CN106790203A - A kind of terminal dynamic lock token method based on browser - Google Patents
A kind of terminal dynamic lock token method based on browser Download PDFInfo
- Publication number
- CN106790203A CN106790203A CN201710002432.XA CN201710002432A CN106790203A CN 106790203 A CN106790203 A CN 106790203A CN 201710002432 A CN201710002432 A CN 201710002432A CN 106790203 A CN106790203 A CN 106790203A
- Authority
- CN
- China
- Prior art keywords
- browser
- connection
- long
- client terminal
- terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The present invention relates to field of information security technology, a kind of terminal dynamic lock token method based on browser is disclosed.The method is before the length for setting up client terminal and service end is connected, the linkage flag symbol of connection long is set up according to browser information, logging request timestamp and waiting, interim lock token is carried out to client terminal browser, service end can so be made during connection communication long, browser to client terminal is identified, and the corresponding business datum of security response, and then the man-in-the-middle attack of hacker can be evaded, the security that internet identity recognizes security and the authentication data transmission of introduction is greatly improved, is easy to actual promotion and application.
Description
Technical field
The present invention relates to field of information security technology, in particular it relates to a kind of terminal dynamic locking calibration based on browser
Note method.
Background technology
Current all of B/S systems are substantially all and are using HTTP/HTTPS agreements as client terminal browser and service
Communication protocol between end, the agreement has stateless, connectionless, simply and easily feature, result in service side and does not know
The position of road client terminal and the identity of client terminal, thus for hacker man-in-the-middle attack, falsely use user identity and provide
It is convenient and possible.
In communication process between client terminal browser and service end, client terminal browser is sent out once to service end
Request, after service end response, this connection is disconnected(I.e. short connected mode);Service end do not know client terminal position and
Identity, does not know whether the service required by the offer client terminal yet.Connection, mark request are re-established again during request next time
The means of ownership are session identification session and local cookies texts(Cookies Chineses are cookie, are referred to
Some websites are stored in data or encryption data on user local terminal to distinguish user identity, are defined in
RFC2109), the two nonces be all easy to by hacker intercept and capture utilize, the purpose of user, User logs in stream are pretended to be so as to reach
Cheng Anquan and userspersonal information are greatly threatened safely.
The content of the invention
For foregoing problem of the prior art, the invention provides a kind of terminal dynamic lock token side based on browser
Method, its before the length for setting up client terminal and service end is connected, according to browser information, logging request timestamp and yet to be built
The linkage flag symbol of vertical connection long, interim lock token is carried out to client terminal browser, and service end can so connected long
Connect during letter, the browser to client terminal is identified, and the corresponding business datum of security response, and then can evade black
The man-in-the-middle attack of visitor, is greatly improved the security that internet identity recognizes security and the authentication data transmission of introduction, just
In actual promotion and application.
A kind of the technical solution adopted by the present invention, there is provided terminal dynamic lock token method based on browser, including
Following steps:S101. client terminal sends the login request message comprising browser marker character to service end connection server long,
The browser marker character be using logging request timestamp shuffling to be carried out to the browser information of the client terminal browser and
The character string for obtaining;S102. service end connection server long is after the login request message is received, from server local
It is that the client terminal distributes available connection account long in connection resource pond, and the length is connected using the browser marker character
Connecing account carries out shuffling, obtains linkage flag symbol;S103. service end connection server long preserves described clear in connection resource pond
Look at device marker character and linkage flag symbol and they the corresponding relation of account is connected with the length;S104. service end connection long
Server sends the logging request response message comprising the connection account long and linkage flag ciphertext, the company to client terminal
It is character string obtained from being digitally signed to linkage flag symbol using the browser marker character to connect mark ciphertext;
S105. client terminal preserves connection account and the linkage flag long after the logging request response message is received
Ciphertext, the connection long then set up between client terminal and service end using the connection account long, is completed to client terminal
Dynamic lock token.
