CN106130979A - Server system of defense based on mobile terminal APP and server defence method - Google Patents
Server system of defense based on mobile terminal APP and server defence method Download PDFInfo
- Publication number
- CN106130979A CN106130979A CN201610482400.XA CN201610482400A CN106130979A CN 106130979 A CN106130979 A CN 106130979A CN 201610482400 A CN201610482400 A CN 201610482400A CN 106130979 A CN106130979 A CN 106130979A
- Authority
- CN
- China
- Prior art keywords
- server
- mobile terminal
- timestamp
- interface
- terminal app
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1483—Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Abstract
The invention discloses a kind of server system of defense based on mobile terminal APP and server defence method, relate to server security field, including mobile terminal APP and server.Mobile terminal APP is used for the timestamp interface of request server and obtains timestamp, it is additionally operable to the user interface of request server, interface use during the user interface of mobile terminal APP request server parameter transmit to server, timestamp and mobile terminal AUTH are also transmitted to server by required when generating the user interface of request server according to interface use parameter for mobile terminal APP mobile terminal certification AUTH, mobile terminal APP.Server uses parameter, timestamp and mobile terminal AUTH for the interface receiving mobile terminal APP transmission, according to timestamp, server judges whether URL lost efficacy, server uses parameter to generate server authentication AUTH according to the interface received, and judges that mobile terminal AUTH is the most consistent with server AUTH.The present invention can prevent disabled user from attacking interface, and can prevent disabled user from obtaining interface message by forging URL.
Description
Technical field
The present invention relates to server security field, be specifically related to a kind of server system of defense based on mobile terminal APP and
Server defence method.
Background technology
URL (Uniform Resource Locator, URL) is to obtaining from the Internet
The position of resource and a kind of succinct expression of access method, be the address of standard resource on the Internet.
At present, when mobile terminal APP request server interface, server interface is typically in exposed state, disabled user
Various improper means can be taked to attempt attack server interface, excessively frequently easily cause server to delay if attacking interface
Machine.Additionally, disabled user also can forge URL tries to server relevant interface information, cover with hidden danger to server security.
Summary of the invention
For defect present in prior art, it is an object of the invention to provide one and can prevent from disabled user from attacking connecing
Mouthful, and can prevent disabled user from obtaining the server system of defense based on mobile terminal APP of interface message by forging URL.
For reaching object above, the present invention adopts the technical scheme that: the defence of a kind of server based on mobile terminal APP is
System, including mobile terminal APP and server,
Described mobile terminal APP is used for asking the timestamp interface of described server and obtaining timestamp, described mobile terminal APP
It is additionally operable to ask the user interface of described server, during the user interface of described mobile terminal APP request server, interface is used
Parameter transmission is to server, during the user interface that described mobile terminal APP uses parameter to generate request server according to described interface
Required mobile terminal certification AUTH, and described mobile terminal APP is also by described timestamp and mobile terminal AUTH transmission extremely described service
Device;
Described server uses parameter, timestamp and mobile terminal for the described interface receiving described mobile terminal APP transmission
AUTH, according to described timestamp, described server judges whether URL lost efficacy, and described server is according to the described interface received
Use parameter to generate server authentication AUTH, and judge that described mobile terminal AUTH is the most consistent with server AUTH.
On the basis of technique scheme, described server is provided with the out-of-service time, when the current time of described server
When being more than the described out-of-service time with the interval time of described timestamp, described URL lost efficacy.
On the basis of technique scheme, the described out-of-service time is one minute.
Meanwhile, the present invention also provides for one and utilizes above-mentioned server system of defense to connect preventing disabled user from attacking
Mouthful, prevent disabled user from obtaining the server defence method of interface message by forging URL simultaneously.
