CN106790203A - A kind of terminal dynamic lock token method based on browser - Google Patents

A kind of terminal dynamic lock token method based on browser Download PDF

Info

Publication number
CN106790203A
CN106790203A CN201710002432.XA CN201710002432A CN106790203A CN 106790203 A CN106790203 A CN 106790203A CN 201710002432 A CN201710002432 A CN 201710002432A CN 106790203 A CN106790203 A CN 106790203A
Authority
CN
China
Prior art keywords
browser
connection
long
client terminal
terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710002432.XA
Other languages
Chinese (zh)
Inventor
胥寅
于道洪
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Financial Cloud Service Group Security Technology Co Ltd
Original Assignee
Shanghai Financial Cloud Service Group Security Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Financial Cloud Service Group Security Technology Co Ltd filed Critical Shanghai Financial Cloud Service Group Security Technology Co Ltd
Priority to CN201710002432.XA priority Critical patent/CN106790203A/en
Publication of CN106790203A publication Critical patent/CN106790203A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The present invention relates to field of information security technology, a kind of terminal dynamic lock token method based on browser is disclosed.The method is before the length for setting up client terminal and service end is connected, the linkage flag symbol of connection long is set up according to browser information, logging request timestamp and waiting, interim lock token is carried out to client terminal browser, service end can so be made during connection communication long, browser to client terminal is identified, and the corresponding business datum of security response, and then the man-in-the-middle attack of hacker can be evaded, the security that internet identity recognizes security and the authentication data transmission of introduction is greatly improved, is easy to actual promotion and application.