Optimization, before the step S101, also comprise the following steps:S100. client terminal uses browser clients
End script reads the browser information of the client terminal browser.
Optimization, in the step S101, the shuffling mode is hash algorithm.
Optimization, the browser information includes browser type and browser version number.
Optimization, the logging request timestamp is the predetermined Millisecond timestamp for sending the login request message.
Optimization, in the step S102, for client terminal distribution can from the connection resource pond of server local
The step of connection account long, includes as follows:If there is unappropriated connection account long in the connection resource pond, directly from
The connection account long of random selection one distributes to the client terminal in unappropriated connection account long;If the connection resource pond is not
Exist data in unappropriated connection account long and the connection resource pond less than, then in the connection resource pond newly-built one it is long
Connection account, then distributes to the client terminal by newly-built connection account long;If the connection resource pond is in the absence of unallocated
Connection account long and the connection resource pond in data expire, then stop long to connect account for client terminal distribution is available
Family.
Optimization, the connection account long is Socket connection accounts long.
Optimization, after the step S105, also comprise the following steps:Company long between client terminal and service end
Connect in letter, the linkage flag ciphertext is added in the Http request headers of interaction message.
To sum up, using a kind of terminal dynamic lock token method based on browser provided by the present invention, with as follows
Beneficial effect:(1)The method before the length for setting up client terminal and service end is connected, according to browser information, logging request
Timestamp and waiting sets up the linkage flag symbol of connection long, and interim lock token is carried out to client terminal browser, so may be used
Make service end during connection communication long, the browser to client terminal is identified, and the corresponding business number of security response
According to, and then the man-in-the-middle attack of hacker can be evaded;(2)The safety that entrance in current Internet service login process can be evaded is asked
Topic, i.e. service end do not know the problem of client terminal identity with the mutual mistrust problem and service end of browser, greatly improve
The security of Internet authentication introduction;(3)During once certification is initiated to end, by service end and client's end
The connection long that can not be interrupted is established between end, the possibility that hacker carries out network interception and man-in-the-middle attack can be evaded, greatly
Improve authentication data transmission security.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing
The accompanying drawing to be used needed for having technology description is briefly described, it should be apparent that, drawings in the following description are only this
Some embodiments of invention, for those of ordinary skill in the art, on the premise of not paying creative work, can be with
Other accompanying drawings are obtained according to these accompanying drawings.
Fig. 1 is the dynamic lock token method flow diagram of the terminal based on browser that the present invention is provided.
Specific embodiment
Hereinafter with reference to accompanying drawing, the terminal based on browser for describing present invention offer in detail by way of example is moved
State lock token method.Herein it should be noted that being used to help understand the present invention for the explanation of these way of example, but
Do not constitute limitation of the invention.
The terms "and/or", only a kind of incidence relation for describing affiliated partner, represents there may be three kinds of passes
System, for example, A and/or B, can represent:Individualism A, individualism B, while there are tri- kinds of situations of A and B, the terms
"/and " it is another affiliated partner relation of description, expression there may be two kinds of relations, for example, A/ and B, can represent:Individually deposit
In A, two kinds of situations of individualism A and B, in addition, character "/" herein, typicallys represent forward-backward correlation pair as if a kind of "or" is closed
System.
Embodiment one
Fig. 1 shows the dynamic lock token method flow diagram of the terminal based on browser of present invention offer.The present embodiment is provided
The terminal dynamic lock token method based on browser, comprise the following steps.
S101. client terminal sends the login request message comprising browser marker character to service end connection server long,
The browser marker character be using logging request timestamp shuffling to be carried out to the browser information of the client terminal browser and
The character string for obtaining.
