CN105765941A - Illegal access server prevention method and device - Google Patents

Illegal access server prevention method and device Download PDF

Info

Publication number
CN105765941A
CN105765941A CN201580002054.4A CN201580002054A CN105765941A CN 105765941 A CN105765941 A CN 105765941A CN 201580002054 A CN201580002054 A CN 201580002054A CN 105765941 A CN105765941 A CN 105765941A
Authority
CN
China
Prior art keywords
required parameter
parameter
access request
digital signature
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201580002054.4A
Other languages
Chinese (zh)
Inventor
刘均
杨唐鹤
陈明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Launch Technology Co Ltd
Original Assignee
Hesvit Health Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hesvit Health Technology Co Ltd filed Critical Hesvit Health Technology Co Ltd
Publication of CN105765941A publication Critical patent/CN105765941A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0478Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

An illegal access server prevention method and device. The mehtod includes the steps of: requesting a parameter from a frist access requirement to a server by an intelligent terminal; encrypting the parameter through a MD5 algorithm to generate a first digital signature series; packaigng the first digital signature series in the first frist access requirement to send the frist access requirement to the server; receiving and packaging a second aceess requirement having hte first digital signature series; depackaging the parameter encryption from the second aceess requirement through the MD5 algorithm to geneate a second digital signature series, and determining whether the two digital signature serieses are same, if true, determining the second access requirement is the first access requirement and allowing the intelligetn terminal to access by the server.