Description

A kind of terminal dynamic lock token method based on browser
Technical field
The present invention relates to field of information security technology, in particular it relates to a kind of terminal dynamic locking calibration based on browser Note method.
Background technology
Current all of B/S systems are substantially all and are using HTTP/HTTPS agreements as client terminal browser and service Communication protocol between end, the agreement has stateless, connectionless, simply and easily feature, result in service side and does not know The position of road client terminal and the identity of client terminal, thus for hacker man-in-the-middle attack, falsely use user identity and provide It is convenient and possible.
In communication process between client terminal browser and service end, client terminal browser is sent out once to service end Request, after service end response, this connection is disconnected(I.e. short connected mode);Service end do not know client terminal position and Identity, does not know whether the service required by the offer client terminal yet.Connection, mark request are re-established again during request next time The means of ownership are session identification session and local cookies texts(Cookies Chineses are cookie, are referred to Some websites are stored in data or encryption data on user local terminal to distinguish user identity, are defined in RFC2109), the two nonces be all easy to by hacker intercept and capture utilize, the purpose of user, User logs in stream are pretended to be so as to reach Cheng Anquan and userspersonal information are greatly threatened safely.
The content of the invention
For foregoing problem of the prior art, the invention provides a kind of terminal dynamic lock token side based on browser Method, its before the length for setting up client terminal and service end is connected, according to browser information, logging request timestamp and yet to be built The linkage flag symbol of vertical connection long, interim lock token is carried out to client terminal browser, and service end can so connected long Connect during letter, the browser to client terminal is identified, and the corresponding business datum of security response, and then can evade black The man-in-the-middle attack of visitor, is greatly improved the security that internet identity recognizes security and the authentication data transmission of introduction, just In actual promotion and application.
A kind of the technical solution adopted by the present invention, there is provided terminal dynamic lock token method based on browser, including Following steps:S101. client terminal sends the login request message comprising browser marker character to service end connection server long, The browser marker character be using logging request timestamp shuffling to be carried out to the browser information of the client terminal browser and The character string for obtaining;S102. service end connection server long is after the login request message is received, from server local It is that the client terminal distributes available connection account long in connection resource pond, and the length is connected using the browser marker character Connecing account carries out shuffling, obtains linkage flag symbol;S103. service end connection server long preserves described clear in connection resource pond Look at device marker character and linkage flag symbol and they the corresponding relation of account is connected with the length;S104. service end connection long Server sends the logging request response message comprising the connection account long and linkage flag ciphertext, the company to client terminal It is character string obtained from being digitally signed to linkage flag symbol using the browser marker character to connect mark ciphertext; S105. client terminal preserves connection account and the linkage flag long after the logging request response message is received Ciphertext, the connection long then set up between client terminal and service end using the connection account long, is completed to client terminal Dynamic lock token.
Optimization, before the step S101, also comprise the following steps:S100. client terminal uses browser clients End script reads the browser information of the client terminal browser.
Optimization, in the step S101, the shuffling mode is hash algorithm.
Optimization, the browser information includes browser type and browser version number.
Optimization, the logging request timestamp is the predetermined Millisecond timestamp for sending the login request message.
Optimization, in the step S102, for client terminal distribution can from the connection resource pond of server local The step of connection account long, includes as follows:If there is unappropriated connection account long in the connection resource pond, directly from The connection account long of random selection one distributes to the client terminal in unappropriated connection account long;If the connection resource pond is not Exist data in unappropriated connection account long and the connection resource pond less than, then in the connection resource pond newly-built one it is long Connection account, then distributes to the client terminal by newly-built connection account long;If the connection resource pond is in the absence of unallocated Connection account long and the connection resource pond in data expire, then stop long to connect account for client terminal distribution is available Family.
Optimization, the connection account long is Socket connection accounts long.
Optimization, after the step S105, also comprise the following steps:Company long between client terminal and service end Connect in letter, the linkage flag ciphertext is added in the Http request headers of interaction message.
To sum up, using a kind of terminal dynamic lock token method based on browser provided by the present invention, with as follows Beneficial effect:(1)The method before the length for setting up client terminal and service end is connected, according to browser information, logging request Timestamp and waiting sets up the linkage flag symbol of connection long, and interim lock token is carried out to client terminal browser, so may be used Make service end during connection communication long, the browser to client terminal is identified, and the corresponding business number of security response According to, and then the man-in-the-middle attack of hacker can be evaded;(2)The safety that entrance in current Internet service login process can be evaded is asked Topic, i.e. service end do not know the problem of client terminal identity with the mutual mistrust problem and service end of browser, greatly improve The security of Internet authentication introduction;(3)During once certification is initiated to end, by service end and client's end The connection long that can not be interrupted is established between end, the possibility that hacker carries out network interception and man-in-the-middle attack can be evaded, greatly Improve authentication data transmission security.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing The accompanying drawing to be used needed for having technology description is briefly described, it should be apparent that, drawings in the following description are only this Some embodiments of invention, for those of ordinary skill in the art, on the premise of not paying creative work, can be with Other accompanying drawings are obtained according to these accompanying drawings.
Fig. 1 is the dynamic lock token method flow diagram of the terminal based on browser that the present invention is provided.
Specific embodiment
Hereinafter with reference to accompanying drawing, the terminal based on browser for describing present invention offer in detail by way of example is moved State lock token method.Herein it should be noted that being used to help understand the present invention for the explanation of these way of example, but Do not constitute limitation of the invention.