For reaching object above, the present invention adopts the technical scheme that: a kind of clothes based on above-mentioned server system of defense
Business device defence method, the method comprises the following steps:
S1. the timestamp interface of mobile terminal APP request server obtain timestamp;
S2. mobile terminal APP generates mobile terminal AUTH;
S3. the user interface of mobile terminal APP request server, and coffret uses parameter, timestamp and mobile terminal
AUTH is to server;
S4. server receives the interface of mobile terminal APP transmission and uses parameter, timestamp and mobile terminal AUTH, and according to time
Between stamp judge whether URL lost efficacy, if so, perform step S7, if it is not, execution step S5;
S5. server uses parameter to generate server A UTH according to the interface received, and judges mobile terminal AUTH kimonos
Business device AUTH is the most consistent, if so, performs step S6, if it is not, perform step S7;
S6. the user interface of mobile terminal APP successful request server, terminates;
S7. identity information authentication failed, terminates.
On the basis of technique scheme, described server is provided with the out-of-service time, and described server judges server
The interval time of current time and described timestamp, whether the most described URL lost efficacy more than the described out-of-service time, if it is not, described
URL is effective.
On the basis of technique scheme, the described out-of-service time is one minute, the current time of described server and institute
State interval time of timestamp more than one minute time, described URL lost efficacy, the current time of described server and described timestamp
When interval time was less than or equal to one minute, described URL is effective.
On the basis of technique scheme, described interface is used parameter according to English alphabet A-Z by described mobile terminal APP
Order ascending sort connect into the first character string, and described first character string combined key generate second word of 32
Symbol string, starts to intercept mobile terminal AUTH described in 16 text string generation from described second character string first place;
The described interface received is used parameter to connect according to the order ascending sort of English alphabet A-Z by described server
Become the 3rd character string, and described 3rd character string is combined described key generate the 4th character string of 32, from described the
Four character string first places start to intercept server A UTH described in 16 text string generation.
On the basis of technique scheme, described mobile terminal APP generates described second character string according to the mode of MD5,
Described server generates described 4th character string according to the mode of MD5.
Compared with prior art, it is an advantage of the current invention that:
(1) server of the server system of defense in the present invention is provided with the out-of-service time, when server current time and
When the interval time of timestamp is more than the out-of-service time, URL lost efficacy, owing to expired URL is invalid, such that it is able to prevent disabled user
Attack interface.
(2) whether the server of the server system of defense in the present invention is by judging mobile terminal AUTH and server AUTH
Unanimously, judge that URL is the most legal.When URL is illegal, miscue will be returned, such that it is able to prevent disabled user from forging URL
Try to interface message.
Accompanying drawing explanation
Fig. 1 is the structure principle chart of the server system of defense in the present invention;
Fig. 2 is the process chart of the server defence method in the present invention.
Detailed description of the invention
Below in conjunction with accompanying drawing, the present invention is described in further detail.
Shown in Figure 1, the present invention provides a kind of server system of defense based on mobile terminal APP, including mobile terminal APP
And server.
Mobile terminal APP is used for the timestamp interface of request server and obtains timestamp, and mobile terminal APP is additionally operable to request clothes
The user interface of business device, uses parameter to transmit to server by interface during the user interface of mobile terminal APP request server, with
Time, required mobile terminal certification AUTH when mobile terminal APP uses parameter to generate the user interface of request server according to interface.And
Described timestamp and mobile terminal AUTH are also transmitted to described server by mobile terminal APP.
Interface is used parameter to connect into according to the order ascending sort of English alphabet A-Z by the mobile terminal APP in the present invention
First character string, and the first character string is combined the second character string of key generation one 32.Such as interface uses parameter bag
When including aid parameter and time parameter, the result of its arrangement is aidtime.Wherein, key refers between mobile terminal APP and clothes
16 character strings being made up of upper and lower case letter, numeral mixing of agreement between business device, key serves critically important wherein
Effect, even if disabled user guesses AUTH cipher mode, but does not has key cannot forge AUTH yet.Concrete, the present invention's
Mobile terminal APP generates the second character according to the mode of MD5 (Message-Digest Algorithm 5, Message-Digest Algorithm 5)
String, starts from the second character string first place to intercept 16 text string generation mobile terminal AUTH the most again.