Description

A kind of unauthorized access server prevention method and device
Technical field
The present invention relates to communication field, particularly to a kind of unauthorized access server prevention method and device.
Background technology
At present, major part APP software is all that the structure combined with client and server is developed.Client End refers mainly to intelligent terminal APP software, and server is mainly used to access the mutual data of APP.Visitor now Family end is all to realize by the way of http with the interactive interface major part of server, but, now with a lot Packet catcher, it can grab the request connection that APP client sends, distort the parameter letter in request connection Breath, but server can not identify that after distorting, request connection is the most legal, thus respond the request after distorting, And cause other people to obtain the information that user stores in the server, cause leaking of personal information.
Summary of the invention
Embodiment of the present invention technical problem to be solved is, it is provided that a kind of unauthorized access server side of preventing Method and device, it is possible to identify that request is the most legal, it is to avoid user profile leaks.
The invention provides a kind of unauthorized access server prevention method, including:
Intelligent terminal obtains required parameter, and wherein, described required parameter is that described intelligent terminal prepares to service The parameter carried in the first access request that device sends, described required parameter comprises described intelligent terminal with described The parameter of the interface of server communication;
The encryption of described required parameter is generated the first digital signature string by MD5 algorithm by described intelligent terminal, and Described first digital signature string is encapsulated in described first access request, with by described first access request to Described server sends;
Described server receives second access request with described first digital signature string, and from described second In access request, decapsulation obtains required parameter;
Described server will decapsulate, from described second access request, the request obtained by described MD5 algorithm Parameter encryption generates the second digital signature string;
Described server judges that described first digital signature string is the most consistent with described second digital signature string, as Fruit is, then judge to be described first access request according to described second access request, and described server allows Described intelligent terminal conducts interviews.
Alternatively, described required parameter includes comprising the described intelligent terminal interface with described server communication Parameter in interior multiple parameters, described intelligent terminal by MD5 algorithm by described required parameter encryption generation the One digital signature string includes:
Multiple parameters in described required parameter are coupled together by predetermined symbol.
Alternatively, described required parameter include application software mark, software version number, International Language coding, The parameter of interface.
Alternatively, described multiple parameters in described required parameter being coupled together by predetermined symbol is gone back before Including:
Multiple parameters in described required parameter are arranged according to preset order.
Alternatively, the multiple parameters in described required parameter include according to preset order arrangement:
Multiple parameters in described required parameter are arranged in alphabetical order.
A kind of anti-locking apparatus of unauthorized access server, including:
Acquiring unit, is used for obtaining required parameter, and wherein, described required parameter is that described intelligent terminal prepares The parameter carried in the first access request that server sends, described required parameter comprises described intelligent terminal Parameter with the interface of described server communication;
Generate encapsulation unit, for the encryption of described required parameter being generated the first digital signature by MD5 algorithm String, and described first digital signature string is encapsulated in described first access request;
Transmitting element, for sending described first access request to described server;
Receive unit, for receiving second access request with described first digital signature string, and from described In second access request, decapsulation obtains required parameter;
Deblocking signal generating unit, for will decapsulate by described MD5 algorithm from described second access request The required parameter encryption arrived generates the second digital signature string;
Judging unit, is used for judging that described first digital signature string is the most consistent with described second digital signature string, If it is, judge to be described first access request according to described second access request, described server is permitted Permitted described intelligent terminal to conduct interviews.
Alternatively, described required parameter includes comprising the described intelligent terminal interface with described server communication Parameter is additionally operable at interior multiple parameters, described generation encapsulation unit,
Multiple parameters in described required parameter are coupled together by predetermined symbol.
Alternatively, described required parameter include application software mark, software version number, International Language coding, The parameter of interface.
Alternatively, described generation encapsulation unit is additionally operable to,
Multiple parameters in described required parameter are arranged according to preset order.
Alternatively, the multiple parameters in described required parameter include according to preset order arrangement:
Multiple parameters in described required parameter are arranged in alphabetical order.
Foregoing invention, intelligent terminal is obtained required parameter, and required parameter encryption is generated by MD5 algorithm First digital signature string, and the first digital signature string is encapsulated in the first access request, accessing first please Ask and send to server;Server receives second access request with the first digital signature string, and from second In access request, decapsulation obtains required parameter, and will be decapsulated from the second access request by MD5 algorithm The required parameter encryption obtained generates the second digital signature string, it is judged that the first digital signature string and the second numeral are signed Name string is the most consistent, if it is, judge to be the first access request, server according to the second access request Permission intelligent terminal conducts interviews.It is capable of identify that request is the most legal by said method, it is to avoid user profile Leak.
Accompanying drawing explanation
In order to be illustrated more clearly that the embodiment of the present invention or technical scheme of the prior art, below will be to enforcement In example, the required accompanying drawing used is briefly described, it should be apparent that, the accompanying drawing in describing below is only Some embodiments of the present invention, for those of ordinary skill in the art, are not paying creative work Under premise, it is also possible to obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 is the flow chart of the present invention a kind of unauthorized access server prevention method embodiment;
Fig. 2 is the structural representation that the present invention a kind of unauthorized access server prevents device embodiments.
Detailed description of the invention
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clearly Chu, be fully described by, it is clear that described embodiment be only a part of embodiment of the present invention rather than Whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art are not making creation The every other embodiment obtained under property work premise, broadly falls into the scope of protection of the invention.