The terms "and/or", only a kind of incidence relation for describing affiliated partner, represents there may be three kinds of passes System, for example, A and/or B, can represent:Individualism A, individualism B, while there are tri- kinds of situations of A and B, the terms "/and " it is another affiliated partner relation of description, expression there may be two kinds of relations, for example, A/ and B, can represent:Individually deposit In A, two kinds of situations of individualism A and B, in addition, character "/" herein, typicallys represent forward-backward correlation pair as if a kind of "or" is closed System.
Embodiment one
Fig. 1 shows the dynamic lock token method flow diagram of the terminal based on browser of present invention offer.The present embodiment is provided The terminal dynamic lock token method based on browser, comprise the following steps.
S101. client terminal sends the login request message comprising browser marker character to service end connection server long, The browser marker character be using logging request timestamp shuffling to be carried out to the browser information of the client terminal browser and The character string for obtaining.
In the step S101, the browser information can be, but not limited to comprising browser type(For example IE is browsed Device, red fox browser, UC browsers and 360 browsers etc.)With the information such as browser version number.The logging request timestamp is The predetermined timestamp for sending the login request message, it can be, but not limited to be accurate to the timestamp of Millisecond.Described Before step S101, it is necessary to obtain the browser information of client terminal browser in client terminal, therefore in the step S101 Before, also comprise the following steps:S100. client terminal reads the client terminal browser using browser client script Browser information.The browser client script can be, but not limited to be JS-JavaScrip language(One kind literal translation Formula script, is a kind of regime type, weak type, the language based on prototype, and built-in support type, its interpreter is claimed It is JavaScript engine, is a part for browser, be widely used in the script of client terminal, is usually used in html web page Increase dynamic function).Additionally, in the step S101, the shuffling mode can be, but not limited to be hash algorithm.It is described miscellaneous Algorithm gather also known as Hash functions(A kind of a kind of function of the output string for arbitrarily long input message string being changing into fixed length), such as This can obtain the client terminal browser marker character of word length fixation, to be subsequently digitally signed.
S102. service end connection server long is after the login request message is received, from the connection of server local It is the available connection account long of client terminal distribution in resource pool, and using the browser marker character to the connection account long Family carries out shuffling, obtains linkage flag symbol.
In the step S102, the connection resource pond is the long company required at client terminal Connection Service end long Connect account(Comprising account and correspondence password)Set.The connection long is the Essential Terms of this area, is referred in a communication connection On can continuously transmit multiple packets, and during connecting and keeping, if being sent without packet, need both sides mutually to send out link Detection bag or heartbeat detection bag.In the present embodiment, the length is connected as client terminal by account/password and service end holding The communication mode for connecting for a long time.Optimization, be the visitor from the connection resource pond of server local in the step S102 The step of terminal distribution available length in family connects account includes as follows:If there is unappropriated connection account long in the connection resource pond Family, then directly the connection account long of random selection one distributes to the client terminal from unappropriated connection account long;If described Connection resource pond is in the absence of the data in unappropriated connection account long and the connection resource pond less than then in the connection resource pond In a newly-built connection account long, newly-built connection account long is then distributed into the client terminal;If the connection resource pond Expire in the absence of the data in unappropriated connection account long and the connection resource pond, then stopped as client terminal distribution is available Connection account long.Additionally, the connection account long is Socket connection accounts long.Because Socket connections long have not Interrupting property, can efficiently ensure the communication security between client terminal and service end.
S103. service end connection server long preserves the browser marker character and the connection mark in connection resource pond Note symbol and they the corresponding relation of account is connected with the length.
S104. service end connection server long is sent comprising connection account and the linkage flag ciphertext long to client terminal Logging request response message, the linkage flag ciphertext be using the browser marker character to the linkage flag accord with carry out Character string obtained from digital signature.
S105. client terminal is after the logging request response message is received, and preserves the connection account long and described Linkage flag ciphertext, the connection long then set up between client terminal and service end using the connection account long, is completed to visitor The dynamic lock token of family terminal.
After the step S105, also comprise the following steps:Connection communication long between client terminal and service end In, the linkage flag ciphertext is added in the Http request headers of interaction message.Such service end can be asked according to Http The result that the linkage flag ciphertext in head is verified, the corresponding business datum of security response.Service end can be so set to exist During connection communication long, the browser to client terminal is identified, and evades the man-in-the-middle attack of hacker, is greatly improved Internet identity recognizes the security of security and the authentication data transmission of introduction, is easy to actual promotion and application.
To sum up, the dynamic lock token method of the terminal based on browser that the present embodiment is provided, with following beneficial effect Really:(1)The method before the length for setting up client terminal and service end is connected, according to browser information, logging request timestamp And wait to set up the linkage flag symbol of connection long, interim lock token is carried out to client terminal browser, can so make service During connection communication long, the browser to client terminal is identified, and the corresponding business datum of security response at end, and then The man-in-the-middle attack of hacker can be evaded;(2)The safety problem of entrance in current Internet service login process can be evaded, that is, serviced The problem of client terminal identity is not known at end with the mutual mistrust problem and service end of browser, greatly improves interconnection body The security of part certification introduction;(3)During once certification is initiated to end, set up by between service end and client terminal The connection long that can not be interrupted, can evade the possibility that hacker carries out network interception and man-in-the-middle attack, be greatly improved and recognize Demonstrate,prove the security of data transfer.
As described above, the present invention can be realized preferably.For a person skilled in the art, religion of the invention Lead, design the dynamic lock token method of the terminal based on browser of multi-form and do not need performing creative labour.Not These embodiments are changed in the case of departing from principle of the invention and spirit, are changed, replaced, integrating and modification still falls within In protection scope of the present invention.

