | 2021-03-02 | 创新先进技术有限公司 | Data access method, system and device |
| CN106991334A (en) * | 2016-11-24 | 2017-07-28 | 阿里巴巴集团控股有限公司 | A kind of method, system and device of data access |
| CN108400953A (en) * | 2017-02-06 | 2018-08-14 | 中兴通讯股份有限公司 | Control terminal is surfed the Internet and the method for terminal online, router device and terminal |
| CN107295024A (en) * | 2017-08-24 | 2017-10-24 | 四川长虹电器股份有限公司 | It is a kind of to realize the method that web front end is landed safely and accessed |
| CN110149354A (en) * | 2018-02-12 | 2019-08-20 | 北京京东尚科信息技术有限公司 | A kind of encryption and authentication method and device based on https agreement |
| CN111385270A (en) * | 2018-12-29 | 2020-07-07 | 北京奇虎科技有限公司 | WAF-based network attack detection method and device |
| CN110247762A (en) * | 2019-06-20 | 2019-09-17 | 江西金格科技股份有限公司 | A kind of reliable website building method based on SM9 algorithm |
| CN111917787A (en) * | 2020-08-06 | 2020-11-10 | 北京奇艺世纪科技有限公司 | Request detection method and device, electronic equipment and computer-readable storage medium |
| CN111917787B (en) * | 2020-08-06 | 2023-07-21 | 北京奇艺世纪科技有限公司 | Request detection method, request detection device, electronic equipment and computer readable storage medium |
| CN115333748A (en) * | 2022-07-26 | 2022-11-11 | 深圳市明源云科技有限公司 | Anti-counterfeiting communication method, system, electronic device and computer readable storage medium |
| CN115333748B (en) * | 2022-07-26 | 2023-10-10 | 深圳市明源云科技有限公司 | Anti-counterfeiting communication method, system, electronic equipment and computer readable storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2015074547A1 (en) | 2015-05-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103634307A (en) | Method for certificating webpage content and browser | |
| CN100581103C (en) | Securely processing of client credentials used for WEB-based access to resources | |
| US10129254B2 (en) | Automated provisioning of a network appliance | |
| US8185942B2 (en) | Client-server opaque token passing apparatus and method | |
| US20090077373A1 (en) | System and method for providing verified information regarding a networked site | |
| CN101860540B (en) | Method and device for identifying legality of website service | |
| CN110768940B (en) | Ciphertext data management and control method and system based on HTTPS (Hypertext transfer protocol secure) protocol, proxy server and storage medium | |
| CN104580172A (en) | Data communication method and device based on https (hypertext transfer protocol over secure socket layer) | |
| CN109413060A (en) | Message processing method, device, equipment and storage medium | |
| CN103634399A (en) | Method and device for realizing cross-domain data transmission | |
| CN106331042B (en) | Single sign-on method and device for heterogeneous user system | |
| CA2986401C (en) | Authenticating a system based on a certificate | |
| US20170317836A1 (en) | Service Processing Method and Apparatus | |
| CN105516066A (en) | Method and device for identifying existence of intermediary | |
| CN113364781A (en) | Request processing method and system | |
| WO2007078037A1 (en) | Web page protection method employing security appliance and set-top box having the security appliance built therein | |
| CN114124441A (en) | JWT (just-before-wt) -based client authentication method and system | |
| CN107026828A (en) | A kind of anti-stealing link method cached based on internet and internet caching | |
| CA2793422C (en) | Hypertext link verification in encrypted e-mail for mobile devices | |
| CN104811421A (en) | Secure communication method and secure communication device based on digital rights management | |
| CN106257483B (en) | Processing method, equipment and the system of electronic data | |
| CN103297464B (en) | The acquisition methods of programme information and device | |
| CN105516161A (en) | Method and system for safely obtaining http request | |
| CN106464684B (en) | Service processing method and device | |
| CN107209751B (en) | Service processing method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20140312 |