Refer to the flow chart that Fig. 1, Fig. 1 are the present invention a kind of unauthorized access server prevention method embodiments. The method includes:
Step S101: intelligent terminal obtains required parameter.
Intelligent terminal is to realize in http mode with the interactive interface major part of server.Http request mode has two Kind, one is GET mode, required parameter can with "?" follow after request resource as separator;Separately One is POST mode, and required parameter has been placed on rearmost position.
Specifically, required parameter is that intelligent terminal prepares to carry in the first access request that server sends Parameter, this required parameter comprises the parameter of intelligent terminal and the interface of server communication, including application software mark Knowledge, software version number, International Language coding, the parameter etc. of interface, application software mark is used to indicate that One symbol of application software, the corresponding unique identification number of each application software;Software version number is software name Claim below some English and digital, for the mark of software version;International Language coding is for representing document Speech encoding;Interface is the passage communicated between intelligent terminal with server, and the parameter of interface contains to send and asks The user profile asked.Intelligent terminal can obtain required parameter by request object reference correlation technique.
Step S102: required parameter encryption is generated the first digital signature string by MD5 algorithm by intelligent terminal, And this first digital signature string is encapsulated in the first access request.
Some numbers that digital signature (also known as public key digital signature, Electronic Signature) is attached in data cell According to, or the cryptographic transformation that data cell is made.This data or conversion allow the recipient of data cell In order to the integrality in the source and data cell that confirm data cell and protect data, prevent from being carried out puppet by other people Make, be also simultaneously the valid certificates sending information authenticity of the sender to information.It is to electronics shape The message of formula carries out a kind of method signed, and a signature information can be transmitted in a communication network.
MD5 (Message Digest Algorithm 5) (Chinese entitled Message Digest Algorithm 5) is meter The widely used a kind of hash function in calculation machine security fields, in order to provide the integrity protection of message.MD5 is just Can be that any file (regardless of its size, form, quantity) produces a same unique MD5 value, Being referred to as " digital finger-print ", if file has been done any change by anyone, its MD5 value is namely Corresponding " digital finger-print " all can change.
Specifically, required parameter can comprise multiple parameter, and intelligent terminal can choose part therein or complete Portion's parameter, generates the first digital signature by MD5 algorithm by the part or all of parameter encryption in required parameter String, the first digital signature string is " digital finger-print " of this required parameter, complete for protection request parameter, Then, this first digital signature string is encapsulated in the first access request.
It should be noted that before encryption can be suitable according to presetting by multiple parameters of MD5 algorithm for encryption Sequence arranges, such as by multiple parameters according to the alphabetical order of initial, it is also possible to by multiple parameters company Connecing symbol multiple parameters to be coupled together, this bound symbol can be specific letter, numeral or symbol etc.. For example, it is assumed that appID=ebcad75de0d42a844d98a755644e30 (the unique mark of application in required parameter Know number), softwareVersion=1.0.1 (software version number), lanCode=zh-cn (International Language coding), RestKey=user.login (parameter of interface), before carrying out md5 encryption, according to the parameter before equal sign It is alphabetically sorted, and connects the required parameter appID=after obtaining sequence connection with & symbol Ebcad75de0d42a844d98a755644e30&lanCode=zh-cn&restKey=use r.login&software Version=1.0.1, the required parameter after then connecting sequence carries out md5 encryption, obtains the first numeral and signs Name string.
Step S103: intelligent terminal sends the first access request to server.
Specifically, intelligent terminal can pass through wired network, wireless network or mobile network etc. and sends the to server One access request.
Step S104: server receives second access request with the first digital signature string, and visits from second Ask that in request, decapsulation obtains required parameter.
Specifically, server not can determine that second access request with the first digital signature string received is No is the first access request, and the required parameter in the first access request is likely to be modified, and server connects Receive and there is the second access request of the first digital signature string, and from the second access request decapsulation obtain this The required parameter that two access request are comprised.
Step S105: server is joined decapsulating the request obtained from the second access request by MD5 algorithm Number encryption generates the second digital signature string.
Specifically, the second access request decapsulates the required parameter obtained and can comprise multiple parameter, service Device can choose part or all of parameter therein, it should be noted that the part or complete selected by server The part or all of parameter type that portion's parameter is chosen with intelligent terminal in step S102 is consistent, is calculated by MD5 Part or all of parameter in required parameter is encrypted and is generated the second digital signature string by method, in addition it is also necessary to explanation, MD5 algorithm in step S105 is consistent with the MD5 algorithm in step S102.
Also, it should be noted in step S102, if added by multiple parameters of MD5 algorithm for encryption Arranging according to preset order before close, then in step S105, server is many by MD5 algorithm for encryption It is also required to before individual parameter according to the preset order arrangement identical with step S102.
Step S106: server judges that the first digital signature string and the second digital signature string are the most consistent.
Specifically, server judges that the first digital signature string and the second digital signature string are the most consistent, if it is, Then the second access request is the first access request, and this first access request is not tampered with, for legitimate request, Permission intelligent terminal conducts interviews;Otherwise, the second access request is not the first access request, this first access Request is tampered, for illegal request, does not allow this intelligent terminal to conduct interviews.
Specifically, intelligent terminal drawn by MD5 algorithm according to the required parameter in the first access request One digital signature string is unique, and the process of md5 encryption is irreversible.When the first access request quilt After other people obtain and are revised as the second access request, wherein, the required parameter in the second access request and first Required parameter in access request is inconsistent, and the parameter of they interfaces is different.MD5 algorithm is according to request ginseng The digital signature string that the content-encrypt of number generates, after required parameter changes, is generated by MD5 algorithm Digital signature string also will change.After server receives the second access request, if the second access request In required parameter and required parameter in the first access request inconsistent, then according in the second access request Required parameter obtained by the second digital signature string and the first digital signature string inconsistent.It is known that, Have hacker to be intended to grab, by packet catcher, the request that APP client sends to connect to obtain user in service The information stored in device.