Claims (8)

1. a kind of terminal dynamic lock token method based on browser, it is characterised in that comprise the following steps:
S101. client terminal sends the login request message comprising browser marker character to service end connection server long, described Browser marker character is obtained to carry out shuffling to the browser information of the client terminal browser using logging request timestamp Character string;
S102. service end connection server long is after the login request message is received, from the connection resource of server local The available connection account long of Chi Zhongwei client terminal distribution, and the connection account long is entered using the browser marker character Row shuffling, obtains linkage flag symbol;
S103. service end connection server long preserves the browser marker character and linkage flag symbol in connection resource pond And they are connected the corresponding relation of account with the length;
S104. service end connection server long sends stepping on comprising the connection account long and linkage flag ciphertext to client terminal Record request response, the linkage flag ciphertext is the linkage flag to be accorded with using the browser marker character carry out numeral Character string obtained from signature;
S105. client terminal preserves connection account and the connection long after the logging request response message is received Mark ciphertext, the connection long then set up between client terminal and service end using the connection account long, was completed to client's end The dynamic lock token at end.
2. a kind of terminal dynamic lock token method based on browser as claimed in claim 1, it is characterised in that described Before step S101, also comprise the following steps:
S100. client terminal reads the browser information of the client terminal browser using browser client script.
3. a kind of terminal dynamic lock token method based on browser as claimed in claim 1, it is characterised in that described In step S101, the shuffling mode is hash algorithm.
4. a kind of terminal dynamic lock token method based on browser as claimed in claim 1, it is characterised in that described clear Device packet of looking at contains browser type and browser version number.
5. a kind of terminal dynamic lock token method based on browser as claimed in claim 1, it is characterised in that described to step on Record request time stamp is the predetermined Millisecond timestamp for sending the login request message.
6. a kind of terminal dynamic lock token method based on browser as claimed in claim 1, it is characterised in that described In step S102, wrapped the step of connection account long available for client terminal distribution from the connection resource pond of server local Include as follows:
If the connection resource pond has unappropriated connection account long, directly selected at random from unappropriated connection account long Select a connection account long and distribute to the client terminal;
If the connection resource pond is in the absence of the data in unappropriated connection account long and the connection resource pond less than at this A newly-built connection account long in connection resource pond, then distributes to the client terminal by newly-built connection account long;
If the connection resource pond has been expired in the absence of the data in unappropriated connection account long and the connection resource pond, stop It is the available connection account long of client terminal distribution.
7. a kind of terminal dynamic lock token method based on browser as claimed in claim 1, it is characterised in that the length Connection account is Socket connection accounts long.
8. a kind of terminal dynamic lock token method based on browser as claimed in claim 1, it is characterised in that described After step S105, also comprise the following steps:
In connection communication long between client terminal and service end, the linkage flag ciphertext is added to interaction message In Http request headers.
CN201710002432.XA 2017-01-03 2017-01-03 A kind of terminal dynamic lock token method based on browser Pending CN106790203A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710002432.XA CN106790203A (en) 2017-01-03 2017-01-03 A kind of terminal dynamic lock token method based on browser