Server uses parameter, timestamp and mobile terminal AUTH for the interface receiving mobile terminal APP transmission.Server root
Judging whether URL lost efficacy according to timestamp, the server in the present invention is provided with the out-of-service time, when current time and the time of server
When the interval time of stamp is more than the out-of-service time, URL lost efficacy, and concrete, the out-of-service time in the present invention is one minute.Server root
Use parameter to generate server A UTH according to the interface that receives, the server in the present invention interface received is used parameter by
Order ascending sort according to English alphabet A-Z connects into the 3rd character string, and the 3rd character string combines key generation one 32
4th character string of position, key here is identical with above-mentioned key.Concrete, the server of the present invention is according to the mode of MD5
Generate the 4th character string.Start to intercept 16 text string generation server A UTH from the 4th character string first place.Generating service
After device AUTH, server will judge that mobile terminal AUTH is the most consistent with server AUTH, if unanimously, then and mobile terminal APP success
The user interface of request server, if inconsistent, then explanation URL is illegal, and server returns miscue, and " identity information checking is lost
Lose ".
In sum, owing to the user interface of server exists time restriction, expired URL is invalid, such that it is able to prevent non-
Method user attacks interface.Additionally, by judging that mobile terminal AUTH is the most consistent with server AUTH, be possible to prevent disabled user pseudo-
Make URL and try to interface message so that the safety of server is guaranteed.
Shown in Figure 2, the present invention also provides for a kind of server defence method based on above-mentioned server system of defense, should
Method comprises the following steps:
S1. the timestamp interface of mobile terminal APP request server obtain timestamp;
The timestamp interface of mobile terminal APP request server, server returns to the timestamp that mobile terminal APP is up-to-date.
S2. mobile terminal APP generates mobile terminal AUTH;
Interface is used parameter to connect into according to the order ascending sort of English alphabet A-Z by the mobile terminal APP in the present invention
First character string, and the first character string is combined key generate second character string of 32, wherein, key refer between
That arranges between mobile terminal APP and server is mixed, by upper and lower case letter, numeral, 16 character strings formed, concrete, this
Bright mobile terminal APP generates the second character string according to the mode of MD5, starts to intercept 16 words from the second character string first place the most again
Symbol concatenates into mobile terminal AUTH.
S3. the user interface of mobile terminal APP request server, and coffret uses parameter, timestamp and mobile terminal
AUTH is to server;
S4. server receives the interface of mobile terminal APP transmission and uses parameter, timestamp and mobile terminal AUTH, and according to time
Between stamp judge whether URL lost efficacy, if so, perform step S7, if it is not, execution step S5;
Server in the present invention is provided with the out-of-service time, and server judges the current time of server and the interval of timestamp
Time, whether the most then URL lost efficacy, if it is not, then URL is effective more than the out-of-service time.Concrete, the current time of server and
When the interval time of timestamp was more than one minute, URL lost efficacy.The current time of server and being less than the interval time of timestamp
In one minute time, URL is effective.
S5. server uses parameter to generate server A UTH according to the interface received, and judges mobile terminal AUTH kimonos
Business device AUTH is the most consistent, if inconsistent, performs step S7, if unanimously, performs step S6;
The interface received is used parameter to connect according to the order ascending sort of English alphabet A-Z by the server in the present invention
It is connected into the 3rd character string, and the 3rd character string is combined key generates the 4th character string of 32, concrete, the present invention's
Server generates the 4th character string according to the mode of MD5, starts to intercept 16 text string generation services from the 4th character string first place
Device AUTH.
S6. the user interface of mobile terminal APP successful request server, terminates;
S7. identity information authentication failed prompting, terminates.
The present invention is not limited to above-mentioned embodiment, for those skilled in the art, without departing from
On the premise of the principle of the invention, it is also possible to make some improvements and modifications, these improvements and modifications are also considered as the protection of the present invention
Within the scope of.The content not being described in detail in this specification belongs to prior art known to professional and technical personnel in the field.