Step S107: allow intelligent terminal to conduct interviews.
Specifically, if the first digital signature string and the second digital signature string are consistent, then the second access request is i.e. Being the first access request, this first access request is not tampered with, for legitimate request, it is allowed to intelligent terminal is carried out Access.
Foregoing invention, intelligent terminal is obtained required parameter, and required parameter encryption is generated by MD5 algorithm First digital signature string, and the first digital signature string is encapsulated in the first access request, accessing first please Ask and send to server;Server receives second access request with the first digital signature string, and from second In access request, decapsulation obtains required parameter, and will be decapsulated from the second access request by MD5 algorithm The required parameter encryption obtained generates the second digital signature string, it is judged that the first digital signature string and the second numeral are signed Name string is the most consistent, if it is, judge to be the first access request, server according to the second access request Permission intelligent terminal conducts interviews.It is capable of identify that request is the most legal by said method, it is to avoid user profile Leak.
Referring to Fig. 2, Fig. 2 is that the present invention a kind of unauthorized access server prevents the structure of device embodiments from showing Be intended to, this device 200 includes: acquiring unit 201, generate encapsulation unit 202, transmitting element 203, connect Receive unit 204, deblocking signal generating unit 205 and judging unit 206.
Acquiring unit 201, is used for obtaining required parameter, and wherein, required parameter is that intelligent terminal prepares to service The parameter carried in the first access request that device sends, required parameter comprises intelligent terminal and server communication The parameter of interface.
Generate encapsulation unit 202, for required parameter encryption being generated the first digital signature by MD5 algorithm String, and the first digital signature string is encapsulated in the first access request.
Transmitting element 203, for sending the first access request to server.
Receive unit 204, for receiving second access request with the first digital signature string, and visit from second Ask that in request, decapsulation obtains required parameter.
Deblocking signal generating unit 205, for obtain decapsulation from the second access request by MD5 algorithm Required parameter encryption generates the second digital signature string.
Judging unit 206, the most consistent for judging the first digital signature string and the second digital signature string, if Being then to judge to be the first access request according to the second access request, server allows intelligent terminal to visit Ask.
Alternatively, required parameter is many with including the parameter of the interface of server communication include comprising intelligent terminal Individual parameter, generates encapsulation unit 202 and is additionally operable to,
Multiple parameters in required parameter are coupled together by predetermined symbol.
Alternatively, required parameter includes application software mark, software version number, International Language coding, interface Parameter.
Alternatively, generate encapsulation unit 202 and be additionally operable to,
Multiple parameters in required parameter are arranged according to preset order.
Alternatively, the multiple parameters in required parameter include according to preset order arrangement:
Multiple parameters in required parameter are arranged in alphabetical order.
It should be noted that acquiring unit 201, generation encapsulation unit 202 and transmitting element 203 are positioned at intelligence Can terminal;Receive unit 204, deblocking signal generating unit 205 and judging unit 206 and be positioned at server.
It should be noted that for aforesaid each method embodiment, in order to be briefly described, therefore it is all stated For a series of combination of actions, but those skilled in the art should know, the present invention is not by described The restriction of sequence of movement, because according to the present invention, some step can use other orders or carry out simultaneously. Secondly, those skilled in the art also should know, embodiment described in this description belongs to be preferable to carry out Example, necessary to involved action and the module not necessarily present invention.
In the above-described embodiments, the description to each embodiment all emphasizes particularly on different fields, in certain embodiment the most in detail The part stated, may refer to the associated description of other embodiments.
Step in embodiment of the present invention method can carry out order according to actual needs and adjust, merges and delete.
Unit in embodiment of the present invention device can merge according to actual needs, divides and delete.This The feature of the different embodiments described in this specification and different embodiment can be entered by the technical staff in field Row combines or combination.
Through the above description of the embodiments, those skilled in the art is it can be understood that arrive this Bright can realize with hardware, or firmware realizes, or combinations thereof mode realizes.Realize when using software Time, above-mentioned functions can be stored in computer-readable medium or as on computer-readable medium Or multiple instruction or code are transmitted.Computer-readable medium includes computer-readable storage medium and communication media, Wherein communication media includes any medium being easy to transmit computer program to another place from a place. Storage medium can be any usable medium that computer can access.As example but be not limited to: computer Computer-readable recording medium can include random access memory (Random Access Memory, RAM), read-only storage Device (Read-Only Memory, ROM), EEPROM (Electrically Erasable Programmable Read-Only Memory, EEPROM), read-only optical disc (Compact Disc Read-Only Memory, CD-ROM) or other optical disc storage, magnetic disk storage medium or other magnetic storage apparatus or Can be used in carrying or store and there is instruction or the desired program code of data structure form can be by calculating Any other medium of machine access.In addition.Any connection can be suitable become computer-readable medium.Example As, if software is to use coaxial cable, optical fiber cable, twisted-pair feeder, Digital Subscriber Line (Digital Subscriber Line, DSL) or the wireless technology of such as infrared ray, radio and microwave etc from website, server or Other remote source of person, then coaxial cable, optical fiber cable, twisted-pair feeder, DSL or the most infrared The wireless technology of line, wireless and microwave etc be included in affiliated medium fixing in.As used in the present invention, Dish (Disk) and dish (disc) include compress laser disc (CD), laser dish, laser disc, Digital Versatile Disc (DVD), Floppy disk and Blu-ray Disc, the duplication data of the usual magnetic of its mid-game, dish then carrys out the duplication number of optics with laser According to.Within above combination above should also be as being included in the protection domain of computer-readable medium.
In a word, the foregoing is only the preferred embodiment of technical solution of the present invention, be not intended to limit this The protection domain of invention.All within the spirit and principles in the present invention, any amendment of being made, equivalent, Improve, should be included within the scope of the present invention.