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710002432.XA CN106790203A (en) 2017-01-03 2017-01-03 A kind of terminal dynamic lock token method based on browser

Publications (1)

Publication Number Publication Date
CN106790203A true CN106790203A (en) 2017-05-31

Family

ID=58952949

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710002432.XA Pending CN106790203A (en) 2017-01-03 2017-01-03 A kind of terminal dynamic lock token method based on browser

Country Status (1)

Country Link
CN (1) CN106790203A (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102904903A (en) * 2012-11-02 2013-01-30 北京奇虎科技有限公司 Communication system and communication method
CN102932352A (en) * 2012-11-02 2013-02-13 北京奇虎科技有限公司 Method and server for communicating with client
CN102984276A (en) * 2012-12-17 2013-03-20 北京奇虎科技有限公司 Distribution device and distribution method for distributing multiple socket servers
CN103281327A (en) * 2013-06-06 2013-09-04 百度在线网络技术(北京)有限公司 Method, system and cloud server for multi-device safe logging
CN104378360A (en) * 2014-10-23 2015-02-25 腾讯科技(深圳)有限公司 Account safety prompt method, device and system
US9219774B2 (en) * 2009-11-16 2015-12-22 Sap Se Exchange of callback information

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9219774B2 (en) * 2009-11-16 2015-12-22 Sap Se Exchange of callback information
CN102904903A (en) * 2012-11-02 2013-01-30 北京奇虎科技有限公司 Communication system and communication method
CN102932352A (en) * 2012-11-02 2013-02-13 北京奇虎科技有限公司 Method and server for communicating with client
CN102984276A (en) * 2012-12-17 2013-03-20 北京奇虎科技有限公司 Distribution device and distribution method for distributing multiple socket servers
CN103281327A (en) * 2013-06-06 2013-09-04 百度在线网络技术(北京)有限公司 Method, system and cloud server for multi-device safe logging
CN104378360A (en) * 2014-10-23 2015-02-25 腾讯科技(深圳)有限公司 Account safety prompt method, device and system

Similar Documents

Publication Publication Date Title
CN107534651B (en) Method and apparatus for communicating session identifier
US8468347B2 (en) Secure network communications
US8213422B2 (en) Selective internet priority service
US10277586B1 (en) Mobile authentication with URL-redirect
CN103535004B (en) Method for promoting anonymity audio and video communication and system based on web
CN106603491A (en) Portal authentication method based on https protocol, and router
US20080307517A1 (en) Method for Securely Associating Data with Http and Https Sessions
EP1764975A1 (en) Distributed authentication functionality
CN103444215B (en) For the method and apparatus for the harm for avoiding network attack
CN103108037B (en) A kind of communication means, Web server and Web communication system
CN110290055B (en) Method and system for communication between WeChat applet WebView and native component
US8516136B2 (en) Web-based over-the-air provisioning and activation of mobile terminals
CN104980461A (en) Page pushing method, page pushing device, page pushing server and centralized network management controller
CN110290176B (en) Point-to-point information pushing method based on MQTT
US20040054781A1 (en) Method for establishing point to point or point to multiple points internet connection(s)
US10581979B2 (en) Information transmission method and apparatus
CN105592038A (en) Portal authentication method and device
CN107948022A (en) A kind of recognition methods of peer-to-peer network flow and identification device
CN106790203A (en) A kind of terminal dynamic lock token method based on browser
CN113596147B (en) Message pushing method, device, equipment and storage medium
CN109547281A (en) A kind of source tracing method of Tor network
WO2019000597A1 (en) Ip address hiding method and device
CN106789864B (en) Message anti-attack method and device
WO2007059628A1 (en) Method for securely associating data with http and https sessions
CN103001930A (en) Remote data communication system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
AD01 Patent right deemed abandoned
AD01 Patent right deemed abandoned

Effective date of abandoning: 20200424