In the step S101, the browser information can be, but not limited to comprising browser type(For example IE is browsed
Device, red fox browser, UC browsers and 360 browsers etc.)With the information such as browser version number.The logging request timestamp is
The predetermined timestamp for sending the login request message, it can be, but not limited to be accurate to the timestamp of Millisecond.Described
Before step S101, it is necessary to obtain the browser information of client terminal browser in client terminal, therefore in the step S101
Before, also comprise the following steps:S100. client terminal reads the client terminal browser using browser client script
Browser information.The browser client script can be, but not limited to be JS-JavaScrip language(One kind literal translation
Formula script, is a kind of regime type, weak type, the language based on prototype, and built-in support type, its interpreter is claimed
It is JavaScript engine, is a part for browser, be widely used in the script of client terminal, is usually used in html web page
Increase dynamic function).Additionally, in the step S101, the shuffling mode can be, but not limited to be hash algorithm.It is described miscellaneous
Algorithm gather also known as Hash functions(A kind of a kind of function of the output string for arbitrarily long input message string being changing into fixed length), such as
This can obtain the client terminal browser marker character of word length fixation, to be subsequently digitally signed.
S102. service end connection server long is after the login request message is received, from the connection of server local
It is the available connection account long of client terminal distribution in resource pool, and using the browser marker character to the connection account long
Family carries out shuffling, obtains linkage flag symbol.
In the step S102, the connection resource pond is the long company required at client terminal Connection Service end long
Connect account(Comprising account and correspondence password)Set.The connection long is the Essential Terms of this area, is referred in a communication connection
On can continuously transmit multiple packets, and during connecting and keeping, if being sent without packet, need both sides mutually to send out link
Detection bag or heartbeat detection bag.In the present embodiment, the length is connected as client terminal by account/password and service end holding
The communication mode for connecting for a long time.Optimization, be the visitor from the connection resource pond of server local in the step S102
The step of terminal distribution available length in family connects account includes as follows:If there is unappropriated connection account long in the connection resource pond
Family, then directly the connection account long of random selection one distributes to the client terminal from unappropriated connection account long;If described
Connection resource pond is in the absence of the data in unappropriated connection account long and the connection resource pond less than then in the connection resource pond
In a newly-built connection account long, newly-built connection account long is then distributed into the client terminal;If the connection resource pond
Expire in the absence of the data in unappropriated connection account long and the connection resource pond, then stopped as client terminal distribution is available
Connection account long.Additionally, the connection account long is Socket connection accounts long.Because Socket connections long have not
Interrupting property, can efficiently ensure the communication security between client terminal and service end.
S103. service end connection server long preserves the browser marker character and the connection mark in connection resource pond
Note symbol and they the corresponding relation of account is connected with the length.
S104. service end connection server long is sent comprising connection account and the linkage flag ciphertext long to client terminal
Logging request response message, the linkage flag ciphertext be using the browser marker character to the linkage flag accord with carry out
Character string obtained from digital signature.
S105. client terminal is after the logging request response message is received, and preserves the connection account long and described
Linkage flag ciphertext, the connection long then set up between client terminal and service end using the connection account long, is completed to visitor
The dynamic lock token of family terminal.
After the step S105, also comprise the following steps:Connection communication long between client terminal and service end
In, the linkage flag ciphertext is added in the Http request headers of interaction message.Such service end can be asked according to Http
The result that the linkage flag ciphertext in head is verified, the corresponding business datum of security response.Service end can be so set to exist
During connection communication long, the browser to client terminal is identified, and evades the man-in-the-middle attack of hacker, is greatly improved
Internet identity recognizes the security of security and the authentication data transmission of introduction, is easy to actual promotion and application.
To sum up, the dynamic lock token method of the terminal based on browser that the present embodiment is provided, with following beneficial effect
Really:(1)The method before the length for setting up client terminal and service end is connected, according to browser information, logging request timestamp
And wait to set up the linkage flag symbol of connection long, interim lock token is carried out to client terminal browser, can so make service
During connection communication long, the browser to client terminal is identified, and the corresponding business datum of security response at end, and then
The man-in-the-middle attack of hacker can be evaded;(2)The safety problem of entrance in current Internet service login process can be evaded, that is, serviced
The problem of client terminal identity is not known at end with the mutual mistrust problem and service end of browser, greatly improves interconnection body
The security of part certification introduction;(3)During once certification is initiated to end, set up by between service end and client terminal
The connection long that can not be interrupted, can evade the possibility that hacker carries out network interception and man-in-the-middle attack, be greatly improved and recognize
Demonstrate,prove the security of data transfer.