Claims (10)

1. a unauthorized access server prevention method, it is characterised in that including:
Intelligent terminal obtains required parameter, and wherein, described required parameter is that described intelligent terminal prepares to service The parameter carried in the first access request that device sends, described required parameter comprises described intelligent terminal with described The parameter of the interface of server communication;
The encryption of described required parameter is generated the first digital signature string by MD5 algorithm by described intelligent terminal, and Described first digital signature string is encapsulated in described first access request, with by described first access request to Described server sends;
Described server receives second access request with described first digital signature string, and from described second In access request, decapsulation obtains required parameter;
Described server will decapsulate, from described second access request, the request obtained by described MD5 algorithm Parameter encryption generates the second digital signature string;
Described server judges that described first digital signature string is the most consistent with described second digital signature string, as Fruit is, then judge to be described first access request according to described second access request, and described server allows Described intelligent terminal conducts interviews.
Method the most according to claim 1, it is characterised in that described required parameter includes comprising described Intelligent terminal passes through at interior multiple parameters, described intelligent terminal with the parameter of the interface of described server communication The encryption of described required parameter is generated the first digital signature string and includes by MD5 algorithm:
Multiple parameters in described required parameter are coupled together by predetermined symbol.
Method the most according to claim 2, it is characterised in that described required parameter includes application software Mark, software version number, International Language coding, the parameter of interface.
Method the most according to claim 3, it is characterised in that described by many in described required parameter Individual parameter is also included before being coupled together by predetermined symbol:
Multiple parameters in described required parameter are arranged according to preset order.
Method the most according to claim 4, it is characterised in that the multiple parameters in described required parameter Include according to preset order arrangement:
Multiple parameters in described required parameter are arranged in alphabetical order.
6. the anti-locking apparatus of unauthorized access server, it is characterised in that including:
Acquiring unit, is used for obtaining required parameter, and wherein, described required parameter is that described intelligent terminal prepares The parameter carried in the first access request that server sends, described required parameter comprises described intelligent terminal Parameter with the interface of described server communication;
Generate encapsulation unit, for the encryption of described required parameter being generated the first digital signature by MD5 algorithm String, and described first digital signature string is encapsulated in described first access request;
Transmitting element, for sending described first access request to described server;
Receive unit, for receiving second access request with described first digital signature string, and from described In second access request, decapsulation obtains required parameter;
Deblocking signal generating unit, for will decapsulate by described MD5 algorithm from described second access request The required parameter encryption arrived generates the second digital signature string;
Judging unit, is used for judging that described first digital signature string is the most consistent with described second digital signature string, If it is, judge to be described first access request according to described second access request, described server is permitted Permitted described intelligent terminal to conduct interviews.
Device the most according to claim 6, it is characterised in that described required parameter includes comprising described The parameter of the interface of intelligent terminal and described server communication is at interior multiple parameters, described generation encapsulation unit It is additionally operable to,
Multiple parameters in described required parameter are coupled together by predetermined symbol.
Device the most according to claim 7, it is characterised in that described required parameter includes application software Mark, software version number, International Language coding, the parameter of interface.
Device the most according to claim 8, it is characterised in that described generation encapsulation unit is additionally operable to,
Multiple parameters in described required parameter are arranged according to preset order.
Device the most according to claim 9, it is characterised in that the multiple ginsengs in described required parameter Number includes according to preset order arrangement:
Multiple parameters in described required parameter are arranged in alphabetical order.
CN201580002054.4A 2015-10-23 2015-10-23 Illegal access server prevention method and device Pending CN105765941A (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2015/092693 WO2017066995A1 (en) 2015-10-23 2015-10-23 Method and device for preventing unauthorized access to server