Claims (8)
1. a server system of defense based on mobile terminal APP, including mobile terminal APP and server, it is characterised in that:
Described mobile terminal APP is for asking the timestamp interface of described server and obtaining timestamp, and described mobile terminal APP also uses
In the user interface of the described server of request, described mobile terminal APP asks to be used by interface during the user interface of described server
Parameter transmission is to server, during the user interface that described mobile terminal APP uses parameter to generate request server according to described interface
Required mobile terminal certification AUTH, and described mobile terminal APP is also by described timestamp and mobile terminal AUTH transmission extremely described service
Device;
Described server uses parameter, timestamp and mobile terminal AUTH for the described interface receiving described mobile terminal APP transmission,
According to described timestamp, described server judges whether URL lost efficacy, and described server uses according to the described interface received
Parameter generates server authentication AUTH, and judges that described mobile terminal AUTH is the most consistent with server AUTH.
2. server system of defense based on mobile terminal APP as claimed in claim 1, it is characterised in that: described server sets
Have the out-of-service time, when the interval time of the current time of described server and described timestamp more than the described out-of-service time time, institute
State URL to lose efficacy.
3. server system of defense based on mobile terminal APP as claimed in claim 2, it is characterised in that: the described out-of-service time
It it is one minute.
4. a server defence method based on system described in claim 1, it is characterised in that the method includes following step
Rapid:
S1. the timestamp interface of mobile terminal APP request server obtain timestamp;
S2. mobile terminal APP generates mobile terminal AUTH;
S3. the user interface of mobile terminal APP request server, and coffret uses parameter, timestamp and mobile terminal AUTH extremely
Server;
S4. server receives interface use parameter, timestamp and the mobile terminal AUTH of mobile terminal APP transmission, and according to timestamp
Judge whether URL lost efficacy, if so, perform step S7, if it is not, perform step S5;
S5. server uses parameter to generate server A UTH according to the interface received, and judges mobile terminal AUTH and server
AUTH is the most consistent, if so, performs step S6, if it is not, perform step S7;
S6. the user interface of mobile terminal APP successful request server, terminates;
S7. identity information authentication failed, terminates.
5. server defence method as claimed in claim 4, it is characterised in that: described server is provided with the out-of-service time, described
Server judges the current time of server and whether is more than described out-of-service time, if so, institute the interval time of described timestamp
State URL to lose efficacy, if it is not, described URL is effective.
6. server defence method as claimed in claim 5, it is characterised in that: the described out-of-service time is one minute, described clothes
When the interval time of the business current time of device and described timestamp was more than one minute, described URL lost efficacy, described server current
When the interval time of time and described timestamp was less than or equal to one minute, described URL is effective.
7. server defence method as claimed in claim 4, it is characterised in that: described interface is used by described mobile terminal APP
Parameter connects into the first character string according to the order ascending sort of English alphabet A-Z, and described first character string is combined key
Generate second character string of 32, start to intercept mobile terminal described in 16 text string generation from described second character string first place
AUTH;
The described interface received is used parameter to connect into the according to the order ascending sort of English alphabet A-Z by described server
Three character strings, and described 3rd character string is combined the 4th character string of described key generation one 32, from described 4th word
Symbol string first place starts to intercept server A UTH described in 16 text string generation.