As described above, the present invention can be realized preferably.For a person skilled in the art, religion of the invention
Lead, design the dynamic lock token method of the terminal based on browser of multi-form and do not need performing creative labour.Not
These embodiments are changed in the case of departing from principle of the invention and spirit, are changed, replaced, integrating and modification still falls within
In protection scope of the present invention.
Claims (8)
1. a kind of terminal dynamic lock token method based on browser, it is characterised in that comprise the following steps:
S101. client terminal sends the login request message comprising browser marker character to service end connection server long, described
Browser marker character is obtained to carry out shuffling to the browser information of the client terminal browser using logging request timestamp
Character string;
S102. service end connection server long is after the login request message is received, from the connection resource of server local
The available connection account long of Chi Zhongwei client terminal distribution, and the connection account long is entered using the browser marker character
Row shuffling, obtains linkage flag symbol;
S103. service end connection server long preserves the browser marker character and linkage flag symbol in connection resource pond
And they are connected the corresponding relation of account with the length;
S104. service end connection server long sends stepping on comprising the connection account long and linkage flag ciphertext to client terminal
Record request response, the linkage flag ciphertext is the linkage flag to be accorded with using the browser marker character carry out numeral
Character string obtained from signature;
S105. client terminal preserves connection account and the connection long after the logging request response message is received
Mark ciphertext, the connection long then set up between client terminal and service end using the connection account long, was completed to client's end
The dynamic lock token at end.
2. a kind of terminal dynamic lock token method based on browser as claimed in claim 1, it is characterised in that described
Before step S101, also comprise the following steps:
S100. client terminal reads the browser information of the client terminal browser using browser client script.
3. a kind of terminal dynamic lock token method based on browser as claimed in claim 1, it is characterised in that described
In step S101, the shuffling mode is hash algorithm.
4. a kind of terminal dynamic lock token method based on browser as claimed in claim 1, it is characterised in that described clear
Device packet of looking at contains browser type and browser version number.
5. a kind of terminal dynamic lock token method based on browser as claimed in claim 1, it is characterised in that described to step on
Record request time stamp is the predetermined Millisecond timestamp for sending the login request message.
6. a kind of terminal dynamic lock token method based on browser as claimed in claim 1, it is characterised in that described
In step S102, wrapped the step of connection account long available for client terminal distribution from the connection resource pond of server local
Include as follows:
If the connection resource pond has unappropriated connection account long, directly selected at random from unappropriated connection account long
Select a connection account long and distribute to the client terminal;
If the connection resource pond is in the absence of the data in unappropriated connection account long and the connection resource pond less than at this
A newly-built connection account long in connection resource pond, then distributes to the client terminal by newly-built connection account long;
If the connection resource pond has been expired in the absence of the data in unappropriated connection account long and the connection resource pond, stop
It is the available connection account long of client terminal distribution.
7. a kind of terminal dynamic lock token method based on browser as claimed in claim 1, it is characterised in that the length
Connection account is Socket connection accounts long.