Publications (1)

Publication Number Publication Date
CN105765941A true CN105765941A (en) 2016-07-13

Family

ID=56343050

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201580002054.4A Pending CN105765941A (en) 2015-10-23 2015-10-23 Illegal access server prevention method and device

Country Status (2)

Country Link
CN (1) CN105765941A (en)
WO (1) WO2017066995A1 (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107896145A (en) * 2017-11-10 2018-04-10 郑州云海信息技术有限公司 A kind of anti-method for implanting of interface interchange and system
CN108055230A (en) * 2017-10-19 2018-05-18 福建中金在线信息科技有限公司 The method and apparatus of data request processing
CN108322418A (en) * 2017-01-16 2018-07-24 深圳兆日科技股份有限公司 The detection method and device of unauthorized access
CN108322302A (en) * 2017-01-17 2018-07-24 北京京东尚科信息技术有限公司 A kind of anti-brush method, apparatus of the page, electronic equipment and storage medium
CN108400979A (en) * 2018-02-06 2018-08-14 武汉斗鱼网络科技有限公司 Communication means and electronic equipment applied to client and server
CN108494759A (en) * 2018-03-14 2018-09-04 北京思特奇信息技术股份有限公司 A kind of access request processing method, system, equipment and storage medium
CN111291393A (en) * 2020-01-21 2020-06-16 上海悦易网络信息技术有限公司 Request checking method and device
CN112383548A (en) * 2020-11-13 2021-02-19 杭州弗兰科信息安全科技有限公司 Database access method, transmitting device, receiving device and terminal host

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101222509A (en) * 2008-01-22 2008-07-16 中兴通讯股份有限公司 Data protection transmission method of P2P network
US20100064138A1 (en) * 2008-07-16 2010-03-11 Samsung Electronics Co., Ltd. Apparatus and method for providing security service of user interface
CN102065573A (en) * 2010-12-28 2011-05-18 北京高信达通信技术有限公司福州分公司 WAP gateway agent service data processing method and server
CN102647461A (en) * 2012-03-29 2012-08-22 奇智软件(北京)有限公司 Communication method, server and terminal based on HTTP (Hypertext Transfer Protocol)
CN102946392A (en) * 2012-11-15 2013-02-27 亚信联创科技(中国)有限公司 URL (Uniform Resource Locator) data encrypted transmission method and system
CN103973695A (en) * 2014-05-16 2014-08-06 浪潮电子信息产业股份有限公司 Signature algorithm for server validation

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9141647B2 (en) * 2012-04-26 2015-09-22 Sap Se Configuration protection for providing security to configuration files
CN104104650B (en) * 2013-04-02 2017-07-21 联想(北京)有限公司 data file access method and terminal device

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101222509A (en) * 2008-01-22 2008-07-16 中兴通讯股份有限公司 Data protection transmission method of P2P network
US20100064138A1 (en) * 2008-07-16 2010-03-11 Samsung Electronics Co., Ltd. Apparatus and method for providing security service of user interface
CN102065573A (en) * 2010-12-28 2011-05-18 北京高信达通信技术有限公司福州分公司 WAP gateway agent service data processing method and server
CN102647461A (en) * 2012-03-29 2012-08-22 奇智软件(北京)有限公司 Communication method, server and terminal based on HTTP (Hypertext Transfer Protocol)
CN102946392A (en) * 2012-11-15 2013-02-27 亚信联创科技(中国)有限公司 URL (Uniform Resource Locator) data encrypted transmission method and system
CN103973695A (en) * 2014-05-16 2014-08-06 浪潮电子信息产业股份有限公司 Signature algorithm for server validation