8. server defence method as claimed in claim 7, it is characterised in that: described mobile terminal APP is raw according to the mode of MD5
Becoming described second character string, described server generates described 4th character string according to the mode of MD5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610482400.XA CN106130979A (en) | 2016-06-27 | 2016-06-27 | Server system of defense based on mobile terminal APP and server defence method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610482400.XA CN106130979A (en) | 2016-06-27 | 2016-06-27 | Server system of defense based on mobile terminal APP and server defence method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106130979A true CN106130979A (en) | 2016-11-16 |
Family
ID=57266665
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610482400.XA Pending CN106130979A (en) | 2016-06-27 | 2016-06-27 | Server system of defense based on mobile terminal APP and server defence method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106130979A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110611564A (en) * | 2019-07-30 | 2019-12-24 | 云南昆钢电子信息科技有限公司 | System and method for defending API replay attack based on timestamp |
| CN110868400A (en) * | 2019-10-21 | 2020-03-06 | 上海百事通信息技术股份有限公司 | Data transmission method, device, storage medium and terminal |
| CN111917787A (en) * | 2020-08-06 | 2020-11-10 | 北京奇艺世纪科技有限公司 | Request detection method and device, electronic equipment and computer-readable storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1801824A (en) * | 2006-01-16 | 2006-07-12 | 北京北方烽火科技有限公司 | Anti-theft chain method for WEB service |
| CN101534196A (en) * | 2008-03-12 | 2009-09-16 | 因特伟特公司 | Method and apparatus for securely invoking a rest api |
| CN103701946A (en) * | 2013-12-20 | 2014-04-02 | 珠海金山网络游戏科技有限公司 | Method and system for client-side to be in communication with server through URL (Universal Resource Locator) |
| CN104780176A (en) * | 2015-04-28 | 2015-07-15 | 中国科学院微电子研究所 | Method and system for safely calling representational state transition application programming interface |
-
2016
- 2016-06-27 CN CN201610482400.XA patent/CN106130979A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1801824A (en) * | 2006-01-16 | 2006-07-12 | 北京北方烽火科技有限公司 | Anti-theft chain method for WEB service |
| CN101534196A (en) * | 2008-03-12 | 2009-09-16 | 因特伟特公司 | Method and apparatus for securely invoking a rest api |
| CN103701946A (en) * | 2013-12-20 | 2014-04-02 | 珠海金山网络游戏科技有限公司 | Method and system for client-side to be in communication with server through URL (Universal Resource Locator) |
| CN104780176A (en) * | 2015-04-28 | 2015-07-15 | 中国科学院微电子研究所 | Method and system for safely calling representational state transition application programming interface |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110611564A (en) * | 2019-07-30 | 2019-12-24 | 云南昆钢电子信息科技有限公司 | System and method for defending API replay attack based on timestamp |
| CN110868400A (en) * | 2019-10-21 | 2020-03-06 | 上海百事通信息技术股份有限公司 | Data transmission method, device, storage medium and terminal |
| CN111917787A (en) * | 2020-08-06 | 2020-11-10 | 北京奇艺世纪科技有限公司 | Request detection method and device, electronic equipment and computer-readable storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103916244B (en) | Verification method and device | |
| CN104158808B (en) | Portal authentication method and its device based on APP applications | |
| CN106779716B (en) | Authentication method, device and system based on block chain account address | |
| CN104767713B (en) | Account binding method, server and system | |
| CN110502886B (en) | Multiple identity authentication method, device, terminal and computer storage medium | |
| RU2008141089A (en) | APPLICATION AUTHENTICATION | |
| JP2015039214A (en) | Method and system for protecting against id theft or replication abuse | |
| CN107508822B (en) | Access control method and device | |
| CN109583181A (en) | A kind of authentication method, device and machine readable storage medium | |
| CN106549973A (en) | A kind of client and its method of work based on living things feature recognition | |
| CN106911661A (en) | A kind of short-message verification method, device, client, server and system | |
| CN103024706A (en) | Short message based device and short message based method for bidirectional multiple-factor dynamic identity authentication | |
| CN106130979A (en) | Server system of defense based on mobile terminal APP and server defence method | |
| CN104618356B (en) | Auth method and device | |
| CN108886530A (en) | The activation of mobile device in Enterprise Mobile management | |
| CN109257338A (en) | A kind of System and method for of server log re-authentication | |
| CN110635916B (en) | TEE-based security application authentication method | |
| CN105681350B (en) | One kind is based on the similar zero interaction two-factor authentication system and method for environment | |
| CN113536250B (en) | Token generation method, login verification method and related equipment | |
| KR101243101B1 (en) | Voice one-time password based user authentication method and system on smart phone | |
| CN103532979A (en) | Method for generating and verifying multi-conversation verification codes under CGI (common gateway interface) for web | |
| CN109495458A (en) | A kind of method, system and the associated component of data transmission | |
| CN104901967A (en) | Registration method for trusted device | |
| CN106878233A (en) | The read method of secure data, security server, terminal and system | |
| CN107360573B (en) | Terminal access method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20161116 |
|
| RJ01 | Rejection of invention patent application after publication |