8. a kind of terminal dynamic lock token method based on browser as claimed in claim 1, it is characterised in that described
After step S105, also comprise the following steps:
In connection communication long between client terminal and service end, the linkage flag ciphertext is added to interaction message
In Http request headers.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710002432.XA CN106790203A (en) | 2017-01-03 | 2017-01-03 | A kind of terminal dynamic lock token method based on browser |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710002432.XA CN106790203A (en) | 2017-01-03 | 2017-01-03 | A kind of terminal dynamic lock token method based on browser |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106790203A true CN106790203A (en) | 2017-05-31 |
Family
ID=58952949
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710002432.XA Pending CN106790203A (en) | 2017-01-03 | 2017-01-03 | A kind of terminal dynamic lock token method based on browser |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106790203A (en) |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102904903A (en) * | 2012-11-02 | 2013-01-30 | 北京奇虎科技有限公司 | Communication system and communication method |
CN102932352A (en) * | 2012-11-02 | 2013-02-13 | 北京奇虎科技有限公司 | Method and server for communicating with client |
CN102984276A (en) * | 2012-12-17 | 2013-03-20 | 北京奇虎科技有限公司 | Distribution device and distribution method for distributing multiple socket servers |
CN103281327A (en) * | 2013-06-06 | 2013-09-04 | 百度在线网络技术(北京)有限公司 | Method, system and cloud server for multi-device safe logging |
CN104378360A (en) * | 2014-10-23 | 2015-02-25 | 腾讯科技(深圳)有限公司 | Account safety prompt method, device and system |
US9219774B2 (en) * | 2009-11-16 | 2015-12-22 | Sap Se | Exchange of callback information |
-
2017
- 2017-01-03 CN CN201710002432.XA patent/CN106790203A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9219774B2 (en) * | 2009-11-16 | 2015-12-22 | Sap Se | Exchange of callback information |
CN102904903A (en) * | 2012-11-02 | 2013-01-30 | 北京奇虎科技有限公司 | Communication system and communication method |
CN102932352A (en) * | 2012-11-02 | 2013-02-13 | 北京奇虎科技有限公司 | Method and server for communicating with client |
CN102984276A (en) * | 2012-12-17 | 2013-03-20 | 北京奇虎科技有限公司 | Distribution device and distribution method for distributing multiple socket servers |
CN103281327A (en) * | 2013-06-06 | 2013-09-04 | 百度在线网络技术(北京)有限公司 | Method, system and cloud server for multi-device safe logging |
CN104378360A (en) * | 2014-10-23 | 2015-02-25 | 腾讯科技(深圳)有限公司 | Account safety prompt method, device and system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107534651B (en) | Method and apparatus for communicating session identifier | |
US8468347B2 (en) | Secure network communications | |
US8213422B2 (en) | Selective internet priority service | |
US10277586B1 (en) | Mobile authentication with URL-redirect | |
CN103535004B (en) | Method for promoting anonymity audio and video communication and system based on web | |
CN106603491A (en) | Portal authentication method based on https protocol, and router | |
US20080307517A1 (en) | Method for Securely Associating Data with Http and Https Sessions | |
EP1764975A1 (en) | Distributed authentication functionality | |
CN103444215B (en) | For the method and apparatus for the harm for avoiding network attack | |
CN103108037B (en) | A kind of communication means, Web server and Web communication system | |
CN110290055B (en) | Method and system for communication between WeChat applet WebView and native component | |
US8516136B2 (en) | Web-based over-the-air provisioning and activation of mobile terminals | |
CN104980461A (en) | Page pushing method, page pushing device, page pushing server and centralized network management controller | |
CN110290176B (en) | Point-to-point information pushing method based on MQTT | |
US20040054781A1 (en) | Method for establishing point to point or point to multiple points internet connection(s) | |
US10581979B2 (en) | Information transmission method and apparatus | |
CN105592038A (en) | Portal authentication method and device | |
CN107948022A (en) | A kind of recognition methods of peer-to-peer network flow and identification device | |
CN106790203A (en) | A kind of terminal dynamic lock token method based on browser | |
CN113596147B (en) | Message pushing method, device, equipment and storage medium | |
CN109547281A (en) | A kind of source tracing method of Tor network | |
WO2019000597A1 (en) | Ip address hiding method and device | |
CN106789864B (en) | Message anti-attack method and device | |
WO2007059628A1 (en) | Method for securely associating data with http and https sessions | |
CN103001930A (en) | Remote data communication system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
AD01 | Patent right deemed abandoned | ||
AD01 | Patent right deemed abandoned |
Effective date of abandoning: 20200424 |