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108322418A (en) * 2017-01-16 2018-07-24 深圳兆日科技股份有限公司 The detection method and device of unauthorized access
CN108322302A (en) * 2017-01-17 2018-07-24 北京京东尚科信息技术有限公司 A kind of anti-brush method, apparatus of the page, electronic equipment and storage medium
CN108055230A (en) * 2017-10-19 2018-05-18 福建中金在线信息科技有限公司 The method and apparatus of data request processing
CN107896145A (en) * 2017-11-10 2018-04-10 郑州云海信息技术有限公司 A kind of anti-method for implanting of interface interchange and system
CN108400979A (en) * 2018-02-06 2018-08-14 武汉斗鱼网络科技有限公司 Communication means and electronic equipment applied to client and server
CN108400979B (en) * 2018-02-06 2021-07-30 武汉斗鱼网络科技有限公司 Communication method applied to client and server and electronic equipment
CN108494759A (en) * 2018-03-14 2018-09-04 北京思特奇信息技术股份有限公司 A kind of access request processing method, system, equipment and storage medium
CN108494759B (en) * 2018-03-14 2021-06-01 北京思特奇信息技术股份有限公司 Access request processing method, system, device and storage medium
CN111291393A (en) * 2020-01-21 2020-06-16 上海悦易网络信息技术有限公司 Request checking method and device
CN112383548A (en) * 2020-11-13 2021-02-19 杭州弗兰科信息安全科技有限公司 Database access method, transmitting device, receiving device and terminal host

Also Published As

Publication number Publication date
WO2017066995A1 (en) 2017-04-27

Similar Documents

Publication Publication Date Title
CN105765941A (en) Illegal access server prevention method and device
CN109150548B (en) Digital certificate signing and signature checking method and system and digital certificate system
CN109639714B (en) Internet of things identity registration and verification method based on block chain
CN104901931B (en) certificate management method and device
CN104751337B (en) Product anti-fake method, device and system
US9197420B2 (en) Using information in a digital certificate to authenticate a network of a wireless access point
CN105099673A (en) Authorization method, authorization requesting method and devices
CN109118223A (en) For managing the method, apparatus and medium of electronic data in block chain
US11354438B1 (en) Phone number alias generation
CN107844946A (en) A kind of method, apparatus and server of electronic contract signature
CN102647423B (en) The discrimination method of a kind of digital signature and seal and system
JP6880055B2 (en) Message anti-counterfeiting implementation method and device
CN105981327A (en) Method and apparatus for secured communication and multimedia device adopting the same
CN107231331A (en) Obtain, issue the implementation method and device of electronic certificate
CN107181714A (en) Verification method and device, the generation method of service code and device based on service code
CN109741063A (en) Digital signature method and device based on block chain
CN108848058A (en) Intelligent contract processing method and block catenary system
CN102823217A (en) Certificate authority
CN109981287A (en) A kind of code signature method and its storage medium
CN104125230B (en) A kind of short message certification service system and authentication method
CN109242666A (en) Personal reference method, apparatus and computer equipment are obtained based on block chain
CN109040134A (en) A kind of design method and relevant apparatus of information encryption
CN111339201A (en) Evaluation method and system based on block chain
CN107332833B (en) Verification method and device
CN109391473B (en) Electronic signature method, device and storage medium

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right

Effective date of registration: 20190507

Address after: 518000 Yuanzheng Industrial Park, North of Fifth Avenue, Bantian Street, Longgang District, Shenzhen City, Guangdong Province

Applicant after: Yuanzheng Science and Technology Co., Ltd., Shenzhen City

Address before: 518000 Room 201, building A, No. 1, Qian Wan Road, Qianhai Shenzhen Hong Kong cooperation zone, Shenzhen, Guangdong (Shenzhen Qianhai business secretary Co., Ltd.)

Applicant before: HESVIT HEALTH TECH CO., LTD.

TA01 Transfer of patent application right
RJ01 Rejection of invention patent application after publication

Application publication date: 20160713

RJ01 Rejection of invention patent application after publication